How Does Plausible Deniability Work?

Question

How Does Plausible Deniability Work?

anon4747 opened this issue 2 years ago · 10 comments

I read the following: This can be useful in an authoritarian country where the only way to transport your files safely is if they don't "exist" in the first place.

If I use this option, I still see the file. Could you help me please? I'm trying hide a text file.

Answer 1 · 2023-05-09T17:10:55.000Z

The feature doesn't delete the file, but it does obfuscate the volume. In other words, if you encrypt a text file with the deniability option, the output volume has nothing that indicates it is a volume. It looks like random data. Thus if you take the output volume with you, no one can prove that it contains data because it looks like random data, and so you can't legally be forced to disclose your password if there's nothing to decrypt in the first place.

Answer 2 · 2023-05-09T17:15:49.000Z

Thanks for your reply. Correct me if I'm wrong, but when I encrypt the file with deniability option and put it on my USB, I see a file with a Picocrypt extension. How will this protect me at the border, for example? Trying to learn here how it works. Thanks again!

Answer 3 · 2023-05-09T17:19:41.000Z

Ah, that's a complexity for you to sort out. You can simple rename the volume and remove all extensions, including the .pcv. Sure, it may look a bit suspicious to have a file without any extensions, but no one can prove anything since the volume looks like random data. If you choose to do this, make sure to encrypt and rename everything on a trusted computer before transferring to a USB because encrypting or renaming on the USB itself can leave suspicious traces.

Answer 4 · 2023-05-09T17:25:16.000Z

They might also find it strange if I rename the file (not sure what you mean by volume, since it is a single file - is there a way to create a volume?) to my_picture.jpg and the file is not able to be opened. You would know that some kind of encryption is being applied to it. In my opinion, this is like simply encrypting the file without the deniability option. I was looking for a simple encryption tool with deniability and I really like Picocrypt, that could hide files just like Veracrypt, but Veracrypt requires additional permissions and some time to set up.

One of the best features of VeraCrypt is that it allows you plausible deniability. It does this by hiding an encrypted volume inside another VeraCrypt volume in such a way that it is impossible to prove the second hidden volume exists (if the correct precautions are taken).

Answer 5 · 2023-05-09T17:40:40.000Z

A volume is just a file ending in .pcv. If you encrypt a file without deniability, the header format and metadata make it obvious that it's a Picocrypt volume. With the deniability option, there's nothing about the volume itself that hints it's a volume. Of course, because Picocrypt is simple, it can't achieve the level of deniability of VeraCrypt, but it does provide enough that you can't be forced to reveal your password, even if people suspect it may be a Picocrypt volume.

Answer 6 · 2023-05-09T17:42:30.000Z

but it does provide enough that you can't be forced to reveal your password, even if people suspect it may be a Picocrypt volume.

Could you tell me more about this please? In an authoritarian regime, for example?

Answer 7 · 2023-05-09T18:51:10.000Z

I'm not a legal expert, so take what I say with a grain of salt. However, I think you can assume that if a government knows your files are encrypted, they will find a legal reason to force you to reveal the key. However, if the government can't prove that you are in possession of encrypted files in the first place, they have no grounds to force you to decrypt your files. Anyways, it's a niche feature that hopefully no one will need to use. But if you do, it's there for use.

Answer 8 · 2023-05-13T04:08:55.000Z

I'll close this for now since there's not much left for me to say. Feel free to open it again if you have further questions, though!

Answer 9 · 2023-06-10T09:41:21.000Z

IMHO it's not "Plausible Deniability" at all. Indistinguishability from random data is a basic property of good ciphers and salts.

Many of the file encryption programs create data that is indistinguishable from random data (for example, ccrypt, kryptor). None of the authors of these programs call this property "plausible deniability".

If an attackers find files with random data on the disk, they will first of all think that this is an encrypted file. picocrypt does not provide the plausibility of denial.

The underlying notion of deniable encryption is to be able to decrypt a cipher text into two different plaintexts depending on the key that is provided [1]. The purpose of this is to protect against adversaries who can force a user to provide a password to decrypt the cipher text, as the password that is provided will only reveal the decoy message while the true message remains hidden.

-- https://ro.uow.edu.au/cgi/viewcontent.cgi?article=1954&context=eispapers1

Perhaps an appropriate name for the new feature would be "Preventing header metadata leaks".

Answer 10 · 2023-06-10T20:12:01.000Z

Thank you for the clarification. Indeed my usage of 'plausible deniability' doesn't match the definition that others use. I meant it in the sense that no one can prove a file is a volume, so there's no basis to force someone to decrypt it. Suspicion, of course, can't be prevented with the current implementation. I didn't really consider how tools like VeraCrypt used the term since Picocrypt is fundamentally different. The 'traditional' plausible deniability can't be implemented in a file encryption tool like Picocrypt because the decoy file sizes won't add up to the total volume size, making it rather obvious that there is other data hidden. Thus, the current implementation is the best I can do for Picocrypt. I don't think "prevent header leaks" is a good term because the header doesn't really leak any information other than following a specific format, and the goal of the feature is still rooted in the same ideas as 'traditional' plausible deniability. I also explain the feature in detail in the README, so there shouldn't be any confusion as to what it does. So although my usage of "plausible deniability" isn't the exact same as other interpretations, I still think it's the most suitable term for Picocrypt.

…

On Sat, Jun 10, 2023, 5:41 a.m. Alexey Avramov ***@***.***> wrote: IMHO it's not "Plausible Deniability" at all. Indistinguishability from random data is a basic property of good ciphers and salts. Many of the file encryption programs create data that is indistinguishable from random data (for example, ccrypt <https://en.wikipedia.org/wiki/Ccrypt>, kryptor <https://www.kryptor.co.uk/>). None of the authors of these programs call this property "plausible deniability". If an attackers find files with random data on the disk, they will first of all think that this is an encrypted file. picocrypt does not provide the plausibility of denial. The underlying notion of deniable encryption is to be able to decrypt a cipher text into two different plaintexts depending on the key that is provided [1]. The purpose of this is to protect against adversaries who can force a user to provide a password to decrypt the cipher text, as the password that is provided will only reveal the decoy message while the true message remains hidden. -- https://ro.uow.edu.au/cgi/viewcontent.cgi?article=1954&context=eispapers1 Perhaps an appropriate name for the new feature would be "Preventing header metadata leaks". — Reply to this email directly, view it on GitHub <#160 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALUMDTDRHMB7KC55UO5U7DDXKQ6MXANCNFSM6AAAAAAX3RJBXM> . You are receiving this because you modified the open/close state.Message ID: ***@***.***>