The intersection of artificial intelligence (AI) and security has gained significant attention, driven by the need for secure solutions that deploy AI. Cryptography, in particular, stands as a notable example of the benefits of AI integration. AI techniques and methods are already being applied to address challenges in cryptography, such as improving cryptanalysis and physical attacks and relevant countermeasures. Additionally, the use of cryptography to address security and privacy issues in AI systems is emerging as a crucial area of focus. As attacks on AI systems become more powerful, there is a growing need to explore how cryptographic strategies can mitigate these threats. Examples include the development of cryptographic backdoors in neural networks, the use of cryptographic techniques to watermark the output of LLMs, or model stealing attacks based on cryptanalysis techniques. Our goal is to bring together experts from academia and industry, each with a unique perspective on cryptography and AI, to foster knowledge exchange and collaborative innovation. We are particularly interested in exploring how techniques can be transferred across different cryptographic applications and in enhancing AI security mechanisms. Moreover, we will review recent advancements, including those discussed at previous AICrypt events, to provide a comprehensive understanding of this rapidly evolving field.
Authors interested in giving a contributed talk in AICrypt are invited to submit an extended abstract of at most 2 pages (excluding references) on Easychair.
Topics of interest for this workshop include, but are not limited to:
Submitted abstracts for contributed talks will be reviewed by the workshop chairs for suitability and interest to the AICrypt audience. There are no formal proceedings published in this workshop. Thus, authors can submit extended abstracts related to works submitted or recently published in other venues or work in progress that they plan to submit elsewhere.
We encourage researchers working on all aspects of AI and cryptography to take the opportunity and use AICrypt to share their work and participate in discussions. The authors are invited to submit an extended abstract using the EasyChair submission system. All submitted abstracts must follow the original LNCS format with a page limit of up to 2 pages (excluding references). The abstracts should be submitted electronically in PDF format.
There are no formal proceedings published in this workshop, thus authors can submit extended abstracts related to works submitted or recently published in other venues, or work in progress that they plan to submit elsewhere.
The speakers will be invited to present their work based on the evaluation of the workshop chairs for suitability and interest to the AICrypt audience. Every accepted submission must have at least one author registered for the workshop.
Abstract submission deadline: MARCH 14, 2025
Notification to authors: MARCH 28, 2025
Workshop date: May 3, 2025
Workshop registration goes through the Eurocrypt registration process. Check this page for further information.
In ten years Large Language Models (LLMs) have grown from something that can sometimes spell some words correctly, to something that can solve PhD level math problems and write code at the level of competitive programmers.
In this talk, I lay out several directions where I think AI could be used to solve problems in the crypto community, and where the crypto community can help solve problems in AI. These range from concrete technical problems that need to be solved and where crypto could help (e.g., model stealing or watermarking) to indirect applications where having a background in crypto would (e.g., formalizing definitions of robustness or unlearning). And in reverse, I also consider various directions where it may be possible to use recent advances in LLMs to solve problems in crypto (e.g., applications towards cryptanalysis).
Nicholas Carlini is a research scientist at Anthropic working at the intersection of machine learning and computer security, and for this work has received best paper awards from USENIX Security, ICML, and IEEE S&P. He received his PhD from UC Berkeley in under David Wagner.
The program starts at 09:25 am, CEST time (UTC + 2).
TIME CEST (UTC+2) |
SESSION/TITLE |
---|---|
Session 1: Cryptographic Backdoors in ML 09:25 - 10:30 |
|
09:25 - 09:30 | Opening Remarks |
09:30 - 10:00 | Oblivious Defense in ML Models: Backdoor Removal without Detection Shafi Goldwasser, Jonathan Shafer, Neekon Vafa and Vinod Vaikuntanathan |
10:00 - 10:30 | Spot-Check: Integrity Verification for Outsourced ML via Hidden Backdoors Artem Grigor and Ivan Martinovic |
10:30 - 11:00 | Coffee Break |
Session 2: Cryptography for Privacy-Preserving ML 11:00 - 13:00 |
|
11:00 - 11:30 | Willow: Secure Aggregation with One-Shot Clients James Bell-Clark, Adria Gascon, Baiyu Li, Mariana Raykova and Phillipp Schoppmann |
11:30 - 12:00 | Private Deep Neural Network Inference Engines with Homomorphic Encryption Antonio J. Peña, Lena Martens, Priyam Mehta, Zaira Pindado and Thomas Spendlhofer |
12:00 - 12:30 | Private Deep Learning on Vertically Partitioned Datasets Parker Newton |
12:30 - 13:00 | Farfetch'd: Side-Channel Privacy Attacks in Confidential VMs Ruiyi Zhang, Albert Cheu, Adria Gascon, Daniel Moghimi, Phillipp Schoppmann, Michael Schwarz and Octavian Suciu |
13:00 - 14:15 | Lunch Break |
Session 3: Keynote talk 14:15 - 15:15 |
|
14:15 - 15:15 | Keynote Talk: Some thoughts on AI for Crypto,
and Crypto for AI Nicholas Carlini |
15:15 - 15:45 | Coffee break |
Session 4: Neural Distinguishers, Adversarial Resistance and LLM for cryptography 15:45 - 17:15 |
|
15:45 - 16:15 | Adversarial-Resistant AI Using Cryptographic Primitives: A Commitment-Based Approach to Secure Explainability and Confidentiality Sumitra Biswal |
16:15 - 16:45 | Generic Partial Decryption as Feature Engineering for Neural Distinguishers Rocco Brunelli, David Gerault, Emanuele Bellini, Anna Hambitzer and Marco Pedicini |
16:45 - 17:15 | An LLM Framework For Cryptography Over Chat Channels Danilo Gligoroski, Mayank Raikwar and Sonu Kumar Jha |
17:15 - 17:20 | Closing Remarks |