If the amount is less than $50,000, I suggest you just offer it all as prize to whoever proves you wrong. The value to your reputation will be more than $5, and due to transaction costs people are unlikely to bet with you directly with less than $5 to gain.
I’d be willing to bet 50% of the market value of a feasible distinguishing-attack against AES. Under the condition that whoever proves me wrong discloses their method to me and only me.
In other words: a shitload. Such an attack would be far more valuable than any sum I’d possibly be able to offer.
Wrong on what count? I intended that sentence to refer only to the last paragraph of my post, and I’d expect that to be very implementation-dependent. Generally speaking, the higher the compression ratio the more perfectly random I’d expect the low bits to be—but even at low ratios I’d expect them to be pretty noisy. I’m fairly confident that some JPEG implementations would leave distinguishable patterns when fed some inputs, but I don’t have any good way of knowing how many or how easily distinguishable. To take a shot in the dark, I’m guessing there’s maybe a 30% chance that an arbitrarily chosen implementation with arbitrarily chosen parameters would be easily checked in this way? That’s mostly model uncertainty, though, so my error bars are pretty wide.
If we exclude that sort of statistical analysis, I’d estimate on the order of a 10 or 20% chance that Decoy images are distinguishable as such by examining metadata or other non-image traces—but that comes almost entirely from the fact that I haven’t read Nanashi’s code, I’m not a JPEG expert, and security is hard. A properly done implementation should not be vulnerable to such an attack; I just don’t know if this is properly done.
If you would put a probability on it, how likely would you expect a proper security audit to prove you wrong?
.01%
How much money are you willing to bet on that?
If the amount is less than $50,000, I suggest you just offer it all as prize to whoever proves you wrong. The value to your reputation will be more than $5, and due to transaction costs people are unlikely to bet with you directly with less than $5 to gain.
I’d be willing to bet 50% of the market value of a feasible distinguishing-attack against AES. Under the condition that whoever proves me wrong discloses their method to me and only me.
In other words: a shitload. Such an attack would be far more valuable than any sum I’d possibly be able to offer.
Wrong on what count? I intended that sentence to refer only to the last paragraph of my post, and I’d expect that to be very implementation-dependent. Generally speaking, the higher the compression ratio the more perfectly random I’d expect the low bits to be—but even at low ratios I’d expect them to be pretty noisy. I’m fairly confident that some JPEG implementations would leave distinguishable patterns when fed some inputs, but I don’t have any good way of knowing how many or how easily distinguishable. To take a shot in the dark, I’m guessing there’s maybe a 30% chance that an arbitrarily chosen implementation with arbitrarily chosen parameters would be easily checked in this way? That’s mostly model uncertainty, though, so my error bars are pretty wide.
If we exclude that sort of statistical analysis, I’d estimate on the order of a 10 or 20% chance that Decoy images are distinguishable as such by examining metadata or other non-image traces—but that comes almost entirely from the fact that I haven’t read Nanashi’s code, I’m not a JPEG expert, and security is hard. A properly done implementation should not be vulnerable to such an attack; I just don’t know if this is properly done.