Google AI Invents Its Own Cryptographic Algorithm

Uploaded on 2016-11-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Developments

Google Brain has created two artificial intelligences that evolved their own cryptographic algorithm to protect their messages from a third AI, which was trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch.

The Google Brain team (which is based out in Mountain View and is separate from Deep Mind in London) started with three fairly vanilla neural networks called Alice, Bob, and Eve. Each neural network was given a very specific goal: Alice had to send a secure message to Bob; Bob had to try and decrypt the message; and Eve had to try and eavesdrop on the message and try to decrypt it. Alice and Bob have one advantage over Eve: they start with a shared secret key (i.e. this is symmetric encryption).

Importantly, the AIs were not told how to encrypt stuff, or what crypto techniques to use: they were just given a loss function (a failure condition), and then they got on with it. In Eve's case, the loss function was very simple: the distance, measured in correct and incorrect bits, between Alice's original input plaintext and its guess. For Alice and Bob, the loss function was a bit more complex: if Bob's guess (again measured in bits) was too far from the original input plaintext, it was a loss; for Alice, if Eve's guesses are better than random guessing, it's a loss. And thus an adversarial generative network (GAN) was created.

Alice, Bob, and Eve all shared the same "mix and transform" neural network architecture, but they were initialised independently and had no connection other than Alice and Bob's shared key. For Alice the key and plaintext are input into the first layer of the neural network; for Bob the key and the ciphertext were input; and for Eve, she got just the ciphertext.

The first layer is fully-connected, so the text and key can mix about. Following the first layer there are a number of convolutional layers, which learn to apply a function to the bits that were handed to it by the previous layer. They don't know what that function might be; they just learn as they go along. For Alice, the final layer spits out some ciphertext; Bob and Eve output what they hope is the plaintext.

The results were... a mixed bag. Some runs were a complete flop, with Bob never able to reconstruct Alice's messages. Most of the time, Alice and Bob did manage to evolve a system where they could communicate with very few errors. In some tests, Eve showed an improvement over random guessing, but Alice and Bob then usually responded by improving their cryptography technique until Eve had no chance.

The researchers didn't perform an exhaustive analysis of the encryption methods devised by Alice and Bob, but for one specific training run they observed that it was both key- and plaintext-dependent. "However, it is not simply XOR. In particular, the output values are often floating-point values other than 0 and 1," they said.

In conclusion, the researchers, Martín Abadi and David G. Andersen, said that neural networks can indeed learn to protect their communications, just by telling Alice to value secrecy above all else, and importantly, that secrecy can be obtained without prescribing a certain set of cryptographic algorithms.

There is more to cryptography than just symmetric encryption of data, though, and the researchers said that future work might look at steganography (concealing data within other types of media) and asymmetric (public-key) encryption. On whether Eve might ever become a decent adversary, the researchers said: "While it seems improbable that neural networks would become great at cryptanalysis, they may be quite effective in making sense of metadata and in traffic analysis."

Ars Technica:      Artificial Brains to Protect Against Cyberattacks:

« WhatsApp U-turn On Privacy Gets EU Challenge
UK To Increase National Cyber Defences »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

Endari

Endari

Endari specializes in building cybersecurity maturity within the operational DNA of early-stage startups and SMBs.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.

CelcomDigi

CelcomDigi

CelcomDigi aspire to be Malaysia’s top Telco-Tech company, transforming beyond core connectivity to lead digitalization and innovation as part of nation-building.