On the Gold Standard for Security of Universal Steganography

by   Sebastian Berndt, et al.

While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model for public-key steganography was proposed by von Ahn and Hopper in EUROCRYPT 2004. At TCC 2005, Backes and Cachin gave the first universal public-key stegosystem - i.e. one that works on all channels - achieving security against replayable chosen-covertext attacks (SS-RCCA) and asked whether security against non-replayable chosen-covertext attacks (SS-CCA) is achievable. Later, Hopper (ICALP 2005) provided such a stegosystem for every efficiently sampleable channel, but did not achieve universality. He posed the question whether universality and SS-CCA-security can be achieved simultaneously. No progress on this question has been achieved since more than a decade. In our work we solve Hopper's problem in a somehow complete manner: As our main positive result we design an SS-CCA-secure stegosystem that works for every memoryless channel. On the other hand, we prove that this result is the best possible in the context of universal steganography. We provide a family of 0-memoryless channels - where the already sent documents have only marginal influence on the current distribution - and prove that no SS-CCA-secure steganography for this family exists in the standard non-look-ahead model.


page 1

page 2

page 3

page 4


Strong Converse Theorem for Source Encryption under Side-Channel Attacks

We are interested in investigating the security of source encryption wit...

Universal Coding for Shannon Ciphers under Side-Channel Attacks

We study the universal coding under side-channel attacks posed and inves...

A Brief Retrospective Look at the Cayley-Purser Public-key Cryptosystem, 19 Years Later

The purpose of this paper is to describe and analyze the Cayley-Purser a...

A One-Round Key Agreement Protocol with Information-Theoretic Security

Information-theoretic secure key agreement protocols do not use computat...

Semantic Security on Wiretap Channels using Universal Hashing with Fading Applications

We furnish a procedure based on universal hash families (UHFs) that can ...

Advantage of the key relay protocol over secure network coding

The key relay protocol (KRP) plays an important role in improving the pe...

RSA+: An algorithm at least as secure as RSA

The RSA algorithm has been around for nearly five decades and remains on...

Please sign up or login with your details

Forgot password? Click here to reset