What is Deniable Encryption?
An encryption scheme where the existence of encrypted data cannot be proven, or where decryption can produce different plausible plaintexts.
Deniable encryption protects you in scenarios where you may be compelled to reveal your encryption keys.
How It Works
- Hidden volumes: A VeraCrypt container can have two passwords — one reveals innocent data, the other reveals the real data
- Steganography: Hide encrypted data inside ordinary files (images, audio)
- Multiple decryption: The same ciphertext produces different valid plaintexts depending on the key
Use Cases
- Crossing borders where authorities demand device passwords
- Operating in countries where encryption itself is illegal
- Protecting sensitive journalistic sources
Tools
- VeraCrypt: Hidden volumes within encrypted containers
- OpenStego: Steganographic data hiding in images
Limitations
- Sophisticated forensic analysis may detect hidden volumes
- Rubber-hose cryptanalysis (physical coercion) remains a threat
- Legal jurisdictions vary on whether you can be compelled to reveal all keys
Related Terms
Encryption
The process of converting information into a code to prevent unauthorized access. Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and key. Only those with the correct key can decrypt and read the original data.
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
Plausible Deniability
The ability to credibly deny knowledge of or responsibility for something, especially when encrypted data could be explained as random noise or when hidden volumes within encrypted containers cannot be proven to exist.
Have more questions?
Use our guided flow to get the right next privacy step for Deniable Encryption.
Open Guided Flow