About AICrypt

Recently, the synergy between artificial intelligence (AI) and security has gained increasing prominence and significance. This evolution naturally arises from the need to enhance security with greater efficiency. Among the many areas of security benefiting from AI's integration, cryptography stands as a notable field. We are already witnessing the application of AI techniques to address several problems in cryptography, such as enhancing defenses against implementation attacks and hardware Trojans, and investigating attacks on Physical Unclonable Functions (PUFs). Beyond AI's contributions to cryptography, it is also possible to identify the use of cryptography to solve security and privacy issues in AI systems as an emerging and pivotal subject. The mounting frequency of AI system attacks urges us to explore potential research avenues involving cryptographic strategies to counteract these threats. Our objective is to convene experts from both academic and industrial backgrounds, each contributing to diverse facets of cryptography and AI, to facilitate knowledge exchange and foster collaborative efforts. Of particular interest is the exploration of the transferability of techniques across different cryptographic applications and the strengthening of AI security mechanisms. Furthermore, we will delve into recent developments, including those stemming from previous AICrypt events, to provide insights into the evolving landscape of this field.

Download the Call for Papers

Topics of Interest

Authors interested to give a contributed talk in this workshop are invited to submit an extended abstract of at most 2 pages (excluding references) using Easychair.

The topics of the workshop encompass all aspects concerning the intersection of AI and cryptography, including but not limited to:

  • - Deep learning-based cryptanalysis (e.g., neural distinguishers)
  • - Explainability and interpretability of AI models for cryptanalysis
  • - Deep learning techniques for Side-Channel Analysis
  • - AI-assisted design of cryptographic primitives and protocols
  • - AI-driven attacks on cryptographic protocols
  • - Cryptographic countermeasures for security and privacy of AI systems

Submission

We encourage researchers working on all aspects of AI and cryptography to take the opportunity and use AICrypt to share their work and participate in discussions. The authors are invited to submit an extended abstract using the EasyChair submission system.

Submitted abstracts for contributed talks will be reviewed by the workshop organizers for suitability and interest to the AICrypt audience. There are no formal proceedings published in this workshop, thus authors can submit extended abstracts related to works submitted or recently published in other venues, or work in progress that they plan to submit elsewhere.

The authors of accepted papers will be invited to submit an extended version of paper to appear (after a new round of reviewing) in a post-proceedings volume to be published by Springer.

Every accepted submission must have at least one author registered for the workshop. All submitted abstracts must follow the original LNCS format with a page limit of up to 2 pages (excluding references). The abstracts should be submitted electronically in PDF format.

Important dates (AoE)

EXTENDED submission deadline!

Abstract submission deadline: APR 15, 2024

previously APR 5, 2024

Notification to authors: APR 19, 2024

Workshop date: May 26, 2024

IACR LNCS

Registration

Workshop registration goes through the Eurocrypt registration process. Check this page for further information.

Keynotes

Bart Preneel

COSIC, KU Leuven, Belgium

Facial Misrecognition Systems

Adi Shamir

Weizmann Institute of Science, Rehovot, Israel

In this talk I will describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization). These backdoors force the system to err only on specific persons which are preselected by the attacker. For example, we show how such a backdoored system can take any two images of a particular person and decide that they represent different persons (an anonymity attack), or take any two images of a particular pair of persons and decide that they represent the same person (a confusion attack), with almost no effect on the correctness of its decisions for other persons. Uniquely, we show that multiple backdoors can be independently installed by multiple attackers who may not be aware of each other's existence with almost no interference.
Joint work with Irad Zehavi and Roee Nitzan.

Adi Shamir is an Israeli cryptographer and inventor. He is a co-inventor of the Rivest–Shamir–Adleman (RSA) algorithm (along with Ron Rivest and Len Adleman), a co-inventor of the Feige–Fiat–Shamir identification scheme (along with Uriel Feige and Amos Fiat), one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer science. In 2002, he won the Turing Award, together with Rivest and Adleman, in recognition of his contributions to cryptography. He now works at the faculty of Mathematics and Computer Science at the Weizmann Institute of Science.

Moti Yung

Google & Columbia University, New York, USA

Accepted Abstracts

Provable Learnability Assessment of PUFs in Pre-silicon Phase

Durba Chatterjee

PrivaTree: Private Decision Tree Evaluation by means of Homomorphic Encryption

Marina Checri, Aymen Boudguiga, Jean-Paul Bultel, Olive Chakraborty, Pierre-Emmanuel Clet and Renaud Sirdey

5 Years of Neural Distinguishers

David Gerault and Anna Hambitzer

Efficient Verification Framework for Large-Scale Machine Learning Models

Artem Grigor, Anton Kravchenko and Georg Wiese

The more, the merrier? A step-by-step inter-device analysis for transfer learning side-channel attacks

Lizzy Grootjen, Zhuoran Liu and Ileana Buhan

Non-Interactive Secure Aggregation and its Applications to Federated Learning

Harish Karthikeyan and Antigoni Polychroniadou

Exploring DNN Weights Extraction via Deep Learning Physical Side-Channel Analysis

Dirk Lauret and Zhuoran Liu

Homomorphic WiSARDs: Efficient Weightless Neural Network training over encrypted data

Leonardo Neumann, Antonio Guimarães, Diego F. Aranha and Edson Borin

Ensuring Privacy and Robustness in Computation of Machine Learning Algorithms

Chrysa Oikonomou and Katerina Sotiraki

Encrypted Image Classification with Low Memory Footprint using Fully Homomorphic Encryption

Lorenzo Rovida and Alberto Leporati

Program

TBA

Organizers

Stjepan Picek

Associate Professor

Radboud University

Lejla Batina

Full Professor

Radboud University

Luca Mariot

Assistant Professor

University of Twente

Send an inquiry

stjepan.picek@ru.nl lejla@cs.ru.nl l.mariot@utwente.nl