Next Article in Journal / Special Issue
A Survey of Post-Quantum Cryptography: Start of a New Race
Previous Article in Journal
Boosting Quantum Key Distribution via the End-to-End Loss Control
Previous Article in Special Issue
Anonymous Homomorphic IBE with Application to Anonymous Aggregation
 
 
Article
Peer-Review Record

Applications of Neural Network-Based AI in Cryptography

Cryptography 2023, 7(3), 39; https://doi.org/10.3390/cryptography7030039
by Abderrahmane Nitaj 1,* and Tajjeeddine Rachidi 2
Reviewer 1:
Reviewer 2: Anonymous
Reviewer 3:
Reviewer 4: Anonymous
Cryptography 2023, 7(3), 39; https://doi.org/10.3390/cryptography7030039
Submission received: 9 July 2023 / Revised: 2 August 2023 / Accepted: 4 August 2023 / Published: 11 August 2023
(This article belongs to the Collection Survey of Cryptographic Topics)

Round 1

Reviewer 1 Report

 

 The following comments guide for the authors to enhance their paper:

 

the authors need to add a section on lightweight cryptography and AEAD schemes. AEAD substitution and permutation networks. Possibly AI-based SPN, which can resist various attacks as the research direction.

 

Add a notation table to understand the paper.

The author can add the blockchain and AI/ML sections in the paper to enhance the quality of the paper.

N/A

Author Response

Dear reviewer,

Thank you very much for your valuable comments. We have followed your comments and suggestions to improve the paper. Please note that all the line numbers refer to the new version of the manuscript.

Best wishes,

The authors.

*****************************

- The authors need to add a section on lightweight cryptography and AEAD schemes. AEAD substitution and permutation networks. Possibly AI-based SPN, which can resist various attacks as the research direction.

 AEAD schemas are considered “modes of operations of a cipher”. These are GCM and CBC. They can be used with any Block cipher and in particular with AES which is a Substitution Permutation Network. Section addresses possible attacks on the Substitution part, which is the non-linear component of a cipher.

As for lightweight cryptography, the article has been extended to include the latest NIST standard, that is the ASCON family (see reference below).

Dobraunig, C., Eichlseder, M., Mendel, F. et al. ASCON v1.2: Lightweight Authenticated Encryption and Hashing. J Cryptol 34, 33 (2021). https://doi.org/10.1007/s00145-021-09398-9

- Add a notation table to understand the paper.

Many notations are only relevant locally, so we have added a table at the end of the manuscript for the notations that are used through the paper.

- The author can add the blockchain and AI/ML sections in the paper to enhance the quality of the paper.

The application of AI to Blockchain is already mentioned in the paper, lines 247-252 in the new version.

Reviewer 2 Report

The review paper investigates Artificial Intelligence (AI) applications in cryptography. The introduction provides a clear and concise overview of the research topic, highlighting AI's importance in enhancing cyberspace's confidentiality and integrity through cryptography. The background information provided is sufficient and relevant, and all the relevant references are included. However, it would be beneficial to provide more context on the current state of the field and the limitations of existing approaches. Here are my comments on the manuscript:

 

1. The cited references are relevant to the research, and the authors have done an excellent job selecting recent and high-quality sources. However, providing more detailed explanations of how each reference is relevant to the research and how it contributes to the overall argument would be helpful.

 

2. The research design is appropriate for the research question, and the methods are adequately described. The authors have clearly explained the AI and Machine Learning (ML) techniques used in the study and how they are applied to cryptography. However, providing more information on the specific datasets used in the study and how they were selected would be beneficial.

 

3. The results are presented, and the authors have done an excellent job of explaining the findings. However, providing more detailed explanations of the statistical analyses used and how they support the conclusions would be helpful.

 

4. The results support the conclusions, and the authors have done an excellent job summarizing the essential findings and their implications for future research. However, it would be beneficial to provide more information on the study's limitations and how they may impact the generalizability of the findings.

 

 

Overall, this is a well-written and informative paper that makes a valuable contribution to the field of cryptography. The authors have done an excellent job selecting relevant sources and presenting their findings clearly and concisely. However, there is room for improvement in providing more context on the field's current state, explaining the relevance of each reference, and providing more detailed explanations of the statistical analyses used.

Author Response

Dear reviewer,

Thank you very much for your valuable comments. We have followed your comments and suggestions to improve the paper. Please note that all the line numbers refer to the new version of the manuscript.

Best wishes,

The authors

*****************************

1. The cited references are relevant to the research, and the authors have done an excellent job selecting recent and high-quality sources. However, providing more detailed explanations of how each reference is relevant to the research and how it contributes to the overall argument would be helpful.

The references are always linked to the text where they appear. If we give more details on each reference, this would be too long and may require the introduction of lots of mathematical foundation for cryptography.

2. The research design is appropriate for the research question, and the methods are adequately described. The authors have clearly explained the AI and Machine Learning (ML) techniques used in the study and how they are applied to cryptography. However, providing more information on the specific datasets used in the study and how they were selected would be beneficial.

We described how typically the dataset is generated in the paragraph:

Datasets are structured collections of data used to train a model for the non-linear trapdoor function $C=F(K,M)$. They consist in pairs of collected $(M,C)$ that are generated synthetically at the design phases of $F$. Typically, all combinations of $Ms$ and their differences are generated and fed to $F$ to obtain $Cs$ leading to a balanced dataset of pairs $(M,C)$.

3. The results are presented, and the authors have done an excellent job of explaining the findings. However, providing more detailed explanations of the statistical analyses used and how they support the conclusions would be helpful.

Sorry, we think that your remark is not applicable since the manuscript is a kind of survey and there are no statistical results.

4. The results support the conclusions, and the authors have done an excellent job summarizing the essential findings and their implications for future research. However, it would be beneficial to provide more information on the study's limitations and how they may impact the generalizability of the findings.

Limitations of ANNs have been added and referenced in lines 288 and 289 of the new manuscript.

5. Overall, this is a well-written and informative paper that makes a valuable contribution to the field of cryptography. The authors have done an excellent job selecting relevant sources and presenting their findings clearly and concisely. However, there is room for improvement in providing more context on the field's current state, explaining the relevance of each reference, and providing more detailed explanations of the statistical analyses used.

Sorry, we think that your remark is not applicable since the manuscript is a kind of survey and there are no statistical results.

 

Reviewer 3 Report

The paper presented the authors' finding on how Artificial Intelligence (AI) can be used to enhance Cryptography. The motivation is quite clear and the authors correctly pointed out the lacking of application of AI in cryptography domain despite AI has been utilized in many computing aspects. 

The selection of three cryptosystems (AES, RSA and LWE) is quite straightforward. For each of the system, the authors presented sufficient details and followed by their findings from literatures on how AI might be used in each of the system.

The writing can be slightly improved by careful proofreading. There are few typos across the manuscript. The heading of Section 3 is also unclear and not descriptive. 

Overall, the paper can be considered as a survey paper.

 

The paper presented the authors' finding on how Artificial Intelligence (AI) can be used to enhance Cryptography. The motivation is quite clear and the authors correctly pointed out the lacking of application of AI in cryptography domain despite AI has been utilized in many computing aspects. 

The selection of three cryptosystems (AES, RSA and LWE) is quite straightforward. For each of the system, the authors presented sufficient details and followed by their findings from literatures on how AI might be used in each of the system.

The writing can be slightly improved by careful proofreading. There are few typos across the manuscript. The heading of Section 3 is also unclear and not descriptive. 

Overall, the paper can be considered as a survey paper.

 

Author Response

Dear reviewer,

Thank you very much for your valuable comments. We have followed your comments and suggestions to improve the paper. Please note that all the line numbers refer to the new version of the manuscript.

Best wishes,

The authors.

*****************************

The writing can be slightly improved by careful proofreading. There are few typos across the manuscript. The heading of Section 3 is also unclear and not descriptive. 

The paper has been proofread and typos corrected.

The subtitle of section 3 is changed to “3. ANNs Types and their Domains of Applications”

Reviewer 4 Report

The subject of this paper is interesting and relevant to the journal topics. The authors propose a review of the machine based methods in the domain of cryptography. The proposed review is well structured and provides different aspects of the ML methods in this domain.

Unfortunately, in this paper, the authors consider only NN-based methods from all machine leaning methods. And some passages in paper are not correct and unsubstantiated assertions:

-          (l.132-1370Among the well-known algorithms for machine learning are Linear and Logistic Regression, Support Vector Machine (SVM), and Artificial Neural Networks (ANNs). The latter have proven to be more powerful than the rest in most applications including Computer Vision (CV), Natural Language Processing (NLP), and control. Each algorithm is characterized by a set of parameters that it tries to compute/learn. These are called a model.

Why decision tree based methods are ignored? Do you consider the application of fuzzy classifiers? Could you provide the studies in which this statement is proved? What is about cryptography? What can say about NN efficiency for restricted and unbalanced datasets? Are NNs effective in the case of interpretability of the result?

-          (l. 167-170) “Due to their high performance, measured in terms of accuracy of the output predicted by the network, ANN-based learning agents came to shadow all other types of intelligent agents, including the ones that use other machine learning techniques, and become a synonym of AI. Unless otherwise specified, we will also use the term AI to designate ANNs.”

In the professional community, there are exact structured representation relationships of AI, ML and deep learning. NN-based method is not a panacea, see, for example, Mukhamediev, R.I.; Popova, Y.; et al. Review of Artificial Intelligence and Machine Learning Technologies: Classification, Restrictions, Opportunities and Challenges. Mathematics 2022, 10, 2552. https://doi.org/10.3390/math10152552

Why do you consider accuracy only? There are other metrics for the evaluation of the AI-based methods evaluation (sensitivity, availability F1 scope, etc), for example, see evaluation of classification result in Rabcan, J.; Zaitseva, E.; Levashenko, V.; Kvassay, M.; Surda, P.; Macekova, D. Fuzzy Decision Tree Based Method in Decision-Making of COVID-19 Patients’ Treatment. Mathematics 2021, 9, 3282. https://doi.org/10.3390/math9243282

 

This author's statement doesn’t allow the consideration of the proposed review as correct. As minimal the paper title must be changed and the advantages and disadvantages of the NN-based method are presented. I’d like to recommend considering the background studies:

·  Wolpert, D.; Macready, W. No free lunch theorems for optimization. IEEE Trans. Evol. Comput. 1997, 1, 67–82.]

·  Fernández-Delgado, M.; Cernadas, E.; Barro, S.; Amorim, D. Do we need hundreds of classifiers to solve real world classification problems? J. Mach. Learn. Res. 2014, 15, 3133–3181.

·  Kaur, A.; Kaur, I. An empirical evaluation of classification algorithms for fault prediction in open source projects. J. King Saud Univ.—Comput. Inf. Sci. 2018, 30, 2–17.

Author Response

Dear reviewer,

Thank you very much for your valuable comments. We have followed your comments and suggestions to improve the paper. Please note that all the line numbers refer to the new version of the manuscript.

Best wishes,

The authors.

*****************************

Unfortunately, in this paper, the authors consider only NN-based methods from all machine leaning methods. And some passages in paper are not correct and unsubstantiated assertions:

Indeed among all the ML techniques/algorithms we opted to focus on Neural-Network based ones (Feed forward, Generative Adversarial Networks, Recurrent Neural Networks, Convolutional Neural Networks, Transformers, Graph Neural Nets etc.) because of two major reasons:

  1. The high potential of this type of ML techniques as demonstrated by the recent development in LLMs, ChatGPT, Bard etc. and in Machine vision YOLO5 etc., and

  2. (ii) NN-based techniques lend themselves naturally to approximate XXXX non-linear functions which is what ciphers and their main building blocks S-Box are. i.e. ciphertext = f(plaintext, key) where ciphertext, plaintext and key are elements of a ring or a Galoi field depending on the cipher.

-          (l.132-1370Among the well-known algorithms for machine learning are Linear and Logistic Regression, Support Vector Machine (SVM), and Artificial Neural Networks (ANNs). The latter have proven to be more powerful than the rest in most applications including Computer Vision (CV), Natural Language Processing (NLP), and control. Each algorithm is characterized by a set of parameters that it tries to compute/learn. These are called a model.

Why decision tree based methods are ignored? Do you consider the application of fuzzy classifiers? Could you provide the studies in which this statement is proved? What is about cryptography? What can say about NN efficiency for restricted and unbalanced datasets? Are NNs effective in the case of interpretability of the result?

Why decision trees are ignored?

As mentioned before, the paper makes the deliberate decision to focus on NN only. This said, invariably, the input to any ML technique that tries to learn the plaintext or the key from the ciphertext are pairs of numbers (plaintext, ciphertext) where the ciphertext is the label, and the plaintext is one feature. This learning can happen at the level of the cipher, or at the level of the substitution S-box for symmetric ciphers (for Subbytes() for AES).

Decision trees are rather adequate for tabular datasets with many features (f1, f2, …. Label). One may be tempted to consider every bit of the input plaintext as an independent binary feature, but the permutation operations in the cipher are designed specifically to break any statistical information in the bits or differences of bits.

Do you consider the application of fuzzy classifiers?

Fuzzy logic is prescribed when there is lack of confidence in data. Fuzzy systems produce decimal output based on the “degree of truth” of input. In cryptography the degree of truth in Input is always 1, which makes Fuzzy logic not appropriate for arbitrary non-linear approximation functions.

Could you provide the studies in which this statement is proved?

The following study clearly highlights the fact that NNs perform better that SVM in classification, while requiring fewer number of features (dimensions)

Karaca, Y., Cattani, C., Moonis, M. (2017). Comparison of Deep Learning and Support Vector Machine Learning for Subgroups of Multiple Sclerosis. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2017. ICCSA 2017. Lecture Notes in Computer Science(), vol 10405. Springer, Cham. https://doi.org/10.1007/978-3-319-62395-5_11

The following study also highlights that the accuracy of CNNs outperforms SVMs for large datasets

Pin Wang, En Fan, Peng Wang, (2021). Comparative analysis of image classification algorithms based on traditional machine learning and deep learning, Pattern Recognition Letters, Volume 141, 2021, Pages 61-67, ISSN 0167-8655 https://doi.org/10.1016/j.patrec.2020.07.042.

This said, the article does not claim that NNs always outperform SVMs techniques. The aim of the paper is to point out areas of cryptography where NNs and particularly deep NNs are applicable in the world of cryptography.

The paragraph ((l.132-1370Among the well-k……) is changed to nuance the performance of NNs.

The paragraph now reads:

Due to numerous advantages over other ML techniques, such as the ability to learn hierarchical features, robustness to noise, the ability to handle multiple output and last but not, least the ability to deal with non-linear data, clearly highlighted by the rapid development of Large Language models (LLMs) and object detection, ANN-based learning agents came to shadow other types of intelligent agents, including the ones that use other machine learning techniques. They have become a synonym of AI. Unless otherwise specified, we will also use the term AI to designate agents that use ANNs.

What is about cryptography?

Like it was mentioned before, ciphers and their main building blocks S-Box are mappings between elements of a Finite Ring or a Field, i.e. ciphertext = f(plaintext, key) where ciphertext, plaintext and key are elements of a ring or a Field depending on the cipher, so NN-based techniques lend themselves naturally to approximate non-linear functions. Hence our focus on the use of NNs in Cryptography.

A paragraph is added to the paper to highlight this.

What can say about NN efficiency for restricted and unbalanced datasets?

The dataset typically used when trying to model or extract the differential statistics of the mapping ciphertext = f(plaintext, key), is the pair (plaintext, ciphertext), and is generated synthetically during the design phases of the S-box. Typically, all combinations of plaintext and differences of plaintext are generated leading to a balanced dataset.

Are NNs effective in the case of interpretability of the result?

Unlike in areas like Health, Explainable AI (XAI) is not a concern when designing ciphers. You either learn to predict the (sub)-key (or to predict the right plaintext from a given ciphertext) or not. If yes, you need to update the domain parameters for the cipher. If not, then the cipher would have demonstrated strength against the model.

What about cryptography?

The following text has been added:

For symmetric ciphers, algebraic attacks can be expressed as: finding the non-linear function that links the plaintext, the ciphertext and the key, such that $ciphertext=f(plaintext,key)$, where $f$ is the function that implements the substitution round or the whole cipher, $plaintext$ and $ciphertext$ indicate normal or differential input and output of the round function or the cipher, and $key$ designate a round key or the cipher key.

-          (l. 167-170) “Due to their high performance, measured in terms of accuracy of the output predicted by the network, ANN-based learning agents came to shadow all other types of intelligent agents, including the ones that use other machine learning techniques, and become a synonym of AI. Unless otherwise specified, we will also use the term AI to designate ANNs.”

In the professional community, there are exact structured representation relationships of AI, ML and deep learning. NN-based method is not a panacea, see, for example, Mukhamediev, R.I.; Popova, Y.; et al. Review of Artificial Intelligence and Machine Learning Technologies: Classification, Restrictions, Opportunities and Challenges. Mathematics 2022, 10, 2552. https://doi.org/10.3390/math10152552

In complete harmony with the reference provided, Section 2 clearly states that NNs are a subset of ML which in turn is a subset to AI.!! However, we found the reference provided useful to add, especially for the readership which comes from cryptography background.

The paragraph -          (l. 167-170) “Due to their ….. now reads:

A comprehensive review and taxonomy of Artificial Intelligence and Machine Learning techniques together with their restrictions and challenges can be found in \cite{Mukhamediev}. Various architectures of Artificial Neural Networks (ANNs) have proven to be powerful in applications such as Computer Vision (CV) and Natural Language Processing (NLP), and Autonomous driving.

 

Why do you consider accuracy only? There are other metrics for the evaluation of the AI-based methods evaluation (sensitivity, availability F1 scope, etc), for example, see evaluation of classification result in Rabcan, J.; Zaitseva, E.; Levashenko, V.; Kvassay, M.; Surda, P.; Macekova, D. Fuzzy Decision Tree Based Method in Decision-Making of COVID-19 Patients’ Treatment. Mathematics 2021, 9, 3282. https://doi.org/10.3390/math9243282

Indeed, various scores can be generated from the confusion matrix including ROC curve , AUC, and PR to evaluate the performance of classification using machine learning techniques. We did not mean accuracy as in the ratio Correct Predictions/Total Predictions but rather the overall performance.

So to alleviate the ambiguity, the paragraph is changed to read:

(l. 167-170) “Due to numerous advantages such as the ability to deal with non-linear data, ability to learn hierarchical features, robustness to noise, and the ability to handle multiple outputs, ANN-based learning agents came to shadow other types of intelligent agents, including the ones that use other machine learning techniques, and become a synonym of AI. Unless otherwise specified, we will also use the term AI to designate ANNs.”

This author's statement doesn’t allow the consideration of the proposed review as correct. As minimal the paper title must be changed and the advantages and disadvantages of the NN-based method are presented. I’d like to recommend considering the background studies:

·  Wolpert, D.; Macready, W. No free lunch theorems for optimization. IEEE Trans. Evol. Comput. 1997, 1, 67–82.]

·  Fernández-Delgado, M.; Cernadas, E.; Barro, S.; Amorim, D. Do we need hundreds of classifiers to solve real world classification problems? J. Mach. Learn. Res. 2014, 15, 3133–3181.

·  Kaur, A.; Kaur, I. An empirical evaluation of classification algorithms for fault prediction in open source projects. J. King Saud Univ.—Comput. Inf. Sci. 2018, 30, 2–17.

We added a paragraph that reads like this:

This said, and despite the aforementioned advantages, it is not guaranteed that because deep ANNs demonstrated excellent performance for domain problems dealing with language, image, and video, that they will necessarily outperform other ML techniques in cryptography \cite{Wolpert,Fernández}.

Title has been changed to: Applications of Neural Network based AI in Cryptography

Round 2

Reviewer 1 Report

All of the concerns were appropriately handled by the authors.

Author Response

Dear Reviewer,

Thank you very much for your help.

Best regards,

The authors

Reviewer 2 Report

The authors have satisfactorily modified their manuscript according to my previous criticisms. Therefore, I recommend the publication of this manuscript.

Author Response

Dear Reviewer,

Thank you very much for your help.

Best regards,

The authors

Reviewer 4 Report

The subject of this paper is interesting and relevant to the journal topics. The authors propose a review of machine-based methods in the domain of cryptography. The authors have substantially revised the work. The title change to better reflect the content and purpose of the paper. I thank the authors for the detailed answers to all of the comments. For this version of the paper, I’d like to recommend the conclusion extension with a more detailed discussion of (a) the restrictions, limitations, and problems of the neural network application in cryptography, (b) the recommendation for ML based method in cryptography, (c) further research.

Author Response

Dear Reviewer,

Please find below our answers to your valuable comments. Thank you very much for your help.

Best regards,

The authors

********************************

The subject of this paper is interesting and relevant to the journal topics. The authors propose a review of machine-based methods in the domain of cryptography. The authors have substantially revised the work. The title change to better reflect the content and purpose of the paper. I thank the authors for the detailed answers to all of the comments.

For this version of the paper, I’d like to recommend the conclusion extension with a more detailed discussion of (a) the restrictions, limitations, and problems of the neural network application in cryptography, (b) the recommendation for ML based method in cryptography, (c) further research.

\section{Conclusion}\label{Conclusion}

Artificial Intelligence (AI) and particularly deep learning using sophisticated Artificial Neural Network (ANN) architectures is exponentially developing, and gaining practical use in all sectors of daily life. In this paper, we presented areas where the use of AI can help enhance the security of cryptographic systems. We particularly focused on four prominent systems in modern cryptography, namely the Advanced Encryption Standard (AES), the Rivest-Shamir-Adleman (RSA) scheme, the Learning With Errors (LWE) scheme, and the lightweight ASCON ciphers family. We reviewed their security, and pinpointed layers, functions, or areas that can potentially benefit from cryptanalysis that uses advanced ANN architectures.
This said, depending on the function to approximate (\verb"S-Box" and vectorial Boolean functions for AES, \verb"S-Box" and permutations for Ascon, Diophantine equations and factorization for RSA, lattice problems for LWE), ANNs may not necessarily outperform other Machine Learning (ML) techniques. For instance, LWE introduces vectors of errors similar to noise in the encryption process, which may hinder the performance of ANNs since it is a well known fact that ANNs suffer from noisy training data. Experimentation is needed to confirm this intuition. Furthermore, sophisticated ANN architectures can have the tendency to overfit the presented training data, which may lead to errors for unseen encrypted data or plaintext.

Finally, beyond prediction, ANNs do not give any insights on the structure of the function being approximated, which may not help in fine-tuning the function/layer being approximated. For further research, we envisage to experiment with different ANN architectures and build an ANN generator that automatically generate an adversary ANN from the specification of the \verb"S-Box" or the vectorial Boolean function to help cryptosystem designer quickly test the strength of the cryptographic functions and substitution layers.

Concerns of the reviewer are addressed in the two added paragraphs marked in red.

Back to TopTop