[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding Encrypted Messages

Uri writes about Thug's LSB method:
>a) This method has essentially the same complexity, as one-time pad,
>   but without it's strength.
>b) If it's played and recognized - one can trace your source (a CD, a
>   tape of radio broadcast, whatever) and do a comparison. Then the
>   file containing of all the LSBs is cryptanalyzed...
>I might be wrong IF those nice LSBs are too hard to track... But then
>again, you're facing the need to communicate that one-time pad...

I've written several pieces for sci.crypt and for the Cypherpunks list
about encrypting messages in the LSBs of music--I doubt I was the first,
though my first posting on this was in 1988.

(A posting on this is included at the end of this message.)

Uri's points:

a) The idea is to _hide_ the existence of the message, a la steganography.
A Digital Audio Tape carried across a border is a whole less obvious than a
one time pad of numbers.

b) A nearly essential aspect, one I've emphasized repeatedly, is to _not_
use a digital copy of a CD, but rather to use an _analog_ dub. The noise
floor (cables, imperfections in the DACs and ADCs, analog circuits) will be
well above the LSB, making the message bits virtually indistinguishable
from noise. Sophisticate spectral analysis, and entropy analysis, may
reveal the message bits to be other than noise, but this will be quite
difficult (and some masssaging of the bits will help make their statistics
match that of noise).

c) Yes, the method is that of the one-time pad. In fact, it's a way to
_transport_ one-time pads.

Here's one of my postings on this subject:

From: [email protected] (Timothy C. May)
Subject: Messages in the Least Significant Bits
To: [email protected]
Date: Tue, 27 Oct 92 19:03:19 PST
Cc: [email protected] (Timothy C. May)


Here's a message I just posted to another mailing list. It has rather
strict policies against cross-posting, so I've edited out the headers
and the initial chunk of text I quoted. That should make me kosher.

(This topic also came up in some e-mail with George Gleason.)

Forwarded message:
>From tcmay Tue Oct 27 18:43:34 1992

xxxx is exactly right on this. Several years ago I posted to sci.crypt
my "novel" idea for packing bits into the essentially inaudible "least
significant bits" (LSBs) of digital recordings, such as DATs and CDs.
Ditto for the LSBs in an 8-bit image or 24-bit color image. I've since
seen this idea reinvented _several_ times on sci.crypt and
elsewhere...and I'm willing to bet I wasn't the first, either (so I
don't claim any credit).

A 2-hour DAT contains about 10 Gbits (2 hours x 3600 sec/hr x 2
channels x 16 bits/sample x 44K samples/sec), or about 1.2 Gbytes. A CD
contains about half this, i.e., about 700 Mbytes. The LSB of a DAT is
1/16th of the 1.2 Gbytes, or 80 Mbytes. This is a _lot_ of storage!

A home-recorded DAT--and I use a Sony D-3 DAT Walkman to make
tapes--has so much noise down at the LSB level--noise from the A/D and
D/A converters, noise from the microphones (if any), etc.--that the
bits are essentially random at this level. (This is a subtle, but
important, point: a factory recorded DAT or CD will have predetermined
bits at all levels, i.e., the authorities could in principle spot any
modifications. But home-recorded, or dubbed, DATs will of course not
be subject to this kind of analysis.) Some care might be taken to
ensure that the statistical properties of the signal bits resemble
what would be expected with "noise" bits, but this will be a minor

Adobe Photoshop can be used to easily place message bits in the
"noise" that dominates things down at the LSB level. The resulting GIF
can then be posted to UseNet or e-mailed. Ditto for sound samples,
using the ideas I just described (but typically requiring sound
sampling boards, etc.). I've done some experiments along these lines.

This doesn't mean our problems are solved, of course. Exchanging tapes
is cumbersome and vulnerable to stings. But it does help to point out
the utter futility of trying to stop the flow of bits.


Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.