Can you hide from a dictator? - Part 2
Intro
This is the second and last post on the series. IN the first one I explained that recent governemnts attacks to privacy deserve new cryptographic methods. We analyzed Anamorphic and Deniable Encryption systems. I encourage you to check that post before reading this one.
Although people generally conflate cryptography and encryption, this is reductive. For example they tend to forget digital signatures algorithms, even though it is 90% of cryptography in blockchains’ space.
And I am sure everybody does not think of Steganography when thinking about cryptographic methods. therefore in this last part we see how you can leverage it to beat a dictator.
Finally we will wrap up the post and see how practical the presented systems are and current paint points (aka research gap)
Steganography
**Steganography** (from Greek words: *steganos* (covered) and *graphia* (writing), meaning "hidden writing") is the practice of concealing information within another message. The message can be simple text, image, or physical object. The important thing is that the presence of the hidden data is not apparent to an unsuspecting observer.
This technique allows for secret communication: messages are hidden inside seemingly innocuous files or objects, making it difficult to detect without specific knowledge of its existence
This technique is not a new practice. It has been used historically for covert communication, and now we see how it continues to be relevant today.
Modern steganography has been developed in a three letter agency
As written in the introduction, the goal is covert communication between two prisoners. We have two scenarios: Do the prisoner know some common secret (e.g. a key)? Or do they not? The difference makes for different steganography systems: Private-Key Steganography if they know a key before being imprisoned (meaning: before the communication exchange). The other is called Public-Key Steganography if they do not share a key before being imprisoned.
Beside this kind, the method to achieve is always similar. Let’s see it in action. Imagine you take a photo of a cat and tweak tiny details. For example adjusting the colors of a few pixels so that it wouldn’t be noticeable to the naked eye. Those tweaks can represent a hidden message, like a word or a code, that only someone with the right key or method can extract.
The beauty of steganography and its principal component is that it doesn’t scream "secret" the way encryption does (where you’d scramble the message into gibberish); instead, it keeps the whole thing undercover by blending into something normal.
Of course you can stack method. For example the hidden message is an encrypted message. Even if the attacker notes a hidden message, he then need another key to open it.
Now the question is: how practical all this is?
Practicality
Below some of the point we need to take care of if we want to be subversive inside a regime.
Key Distribution
We are assuming we are under strict control, we want to communicate and we need to do that covertly. So the first question is: how to distribute the key effectively without detection? Some methods are well-disposed while others are worse.
Private-key steganography for example assume participant know the key before imprisonment. Imagine a “shelling point of concept”: you and your partner know that if SHTF you use keyXYZ for communication. In this case distribution is done before the problem even arises.
Beside steganography, this works for anamorphic encryption (AE) too. Remember, in AE each encrypted message has a double interpretation:
Normal Interpretation: using a standard decryption key, the ciphertext reveals an innocent-looking message.
Anamorphic Interpretation: When decrypted with a special "anamorphic key," the ciphertext reveals a hidden covert message.
So pre-sharing the anamorphic key can solve your problems later on.
Seamless Integration
Probably if you are under strict control, you have a limited number of choices for encryption algorithms (We are not under strict control now, and we already have). Therefore your covert system must seem as “normal” as possible. In technical term you want to be sure Integration with Existing Cryptographic Schemes if pristine.
For example, the “innocent” interpretation in AE must be a widely used encryption standard, like RSA, ECC based, or lattice-based schemes. But nobody designed those methods with Dual Interpretations of Ciphertexts in mind. And to be honest, I don’t think a new standard that allows for that has the time to be created, specified and tested before SHTF.
For this reason I may be more bullish on deniable encryption (DE). Remember, in DE you manipulate the randomness used to create the cyphertext after the fact to deny the result of decryption. No key-sharing needed and the cryptographic algorithm is a standard one (all encryption algorithms MUST allow for randomness). And as mentioned before, you can stack your deniably-encrypted message inside an innocent looking photo of your family for maximum protection.
Conclusion
No solution is perfect, but no regime is entirely totalitarian, especially from a technological perspective. In this context, a precisely crafted threat model and a detailed map of government capabilities can be crucial for safeguarding both yourself and your communication.
Some food for thought: The Mafia in Italy still relies on paper messages and a high-trust network of trusted individuals for transmission