Table of Contents
Fetching ...

STEAD: Robust Provably Secure Linguistic Steganography with Diffusion Language Model

Yuang Qi, Na Zhao, Qiyi Yao, Benlong Wu, Weiming Zhang, Nenghai Yu, Kejiang Chen

TL;DR

STEAD introduces a diffusion-based approach to provably secure linguistic steganography that mitigates error propagation under active tampering. By identifying robust denoising positions, applying a message-driven PRNG sampling and repetition-based error correction, and employing neighborhood search during extraction, STEAD achieves indistinguishability from cover texts while resisting insertions, deletions, substitutions, and token ambiguity. Theoretical security and robustness are established, and extensive experiments show higher embedding capacity, preserved linguistic quality, and strong resistance to both token-level and realistic attacks relative to ARM-based PSLS methods. This work enhances practical covert communication capabilities over public channels by combining diffusion-model parallelism with ECC-based robustness and adaptive post-processing.

Abstract

Recent provably secure linguistic steganography (PSLS) methods rely on mainstream autoregressive language models (ARMs) to address historically challenging tasks, that is, to disguise covert communication as ``innocuous'' natural language communication. However, due to the characteristic of sequential generation of ARMs, the stegotext generated by ARM-based PSLS methods will produce serious error propagation once it changes, making existing methods unavailable under an active tampering attack. To address this, we propose a robust, provably secure linguistic steganography with diffusion language models (DLMs). Unlike ARMs, DLMs can generate text in a partially parallel manner, allowing us to find robust positions for steganographic embedding that can be combined with error-correcting codes. Furthermore, we introduce error correction strategies, including pseudo-random error correction and neighborhood search correction, during steganographic extraction. Theoretical proof and experimental results demonstrate that our method is secure and robust. It can resist token ambiguity in stegotext segmentation and, to some extent, withstand token-level attacks of insertion, deletion, and substitution.

STEAD: Robust Provably Secure Linguistic Steganography with Diffusion Language Model

TL;DR

STEAD introduces a diffusion-based approach to provably secure linguistic steganography that mitigates error propagation under active tampering. By identifying robust denoising positions, applying a message-driven PRNG sampling and repetition-based error correction, and employing neighborhood search during extraction, STEAD achieves indistinguishability from cover texts while resisting insertions, deletions, substitutions, and token ambiguity. Theoretical security and robustness are established, and extensive experiments show higher embedding capacity, preserved linguistic quality, and strong resistance to both token-level and realistic attacks relative to ARM-based PSLS methods. This work enhances practical covert communication capabilities over public channels by combining diffusion-model parallelism with ECC-based robustness and adaptive post-processing.

Abstract

Recent provably secure linguistic steganography (PSLS) methods rely on mainstream autoregressive language models (ARMs) to address historically challenging tasks, that is, to disguise covert communication as ``innocuous'' natural language communication. However, due to the characteristic of sequential generation of ARMs, the stegotext generated by ARM-based PSLS methods will produce serious error propagation once it changes, making existing methods unavailable under an active tampering attack. To address this, we propose a robust, provably secure linguistic steganography with diffusion language models (DLMs). Unlike ARMs, DLMs can generate text in a partially parallel manner, allowing us to find robust positions for steganographic embedding that can be combined with error-correcting codes. Furthermore, we introduce error correction strategies, including pseudo-random error correction and neighborhood search correction, during steganographic extraction. Theoretical proof and experimental results demonstrate that our method is secure and robust. It can resist token ambiguity in stegotext segmentation and, to some extent, withstand token-level attacks of insertion, deletion, and substitution.
Paper Structure (50 sections, 3 theorems, 12 equations, 9 figures, 8 tables, 2 algorithms)

This paper contains 50 sections, 3 theorems, 12 equations, 9 figures, 8 tables, 2 algorithms.

Key Result

Theorem 4.1

For any polynomial-time distinguisher $\mathcal{A}$, it is computationally infeasible to distinguish between the stegotext of the steganographic encoding algorithm $\mathcal{E}$ and the output of the original model sampler $\mathcal{O}$.

Figures (9)

  • Figure 1: An overview of the proposed STEAD stegosystem.
  • Figure 2: An example of message-driven PRN sampling with different capacity. Tokens that are not selected under the given PRN are marked in gray.
  • Figure 3: An example of positional misalignment due to an inserted token.
  • Figure 4: Robustness against token substitution, insertion and deletion. $\alpha$ represents the proportion of random substitutions, $\beta^*$ and $\gamma^*$ represent the number of random insertions and deletions. Error bars represent the standard deviation of the correct rate.
  • Figure 5: Comparison of PPL.
  • ...and 4 more figures

Theorems & Definitions (10)

  • Definition 2.1: Stegosystem
  • Definition 2.2: Computational Security
  • Definition 2.3: Correctness
  • Definition 2.4: $\delta$-Robustness against $\mathcal{F}_{\alpha,\beta,\gamma}$-Tampering
  • Definition 2.5: Pseudo-Random Number Generator
  • Theorem 4.1
  • Lemma 4.2
  • proof
  • Theorem 4.3: $\mathcal{F}_{\alpha,\beta,\gamma}$-Robustness
  • proof