There has been this common belief among a large sector of academicians and researchers about Artificial Intelligence (AI) and Cryptography – “They are not relatable” or “There is nothing about Cryptography that AI can do.” Up until times when AI was still quite invisible, one might have continued believing the domains to be mutually exclusive. But is this belief still intact? Let’s find out.
Ronald L. Rivest in year 1991 published his work Cryptography and Machine Learning where he brings out not only the relationship between both domains but also how each one influences another. Furthermore he also mentions how both can be combined in future! Even much before that as is mentioned in the paper, the PhD thesis of Michael Kearns also brings out the relationship between both the powerful domains.
The relationship cited in Rivest’s paper is quite comprehensive. In cryptography a cryptanalyst tries to break the cipher algorithm by analyzing pairs of ciphertexts and plaintexts so as to “Learn” the particular decryption function. Likewise, Machine Learning is all about finding the set of inputs and outputs such that, the particular function causing the input-output relationships can be learnt. Also, it is mentioned how Machine Learning principle can help in making a cryptographic algorithms more resilient to attack. For Machine Learning, the size of the function or degree of functional polynomial is kept secret to prevent overfitting of data in presence of noise. It is believed that if the key size in cryptography is also kept secret unlike in conventional scenarios, then the attack potential will become higher and more complicated.
This classic paper has inspired nearly hundreds of cryptography oriented research works as of today. There have been researches demonstrating the sensitivity and failure of certain lightweight ciphers when deep neural network based fault attack is exhibited on their S-boxes. Another research highlights the possibility to distinguish ciphertexts of reduced-round cipher using deep neural network technique on random sequences. The research also highlights the significant improvement in statistical analysis as compared to traditional methods.
Interestingly, over the time researchers have taken greater interest towards the convergence of AI techniques and Cryptography towards cryptanalytic efficiency. For instance, researchers have trained Deep Learning models under a known-plaintext scenario to successfully recover the random key of S-DES cryptographic algorithm. Similarly, Template Analysis Pre-trained DL Classification model named TAPDC has been developed by researchers using convolutional neural network to perform side-channel analysis in an effective manner. Researchers have recently identified weaknesses in a well-known ultralightweight authentication protocol with the use of AI techniques. Other interesting and non-conventional encryption methods improved with AI include, but are not limited to, searchable encryption and format-preserving encryption.
Given the new-age of highly constrained systems with lack of capacity to accomodate conventional ciphers, lightweight ciphers have been tremendously emerging so as to ensure security in ultra-small products. In such a scenario where reduced-rounds and compact cryptoprimitives are used, possibilities of having design flaws and especially attack methods based on mere pattern analysis in strategic manner, is highly possible. The benefit of identifying weaknesses in existing cryptographic algorithms (especially lightweight ones) using AI techniques not only shows how convenient it is to attempt and break them by mere pattern analysis, but also alerts designers to strategically design advanced algorithms that are resilient to sophisticated AI-powered attacks. AI has been used to design several symmetric cryptographic primitives and S-boxes resilient to various cryptographic attacks.
With our previous understanding on how AI based adversarial attacks can be conveniently used to fool contemporary systems, it is realized that in near future, AI can be harnessed effectively to break complex cryptosystems with sufficient and right data samples.
Both domains of AI and cybersecurity intersect at a point where they are based on certain polynomial functions and in either domain, all it takes is to identify that particular function that can relate a set of inputs and outputs. Therefore, this intersection of the domains can help AI to make cryptographic domain even more robust and resilient.
Can you think of ways in which Cryptography can improve AI?