'Plausible Deniability' provided by !Stealth
============================================

If you are ever faced with a situation that compels you to reveal your
secret data by handing over your passphrases, !Stealth enables you to reveal
the contents of one or more encrypted volumes containing data that you are
willing to reveal, while denying that any others exist. There is no known
way for any attacker to determine how many directories are actually
encrypted. The only way would be to discover their passphrases.

Suppose, for example, that you live in an oppressive country where the
secret police can demand the passphrases for your encrypted data, with the
threat of two years in prison if you fail to cooperate. Using !Stealth, you
might give them a passphrase which opens a directory containing your
grandmother's favourite 'secret' recipes. The secret police threaten you
with dire consequences, saying that you must have something more important
to hide if you use encryption. So you give them the passphrase to reveal
your financial dealings, or perhaps even some porn or pirated software. Then
you insist that there are no further secret directories, confident that they
cannot prove otherwise. They will never see your atomic bomb secrets in the
next encrypted volume, or whatever else you want to protect.

The source code for !Stealth is public, and the secret police can see that
the program contains room for more hidden data. How can you deny that any
more exists, if you are determined to prevent them from seeing your most
secret data? You simply say that you have not yet made use of the remaining
space. Maybe you are saving it for some future purpose, or for members of
your family who have not yet learned to use the program. This is perfectly
plausible, like having free space on a big hard disc which is not yet full.
Your explanation may or may not be true, but nobody has any way to test it.

If the secret police examine the Stealth file which contains all the data,
they will see only apparently random bytes throughout each volume.
Initially, before anything is encrypted, each volume is filled with random
data. Any encrypted directories will overwrite the data in one or more
volumes, but the result will still look like random data. This is a
characteristic of strong cryptography. Without a knowledge of the
passphrase, there is no feasible way to distinguish encrypted data from
totally random data.

Thus, once you have revealed all the data that you are prepared to let the
secret police see, they will be unable to prove that your Stealth file
contains any further encrypted data. But is it also important to note that
even if you have actually revealed all your encrypted data, and if some
volumes remain unused, then you - the user of the program - also have no way
to prove this. You can only prove that an encrypted directory exists, by
producing the passphrase; you can't prove that a particular volume has not
been used, because it is impossible to try every conceivable passphrase.
Assuming that the secret police have a certain minimum level of intelligence
(admittedly, they are usually pretty stupid), they will understand this and
therefore see that it is logically pointless to insist that you reveal more
than you actually do.

The best strategy is therefore to reveal only a minimum number of your
encrypted directories, the exact number depending on how the secret police
behave. This is true even in the extreme case in which they subject you to
torture (the so-called 'rubber hose attack' - beating the victim with a
rubber hose until he reveals the required information). If they are so
stupid that they continue torturing you until they get 'everything', you
have nothing to lose by giving them the minimum amount of information - if,
for example, you have actually used only 4 out of 5 available volumes, you
will never be able to decrypt all 5 anyway.

In any case, once you have revealed several encrypted directories, it
becomes more plausible that you wouldn't be able to remember any further
passphrases and therefore that you have not encrypted any additional
directories.