[Resource Topic] 2023/1526: Polynomial Time Cryptanalytic Extraction of Neural Network Models

Welcome to the resource topic for 2023/1526

Title:
Polynomial Time Cryptanalytic Extraction of Neural Network Models

Authors: Adi Shamir, Isaac Canales-Martinez, Anna Hambitzer, Jorge Chavez-Saab, Francisco Rodrigez-Henriquez, Nitin Satpute

Abstract:

Billions of dollars and countless GPU hours are currently
spent on training Deep Neural Networks (DNNs) for a variety of tasks.
Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box
implementations. Many versions of this problem have been studied over
the last 30 years, and the best current attack on ReLU-based deep neural
networks was presented at Crypto’20 by Carlini, Jagielski, and Mironov.
It resembles a differential chosen plaintext attack on a cryptosystem,
which has a secret key embedded in its black-box implementation and
requires a polynomial number of queries but an exponential amount of
time (as a function of the number of neurons).
In this paper, we improve this attack by developing several new techniques that enable us to extract with arbitrarily high precision all the
real-valued parameters of a ReLU-based DNN using a polynomial number of queries and a polynomial amount of time. We demonstrate its
practical efficiency by applying it to a full-sized neural network for classifying the CIFAR10 dataset, which has 3072 inputs, 8 hidden layers with
256 neurons each, and about 1.2 million neuronal parameters. An attack
following the approach by Carlini et al. requires an exhaustive search
over 2256 possibilities. Our attack replaces this with our new techniques,
which require only 30 minutes on a 256-core computer.

ePrint: https://eprint.iacr.org/2023/1526

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .