On the security of lightweight block ciphers against neural distinguishers: Observations on LBC-IoT and SLIM

Interest in the application of deep learning in cryptography has increased immensely in recent years. Several works have shown that such attacks are not only feasible but, in some cases, are superior compared to classical cryptanalysis techniques. However, due to the black-box nature of deep learning models, more work is required to understand how they work in the context of cryptanalysis. In this paper, we contribute towards the latter by first constructing neural distinguishers for 2 different block ciphers, LBC-IoT and SLIM that share similar properties. We then show that, unlike classical differential cryptanalysis (on which neural distinguishers are based), the position where the round keys are included in round functions can have a significant impact on distinguishing probability. We explore this further to investigate if different choices of where the round key is introduced can lead to better resistance against neural distinguishers. We compare several variants of the round function to showcase this phenomenon, which is useful for securing future block cipher designs against deep learning attacks. As an additional contribution, the neural distinguisher for LBC-IoT was also applied in a practical-time key recovery attack on up to 8 rounds. Results show that even with no optimizations, the attack can consistently recover the correct round key with an attack complexity of around 224 full encryptions. To the best of our knowledge, this is the first third-party cryptanalysis results for LBC-IoT to date.