敌手能力有限时基于生成对抗网络的保密增强

doi:10.3778/j.issn.1673-9418.2006073

摘要/Abstract

摘要：

保密增强是指通信双方在共享一个部分保密的串S且敌手只知道该串的部分信息的情况下，通过在公共信道上进行协商来提取一个更短的但是保密度更高的串[S]，使敌手得知关于[S]的信息几乎可以忽略。近期人们使用生成对抗网络（GANs）实现了存在敌手的安全通信。主要研究了敌手能力有限时，利用生成对抗网络实现保密增强的问题。首先提出了保密增强的实现场景，通信双方利用交流信息产生密钥，敌手监听交流信息。然后参考Abadi等人的基本加密通信模型中的神经网络结构，设计了保密增强的通信模型。实验测试了在敌手获知部分信息或敌手计算能力较弱时的保密增强通信。经过修改激活函数和过滤器，以及增加模型复杂度，最终结果表明，在敌手获知70%的通信信息时，或者通信方比敌手模型复杂时，通信双方均能协商出一个安全的密钥，完成保密增强的功能。

关键词: 保密增强, 生成对抗网络（GANs）, 全连接网络, 激活函数

Abstract:

Privacy amplification means that the communication parties extract a shorter but highly confidential string [S] by negotiating on the public channel while sharing a partially confidential string S. Enemy only knows part of the information of the string S and the information that it knows about [S] is almost negligible. Recently, people use the generative adversarial networks (GANs) to realize the secure communication with the present of the adversary. This paper proposes to use the generative adversarial network to achieve a privacy amplification scheme when the adversary ability is limited. First, this paper proposes a privacy amplification implementation scenario. The two parties use the conversation information to generate identical keys, and the adversary listens to the conversation information. Then, with reference to the neural network structure in the basic encrypted communication model of Abadi et al., a privacy amplified communication model is built. The experiment tests the privacy amplified communication when the enemy knows part of the information or the opponent's computing power is weak. By modifying the activation function, increasing the complexity of the model and modifying the filter of convolutional neural network, the final results show that when the adversary gets 70% of the communication information, or when the communicator is more complex than the adversary model, both parties can negotiate a secure key to complete the function of security enhancement.

Key words: privacy amplification, generative adversarial networks (GANs), fully connected neural networks, activ-ation functions

李西明, 吴嘉润, 吴少乾. 敌手能力有限时基于生成对抗网络的保密增强[J]. 计算机科学与探索, 2021, 15(7): 1220-1226.

LI Ximing, WU Jiarun, WU Shaoqian. GANs Based Privacy Amplification Against Bounded Adversaries[J]. Journal of Frontiers of Computer Science and Technology, 2021, 15(7): 1220-1226.

参考文献

[1] BENNETT C H, BRASSARD G, ROBERT J M. Privacy amplification by public discussion[J]. SIAM Journal on Com-puting, 1988, 17(2): 210-229.
[2] BENNETT C H, BRASSARD G, CRéPEAU C, et al. Gen-eralized privacy amplification[J]. IEEE Transactions on In-formation Theory, 1995, 41(6): 1915-1923.
[3] DOLEV S, KORACH E, LI X M, et al. Magnifying comput-ing gaps: establishing encrypted communication over unidi-rectional channels[J]. Theoretical Computer Science, 2016, 636: 17-26.
[4] DOLEV S, FANDINA N, LI X M. Nested Merkle??s puzzles against sampling attacks[C]//LNCS 7763: Proceedings of the 8th International Conference on Information Security and Cryptology, Beijing, Nov 28-30, 2012. Berlin, Heidelberg: Springer, 2012: 157-174.
[5] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial networks[C]//Proceedings of the Adv-ances in Neural Information Processing Systems 2014. Cam-bridge: MIT Press, 2014: 2672-2680.
[6] WU J J, ZHANG C L, XUE T F, et al. Learning a probabi-listic latent space of object shapes via 3D generative-advers-arial modeling[C]//Proceedings of the Annual Conference on Neural Information Processing Systems 2016, Barcelona, Dec 5-10, 2016. Cambridge: MIT Press, 2016: 82-90.
[7] ANTIPOV G, BACCOUCHE M, DUGELAY J L. Face ag-ing with conditional generative adversarial networks[C]//Proceedings of the 2017 IEEE International Conference on Image Processing, Beijing, Sep 17-20, 2017. Piscataway: IEEE, 2017: 2089-2093.
[8] XU X H, HUANG J L, WAN J, et al. An integrated method for text information retrieval[C]//Proceedings of the 2008 4th International Conference on Semantics, Knowledge and Grid. Piscataway: IEEE, 2008: 400-403.
[9] HU Z T, YANG Z C, LIANG X D, et al. Toward controlled generation of text[C]//Proceedings of the 34th International Conference on Machine Learning, Sydney, Aug 6-11, 2017: 1587-1596.
[10] ABADI M, ANDERSEN D G. Learning to protect communi-cations with adversarial neural cryptography[J]. arXiv:1610. 06918, 2016.
[11] LI X M, WU J R, WU S Q, et al. Study on fuzzy key encryp-tion based on GAN[J]. Application Research of Computers, 2020, 37(6): 1779-1781.
李西明, 吴嘉润, 吴少乾, 等. 基于生成对抗网络的模糊密钥加密通信研究[J]. 计算机应用研究, 2020, 37(6): 1779-1781.
[12] LI X M, WU J R, WU S Q, et al. Key resilient encryption algorithm based on generative adversarial networks[J]. Com-puter Engineering and Applications, 2020, 56(10): 69-74.
李西明, 吴嘉润, 吴少乾, 等. 基于生成对抗网络的抗泄露加密算法研究[J]. 计算机工程与应用, 2020, 56(10): 69-74.
[13] GOMEZ A N, HUANG S, ZHANG I, et al. Unsupervised cipher cracking using discrete GANs[J]. arXiv:1801.04883v1, 2018.
[14] CIPHER A D, BRIAN J W. Cryptanalysis of shift stream gen-erated stream cipher systems-book review[J]. Cryptologia, 1984, 8(4): 360-363.
[15] SUCHITA D, FABIO D T, MARK S. Vigenère scores for malware detection[J]. Computer Virology and Hacking Te-chniques, 2018, 14(2): 157-165.
[16] XU B, HUANG R T, LI M. Revise saturated activation fun-ctions[J]. arXiv:1602.05980, 2016.