The security of private communication is increasingly at risk due to widespread surveillance. Steganography, a technique for embedding secret messages within innocuous carriers, enables covert communication over monitored channels. Provably Secure Steganography (PSS) is state of the art for making stego carriers indistinguishable from normal ones by ensuring computational indistinguishability between stego and cover distributions. However, current PSS methods often require explicit access to the distribution of generative model for both sender and receiver, limiting their practicality in black box scenarios. In this paper, we propose a provably secure steganography scheme that does not require access to explicit model distributions for both sender and receiver. Our method incorporates a dynamic sampling strategy, enabling generative models to embed secret messages within multiple sampling choices without disrupting the normal generation process of the model. Extensive evaluations of three real world datasets and three LLMs demonstrate that our blackbox method is comparable with existing white-box steganography methods in terms of efficiency and capacity while eliminating the degradation of steganography in model generated outputs.

翻译：由于广泛存在的监控，私人通信的安全性正日益受到威胁。隐写术作为一种将秘密信息嵌入无害载体的技术，能够在受监控的信道上实现隐蔽通信。可证明安全隐写术（PSS）通过确保隐写分布与载体分布之间的计算不可区分性，使隐写载体与正常载体无法区分，代表了当前的技术前沿。然而，现有的PSS方法通常要求发送方和接收方均能显式访问生成模型的分布，这限制了其在黑盒场景下的实用性。本文提出了一种无需发送方和接收方访问显式模型分布的可证明安全隐写方案。我们的方法采用了一种动态采样策略，使生成模型能够在多个采样选择中嵌入秘密信息，同时不干扰模型的正常生成过程。在三个真实世界数据集和三个大语言模型上的大量评估表明，我们的黑盒方法在效率和容量方面与现有的白盒隐写方法相当，同时消除了隐写对模型生成输出的质量影响。