This work addresses the lightweight block ciphers Simon32/64 and Simeck32/64, tackling the challenge of constructing deep-learning-based distinguishers under rotation-XOR (RX) differentials. Methodologically, we propose an optimization framework for RX neural distinguishers, featuring a dedicated binary data representation, bit-sensitivity-based input compression, key-bit sensitivity analysis, a joint erroneous-key response mechanism, and Bayesian key recovery integration. Our approach innovatively overcomes the bottleneck of related-key attacks under nonlinear key schedules. As a result, we construct RX neural distinguishers for 14 rounds of Simon32/64 and 17 rounds of Simeck32/64—improving upon prior results by 3 and 2 rounds, respectively. Moreover, we achieve the first practical key-recovery attack on 17-round Simeck32/64, significantly extending the practical applicability boundary of deep learning in lightweight cryptanalysis.

At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach to achieving the deep learning-based cryptanalysis for block ciphers.This paper advances rotational-XOR (RX) attacks through neural networks, focusing on optimizing distinguishers and presenting key-recovery attacks for the lightweight block ciphers Simon32/64 and Simeck32/64.In particular, we first construct the fundamental data formats specially designed for training RX-neural distinguishers by refining the existing data formats for differential-neural distinguishers. Based on these data formats, we systematically identify optimal RX-differences with Hamming weights 1 and 2 that develop high-accuracy RX-neural distinguishers. Then, through innovative application of the bit sensitivity test, we achieve significant compression of data format without sacrificing the distinguisher accuracy. This optimization enables us to add more multi-ciphertext pairs into the data formats, further strengthening the performance of RX-neural distinguishers. As an application, we obtain 14- and 17-round RX-neural distinguishers for Simon32/64 and Simeck32/64, which improves the previous ones by 3 and 2 rounds, respectively.In addition, we propose two novel techniques, key bit sensitivity test and the joint wrong key response, to tackle the challenge of applying Bayesian's key-recovery strategy to the target cipher that adopts nonlinear key schedule in the related-key setting without considering of weak-key space. By this, we can straightforwardly mount a 17-round key-recovery attack on Simeck32/64 based on the improved 16-round RX-nerual distinguisher. To the best of our knowledge, the presented RX-neural......