You might be thinking...

Surely using an encrypted message would be more secure?

It's a valid question. But the answer is not entirely straightforward.

Let's consider Histiaeus and his marked messenger. Had he been sent with an encrypted scroll, say using the Skytale scheme, and the messenger been stopped and searched, the scroll, although inscrutable, would have been incriminating.

So, in answer to the presumed question, yes, the message would be more secure because it could not be readily understood by those trying to intercept it.

But the message would never make it to its destination. So my question to you is...

Which method would be more effective in this situation?

There is no universal answer to which approach is better. You should see steganography and encryption as tools to solve different problems.

Steganography has another benefit over encryption: deniability. If done correctly, your message should disrupt the carrier so that it is deniable.

Let's say we hide a message within a piece of text; in fact, let's say we want to hide a message in this piece of text.

The text was written by the then-governor of California, Arnold Schwarzenegger, in response to Bill 1176.

And lets say we encode our message in the first letter of every line. If that were intercepted and someone figured out that the first letter of each line was part of a hidden message, you'd find it difficult to argue that it happened by chance. But if you scattered the characters across the message, it would be much easier to argue that it must have occurred by chance, thus allowing you to deny that the message is even there.

With encryption, you can't do that.

Encryption is overt and doesn't need to be hidden because even if it is interrogated, it won't divulge its secrets without the key, and figuring that out can be incredibly difficult.

The power of good steganography is that you cannot attack it if you do not believe it is there.

Let's explore the differences between encryption and steganography using a visual analogy.

Our encrypted message is like an armoured vehicle. It clearly protects its contents, and adversaries will target it and try to understand what it is trying to achieve. Due to its armour, its contents are protected.

A message protected using steganography is like this car: It is seemingly uninteresting and relies on avoiding attention to protect its contents. In this case, the vehicle is smuggling people across national boundaries.

These images, captured by the UK border force and publicised by the UK Home Office, show three people cramped into the car's roof box. However to the casual observer - the vehicle appears to be uninteresting.

This analogy fits quite well when you compare the appearance of an encrypted message and a steganographic message. Both contain the same message, but the encrypted format looks immediately suspicious and will attract attention. It relies on the strength of its encryption and the key used to protect its contents.

You should remember that the two methods are not incompatible.

You can combine both encryption and steganography to combine their strengths.

The steganographic message relies on appearing like a regular image to avoid close examination.

So, let's summarise what we've learned in this section;

  1. Encryption aims to protect messages using obfuscation, whereas steganography aims to conceal the message.

  2. Encryption is overt and does not conceal itself because it is assumed to be unassailable. Steganography aims to avoid detection by the casual observer.

  3. The unique benefit of encryption is that the message contents cannot be understood without the key. The unique benefit of steganography is that messages can be deniable.

  4. The downside of encryption is that it is clearly visible and may attract attention. The difficulty with steganography is that it takes more effort, and creativity, to embed and extract messages.

  5. One thing to remember for the future is that as we create more sophisticated computers, like quantum, it may become more accessible for sophisticated actors to decrypt messages. In addition, government actors have sought to implement legislation that may undermine the security of encrypted communications in the future, such as the Online Safety Bill in the UK. Looking forward with steganography, users will have to continue to find new means to hide messages and new ways to share how the message is hidden, as steganography doesn't usually abide by Kerchoff's Principle.

Now that we understand steganography, we're going to start working with it. In our next section, we will begin by looking at different ways to use digital images as covertext to hide our plaintext message and create stegotext.