Real-world steganography

Bill Stewart bill.stewart at
Tue Oct 1 19:36:51 EDT 2002

At 09:38 PM 09/30/2002 -0700, Bram Cohen wrote:
>Peter Gutmann wrote:
> > I recently came across a real-world use of steganography which hides extra
> > data in the LSB of CD audio tracks to allow (according to the vendor) the
> > equivalent of 20-bit samples instead of 16-bit and assorted other features.
>I don't think that's really 'steganography' per se, since no attempt is
>made to hide the fact that the information is in there. The quasi-stego
>used is just to prevent bad audio artifacts from happening.

Traditional digital telephone signalling uses a "robbed-bit" method that
steals the low-order bit from every sixth voice sample to carry information
like whether the line is busy or idle or wants to set up a connection.
(That's why you only get 56kbps and not 64kbps in some US formats,
since it doesn't want to keep track of which low bits got robbed.)

In a sense both of these are steganography, because they're trying to
hide the data channel from the audio listener by being low level noise
in ways that equipment that isn't looking for it won't notice.

That's not really much different from encoding Secret Data in the LSB
of uncompressed graphics or audio - it's about the second-crudest
form of the stuff, and if you think there are Attackers trying to
decide if you're using stego, you need more sophisticated stego -
at minimum, encoding the stegotext so it looks like random noise,
or encoding the stegotext with statistics resembling the
real noise patterns, or whatever.  The definition of "hidden writing"
doesn't specify how hard you tried to hide it or how hard the
Attacker is looking - you need to Bring Your Own Threat Model.

Since I don't speak Audiophile Engineering / Human perceptual modelspeak,
which the paper was written in, I wasn't able to figure out where the
HDCD stuff hides the extra bits.  Are they really there (in the CDROM's
error-correction bits or something)?  It sounded like they were either
saying that they make part-time use of the one LSB bit to somehow encode
the LSB and 4 more bits, which sounded really unlikely given that there
weren't any equations there about the compression models, or else that they
had some perceptual model and were using that to make a better choice of LSB
than a simple 50% cut-off of the A-to-D converter (more absolute distortion,
but better-sounding distortion.)  Or did I miss the implications of the
reference to oversampling and the real difference is that HDCD disks
really have more pixels on the disk with only the LSB different,
so a conventional reader reads it fine but needs the ECC to get the LSB?

A separate question is - "so is there some internet-accessible list of
disks using HDCD, or do I just have to look at the labels for a logo?"

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list