Polynomial Time Cryptanalytic Extraction of Neural Network Models

Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box implementations. Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto 2020 by Carlini, Jagielski, and Mironov. It resembles a differential chosen plaintext attack on a cryptosystem, which has a secret key embedded in its black-box implementation and requires a polynomial number of queries but an exponential amount of time (as a function of the number of neurons). In this paper, we improve this attack by developing several new techniques that enable us to extract with arbitrarily high precision all the real-valued parameters of a ReLU-based DNN using a polynomial number of queries and a polynomial amount of time. We demonstrate its practical efficiency by applying it to a full-sized neural network for classifying the CIFAR10 dataset, which has 3072 inputs, 8 hidden layers with 256 neurons each, and over million neuronal parameters. An attack following the approach by Carlini et al. requires an exhaustive search over 2 to the power 256 possibilities. Our attack replaces this with our new techniques, which require only 30 minutes on a 256-core computer

Polynomial Time Cryptanalytic Extraction of Neural Network Models

Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box implementations. Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto’20 by Carlini, Jagielski, and Mironov. It resembles a differential chosen plaintext attack on a cryptosystem, which has a secret key embedded in its black-box implementation and requires a polynomial number of queries but an exponential amount of time (as a function of the number of neurons). In this paper, we improve this attack by developing several new techniques that enable us to extract with arbitrarily high precision all the real-valued parameters of a ReLU-based DNN using a polynomial number of queries and a polynomial amount of time. We demonstrate its practical efficiency by applying it to a full-sized neural network for classifying the CIFAR10 dataset, which has 3072 inputs, 8 hidden layers with 256 neurons each, and about 1.2 million neuronal parameters. An attack following the approach by Carlini et al. requires an exhaustive search over 2^256 possibilities. Our attack replaces this with our new techniques, which require only 30 minutes on a 256-core computer

Deep Learning based Cryptanalysis of Stream Ciphers

Conventional cryptanalysis techniques necessitate an extensive analysis of non-linear functions defining the relationship of plain data, key, and corresponding cipher data. These functions have very high degree terms and make cryptanalysis work extremely difficult. The advent of deep learning algorithms along with the better and efficient computing resources has brought new opportunities to analyze cipher data in its raw form. The basic principle of designing a cipher is to introduce randomness into it, which means the absence of any patterns in cipher data. Due to this fact, the analysis of cipher data in its raw form becomes essential. Deep learning algorithms are different from conventional machine learning algorithms as the former directly work on raw data without any formal requirement of feature selection or feature extraction steps. With these facts and the assumption of the suitability of employing deep learning algorithms for cipher data, authors introduced a deep learning based method for finding biases in stream ciphers in the black-box analysis model. The proposed method has the objective to predict the occurrence of an output bit/byte at a specific location in the stream cipher generated keystream. The authors validate their method on stream cipher RC4 and its improved variant RC4A and discuss the results in detail. Further, the authors apply the method on two more stream ciphers namely Trivium and TRIAD. The proposed method can find bias in RC4 and shows the absence of this bias in its improved variant and other two ciphers. Focusing on RC4, the authors present a comparative analysis with some existing methods in terms of approach and observations and showed that their process is more straightforward and less complicated than the existing ones

Distinguishing Lightweight Block Ciphers in Encrypted Images

Modern day lightweight block ciphers provide powerful encryption methods for securing IoT communication data. Tiny digital devices exchange private data which the individual users might not be willing to get disclosed. On the other hand, the adversaries try their level best to capture this private data. The first step towards this is to identify the encryption scheme. This work is an effort to construct a distinguisher to identify the cipher used in encrypting the traffic data. We try to establish a deep learning based method to identify the encryption scheme used from a set of three lightweight block ciphers viz. LBlock, PRESENT and SPECK. We make use of images from MNIST and fashion MNIST data sets for establishing the cryptographic distinguisher. Our results show that the overall classification accuracy depends firstly on the type of key used in encryption and secondly on how frequently the pixel values change in original input image

Machine Learning-Enhanced Advancements in Quantum Cryptography: A Comprehensive Review and Future Prospects

Quantum cryptography has emerged as a promising paradigm for secure communication, leveraging the fundamental principles of quantum mechanics to guarantee information confidentiality and integrity. In recent years, the field of quantum cryptography has witnessed remarkable advancements, and the integration of machine learning techniques has further accelerated its progress. This research paper presents a comprehensive review of the latest developments in quantum cryptography, with a specific focus on the utilization of machine learning algorithms to enhance its capabilities. The paper begins by providing an overview of the principles underlying quantum cryptography, such as quantum key distribution (QKD) and quantum secure direct communication (QSDC). Subsequently, it highlights the limitations of traditional quantum cryptographic schemes and introduces how machine learning approaches address these challenges, leading to improved performance and security. To illustrate the synergy between quantum cryptography and machine learning, several case studies are presented, showcasing successful applications of machine learning in optimizing key aspects of quantum cryptographic protocols. These applicatiocns encompass various tasks, including error correction, key rate optimization, protocol efficiency enhancement, and adaptive protocol selection. Furthermore, the paper delves into the potential risks and vulnerabilities introduced by integrating machine learning with quantum cryptography. The discussion revolves around adversarial attacks, model vulnerabilities, and potential countermeasures to bolster the robustness of machine learning-based quantum cryptographic systems. The future prospects of this combined field are also examined, highlighting potential avenues for further research and development. These include exploring novel machine learning architectures tailored for quantum cryptographic applications, investigating the interplay between quantum computing and machine learning in cryptographic protocols, and devising hybrid approaches that synergistically harness the strengths of both fields. In conclusion, this research paper emphasizes the significance of machine learning-enhanced advancements in quantum cryptography as a transformative force in securing future communication systems. The paper serves as a valuable resource for researchers, practitioners, and policymakers interested in understanding the state-of-the-art in this multidisciplinary domain and charting the course for its future advancements

Like an Open Book? Read Neural Network Architecture with Simple Power Analysis on 32-bit Microcontrollers

Model extraction is a growing concern for the security of AI systems. For deep neural network models, the architecture is the most important information an adversary aims to recover. Being a sequence of repeated computation blocks, neural network models deployed on edge-devices will generate distinctive side-channel leakages. The latter can be exploited to extract critical information when targeted platforms are physically accessible. By combining theoretical knowledge about deep learning practices and analysis of a widespread implementation library (ARM CMSIS-NN), our purpose is to answer this critical question: how far can we extract architecture information by simply examining an EM side-channel trace? For the first time, we propose an extraction methodology for traditional MLP and CNN models running on a high-end 32-bit microcontroller (Cortex-M7) that relies only on simple pattern recognition analysis. Despite few challenging cases, we claim that, contrary to parameters extraction, the complexity of the attack is relatively low and we highlight the urgent need for practicable protections that could fit the strong memory and latency requirements of such platforms.Comment: Accepted CARDIS 2023; ANR PICTURE PROJECT (ANR-20-CE39-0013