For pro-democracy activists living under authoritarian regimes, communication can be a tricky – and often dangerous – endeavor. Posting dissident messages to social media, sending an email, or texting a friend or colleague can risk interception by vigilant government agents, censorship, and even jail time. Over the past few years, Galois has been developing, in collaboration with partners at the University of Florida, an innovative tool aimed at helping activists circumvent censorship.
CADENAS is a text-based communication tool, housed in a handy Android app, that not only encrypts secret messages, but camouflages their very existence. Using a clever combination of encryption and AI predictive text generation, this groundbreaking technology allows users to hide a message in “cover text” designed to appear completely innocuous to observers.
“In the past, other tools have had the ability to take a message, encrypt it, and then use those bits to choose random strings of words to try and hide the message,” explained Galois Principal Scientist Dave Archer. “The problem is, a state actor can look at those random words and easily notice: ‘That looks weird.’ Our objective is much stronger. We want to have the cover text look so natural that it’s at least indistinguishable from something generated by a large language model like GPT. Even better, we’d ultimately like to have it be indistinguishable from text written by an actual human.”
How Does CADENAS Work?
At a glance, CADENAS seems like a page straight out of a spy novel. Imagine trying to communicate, “Meet at dawn,” without alerting censors. Using the CADENAS app, a user could input the plaintext, and the tool would automatically generate contextually plausible content that hides the message in the arrangement and choice of words. The intended recipients, having agreed ahead of time on a unique key, and knowing to keep an eye out for communications in a certain feed or location, could feed the text through their own CADENAS app, which would then decrypt the message for them.
But how does it work?
First, the tool encrypts the secret message using an encryption scheme designed by Galois engineers. Next, it uses Large Language Models (LLMs) trained on different genres of text to probabilistically choose word sequences that encode the encrypted message’s bit-stream, while still making sense within the chosen text style.
“When you run a large language model, you give it some seed text and then it generates all of the potential next tokens and their probabilities,” said Galois Principal Researcher Alex Malozemoff. “We map those to a cumulative probability distribution between zero and one. Then we use the bits of the ciphertext, which are indistinguishable from random, to select a token within that range. That’s the next token in our covertext. Then we feed that into the LLM, get the next token, and repeat. On the decoding side, we essentially do that in reverse.”
Because the encoding is in the arrangement of the words themselves, this seemingly innocent covertext can be hidden in any written communication: a Tweet, an email, a poster, or even written by hand. In each case, as long as the intended recipient knows where to look, and has the agreed upon key and seed text, they can decrypt the message. Meanwhile, villainous authorities are none the wiser.
Looking Ahead
In a world where the right to free expression, privacy, and information is not a given, our hope is that CADENAS will be a tool for good. As the tool is refined and expanded upon, we see other potential benefits, such as journalists working in risky settings being able to more safely relay sensitive information, or whistleblowers finding a secure channel to disclose wrongdoing without fear of reprisal. In short, when it comes to censorship-resistant communication, CADENAS has the potential to change the game.
While CADENAS is still in the prototype stage, the results are already remarkable. Even now, the tool can reliably generate text that appears indistinguishable from the GPT-generated content already flooding social media streams and email inboxes. Now, our researchers are focused on ensuring the final product is not just mathematically secure, but natural-looking enough to pass for human-generated text.
Keep an eye out. This one is going to be fun.