🤖 AI Summary
This work investigates the fundamental trade-off between security (steganalysis resistance) and robustness (channel distortion resilience) in diffusion-based steganography, comparing pixel-space models against VAE latent-space systems. Addressing the limitation of prior works—which overly emphasize exact Gaussian prior alignment within a single architecture while neglecting inherent architectural disparities—we propose a unified framework for approximate Gaussian priors based on learnable scale factors. We theoretically reveal an antagonistic mechanism: VAE encoders enhance robustness via manifold regularization, whereas decoders amplify adversarial perturbations, degrading security. To reconcile this tension, we design a capacity-aware adaptive optimization strategy enabling tunable co-modeling across both architectures. Experiments demonstrate that pixel-space models achieve high security but poor robustness, while VAE-based systems (e.g., Stable Diffusion) exhibit the inverse behavior. Our study establishes theoretical foundations and practical design principles for generative steganographic architectures.
📝 Abstract
Current generative steganography research mainly pursues computationally expensive mappings to perfect Gaussian priors within single diffusion model architectures. This work introduces an efficient framework based on approximate Gaussian mapping governed by a scale factor calibrated through capacity-aware adaptive optimization. Using this framework as a unified analytical tool, systematic comparative analysis of steganography in pixel-space models versus VAE-based latent-space systems is conducted. The investigation reveals a pronounced architecture dependent security-robustness trade-off: pixel-space models achieve high security against steganalysis but exhibit fragility to channel distortions, while VAE-based systems like Stable Diffusion offer substantial robustness at the cost of security vulnerabilities. Further analysis indicates that the VAE component drives this behavior through opposing mechanisms where the encoder confers robustness via manifold regularization while the decoder introduces vulnerabilities by amplifying latent perturbations into detectable artifacts. These findings characterize the conflicting architectural roles in generative steganography and establish a foundation for future research.