On the Gold Standard for Security of Universal Steganography

While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model for public-key steganography was proposed by von Ahn and Hopper in EUROCRYPT 2004. At TCC 2005, Backes and Cachin gave the first universal public-key stegosystem - i.e. one that works on all channels - achieving security against replayable chosen-covertext attacks (SS-RCCA) and asked whether security against non-replayable chosen-covertext attacks (SS-CCA) is achievable. Later, Hopper (ICALP 2005) provided such a stegosystem for every efficiently sampleable channel, but did not achieve universality. He posed the question whether universality and SS-CCA-security can be achieved simultaneously. No progress on this question has been achieved since more than a decade. In our work we solve Hopper's problem in a somehow complete manner: As our main positive result we design an SS-CCA-secure stegosystem that works for every memoryless channel. On the other hand, we prove that this result is the best possible in the context of universal steganography. We provide a family of 0-memoryless channels - where the already sent documents have only marginal influence on the current distribution - and prove that no SS-CCA-secure steganography for this family exists in the standard non-look-ahead model.Comment: EUROCRYPT 2018, llncs styl

Public-key steganography with active attacks

Abstract. A complexity-theoretic model for public-key steganography with active attacks is introduced. The notion of steganographic security against adaptive chosen-covertext attacks (SS-CCA) and a relaxation called steganographic security against publicly-detectable replayable adaptive chosen-covertext attacks (SS-PDR-CCA) are formalized. These notions are closely related to CCA-security and PDR-CCA-security for public-key cryptosystems. In particular, it is shown that any SS-(PDR-)CCA stegosystem is a (PDR-)CCA-secure public-key cryptosystem and that an SS-PDR-CCA stegosystem for any covertext distribution with sufficiently large min-entropy can be realized from any PDR-CCA-secure public-key cryptosystem with pseudorandom ciphertexts.

Private supplementary tutoring: Comparative perspectives on patterns and implications

Private supplementary tutoring has long been a major phenomenon in parts of East Asia, including Japan, Hong Kong, South Korea and Taiwan. In recent times it has grown dramatically in other parts of Asia and in Africa, Europe and North America. The factors underlying the growth of private tutoring vary, but in all settings it has major implications for learning and livelihood. Families with the necessary resources are able to secure not only greater quantities but also better qualities of private tutoring. Children receiving such tutoring are then able to perform better in school, and in the long run to improve their lifetime earnings. By contrast, children of low-income families who do not receive such benefits may not be able to keep up with their peers and may drop out of school at an earlier age. Tutoring also of course has a direct impact on the livelihoods of the tutors, providing employment and incomes for a range of professionals and amateurs of different age groups. The dynamics of inter-relationships are complex, and vary from one setting to another. This paper argues that private supplementary tutoring deserves much more attention from policy makers and researchers.link_to_subscribed_fulltex