skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM ET on Friday, February 6 until 10:00 AM ET on Saturday, February 7 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Demystifying Cipher-Following in Large Language Models via Activation Analysis
Cipher transformations have been studied historically in cryptography, but little work has explored how large language models (LLMs) represent and process them. We evaluate the ability of three models: Llama 3.1, Gemma 2, and Qwen 3 on performing translation and dictionary tasks across ten cipher systems from a variety of families, and compare it against a commercially available model, GPT-5. Beyond task performance, we analyze embedding spaces of Llama variants to explore whether ciphers are internalized similarly to languages. Our findings suggest that cipher embeddings cluster together and, in some cases, overlap with lowerresource or less frequently represented languages. Steering-vector experiments further reveal that adjusting cipher-related directions in latent space can shift outputs toward these languages, suggesting shared representational structures. This study provides an initial framework for understanding how LLMs encode ciphers, bridging interpretability, and security. By framing ciphers in a similar way to languages, we highlight new directions for model analysis and for designing defenses against cipher-based jailbreaking attacks. We share our source code and data for reproduction research on GitHub.  more » « less
Award ID(s):
2229876
PAR ID:
10661449
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
Mechanistic Interpretability Workshop at NeurIPS 2025
Date Published:
Format(s):
Medium: X
Location:
San Diego, CA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST))
    Authenticated ciphers are vulnerable to side-channel attacks, including differential power analysis (DPA). Test Vector Leakage Assessment (TVLA) using Welch's t-test has been used to verify improved resistance of block ciphers to DPA after application of countermeasures. However, extension of this methodology to authenticated ciphers is non-trivial, since this requires additional input and output conditions, complex interfaces, and long test vectors interlaced with protocol necessary to describe authenticated cipher operations. In this research we augment an existing side-channel analysis architecture (FOBOS) with TVLA for authenticated ciphers. We use this capability to show that implementations in the Spartan-6 FPGA of the CAESAR Round 3 candidates ACORN, ASCON, CLOC (AES and TWINE), SILC (AES, PRESENT, and LED), JAMBU (AES and SIMON), and Ketje Jr., as well as AES-GCM, are potentially vulnerable to 1st order DPA. We then implement versions of the above ciphers, protected against 1st order DPA, using threshold implementations. TVLA is used to verify improved resistance to 1st order DPA of the protected cipher implementations. Finally, we benchmark unprotected and protected cipher implementations in the Spartan-6 FPGA, and compare the costs of 1st order DPA protection in terms of area, frequency, throughput, throughput-to-area (TP/A) ratio, power, and energy per bit. Our results show that ACORN is the most energy efficient, has the lowest area (in LUTs), and has the highest TP/A ratio of DPA-resistant implementations. However, Ketje Jr. has the highest throughput. 
    more » « less
  2. ; ; ; ; (, Cryptography)
    Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although the Test Vector Leakage Assessment (TVLA) methodology has been used to confirm improved resistance of block ciphers to DPA after application of countermeasures, extension of TVLA to authenticated ciphers is non-trivial, since authenticated ciphers have expanded input and output requirements, complex interfaces, and long test vectors which include protocol necessary to describe authenticated cipher operations. In this research, we upgrade the FOBOS test architecture with capability to perform TVLA on authenticated ciphers. We show that FPGA implementations of the CAESAR Round 3 candidates ACORN, Ascon, CLOC (with AES and TWINE primitives), SILC (with AES, PRESENT, and LED primitives), JAMBU (with AES and SIMON primitives), and Ketje Jr.; as well as AES-GCM, are vulnerable to 1st order DPA. We then use threshold implementations to protect the above cipher implementations against 1st order DPA, and verify the effectiveness of countermeasures using the TVLA methodology. Finally, we compare the unprotected and protected cipher implementations in terms of area, performance (maximum frequency and throughput), throughput-to-area (TP/A) ratio, power, and energy per bit (E/bit). Our results show that ACORN consumes the lowest number of resources, has the highest TP/A ratio, and is the most energy-efficient of all DPA-resistant implementations. However, Ketje Jr. has the highest throughput. 
    more » « less
  3. ; ; ; ; ; ; (, ACM Conference on Security and Privacy in Wireless and Mobile Networks)
    Post-quantum ciphers (PQC) provide cryptographic algorithms for public-key ciphers which are computationally secure against the threats from quantum-computing adversaries. Because the devices in mobile computing are limited in hardware and power, we analyze the PQC power overheads. We implement the new NIST PQCs across a range of device platforms to simulate varying resource capabilities, including multiple Raspberry Pis with different memories, a laptop, and a desktop computer. We compare the power measurements with the idle cases as our baseline and show the PQCs consume considerable power. Our results show that PQC ciphers can be feasible in the resource-constrained devices (simulated with varying Raspberry Pis in our case); while PQCs consume greater power than the classical cipher of RSA for laptop and desktop, they consume comparable power for the Raspberry Pis. 
    more » « less
  4. ; ; ; ; ; (, International Educational Data Mining Society)
    Benjamin, Paaßen; Carrie, Demmans Epp (Ed.)
    The effectiveness of feedback in enhancing learning outcomes is well documented within Educational Data Mining (EDM). Various prior research have explored methodologies to enhance the effectiveness of feedback to students in various ways. Recent developments in Large Language Models (LLMs) have extended their utility in enhancing automated feedback systems. This study aims to explore the potential of LLMs in facilitating automated feedback in math education in the form of numeric assessment scores. We examine the effectiveness of LLMs in evaluating student responses and scoring the responses by comparing 3 different models: Llama, SBERT-Canberra, and GPT4 model. The evaluation requires the model to provide a quantitative score on the student's responses to open-ended math problems. We employ Mistral, a version of Llama catered to math, and fine-tune this model for evaluating student responses by leveraging a dataset of student responses and teacher-provided scores for middle-school math problems. A similar approach was taken for training the SBERT-Canberra model, while the GPT4 model used a zero-shot learning approach. We evaluate and compare the models' performance in scoring accuracy. This study aims to further the ongoing development of automated assessment and feedback systems and outline potential future directions for leveraging generative LLMs in building automated feedback systems. 
    more » « less
  5. ; ; ; ; ; (, 2020 IEEE 14th Dallas Circuits and Systems Conference (DCAS))
    null (Ed.)
    The resource-constrained nature of the Internet of Things (IoT) edges, poses a challenge in designing a secure and high-performance communication for this family of devices. Although side-channel resistant ciphers (either block or stream) could guarantee the security of the communication, the energy intensive nature of these ciphers makes them undesirable for lightweight IoT solutions. In this paper, we introduce ExTru, an encrypted communication protocol based on stream ciphers that adds a configurable switching & toggling network (CSTN) to not only boost the performance of the communication in these devices, it also consumes far less energy than the conventional side-channel resistant ciphers. Although the overall structure of the proposed scheme is leaky against physical attacks, we introduce a dynamic encryption mechanism that removes this vulnerability. We demonstrate how each communicated message in the proposed scheme reduces the level of trust. Accordingly, since a specific number of messages, N, could break the communication and extract the key, by using the dynamic encryption mechanism, ExTru can re-initiate the level of trust periodically after T messages where T <; N, to protect the communication against side-channel and scan-based attacks (e.g. SAT attack). Furthermore, we demonstrate that by properly configuring the value of T, ExTru not only increases the strength of security from per “device” to per “message”, it also significantly improves energy saving as well as throughput vs. an architecture that only uses a conventional side-channel resistant block/stream cipher. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email