Proceedings of International Joint Conference on Neural Networks, Orlando, Florida, USA, August 12-17, 2007
Chosen Plaintext Attack against Neural Network-Based Symmetric
Cipher
M. Arvandi and A. Sadeghian
Abstract In this paper the security of neural network-based
symmetric ciphers [1] is analyzed. The vulnerability of such
ciphers against chosen plaintext attacks is studied and a
possible attack is mathematically presented.
I. INTRODUCTION
N EURAL networks information-processing capabilities as
parallel distributed structure and their ability to learn
and generalize enable them to solve complex problems in
many disciplines [2]. These advantageous features have
attracted many researchers to employ neural networks in
Cryptography applications to design techniques which can
meet increasingly stringent specifications concerning the
information security.
Some of these researches are in their early stages [3]-[6]
and need intense public scrutiny before they can be used in
any important application or for transferring valuable data.
Others [7], [8] have been shown insecure by [9], [10]. A
novel neural network-based symmetric cipher proposed in
[1], which uses neural network as a parallel computing
technique for cryptography implementation. The cipher is
implemented in two steps: (i) a neural network back
propagation learning procedure is used for key extension.
The secret key is presented to the network as the training set
and the network weights and biases are initialized according
to the secret key through the supervised learning procedure.
The resulting network with the secret initial state is the
extended secret key to be later used for data encryption, and
(ii) the learning procedure is controlled by updating the
neural network weight parameters to generate the chaotic
cipher text and synchronize the weights/biases states during
bulk data encryption/decryption.
This paper briefly introduces this cipher and its security
and presents a chosen plaintext attack which can break the
security of the abovementioned cipher.
II. SYMMETRIC CIPHER AND ITS SECURITY
This section consists of two parts. The fist part describes
the cipher and the second part describes the cipher security
briefly, detailed information is available in [1].
Manuscript received January 31, 2007.
M. Arvandi is with Ryerson University, 350 Victoria St. Toronto,
Ontario M5B 2K3 Canada (e-mail: marvandi gmail.com).
A. Sadeghian is with Ryerson University, 350 Victoria St. Toronto,
Ontario M5B 2K3 Canada (corresponding author to provide phone: 416-
979-5000 ext.6961, fax: 416-979-5064; e-mail: asadeghiAryerson.ca).
1-4244-1 380-X/07/$25.00 ©2007 IEEE
A. Symmetric Cipher
This section describes the symmetric cipher structure and
its design. The design is based on real-time recurrent neural
networks (RRNN), which provides network dynamic
properties and makes the network responsive to time-varying
signals [11]. The optimized network size is determined by a
pruning method [12], which helped to design a fairly simple
architecture while maintaining an acceptable generalization
capability for the tested data. At the same time network
satisfies the confusion and diffusion properties of the cipher
(two basic techniques for obscuring the redundancies in a
plaintext message) as shown in Fig. 1.
x
i
Hidden Layer
v oD\
Confusion Diffusion
Fig. 1. Recurrent Neural Network for Cipher Design
As it is illustrated in Fig. 1, two constraints are applied to
the RRNN: (i) the dimension of the input vector X, is twice
of the output vector Y; (ii) one of the hidden layers has only
one neuron with an output denoted by . From the input
layer up to the hidden layer II, the layer with only one
neuron;, confusion is achieved. Then by applying the
simple non-linear function (sigmoid function in this case) to
the inputs, diffusion is gained. The algorithm of the cipher is
shown in Fig. 2 and it operates in two stages: key extension
and data encryption/decryption. All data represented for
decryption process in Fig. 2 is obtained from encryption
process.
1)Key Extension: Two users at the different ends of a
communication channel have an identical neural network-
based symmetric cipher similar to that in Fig. 1, and they
exchange a secret key S. The key contains: (i) the input
vector X; (ii) the training target Y; and (iii) the critical value
of the self-adaptive procedure a. The network performs
 ii) One Epoch Training. Now the neural network can be
trained for one-epoch using X1 as the input vector and M1 as
the training target. From the second and all following
plaintext blocks, the preceding time instant output
Y1 (i = 2,..., n) of the neural network is combined with the
current plaintext block M1 to yield the current input vector:

xi= (y MllMi), i= 1,2, ..., n. (2)

By repeating the two steps of encryption values for

ViandYi are generated and hence the neural network is
trained for one-epoch at a time. This encryption procedure
will result in a symmetric cipher working in the cipher block-
chaining (CBC) mode.
Text To summarize the above procedure, the ciphertext
blocks C, are constructed as follows:
Fig. 2. Algorithm structure: encryption (left) decryption (right)

training by using vectors X and Y. The training process i= F1 (Xi) (3)

enables the neural network to detect, store or even = Fc{Vi (4)
"remember" the secret key information. These parameters,
which will be kept secret, become the extended secret key
-Ei = Mi- - Y- (5)
for the subsequent encryption and decryption procedures. ST = C IV,,,E I} (6)
Encryption process takes its initial vector, MA, from the last
actual output of the network during the key extension. where ST refers to the ciphertext at the instant i, which is fed
2) Encryption: The hidden layer with only one neuron back through a zero order hold to construct the input to the
(denoted as neuron ) enables the network to decompose the network at the following time instant.
feed-forward operation, over the weight and bias matrices, 3) Decryption. The decryption procedure works similar to
into two functions. Function Fj, from the input layer to the encryption. When the symmetric cipher receives the
ciphertext C {IVi,E}}, the output is computed as
neuron ;, and function F2, from neuron $ to the output
layer, are demonstrated in Fig. 1. These functions are then
used in the encryption process that consists of two steps: (i) x= Ft (Vi) (7)
ciphertext generation; and (ii) one-epoch training.
i) Ciphertext Generation: According to the dimension of Next, the original plaintext block can be restored using
input vectors the plaintext is mapped to
vectors Mi(i= M2, M3, ... Mn }. The first
Mi = y+Ei(8) (8)
n) = {M1
vector of the message M1 is combined with the initial After the message block M1 is restored, the one-epoch
vector Mfrom the key extension procedure to build the
training step is performed using Xi = ( Y 1 Mi ) as the input
following initial input vector
vector and M1 as the training target.
X =(M0M1) (1)
The output V, of the final block can be used as the
Message Authentication Code (MAC) for the whole
where 1 denotes a vector concatenation operator. This step ciphertext. After calculating from Vi during decryption,
concatenates two (n xl) vectors, Moand M1to form a
(2nxl) vector, X1. Next by presenting X1 to the neural
Ai can be produced, and hence Xi = (Mi t ) is once again I
reconstructed. Then, VK' is computed
network, it can produce both the intermediary neuron
output VI in the hidden layer and the output of the
network,Y. The error signal is calculated asE1 =MlA-Y,.
'= 1F(X1). (9)

Finally, E1 and VI are considered as the first block of the Next, V' is compared with V to verify data integrity and
ciphertext referred to as C1 { VI, El } authentication. In general, at the end of the data
encryption/decryption stages, the Cipher Block Chaining-
Message Authentication Code (CBC-MAC) is prepared (or
examined if already exists) to ensure data integrity.
4) RRNN and Cipher Design. The RRNN (shown in Fig.
1) uses the forward dynamics equations (3) to (6) to generate
the ciphertext and the MAC. The output of the network
forward dynamics is computed as:
jE B
Y (n + 1) = (K
( wi (n)U (n) ),
i =AuB
where rp is a nonlinear activation function and the
variable wj1 represents the synaptic weight of the neuron j. In
(10), U1 (n) is the input vector to the RRNN, defined as in
[2],
U (n) X, (n) If iEA
J~(n f ileB
where A denotes the set of indices i for which Ki (n) is an
external input, and B denotes the set of indices i for which
U, (n) is the output of the neuron. Furthermore, the term
representing the argument of the linear activation function in
(10) is the neuron internal activity function Vi defined in (3).
To define the initial values for the weight wj, (0), a set of
uniformly distributed random numbers is chosen. Next, the
dynamic process for updating the network weights in real
time is defined by means of the following triple index
YE wji (n),9,, (n) + 5kklUI (n)H
,9kil (n + 1)=f(Vj (n)) -icB
where je B, k e B, I A u B, and (.) is the derivative of
the nonlinear activation function. In (12), is the
8k1
Kronecker delta, which equals to one when k =I and 0
otherwise. The triply index is initialized such that '9il (0) 0.
The index in (12) is used to update the RRNN weights as
follows
Awj(n) = i1 E. (n)19k (n)
where Awkl denotes the update to the weight wkl, and the
parameter refers to the learning rate of the network. In
(13), the error function Ej at time instant n is computed as
E1 (n) = M1 (n) - (n).
Finally, the weight Wkl is updated according to the
following
wkl(n+l) = Wkl(n) +AWkl(n). (15)
Both forward and backward dynamics vary in time to
ensure that the learning procedure of the RRNN has the
capability to detect temporal patterns of the training data.
Consequently, the cipher can prepare the MAC to maintain
(10) both the data integrity and the data authentication.
B. Security ofthe Cipher
With explosive growth and existence of a large set of
mathematical tools useful in cryptanalysis, security analysis
of any newly design cipher is very important. A complete
description of security analysis of the neural network-based
symmetric cipher can be found in [1] and here only some of
the main issues are highlighted.
In key extension stage, the weight distribution of the
(11) hidden layers relies on the knowledge of the training data
(i.e. the original secret key) along with architecture of the
network and learning algorithm [2]. Therefore, it is not
feasible for a cryptanalyst to analyze the extended key. By
changing the length of the secret key and the dimension or
the hierarchy of the hidden layers, the user can adjust the
security level accordingly. A major advantage of this cipher
is its capability to release the constraints imposed on the
length of the secret key.
The design of the cipher provides resistance against
ciphertext only attack and known ciphertext attack as well as
high security in data transfer. The ciphertext contains the
intermediary output of hidden layer (compressed image of
the plaintext) and the error (difference between the network
output and the plaintext). Without the knowledge of the
weight matrix, and output of the network, it is
(12) computationally infeasible to obtain the plaintext based only
on the ciphertext.
Also, the cipher is resistant to attacks against the MAC
and the data encryption scheme itself. In this regard, a self-
adaptive procedure (to update the network learning rate) was
introduced to maintain a satisfactory level of security for the
cipher. This procedure requires very little tuning of the
cipher parameters and can help accommodate different
applications requirements.
A simulation program in Matlab had been used to validate
the cipher [1]. Two simulation experiments were carried out
(13) to analyze the effect of the learning rate on the network,
while in the third experiment, the effect of the self-adaptive
algorithm for updating the network's learning rate was
investigated. The result showed that when the learning rate is
set to a large value, the learning procedure can be prevented
from convergence. A small mismatch between the output and
the learning target will have a dramatic effect on the weight
update process; hence will cause the forward propagation to
(14) be unstable, i.e. chaotic. This chaotic oscillation of the
learning behavior can then be generated in order to provide
the desired data security. The control of learning rate value
was achieved by the self-adaptive function of the symmetric
cipher [1].
The self-adaptive function is a necessary component to
resist possible cryptanalysis attacks. It detects the trend of
the learning procedure via monitoring the mean squared
error performance function (MSE), and then adjusts the
learning rate by a Multiplicative-Increase Gradual-Decrease
(MIGD) method. The self-adaptive procedure should be
performed at the conclusion of each epoch of training in both
the encryption and decryption procedures. Its critical value a
can guarantee that the learning procedure will not settle at a
stable point. At the same time, it helps maintain the learning
rate close to the maximum allowable value so that the
learning trajectory is closely related to the training data.
Although it has been shown that the cipher is secure and
capable of providing both high secure data encryption and
data integrity services, next section presents a chosen
plaintext attack, which can break the cipher.
III. CHOSEN PLAINTEXT ATTACK
A chosen plaintext attack is an attack in which the attacker
is capable of choosing arbitrary plaintexts, feeding them into
the cipher and analyzing the resulting ciphertexts. In this
section, a chosen plaintext attack is proposed and it is proved
mathematically that the cipher can be broken by this attack.
As it was described in section II, plaintext messages have the
form: Mi(i=1 ...n) = {M1 M2, M3, ... M } and
ciphertext blocks have the form: {C1, C2,..., Cn }, where
Cl ={ V, El }. Now the following steps can be considered
for the attack:
First Step:
Enemy selects {Ml},{M2},...{Mk} , that is a sequence of
plaintext messages. Each message contains exactly one
block. Then for j = 1,...k,
xV
V :
Y F2 (Vj)
Ej =Mj -Y
Cj {Vj,Ej}.
Then enemy computes: Yj Mj- EJ. Function F is the
second part of the neural network after the first training by
the secret key, S (X, Y, ). She has a number of equations
a on Neural Nets, vol. 2, pp. 1459-1462, 2000.
Yj =F2() j= 1,...k.
Also she knows YjI Vi, so she can organize
network which approximates F, (an equivalent neural
network), according to section II, 4) and [1], [12]-[13].
Second Step:
Consider the following sequence of plaintext messages:
{ ml, M2 },{MI1
1 M22},...{IM, M2,k }, each message contains
exactly two blocks and the first block is fixed as Ml. The
corresponding sequence of ciphertext message is given by
qC, C2,jI j =1,...,k. (22)
After the computation of C1, the neural network will be
trained for one epoch. After the encryption of the first block
(Al1 to Cl ), the functions FI and F, will change due to one
epoch training. The new functions will be F1 and F2 . Then
X2,j = (YI I M2,j) (23)
V2,j = F2 (X2,j) (24)
(25)
E2j =M2,j- Y2,j (26)
and enemy computes Y'2j from M2lj and C21j. In a similar
way like first step she can approximate F1 and F2 with
neural network's. If all the plaintext messages have Ml as the
first block (starting from Ml), then she can use F2, F1 and
F2 in order to encrypt them since she can approximate F2,
F1 and F2 with neural networks, according to [1], [12]-
[13]. Therefore she owns a substitute of the original key.
IV. CONCLUSION
It has been shown that the symmetric ciphers based on
(16) RRNN are not completely secure and can be broken by a
chosen plaintext attack.
(17)
REFERENCES
(18) [1] M. Arvandi, S. Wu, A. Sadeghian, W.W. Melek, and I. Woungang,
"Symmetric Cipher Design Using Recurrent Neural Networks", Proc.
(19) 2006 Int'l Joint Conf on Neural Nets, pp. 2039- 2046.
[2] S. Haykin, Neural Networks: a Comprehensive Foundation. 2nd ed.
(20) MacMillan College Publishing Company, 1994, ch. 6, 13.
[3] L. Yee, and C. De Silva, "Application of Multilayer Perceptron
Networks in Public Key Cryptography", Proc. 2002 Int'l Joint Conf
on Neural Nets, vol. 2, pp. 1439-1443, 2000.
[4] L. Yee, and C. De Silva, "Application of Multilayer Perceptron
Networks as a One-Way Hash Function", Proc. 2002 Int'l Joint Conf
[5] L. Yee, and C. De Silva, "Application of multilayer perceptron
networks in symmetric block ciphers", Proc. 2002 Int'l Joint Conf
(21) on Neural Nets, vol. 2, pp. 1455-1458, 2000
[6] G.C. Meletiou, D.K. Tasoulis, and M.N. Vrahatis, "A First Study of
the Neural Network Approach in the RSA Cryptosystem", 7th
a neural
 IASTED International Conference Artificial Intelligence and Soft
Computing, 2002.
[7] I. Kanter, W. Kinzel, and E. Kanter, "Secure Exchange of Information
by Synchronization of Neural Networks", Europhys., Lett. 57, 141,
2002.
[8] T. Zhou, X. Liao, and Y. Chen, "A Novel Symmetric Cryptography
Based on Chaotic Signal Generator and a Clipped Neural Network",
Proc. 2004 Int'l Symp on Neural Nets, pp. 639-644.
[9] A. Klimov, A. Mityaguine, and A. Shamir, "Analysis of Neural
Cryptography", Proc. AsiaCrypt 2002, pp. 288-298. Springer Verlag,
2002.
[10] C. Li, S. Li, X. Liao, and G. Chen, "Chosen-Plaintext Cryptanalysis of
a Clipped-Neural-Network-Based Chaotic Cipher", Proc. 2005 Int'l
Symp on Neural Nets, pp. 630-636.
[11] S. Wu, "A Block Cipher Design Using Recurrent Neural Networks,"
M. Eng. Dissertation, Dept. Elec. and Comp. Eng., Ryerson
University, Toronto, ON, Canada, 2003.
[12] A. Pincus, "Approximation Theory of the MLP Model in Neural
Networks", Acta Numerica, Cambridge Univ. Press, pp. 143-195,
1999.
[13] H. White, "Connectionist Nonparametric Regression: Multilayer
Feedforward Networks can Learn Arbitrary Mappings", Neural
Networks, vol. 2, pp. 359-366, 1989.