Category Archive: Cryptography

Jan 30 2017

Neural Networks learning security

In October 2016, Martin Abadi and David Andersen, two Google researchers, published a paper that made the highlights of the newspapers. The title was “Learning to protection communications with adversarial Neural Cryptography.” The newspapers announced that two neural networks learnt autonomously how to protect their communication. This statement was interesting.

As usual, many newspapers simplified the outcome of the publication. Indeed, the experiment operated under some detailed limitations that the newspaper rarely highlighted.

The first limitation is the adversarial model. Usually, in security, we expect Eve not to be able to understand the communication between Alice and Bob. The usual limitations for Eve are either she is passive, i.e., she can only listen to the communication, or she is active, i.e., she can mingle with the exchanged data. In this case, Eve is passive and Eve is a neural network trained by the experimenters. Eve is not a human or one customized piece of software. In other words, it has limited capacities.

The second limitation is the definition of success and secrecy:

  • The training of Alice and Bob to be successful requires that there is an average error rate of 0.05 bits for the reconstruction of a protected message of 16 bit. In cryptography, the reconstruction error must be null. We cannot accept any error in the decryption process.
  • The output of the neural network protected message must not look random. Usually, the randomness of the output is an expected feature of any cryptosystem.

Under these working assumptions, Alice and Bob succeeded to hide their communication from Eve after 20,000 iterations of training. Unfortunately, the paper does not explain how the neural network succeeded, and what types of mathematical methods it implemented (although the researchers modeled a symmetric like cryptosystem, i.e., Alice and Bob shared a common key). There was neither an attempt to protect a textual message and challenge cryptanalysts to break it.

Thus, it is an interesting theoretical work in the field of machine learning but most probably not useful in the field of cryptography. By the way, with the current trends in cryptography to require formal proof of security, any neural network based system would fail this formal proof step.


Abadi, Martín, and David G. Andersen. “Learning to Protect Communications with Adversarial Neural Cryptography.” arXiv, no. 1610:06918 (October 21, 2016).





Mar 02 2016

Diffie and Hellman received the ACM Turing Award

Yesterday, the Association for Computing Machinery (ACM) granted their most prestigious award the Turing award to Whitfield DIFFIE and Martin HELLMAN. If you read regularly this blog, you know probably them. In their seminal 1976 paper, they launched the foundations of asymmetric cryptography. Previously, only symmetric cryptography was known. Two years later, Rivest, Shamir and Adleman published the RSA algorithm based on these principles. Without public key cryptography, modern security would not be possible. We still use the DH protocol.

A well-deserved prize.

  • Diffie, W., and M. Hellman. “New Directions in Cryptography.” IEEE Transactions on Information Theory 22, no. 6 (1976): 644–54.
  • Rivest, R. L., A. Shamir, and L. Adleman. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.” Communications of the ACM 21, no. 2 (1978): 120–26.

Apr 27 2015

CANS 2015 submissions

The 14th International Conference on Cryptology and Network Security (CANS 2015) will be at Marrakech in December.  The submission deadline is 19 june 2015.  The topics of interest are rather broad:

  • Access Control for Networks
  • Adware, Malware, and Spyware
  • Anonymity & Pseudonymity
  • Authentication, Identification
  • Cloud Security
  • Cryptographic Algorithms & Protocols
  • Denial of Service Protection
  • Embedded System Security
  • Identity & Trust Management
  • Internet Security
  • Key Management
  • Mobile Code Security
  • Multicast Security
  • Network Security
  • Peer-to-Peer Security
  • Security Architectures
  • Security in Social Networks
  • Sensor Network Security
  • Virtual Private Networks
  • Wireless and Mobile Security

The accepted papers will be published in Springer LNCS.  It is an IACR event.

Apr 23 2014

CataCrypt 2014

In the tsunami of the catastrophic HeartBleed bug, this new IEEE workshop will be interesting.   cataCRYPT stands for “catastrophic events related to cryptography and security with their possible solutions.”

The main point is: many cryptographic protocols are only based on the security of one cryptographic algorithm (e.g. RSA) and  we don’t know the exact RSA security (including Ron Rivest). What if somebody finds a  clever and fast factoring algorithm? Well, it is indeed an hypothesis but we know several  instances of possible progress. A new fast algorithm is a possible catastroph if not handled  properly. And there are other problems with hash functions, elliptic curves, aso. Think also about the recent Heartbleed bug (April 2014, see the discovery was very late and we were close to a catastrophic situation.

So we are thinking about a regular workshop, the name is CATACRYPT, about these possible problems and their solutions. It includes problems with cryptographic algorithms, protocols, PKI, DRM, TLS-SSL, smart cards, RSA dongles, MIFARE, aso. Quantum computing, resilience and agility are also on the program.

The birth of cataCRYPT is not opportunistic.  His founder, Jean Jacques Quisquater, had launched the idea last year.  Its announcement following HeartBleed is a pure coincidence.

The paper submission deadline is 2 June 2014.   Hurry up…

The conference’s site is

Jan 08 2014

NSA spies us: what a surprise!

I twill start this new year (for which I wish you all the best) by some ranting.  Since the Snowden’s story started, I never commented.  Now I will a little bit as I start to be upset by all this hypocrisy.  Snowden shed some lights on the behavior and skillset of the NSA.   This is interesting.  But what is not acceptable, is that media seem to be surprised.  WE KNEW IT FOR YEARS.


NSA spies our electronic personal communications!  We knew it for years.  Echelon was  known in the 90s.  The new systems are just a natural evolution to new communication means and enhanced computing capacities. It was even known that the scope was larger than military/political actions.   NSA published patents about semantic analysis of natural speech.  The purpose was obvious.  I remember an initiative that asked people to generate random mails with gibberish inside but also some alleged keywords (such as terrorism, NSA,…) that should trigger the scrutiny of NSA.  The aim was to try to flood the system.


NSA is studying advanced techniques such as quantum computing to crack ciphers!  I would expect any serious governments to have their black cabinet studying this topic.  Once more, it is known that NSA may have some advances over the academic/public domain in this field.  In 1974, US banking industry asked IBM to design a commercial cipher to protect electronic banking transaction.  With the help of the NIST, IBM designed the famous DES.  End of 80s, academic world discovered a new devastating technique: differential cryptanalysis.  In 1991, Eli BIHAM and Adi SHAMIR demonstrated that surprisingly DES was immune to this ”unknown” attack (which was not the case for many other ciphers).  In 1994, Don COPPERSMITH, who was part of the DES design team, revealed that DES had been designed to resist to differential cryptanalysis.  In 1974, NSA knew already differential cryptanalysis but kept this knowledge secret as it gave a competitive edge to US secret agencies.

Secret services do not play fair democratic games!  This is why they are called secret services.  Hollywood told about that so often as well as John LE CARRE. 


So please, let us stop this hypocrite surprise: we knew about (but not the details).


E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, vol. 4, Jan. 1991, pp. 3–72 available at

D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks,” IBM Journal of Research and Development, vol. 38, 1994, pp. 243–250.

Sep 10 2013

Has NSA broken the crypto?

With the continuous flow of revelations by Snowden, there is not one day without somebody asking me if crypto is dead.  Indeed, if you read some simplifying headlines, it looks like the Internet is completely unsecure.


Last Friday, Bruce Schneier published an excellent paper in the guardian : “NSA surveillance: a guide to staying secure.”  For two weeks, he has analyzed documents provided by Snowden.   From this analysis, he drives some conclusions and provides some recommendations.  In view of the security profile of Bruce, we may trust the outcome.  I recommend the readers to read the article.

My personal highlights from this article.

  • The documents did not present any outstanding mathematical breakthrough.   Thus, algorithms such as AES are still secure.
  • To “crack” encrypted communications, NSA uses the same tools than hackers but at a level of sophistication far higher.   They have a lot of money.  The tricks used:
    • Look for used weak algorithms
    • Look for weak passwords with dictionary attacks
    • Powerful brute force attacks
  • The two most important means are:
    • Implementing back doors and weakening commercial implementations (poor random generator, poor factors in Elliptic Curve Cryptosystems (ECC), leaking keys…).   The same is true for hardware.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about.

    • Compromising the computer that will encrypt or decrypt.  If you have access to the data before it is secured, then you do not care about the strength of the encryption.

These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

His recommendations are common sense.   The most interesting one is to avoid using ECC as NSA seems to influence the choice of weak curves and constants in the curve.


His final statement

Trust the math.

is OK, but I would add “Do not trust the implementation.”  Always remember law 4: Trust No One.

Jan 02 2013

Security Newsletter 22 is available

The  Security Newsletter 22 is available. We are proud to have as guest Joan DAEMEN. Joan is one of the authors of KECCAK, the new algorithm selected by NIST to become the new official SHA-3 function. Mohamed is presenting this new hash function. SSL is the most deployed security protocol on the Internet, thus it is highly scrutinized by the community. Olivier, Christoph and Benoit have a deep dive into the latest attacks against SSL.

Hoping that you will enjoy its reading. Do not hesitate to comment.

Older posts «