Paper 2025/288
How to Securely Implement Cryptography in Deep Neural Networks
Abstract
The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). The problem is that cryptographic primitives are typically designed to run on digital computers that use Boolean gates to map sequences of bits to sequences of bits, whereas DNNs are a special type of analog computer that uses linear mappings and ReLUs to map vectors of real numbers to vectors of real numbers. This discrepancy between the discrete and continuous computational models raises the question of what is the best way to implement standard cryptographic primitives as DNNs, and whether DNN implementations of secure cryptosystems remain secure in the new setting, in which an attacker can ask the DNN to process a message whose "bits" are arbitrary real numbers.
In this paper we lay the foundations of this new theory, defining the meaning of correctness and security for implementations of cryptographic primitives as ReLU-based DNNs. We then show that the natural implementations of block ciphers as DNNs can be broken in linear time by using such nonstandard inputs. We tested our attack in the case of full round AES-128, and had
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Deep learningDNNcryptographycryptanalysisdomain extensionsecure implementation
- Contact author(s)
-
david gerault @ tii ae
anna hambitzer @ tii ae
eyalronen @ tauex tau ac il
adi shamir @ weizmann ac il - History
- 2025-02-20: approved
- 2025-02-19: received
- See all versions
- Short URL
- https://ia.cr/2025/288
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/288, author = {David Gerault and Anna Hambitzer and Eyal Ronen and Adi Shamir}, title = {How to Securely Implement Cryptography in Deep Neural Networks}, howpublished = {Cryptology {ePrint} Archive, Paper 2025/288}, year = {2025}, url = {https://eprint.iacr.org/2025/288} }