Papers
Topics
Authors
Recent
Search
2000 character limit reached

Quantum Gatekeeper: Multi-Factor Context-Bound Image Steganography with VQC Based Key Derivation on Quantum Hardware

Published 29 Apr 2026 in quant-ph, cs.AI, and cs.CR | (2604.26413v1)

Abstract: This paper presents Quantum Gatekeeper, a context-bound image steganography framework where successful payload recovery depends on both cryptographic decryption and the reconstruction of a precise extraction path. The system integrates lossless least significant bit (LSB) embedding with a deterministic variational quantum circuit (VQC)-derived gate key, multi-factor contextual binding, and authenticated encryption. Payload extraction is contingent upon four requisite factors: a password, a shared secret, a user-supplied context string, and a reference image signature. Any deviation in these factors causes the system to read from an incorrect pixel sequence or fail authentication, resulting in silent rejection rather than partial disclosure. The proposed method derives a gatecontrolled extraction key from a seed-conditioned variational circuit, with parameters generated via cryptographic hash expansion and context-dependent image features. To ensure encode/decode consistency, the cryptographic key path is generated via exact statevector simulation; concurrently, IBM superconducting quantum hardware is utilized to evaluate the statistical behavior of the circuit family under physical noise. We introduce a dual-region image layout to resolve the nonce bootstrapping dependency, separating header recovery from payload recovery through independently derived keys. Experimental results confirm successful end-to-end message embedding and recovery on PNG images, demonstrating deterministic success under correct conditions and failure otherwise. The framework supports both text and image payloads; in the image-in-image configuration, a secret image is resized to a fixed resolution prior to embedding, enabling exact pixel-level recovery under correct contextual reconstruction.

Authors (2)

Summary

  • The paper presents a multi-factor image steganography protocol that requires four distinct authentication factors for secure payload recovery.
  • It employs a fixed variational quantum circuit (VQC) for key derivation, integrated with AES-GCM encryption and dual-region embedding to ensure bit-perfect extraction.
  • Empirical evaluations demonstrate near-perfect image quality (SSIM ≈1, PSNR >64 dB) and robust resistance to unauthorized extraction.

Quantum Gatekeeper: Context-Bound Image Steganography with VQC-Based Key Derivation

System Overview and Core Architecture

Quantum Gatekeeper establishes a multi-factor control paradigm for image steganography, shifting the security emphasis from ciphertext protection to extraction conditionality. The framework requires simultaneous reconstruction of four distinct authentication factors: password, pre-shared secret, user-defined context string, and an image-specific signature derived from the original cover. This approach ensures that both embedding and extraction processes are deterministically bound to exact contextual reconstruction, preventing unauthorized access from partial credential compromise.

The technical workflow incorporates authenticated encryption (AES-GCM), PBKDF2 password strengthening, deterministic seed expansion, and context-derived key separation. Central to the framework is the derivation of a quantum gate key through a fixed variational quantum circuit (VQC), whose parameters are deterministically mapped from context-bound seeds. The VQC output governs the pixel traversal order for payload embedding, and is evaluated via exact statevector simulation for encoding and decoding, maintaining functional determinism. Concurrently, the circuit family is executed on IBM Quantum hardware to measure physical noise effects, allowing for statistical validation without influencing key derivation. Figure 1

Figure 1: Overall architecture, integrating cryptographic seed expansion, VQC gate-key derivation, dual-region PNG embedding, and context-bound access control.

Embedding and Extraction Workflow

The embedding phase begins with the preprocessing of user inputs and secret payloads. When an image is used as payload, it is normalized to 512×512512\times512, PNG-compressed, and base64-encoded before encryption, guaranteeing recoverability and uniform bitstream capacity. The image-bound signature RIR_I is computed from the unmodified cover buffer, enforcing reconstruction fidelity across all embedding variables.

A composite seed is formed from all contextual factors and expanded into functionally separated keys for header traversal (σh\sigma_h), payload traversal (σp\sigma_p), VQC parameters (σq\sigma_q), and encryption keying (σe\sigma_e). AES-GCM authenticated encryption produces the protected payload, guaranteeing silent failure under incorrect decryption paths due to the integrity tag.

The dual-region embedding scheme resolves the dependency between recovery metadata and payload extraction. Header and payload bits are independently embedded into disjoint pixel regions using distinct key-controlled permutations. The header region facilitates bootstrapping for nonce and length recovery; the payload region, traversed via VQC-derived gate key KQK_Q, receives the encrypted payload itself.

The extraction phase reverses the process: header region is traversed and read first to reconstruct metadata; VQC is deterministically rebuilt from reconstructed seed-state to obtain KQK_Q; payload region is then accessed and decrypted using AES-GCM. Extraction success strictly requires exact agreement on all four contextual factors; any deviation yields silent rejection. Figure 2

Figure 2: End-to-end workflow: context-bound seed construction, embedding with VQC traversal order, and authenticated extraction via exact key reconstruction.

Quantum Circuit Key Derivation and Hardware Validation

Quantum Gatekeeper leverages VQC-based gate key derivation as a structured, non-random control mechanism. The VQC parameters are deterministically specified via cryptographic expansion of the context-bound seed. The circuit operates on nn qubits, depth dd, and the unitary transformation RIR_I0 is a static mapping, not a trainable model. The gate key RIR_I1 is extracted as the hash of the circuit's modal bitstring and probability vector. Crucially, only exact statevector simulation is used for key derivation, guaranteeing reproducibility.

The framework further executes identical VQC structures on IBM superconducting quantum hardware to empirically measure device-dependent output distributions. Metrics include Shannon entropy, total variation distance (TVD), and linear cross-entropy benchmarking (XEB), quantifying statistical divergence between ideal simulation and physical quantum execution. Hardware-induced deviations are systematically characterized but do not impact decode path determinism.

Numerical Evaluation and Recovery Results

Empirical results demonstrate the system's strong performance on both stego image quality and payload recovery fidelity. Across DIV2K, COCO, and ImageNet datasets, the stego images consistently reach SSIM values almost unity and PSNR exceeding 64\,dB, far surpassing baselines such as 4bit-LSB, CAIS, HiNet, and GAN-based approaches. This attests to the imperceptibility achieved by the dual-region quantum-conditioned embedding.

For both text and image payloads, the recovered output matches the original exactly under correct contextual conditions; for image-in-image steganography, SSIM equals RIR_I2 and PSNR is infinite, confirming bit-perfect recovery. The strict authenticated encryption pathway precludes partial output and enforces the all-or-nothing extraction model.

Simulator and hardware executions yield matching modal bitstrings, confirming functional stability of quantum gate key derivation despite NISQ-era physical noise. Hardware entropy measurements exhibit marginal increase versus simulation (e.g., 2.94 vs. 3.07), TVD remains low (RIR_I30.06), and XEB scores consistently align, substantiating device-specific yet robust circuit behavior.

Security Properties and Component Analysis

Quantum Gatekeeper's security model is predicated on composite multi-factor control and deterministic quantum traversal. Both LSB extraction-path and cipher-level protection are intertwined, preventing classical attack vectors focused on key or embedding map recovery. Incorrect reconstruction of any contextual factor (password, shared secret, context string, or image signature) leads to traversal divergence or AES-GCM authentication failure, yielding silent rejection with zero partial bit disclosure.

Component ablation confirms necessity of each layer: context string removal reduces resistance to adversarial extraction; quantum gate layer absence eliminates structured traversal variability; unified embedding regions reintroduce bootstrapping failures; omitting authenticated encryption results in partial payload leakage risk. The dual-region permutation, context-bound seed expansion, authenticated encryption, and quantum gate key collectively enforce strong security.

Practical Implications and Future Directions

Quantum Gatekeeper offers a significant architectural advance for steganographic access control, integrating quantum hardware as a verifiable, physically distinct execution layer. The practical implications include enhanced resilience against brute-force and steganalysis attacks, strict conditionality of extraction, and device-bound fingerprinting opportunities. The framework is compatible with current quantum hardware and cryptographic standards, guaranteeing deployability.

Future research avenues include extension to richer payload modalities (audio, video), more expressive VQC architectures, integration of device-specific statistical signatures as physical unclonability factors, and formal adversarial robustness analysis in the presence of side-channel or quantum-aware attackers. Additionally, the exploration of quantum noise as an information-theoretic fingerprint could further bind extraction capabilities to specific hardware instances, creating novel hardware-based authentication boundaries.

Conclusion

Quantum Gatekeeper successfully demonstrates a hybrid quantum-classical image steganography protocol enforcing multi-factor context-bound extraction control. The deterministic VQC-derived gate key ensures exact traversability, while dual-region embedding and authenticated encryption uphold imperceptibility and integrity. Hardware execution validation confirms the preservation of control state under physical noise. Numerical results substantiate bit-exact recovery and superior image fidelity, while security analysis reveals robust resistance to compromise and silent failure under incorrect inputs. The framework's modularity and hardware compatibility position it as a foundation for future quantum-assisted steganographic and access control paradigms.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 2 likes about this paper.