You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
by
  • Mihail-Iulian Pleşa1,*,
  • Marian Gheorghe2 and
  • Florentin Ipate1

Reviewer 1: Anonymous Reviewer 2: Jian Zhou Reviewer 3: Anonymous

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper presented a probabilistic protocol that allows two parties to securely estimate the size of the shared key at intermediate steps, without revealing its actual content.

-- The Abstract does not cover the motivation of "estimate the size of shared key ...".

-- Intro should cover information about the challenges in "... reducing the number of rounds is the absence of ..." and why the proposed solution will address the problem. 

-- Section 2 Related Work should provide a Table to provide the high-level summary of the proposed solutions and existing ones. 

-- It is not clear which section is about relevant concepts related to this paper and which section is your own contribution. 

-- What are the security properties to be achieved? What are the formal security games corresponding to the security properties? 

-- The biggest issue in this paper is the security analysis. They do not seem to be formal at all. 

Author Response

Comments 1: "The Abstract does not cover the motivation of "estimate the size of shared key ..."."

Response 1: Thank you for your comment. We have revised the abstract to clearly state the motivation for estimating the size of the shared key. The new version explains that our protocol reduces the number of synchronization rounds, which in turn limits the opportunity for a Man-in-the-Middle attacker to synchronize with the legitimate parties.

Comments 2: “Intro should cover information about the challenges in '... reducing the number of rounds is the absence of ...' and why the proposed solution will address the problem.”

Response 2: Thank you for your valuable feedback. In response, we have revised the Introduction (lines 56–79) to more clearly articulate the challenge of reducing the number of rounds in neural key agreement protocols—specifically, the lack of a secure mechanism for parties to determine the extent of synchronization without revealing weight values. We now explicitly explain why this limitation prevents early termination and how our proposed privacy-preserving comparison protocol enables secure early stopping, thereby improving both efficiency and security. These clarifications directly address your comment and strengthen the motivation for our contribution.

Comments 3: "Section 2 Related Work should provide a Table to provide the high-level summary of the proposed solutions and existing ones. "

Response 3: Thank you for your valuable suggestion. In response, we have added a new table (Table 1) at the end of Section 1.1. This table provides a high-level summary of the main TPM-based key agreement protocols discussed in the related work, including their core ideas, advantages, and limitations. Our proposed protocol is also included for direct comparison. The addition of this table enhances the clarity and accessibility of the related work section, as recommended.

Comments 4: " It is not clear which section is about relevant concepts related to this paper and which section is your own contribution."
Response 4: Thank you for your valuable feedback. To address your comment, we have revised the organizational paragraph at the end of the Introduction to clearly distinguish between background material and our original contributions. Specifically, Section 2 present the TPM model as background, while our main contributions are detailed in Sections 3 (privacy-preserving weight comparison algorithm), 4 (proposed neural key agreement protocol), and 5 (experimental evaluation). We have updated the text to make these distinctions explicit.


Comments 5: " What are the security properties to be achieved? What are the formal security games corresponding to the security properties? "
Response 5: 

We thank the reviewer for their thoughtful comments regarding the security properties and formal security games of our protocols. In response, we have made the following clarifications and improvements in the revised manuscript:

  1. Explicit Security Model:
    We now clearly specify in Sections 4 and 5 that both the comparison protocol (PrivComp) and the overall key agreement protocol are analyzed in the honest-but-curious (semi-honest) adversarial model. In this model, adversaries may passively observe all protocol messages but do not deviate from the protocol. We explicitly state the security properties to be achieved for both protocols.

  2. Formal Analysis of PrivComp:
    We provide a formal analysis of the comparison protocol in Theorems 1 and 2. These theorems establish that PrivComp allows the parties to determine both the number and the positions of synchronized weights, while ensuring that an eavesdropper must solve an exponential-size search problem to recover the actual weights. The security game for PrivComp is: given all protocol messages, the adversary must distinguish the true weight vector from all possible swap configurations, with success probability negligible in the relevant parameter.

  3. Scope of Security Analysis for Key Agreement:
    We respectfully note that a full formal security proof for the entire neural key agreement protocol, especially in the presence of geometric attacks, is beyond the scope of this paper. As shown in Table 1, which presents related work, none of the existing works in this area provide such a proof, and many do not address geometric attacks at all. The main challenge is that geometric attacks exploit the large number of communication rounds required for synchronization, which allows an attacker to synchronize their own TPM. Our contribution addresses this root cause by enabling early termination of the protocol once sufficient key material has been established, as measured by our private comparison protocol. This reduces the attack surface and improves security in practice.

    We also explicitly state this limitation in the conclusions of the manuscript, noting that establishing the security of these protocols within a standard cryptographic framework remains an open challenge for all neural key agreement protocols.

Comments 6: "The biggest issue in this paper is the security analysis. They do not seem to be formal at all. "

Response 6: Please see Response 5. 

We thank the reviewer for their careful reading of our manuscript and for their valuable comments and suggestions. We appreciate the opportunity to clarify and improve our work, and we believe the revisions have strengthened both the clarity and the rigor of our presentation.


Reviewer 2 Report

Comments and Suggestions for Authors

Dear editor,

I was asked to review the paper titled ``Neural Key Agreement Protocol with Extended Security".  In this work, the authors present a novel probabilistic protocol that allows two parties to securely estimate the size of the shared key at intermediate steps, without revealing its actual content.  This paper should be revised before it can be considered to be published on Applied Sciences.

Comment 1: The second section should be reorganized. The related works should be introduced in the first section.

Comment 2: This paper has strong correlation with the ref[10]. However, ref[10] has not been published.

Comment 3: In the fifth section, ``Neural Key Agreement Protocol". The authors should provide the security analysis of the proposed protocol.

Comment 4: The results of ref[10] should be a reference rather a conclusion. More comprehensive performance analysis of the proposed protocol should be provided.

Author Response

Comments 1: "The second section should be reorganized. The related works should be introduced in the first section."
Response 1: We thank the reviewer for this helpful suggestion. In response, we have reorganized the structure of the paper as recommended. Specifically, we have included a subsection on related work within the Introduction, and we have created a separate subsection outlining our contributions, making a clear distinction between the two. Additionally, we have inserted Table 1 to provide a concise summary of the related work discussed. We believe these changes improve the clarity and readability of the manuscript, and we appreciate the reviewer’s guidance in this regard.

Comments 2: "This paper has strong correlation with the ref[10]. However, ref[10] has not been published."
Response 2: We thank the reviewer for bringing this to our attention. We acknowledge that, by mistake, we cited the arXiv version of Ref. [10] ([16] in the new version). However, our research was guided by the published version in IEEE Transactions on Neural Networks and Learning Systems. We have corrected this oversight and now cite the published article: Stypinski, M.; Niemiec, M. "Synchronization of Tree Parity Machines Using Nonbinary Input Vectors." IEEE Transactions on Neural Networks and Learning Systems, 2024, 35, 1423–1429. https://doi.org/10.1109/TNNLS.2022.3180197. We appreciate the reviewer’s careful reading and helpful comment.

Comments 3: "In the fifth section, ``Neural Key Agreement Protocol". The authors should provide the security analysis of the proposed protocol."
Response 3: 

We thank the reviewer for their thoughtful comments regarding the security properties and formal security of our protocols. In response, we have made the following clarifications and improvements in the revised manuscript:

  1. Explicit Security Model:
    We now clearly specify in Sections 4 and 5 that both the comparison protocol (PrivComp) and the overall key agreement protocol are analyzed in the honest-but-curious (semi-honest) adversarial model. In this model, adversaries may passively observe all protocol messages but do not deviate from the protocol. We explicitly state the security properties to be achieved for both protocols.

  2. Formal Analysis of PrivComp:
    We provide a formal analysis of the comparison protocol in Theorems 1 and 2. These theorems establish that PrivComp allows the parties to determine both the number and the positions of synchronized weights, while ensuring that an eavesdropper must solve an exponential-size search problem to recover the actual weights. The security game for PrivComp is: given all protocol messages, the adversary must distinguish the true weight vector from all possible swap configurations, with success probability negligible in the relevant parameter.

  3. Scope of Security Analysis for Key Agreement:
    We respectfully note that a full formal security proof for the entire neural key agreement protocol, especially in the presence of geometric attacks, is beyond the scope of this paper. As shown in Table 1, which presents related work, none of the existing works in this area provide such a proof, and many do not address geometric attacks at all. The main challenge is that geometric attacks exploit the large number of communication rounds required for synchronization, which allows an attacker to synchronize their own TPM. Our contribution addresses this root cause by enabling early termination of the protocol once sufficient key material has been established, as measured by our private comparison protocol. This reduces the attack surface and improves security in practice.

    We also explicitly state this limitation in the conclusions of the manuscript, noting that establishing the security of these protocols within a standard cryptographic framework remains an open challenge for all neural key agreement protocols.

 

Comments 4: "The results of ref[10] should be a reference rather a conclusion. More comprehensive performance analysis of the proposed protocol should be provided."
Response 4: We thank the reviewer for this valuable suggestion. We agree that the results of Ref.~[10] are best presented as a reference point rather than a conclusion. In response, we have added a new experiment at the end of the subsection Efficiency in the Experimental section. This experiment measures the actual running time of our protocol and provides a detailed comparison with the protocol of~\cite{stypinski2021synchronization} (Ref.~[10]) for multiple values of $K$. The results, summarized in Table 2, clearly highlight the advantages of our protocol, especially for higher values of $K$ that are crucial for security. We believe this additional analysis offers a more comprehensive and transparent evaluation of the performance of our proposed protocol.

 

We thank the reviewer for their careful reading of our manuscript and for their valuable comments and suggestions. We appreciate the opportunity to clarify and improve our work, and we believe the revisions have strengthened both the clarity and the rigor of our presentation.

Reviewer 3 Report

Comments and Suggestions for Authors

This manuscript proposed a novel probabilistic protocol that allows two parties to securely estimate the size of the shared key at intermediate steps, and it can avoid leaking actual content of the shared key. The designed algorithm is also integrated into the neural key agreement protocol. The followings are some major comments.

  1. In the experiments, the authors only compared their approach with the paper [10], which is not enough since more recent studies (after 2021) need to be considered.
  2. The geometric attack, proposed in 2002,  is a primary vulnerability in existing neural key agreement schemes. Since this attack is not a novel method, the authors are suggested to carefully analyze the paper [10] and explain the reasons why it almost cannot resist this kind of attack.
  3. Although the authors have proposed Theorem 2 on the security concern of their proposed PrivComp protocol for privacy-preserving weight comparison, it is also suggested that they can provide a formal security analysis to the integrated neural key agreement protocol.

Author Response

Comments 1: "In the experiments, the authors only compared their approach with the paper [10], which is not enough since more recent studies (after 2021) need to be considered."
Response 1: 

We thank the reviewer for this valuable comment and for highlighting the importance of including recent studies in our comparison. We would like to clarify that, due to an oversight, we cited the arXiv version of the referenced work. However, our research and experimental comparisons were guided by the published version of the paper, which is now cited as reference [16]:

Stypinski, M.; Niemiec, M. Synchronization of Tree Parity Machines Using Nonbinary Input Vectors. IEEE Transactions on Neural Networks and Learning Systems, 2024, 35, 1423–1429. https://doi.org/10.1109/TNNLS.2022.3180197.

This work was published last year and, to the best of our knowledge, represents the current state of the art for neural key agreement protocols based on the tree parity machine model. We have updated the manuscript to reflect this correct and up-to-date citation.

Thank you again for your helpful suggestion, which has allowed us to improve the clarity and accuracy of our references.

Comments 2: "The geometric attack, proposed in 2002,  is a primary vulnerability in existing neural key agreement schemes. Since this attack is not a novel method, the authors are suggested to carefully analyze the paper [10] and explain the reasons why it almost cannot resist this kind of attack."
Response 2: 

We thank the reviewer for this insightful comment and for emphasizing the importance of analyzing the geometric attack in the context of neural key agreement protocols.

As shown in Table 4 of our manuscript, we have experimentally demonstrated that the protocol from [10] (now cited as [16] in the revised version) is indeed vulnerable to both naive and geometric attacks. Specifically, our results indicate that an attacker can recover, on average, 65% of the key, and there are cases where the attacker is able to recover the entire key. We have also updated the introduction (lines 56–79) to provide a clearer motivation for our work and to highlight the significance of this vulnerability.

The root cause of the geometric attack’s effectiveness—both for the protocol in [10] ([16]) and for other Tree Parity Machine (TPM)-based key agreement protocols—is the large number of rounds required for the two legitimate TPMs to achieve full synchronization. This extended synchronization period gives attackers ample opportunity to synchronize their own TPMs and compromise the key.

Our key observation, and the core contribution of our work, is that full synchronization of the TPMs is not necessary in practice. The number of bits provided by the weights of the TPMs far exceeds the length of a typical secure cryptographic key (e.g., 128 bits). Therefore, our protocol enables the two parties to determine, at intermediate steps, how many and which weights have been synchronized. This approach allows the protocol to terminate earlier, after fewer rounds, thus significantly reducing the window of opportunity for an attacker to synchronize their TPM using a geometric attack.

We have clarified these points in the revised manuscript to better explain both the vulnerability of existing protocols and the motivation behind our proposed solution.

Thank you again for your constructive feedback, which has helped us strengthen the presentation and justification of our work.

Comments 3: "Although the authors have proposed Theorem 2 on the security concern of their proposed PrivComp protocol for privacy-preserving weight comparison, it is also suggested that they can provide a formal security analysis to the integrated neural key agreement protocol."
Response 3: 

We thank the reviewer for their thoughtful comments regarding the security properties and formal security of our protocols. In response, we have made the following clarifications and improvements in the revised manuscript:

  1. Explicit Security Model:
    We now clearly specify in Sections 4 and 5 that both the comparison protocol (PrivComp) and the overall key agreement protocol are analyzed in the honest-but-curious (semi-honest) adversarial model. In this model, adversaries may passively observe all protocol messages but do not deviate from the protocol. We explicitly state the security properties to be achieved for both protocols.

  2. Formal Analysis of PrivComp:
    We provide a formal analysis of the comparison protocol in Theorems 1 and 2. These theorems establish that PrivComp allows the parties to determine both the number and the positions of synchronized weights, while ensuring that an eavesdropper must solve an exponential-size search problem to recover the actual weights. The security game for PrivComp is: given all protocol messages, the adversary must distinguish the true weight vector from all possible swap configurations, with success probability negligible in the relevant parameter.

  3. Scope of Security Analysis for Key Agreement:
    We respectfully note that a full formal security proof for the entire neural key agreement protocol, especially in the presence of geometric attacks, is beyond the scope of this paper. As shown in Table 1, which presents related work, none of the existing works in this area provide such a proof, and many do not address geometric attacks at all. The main challenge is that geometric attacks exploit the large number of communication rounds required for synchronization, which allows an attacker to synchronize their own TPM. Our contribution addresses this root cause by enabling early termination of the protocol once sufficient key material has been established, as measured by our private comparison protocol. This reduces the attack surface and improves security in practice.

    We also explicitly state this limitation in the conclusions of the manuscript, noting that establishing the security of these protocols within a standard cryptographic framework remains an open challenge for all neural key agreement protocols.

 

We thank the reviewer for their careful reading of our manuscript and for their valuable comments and suggestions. We appreciate the opportunity to clarify and improve our work, and we believe the revisions have strengthened both the clarity and the rigor of our presentation.