Wrong on what count? I intended that sentence to refer only to the last paragraph of my post, and I’d expect that to be very implementation-dependent. Generally speaking, the higher the compression ratio the more perfectly random I’d expect the low bits to be—but even at low ratios I’d expect them to be pretty noisy. I’m fairly confident that some JPEG implementations would leave distinguishable patterns when fed some inputs, but I don’t have any good way of knowing how many or how easily distinguishable. To take a shot in the dark, I’m guessing there’s maybe a 30% chance that an arbitrarily chosen implementation with arbitrarily chosen parameters would be easily checked in this way? That’s mostly model uncertainty, though, so my error bars are pretty wide.
If we exclude that sort of statistical analysis, I’d estimate on the order of a 10 or 20% chance that Decoy images are distinguishable as such by examining metadata or other non-image traces—but that comes almost entirely from the fact that I haven’t read Nanashi’s code, I’m not a JPEG expert, and security is hard. A properly done implementation should not be vulnerable to such an attack; I just don’t know if this is properly done.
Wrong on what count? I intended that sentence to refer only to the last paragraph of my post, and I’d expect that to be very implementation-dependent. Generally speaking, the higher the compression ratio the more perfectly random I’d expect the low bits to be—but even at low ratios I’d expect them to be pretty noisy. I’m fairly confident that some JPEG implementations would leave distinguishable patterns when fed some inputs, but I don’t have any good way of knowing how many or how easily distinguishable. To take a shot in the dark, I’m guessing there’s maybe a 30% chance that an arbitrarily chosen implementation with arbitrarily chosen parameters would be easily checked in this way? That’s mostly model uncertainty, though, so my error bars are pretty wide.
If we exclude that sort of statistical analysis, I’d estimate on the order of a 10 or 20% chance that Decoy images are distinguishable as such by examining metadata or other non-image traces—but that comes almost entirely from the fact that I haven’t read Nanashi’s code, I’m not a JPEG expert, and security is hard. A properly done implementation should not be vulnerable to such an attack; I just don’t know if this is properly done.