SSHR: More Secure Generative Steganography with High-Quality Revealed Secret Images

We greatly appreciate your thorough feedback and the time you've dedicated to reviewing our work. We sincerely hope that our clarifications will address your concerns and strengthen your confidence in our work.

A1: (1) Conceal and Reveal Process. In the proposed model, the secret image $x_{sec}$ is initially taken as input and transformed into the latent space as $z_{sec}$ using the discrete wavelet transform. The latent representation $z_{sec}$ is then encrypted with the symmetric key $k_{sym}$ and the reference image $x_{ref}$, which has been pre-processed through the condition information guidance module. The conceal process follows Equation (12), with the input $z_0 = z_{sec}$ and the output $z_T = z_{stego}$, generating the latent representation $z_{stego}$ of the stego image $x_{stego}$. The final stego image $x_{stego}$ is then obtained by applying the inverse wavelet transform. The reveal process mirrors the conceal process, following Equation (14) with input $z_T = z_{stego}$ and output $z_0 = z_{rev}$, ultimately yielding the revealed secret image $x_{rev}$.

(2) Symmetric Key Usage. The symmetric key is employed to generate the weights for the Conditional Re-parameterization Convolution and the modulation parameters $\alpha$, $\beta$, $\gamma$ in the Condition Reaction Term. This design ensures that the symmetric key plays a crucial role in the conceal and reveal process.

Your constructive comments are both sincerely valued and deeply appreciated, and we will re-organize and add more clearer description in the future version.

A2: The outcome of this model is influenced by: the removal of the text prompt and the design of the model’s training objectives.

(1) The removal of the text prompt in the proposed model contributes to reducing the risk of semantic misalignment and improves control over specific semantic regions. The proposed model eliminates the text prompts entirely, relying solely on the reference images to guide the generation of stego images. This architectural simplification facilitates more natural stego images generation, reduces the risk of semantic misalignment and removes the need for balancing multi-modal prompts. In contrast, the DiffStega model integrates both reference images and text prompts to steer the generation of stego images. With the dual-modal guidance, DiffStega generates stego images that align with the constraints of text prompts and the visual features of the reference images. However, text prompts in generative steganography models offer inadequate control, leading to the trade-off between the two types of prompts.

(2) The design of the training objective plays a crucial role in achieving the results outlined in this question, aligning with the discussed design choices. The framework’s focus on reference-image guidance and its simplification of the generative process contribute significantly to the system’s overall efficacy.

A3: (1) Dataset Resolution. Both the training and test datasets are utilized at a resolution of 256$\times$256, as documented in the manuscript. To improve clarity and readability, the manuscript will be reorganized to provide a more structured presentation of the information.

(2) Steganalysis Protocol. The deep learning steganalysis architecture follows the training protocol established by SRNet (Deep Residual Network for Steganalysis of Digital Images). After training the deep steganalysis network, we assess the anti-steganalysis capabilities of various methods with the trained network. This enables a comprehensive assessment of the model's anti-steganalysis capabilities. Our experimental setup aligns with common practices used in existing steganography research, guaranteeing the objectivity of the results. We aim to explore more effective experimental settings in future work to further enhance the evaluation of different steganography models.

A4: This question closely resembles the first one of the second reviewer. With respect to the concerns you've raised, we will now provide a renewed explanation of this issue.

(1) Reference Image Selection. We would like to clarify that the selection of reference images does not significantly affect the model's performance. During both training and testing, reference images are randomly selected, which enhances the model's generalization ability, ensuring excellent performance across various types of reference images. This makes the proposed model more adaptable to different visual contexts.

(2) Model Performance. The proposed model consistently delivers high-quality stego-images and secure secret recovery, regardless of whether the reference images are real-world images or generated images.

Your insightful question presents a promising avenue, selection of reference images in generative steganography, for future exploration. We intend to investigate this aspect in future work to enhance the effectiveness and adaptability of generative steganography techniques.

We greatly appreciate the very detailed feedback and your recognition of our contributions! We sincerely hope our response below will further enhance your confidence in our work.

A1: (1) Reference Image Selection and Model Performance. The selection of the reference image does not significantly impact the model’s performance. Reference images used for generative guidance in the proposed framework are randomly selected during both the training and testing phases. This stochastic selection mechanism ensures that the model demonstrates robust generalization across diverse reference images, maintaining effective steganographic performance even when the textures of the reference images are irrelevant or conflict with those of the secret images.

(2) Model Performance. The proposed model continues to produce high-quality stego-images and ensures secure secret recovery. The stochastic selection mechanism guarantees robust generalization across various reference images, preserving high-fidelity stego-image synthesis and secure secret recovery, even when the reference images contain irrelevant or conflicting visual features in relation to the secret data.

Furthermore, your insightful question holds significant value and highlights an important avenue for advancement. We plan to systematically investigate this direction to identify optimal reference image selection strategies that strike a balance between creative flexibility and security guarantees for generative image steganography frameworks in future work.

A2: (1) Symmetric Key Security. The symmetric key’s security is rigorously maintained during data transmission. In the proposed framework, only the public key required for symmetric key derivation is exchanged, eliminating the risk of exposing the private key. This design ensures that the symmetric key's confidentiality is upheld by securely storing the private key, thereby significantly enhancing the overall security of the system.

(2) Theoretical Security. The proposed cryptographic key generation process, grounded in robust, well-established algorithms, mitigates potential theoretical vulnerabilities. Specifically, the symmetric key generation method employs the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) algorithm. This choice ensures strong theoretical security guarantees, safeguarding the symmetric key’s generation and protection.

(3) Experimental Results. a) Evaluation on Various Datasets. We evaluated the proposed model on four distinct real-world datasets: the DIV2K test dataset (100 images), COCO (5,000 images), ImageNet (10,000 images), and UniStega (100 images). These datasets, sourced from real-world scenarios, were chosen to assess the model’s performance and generalization across a variety of image types. The results highlight the model’s outstanding performance, demonstrating its robustness and adaptability in diverse real-world scenario applications.

b) Evaluation on Various Keys. The proposed model was also tested with several types of keys, including constant keys, random Gaussian noise, the public key transmitted to the receiver, and the correct symmetric key. Experimental findings confirmed that third parties could not extract secret images from stego images when using incorrect keys. This result underscores the high level of security provided by the proposed key generation process in real-world scenarios.

A3: Datasets. The proposed model was evaluated on a diverse range of real-world image datasets that cover various scenarios and challenging conditions, such as varying lighting, resolution differences, and environmental factors. To ensure a thorough assessment and facilitate a comprehensive comparison with other steganography approaches, including both cover-based and generative methods, we adhered to prior steganography methods. The model was tested across four distinct real-world datasets: the DIV2K test dataset (100 images), COCO (5,000 images), ImageNet (10,000 images), and UniStega (100 images). These datasets encompass a variety of image resolutions, scenarios, and visual contexts, providing a robust foundation for evaluating the model's performance under different conditions.

We greatly appreciate your valuable feedback and sincerely hope our response adequately addresses your points and restores your confidence in our work.

A1: Fundamental Disparities from Cover-based Steganography. We clarify that the proposed method effectively bridges the gap between cover-based steganography and coverless generative steganography, markedly diverging from cover-based methods that directly embed secret data into cover images. The proposed method adheres to a generative steganography pipeline, with reference images serving as guidance for generating stego images. It offers a hybrid solution that unites cover-based steganography and coverless generative steganography. Unlike coverless methods, the proposed method exploits reference images to boost stego images' naturalness and imperceptibility.

A2: (1) Fundamental Disparities from HiNet. The proposed model presents a significant departure from HiNet (Jing et al., 2021), a cover-based method. The key distinctions are: a) Generative steganography vs Cover-Based steganography. The proposed method follows a generative steganography pipeline, with reference images serving as guidance for the generation of stego images. This distinguishes the proposed method from HiNet, which directly embeds secret data into cover images; b) Key Management. The proposed model dynamically derives secret-specific symmetric keys through public key exchange and shared symmetric key generation module. Conversely, HiNet lacks mechanisms for key management; c) Role of Auxiliary Images. Although both the proposed method and HiNet utilize auxiliary images, the functional roles differ fundamentally. In the proposed method, the reference images serve as image prompts and guide the stego images generation process, whereas HiNet treats secondary images as secret data containers.

(2) Main Contributions. The proposed method addresses several fundamental challenges in image steganography, including naturalness and imperceptibility, quality of the revealed secret images and security. Unlike modular approaches that rely on isolated components, our method integrates three main contributions: a) We systematically propose a novel generative steganography method joints the reference images with the adaptive keys to govern the entire steganography process, enhancing the naturalness and imperceptibility of the stego images; b) We methodically design an Exact Reveal Process to precisely reverse the conceal process, minimizing errors in the reveal phase and improving the quality of the revealed secret images; c) We propose a Reference-Secret Image Related Symmetric Key generation module for dynamic symmetric keys generation, bolstering the security of both the keys and the secret images. It is important to note that these challenges cannot be adequately resolved with any singular modular component operating in isolation. The proposed model achieves optimal performance only through the synergy of these contributions.

(3) Key Transmission. The symmetric key is not transmitted directly to the receiver. Only the public keys associated with the secret images are delivered. a) Public Key Exchange. The sender generates a public-private key pair and transmits the public key to the receiver alongside the stego image; b) Symmetric Key Derivation. The receiver uses the received public key within the shared symmetric key generation module to derive the symmetric key. This process decouples the symmetric key transmission from public key distribution and ensures key consistency without transmitting the symmetric key. Please refer to Section $***Reference-Secret Image Related Key***$ and the supplementary materials $***Security of the Symmetric Key***$ for detailed specifications of the transmission of keys and symmetric key derivation.

A3: (1) Experimental Setting. The proposed model presents a novel generative steganography method, distinguishing itself from cover-based methods. It bridges cover-based steganography and coverless generative steganography, and utilizes reference images as guidance for stego images generation rather than containers as in cover-based models. This fundamental divergence shapes the experimental design, which integrates elements of both cover-based and generative steganography, providing a unique and comprehensive evaluation framework.

(2) Steganalysis. We have employed the handcrafted feature-based steganalyzer to assess the anti-steganalysis capabilities of the proposed model. We utilize StegExpose, an open-source steganalysis tool integrates four handcrafted feature-based steganalyzers (Sample Pairs, RS Analysis, Chi-Square Attack and Primary Sets), for assessment. The experimental results, detailed in Section $***Steganographic Analysis***$, demonstrate that the proposed model exhibits excellent resistance to steganalysis.

A4: Thanks for mentioning the typos in our manuscript. We will review and polish the entire manuscript.