This work addresses the problem of planting and defending cryptographic-based backdoors in artificial intelligence (AI) models. The motivation comes from our lack of understanding and the implications of using cryptographic techniques for planting undetectable backdoors under theoretical assumptions in the large AI model systems deployed in practice. Our approach is based on designing a web-based simulation playground that enables planting, activating, and defending cryptographic backdoors in neural networks (NN). Simulations of planting and activating backdoors are enabled for two scenarios: in the extension of NN model architecture to support digital signature verification and in the modified architectural block for non-linear operators. Simulations of backdoor defense against backdoors are available based on proximity analysis and provide a playground for a game of planting and defending against backdoors. The simulations are available at https://pages.nist.gov/nn-calculator

翻译：本研究探讨了在人工智能模型中植入和防御基于密码学的后门问题。研究动机源于我们对在实践中部署的大型AI模型系统中，基于理论假设使用密码学技术植入不可检测后门的理解不足及其潜在影响。我们设计了一个基于网络的仿真平台，支持在神经网络中植入、激活和防御密码学后门。后门植入与激活的仿真涵盖两种场景：一是通过扩展神经网络架构以支持数字签名验证，二是通过修改非线性算子架构模块。针对后门的防御仿真基于邻近性分析实现，并提供了后门攻防对抗的演练环境。仿真平台可通过 https://pages.nist.gov/nn-calculator 访问。