Key-Efficient Steganography

Steganographic protocols enable one to embed covert messages into inconspicuous data over a public communication channel in such a way that no one, aside from the sender and the intended receiver, can even detect the presence of the secret message. In this paper, we provide a new provably-secure, private-key steganographic encryption protocol secure in the framework of Hopper et al. [2]. We first present a "one-time stegosystem" that allows two parties to transmit messages of length at most that of the shared key with information-theoretic security guarantees; employing a pseudorandom generator (PRG) then permits secure transmission of longer messages in a striaghtforward manner. The advantage of our construction in comparison with previous work is key-length efficiency: in the information-theoretic setting our protocol embeds a n bit message using a shared secret key of length (1+o(1))n while achieving security $2^{-n/\log^{O(1)}n}$ : this gives a rate of key length over message length that converges to 1 as n→∞; the previous best result [5] achieved a constant rate >1 regardless of the security offered. In this sense, our protocol is the first truly key-length efficient steganographic system. Furthermore, in our protocol, we can permit a portion of the shared secret key to be public while retaining precisely n private key bits. In this setting, by separating the public and the private randomness of the shared key, we achieve security of 2−n. Our result comes as an effect of a novel application of randomness extractors to stegosystem design.

[1]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[2]  Aggelos Kiayias,et al.  Advances in Cryptology - EUROCRYPT 2004 , 2004 .

[3]  Nicholas Hopper,et al.  Public-Key Steganography , 2003, EUROCRYPT.

[4]  John Langford,et al.  Provably Secure Steganography , 2002, IEEE Transactions on Computers.

[5]  Thomas Mittelholzer,et al.  An Information-Theoretic Approach to Steganography and Watermarking , 1999, Information Hiding.

[6]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[7]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[8]  Christian Cachin,et al.  An information-theoretic model for steganography , 1998, Inf. Comput..

[9]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[10]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[11]  Noam Nisan,et al.  Extracting randomness: how and why. A survey , 1996, Proceedings of Computational Complexity (Formerly Structure in Complexity Theory).

[12]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[13]  Avi Wigderson,et al.  Extracting Randomness via Repeated Condensing , 2006, SIAM J. Comput..

[14]  Aggelos Kiayias,et al.  Efficient Steganography with Provable Security Guarantees , 2005, Information Hiding.

[15]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[16]  Hannes Federrath,et al.  Modeling the Security of Steganographic Systems , 1998, Information Hiding.

[17]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..