Researchers have made a significant advancement in secure communications by creating an algorithm that efficiently hides critical information, making it hard to tell that anything has been hidden.
This technology may soon be widely employed in digital human contacts, including social media and private messaging, according to the team, which is directed by the University of Oxford and works closely with Carnegie Mellon University. Particularly vulnerable groups, like dissidents, investigative journalists, and aid workers, could be strengthened by the capacity to convey information in an entirely secure manner.
The algorithm applies to a setting called steganography: the practice of hiding sensitive information inside of innocuous content. Steganography is different from cryptography in that it hides sensitive information in a way that makes it difficult to detect its concealment. An illustration would be to conceal a Shakespearean poem under an AI-created cat image.
Existing steganography techniques have been investigated for more than 25 years, however they often have weak security, making it possible for users to be discovered. This is due to the fact that earlier steganography algorithms might slightly alter how the harmless content was distributed.
This paper is a great example of research into the foundations of machine learning that leads to breakthrough discoveries for crucial application areas. It’s wonderful to see that Oxford, and our young lab in particular, is at the forefront of it all.
Professor Jakob Foerster
The research team overcame this by utilizing recent developments in information theory, particularly minimal entropy coupling, which enables the joining of two data distributions in a way that maximizes their mutual information while preserving the individual distributions.
Therefore, the distribution of harmless content and the distribution of content that encodes sensitive information do not differ statistically under the new method.
The algorithm was tested using several types of models that produce auto-generated content, such as GPT-2, an open-source language model, and WAVE-RNN, a text-to-speech converter.
The new algorithm demonstrated up to 40% higher encoding efficiency than earlier steganography techniques across a range of applications in addition to being completely secure, allowing for the concealment of more information within a given quantity of data. Due to the advantages for data reduction and storage, steganography may become a desirable technique even if perfect security is not necessary.
The research team has applied for a patent on the method, but they want to make it available to others for free as long as they use it responsibly and for noncommercial purposes. This covers academic and charitable purposes as well as dependable third-party security audits.
The researchers have shared an ineffective implementation of their methodology on Github and published this work as a preprint publication on arXiv. They will also present the new algorithm at the premier AI conference, the 2023 International Conference on Learning Representations in May.
AI-generated content is increasingly used in ordinary human communications, fuelled by products such as ChatGPT, Snapchat AI-stickers, and TikTok video filters. Steganography may consequently become more common as the mere existence of AI-generated content will no longer elicit suspicion.
Co-lead author Dr. Christian Schroeder de Witt (Department of Engineering Science, University of Oxford) said: “Our method can be applied to any software that automatically generates content, for instance probabilistic video filters, or meme generators. This could be very valuable, for instance, for journalists and aid workers in countries where the act of encryption is illegal. However, users still need to exercise precaution as any encryption technique may be vulnerable to side-channel attacks such as detecting a steganography app on the user’s phone.”
Co-lead author Samuel Sokota (Machine Learning Department, Carnegie Mellon University) said: “The main contribution of the work is showing a deep connection between a problem called minimum entropy coupling and perfectly secure steganography. By leveraging this connection, we introduce a new family of steganography algorithms that have perfect security guarantees.”
Contributing author Professor Jakob Foerster (Department of Engineering Science, University of Oxford) said: “This paper is a great example of research into the foundations of machine learning that leads to breakthrough discoveries for crucial application areas. It’s wonderful to see that Oxford, and our young lab in particular, is at the forefront of it all.”
Besides Dr. Christian Schroeder de Witt, Samuel Sokota and Professor Jakob Foerster, the study involved Prof. Zico Kolter at Carnegie Mellon University, USA, and Dr. Martin Strohmeier from armasuisse Science+Technology, Switzerland. The work was partially funded by a EPSRC IAA Doctoral Impact fund hosted by Professor Philip Torr, Torr Vision Group, at the University of Oxford.