Auditing cryptographic primitives for IND-CPA security under known-plaintext scenarios remains challenging, especially for lightweight, interpretable, and automated assessment. Method: This paper proposes an information-theoretic, lightweight machine learning framework that jointly models mutual information neural estimation (MINE) and an IND-CPA binary classification task to quantify ciphertext distinguishability and leakage of key/plain-text information. Contribution/Results: It is the first work to integrate MINE with cryptographic security decision tasks, enabling efficient preliminary vulnerability screening using small-scale deep networks. Experiments demonstrate high-accuracy detection of IND-CPA violations in DES, RSA, and AES-ECB, as well as subtle design flaws—such as counter dimensionality reduction—in AES-CTR. Compared to conventional black-box testing, our approach offers both theoretical interpretability (via information-theoretic metrics) and engineering practicality, establishing a novel paradigm for automated cryptographic auditing.

The fields of machine learning (ML) and cryptanalysis share an interestingly common objective of creating a function, based on a given set of inputs and outputs. However, the approaches and methods in doing so vary vastly between the two fields. In this paper, we explore integrating the knowledge from the ML domain to provide empirical evaluations of cryptosystems. Particularly, we utilize information theoretic metrics to perform ML-based distribution estimation. We propose two novel applications of ML algorithms that can be applied in a known plaintext setting to perform cryptanalysis on any cryptosystem. We use mutual information neural estimation to calculate a cryptosystem's mutual information leakage, and a binary cross entropy classification to model an indistinguishability under chosen plaintext attack (CPA). These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem and the results can provide a useful empirical bound. We evaluate the efficacy of our methodologies by empirically analyzing several encryption schemes. Furthermore, we extend the analysis to novel network coding-based cryptosystems and provide other use cases for our algorithms. We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy. It also identifies the faults in CPA-secure cryptosystems with faulty parameters, such a reduced counter version of AES-CTR. We also conclude that with our algorithms, in most cases a smaller-sized neural network using less computing power can identify vulnerabilities in cryptosystems, providing a quick check of the sanity of the cryptosystem and help to decide whether to spend more resources to deploy larger networks that are able to break the cryptosystem.