近年来，随着信息化数字化的迅猛发展，加速构建安全可防护的信息安全环境已 然成为人类社会发展的必然要求。作为信息安全的关键和基础，密码学在维护信息安 全的过程中有着重要的意义。但是随着信息计算能力的提升以及量子计算机的出现， 原有的密码算法亟需进一步的发展。与此同时，随着深度学习的提出，研究者们发现 神经网络的高度非线性与联想记忆等特性与密码学的设计原则有极大的相似性。因而， 对密码学和神经网络的交叉领域的研究是必要的。 本文通过总结近几年密码学和神经网络交叉领域的研究现状发现，其成果主要可 以分为两个方面：一是利用密码学保护神经网络的模型及隐私信息，二是将神经网络 应用于密码算法的设计与分析。针对这两个方面，本文分别进行了以下工作： 第一，改进了用以保护用于机器学习的图像隐私信息的光学同态方案 key-nets。 2020 年，在 BMVC 会议上 BYRNE 等人提出了第一个光学同态加密方案 key-nets， 用以保护用于机器学习的图像的隐私信息。但是本文在视觉传感器被非法获得的情况 下，通过求解线性方程组得到了 key-nets 方案中用于加密图像的密钥。鉴于该方案中 存在的这一安全隐患以及机器学习模型训练的困难性，本文借助 Diffie-Hellman 密钥 交换协议，提出了一种在不改变原机器学习模型即卷积网络结构的条件下，每次加密 都可以使用不同的广义随机矩阵的同态加密方案，进而在提高了 key-nets 的加密密钥 的安全性的同时，也提高了与视觉传感器相匹配的卷积网络的安全性。通过对方案的 可行性、隐私参数以及前向安全性、后向安全性等方面的分析，证明了改进后的方案 即使在攻击者非法获得视觉传感器的情况下，图片信息仍能够被保护。 第二，利用神经网络对流密码算法 Grain-v1 设计了一个差分区分器。流密码算法 Grain-v1 作为 eSTREAM 计划最终胜出的算法之一，近十几年来一直被广泛研究。本 文借鉴 2019 年美密会上 GOHR 提出的针对分组密码 Speck 的差分区分器，对流密码 Grain-v1 设计了一个神经网络差分区分器。与已有的传统差分区分器相比，本文成功 攻击的轮数远高于已有传统差分区分器的最高轮数 116 轮，区分效果良好。进一步的 实验结果表明，该神经差分区分器在训练过程中不单学习到了密码算法的差分分布特 征，还学习到了一些传统差分区分器不曾学习到的密码特性。

In recent years, with the rapid development of informatization and digitalization, accelerating the construction of a secure and protectable information security environment has become an inevitable requirement for the development of human society. As the key and foundation of information security, cryptography has important significance in the process of maintaining information security. However, with the improvement of information computing power and the emergence of quantum computers, the original cryptographic algorithms urgently need to be further developed. At the same time, with the introduction of deep learning, researchers have found that the nonlinear and high-speed parallelism of neural networks are very similar to the design principles of cryptography. Therefore, the study of the intersection of cryptography and neural networks is necessary. By summarizing the research status of the intersection of cryptography and neural network in recent years, this thesis finds that the results can be divided into two aspects: one is the application of neural network in the design and analysis of cryptography algorithm, the other is the use of cryptography to protect the model of neural network and privacy information. In view of these two aspects, the following work is carried out in this thesis: Firstly, an optical homomorphism scheme key-nets for protecting image privacy information for machine learning is improved. In 2020, key-nets, as the first optical homomorphic encryption scheme, is used to protect the privacy of images used for machine learning. However, in the case of the vision sensor being obtained illegally, the author obtained the key used to encrypt the image in the key-nets scheme by solving the system of linear equations. In view of the security risks in this scheme and the difficulty of machine learning model training, this thesis proposes a homomorphic encryption scheme that can use different generalized random matrices for each encryption without changing the original convolutional network structure, and further use the Diffie-Hellman key exchange protocol, which improves the security of the encryption key-nets and also improves the security of the convolutional network matching the vision sensor. Through the analysis of the feasibility of the scheme, privacy parameters, forward security, backward security, etc., it is proved that the improved scheme can still protect the image information even if the attacker illegally obtains the visual sensor.  Secondly, a difference distinguisher is designed for the stream cipher algorithm Grain-v1 using neural networks. The stream cipher algorithm Grain-v1, one of the final winning algorithms of the eSTREAM project, has been widely studied in the last decade or so. In this thesis, we design a neural network differential distinguisher for the stream cipher Grain-v1, drawing on the differential distinguisher for the group cipher Speck proposed by GOHR at CRYPTO 2019. Compared with the existing traditional differential distinguisher, the number of rounds successfully attacked in this thesis is much higher than the maximum number of 116 rounds of the existing traditional differential distinguisher, and the distinguishing effect is good. Further experimental results showed that the neural distinguisher not only used the differential distribution features of the cipher, but also learned some cipher features that pure difference to distinguish has not learned.

[1] HINTON G E, SALAKHUTDINOV R R. Reducing the Dimensionality of Data with Neural Networks[J]. science, 2006, 313(5786): 504-507.
[2] SI J, LI G, CHENG Y, et al. Hierarchical Temperature Imaging Using Pseudo-Inversed Convolutional Neural Network Aided TDLAS Tomography[J]. IEEE Transactions on Instrumentation and Measurement, 2021, 70: 1-11.
[3] WANG Y, CHEN J, ZHOU Y, et al. A Multichannel Fusion Convolutional Neural Network Based on Scattering Mechanism for PolSAR Image Classification[J]. IEEE Geoscience and Remote Sensing Letters, 2021, 19: 1-5.
[4] HUANG Y, QIAO X, REN P, et al. A Lightweight Collaborative Deep Neural Network for the Mobile Web in Edge Cloud[J]. IEEE Transactions on Mobile Computing, 2021, 21: 2289-2305.
[5] NANDY S, ADHIKARI M, KHAN M A, et al. An Intrusion Detection Mechanism for Secured IoMT framework based on Swarm-Neural Network[J]. IEEE Journal of Biomedical and Health Informatics, 2021, 26: 1969-1976.
[6] WANG J, CHENG L-M, SU T. Multivariate Cryptography Based on Clipped Hopfield Neural Network[J]. IEEE Transactions on Neural Networks and Learning Systems, 2018, 29(2): 353–363.
[7] NARAD S K, SAYANKAR M R, ALONE S V, et al. Secret Sharing Scheme for Group Authentication—A Review[C]// In: Proceedings of 2017 International Conference of Electronics, Communication and aerospace Technology (ICECA). Piscataway: IEEE, 2017: 12-16.
[8] ARVANDI M, WU S, SADEGHIAN A. On the Use of Recurrent Neural Networks to Design Dymmetric Ciphers[J].IEEE Computational Intelligence Magazine, 2008, 3(2): 42-53.
[9] LIAN S. A Block Cipher Based on Chaotic Neural Networks[J]. Neurocomputing, 2009, 72(4-6): 1296-1301.
[10] SAGAR V, KUMAR K. A Symmetric Key Cryptography Using Genetic Algorithm and Error Back Propagationneural Network[C]// In: Proceedings of 2015 2nd International Conference on Computing for Sustainable Global Development. Piscataway: IEEE, 2015: 1386-1391.
[11] LI Y T, DENG S J, XIAO D. A Novel Hash Algorithm Construction Based on Chaotic Neural Network[J]. Neural Computing & Applications, 2011, 20(1):133-141.
[12] TURCANIK M. Using Recurrent Neural Network for Hash Function Generation[C]// In: Proceedings of 2017 International Conference on Applied Electronics (AE). Piscataway: IEEE, 2017: 253-256.
[13] ABDOUN N, El ASSAD S, DEFORGES O, et al. Design and Security Analysis of Two Robust Keyed Hash Functions Based on Chaotic Neural Networks[J]. Journal of Ambient Intelligence and Humanized Computing, 2020, 11(5): 2137-2161.
[14] LIU L, ZHANG L, JIANG D, et al. A Simultaneous Scrambling and Diffusion Color Image Encryption Algorithm Based on Hopfield Chaotic Neural Network. IEEE Access, 2019, 7: 185796-185810.
[15] FADIL T A, YAAKOB S N, AHMAD B. A Hybrid Chaos and Neural Network Cipher Encryption Algorithm for Compressed Video Signal Transmission over Wireless Channel[C]// 2014 2nd International Conference on Electronic Design (ICED). Piscataway: IEEE, 2014: 64-68.
[16] WANG H, LURSINSAP C. Neural Cryptosystem for Textual Message with Plasticity and Secret Dimensions[C]// 2021 18th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). Piscataway: IEEE, 2021: 27-30.
[17] SHARMA A, SHARMA D. Big Data Protection via Neural and Quantum Cryptography[C]// 2016 3rd International Conference on Computing for Sustainable Global Development (INDIA Com). Piscataway: IEEE, 2016: 3701-3704.
[18] KIMURA H, ISOBE T, OHIGASHI T. Neural-Network-Based Pseudo-Random Number Generator Evaluation Tool for Stream Ciphers[C]// 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW). Piscataway: IEEE, 2019: 333-338.
[19] JIN J, KIM K. 3D cube algorithm for the Key Generation Method: Applying Deep Neural Network Learning-Based[J]. IEEE Access, 2020, 8: 33689-33702.
[20] DONG T, HUANG T. Neural Cryptography Based on Complex-Valued Neural Network[J]. IEEE Transactions on Neural Networks and Learning Systems, 2020, 31(11): 4999-5004.
[21] JEONG S, PARK C, HONG D, et al. Neural Cryptography Based on Generalized Tree Parity Machine for Real-Life Systems[J]. Security and communication networks, 2021, 2021: 1-12.
[22] ANTONIK P, GULINA M, PAUWELS J, et al. Spying on Chaos-Based Cryptosystems with Reservoir Computing[C]// In: Proceedings of International Joint Conference on Neural Networks (IJCNN). Piscataway: IEEE, 2018: 1-7.
[23] KHAN A N, FAN M Y, MALIK A, et al. Cryptanalyzing Merkle-Hellman Public Key Cryptosystem with Artificial Neural Networks[C]// 2019 IEEE 5th International Conference for Convergence in Technology (I2CT). Piscataway: IEEE, 2019: 1-7.
[24] OUN A, NIAMAT M. Defense Mechanism Vulnerability Analysis of Ring Oscillator Pufs Against Neural Network Modeling Attacks Using the Dragonfly Algorithm[C]// 2020 IEEE International Conference on Electro Information Technology (EIT). Piscataway: IEEE, 2020: 378-382.
[25] GOHR A. Improving Attacks on Round-Reduced Speck32/64 Using Deep Learning[C]//Advances in Cryptology–CRYPTO 2019: 39th Annual International Cryptology Conference. Berlin: Springer, 2019: 150-179.
[26] JAIN A, KOHLI V, MISHRA G. Deep Learning Based Differential Distinguisher for Lightweight Cipher PRESENT[J]. Cryptology ePrint Archive, 2020.
[27] BENAMIRA A, GERAULT D, PEYRIN T, et al. A Deeper Look at Machine Learning-Based Cryptanalysis[C]// Advances in Cryptology–EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2021: 805-835.
[28] 段明, 付超辉, 魏强等. 基于深度学习的多差分神经网络区分器及其应用[J]. 信息工程大学学报, 2021, 22(03): 347-350.
[29] 付超辉, 段明, 魏强等. 基于深度学习的多面体差分攻击及其应用[J]. 密码学报, 2021,8(04): 591-600.
[30] BAKSI A. Machine Learning-Assisted Differential Distinguishers for Lightweight Ciphers[J]. Classical and Physical Security of Symmetric Key Cryptographic Algorithms, 2022: 141-162.
[31] MUGUNTHAN V, POLYCHRONIADOU A, BYRD D, et al. SMPAI: Secure Multi-Party
Computation for Federated Learning[C]// Proceedings of the NeurIPS 2019 Workshop on Robust AI in Financial Services. 2019.
[32] KNOTT B, VENKATARAMAN S, HANNUN A, et al. Crypten: Secure Multi-Party Computation Meets Machine Learning[J]. Advances in Neural Information Processing Systems, 2021, 34: 4961-4973.
[33] WAGH S, TOPLE S, BENHAMOUDA F, et al. FALCON: Honest-Majority Maliciously Secure Framework for Private Deep Learning[J]. Proceedings on Privacy Enhancing Technologies, 2021, 2021(1): 188-208.
[34] WAGH S, GUPTA D, CHANDRAN N. SecureNN: Efficient and Private Neural Network Training[J]. Cryptology ePrint Archive, 2018.
[35] MOHASSEL P, RINDAL P. ABY3: A mixed protocol framework for Machine Learning[C]//Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. 2018: 35-52.
[36] ORLANDI C , PIVA A , BAMI M . Oblivious Neural Network Computing via Homomorphic Encryption[J]. EURASIP Journal on Information Security, 2008, 2007(1):1-11.
[37] GILAD-BACHRACH R, DOWLIN N, LAINE K, et al. Cryptonets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy[C]// International Conference on Machine Learning. New York: PMLR, 2016: 201-210.
[38] LIU J, JUUTI M, LU Y, et al. Oblivious Neural Network Predictions via Minionn Transformations[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 619-631.
[39] 朱强. 机器学习中的对抗样本防御和隐私保护[D]. 西安: 西安电子科技大学, 2019: 31-40.
[40] AI BADAWI B A, JIN C, LIN J, et al. Towards the Alexnet Moment for Homomorphic Encryption: Hcnn, the First Homomorphic CNN on Encrypted Data with Gpus[J]. IEEE Transactions on Emerging Topics in Computing, 2020, 9(3): 1330-1343.
[41] NI H, HAN Y L, DUAN X W, et al. An Improved LeNet-5 Model Based on Encrypted Data[C]//International Conference of Pioneering Computer Scientists, Engineers and Educators. Berlin: Springer, 2021: 166-178.
[42] FANG H K, QAIN Q. Privacy Preserving Machine Learning with Homomorphic Encryption and Federated Learning[J]. Future Internet, 2021, 13(4): 1-20.
[43] CARLINI N, JAGIELSKI M, MIRONOV I. Cryptanalytic extraction of Neural Network Models[C]// Advances in Cryptology–CRYPTO 2020: 40th Annual International Cryptology Conference. Berlin: Springer, 2020: 189-218.
[44] BOEMER F, CAMMAROTA R, DEMMLER D, et al. MP2ML: A Mixed-Protocol Machine Learning Framework for Private Inference[C]// Proceedings of the 15th International Conference on Availability, Reliability and Security. 2020: 1-10.
[45] BOEMER F, COSTACHE A, CAMMAROTA R, et al. nGraph-HE2: A High-Throughput
Framework for Neural Network Inference on Encrypted Data[C]// Proceedings of the 7th ACM Workshop on Encrypted Computing & Applied Homomorphic Cryptography. 2019: 45-56.
[46] DEMMLER D, SCHNEIDER T, ZOHNER M. ABY-A framework for Efficient Mixed-Protocol Secure Two-Party Computation[C]//NDSS. 2015.
[47] KUMAR N, RATHEE M, CHANDRAN N, et al. Cryptflow: Secure tensorflow inference[C]//2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020: 336-353.
[48] MCCULLOCH W S, PITTS W. A Logical Calculus of the Ideas Immanent in Nervous Activity[J]. The bulletin of mathematical biophysics, 1943, 5: 115-133.
[49] ROSENBLATT F. The Perceptron: A Probabilistic Model for Information Storage and Organization in the Brain[J]. Psychological review, 1958, 65(6): 386.
[50] RUMELHART D E, HINTON G, WILLIAMS R J. Learning Representations by BackPropagating Errors[J]. Nature, 1986, 323(6088): 533-536.
[51] HINTON G E, OSINDERO S, TEH Y. A Fast Learning Algorithm for Deep Belief Nets[J]. Neural Computation, 2006, 18: 1527-1554.
[52] RIVEST R L, ADLEMAN L, DERTOUZOS M L. On Data Banks and Privacy
Homomorphisms[J]. Foundations of secure computation, 1978, 4(11): 169-180.
[53] BYRNE J, DECANN B, BLOOM S. Key-Nets: Optical Transformation Convolutional Networks for Privacy Preserving Vision Sensors [J/OL]. [2020-08-11]. https://arxiv.org/abs/2008.04469.
[54] WANG Z, BOVIK A C, SHEIKH H R, et al. Image Quality Assessment: From Error Visibility to Structural Similarity[J]. IEEE Transactions on Image Processing, 2004, 13(4):600-612.
[55] ANDERSIN R. Two Remarks on Public Key Cryptology(2021)[EB/OL]. [2021-09-17]. http://www. cl. cam. ac. uk/users/rja14.
[56] ZUO C, SUN S F, LIU J K, et al. Dynamic Searchable Symmetric Encryption with Forward and Stronger Backward Privacy[C]//European Symposium on Research in Computer Security. Berlin: Springer, 2019: 283-303.
[57] VAVASIS S A. On the Complexity of Nonnegative Matrix Factorization[J]. SIAM Journal on Optimization, 2010, 20(3): 1364-1377.
[58] Hell M, Johansson T, Maximov A, et al. The Grain family of stream ciphers[J]. New stream cipher designs: The eSTREAM finalists, 2008: 179-190.
[59] SIDDHANTI A, SARKAR S, MAITRA S, et al. Differential Fault Attack on Grain v1, ACORN v3 and Lizard[C]//Security, Privacy, and Applied Cryptography Engineering: 7th International
Conference. Berlin: Springer, 2017: 247-263.
[60] TODO Y, ISOBE T, MEIER W, et al. Fast Correlation Attack Revisited: Cryptanalysis on Full Grain-128a, Grain-128, and Grain-v1[C]//Advances in Cryptology–CRYPTO 2018: 38th Annual International Cryptology Conference. Berlin: Springer, 2018: 129-159.
[61] KNELLWOLF S, MEIER W, NAYA-PLASENCIA M. Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems[C]// Advances in Cryptology-ASIACRYPT 2010: 16th International Conference on the Theory and Application of Cryptology and Information Security.Berlin: Springer, 2010: 130-145.
[62] BANIK S. Some Insights into Differential Cryptanalysis of Grain v1[C]// Information Security and Privacy: 19th Australasian Conference, ACISP 2014. Berlin: Springer, 2014: 34-49.
[63] SARKAR S. A New Distinguisher on Grain v1 for 106 Rounds[C]// Information Systems Security: 11th International Conference, ICISS 2015. Berlin: Springer, 2015: 334-344.
[64] MA Z, TIAN T, QI W F. Improved Conditional Differential Attacks on Grain v1[J]. IET Information Security, 2017, 11(1): 46-53.
[65] 马蓁. Grain 型序列密码算法的分析方法研究[D]. 战略支援部队信息工程大学, 2018.
[66] DALAI D K, MAITRA S, PAL S, et al. Distinguisher and Non‐Randomness of Grain‐v1 for 112, 114 and 116 Initialisation Rounds with Multiple-Bit Difference in IVs[J]. IET Information Security, 2019, 13(6): 603-613.