Can neural cryptanalysis be applied to AES?
Clash Royale CLAN TAG#URR8PPP
$begingroup$
In this Wikipedia article about Neural cryptography (section applications) it states:
In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.
It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?
aes cryptanalysis des rijndael
$endgroup$
add a comment |
$begingroup$
In this Wikipedia article about Neural cryptography (section applications) it states:
In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.
It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?
aes cryptanalysis des rijndael
$endgroup$
1
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
2
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22
add a comment |
$begingroup$
In this Wikipedia article about Neural cryptography (section applications) it states:
In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.
It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?
aes cryptanalysis des rijndael
$endgroup$
In this Wikipedia article about Neural cryptography (section applications) it states:
In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.
It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?
aes cryptanalysis des rijndael
aes cryptanalysis des rijndael
asked Feb 18 at 12:34
AleksanderRasAleksanderRas
2,7571834
2,7571834
1
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
2
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22
add a comment |
1
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
2
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22
1
1
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
2
2
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.
Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.
Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.
$endgroup$
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.
Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.
Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.
$endgroup$
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
add a comment |
$begingroup$
No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.
Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.
Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.
$endgroup$
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
add a comment |
$begingroup$
No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.
Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.
Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.
$endgroup$
No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.
Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.
Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.
edited Feb 18 at 14:04
Maarten Bodewes♦
55.3k679196
55.3k679196
answered Feb 18 at 13:42
fgrieufgrieu
81.4k7175346
81.4k7175346
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
add a comment |
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36
2
$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose♦
Feb 18 at 15:22