On steganographic chosen covertext security

Authors:
Nicholas Hopper
Affiliations:
University of Minnesota, Minneapolis, MN
Venue:
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Year:
2005

Citing 9
Cited 4

Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Foundations of Cryptography: Basic Tools

Foundations of Cryptography: Basic Tools
Nonmalleable Cryptography

SIAM Journal on Computing
Provably Secure Steganography

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Toward a theory of steganography

Toward a theory of steganography
Public-key steganography with active attacks

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Upper and lower bounds on black-box steganography

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the limits of steganography

IEEE Journal on Selected Areas in Communications

Practical Insecurity for Effective Steganalysis

Information Hiding
Grey-box steganography

TAMC'11 Proceedings of the 8th annual conference on Theory and applications of models of computation
Provably secure steganography with imperfect sampling

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Grey-box steganography

Theoretical Computer Science

Quantified Score

Hi-index	0.00

Visualization

Abstract

At TCC 2005, Backes and Cachin proposed a new and very strong notion of security for public key steganography: secrecy against adaptive chosen covertext attack (SS-CCA); and posed the question of whether SS-CCA security was achievable for any covertext channel. We resolve this question in the affirmative: SS-CCA security is possible for any channel that admits a secure stegosystem against the standard and weaker “chosen hiddentext attack” in the standard model of computation. Our construction requires a public-key encryption scheme with ciphertexts that remain indistinguishable from random bits under adaptive chosen-ciphertext attack. We show that a scheme with this property can be constructed under the Decisional Diffie-Hellman assumption. This encryption scheme, which modifies a scheme proposed by Kurosawa and Desmedt, also resolves an open question posed by von Ahn and Hopper at Eurocrypt 2004.