Can neural cryptanalysis be applied to AES?












8












$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?






aes cryptanalysis des rijndael







share|improve this question









$endgroup$








  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    14 hours ago






  • 1




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    11 hours ago
















8












$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?






aes cryptanalysis des rijndael







share|improve this question









$endgroup$








  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    14 hours ago






  • 1




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    11 hours ago














8












8








8


1



$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?






aes cryptanalysis des rijndael







share|improve this question









$endgroup$




In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?






aes cryptanalysis des rijndael




aes cryptanalysis des rijndael






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 14 hours ago









AleksanderRasAleksanderRas

2,3421731




2,3421731








  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    14 hours ago






  • 1




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    11 hours ago














  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    14 hours ago






  • 1




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    11 hours ago








1




1




$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
14 hours ago




$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
14 hours ago




1




1




$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose
11 hours ago




$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose
11 hours ago










1 Answer
1






active

oldest

votes


















20












$begingroup$

No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






share|improve this answer











$endgroup$













    Your Answer





    StackExchange.ifUsing("editor", function () {
    return StackExchange.using("mathjaxEditing", function () {
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    });
    });
    }, "mathjax-editing");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "281"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    20












    $begingroup$

    No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



    Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



    Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






    share|improve this answer











    $endgroup$


















      20












      $begingroup$

      No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



      Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



      Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






      share|improve this answer











      $endgroup$
















        20












        20








        20





        $begingroup$

        No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



        Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



        Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






        share|improve this answer











        $endgroup$



        No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



        Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



        Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 12 hours ago









        Maarten Bodewes

        54.8k679194




        54.8k679194










        answered 13 hours ago









        fgrieufgrieu

        80.2k7171338




        80.2k7171338






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Cryptography Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Hivernacle

            Image
            Hivernacle Hivernacle a les cases del Salt a Alcoi Un hivernacle és una construcció més o menys permanent que permet modificar el microclima del seu interior i permetre el conreu de vegetals en millors condicions o fora d'època. [1] Són el nivell superior de l'anomenat conreu protegit que va des d'un mínim que correspon a l'ús de plàstics que cobreixen el terra (mulching) fins al màxim que serien els hivernacles de vidre i amb un sistema complet de calefacció. Etimològicament la paraula hivernacle es refereix al lloc on passen l'hivern les plantes. En la pràctica actual s'hi mantenen tota la temporada de conreu o més. Contingut 1 Funcionament 2 Evolució en l'ús dels hivernacles 3 Característiques constructives dels hivernacles 4 Hivernacles als Països Baixos 5 Referències Funcionament Els que no tenen calefacció aprofiten precisament l'efecte hivernacle que produeix un escalfame
            Read more

            Fluorita

            Image
            Fluorita Fluorita (blau) amb pirita (daurat). Fórmula química CaF 2 Epònim fluor Localitat tipus Jáchymov Classificació Categoria Halurs Nickel-Strunz 10a ed. 3.AB.25 Nickel-Strunz 9a ed. 3.AB.25 Nickel-Strunz 8a ed. III/A.08 Dana 9.2.1.1 Heys 8.4.7 Propietats Sistema cristal·lí Cúbic Hàbit cristal·lí Sol presentar cubs; menys freqüentment dodecaedres. De vegades hexaoctaedres i tetrahexaedres. Per la combinació d'aquestes formes, les arestes dels cubs són sovint modificades. De vegades els cristalls poden presentar diferències de creixement entre les cares. Sovint s'observen cristalls compostos per sobrecreixement. Pot ser massiva, compacta, terrosa, columnar (poc freqüent), globular en agregats o botroïdal. Estructura cristal·lina a = 5.4626Å Simetria Classe (H-M): m 3 m (4/ m 3 2/ m ) - Hexoctaèdric; Grup espacial: Fm 3 m Color Blanc, groc, verd, violeta, vermell, rosa, blau o negre Mac
            Read more

            Hulsita

            Image
            Hulsita Hulsita de la localitat tipus Fórmula química Fe 2+ 2 Fe 3+ O 2 BO 3 Epònim Alfred Hulse Brooks Localitat tipus mont Brooks, península de Seward, Nome Borough, Alaska, Estats Units Classificació Categoria borats Nickel-Strunz 10a ed. 6.AB.45 Nickel-Strunz 9a ed. 6.AB.45 Nickel-Strunz 8a ed. V/G.03 Dana 24.2.3.1 Heys 9.6.4 Propietats Sistema cristal·lí monoclínic Estructura cristal·lina a = 10,68Å; b = 3,09Å; c = 5,43Å; β = 94,15° Color negre Macles en [001]; un membre de la macla es troba girat 120° en relació a l'altre Exfoliació bona en {110} Duresa 3 Lluïssor vítria, submetàl·lica Densitat 4,28 g/cm 3 (mesurada); Més informació Estatus IMA mineral heretat (G) i mineral heretat (G) Any d'aprovació 1908 Referències [1] La hulsita és un mineral de la classe dels borats, que pertany al grup de la pinakiolita. Rep el seu nom en honor del nord-americà
            Read more