Lecturer Profile |
Professor Adi Shamir is a well-known expert in space coding, a professor at the Weizmann Institute of Science in Israel, a member of the American Academy of Foreign Sciences, and the founder of modern cryptography. 2002, with RL. Rivest and L.M. Adleman jointly won the 37th Turing Award. Professor Adi Shamir has made outstanding contributions in the field of cryptography: design with R.L. Rivest and L.M. Adleman.The famous public key cryptosystem RSA: the idea of identity-based null code system and threshold signature scheme was proposed for the first time; the Merkle-hellman backpack cryptosystem was first cracked and the RSA was the first time. In addition, he analyzed a number of original tasks in the aspects of side channel political attacks, multivariate public key rate system analysis and symmetric cryptanalysis.Professor Shamirhas won the Israel Prize (Israel National Award), Paris Kanellakis Theory and Practice Award, Erdos Prize, IEEE W.R.G. BakerPrize, UAP Science Prize. PLUS XI Gold Medal, IEEE Koji Kobayashi Computers and Communications Award. |
Lecture Abstract |
The development of deep neural networks in the last decade had revolutionized machine learning and led to maiorimprovements in the precision with which we can perform many computational tasks. However, the discovery five years ago ofadversarial examples in which tiny changes in the input can fool well trained neural networks makes it difficult to trust such resultswhen the input can be manipulated by an adversary. This problem has many applications and implications in object recognition,autonomous driving, cyber security, etc, but it is still far from being understood. In particular, there had been no convincing explanations why such adversarial examples exist, and which parameters determine the number of input coordinates one has tochange in order to mislead the network. In this talk I will describe a simple mathematical framework which enables us to thinkabout this problem from a fresh perspective, turning the existence of adversarial examples in deep neural networks from a bafflingphenomenon into an unavoidable consequence of the geometry of Rn under the Hamming distance, which can be quantitativelyanalyzed. |
