Abstract:
Abstract. Informally, a public-key steganography protocol allows two parties, who have never met or exchanged a secret, to send hidden messages over a public channel so that an adversary cannot even detect that these hidden messages are being sent. Unlike previous settings in which provable security has been applied to steganography, public-key steganography is information-theoretically impossible. In this work we introduce computational security conditions for public-key steganography similar to those introduced by Hopper, Langford and von Ahn [7] for the private-key setting. We also give the first protocols for publickey steganography and steganographic key exchange that are provably secure under standard cryptographic assumptions. Additionally, in the random oracle model, we present a protocol that is secure against adversaries that have access to a decoding oracle (a steganographic analogue of Rackoff and Simon’s attacker-specific adaptive chosen-ciphertext adversaries from CRYPTO 91 [10]). 1
Citations
|
475
|
A pseudorandom generator from any one-way function
– stad, Impagliazzo, et al.
- 1999
|
|
355
|
Nonmalleable cryptography
– Dolev, Dwork, et al.
|
|
352
|
A paractical public-key cryptosystem provably secure against adaptive chosen ciphertext attack
– Cramer, Shoup
- 1998
|
|
245
|
Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack
– Rackoff, Simon
- 1992
|
|
241
|
Universal one-way hash functions and their cryptographic applications
– Naor, Yung
- 1989
|
|
166
|
Public-key Cryptosystems Provably Secure Against Chosen Ciphertext Attacks. STOC ’90
– Naor, Yung
|
|
159
|
P.: On the Limits of Steganography
– Anderson, Petitcolas
- 1998
|
|
149
|
One-way Functions are Necessary and Sufficient for Secure Signatures
– Rompel
- 1990
|
|
107
|
An Information-Theoretic Model for Steganography
– Cachin
- 1998
|
|
106
|
The prisoners problem and the subliminal channel
– Simmons
- 1984
|
|
88
|
Non-malleable non-interactive zero-knowledge and adaptive chosenciphertext security
– Sahai
- 1999
|
|
86
|
An efficient probabilistic public-key encryption scheme which hides all partial information
– Blum, Goldwasser
- 1985
|
|
74
|
Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption
– Cramer, Shoup
- 2002
|
|
39
|
One-Way Functions are Necessary and Su cient for Secure Signatures
– Rompel
- 1990
|
|
28
|
On public-key steganography in the presence of an active warden
– Craver
- 1998
|
|
26
|
An e cient probabilistic public-key encryption scheme which hides all partial information
– Blum, Goldwasser
- 1984
|
|
23
|
An Information-Theoretic Approach to Steganography and Watermarking
– Mittelholzer
- 1999
|
|
21
|
A simpler construction of CCA2-secure public-key encryption under general assumptions
– Lindell
|
|
21
|
Kleptography: Using Cryptography against Cryptography
– Young, Yung
- 1997
|
|
18
|
Public-Key Steganography with Active Attacks
– Backes, Cachin
- 2005
|
|
16
|
InformationTheoretic Analysis of Steganography
– O'Sullivan, Moulin, et al.
- 1998
|
|
11
|
The Code Breakers
– Kahn
- 1967
|
|
7
|
Random Oracles are Practical
– Bellare, Rogaway
- 1993
|
|
1
|
available electronically at http://www-cse.ucsd.edu/~mihir/papers/gb.html
– Goldwasser, Bellare
- 2001
|
|
1
|
Efficient Proven Secure Public Key Steganography. Cryptology ePrint Archive
– Le
|
|
1
|
An Information-Theoretic Approach to Steganography and Watermarking
– Hopper, Langford, et al.
- 2002
|
