[Cryptography] We could automate the process of detecting some kinds of insecurities in new ciphers.

[Ray Dillinger]

I recently discovered that a candidate cipher had a bit pattern
correlation flaw, using a neural network.

Of course it passed Diehard.  I wouldn't even be looking at it if it
hadn't.  Diehard is actually a very low bar for crypto output, but it's
useful.  Those tests can find a broad class of bit correlation or
sequence flaws - PROVIDED those flaws are very simple.  But bit pattern
correlation flaws can be arbitrarily complex.  Way more complex than the
tests in Diehard look for. 

So I set up a neural network, trying to predict individual bits of
cipher output given all the other bits in the block.  It took a week on
an 8-gpu machine, and eventually learned to predict Bit3 of each block
with more-than-random success.  Boom, killed it dead and hardly any
actual intellectual honest work was required. So YAY!

My second thought about this test was that the process of training a
neural network to predict individual bits (and hopefully failing)  could
be smoothed out and built into something like Diehard if the user cared
enough to commit to an insanely long runtime.  In use it's just a very
compute-heavy adaptive randomness test. 

I think this test honestly could kill about 90% of amateur ciphers. 
Adding this to Diehard - so that amateurs could kill their own ciphers -
would make review requests from amateurs suddenly ten times more likely
to NOT be a waste of time.  And simultaneously maybe give more people a
way to detect and eliminate bad homebrew crypto in products that might
otherwise be widely used even though broken.

Given the 'insane' compute requirement I don't even know if the Diehard
crew would think it was the kind of thing they'd be interested in.  But
Diehard is open-source.  If they don't want a ridiculously expensive
test that nobody except hardcore crypto nerds would be interested in,
Diehard could be forked.

So, imagining a crypto-nerd version of Diehard where tests are expected
to have the luxury of requiring weeks of GPU and CPU time to run ...
Does anybody else know any tests "too heavy" for normal Diehard but
which are powerful, general tests that could kill a large class of bad
ciphers?

Bear