Re: Call for stego ideas
Date: 07/25/04

Date: 25 Jul 2004 07:10:13 -0700

Mok-Kong Shen <> wrote :

>As said previously, I am personally of the opinion that
>linguistic steganography based on exploitation of semantics,
>even in case the development turns out in the future to be
>very successful, could be too difficult to be practically
>done (due to available resources etc.) in at least certain
>category of potential application envioronments. Wouldn't it
>be conceivable, on the other hand, that all grammatical
>constructions be appropriately partitioned, according to
>certain criteria, into two classes in such a way that, in
>formulating a sentence, one is virtually free in having it
>in one or the other of the classes? If this could be done,
>then one could evidently express a sequence of 0/1 as stego
>in one's text.

it can very easily be done in linguistic steganography,
but does not need a complex conditional grammar structure as a

all that is needed is an agreement between the users,
about two sets of 'code' terms:

Set A:(elements denoting a 0 )
[example elements: blue, green, red, warm, cold, paper, e-mail,
letter, etc.]

Set B:(elements denoting a 1 )
[example elements: black, white, light, dark, snail-mail, floppy,
harddrive, etc.]

how many elements would be necessary for a stego channel to be secure
enough to prevent retrieval of the message?
(assume that the attacker 'suspects' each of the elements used to be a
carrier 'code' term, but does not know which refers to a 0 and which
to a 1)

a reasonable starting point would be to take the analogous model of a
symmetrical block cipher, whose security 'weakest' point would be the

a commonly accepted 'secure' passphrase,
(requiring an infeasible amount of work for a brute force attack)
would be a 7 word diceware passphrase.

there are 7776 words in the diceware passphrase word list
(for simplicity, assume 8000)

8000 = (2^3)x(10^3)

as (2^10) ~ (10^3)

so (2^13)=(8192), would imply that 13 elements in each of set A , and
set B,
should be enough.

to maintain a model analogous to the symmetrical block cipher with the
shared passphrase,
it is necessary that the contained stego message not be susceptible to
a known plaintext attack,
so it might be better to encrypt the message first.

alternatively, it is possible to add more complexity:

one could have a third set C, consisting of 'operators',
such that, any element of set C, when before an element of set A or
set B, changes the parity of the element

so, for example,
if set C had the elements: [large, small, good, bad, like, dislike,

then the following sentence of carriertext:

[I really like the e-mail you sent, but it would be better to send
such large messages by snail mail, or maybe on a floppy included in
the letter.]

would contain the message:

the addition of a third set C, of 'operators',
allows an element of the stego carrier to have different parities in
the same message,
making it somewhat more resistant to a known plaintext attack,
(but still not as good as encrypting the message)

as always,
the elements in the 3 sets should be agreed upon as appropriate for
the expected communication between the two parties, and would not call
to their use in the message.

just a preliminary scheme outline,
but many such schemes are feasible with 'text only' stego carriers.