Can ML be used to overcome cryptography

anonymous bear

11/7/23, 7:18 AM

I saw some recent papers(e.g Encrypted DNS --> Privacy? A Traffic Analysis Perspective) about adopting ML technology to overcome cryptography implemented to ensure network security. Network packets have a fixed form and limited possibilities for each section which could be used as side-channels. I'm wondering what are the main challenges here to overcome cryptography and some mitigations for ML approach(i.e which cryptography scheme or algorithm counters ML strategy).

I don't need to break the whole algorithm. I need to find some side-channels in reality for cryptography in network packet. Because of cryptography, some network packets don't have traffic-level protection, thus, the content can be viewed by attackers. I can view that packet as a vector <IP,Protocol,...,data>. If some of them are encrypted, can I use ML strategy with a sufficient amount of training set to extract the feature of what I want to know(i.e feed in a cypher and output the protocol).

285

2 + 0

algorithm-design

machine-learning

Score:2

Crypto

Polytropos

11/7/23, 9:33 PM

In principle, the goal of symmetric cipher designers is that there should be no algorithm solving the cipher faster than well-optimized brute force search (both classically and quantumly, where the quantum equivalent of brute force search is usually taken to be Grover's algorithm). If that goal is achieved, then by assumption machine learning cannot provide a shortcut attack or help to find such an attack, simply because no such attack exists. The best that machine learning might do in that situation is to aid the designer of a brute-force solver in squeezing the maximum amount of performance out of the energy/silicon/development work they are willing to invest. That help might still be extremely useful to an attacker who is trying to run an attack that is just at the edge of feasibility otherwise, but it won't put a work factor $\approx 2^{127}$ attack (i.e. breaking AES) into their reach.

However, for practically relevant cryptographic primitives, there is currently no proof that no efficient algorithmic break exists. What we do have are:

proofs that show cryptographic schemes secure with regards to specific security requirements under the assumption that all components are secure or that certain computational problems that are not themselves cryptographic (such as integer factorisation) are hard,
proofs that certain attack strategies cannot work (e.g. no useful single-trail linear distinguishers against more than n rounds of cipher X)
strong heuristic arguments that simple extensions of these strategies don't work (e.g. no differential distinguishers of any kind against cipher X under the Markov assumption),
very skilled cryptographers trying to break the primitive in question using all techniques available to them (including ML) and only succeeding for reduced versions, with some security margin left.

ML techniques can be useful as one of a number of tools at the disposal of a cryptanalyst to help figure out the security properties of parts of a cipher. The most popular way ML is used in cryptanalysis is currently the learning of differential-like distinguishers against parts of small block ciphers. In that function, ML methods have certainly found unexpected things. However, the construction of state-of-the-art attacks from the resulting distinguishers then still requires a significant amount of cryptanalytic expertise. A recent example is e.g. this paper from Asiacrypt 2022.

Of course, AI/ML methods can also be used to break cryptographic implementations instead of analyzing the underlying algorithms. Neural networks have, for instance, been wildly successful at exploiting side-channel leakage from cryptographic implementations. These attacks basically exploit the fact that the circuit which runs a cryptographic algorithm will as a by-product of its operations consume power or emit electromagnetic radiation or even sounds and that these physical side-effects of computation carry along information about the secrets processed. Using sufficiently sensitive measuring equipment and clever processing (that is where the neural networks come in), this can practically break real cryptographic implementations. Again, however, state of the art attacks still require very significant expertise on the part of the analyst.

There is a lot of literature on countermeasures against these attacks. The countermeasures are not designed to block AI-based attacks specifically, but to try to block any exploitation of compromising emanations. The countermeasures known can most certainly be made effective against a wide range of realistic attackers, but this comes at a cost. Reducing that cost is very much an area of active research.

+ 2

kodlu

11/8/23, 2:24 AM

Interesting. The paper you quoted states: "The provided rules of thumb on turning (*tuning?*) parameters in the UCB and Bayesian optimization-based key-recovery phase are helpful but far from perfect. For this advanced key-recovery strategy to be widely applied, a rigorous theoretical model on the relation between attack parameters, attack complexity, and success probability is missing, and the building of which is left as future work.

kodlu

11/8/23, 2:26 AM

**This is a generic problem with ML based approaches.** Unlike here there are impressive applications of ML (to other problems) but understanding is often lacking even after many years. And I am skeptical that ML based round modeling will not suffer from the same decay in success probability when rounds are increased like in classical statistical attacks ?

Score:1

Crypto

kodlu

11/7/23, 12:12 PM

You should really put more details on the paper(s) you saw. Most likely they are about applying ML to a network situation where cryptography is used in some manner judging by the

Encrypted DNS =>Privacy? A Traffic Analysis Perspective

snippet. Encryption is a primitive which has (hopefully) ideal randomness properties. Machine Learning cannot help break a well-designed encryption scheme since the design process and testing and cryptanalysis includes detailed checks and proofs that no exploitable patterns exist in the output that can be used to guess the input at better than brute force. Moreover, encryption is built on discrete domains, binary vector spaces, finite fields, finite groups whereas ML typically makes use of continuity to perform.

If there is an explicit scheme that uses encryption which has been designed and deployed in a way that leaks patterns, that's a different story, but that would not be an attack on the encryption. That question cannot be answered unless asked properly and clearly.

See related questions on this topic.

Any practical uses of machine learning for cryptography?

Machine learning to break imperfect randomness

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can ML be used to overcome cryptography

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.