On steganographic chosen covertext security

Abstract

At TCC 2005, Backes and Cachin proposed a new and very strong notion of security for public key steganography: secrecy against adaptive chosen covertext attack (SS-CCA); and posed the question of whether SS-CCA security was achievable for any covertext channel. We resolve this question in the affirmative: SS-CCA security is possible for any channel that admits a secure stegosystem against the standard and weaker "chosen hiddentext attack" in the standard model of computation. Our construction requires a public-key encryption scheme with ciphertexts that remain indistinguishable from random bits under adaptive chosen-ciphertext attack. We show that a scheme with this property can be constructed under the Decisional Diffie-Hellman assumption. This encryption scheme, which modifies a scheme proposed by Kurosawa and Desmedt, also resolves an open question posed by von Ahn and Hopper at Eurocrypt 2004. © Springer-Verlag Berlin Heidelberg 2005.