Training-Free Coverless Multi-Image Steganography with Access Control

TL;DR

Experimental results demonstrate that MIDAS consistently outperforms existing training-free CIS baselines in access control functionality, stego image quality and diversity, robustness to noise, and resistance to steganalysis, establishing a practical and scalable approach to access-controlled coverless steganography.

Abstract

Coverless Image Steganography (CIS) hides information without explicitly modifying a cover image, providing strong imperceptibility and inherent robustness to steganalysis. However, existing CIS methods largely lack robust access control, making it difficult to selectively reveal different hidden contents to different authorized users. Such access control is critical for scalable and privacy-sensitive information hiding in multi-user settings. We propose MIDAS, a training-free diffusion-based CIS framework that enables multi-image hiding with user-specific access control via latent-level fusion. MIDAS introduces a Random Basis mechanism to suppress residual structural information and a Latent Vector Fusion module that reshapes aggregated latents to align with the diffusion process. Experimental results demonstrate that MIDAS consistently outperforms existing training-free CIS baselines in access control functionality, stego image quality and diversity, robustness to noise, and resistance to steganalysis, establishing a practical and scalable approach to access-controlled coverless steganography.

Figures (10)

• Figure 1: Comparison of stego image quality across training-free CIS methods with two hidden secret images. CRoSS*, DiffStega*, and DiffStega** are extensions of CRoSS and DiffStega based on latent concatenation (see Section \ref{['sec:exp setting']} and Appendix \ref{['appendix:impl_detail']} for details). Dashed lines indicate concatenation boundaries. While baseline methods often suffer from visual artifacts or discontinuities due to limited diversity, MIDAS preserves high visual fidelity and natural image synthesis.
• Figure 2: The overall scenario. The sender embeds multiple secret images ($I_{sec}^1, ..., I_{sec}^N$) into a single stego image ($I_{stego}$), which is then transmitted through a public channel. Each secret image ${I}_{sec}^i$ is encrypted with a private key ${\mathcal{K}}_{priv}^i$. Let $\hat{I}_{sec}^{j}(i)$ denote the reconstruction result of secret image $j$ obtained by user $i$ using $\mathcal{K}_{priv}^{i}$. Due to the access control function, only the intended receiver $i$ possessing ${\mathcal{K}}_{priv}^i$ can successfully recover $\hat{I}_{sec}^i(i)$, whereas for any other image $j \neq i$, the reconstruction $\hat{I}_{sec}^j(i)$ results in a meaningless output.
• Figure 3: Visual comparisons of MIDAS, CRoSS*, and DiffStega* on the Stego260 dataset under different prompts for two-image hiding.
• Figure 4: Steganalysis accuracy on (a) XuNet and (b) SiaStegNet.
• Figure 5: The overall architecture of MIDAS. (a) The Hiding Stage, where $N$ secret images (${I}_{sec}^1, ..., {I}_{sec}^N$) are individually encrypted using private keys (${\mathcal{K}}_{priv}^i$) and then jointly fused using the public key ($\mathcal{K}_{pub}$) to form the single stego image (${I}_{stego}$). (b) The Reconstruction Stage (for user $1$), where user $1$ recovers their assigned image (${\hat{I}}_{sec}^1$) using ${\mathcal{K}}_{priv}^1$, from the received stego image (${\tilde{I}}_{stego}$) (which may contain noise due to transmission errors), while the access control mechanism ensures that other images remain encrypted.