Distinguished Lecture Series: Adi Shamir, “Can You Recover a Deep Neural Network From Its Answers?,” Weizmann Institute of Science

Tuesday, March 31, 2026
11:00 AM 12:00 PM 11:00 12:00

Bahen Centre for Information Technology, BA 3200 40 Saint George Street Toronto, ON, M5S 2E4 (map)

Google Calendar ICS

Can You Recover a Deep Neural Network From Its Answers?

Tuesday, March 31, 2026, 11 a.m.

Bahen Centre for Information Technology, BA 3200

This lecture is open to the public.

RSVP

Abstract:

Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Such networks are typically made available as “black boxes” with which the public can interact. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access only to their inputs and outputs. In this talk I will use cryptographic ideas and techniques to show that for ReLU-based DNN’s, this can be done in polynomial time (as a function of the number of neurons). This attack was practically demonstrated by applying it successfully to extract all the 1.2 million parameters of an 8-layer network for classifying CIFAR10 images. In the last part of the talk I will describe how to extend the result to the hardest model in which the only outputs provided to the attacker are the final labels (such as cat/dog) rather than the numeric values of the output logits, and where the architecture of the network is also unknown.

Bio:

Adi Shamir is the Paul and Marlene Borman Professorial Chair of Applied Mathematics at the Weizmann Institute of Science in Israel. He is a co-inventor of the RSA algorithm (with Ron Rivest and Len Adleman), the first practical public-key cryptosystem and digital signature scheme, which serves as a pillar of modern secure communication and e-commerce. His extensive contributions to the field include the invention of differential cryptanalysis (with Eli Biham), the development of Shamir’s Secret Sharing, and the introduction of identity-based cryptography.

In recognition of his transformative work, Shamir has received the most prestigious honors in computer science and mathematics, including the 2002 ACM A.M. Turing Award, the 2024 Wolf Prize in Mathematics, the Japan Prize, and the Israel Prize. He is a member of several leading scientific academies, including the US National Academy of Sciences, the Royal Society, and the French Academy of Sciences.

Shamir earned his PhD in Computer Science from the Weizmann Institute in 1977. Before returning to the Weizmann Institute faculty in 1980, he served as a researcher and assistant professor at the Massachusetts Institute of Technology (MIT). His current research explores new frontiers in information security, including the security and cryptanalytic vulnerabilities of artificial intelligence and deep learning systems.

Posted in Speaker Series
Tagged C.C. "Kelly" Gotlieb Distinguished Lecture Series