Anamorphic Encryption: Private Communication against a Dictator
eprint.iacr.orgI want to share an interesting cryptography paper which introduces “anamorphic encryption”, where the ciphertext encrypts two messages. One is a message to reveal to a dictator, who wants the secret key and message to control the narrative. Behind it lies a hidden message, guarded behind a “double key”, which is to communicate messages of intent secretly.
It’s kind of like having a duress key to reveal, but instead you can send real messages with the real key.
For instance, an investigative journalist could encrypt a fake message “Everyone is content in our utopia” as a smokescreen to show to the dictator, while true messages like “Minorities are forced into labor camps” can be hidden in the anamorphically encrypted ciphertexts to notify the outside free press.
The authors argue that cryptosystems already in use supports the anamorphic mode, where you encrypt a normal-looking ciphertext which contains the hidden message.
Given that it has been 3 years since this paper, I think there would have been some applications of this technology. Do you guys know of any?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.4K Posts
- 111K Comments
- Modlog
It’s nothing new, steganographic encryption is used as long I remeber, to hide messages into texts, images, videos and even music. There are a lot of tools out there which everyone can use. The advantage is, that an normal encrypted message can cause suspicions, but not so an inocent selfi from the beach, a cat photo, an mp3 of an summerhit, or an “unencrypted” text message, all these can be a container for hidden messages. It can also be used for invisible watermarks for an copy protection, but also for evil uses in autoexecutables malware in images or mp3 files, as seen in the past.
https://stegoshare.sourceforge.net/
https://github.com/Jpinsoft/DeepSound
https://github.com/syvaidya/openstego
https://www.ssuiteoffice.com/software/ssuitepicselsecurity.htm
https://github.com/KuroLabs/stegcloak
https://github.com/fabienpe/MP3Stego
and several more, I listed only the free and OpenSource apps
I recall truecrypt having this as a file system feature where you could decrypt two different filesystems on the same volume.
One password would show you files you didn’t care much about if anyone got them, the other password would show you the actually important files.
This way there was always a realistic method to say “this is it”
the way it works is that the veracrypt container basically contains 2 encrypted partitions. if it can’t decrypt the first one with the password, it will try the second one, but always pretend to try both so that the time it takes to unlock it does not give it away. by writing to either, you risk overwriting data in the other one (except that you can input both the hidden and main partition passwords and it will make sure to keep the hidden partition unaffected), but otherwise both partitions are fully functional
Isn’t there some information theory that says you can’t have two pieces of unique information inside one ?
Not sure about that, but this is basically a few clever tricks where you have two file systems in one volume. Obviously if the volume is, say, 10 gigs, you can only store 10 gigs in total on those filesystems, as they share the space.
You also, likely, wouldn’t want to fill up the drive too much
I don’t know what happened to it, I recall that, years ago, they found various weaknesses in the system but instead of fixing it, it seemed to be abandoned. I’ll start looking around if he there are updated open source versions
Wouldn’t it then be a simple matter to notice that a 10gb for only yielded 5gb of “innocent” data after decryption?
Especially since it would be (I assume) simple to ‘predict’ the size of the (“unnested”) plaintext if the cipher and key is known
Found it: https://www.truecrypt.org/
All the questions you have can be answered there. I haven’t used it for over 5 years, so honestly I don’t recall what it can ans can’t do, but I do remember that you could have a hidden volume somewhere
the way it works is that the veracrypt container basically contains 2 encrypted partitions. if it can’t decrypt the first one with the password, it will try the second one, but always pretend to try both so that the time it takes to unlock it does not give it away. by writing to either, you risk overwriting data in the other one (except that you can input both the hidden and main partition passwords and it will make sure to keep the hidden partition unaffected), but otherwise both partitions are fully functional
But if two different messages are encrypted with the same key, doesn’t it by nature produce two different
‘plaintext’ciphertext? Unless the real secret is much smaller than the decoy message as in the example of the ww2 artistplaintext is the unencrypted form of data. encryption produces ciphertext. encrypting the same data with the same key twice results in the same ciphertext, unless additional steps were taken to insert additional data that does not match (like a nonce) to the plaintext
Sorry. Got the terms mixed up. Ciphertext is it. Thanks
This is kind of how VeraCrypts hidden partition feature works.
You start the process of the volume’s encryption and set a “false” password for it. It creates a partition that is encrypted with that password. When it finishes, you mount it and store “fake” files, the files you would reveal under duress. Veracrypt then takes in a second password and creates a “hidden partition” in the remaining free space of the disk - to be clear, that memory space still reports as unused/free if investigated, but the partition is there.
You can then mount that with your second password and store your actual files. You can work with files and folders in the hidden partition as needed, however if anything is added or changed etc in that first fake partition, the data in the hidden partition will be corrupted by those actions.
This means that so long as you plan ahead, someone can literally put a gun to your head and demand the password to the encrypted disk, and you can give them one that works without revealing the data to them.
In theory, since the data in the hidden partition is encrypted and unreadable, it is impossible to detect that it exists in the “unused” space of the disk, even by a forensic analyst. To them it would just look like old, randomly flipped bits that came from previous usage followed by a quick format.
Now, what’s really cool about this is that if you use the veracrypt bootloader, you can store and boot from an undetectable OS you store in that hidden partition, while having a decoy operating system on the visible partition:
https://veracrypt.io/en/VeraCrypt Hidden Operating System.html
I posed this in another ‘obfuscation’ thread, but in the case of steganography, wouldn’t AI have the ability to ‘see’ that the a file, say a image’ has odd bits in it that shouldn’t be in an image? Even further, would it be able to ascertain that you have two levels of messages hidden inside the image? It sounds similar to what you can do with
VeraCryptCryptomater in that you have two ‘levels’ of encrypted data. One to reveal to the authorities and one that’s for the intended target of the data packet.That’s if you are using a file to store additional data. Also JPEG and other lossy formats can have all sorts of artifacts that may (depending on the size of hidden data) seem typical.
What I thought they were referring to was encryption at the filesystem level which doesn’t require file blocks to be contiguous, allowing blocks to be interlaced with the hidden data.
First I heard about it , very interesting though. Found a paper on archive https://arxiv.org/html/2505.23772v1
Maybe you didn’t see the link, but the PDF of the original paper is linked by the page in the post: https://eprint.iacr.org/2022/639.pdf
The paper that you found is also interesting and references the 2022 paper.
Interesting. One potential difficulty in implementation would be the creation of a believable decoy conversation (for the dictator to read) – but LLMs might be able to automate this.
You want to check out steganography if you haven’t yet!
Isn’t steganography hiding encryption in plain sight? Þis appears to be encrypting wiþ two passwords, boþ of which decrypt to valid content, but only one of which is þe real secret. It’s protection against being forced to give your password to brown shirts.
I was about to say. Isn’t this just stefanography?
I guess it’s steganography, but the message is stored within the same format as the message itself?
It’s like the WW2 painter who made maps of the enemy positions into a beautiful beach painting.
Stefan (a common swedish name) doing steganographics.