## Efficient provably secure public key steganography (2003)

Citations: | 5 - 0 self |

### BibTeX

@TECHREPORT{Le03efficientprovably,

author = {Tri Van Le},

title = {Efficient provably secure public key steganography},

institution = {},

year = {2003}

}

### OpenURL

### Abstract

Abstract. We construct efficient public key steganographic schemes, without resort to any special existence assumption such as unbiased functions. This is the first time such a construction is obtained. Not only our constructions are secure, but also are essentially optimal and have no error decoding. We achieve this by designing a new primitive called P-codes.

### Citations

320 | On the Limits of Steganography
- Anderson, Petitcolas
- 1998
(Show Context)
Citation Context ...ywords: foundation, steganography, public key, computational security, coding theory. 1 Introduction Motivations. The Prisoner’s Problem introduced by G.J. Simmons [13] and generalized by R. Anderson =-=[1]-=- can be stated informally as follows: Two prisoners, Alice and Bob, want to communicate to each other their secret escape plan under the surveillance of a warden, Wendy. In order to pass Wendy’s censo... |

231 | Information-theoretic analysis of information hiding
- Moulin, O’Sullivan
- 2003
(Show Context)
Citation Context ...possible so that they will not be banned by Wendy. Existing results. Previously, the Prisoner’s Problem was considered in the secret key setting by: Cachin [2], Mittelholzer [10], Moulin and Sullivan =-=[11]-=-, Zollner et.al. [14] in the unconditional security model; and Katzenbeisser and Petitcolas [9], Hopper et.al. [7], Reyzin and Russell [12] in the conditional security model. In this article, we consi... |

205 | An information-theoretic model for steganography
- Cachin
- 1998
(Show Context)
Citation Context ... must always output one of the c ∗ i ’s as its output. We consider two cases. First if the entropy of Ph is at least (1 + ɛ) log 2(t) for some fixed constant ɛ > 0, then from the method of types (cf. =-=[2, 4, 5]-=-), we know that the c ∗ i ’s are distinct with overwhelming probability. Therefore Γ1 achieves rate of log 2(t) bits per symbol. However, 12swe know from previous paragraph that Γ ′ has its rate bound... |

204 |
The Prisoners’ Problem and the Subliminal Channel
- Simmons
(Show Context)
Citation Context ...g a new primitive called P-codes. Keywords: foundation, steganography, public key, computational security, coding theory. 1 Introduction Motivations. The Prisoner’s Problem introduced by G.J. Simmons =-=[13]-=- and generalized by R. Anderson [1] can be stated informally as follows: Two prisoners, Alice and Bob, want to communicate to each other their secret escape plan under the surveillance of a warden, We... |

47 | Provably secure steganography
- Hopper, Ahn, et al.
- 2009
(Show Context)
Citation Context ...red in the secret key setting by: Cachin [2], Mittelholzer [10], Moulin and Sullivan [11], Zollner et.al. [14] in the unconditional security model; and Katzenbeisser and Petitcolas [9], Hopper et.al. =-=[7]-=-, Reyzin and Russell [12] in the conditional security model. In this article, we consider the problem in the public key setting. In this setting, Craver [3] and Anderson[1] proposed several heuristic ... |

43 | Modeling the security of steganographic systems
- Zöllner, Federrath, et al.
- 1998
(Show Context)
Citation Context ... will not be banned by Wendy. Existing results. Previously, the Prisoner’s Problem was considered in the secret key setting by: Cachin [2], Mittelholzer [10], Moulin and Sullivan [11], Zollner et.al. =-=[14]-=- in the unconditional security model; and Katzenbeisser and Petitcolas [9], Hopper et.al. [7], Reyzin and Russell [12] in the conditional security model. In this article, we consider the problem in th... |

41 | On Public-key Steganography in the Presence of an Active Warden
- Craver
- 1998
(Show Context)
Citation Context ...enbeisser and Petitcolas [9], Hopper et.al. [7], Reyzin and Russell [12] in the conditional security model. In this article, we consider the problem in the public key setting. In this setting, Craver =-=[3]-=- and Anderson[1] proposed several heuristic ideas to solve the problem. Katzenbeisser and Petitcolas [9] gave a formal model. Hopper and Ahn [8] constructed proven secure schemes assuming the existenc... |

27 |
Information Theory: Coding Theory for Discrete Memoryless Systems
- Csiszár, Körner
- 1981
(Show Context)
Citation Context ... must always output one of the c ∗ i ’s as its output. We consider two cases. First if the entropy of Ph is at least (1 + ɛ) log 2(t) for some fixed constant ɛ > 0, then from the method of types (cf. =-=[2, 4, 5]-=-), we know that the c ∗ i ’s are distinct with overwhelming probability. Therefore Γ1 achieves rate of log 2(t) bits per symbol. However, 12swe know from previous paragraph that Γ ′ has its rate bound... |

27 | Defining Security in Steganographic Systems
- Katzenbeisser, Petitcolas
- 2002
(Show Context)
Citation Context ...Problem was considered in the secret key setting by: Cachin [2], Mittelholzer [10], Moulin and Sullivan [11], Zollner et.al. [14] in the unconditional security model; and Katzenbeisser and Petitcolas =-=[9]-=-, Hopper et.al. [7], Reyzin and Russell [12] in the conditional security model. In this article, we consider the problem in the public key setting. In this setting, Craver [3] and Anderson[1] proposed... |

26 |
An information-theoretic approach to steganography and watermarking
- Mittelholzer
- 1999
(Show Context)
Citation Context ...unications as innocent as possible so that they will not be banned by Wendy. Existing results. Previously, the Prisoner’s Problem was considered in the secret key setting by: Cachin [2], Mittelholzer =-=[10]-=-, Moulin and Sullivan [11], Zollner et.al. [14] in the unconditional security model; and Katzenbeisser and Petitcolas [9], Hopper et.al. [7], Reyzin and Russell [12] in the conditional security model.... |

8 | More efficient provably secure Steganography
- Reyzen, Russell
- 2007
(Show Context)
Citation Context ...tting by: Cachin [2], Mittelholzer [10], Moulin and Sullivan [11], Zollner et.al. [14] in the unconditional security model; and Katzenbeisser and Petitcolas [9], Hopper et.al. [7], Reyzin and Russell =-=[12]-=- in the conditional security model. In this article, we consider the problem in the public key setting. In this setting, Craver [3] and Anderson[1] proposed several heuristic ideas to solve the proble... |

2 |
The method of types. IEEETIT
- Csiszar
- 1998
(Show Context)
Citation Context ... must always output one of the c ∗ i ’s as its output. We consider two cases. First if the entropy of Ph is at least (1 + ɛ) log 2(t) for some fixed constant ɛ > 0, then from the method of types (cf. =-=[2, 4, 5]-=-), we know that the c ∗ i ’s are distinct with overwhelming probability. Therefore Γ1 achieves rate of log 2(t) bits per symbol. However, 12swe know from previous paragraph that Γ ′ has its rate bound... |

2 |
A universal algorithm for homophonic coding
- Gurther
- 1988
(Show Context)
Citation Context ...formly randomly then Γ (x) ∈ C ∞ distributes according to P, where P is a given distribution over sequences of covertexts. Note that such a coding scheme is quite related to homophonic coding schemes =-=[6]-=-, which are uniquely decodable variable length coding scheme Γ ′ with source alphabet C and destination alphabet Σ such that: if c ∈ C ∗ is chosen randomly according to distribution P then Γ ′ (c) ∈ Σ... |

2 | More e#cient provably secure steganography - Reyzin, Russell - 2003 |