Today I want to explore a concept called “Deniable encryption”.

Encryption

As you might very well know, encryption is the process of hiding a message or data by transforming it into an unreadable collection of characters, only decypherable with the proper key. Today this is being done very efficiently by computers and (as long as quantum computing takes some time) pretty much unbreakable. Encryption is more or less powering the internet and is essential for modern computing and our daily use of technology, even if we might not notice.

In a more practical sense, as far as this post goes I want to focus on file or disk-encryption so the encryption of files or (parts of) a hard drive. Popular software to accomplish this is LUKS, Bitlocker, FileVault, VeraCrypt and many more.

Plausible deniability

The term plausible deniability, originating from politics and intelligence agencies refers to the ability to deny knowledge of something and be believable. For example a politician could denounce an opponent by his subordinates and claiming this happened without his knowledge or intent, allowing him to maintain a clean image.

However, a connection could be also made to encryption.

Deniable encryption

The key idea of deniable encryption is that maybe encryption might perfectly protect or hide your sensitive data, in a way that only the person with the right key (you) is able to decipher it. But as a human, you are the weakest link and you might be compromised. If an attacker is not able to break the encryption he instead might to “break” you and have you reveal the secret key. However if the encryption is deniable, so that it might be believable that there is no encrypted message whatsoever or if you are able to, instead of giving the right key, give out a fake decoy key, then the your sensitive data is even more protected.

A fictional but still imaginable scenario could for example be that you are a goverment-critic journalist in an autocratic country. You have received whistleblower information about corrupt government officials and, to protect your inside source, you stored that data on an encrypted USB-stick. As the goverment seizes your computer and USB-stick, they realize the USB-stick might contain the crucial information about the whistleblower and they want to make you reveal the encryption key. Maybe event torture could be brought to the table in their hunt for the data. And at this point deniable encryption might come in very handy.

Nesting of containers

One practical way of accomplishing deniable encryption is the use of encrypted containers inside of each other. Some software, such as VeraCrypt allows the creation of an encrypted container that can contain any files or data you want. And inside this container you could create another container and another and nest them as deep as you want, provided there is enough space on the volume. As the software fills every empty space with random bits, from just looking at the USB-stick how many encrypted containers are really hidden on the disk. In the event of torture or other threats against you, you could now reveal the key to one of the containers that just contains “suspicous” looking, but fake files, while the real files are residing in another encrypted container. In that manner you could give out many different keys for many containers and nobody would be able to say if there is more or not.

The problem with randomness

Technically it is the randomness, or rather Pseudorandomness, that enables us to deny the encryption. There is ways to generate random data that is indistinguishable from encrypted data, which allows us to fill arbitrary space with a mix of encrypted and random data and therefore conceiling the true number of encrypted spaces. But not only may this conceil a yet unrevealed encrypted container, it might also suggest that there is another container that has not been revealed yet, while there is in fact none.

In our fictional scenario, you might be tortured and give up the 4 keys to all the 4 encrypted containers on your USB-stick. But your torturer thinks there should have been more data and that you are still hiding more encrypted containers and this might well be possible, as there is so much space filled with random bits. He might never stop torturing you, even when you promise again and again that there is no more data to find.

How about we just destroy the key?

So if we are scared of the case described above; an attacker who might never give up trying to extract keys, even if there is none, we could move away from deniable encryption and employ another trick. Instead of trying to conceal the encryption we could instead be very transparent about everything; we could be transparent about what kind of encryption we use and what kind of key we have. But instead of remembering this key (maybe it is very long or complicated) we have it external to us a person; such as a key-file on a USB-stick or for simplicitly, maybe we just wrote it on a piece of paper. Now we could setup a mechanism or procedure that we activate as soon as we are being compromised. For instance, we could drill a hole into the stick, try to microwave it or, in case of the paper note with the key, just swallow it in front of witnesses. This might sound very absurd; but apart from these illustrive examples there are of course possibilities and techniques that are very feasible and probably used in real life. What this accomplishes is demonstrating that you are in fact unable to produce a key, even if you wanted. No torture or extraction procedure can make you reveal a secret key, when you don’t know it and the only way of learning it was obviously destroyed.

Back to deniable encryption

Now previously we always talked about “the attacker” as some criminal or dangerous entity, somebody who might resort to torture even. This may be a little far fetched (at least in my case; you do you). But what might be more plausible is the police or an intelligence agency seizing your devices. Maybe you’ve been in contact with the wrong people, are an activist connected with more extreme protesters or are simply unlucky at the airport and now there rests suspicion on you. Of course we are good citizens so we could just reveal our password and prove our innocence. But let’s assume we dont want to reveal our sensitive data. Doing our neat trick of destroying the key to our encrypted hard-drive, as described above, might well work; but it will certainly put us into big trouble, due to something called Tampering with evidence. So even with our data safe far from the hands of the police, we can get prosecuted for destroying the evidence. So maybe we should reconsider our deniable encryption?

The problematic Key disclosure law

So imagine being under suspicion of some criminal activity by the police. In a lot of countries (such as most EU-states) there is a right to remain silent. The idea is, that you should not have to incriminate yourself. You may choose to refuse talking and you will not be punished for it, even if there is evidence that you might know something. But here it gets interesting. How is it when there is incriminating data on your USB-stick? Can you be made “to talk”, as in made to reveal your password to the device? In some form you are still self-incriminating yourself and this is why fortunately a lot of countries give you the right to silence, even when it comes to your passwords. Unfortunately some countries don’t, such as Australia, the UK or France. Here there exists, in some form or another, a key disclosure law, stating that you are obliged to reveal passwords to the authorities and refusal to do so is punishable, even with prison.

To remind ourselves: deniable encryption could be a USB-stick, with 4 hidden encrypted containers on it, that looks from the outside like its filled to the top with random data. We could deny that there is any encrypted data on there at all, we could admit to up to three of the containers with fake data, without ever revealing the password for the real, fourth one or we could even reveal all 4. And now it gets real problematic. What if the police does not believe you? What if, in compliance with the key disclosure law you have disclosed all passwords, but the police suspects a fifth encrypted container? What if you have a USB-stick that is really just filled with random data? There is ways to delete data safely, where the device gets overwritten with random data. So just by having a USB-stick with this random data the police suspects it to be encrypted and you to hide some criminal activity. In the UK you can be punished for refusal of giving up a password that does not even exist. In theory, under unlucky circumstances just owning a USB-stick with random data could bring you into prison in the UK.

Conluding

Encryption is important, powerful and necessary; it can be concealed and denied and that can be very essential for some people. How the laws in some countries interact with that is however quite problematic. How can the sheer possibility of you hiding a password be punishable? Just because technology exists, everyone will be under a general suspicion? This shows either a very tragic lack of basic understanding for modern technology and computer security by law makers or how invasive intelligence agencies and other authorities are. The option of not disclosing your passwords should be protected in modern democracies and it is sad how countries like the UK or Australia move further towards digital authoritarianism.

Further resources