A New Twist On Steganography From The Creator Of BitTorrent

from the secret-message?-what-secret-message? dept

Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden’s leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious — for example, by changing individual pixels — and therefore does not attract unwanted attention.

Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name “DissidentX”; here’s how it works:

Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file’s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the “cover text” don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a “hash” — a transformation that converts it into a unique string of characters — it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.

As well as this more subtle approach, Cohen’s DissidentX has another big advantage over traditional steganography:

He’s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.

As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.

It’s a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn’t really matter whether or not this particular steganographic system takes off; what’s important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “A New Twist On Steganography From The Creator Of BitTorrent”

Subscribe: RSS Leave a comment
Guardian says:


i have software that does this from the 90’s and i got it from others….

also 6 months befor ehe created bittorrent me and a us military guy on his off time created bandwidth sharing software

i hurt my back he went off to war…it never got published but its still all sitting on th eoriginal hard drive

and this steno software…its part of the united hackers associate file archive….

it had any type a file within images

Anonymous Coward says:

This one is interesting, too, and could be very useful at airports, where they want to search your electronics these days increasingly more often:


I’d love to be able to input a password on my Android phone, to unveil a “clean” account, while inputting another password would unveil my real account.

ahow628 (profile) says:

Other options

I like the addition of extra spaces at the end of the lines, but it seems like you could easily encrypt FAR more data if you made the spaces themselves vary in width. Or maybe vary the distance between each consecutive character in the sentence.

I am not a cryptography expert, but it seems like you could break it down on smaller parts of the original document.

OldMugwump (profile) says:

Re: Other options

Given that there is no reasonable reason to do that (variable space widths, character spacing), that would defeat the purpose of steganography.

The whole idea is to hide the existence of the secret message – doing what you suggest would be an obvious flag that something funny is going on. You may as well just send a straight encrypted message if you’re going to do that.

OldMugwump (profile) says:

Re: Re: Re: Other options

Because extra spaces at the end of lines happen all the time naturally, in documents that don’t have any hidden messages.

Variable width spaces in between words don’t normally appear in ordinary documents. So their presence would be be a red flag that there may be a hidden message…which defeats the purpose of hiding it.

aldestrawk says:

Explanation is unclear

“a cryptographic function known as a “hash” — a transformation that converts it into a unique string of characters — it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.”

When I read this my skepticism reached overload. A hash is a one-way mathematical function, and by definition, cannot be decrypted with a key. I figured that maybe it was just Andy Greenberg who misunderstood the algorithm here. That appears to be true, but I will cut him some slack because Bram Cohen’s explanation of this on Github sucks, to be frank. From what I think I understand the algorithm to be, it is rather clever. It does go to show that sometimes smart people don’t have the ability to explain well what they know.

I haven’t read the code yet, only the textual notes. So, this may not be correct, but here goes.
The elements are:

-cover text, for which there exists a set of short alternate segments. For each of these segments there is a single alternate which makes as much sense as the original.

-A shared cryptographic key.

-a value, which is the message to be hidden.

-SHA3 cryptographic hash algorithm

-a custom stream cipher which is a variation of AES in Output FeedBack mode (OFB). An important aspect of the algorithm for this stream cipher is that the set of segment alternates can be found, by the “encoding” portion of the program, that, with the chosen key, will produce the desired value (the message) as the first part of the encrypted output of the cipher.

The first step, for the sender, is to encrypt the cover text with chosen alternates using the shared key and an initialization vector (what Cohen is calling the salt), and AES in OFB mode. This initialization vector is created by using the first 4 bytes of the SHA3 hash of the chosen cover text.

There is a packing step which adds a length prefix and a checksum. The resulting data can be posted on a public website.

The message receiver will also have the shared key and can apply the custom stream cipher to reveal the message.

There are some details which I am still unclear about. I am not a cryptologist, so I cannot evaluate this scheme.

RonKaminsky (profile) says:

Re: Explanation is unclear

Well, if it’s anything like the version I thought up independently, the algorithm only uses a limited number of bits of the result of the hash function, enabling a brute force search to (sometimes, since there is no reason, except statistics, to expect that this would be possible) invert what would ordinarily be, as you said, an uninvertible function.

(In addition, one would probably prefer to use SHA256 nowadays instead of SHA3, since fast hardware is readily available to accelerate such an inversion of SHA256 — namely, any Bitcoin mining setup.)

I’m off to check it out. I hope his work is an improvement on my own — it’ll save me a lot of trouble getting my own into publishable form.

RonKaminsky (profile) says:

Re: Re: Re: Explanation is unclear

I think he?s using SHA-3 because that?s the anointed
> new trendy hawtness from NIST

I guess he missed out the part where NIST “suddenly” wanted to reset the security parameters of SHA-3… anyone following the recent news wouldn’t think of SHA-3 as a stellar candidate for being an essential part of a stego algorithm.

Or did the NSA tell them to do that to try to make us think that the original parameters were “too hard” for them? Inquiring minds want to know!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...