2006 International Joint Conference on Neural Networks

Sheraton Vancouver Wall Centre Hotel, Vancouver, BC, Canada

July 16-21, 2006

Symmetric Cipher Design Using Recurrent Neural Networks

M. Arvandi, S. Wu, A. Sadeghian, W. W. Melek, and I. Woungang

Abstract— In this paper, a neural network-based symmetric
cipher design methodology is proposed to provide high
performance data encryption. The proposed approach is a novel
attempt to apply the parallel processing capability of neural
networks for cryptography purposes. By incorporating neural
networks approach, the proposed cipher releases the constraint
on the length of the secret key. The proposed cipher is robust in
resisting different cryptanalysis attacks and provides efficient
data integrity and authentication services. The design of the
symmetric cipher is presented and its security is analyzed.
Simulation results are presented to validate the effectiveness of
the proposed cipher design.
I. INTRODUCTION
and continuous weights. The synchronization process is
claimed to be non-self-averaging and the analytical solution is
based on random auxiliary variables. The learning time of an
attacker that is trying to imitate one of the networks has been
examined analytically and is reported to be much longer than
the synchronization time. Kilmov et al. [8] have shown that
Kinzel’s protocol can be broken by geometric, probabilistic,
and genetic attacks, and as such is not entirely secure. Karras
and Zorkadis [9] have proposed the construction of robust
random number generators based on MLP networks to be used
in security mechanisms.
In this paper, we propose a novel symmetric cipher design
using neural network as a parallel computing technique for

I NFORMATION security has become a necessary

component for many businesses and technology
applications, due to the existence of many threats and attacks
cryptography implementation [10], [11]. In Section II, we
propose the cipher design methodology. In Section III, the
security analysis of the cipher is discussed in depth. In this
to the systems. Cryptography can be considered one of the section, a self-adaptive algorithm for detecting trends during
most important aspects of communication security. The basic the learning procedure is proposed to provide enhanced
objective of cryptography is to enable two peers (persons or security under cryptanalysis attacks. In Section IV, we present
computers) to communicate over an insecure channel while our simulation results. Finally, in Section V, the findings and
preserving the secrecy of the information. In addition to conclusion of this work are presented.
provide confidentiality, it is often required for cryptography to
perform authentication, integrity and non-repudiation. These II. SYMMETRIC CIPHER DESIGN
requirements make it essential to investigate means to design
This section describes an attempt to apply neural network
cryptography techniques that can have the capability to resist
learning techniques for cryptography purposes. The proposed
different types of cryptanalysis attacks, while providing
symmetric cipher design is based on real-time recurrent neural
security services.
networks (RRNN) as shown in Fig. 1.
In recent years, a number of researchers have attempted the
application of neural networks for cryptography purposes. Su
et al. [1] proposed to use unpredictable outputs of a neural
network together with a dedicated hardware to encrypt digital
signals. The randomness of the output of the system, built
using a specific VLSI architecture, determines whether the
encrypted data is predictable or not. Yee and De Silva [2]
suggested the use of MultiLayer Perceptron (MLP) for key
scheduling that employs a mutating algorithm comprising of
modular arithmetic and Feistel cipher [3]. This method has a
fixed key length. They also proposed the use of MLP
Networks [4],[5] in public key cryptography and as a one-way
hash function. Meletiou et al. [6] proposed the use of Fig. 1. Proposed Recurrent Neural Network for Cipher Design
feedforward neural networks for computing the Euler function
in RSA cryptosystem. This RRNN has a multilayer structure with two constraints:
Kinzel and Kanter [7] proposed and studied analytically a (i) the dimension of the input vector X, is twice of the output
neural cryptography scheme that is based on a mutual learning vector Y; (ii) one of the hidden layers has only one neuron with
process between two parity feed-forward NNs with discrete an output denoted by ξ . The symmetric cipher operates in two

0-7803-9490-9/06/$20.00/©2006 IEEE 2039

stages: key extension and data encryption/decryption. A
pruning method [12] is used to determine a neural network of
robust size, which has the capability to learn the training data
fairly well and still maintain an acceptable generalization
capability for the tested data. A robust size is identified by
pruning the weights of the neural network. In specific terms, at
the beginning of the learning process a large-size neural
network is used, then the irrelevant weights and nodes of the
network are removed in an iterative process until a smaller size
network is derived.
This simple architecture satisfies the confusion and
diffusion properties of the cipher. These are two basic
techniques for obscuring the redundancies in a plaintext
message. From the input layer up to the hidden layer II, the
layer with only one neuron ξ , confusion is achieved, which is
similar to the effect of substitution. Then by applying the
simple non-linear function (sigmoid function in this case) to
the inputs, diffusion is gained, which is similar to
transposition. In addition, keeping the structure of the network
simple can help with its analysis.
A. Key Extension
Suppose there are two users at the different ends of a
communication line with an identical symmetric cipher based
on a neural network similar to that in Fig. 1. They will
exchange a secret key S that contains the following three parts
of information: (i) the input vector X; (ii) the training target Y;
and (iii) the critical value of the self-adaptive procedure α .
Vectors X and Y will then be presented to the neural network
for training. The purpose of the training process is to make the
neural network detect, store or remember the secret key
information. The trained neural network parameters will be
kept unrevealed and become the extended secret key for the
subsequent encryption and decryption procedures. The last
actual output of the network during the key extension will be
the initial vector, M 0 , for the encryption. The weight
distribution of the hidden layers relies on the knowledge of the
training data (i.e. the original secret key) along with
architecture of the network and learning algorithm [12].
Therefore, it is not feasible for a cryptanalyst to analyze the
extended key. By changing the length of the secret key and the
dimension or the hierarchy of the hidden layers, the user can
adjust the security level accordingly. A major advantage of the
proposed cipher design is its capability to release the
constraints imposed on the length of the secret key.
B. Encryption
The structure of the symmetric cipher design (shown in Fig.
1) ensures that among the hidden layers of the neural network,
there exists at least one that has only one neuron (denoted as
neuron ξ ). This feature is used to decompose the feed-forward
operation of the neural network into two functions F1 and F2 .
2040
In this decomposition, F1 is the feedforward operation over
the weight and bias matrices performed from the input layer to
neuron ξ , and F2 is the similar type of operation performed
from neuron ξ to the output layer. These functions are then
used in the encryption process that consists of two steps: (i)
ciphertext generation; and (ii) one-epoch training.
C. Ciphertext Generation
The plain text should first be mapped to vectors
M i (i =1,..., n ) = { M 1 , M 2 , M 3 , ... M n } according to the
dimension of input vectors. The first vector of the
message M 1 is combined with the initial vector M 0 from the key
extension procedure to build the following initial input vector
X1 = ( M 0 M1 ) (1)
where || denotes a vector concatenation operator, i.e. two
( n ×1 ) vectors M 0 and M 1 are concatenated to form a ( 2n ×1 )
vector. Next, X 1 is presented to the neural network to produce
both the intermediary neuron output V1 in the hidden layer and
the output Y1 . The error signal is calculated as E1 = M 1 − Y1 ,
where M 1 is the target of the identity mapping.
Finally, E1 and V1 are considered as the first block of the
ciphertext referred to as C1 {V1 , E1} .
D. One Epoch Training
After the first ciphertext block C1 is constructed, the neural
network can be trained for one-epoch using X 1 as the input
vector and M 1 as the training target. From the second and all
following plain text blocks, the preceding time instant output
Yi −1 ( i = 2,..., n ) of the neural network is combined with the
current plaintext block M i to yield the current input vector. In
order words, the input vectors can then be built according to:
X i = ( Yi −1 M i ) , i = 1, 2,..., n (2)
The above two steps of encryption are repeated to generate
values for Vi and Yi , and hence train the neural network for
one-epoch at a time. In fact, the above encryption procedure
will result in a symmetric cipher working in the cipher block-
chaining (CBC) mode as implicitly shown in Fig. 2.
To summarize the above procedure, the ciphertext blocks
Ci are constructed as follows:
Vi = F1 ( X i ) (3)
Yi = F2 (Vi ) (4)
Ei = M i − Yi (5)
ST = C {Vi , Ei } (6)
where ST refers to the ciphertext at the instant i . The recurrent
neural network structure in Fig. 2 is a schematic representation
of equations (3) to (6). The first hidden layer defines F1 in (3). CBC-MAC is a simple method that uses the last encrypted
The second hidden layer has one neuron ξ . The third hidden block as the MAC for the ciphertext chain.
layer implements the function F2 that computes the output F. RRNN and Cipher Design
Yi as shown in (4). Finally, the output at time instant i is fed By means of the RRNN (shown in Fig. 1), the symmetric
back through a zero order hold to construct the input to the cipher uses the forward dynamics equations (3) to (6) to
network at the following time instant. generate the ciphertext and the MAC. In specific terms, the
output of the network forward dynamics is computed as:
Yi −1 Ci
MLP Vi MLP Yi Pi −1 Pi Ci −1
Mi

Yi + +
MLP Vi +1 MLP Yi +1
M i +1

Fig. 2. The Symmetric Cipher in CBC Mode Ek Ek Dk Dk

E. Decryption
+ +
The decryption procedure, Fig. 3, works in a similar fashion as
that of the encryption. When the symmetric cipher receives the Pi −1
Ci−1 Ci Pi
ciphertext Ci {Vi , Ei } , the output Yi is computed as
Fig. 4. CBC Mode Encryption (Left) and Decryption (Right)
Yi = F2 (Vi ) (7)
Ei  
Y j (n + 1) = ϕ  ∑ w ji (n)U i (n)  , j∈B (10)
 i = A∪ B 
Vi MLP Yi Mi where ϕ is a nonlinear activation function and the
variable w ji represents the synaptic weight of the neuron j. In
Fig. 3. Decryption Process
(10), U i (n) is the input vector to the RRNN, defined as in [12],
 X i (n) if i ∈ A
Next, the original plaintext block can be restored using U i (n)  (11)
M i = Yi + Ei (8) Yi (n) if i ∈ B
where A denotes the set of indices i for which X i (n) is an
After the message block M i is restored, the one-epoch
external input, and B denotes the set of indices i for which
training step is performed using X i = ( Yi −1 M i ) as the input U i (n) is the output of the neuron. Furthermore, the term
vector and M i as the training target. representing the argument of the linear activation function in
The output Vi of the final block can be used as the Message (10) is the neuron internal activity function Vi defined in (3).
Authentication Code (MAC) for the whole ciphertext. After To define the initial values for the weight w ji (0) , a set of
calculating Yi from Vi during decryption, M i can be uniformly distributed random numbers is chosen. Next, the
produced, and hence X i = ( M i Yi ) is once again dynamic process for updating the network weights in real time
is defined by means of the following triple index
reconstructed. Then, Vi ′ is computed
 
Vi ′ = F1 ( X i ) (9) ( )
ϑklj (n + 1) = ϕ ' V j (n)  ∑ w ji (n)ϑklj (n) + δ klU l (n)  (12)
 i∈B 
Next, Vi ′ is compared with Vi to verify data integrity and where j ∈ B, k ∈ B, l ∈ A ∪ B, and ϕ ' (.) is the derivative of
authentication. In general, at the end of the data the nonlinear activation function. In (12), δ kl is the Krönecker
encryption/decryption stages, the Cipher Block Chaining-
Message Authentication Code (CBC-MAC) [3] is prepared (or delta, which equals to one when k = l and 0 otherwise. The
examined if already exists) to ensure data integrity. The CBC triply index is initialized such that ϑklj (0) = 0 . The index in
mode encryption and decryption is illustrated in Fig. 4, where (12) is used to update the RRNN weights as follows:
the Pi ’s are plaintext blocks and the Ci ’s are ciphertext blocks.

2041
∆wki (n) = η ∑ E j (n)ϑklj (n) (13)
j
where ∆wkl denotes the update to the weight wkl , and the
parameter η refers to the learning rate of the network. In (13),
the error function E j at time instant n is computed as
E j (n) = M j (n) − Y j (n) (14)
Finally, the weight wkl is updated according to the following
wkl (n + 1) = wkl (n) + ∆wkl (n) (15)
Both forward and backward dynamics vary in time to ensure
that the learning procedure of the RRNN has the capability to
detect temporal patterns of the training data. Consequently, the
cipher can prepare the MAC to maintain both the data integrity
and the data authentication.
III. SECURITY ANALYSIS
In this section two possible types of attacks against the
proposed symmetric cipher are examined: (i) attacks against
the MAC; (ii) attacks against the data encryption scheme itself.
A self-adaptive learning procedure for the symmetric cipher is
also introduced.
A. Attacks against the MAC
Several features of the MAC can be viewed as potential
targets for the cryptanalysis attacks. Among those features are:
(i) MAC needs to be a one-way function - For any given input
x, it is easy to compute the authentication code by the secure
hash function H, but it is computationally not feasible to
arbitrary guess x from the MAC even if H is known; (ii) MAC
needs to be collision-resistant - It is not computationally
feasible to find a pair (x, y) such that H ( x) = H ( y ) ; and (iii)
MAC needs to be capable of data authentication - Only the
secret key owner can decrypt the code because the hash value
is encrypted by the secret key.
Most of the cryptanalysis attacks against MAC focus on the
collision resistance feature. The attacker tries to substitute the
text x with the alternate text x ′ such that H ( x) = H ( x′) . In
doing so, she can target either the key space of the MAC or its
actual value. Also, without attempting to recover the secret
key, she may try to find a message that matches a given MAC
value, and then use that message to replace the original one.
When a ciphertext message Ci {Vi , Ei } in (6) is changed, one
of the following two scenarios arises: (i) either Ei or Vi are
changed; or (ii) both Ei and Vi are changed.
Now suppose that either Ei or Vi is changed during a
cryptanalysis attack. The decryption process will produce *M i
from *Ci according to (7) and (8). Then the attacker will
calculate *Vi according to (9). Furthermore, due to the fact that
2042
the value of *Vi and Vi will not match, data corruption may be
detected. However, it is possible for the attacker to choose a
{ }
ciphertext *Ci *Vi , *Ei so as to pass the MAC check. Yet, this
attack will be detected when the next MAC is checked because
of the CBC mode. This is due to the fact that *Yi is not only
used for the MAC check of the current block, but also for one
step ahead check. In other words, the input vector will be
changed from X i +1 = Yi M i +1 to * X i +1 = *Yi M i +1 and the data
integrity corruption of ciphertext Ci will be detected by the
MAC check of the next ciphertext Ci +1 . Hence, the attacker
will be forced to identify a chain of messages to replace the
whole document of plaintext for the attack against the CBC-
MAC to be successful. Also, if the length of the plaintext is n
bits, the effort will require approximately 2n operations.
In addition, let’s consider the case of an attack against the
key space of the MAC. If the attacker successfully determines
the secret key, she can generate a valid MAC value for any
given message. If she has the knowledge of some sets of both
the plaintext and ciphertext, she can try every possible secret
key to generate the MAC. By comparing the results, she may
then try to break both the MAC and the cipher. Suppose the
total key size of the extended key is k bits and the length of the
plaintext is n. Since the MAC is usually a many-to-one
mapping, for the first round attack, it is expected that the
attacker will find about 2(k-n) matching keys. It is necessary for
the attacker to perform multiple rounds of attacks. For the
second round, the attacker will search within the remaining 2(k-
n)
keys and will probably find 2(k-2n) keys, and so on. Such an
effort will be reduced quickly for the consecutive rounds. The
overall effort of this type of attack will consists in searching 2k
keys roughly. In summary, the effort of the attacks against the
MAC will be in finding β = min (2k, 2n) keys. According to
modern cryptanalysis, the strength of the cipher is required to
be at least 128 bits.
B. Attacks against the Data Encryption Scheme
The encryption procedure of the proposed symmetric cipher
can be viewed as a nonlinear mapping in which the ciphertext
is the nonlinear transformation of the plaintext. If this function
is static, the nonlinear equations can possibly be solved when
the cryptanalyst has large volumes of plaintext with the
corresponding ciphertext available. In comparison to other
existing algorithms such as the Data Encryption Standard [3],
the extended key length k of the proposed symmetric cipher is
much longer. Because the symmetric cipher makes use of the
learning procedure of neural network to encrypt data, it is
assumed that a key stream encrypts the plaintext blocks. As a
result, the extended key length k should be the total sum of all
these keys within the same key stream period. The longer the
key stream period is, the longer the extended key length k will
be. This will result in a stronger symmetric cipher. If it can be
guaranteed that the learning procedure will not converge
quickly. The symmetric cipher can then generate long period
key stream. Consequently, the nonlinear transform function
should be dynamic when it is applied for data encryption. The
feedforward dynamics of the RRNN must keep varying in time
to provide security protection of the plaintext. Furthermore,
since the learning procedure usually tends to be convergent,
cryptanalysis attacks based on the stability of the neural
networks during learning may be an issue of importance. This
is studied in the next section.
1) Attack against Data Confidentiality: Let G denotes the set
of plain texts, Z the set of local and global minima, and L the
largest invariant set in Z. L will contain all of the possible
points at which the solution might converge and the trajectory
can be trapped. Assume L contains only one fixed-point y. A
cryptanalyst will train the symmetric cipher with the known
plaintext repeatedly until it converges to L. After the cipher is
stabilized, all the secret plaintexts input that belongs to G will
converge to this fixed point. Although the cryptanalyst has no
knowledge of the weight matrix and the initial state of the
cipher, she can obtain the convergent point y in L by means of
the known plaintext. Then the cryptanalyst can restore the
following secret plaintext M via the error signal E using M = Y
+ E. It shows that the stability of the neural networks will
eventually help the cryptanalyst to break the cipher without the
knowledge of the weight matrix. To resist such an attack, the
learning procedure needs to guarantee that convergence will
not drift towards an invariant set L after the training of large
volume of plain texts. This consideration is directly related to
the stability problem of neural networks discussed as follows.
2) Stability Problem of Neural Networks during Learning:
Based on the above cryptanalysis discussion, the learning
procedure has a tendency to be stable. During the recurrent
back-propagation procedure, the Euclidean distance between
the fixed point and the desired pattern is progressively
reduced. As a result, the error signals will have smaller values.
That will cause the dynamic of the backward propagation to
decrease. The stability of the backward propagation will result
in stable weight matrix.
A RRNN can be modeled as nonlinear dynamic system, and
the direct Lyapunov function [13] can be used to analyze the
stability of neural networks, providing such a function be
found and used for the back-propagation algorithm processing
[12]. This problem is difficult. Alternatively, through a local
analysis of the learning procedure of neural networks, it can be
assumed that the local stability of the forward propagation is a
sufficient condition for the local stability of the backward
propagation and vice versa [14], [15]. Consequently, there is
only need to guarantee the instability of the backward
propagation (11), so that the forward propagation (used to
generate the ciphertext) is ensured to be chaotic and
unpredictable. According to (11), the instability of the
2043
backward propagation depends on both the error signal and the
weight matrix. An estimate of the gradient has been used to
approximate the true gradient curve of the cost function in
order to perform real-time learning. If the learning rate η is
set to a large value, a small mismatch between the output and
the learning target will have a dramatic effect on the weight
update process; hence will cause the forward propagation to be
unstable, i.e. chaotic. This chaotic oscillation of the learning
behavior can then be generated in order to provide the desired
data security.
C. Self Adaptive Learning Procedure
The self-adaptive function of the symmetric cipher is a
necessary component to resist possible cryptanalysis attacks.
This algorithm implements such a function and it detects the
trend of the learning procedure via monitoring the mean
squared error performance function (MSE), and then adjusts
the learning rate by a Multiplicative-Increase Gradual-
Decrease (MIGD) method, i.e., the TCP Vegas congestion
control protocol [16]. At first, a low-pass filter for the MSE
learns the trend detection as follows
T ( k ) = δ T (k − 1) + (1 − δ ) ∗ MSE (k ) (16)
where δ is often selected between 0 and 1, T(k) is the output
of the low-pass filter of MSE at time k and the initial state T(0)
is set to be zero. The learning stop condition MSEstop (also
referred to as the learning goal) is defined as:
MSE stop ≤ α (17)
where α is the critical value of T(k). The learning rate will
adapt itself according to the MIGD method based on one of the
following three cases:
Case 1: T ( k ) ≤ α . The condition shows that the learning
procedure tends to be convergent to the learning goal. To
avoid the stability of the learning and restore the chaotic
behavior, the learning rate η is increased aggressively by a
factor λ , i.e. λ = 2 . In this case: η = λ ⋅η
Case 2: T ( k ) > α and T ( k ) > T (k − 1) . The condition
shows that the learning procedure tends to be oscillating.
Hence, to maintain the learning rate close to the maximum
allowable value, it should be gradually decreased by a factor
θ , for example θ = 0.9 . In this case: η = θ ⋅η
Case 3: T (k ) > α and T ( k ) ≤ T (k − 1) . In this case, the
learning rate keeps the same value.
The above self-adaptive procedure can be performed at the
conclusion of each epoch of training in both the encryption
and decryption procedures. The critical value α can guarantee
that the learning procedure will not settle at a stable point. At
the same time, it helps maintain the learning rate close to the
maximum allowable value so that the learning trajectory is
closely related to the training data. More precisely, it will
make the learning trajectory behave more randomly, which in
turns makes the analysis of the learning procedure more
difficult without the knowledge of the initial state of the
network.

IV. SIMULATION RESULTS

To validate the proposed symmetric cipher, we have
prepared a simulation program in MATLAB that contains an
encoder to encrypt plain text and a decoder to restore plain text
from cipher text. The cipher is constructed using a common
MLP network. In order to perform the recurrent real-time
learning, the output of the cipher is fed back as part of the
input vector. The dimensions of the input and output vectors
are four and two, respectively. The hidden layer has only one
neuron and its output represents the first part of the cipher text.
A sample plain text is used as the external input signal for
the cipher. The plain text contains a long string of character
“a”, followed by a short string of character “z”, and followed
again by a long string of character “a”. The plain text is first
translated to the corresponding ASCII code, and then scaled
between zero and one. These values are permuted and padded Fig. 5. Small fixed learning rate effect (Learning rate = 0.05, learning rate
by zero (if necessary) to form several 4x1 vectors as input data adaptation disabled)
for the cipher.
The first two simulation experiments are carried out to
analyze the effect of the learning rate on the network, while in
the third experiment, the effect of the self-adaptive algorithm
for updating the network’s learning rate is investigated. The
configuration parameters for all the experiments are given in
Table I.
For the first two experiments, the ciphertext output is
illustrated in Fig. 5 in terms of Vi (ciphertext part 1) and Ei
(ciphertext part 2). Since Vi is actually the output of the neural
network, it is a value in the interval (0, 1). Ei is the 2-
dimensional error signal between the input and the output, and
it may assume negative values. The only difference between
the 1st and 2nd experiments is in the learning rate. The
ciphertext output for the 2nd experiment is illustrated in Fig. 6.
Comparing the results of these two experiments, it is
observed that the second part of the ciphertext, Ei , has weaker
protection than the first part when the learning rate is small.
Hence, the first part of the ciphertext output can be the MAC
for the corresponding plaintext blocks. Therefore, it will be Fig. 6. Large fixed learning rate effect (Learning rate = 35,
learning rate adaptation disabled)
much difficult for a cryptanalyst to perform an attack based on
the first part of the ciphertext. Since the weakest point on the
text can be used to examine the security of the symmetric
cipher, the focus should be on the analysis of the second part
of the ciphertext.

2044
 TABLE I
CONFIGURATION PARAMETERS FOR THE FIRST, SECOND, AND THIRD EXPERIMENTS
Experiment Weight Epochs for Dimension of
initial value key extension input vector
1 0.5 4 2
2 0.5 4 2
3 0.5 4 2
Based on experiments, when the learning rate is small, the
second part of the ciphertext, Ei , will expose the temporal
pattern of the plain text. The cryptanalyst can then perform the
attacks discussed earlier to guess the new character “z”. But
when the learning rate is set to a large value, the learning
procedure can be prevented from convergence and the
temporal structure of the plain text input can be protected
because the ciphertext is chaotic. Even though the ciphertext
looks chaotic, it is difficult to determine whether it has a
limited number of states. It is often desirable for the error
signal to have an unpredictable number of states so that the
further cryptanalysis is impossible. This can be achieved by
introducing more random factors into the ciphertext generation
process (i.e., the learning process of the neural network). A
suitable source for random factors would be the plaintext
itself. This is illustrated in the third experiment. The two parts
of the ciphertext output for this experiment are shown in Fig.
7.
Fig. 7. The two parts of the ciphertext output for the third
experiment
2045
Learning rate Learning stop Learning rate adaptation
for encryption condition
0.05 1e-50 Disabled
35 1e-50 Disabled
1 1e-50 Critical value α: 0.04
Increase factor λ: 2
Decrease factor θ: 0.9
When the learning error reaches the critical value α , the
self-adaptive procedure will be triggered. In that case, the
learning rate value is multiplied by an increase factor λ .
Afterwards, if the learning procedure oscillates according to
the case 2 of the MIGD method previously studied, the
learning rate value is multiplied by the decrease factor θ . On
the other hand, the learning rate value is sustained if the
learning procedure is in accordance with Case 3 of the MIGD
method. In the third experiment, when the learning rate is set
to a large value, the error signal will diverge away from the
critical value and learning goal. Consequently, the parameter
α can be used as a knob to control the learning and make it
unpredictable, thus guarantee a desirable instability. Large
learning rate can help to hide the temporal structure of the
plain text input data and force the symmetric cipher to
generate chaotic ciphertext.
V. CONCLUSION
In this paper, a novel symmetric cipher design based on
RRNN is proposed. The cipher design has several advantages
resulting from the introduction of RRNN for symmetric
ciphers. It releases the limitation on the length of secret key.
The cipher can flexibly adjust the secret key and message
length to accommodate different security and performance
requirements. Moreover, it is capable of providing both high
secure data encryption and data integrity services. Different
cryptographic services are provided by an integrity scheme
with a relatively simple architecture. Furthermore, the inherent
parallel computing capability of the cipher can accommodate
high performance data encryption requirements such as secure
point-to-point file transfer between gateways. It has been
shown that the scheme is resistant to different cryptanalysis
attacks, and more data is available in [11]. Simulation results
show that the learning procedure of the recurrent neural
network can be controlled to provide the secure protection for
data by adapting the learning rate. Further research work on
the weight distribution of the neural network can help provide
more valuable information on the analysis of the similar cipher
designs.
 REFERENCES
[1] S. Su, A. Lin, and J. Yen, “Design and realization of a new chaotic
neural encryption/decryption network”, Proc. IEEE Asia-Pacific Conf.
on Circuits and Systems, pp. 335-338, 2000.
[2] L. Yee, and C. De Silva, “Application of multilayer perceptron networks
in symmetric block ciphers”, Proc. 2002 Int’l Joint Conf. on Neural
Nets, vol. 2, pp. 1455-1458, 2000
[3] B. Schneier, Applied Cryptography. 2nd ed., John Wiley & Sons Inc.,
1996, ch. 1, 12, 18.
[4] L. Yee, and C. De Silva, “Application of Multilayer Perceptron
Networks in Public Key Cryptography”, Proc. 2002 Int’l Joint Conf. on
Neural Nets, vol. 2, pp.1439-1443, 2000.
[5] L. Yee, and C. De Silva, “Application of Multilayer Perceptron
Networks as a One-Way Hash Function”, Proc. 2002 Int’l Joint Conf. on
Neural Nets, vol. 2, pp. 1459-1462, 2000.
[6] G.C. Meletiou, D.K. Tasoulis, and M.N. Vrahatis, “A First Study of the
Neural Network Approach in the RSA Cryptosystem”, 7th IASTED
International Conference Artificial Intelligence and Soft Computing,
2002.
[7] W. Kinzel, and I. Kanter, “Neural Cryptography”, Proc. of the 9th Int’l
Conf. on Neural Information Processing (ICONIP’02), vol. 3, pp. 1351-
1354, 2002.
[8] A. Klimov, A. Mityaguine, and A. Shamir, “Analysis of Neural
Cryptography”, Proc. AsiaCrypt 2002, pp. 288-298. Springer Verlag,
2002.
[9] D. A. Karras, and V. Zorkadis, “On neural network techniques in the
secure management of communication systems through improving and
quality assessing pseudorandom stream generators”, Neural Networks,
vol.16, issues 5-6, pp. 899-905, June-July 2003.
[10] S. Wu, “A Block Cipher Design Using Recurrent Neural Networks,” M.
Eng. Dissertation, Dept. Elec. and Comp. Eng., Ryerson University,
Toronto, ON, Canada, 2003.
[11] M. Arvandi, “Analysis of Neural Network Based Ciphers,” M. A. Sc.
Dissertation, Dept. Elec. and Comp. Eng., Ryerson Univ., Toronto, ON,
Canada, 2005.
[12] S. Haykin, Neural Networks: a Comprehensive Foundation. 2nd ed.
MacMillan College Publishing Company, 1994, ch. 6, 13.
[13] D. Pointcheval, “Neural Networks and Their Cryptographic
Applications,” Eurocode ‘94, Pascale Charpin Ed., INRIA, 1994.
[14] S. Townley , A. Iichmann, M.G. Weib, W. Mcclements, A.C. Ruiz, D.H.
Owens, and D. Pratzel-Wolters, “Existence and Learning of Oscillations
in Recurrent Neural Networks,” IEEE Trans. on Neural Networks, vol.
11, no. 1, pp. 205-214, 2000.
[15] L. Almeida, “A learning rule for asynchronous perceptrons with
feedback in a combinatorial environment”, Proc. 1st IEEE International
Conference on Neural Networks, vol. 2, pp. 105-110, 1987.
[16] U. Hengartner, J. Bolliger, and T. Gross, “TCP Vegas revisited,” Proc.
of the INFOCOM, 19th Annual Joint Conference of the IEEE Computer
and Communications Societies, vol. 3, 1546 -1555, 2000.

2046