Table of Contents
Fetching ...

Cryptanalysis via Machine Learning Based Information Theoretic Metrics

Benjamin D. Kim, Vipindev Adat Vasudevan, Rafael G. L. D'Oliveira, Alejandro Cohen, Thomas Stahlbuhk, Muriel Médard

TL;DR

The paper tackles the challenge of empirically auditing cryptosystems using information-theoretic metrics in a known-plaintext setting. It introduces two ML-driven tools: Mutual Information Neural Estimation to quantify information leakage via $I(X;Y)$ and a Binary Cross Entropy classifier to model IND-CPA indistinguishability under chosen-plaintext attacks. Through evaluations on DES, RSA, AES in ECB and CTR modes, as well as the HUNCC network-coding cryptosystem, it demonstrates that deterministic schemes exhibit higher information leakage and that modified CPA-secure configurations can be detected with high accuracy, while small networks can provide rapid security checks. The work offers practical auditing methods and empirical bounds for cryptosystem robustness, with implications for both classical and network-coded cryptosystems, and suggests ML-based cryptanalysis as a valuable tool to guide secure design and resource allocation for stronger protection.

Abstract

The fields of machine learning (ML) and cryptanalysis share an interestingly common objective of creating a function, based on a given set of inputs and outputs. However, the approaches and methods in doing so vary vastly between the two fields. In this paper, we explore integrating the knowledge from the ML domain to provide empirical evaluations of cryptosystems. Particularly, we utilize information theoretic metrics to perform ML-based distribution estimation. We propose two novel applications of ML algorithms that can be applied in a known plaintext setting to perform cryptanalysis on any cryptosystem. We use mutual information neural estimation to calculate a cryptosystem's mutual information leakage, and a binary cross entropy classification to model an indistinguishability under chosen plaintext attack (CPA). These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem and the results can provide a useful empirical bound. We evaluate the efficacy of our methodologies by empirically analyzing several encryption schemes. Furthermore, we extend the analysis to novel network coding-based cryptosystems and provide other use cases for our algorithms. We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy. It also identifies the faults in CPA-secure cryptosystems with faulty parameters, such a reduced counter version of AES-CTR. We also conclude that with our algorithms, in most cases a smaller-sized neural network using less computing power can identify vulnerabilities in cryptosystems, providing a quick check of the sanity of the cryptosystem and help to decide whether to spend more resources to deploy larger networks that are able to break the cryptosystem.

Cryptanalysis via Machine Learning Based Information Theoretic Metrics

TL;DR

The paper tackles the challenge of empirically auditing cryptosystems using information-theoretic metrics in a known-plaintext setting. It introduces two ML-driven tools: Mutual Information Neural Estimation to quantify information leakage via and a Binary Cross Entropy classifier to model IND-CPA indistinguishability under chosen-plaintext attacks. Through evaluations on DES, RSA, AES in ECB and CTR modes, as well as the HUNCC network-coding cryptosystem, it demonstrates that deterministic schemes exhibit higher information leakage and that modified CPA-secure configurations can be detected with high accuracy, while small networks can provide rapid security checks. The work offers practical auditing methods and empirical bounds for cryptosystem robustness, with implications for both classical and network-coded cryptosystems, and suggests ML-based cryptanalysis as a valuable tool to guide secure design and resource allocation for stronger protection.

Abstract

The fields of machine learning (ML) and cryptanalysis share an interestingly common objective of creating a function, based on a given set of inputs and outputs. However, the approaches and methods in doing so vary vastly between the two fields. In this paper, we explore integrating the knowledge from the ML domain to provide empirical evaluations of cryptosystems. Particularly, we utilize information theoretic metrics to perform ML-based distribution estimation. We propose two novel applications of ML algorithms that can be applied in a known plaintext setting to perform cryptanalysis on any cryptosystem. We use mutual information neural estimation to calculate a cryptosystem's mutual information leakage, and a binary cross entropy classification to model an indistinguishability under chosen plaintext attack (CPA). These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem and the results can provide a useful empirical bound. We evaluate the efficacy of our methodologies by empirically analyzing several encryption schemes. Furthermore, we extend the analysis to novel network coding-based cryptosystems and provide other use cases for our algorithms. We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy. It also identifies the faults in CPA-secure cryptosystems with faulty parameters, such a reduced counter version of AES-CTR. We also conclude that with our algorithms, in most cases a smaller-sized neural network using less computing power can identify vulnerabilities in cryptosystems, providing a quick check of the sanity of the cryptosystem and help to decide whether to spend more resources to deploy larger networks that are able to break the cryptosystem.
Paper Structure (26 sections, 9 equations, 6 figures, 4 tables, 3 algorithms)

This paper contains 26 sections, 9 equations, 6 figures, 4 tables, 3 algorithms.

Figures (6)

  • Figure 1: Framework for IND-CPA through Binary Classification Models
  • Figure 2: MI Estimation Training Results for Baselines.
  • Figure 3: MI Estimation Training Results for Several Cryptosystems on a Smaller Neural Network.
  • Figure 4: MI Estimation Training Results for Several Cryptosystems on a Larger Neural Network.
  • Figure 5: MI Estimation Training Results for HUNCC.
  • ...and 1 more figures