We present Shufflecake, a new plausible deniability design to hide the existence of encrypted data on a storage medium making it very difficult for an adversary to prove the existence of such data. Shufflecake can be considered a ``spiritual successor'' of tools such as TrueCrypt and VeraCrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple volumes per device, so to make deniability of the existence of hidden partitions really plausible. Compared to ORAM-based solutions, Shufflecake is extremely fast and simpler but does not offer native protection against multi-snapshot adversaries. However, we discuss security extensions that are made possible by its architecture, and we show evidence why these extensions might be enough to thwart more powerful adversaries. We implemented Shufflecake as an in-kernel tool for Linux, adding useful features, and we benchmarked its performance showing only a minor slowdown compared to a base encrypted system. We believe Shufflecake represents a useful tool for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

翻译：摘要：本文提出Shufflecake——一种新型可否认加密设计，旨在隐藏存储介质上加密数据的存在性，使得攻击者极难证实此类数据的存在。该方案可视为TrueCrypt与VeraCrypt等工具的“精神继承者”，但性能显著提升：原生支持Linux系统、兼容任意文件系统、且可管理每设备多卷分区，从而真正实现隐藏分区存在性的可否认性。与基于ORAM的解决方案相比，Shufflecake具有极快的运行速度和更简化的架构，但无法原生抵御多快照攻击者。然而，我们讨论了其架构所支持的安全扩展，并给出证据表明这些扩展可能足以抵御更强大的攻击者。我们已将Shufflecake实现为Linux内核级工具并添加实用功能，性能基准测试表明其相较基础加密系统仅产生轻微性能下降。我们认为，Shufflecake对言论自由受到压制政权或危险犯罪组织威胁的人群（尤其是举报人、调查记者及人权活动家）而言，将是一款实用工具。