Maybe no stego on eBay afterall

Peter Wayner pcw2 at flyzone.com
Fri Jul 19 21:01:16 EDT 2002 

I used to think that CCD cameras were a pretty good approximation of 
random number generators, but not any longer. I've seen too many 
pictures where the LSB is heavily correlated with some of the higher 
order bits. Really. There are some good pictures documenting in my 
book. So while I think you're making a fair point, experience doesn't 
always suggest that it work out that way.




At 6:21 PM -0400 7/19/02, John S. Denker wrote:
>Regarding the farcical wetstone results,
>Peter Wayner wrote:
>>
>>  The basic scheme is very simple.
>
>OK.
>
>>  Generally the inserted message has
>>  higher entropy than the raw LSBs of an image.
>
>Says who?  See below.
>
>>  So the entropy of the
>>  picture/message combo should be higher than the picture alone. So you
>>  look at the entropy and choose all images that pass a threshold.
>...
>>  So even though there's some cool science in the process, there's no
>>  scientific way to draw the line.
>
>It's not "cool" to detect only whatever stego was inserted
>by idiots.
>
>a) Consider the following:  Suppose I take a picture with
>my CCD camera of a scene containing a more-or-less white
>area.  I choose the f/stop and exposure-time so that N
>photons are expected to hit each pixel of the CCD array
>in this area.  Elementary physics and statistics tell us
>that there will be an uncertainty of sqrt(N) in the actual
>photon count.
>
>b) I repeat the operation using a brighter light, bigger
>aperture, and/or longer exposure, so that the expectation
>value is now 10N.  Then I divide by 10 to get an image
>rather comparable to the first, but with sqrt(10) less
>noise.  I then add noise back in, using either
>   b1) an industrial-strength random symbol generator, or
>   b2) a well-encrypted message
>
>I claim it is impossible for any empirical test to
>distinguish case (a) from (b1) or (b2). 
>
>Maybe they'll just pass a law making it illegal to
>take pictures except in mid-day sunlight.
>
>>  >>  I bet they're still spending
>  > >>  the Air Force's money to do the study, though.
>
>Our tax dollars at work.  Whoopee.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list