We present Shufflecake, a new plausible deniability design to hide the existence of encrypted data on a storage medium making it very difficult for an adversary to prove the existence of such data. Shufflecake can be considered a ``spiritual successor'' of tools such as TrueCrypt and VeraCrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple volumes per device, so to make deniability of the existence of hidden partitions really plausible. Compared to ORAM-based solutions, Shufflecake is extremely fast and simpler but does not offer native protection against multi-snapshot adversaries. However, we discuss security extensions that are made possible by its architecture, and we show evidence why these extensions might be enough to thwart more powerful adversaries. We implemented Shufflecake as an in-kernel tool for Linux, adding useful features, and we benchmarked its performance showing only a minor slowdown compared to a base encrypted system. We believe Shufflecake represents a useful tool for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

翻译：本文提出 Shufflecake，一种新的合理可否认性设计方案，用于隐藏存储介质上加密数据的存在，使得攻击者极难证明此类数据的存在。Shufflecake 可被视为 TrueCrypt 和 VeraCrypt 等工具的“精神继承者”，但功能大幅增强：它原生支持 Linux，兼容任意文件系统，并能在单设备上管理多个卷，从而使隐藏分区的存在性否认真正合理。与基于 ORAM 的解决方案相比，Shufflecake 速度极快且设计更简洁，但无法原生防御多快照攻击者。然而，我们讨论了其架构所能支持的安全扩展机制，并通过论证说明这些扩展可能足以抵御更强大的攻击者。我们将 Shufflecake 实现为 Linux 内核态工具，增加了实用功能，并通过性能基准测试表明其仅比基础加密系统产生轻微减速。我们相信 Shufflecake 将成为言论自由受压制性权威或危险犯罪组织威胁人士的有力工具，特别是：举报人、调查记者以及高压政权下的人权活动家。