Randomness Efficient Steganography

Steganographic protocols enable one to embed covert messages into inconspicuous data over a public communication channel in such a way that no one, aside from the sender and the intended receiver, can even detect the presence of the secret message. In this paper, we provide a new provably-secure, private-key steganographic encryption protocol secure in the framework of Hopper et al. We first present a "one-time stegosystem" that allows two parties to transmit messages of length at most that of the shared key with information-theoretic security guarantees. The employment of a pseudorandom generator (PRG) permits secure transmission of longer messages in the same way that such a generator allows the use of one-time pad encryption for messages longer than the key in symmetric encryption. The advantage of our construction, compared to all previous work is randomness efficiency: in the information theoretic setting our protocol embeds a message of length n bits using a shared secret key of length (1+o(1))n bits while achieving security 2^{-n/log^{O(1)}n}; simply put this gives a rate of key over message that is 1 as n tends to infinity (the previous best result achieved a constant rate greater than 1 regardless of the security offered). In this sense, our protocol is the first truly randomness efficient steganographic system. Furthermore, in our protocol, we can permit a portion of the shared secret key to be public while retaining precisely n private key bits. In this setting, by separating the public and the private randomness of the shared key, we achieve security of 2^{-n}. Our result comes as an effect of the application of randomness extractors to stegosystem design. To the best of our knowledge this is the first time extractors have been applied in steganography.

[1]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[2]  Thomas Mittelholzer,et al.  An Information-Theoretic Approach to Steganography and Watermarking , 1999, Information Hiding.

[3]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[4]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[5]  Avi Wigderson,et al.  Extracting Randomness via Repeated Condensing , 2006, SIAM J. Comput..

[6]  Noam Nisan,et al.  Extracting randomness: how and why. A survey , 1996, Proceedings of Computational Complexity (Formerly Structure in Complexity Theory).

[7]  Aggelos Kiayias,et al.  Efficient Steganography with Provable Security Guarantees , 2005, Information Hiding.

[8]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[9]  Christian Cachin,et al.  An information-theoretic model for steganography , 2004, Inf. Comput..

[10]  Hannes Federrath,et al.  Modeling the Security of Steganographic Systems , 1998, Information Hiding.

[11]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[12]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[13]  John Langford,et al.  Provably Secure Steganography , 2009, IEEE Trans. Computers.

[14]  Nicholas Hopper,et al.  Public-Key Steganography , 2003, EUROCRYPT.

[15]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..