Anamorphic encryption against dictators - hiding message inside normal looking ciphertext
external-link
fedilink
139
Anamorphic encryption against dictators - hiding message inside normal looking ciphertext
fedilink
Anamorphic Encryption: Private Communication against a Dictator
eprint.iacr.org
external-link
Cryptosystems have been developed over the years under the typical prevalent setting which assumes that the receiver’s key is kept secure from the adversary, and that the choice of the message to be sent is freely performed by the sender and is kept secure from the adversary as well. Under these fundamental and basic operational assumptions, modern Cryptography has flourished over the last half a century or so, with amazing achievements: New systems (including public-key Cryptography), beautiful and useful models (including security definitions such as semantic security), and new primitives (such as zero-knowledge proofs) have been developed. Furthermore, these fundamental achievements have been translated into actual working systems, and span many of the daily human activities over the Internet. However, in recent years, there is an overgrowing pressure from many governments to allow the government itself access to keys and messages of encryption systems (under various names: escrow encryption, emergency access, communication decency acts, etc.). Numerous non-direct arguments against such policies have been raised, such as "the bad guys can utilize other encryption system" so all other cryptosystems have to be declared illegal, or that "allowing the government access is an ill-advised policy since it creates a natural weak systems security point, which may attract others (to masquerade as the government)." It has remained a fundamental open issue, though, to show directly that the above mentioned efforts by a government (called here “a dictator” for brevity) which mandate breaking of the basic operational assumption (and disallowing other cryptosystems), is, in fact, a futile exercise. This is a direct technical point which needs to be made and has not been made to date. In this work, as a technical demonstration of the futility of the dictator’s demands, we invent the notion of “Anamorphic Encryption” which shows that even if the dictator gets the keys and the messages used in the system (before anything is sent) and no other system is allowed, there is a covert way within the context of well established public-key cryptosystems for an entity to immediately (with no latency) send piggybacked secure messages which are, in spite of the stringent dictator conditions, hidden from the dictator itself! We feel that this may be an important direct technical argument against the nature of governments’ attempts to police the use of strong cryptographic systems, and we hope to stimulate further works in this direction.

I want to share an interesting cryptography paper which introduces “anamorphic encryption”, where the ciphertext encrypts two messages. One is a message to reveal to a dictator, who wants the secret key and message to control the narrative. Behind it lies a hidden message, guarded behind a “double key”, which is to communicate messages of intent secretly.

It’s kind of like having a duress key to reveal, but instead you can send real messages with the real key.

For instance, an investigative journalist could encrypt a fake message “Everyone is content in our utopia” as a smokescreen to show to the dictator, while true messages like “Minorities are forced into labor camps” can be hidden in the anamorphically encrypted ciphertexts to notify the outside free press.

The authors argue that cryptosystems already in use supports the anamorphic mode, where you encrypt a normal-looking ciphertext which contains the hidden message.

Given that it has been 3 years since this paper, I think there would have been some applications of this technology. Do you guys know of any?

Phoenixz
link
fedilink
818h

I recall truecrypt having this as a file system feature where you could decrypt two different filesystems on the same volume.

One password would show you files you didn’t care much about if anyone got them, the other password would show you the actually important files.

This way there was always a realistic method to say “this is it”

@icelimit@lemmy.ml
link
fedilink
15h

Isn’t there some information theory that says you can’t have two pieces of unique information inside one ?

@golden_zealot@lemmy.ml
link
fedilink
23
edit-2
1d

This is kind of how VeraCrypts hidden partition feature works.

You start the process of the volume’s encryption and set a “false” password for it. It creates a partition that is encrypted with that password. When it finishes, you mount it and store “fake” files, the files you would reveal under duress. Veracrypt then takes in a second password and creates a “hidden partition” in the remaining free space of the disk - to be clear, that memory space still reports as unused/free if investigated, but the partition is there.

You can then mount that with your second password and store your actual files. You can work with files and folders in the hidden partition as needed, however if anything is added or changed etc in that first fake partition, the data in the hidden partition will be corrupted by those actions.

This means that so long as you plan ahead, someone can literally put a gun to your head and demand the password to the encrypted disk, and you can give them one that works without revealing the data to them.

In theory, since the data in the hidden partition is encrypted and unreadable, it is impossible to detect that it exists in the “unused” space of the disk, even by a forensic analyst. To them it would just look like old, randomly flipped bits that came from previous usage followed by a quick format.

Now, what’s really cool about this is that if you use the veracrypt bootloader, you can store and boot from an undetectable OS you store in that hidden partition, while having a decoy operating system on the visible partition:

https://veracrypt.io/en/VeraCrypt Hidden Operating System.html

@Valmond@lemmy.world
link
fedilink
151d

You want to check out steganography if you haven’t yet!

Ŝan
link
fedilink
101d

Isn’t steganography hiding encryption in plain sight? Þis appears to be encrypting wiþ two passwords, boþ of which decrypt to valid content, but only one of which is þe real secret. It’s protection against being forced to give your password to brown shirts.

Pearl
link
fedilink
31d

I was about to say. Isn’t this just stefanography?

@Valmond@lemmy.world
link
fedilink
121d

Stefan (a common swedish name) doing steganographics.

🌞🌞🌞
link
fedilink
31d

I guess it’s steganography, but the message is stored within the same format as the message itself?

Pearl
link
fedilink
21d

It’s like the WW2 painter who made maps of the enemy positions into a beautiful beach painting.

@nixfreak@sopuli.xyz
link
fedilink
91d

First I heard about it , very interesting though. Found a paper on archive https://arxiv.org/html/2505.23772v1

@DecaturNature@yall.theatl.social
link
fedilink
31d

Interesting. One potential difficulty in implementation would be the creation of a believable decoy conversation (for the dictator to read) – but LLMs might be able to automate this.

eleijeep
link
fedilink
21d

Maybe you didn’t see the link, but the PDF of the original paper is linked by the page in the post: https://eprint.iacr.org/2022/639.pdf

The paper that you found is also interesting and references the 2022 paper.

irmadlad
link
fedilink
3
edit-2
1d

I posed this in another ‘obfuscation’ thread, but in the case of steganography, wouldn’t AI have the ability to ‘see’ that the a file, say a image’ has odd bits in it that shouldn’t be in an image? Even further, would it be able to ascertain that you have two levels of messages hidden inside the image? It sounds similar to what you can do with VeraCrypt Cryptomater in that you have two ‘levels’ of encrypted data. One to reveal to the authorities and one that’s for the intended target of the data packet.

@girsaysdoom@sh.itjust.works
link
fedilink
219h

That’s if you are using a file to store additional data. Also JPEG and other lossy formats can have all sorts of artifacts that may (depending on the size of hidden data) seem typical.

What I thought they were referring to was encryption at the filesystem level which doesn’t require file blocks to be contiguous, allowing blocks to be interlaced with the hidden data.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 113 users / day
  • 519 users / week
  • 1.44K users / month
  • 4.49K users / 6 months
  • 1 subscriber
  • 4.32K Posts
  • 109K Comments
  • Modlog