PERFECTLY SECURE STEGANOGRAPHY USING MINIMUM ENTROPY COUPLING

Abstract

Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has classically been studied in security literature, recent advances in generative models have led to a shared interest among security and machine learning researchers in developing scalable steganography techniques. In this work, we show that a steganography procedure is perfectly secure under Cachin (1998)'s information theoretic-model of steganography if and only if it is induced by a coupling. Furthermore, we show that, among perfectly secure procedures, a procedure is maximally efficient if and only if it is induced by a minimum entropy coupling. These insights yield what are, to the best of our knowledge, the first steganography algorithms to achieve perfect security guarantees with non-trivial efficiency; additionally, these algorithms are highly scalable. To provide empirical validation, we compare a minimum entropy coupling-based approach to three modern baselines-arithmetic coding, Meteor, and adaptive dynamic grouping-using GPT-2, WaveRNN, and Image Transformer as communication channels. We find that the minimum entropy coupling-based approach achieves superior encoding efficiency, despite its stronger security constraints. In aggregate, these results suggest that it may be natural to view information-theoretic steganography through the lens of minimum entropy coupling.

1. INTRODUCTION

In steganography (Blum & Hopper, 2004; Cachin, 2004) , the goal, informally speaking, is to encode a plaintext message into another form of content (called stegotext) such that it appears similar enough to innocuous content (called covertext) that an adversary would not realize that there is hidden meaning. Because steganographic procedures hide the existence of sensitive communication altogether, they provide a complementary kind of security to that of cryptographic methods, which only hide the contents of the sensitive communication-not the fact that it is occurring. In this work, we consider the information-theoretic model of steganography introduced in (Cachin, 1998) . In Cachin (1998)'s model, the exact distribution of covertext is assumed to be known to all parties. Security is defined in terms of the KL divergence between the distribution of covertext and the distribution of stegotext. A procedure is said to be perfectly secure if it guarantees a divergence of zero. Perfect security is a very strong notion of security, as it renders detection by statistical or * Equal contribution 1

