AI-Resistant Cryptography (AIR): Securing Secrets in the Era of Machine Learning
Cryptography has always been a game between code makers and code breakers. But the code makers just got a boost. Modern Artificial Intelligence (AI) systems can now reduce the number of possible messages before traditional cryptanalysis starts. This brings a significant change in the security model.
Classical cryptographic proofs assume that an attacker sees a ciphertext and must look through a large, uniform message space. Today, AI models take advantage of side channels, contextual data, and statistical links to create a short, ranked list of likely plaintexts. Quantum computing may speed this trend up even more, allowing quick key testing among those narrowed options. This is not a theoretical threat. Recent research shows that deep-learning-based crypt- analysis works on lightweight ciphers, neural networks can recover keys through side channels, and timing-analysis models can beat traditional statistical attacks.
From Shannon to AI Shaped Priors
Claude Shannon defined the unicity distance as the point where a ciphertext provides enough information to uniquely identify the key, assuming plaintexts follow a known language distribution [6]. In his model, the attacker starts with a “flat ignorance” prior; all messages are equally likely.
In the AI era, that assumption is wrong. The prior is no longer flat, it is an AI-shaped distribution with sharp peaks on a small set of plausible candidates. A modern attacker does not ask “what is the key?” but rather “which of my top 5 candidates matches this ciphertext?” This dramatically reduces effective security margin.
A Motivating Example
Consider a smart grid controller that transmits one of four states: NORMAL, ALERT, OPEN-BREAKER, CLOSE-BREAKER. An AI trained on grid telemetry can predict with 90% confidence that the next message is either ALERT or OPEN-BREAKER.
With a standard cipher (AES-GCM), the ciphertext uniquely commits to the plaintext. Once observed, the attacker can quickly discard wrong guesses by checking key–ciphertext consistency. AIR cryptography [4, 3] changes this game: the ciphertext is constructed so that multiple of those high-probability messages remain consistent. The attacker’s posterior distribution remains broad — preserving uncertainty.
Design Principles of AIR Cryptography
AIR cryptography relies on three pillars:
1. Secret, Variable Key Sizes: The key size itself is hidden, preventing attackers from inferring security level or progress by ciphertext size or timing [4].
2. Pattern-Devoid Construction: Randomness-rich, “trans-Vernam” designs suppress patterns that AI could learn, aligning with the direction suggested by Samid’s pattern- devoid cryptography [3].
3. Decoy Tolerance: Ciphertexts are constructed with content-free bits that create multiple valid decryption results, forcing the attacker to maintain a large candidate list [5].
These are not mere theoretical niceties. They exploit three technological trends: cheap memory (to store large keys), fast networks (to tolerate decoy overhead), and strong randomness sources.
Two Concrete Designs
BitMap [2]: Messages are encoded as travel paths on a secret map. Given a ciphertext, multiple maps can be constructed that yield different valid plaintexts. This produces a large terminal list, denying the attacker a single “correct” interpretation.
BitFlip [5]: Each letter is associated with a secret codeword a and a secret Hamming distance t. To send a letter, the sender picks a string b such that H(a, b) = t. Many b’s satisfy this, and some b’s also satisfy H(a′, b) = t′ for other a′. This creates natural one-to-many and many-to-one relationships — ideal for decoy tolerance.
Comparison with Classical and PQ Ciphers
| Property | AES-GCM | Kyber (PQC) | AIR Cipher |
|---|---|---|---|
| Key Size | Fixed | Fixed (e.g., 256-bit) | Variable, secret |
| Ciphertext Unicity | High | High | Low (many-to-one) |
| AI Resilience | Poor | Poor (same message model) | High (maintains candidate set) |
| Computation Cost | Moderate | Moderate/High | Low (memory-heavy) |
AIR cryptography is not a replacement for PQC but a complement: PQC resists quantum algorithms, AIR resists AI-shaped priors.
Applications
- IoT and Embedded Devices: Where message alphabets are small, and AI guessing is easiest.
- Medical and Military Systems: Where leakage could have life-or-death impact.
- Industrial Control Systems: Especially GOOSE, SV, and Modbus traffic, where message patterns are predictable.
Open Challenges
Several challenges remain open:
- Formalizing AI-resilient IND-CPA and IND-CCA security notions.
- Quantifying the trade-off between decoy overhead and information gain for real networks.
- Integrating AIR schemes with access-control primitives (e.g., ABKEM) without leaking policy patterns.
- Building defensive-AI models to anticipate attacker priors and auto-tune ciphertext generation.
AI-Resistant cryptography shifts the battleground. Instead of making ciphertexts harder to decrypt, it makes them less informative. When observing a ciphertext yields no reduction in the attacker’s uncertainty, even an AI-assisted adversary gains nothing.
As AI and QAI continue to evolve, we may see AIR cryptography adopted alongside PQC as a two-layer defense: one protecting the math, the other protecting the message distribution.
Edited By: Windhya Rankothge, PhD, Canadian Institute for Cybersecurity
References
[1] National Institute of Standards and Technology. Nist releases first 3 finalized post-quantum encryption standards, Aug 2024. Press Release. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
[2] Gideon Samid. Bitmap lattice: A cyber tool comprised of geometric construction, Feb 2021. https://patentimages.storage.googleapis.com/96/00/b0/32bc504dbef084/US10911215.pdf
[3] Gideon Samid. Pattern devoid cryptography. IACR Cryptology ePrint Archive, 2021. https://eprint.iacr.org/2021/1510.pdf
[4] Gideon Samid. The prospect of a new cryptography: Extensive use of non-algorithmic randomness competes with mathematical complexity. IACR Cryptology ePrint Archive,
2023. https://eprint.iacr.org/2023/383.pdf
[5] Gideon Samid and Sergei Popov. Bitflip: A randomness-rich cipher. IACR Cryptology ePrint Archive, 2017. https://eprint.iacr.org/2017/366.pdf
[6] Claude E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28:656–715, Oct 1949. https://ieeexplore.ieee.org/iel7/6731005/6769085/06769090.pdf