Google AI Invents Its Own Cryptographic Algorithm

Google Brain has created two artificial intelligences that evolved their own cryptographic algorithm to protect their messages from a third AI, which was trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch.

The Google Brain team (which is based out in Mountain View and is separate from Deep Mind in London) started with three fairly vanilla neural networks called Alice, Bob, and Eve. Each neural network was given a very specific goal: Alice had to send a secure message to Bob; Bob had to try and decrypt the message; and Eve had to try and eavesdrop on the message and try to decrypt it. Alice and Bob have one advantage over Eve: they start with a shared secret key (i.e. this is symmetric encryption).

Importantly, the AIs were not told how to encrypt stuff, or what crypto techniques to use: they were just given a loss function (a failure condition), and then they got on with it. In Eve's case, the loss function was very simple: the distance, measured in correct and incorrect bits, between Alice's original input plaintext and its guess. For Alice and Bob, the loss function was a bit more complex: if Bob's guess (again measured in bits) was too far from the original input plaintext, it was a loss; for Alice, if Eve's guesses are better than random guessing, it's a loss. And thus an adversarial generative network (GAN) was created.

Alice, Bob, and Eve all shared the same "mix and transform" neural network architecture, but they were initialised independently and had no connection other than Alice and Bob's shared key. For Alice the key and plaintext are input into the first layer of the neural network; for Bob the key and the ciphertext were input; and for Eve, she got just the ciphertext.

The first layer is fully-connected, so the text and key can mix about. Following the first layer there are a number of convolutional layers, which learn to apply a function to the bits that were handed to it by the previous layer. They don't know what that function might be; they just learn as they go along. For Alice, the final layer spits out some ciphertext; Bob and Eve output what they hope is the plaintext.

The results were... a mixed bag. Some runs were a complete flop, with Bob never able to reconstruct Alice's messages. Most of the time, Alice and Bob did manage to evolve a system where they could communicate with very few errors. In some tests, Eve showed an improvement over random guessing, but Alice and Bob then usually responded by improving their cryptography technique until Eve had no chance.

The researchers didn't perform an exhaustive analysis of the encryption methods devised by Alice and Bob, but for one specific training run they observed that it was both key- and plaintext-dependent. "However, it is not simply XOR. In particular, the output values are often floating-point values other than 0 and 1," they said.

In conclusion, the researchers, Martín Abadi and David G. Andersen, said that neural networks can indeed learn to protect their communications, just by telling Alice to value secrecy above all else, and importantly, that secrecy can be obtained without prescribing a certain set of cryptographic algorithms.

There is more to cryptography than just symmetric encryption of data, though, and the researchers said that future work might look at steganography (concealing data within other types of media) and asymmetric (public-key) encryption. On whether Eve might ever become a decent adversary, the researchers said: "While it seems improbable that neural networks would become great at cryptanalysis, they may be quite effective in making sense of metadata and in traffic analysis."

Ars Technica:      Artificial Brains to Protect Against Cyberattacks:

« WhatsApp U-turn On Privacy Gets EU Challenge
UK To Increase National Cyber Defences »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.