Benchmarking Large Language Models for Cryptanalysis and Side-Channel Vulnerabilities

TL;DR

This paper evaluates the ability of large language models to perform cryptanalysis and identify vulnerabilities in cryptographic systems, revealing their strengths and limitations in security-related tasks.

Contribution

It introduces a new benchmark dataset and systematically assesses LLMs' cryptanalytic capabilities using zero-shot and few-shot prompts.

Findings

LLMs can decrypt certain ciphertexts with moderate success

Side-channel vulnerabilities can be exploited by LLMs

LLMs show limitations in generalizing across diverse cryptographic contexts

Abstract

Recent advancements in large language models (LLMs) have transformed natural language understanding and generation, leading to extensive benchmarking across diverse tasks. However, cryptanalysis - a critical area for data security and its connection to LLMs' generalization abilities - remains underexplored in LLM evaluations. To address this gap, we evaluate the cryptanalytic potential of state-of-the-art LLMs on ciphertexts produced by a range of cryptographic algorithms. We introduce a benchmark dataset of diverse plaintexts, spanning multiple domains, lengths, writing styles, and topics, paired with their encrypted versions. Using zero-shot and few-shot settings along with chain-of-thought prompting, we assess LLMs' decryption success rate and discuss their comprehension abilities. Our findings reveal key insights into LLMs' strengths and limitations in side-channel scenarios and raise concerns about their susceptibility to under-generalization-related attacks. This research highlights the dual-use nature of LLMs in security contexts and contributes to the ongoing discussion on AI safety and security.