Encryption tools help people keep secrets. Bram Cohen has a more subtle ambition: he wants to help people keep secret the act of keeping secrets.
Don't Miss: Victoria's Secret Fashion Show 2016
For the last year Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a new piece of software he calls DissidentX. The program, which he released over the summer in a barebones prototype and is now working to develop with the help of a group of researchers at Stanford, goes beyond encryption to offer users what cryptographers call “steganography,” the ability to conceal a message inside another message. Instead of merely enciphering users’ communications in a scramble of nonsensical characters, DissidentX can camouflage their secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment.
“What you really want is to be as unsuspicious as possible,” says Cohen, who spoke with me about DissidentX at the Real World Crypto conference in New York Tuesday. “We don’t want an interloper to be able to tell that this communication is happening at all.”
Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file’s lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the “cover text” don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a “hash”–a transformation that coverts it into a unique string of characters–it produces an encrypted version of the sender’s message, ready to be decrypted with the recipient’s key.
“There’s no particular place in the cover text where the bits of the encoded message are hidden. It’s distributed holistically across the entire thing,” says Cohen. “It’s taking the entirety of the cover text and mashing it all together as a complete unit to create a hash carefully constructed so that it has the properties you want,”–namely, that the results serve as an encrypted secret message.
That hashing technique means that the recipient of a message doesn’t even need to know what sorts of tweaks were made to the cover text to find the encoded secrets. It also means DissidentX’s alterations to the cover text can also include subtracting elements from a file, such as deleting paragraphs from a block of text–a method that’s far harder for a snoop to detect than older tricks like adding commas or spaces. “Right now, most steganography techniques are detectable,” says Cohen. “I hope this will change the balance of power somewhat, and make it so these things really aren’t detectable in practice.”
Cohen’s sleights of hand go a step further, too. He’s designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.
That last trick, pioneered by Julian Assange and a couple of friends in a 1997 program called Rubberhose, is meant as a last line of defense for a user who may be imprisoned and forced to cough up a decryption key to trick his or her captors into thinking the message is fully decoded, while still protecting certain secrets. (The scheme’s name came from cryptographers’ half-joking term Rubberhose Cryptanalysis, the threat of beating a decryption key out of someone with a length of rubber tubing.) “The idea of this is that even if you get rubber-hosed, you can say ‘here’s my key,’ and they only get a message that’s not the real message,” Cohen says.
Even with Cohen’s clever hashing trick, the cover text for a secret message must be much larger than that message itself. Cohen suggests a file five hundred times as large as the secret message to encode communications without raising suspicions. But he and a group of Stanford cryptographers are working to improve DissidentX with an algorithm known as Lenstra–Lenstra–Lovász to minimize the proportion of the cover text that must be changed.
Cohen says he began thinking about steganography after scandal erupted around the now-defunct anonymity tool Haystack in 2010. That software, intended to help dissidents in countries like Iran evade surveillance, was found to be deeply insecure and the project was shuttered by its creator Austin Heap. “Haystack was claiming to be using steganography, and it got me thinking about stego,” he says. “I ended up coming up with some neat intuitions about how to do this.”
As DissidentX evolves, Cohen says he imagines human rights groups like the Tor anonymity project might hide messages to political dissidents in web pages, which could be detected with a browser plug-in that checks every page for hidden messages. Thanks to his hashing trick, those secrets should be visible in their encrypted form–not to mention readable–to a DissidentX user with the right decryption key.
“Hopefully this will kind of approach will become how modern stego is done,” he says.
Follow me on Twitter, email me, anonymously send me sensitive documents or tips, and check out my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers.