Hard Communication Channels for Steganography

This paper considers steganography - the concept of hiding the presence of secret messages in legal communications - in the computational setting and its relation to cryptography. Very recently the first (non-polynomial time) steganographic protocol has been shown which, for any communication channel, is provably secure, reliable, and has nearly optimal bandwidth. The security is unconditional, i.e. it does not rely on any unproven complexity-theoretic assumption. This disproves the claim that the existence of one-way functions and access to a communication channel oracle are both necessary and sufficient conditions for the existence of secure steganography in the sense that secure and reliable steganography exists independently of the existence of one-way functions. In this paper, we prove that this equivalence also does not hold in the more realistic setting, where the stegosystem is polynomial time bounded. We prove this by constructing (a) a channel for which secure steganography exists if and only if one-way functions exist and (b) another channel such that secure steganography implies that no one-way functions exist. We therefore show that security-preserving reductions between cryptography and steganography need to be treated very carefully.

[1]  Rafail Ostrovsky,et al.  Covert Multi-Party Computation , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[2]  Stefan Katzenbeisser,et al.  Defining security in steganographic systems , 2002, IS&T/SPIE Electronic Imaging.

[3]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[4]  Tomás Pevný,et al.  The square root law of steganographic capacity , 2008, MM&Sec '08.

[5]  Nelly Fazio,et al.  Broadcast Steganography , 2013, CT-RSA.

[6]  Kaoru Kurosawa,et al.  Bandwidth Optimal Steganography Secure Against Adaptive Chosen Stegotext Attacks , 2006, Information Hiding.

[7]  Jonathan Ullman,et al.  Answering n{2+o(1)} counting queries with differential privacy is hard , 2012, STOC '13.

[8]  Maciej Liskiewicz,et al.  Provable Secure Universal Steganography of Optimal Rate: Provably Secure Steganography does not Necessarily Imply One-Way Functions , 2016, IH&MMSec.

[9]  Nesir Rasool Mahmood,et al.  Public Key Steganography , 2014 .

[10]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[11]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[12]  Vipul Goyal,et al.  On the round complexity of covert computation , 2010, STOC '10.

[13]  Ying Wang,et al.  Perfectly Secure Steganography: Capacity, Error Exponents, and Code Constructions , 2007, IEEE Transactions on Information Theory.

[14]  Wojciech Mazurczyk,et al.  Trends in steganography , 2014, Commun. ACM.

[15]  Rainer Böhme,et al.  Moving steganography and steganalysis from the laboratory into the real world , 2013, IH&MMSec '13.

[16]  Gene Itkis,et al.  Upper and Lower Bounds on Black-Box Steganography , 2008, Journal of Cryptology.

[17]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[18]  Claudio Orlandi,et al.  How To Bootstrap Anonymous Communication , 2015, IACR Cryptol. ePrint Arch..

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  Christian Cachin,et al.  An information-theoretic model for steganography , 2004, Inf. Comput..

[21]  Jessica J. Fridrich,et al.  The square root law of steganographic capacity for Markov covers , 2009, Electronic Imaging.

[22]  Michael Backes,et al.  Public-Key Steganography with Active Attacks , 2005, TCC.

[23]  Boris Ryabko,et al.  Constructing perfect steganographic systems , 2008, Inf. Comput..

[24]  Aggelos Kiayias,et al.  Key-Efficient Steganography , 2012, Information Hiding.

[25]  Manuel Blum,et al.  Toward a theory of steganography , 2004 .

[26]  John Langford,et al.  Covert two-party computation , 2005, STOC '05.

[27]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[28]  Sanjeev Arora,et al.  Computational Complexity: A Modern Approach , 2009 .

[29]  Rocco A. Servedio,et al.  Learning from satisfying assignments , 2015, SODA.

[30]  Dana Dachman-Soled,et al.  Efficient Concurrent Covert Computation of String Equality and Set Intersection , 2016, CT-RSA.

[31]  Jessica Fridrich,et al.  Steganography in Digital Media: References , 2009 .

[32]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[33]  Nicholas Hopper,et al.  On Steganographic Chosen Covertext Security , 2005, ICALP.

[34]  Pedro Comesaña Alfaro,et al.  On the capacity of stegosystems , 2007, MM&Sec.

[35]  Moni Naor,et al.  On the complexity of differentially private data release: efficient algorithms and hardness results , 2009, STOC '09.

[36]  Maciej Liskiewicz,et al.  Security levels in steganography - Insecurity does not imply detectability , 2017, Theor. Comput. Sci..

[37]  John Langford,et al.  Provably Secure Steganography , 2002, IEEE Transactions on Computers.