Nicholas J. Hopper Toward a Theory of Steganography Degree Type: Ph.D. in Computer Science Advisor(s): Manuel Blum Graduated: August 2004 Abstract: Informally, steganography refers to the practice of hiding secret messages in communications over a public channel so that an eavesdropper (who listens to all communications) cannot even tell that a secret message is being sent. In contrast to the active literature proposing new concrete steganographic protocols and analysing flaws in existing protocols, there has been very little work on formalizing steganographic notions of security, and none giving complete, rigorous proofs of security in a satisfying model. This thesis initiates the study of steganography from a cryptographic point of view. We give a precise model of a communication channel and a rigorous definition of steganographic security, and prove that relative to a channel oracle, secure steganography exists if and only if one-way functions exist. We give tightly matching upper and lower bounds on the maximum rate of any secure stegosystem. We introduce the concept of steganographic key exchange and public-key steganography, and show that provably secure protocols for these objectives exist under a variety of standard number-theoretic assumptions. We consider several notions of active attacks against steganography, show how to achieve each under standard assumptions, and consider the relationships between these notions. Finally, we extend the concept of steganograpy as covert communication to include the more general concept of covert computation. Thesis Committee: Manuel Blum (Chair) Avrim Blum Michael Reiter Steven Rudich David Wagner (U.C. Berkeley) Randy Bryant, Head, Computer Science Department James Morris, Dean, School of Computer Science Keywords: Steganography, cryptography, provable security CMU-CS-04-157.pdf (769.95 KB) ( 179 pages) Copyright Notice