Shufflecake, AKA Truecrypt on Steroids for Linux
2024-07-03, 16:15–16:50 (Europe/Paris), Amphitheater

Shufflecake is a novel, free, open-source data encryption tool that allows the creation of hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. This is useful for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes. You can consider Shufflecake a "spiritual successor" of tools such as TrueCrypt and VeraCrypt, but vastly improved: it is fast, supports any filesystem of choice, and can manage multiple layers of nested decoy volumes, so to improve user experience and make deniability of the existence of these partitions really plausible.
Shufflecake is the result of a multi-year research aimed at solving fundamental limitations of plausible deniability tools. It has been peer-reviewed and presented at top IT conferences such as DEF CON Demo Labs and ACM CCS. It is under active development, and the open source community is welcome to contribute. In this talk we will present the history and limitations of other existing solutions, we will show how Shufflecake works and solves such limitations, and we will see why Shufflecake is an indispensable tool in the arsenal of users facing violent or coercive investigation.

Shufflecake is the result of a multi-year research aimed at solving fundamental technical and usability limitations of plausible deniability tools such as TrueCrypt.
In Shufflecake, each hidden volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage, and indistinguishable from random noise when not decrypted. Crucially, unlike TrueCrypt and similar solutions, the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. Each volume’s password also recursively unlocks all other less hidden volumes in the hierarchy. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that only unlocks "decoy" data. Volumes can be managed independently as a virtual block devices, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disk. The whole system is very fast, with only a minor slowdown in I/O compared to a bare encrypted disk, and with negligible waste of memory and disk space.
In this talk we will give an overview of plausible deniability tools and technology, including an overview of TrueCrypt/VeraCrypt and other historical aspects. We will discuss use cases, legislation, forensics, and limitations of existing approaches. We will then present Shufflecake and show how this tool represents a considerable step forward for privacy. We will conclude with discussions about future directions and projects, including integration with the bootloader, fully hidden GNU/Linux installations, corruption resistance, and protection against advanced attacks.
The main goal of this talk is to raise awareness on plausible deniability solutions and to foster collaboration within the community to continue the development of new features on Shufflecake.

Dr. Tommaso Gagliardoni is a mathematician, cryptographer, and privacy advocate. He published influential peer-reviewed papers in the areas of cryptography, quantum computing, security, and privacy, and spoke at many international conferences in these fields. Additionally, he has a background in privacy hacktivism, investigative journalism, and ethical hacking, and being a strong advocate of the FOSS philosophy and digital freedoms. Tommaso obtained a PhD in cryptography at the Technical University of Darmstadt, Germany. He worked at IBM Research before joining Kudelski Security in 2019, where he is currently technical lead for the initiatives in quantum security and advanced cryptography.