Today we are excited to release Shufflecake [https://shufflecake.net], a plausible deniability disc encryption tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes. Shufflecake is FLOSS (Free/Libre, Open Source Software), source code in C is available [https://codeberg.org/shufflecake/] and released under the GNU General Public License v3.0 or superior.
You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible. The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic #538. You can read more about Shufflecake in this blog post [https://research.kudelskisecurity.com/2022/11/10/introducing...].
More in detail: Shufflecake allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted. Even if the presence of the Shufflecake software itself cannot be hidden - and hence the presence of secret volumes is suspected - the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data. Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.
Veracrypt is still updated and is battle tested. These features sound cool, but it'll be a hard sell for people at risk of repression, when tried and true things already exist.
Hello, thanks for your comment. You're right and we stress it in every disclaimer, website, blog post etc: Shuflecake is NOT production ready, do not use it for sensitive operations" etc. That said, we believe that Truecrypt and Veracrypt suffer from technical limitations that make them not only unpractical, but not deniable under many scenarios. Shufflecake solves these limitations :) but yes, it's true that we need to do a lot more of polishing and testing. Please check the website https://shufflecake.net and feel free to contribute! Thanks!
You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible. The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic #538. You can read more about Shufflecake in this blog post [https://research.kudelskisecurity.com/2022/11/10/introducing...].
More in detail: Shufflecake allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted. Even if the presence of the Shufflecake software itself cannot be hidden - and hence the presence of secret volumes is suspected - the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data. Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.