19/07/2024

Ciphertext-only Attack on Classical Ciphers by Using AI

Even Chat GPT-4 could not tell me about papers about codebreaking with AI, but once I came across one paper (see the previous post), googling with its title returns a number of relevant papers. (That is, my question did not include relevant key words.)

My interest is in a ciphertext-only attack on homophonic ciphers or syllabic ciphers, which are the most common ciphers in the early modern period. Although I have not found a work on neural network approach on these, two (also cited by Closa (2023) mentioned in the previous post) are interesting in dealing with ciphertext-only attack on the Caesar (shift) cipher, the Vigenere cipher, and (monoalphabetic) substitution cipher.

Focardi et al. (2018) claims to be the first to provide a ciphertext-only attack on substitution ciphers based on neural networks (Abstract). It assumes a weakness of the cipher is given and the neural network exploits it.
(i) In the case of the Caesar cipher (a.k.a. the shift cipher), the key is a single number (e.g., up to 26). The frequencies of symbols generally reflects the frequency of letters (e.g. of English-language text). Thus, a neural network is trained to predict a key from the frequencies. The trained neural network can "recognize" the key without actually trying shifts to see whether readable text is obtained.
(ii) For the Vigenere cipher, a key length (m) is assumed and the Caesar classifier is applied to subtexts composed of symbols taken from the ciphertext at distance m. This is like a conventional method by using brute force but employs the Caesar classifier from (i).
(iii) For general (monoalphabetic) substitution ciphers, an overall framework is similar to conventional hill climbing. Starting from a random key, a "goodness" value is computed. After changing the key a little bit, the "goodness" value is computed again. If it has improved, the change is kept; otherwise the change is discarded. By iteration, the key is improved step by step. Again, the authors' method does not need to actually try intermediate keys to see whether a plausible plaintext is obtained. Instead, a neural network is trained with 3-grams of both plaintexts and ciphertexts. Although they "have no guratantees that this will provide a good classifier which is able to tell 'how' similar is a text to a plaintext and, consequently, how good is a key, but experimental results have confirmed that the method is effective." It will be interesting to see whether this works for homophonic ciphers or syllable ciphers.

Ahmadzadeh et al. (2021) seems to achieve what I thought impossible: training with plaintext/ciphertext pairs (Table 4) allows deciphering a ciphertext with an unknown key. The decryption function is learned "regardless of the cipher complexity or key length" (IV D). While experiments were done with Caesar, Vigenere, and (monoalphabetic) substitution, the authors consider their approach "has the potential to crack modern ciphers" (IV H).
To learn the decryption function from the plaintext/ciphertext pairs, they used an attention-based LSTM encoder-decoder model (Fig. 3). To quickly recall the terminology, a class of neural networks that can have "memory" is a recurrent neural network (RNN). A class of RNN that solves its problem (vanishing gradients in deep networks: "A small gradient value does not contribute very much to learning") is LSTM. A problem with LSTM ("a lengthy input sequence causes LSTM to forget important information along the sequence") is solved by an attention mechanism, which allows "dynamically highlighting important features of the input data" (III A).
As a prerequisite, they assume the ciphertext has "punctuation" and can be readily parsed into words (Fig. 4). It will be interesting to see whether their work can be generalized to ciphertext without punctuation.

References:
Riccardo Focardi and Flaminia L. Luccio (2018), "Neural Cryptanalysis of Classical Ciphers", Italian Conference on Theoretical Computer Science (ICTCS 2018), Urbino, Italy, September 18-20, 2018 (CEUR-WS.org).
Ezat Ahmadzadeh, Hyunil Kim, Ongee Jeong, and Inkyu Moon (2021), "A Novel Dynamic Attack on Classical Ciphers Using an Attention-Based LSTM Encoder-Decoder Model", IEEE Access, 2021, vol.9, pp.60960-60970, DOI: 10.1109,ACCESS.2021.3074268 (IEEE Xplore)

No comments:

Post a Comment