The ISC International Journal of Information Security

Abstract Detecting security vulnerabilities in open-source software is a critical task that is highly regarded in the related research communities. Several approaches have been proposed in the literature for detecting vulnerable code and identifying classes of vulnerabilities. However, there is still room to improve the explanation of the root causes of detected vulnerabilities by locating vulnerable statements and discovering the paths that lead to the activation of the vulnerability. While frameworks like SliceLocator offer explanations by identifying vulnerable paths, they rely on rule-based sink identification that limits their generalisation. In this paper, we introduce VulPathFinder, an explainable vulnerability path discovery framework that enhances SliceLocator’s methodology by utilising a novel Graph Neural Network (GNN) model for detecting sink statements, rather than relying on predefined rules. The proposed GNN captures semantic and syntactic dependencies to find potential sink points (PSPs), which are candidate statements where vulnerable paths end. After detecting PSPs, program slicing can be used to extract potentially vulnerable paths, which are then ranked by feeding them back into the target graph-based detector. Ultimately, the most probable path is returned, explaining the root cause of the detected vulnerability. We demonstrate the effectiveness of the proposed approach by performing evaluations on a benchmark of the buffer overflow CWEs from the SARD dataset, providing explanations for the corresponding detected vulnerabilities. The results show that VulPathFinder outperforms both the original SliceLocator and GNNExplainer (as a general GNN explainability tool) in discovering vulnerability paths to identified PSPs. 

Abstract CHILOW is a family of tweakable block ciphers introduced at Eurocrypt 2025, prioritizing decryption speed over encryption speed. This is achieved through a low-latency non-linear layer of degree two within the round function and a minimal number of rounds. As a result, CHILOW presents an appealing target for attacks that exploit its algebraic properties. These characteristics, along with the strict query limitations imposed by the designers, motivate our investigation into CHILOW’s security against integral attacks leveraging the division property. We have identified several integral distinguishers, which vary in data complexity and the number of balanced output bits. Specifically, for CHILOW-(32+τ), we derived a 4-round distinguisher with 15 constant bits in the input, in which all the 32 output bits are balanced. However, the longest integral distinguisher that complies with query limitations extends up to 3 rounds. For CHILOW-40, integral distinguishers up to 5 rounds are detected; however, only those spanning three rounds meet the query constraints. Furthermore, we have explored the potential for extending these distinguishers to key-recovery attacks and analyzed their complexity. Using the 3-round distinguisher on CHILOW-(32+τ), we propose key recovery attack with a 32-bit advantage, data complexity of 240 chosen ciphertexts and time complexity of 240 decryptions, all within the query limits. Therefore, by performing an exhaustive search over the remaining key candidates, a single candidate for the master key can be recovered, resulting in an overall attack time complexity of 296 decryptions. Additionally, we present an integral key-recovery attack on the 6-round version of CHILOW-(32+τ) with a data complexity of 28 chosen ciphertexts and a time complexity of 2102.6 encryptions. This attack only obtains information from the tweaks of the last three rounds, and using this information to recover the master key will be the subject of future research.

Abstract This paper describes a fast exhaustive search preimage attack on AIM2, an improved version of the one-way function AIM, proposed to address algebraic vulnerabilities found in its predecessor. Our attack transforms the polynomial system describing AIM2 over F2λ to a boolean polynomial system over F2, allowing for an exhaustive search by guessing input bits and solving a resulting linear system. Solving the whole system is not necessary for most incorrect guesses, and use of Gray code helps optimizing the iteration over all possible guesses. Our results show that the complexity of exhaustive search on AIM2, especially AIM2-I and AIM2-III is lower than previously estimated, though still higher than that of AES.