Cryptographic Backdoor for Neural Networks: Boon and Bane

• URL: http://arxiv.org/abs/2509.20714v1
• Date: Thu, 25 Sep 2025 03:27:46 GMT
• Title: Cryptographic Backdoor for Neural Networks: Boon and Bane
• Authors: Anh Tu Ngo, Anupam Chattopadhyay, Subhamoy Maitra,
• Abstract summary: We show that cryptographic backdoors in a neural network (NN) can be highly effective in two directions.<n>On the attack side, a carefully planted cryptographic backdoor enables powerful and invisible attack on the NN.<n>Considering the defense, we present applications: first, a provably robust NN watermarking scheme; second, a protocol for guaranteeing user authentication; and third, a protocol for tracking unauthorized sharing of the NN intellectual property (IP)
• Score: 3.276616928313739
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In this paper we show that cryptographic backdoors in a neural network (NN) can be highly effective in two directions, namely mounting the attacks as well as in presenting the defenses as well. On the attack side, a carefully planted cryptographic backdoor enables powerful and invisible attack on the NN. Considering the defense, we present applications: first, a provably robust NN watermarking scheme; second, a protocol for guaranteeing user authentication; and third, a protocol for tracking unauthorized sharing of the NN intellectual property (IP). From a broader theoretical perspective, borrowing the ideas from Goldwasser et. al. [FOCS 2022], our main contribution is to show that all these instantiated practical protocol implementations are provably robust. The protocols for watermarking, authentication and IP tracking resist an adversary with black-box access to the NN, whereas the backdoor-enabled adversarial attack is impossible to prevent under the standard assumptions. While the theoretical tools used for our attack is mostly in line with the Goldwasser et. al. ideas, the proofs related to the defense need further studies. Finally, all these protocols are implemented on state-of-the-art NN architectures with empirical results corroborating the theoretical claims. Further, one can utilize post-quantum primitives for implementing the cryptographic backdoors, laying out foundations for quantum-era applications in machine learning (ML).

Related papers

• Flashy Backdoor: Real-world Environment Backdoor Attack on SNNs with DVS Cameras [11.658496836117907]
  We present the first evaluation of backdoor attacks in real-world environments on Spiking Neural Networks (SNNs) We present three novel backdoor attack methods on SNNs, i.e., Framed, Strobing, and Flashy Backdoor. Our results show that further research is needed to ensure the security of SNN-based systems against backdoor attacks and their safe application in real-world scenarios.
  arXiv  Detail & Related papers  (2024-11-05T11:44:54Z)
• Backdoor Attacks against Hybrid Classical-Quantum Neural Networks [11.581538622210896]
  Hybrid Quantum Neural Networks (HQNNs) represent a promising advancement in Quantum Machine Learning (QML) We present the first systematic study of backdoor attacks on HQNNs.
  arXiv  Detail & Related papers  (2024-07-23T08:25:34Z)
• Link Stealing Attacks Against Inductive Graph Neural Networks [60.931106032824275]
  A graph neural network (GNN) is a type of neural network that is specifically designed to process graph-structured data. Previous work has shown that transductive GNNs are vulnerable to a series of privacy attacks. This paper conducts a comprehensive privacy analysis of inductive GNNs through the lens of link stealing attacks.
  arXiv  Detail & Related papers  (2024-05-09T14:03:52Z)
• When Side-Channel Attacks Break the Black-Box Property of Embedded Artificial Intelligence [0.8192907805418583]
  deep neural networks (DNNs) are subject to malicious examples designed in a way to fool the network while being undetectable to the human observer. We propose an architecture-agnostic attack which solve this constraint by extracting the logits. Our method combines hardware and software attacks, by performing a side-channel attack that exploits electromagnetic leakages.
  arXiv  Detail & Related papers  (2023-11-23T13:41:22Z)
• Untargeted Backdoor Attack against Object Detection [69.63097724439886]
  We design a poison-only backdoor attack in an untargeted manner, based on task characteristics. We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns.
  arXiv  Detail & Related papers  (2022-11-02T17:05:45Z)
• An anomaly detection approach for backdoored neural networks: face recognition as a case study [77.92020418343022]
  We propose a novel backdoored network detection method based on the principle of anomaly detection. We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
  arXiv  Detail & Related papers  (2022-08-22T12:14:13Z)
• Preventing Distillation-based Attacks on Neural Network IP [0.9558392439655015]
  Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. This paper proposes an intuitive method to poison the predictions that prevent distillation-based attacks. The proposed technique obfuscates a NN so an attacker cannot train the NN entirely or accurately.
  arXiv  Detail & Related papers  (2022-04-01T08:53:57Z)
• Exploring Architectural Ingredients of Adversarially Robust Deep Neural Networks [98.21130211336964]
  Deep neural networks (DNNs) are known to be vulnerable to adversarial attacks. In this paper, we investigate the impact of network width and depth on the robustness of adversarially trained DNNs.
  arXiv  Detail & Related papers  (2021-10-07T23:13:33Z)
• Certifiers Make Neural Networks Vulnerable to Availability Attacks [70.69104148250614]
  We show for the first time that fallback strategies can be deliberately triggered by an adversary. In addition to naturally occurring abstains for some inputs and perturbations, the adversary can use training-time attacks to deliberately trigger the fallback. We design two novel availability attacks, which show the practical relevance of these threats.
  arXiv  Detail & Related papers  (2021-08-25T15:49:10Z)
• Black-box Detection of Backdoor Attacks with Limited Information and Data [56.0735480850555]
  We propose a black-box backdoor detection (B3D) method to identify backdoor attacks with only query access to the model. In addition to backdoor detection, we also propose a simple strategy for reliable predictions using the identified backdoored models.
  arXiv  Detail & Related papers  (2021-03-24T12:06:40Z)
• Dynamic Backdoor Attacks Against Machine Learning Models [28.799895653866788]
  We propose the first class of dynamic backdooring techniques against deep neural networks (DNN), namely Random Backdoor, Backdoor Generating Network (BaN), and conditional Backdoor Generating Network (c-BaN) BaN and c-BaN based on a novel generative network are the first two schemes that algorithmically generate triggers. Our techniques achieve almost perfect attack performance on backdoored data with a negligible utility loss.
  arXiv  Detail & Related papers  (2020-03-07T22:46:51Z)
• Defending against Backdoor Attack on Deep Neural Networks [79.0484137934143]
  We study the so-called textitbackdoor attack, which injects a backdoor trigger to a small portion of training data.<n>Experiments show that our method could effectively decrease the attack success rate, and also hold a high classification accuracy for clean images.
  arXiv  Detail & Related papers  (2020-02-26T02:03:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.