Shufflecake: Plausible Deniability for Multiple Hidden Filesystems on Linux
Elia Anzuoni, Tommaso Gagliardoni
TL;DR
Shufflecake introduces a Linux-native plausible deniability design that supports multiple hidden volumes per device and is filesystem-agnostic, aiming to withstand coercive examinations while preserving performance. The Legacy scheme achieves single-snapshot security through a block-indirection layermodel and per-volume header hierarchy, with a kernel implementation and benchmarks showing modest I/O slowdown relative to non-PD encryption. The work discusses formal PD security notions, compares to TrueCrypt/VeraCrypt and ORAM-based PD, and identifies operational trade-offs such as crash consistency and multi-snapshot security, outlining concrete directions towardLite/Full variants and OS-in-hidden-volume concepts. Overall, Shufflecake presents a practical PD tool with strong per-device deniability, efficient operation, and a clear roadmap for improving robustness against advanced threat models and hardware realities.
Abstract
We present Shufflecake, a new plausible deniability design to hide the existence of encrypted data on a storage medium making it very difficult for an adversary to prove the existence of such data. Shufflecake can be considered a ``spiritual successor'' of tools such as TrueCrypt and VeraCrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple volumes per device, so to make deniability of the existence of hidden partitions really plausible. Compared to ORAM-based solutions, Shufflecake is extremely fast and simpler but does not offer native protection against multi-snapshot adversaries. However, we discuss security extensions that are made possible by its architecture, and we show evidence why these extensions might be enough to thwart more powerful adversaries. We implemented Shufflecake as an in-kernel tool for Linux, adding useful features, and we benchmarked its performance showing only a minor slowdown compared to a base encrypted system. We believe Shufflecake represents a useful tool for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.