Covert Communication Techniques

• Covert communication is a set of techniques that hide both the message content and the act of transmission, ensuring adversaries remain uncertain about any communication activity.
• In noise-limited channels, the square-root law restricts covert transmission to O(√n) bits, though advanced methods using side information or jamming can enable higher rates.
• Practical implementations span military, cyber-physical, and federated learning systems, employing methods such as physical-layer embedding, timing steganography, and ML-driven protocol design.

Covert communication (CC) encompasses a class of information-theoretic and adversarial security protocols designed not only to secure the content of transmitted messages but to hide the very act of communication from an observer, typically referred to as the warden. Unlike traditional encryption, which protects against message interception, covert communication aims to prevent reliable detection that a secret message is being transmitted at all, even in the face of powerful adversaries equipped with optimal detectors—classical or quantum. CC is of increasing interest in practical deployment scenarios including military, industrial, cyber-physical, and federated learning systems; it plays a vital role in privacy, censorship circumvention, and resilient infrastructure.

1. Fundamental Principles and Security Metrics

Covert communication is rigorously defined via the adversary’s ability to distinguish between the null hypothesis (no transmission) and the alternative (communication occurs). The principal security metric is the sum-error probability, $P_\text{FA} + P_\text{MD}$, where %%%%1%%%% is the probability of false alarm (warden declares transmission when there is none) and $P_\text{MD}$ is the probability of miss (warden fails to detect actual transmission). The canonical covertness constraint requires that for every code,

$P_\text{FA} + P_\text{MD} \geq 1 - \epsilon,$

where $\epsilon \ll 1$ is the detection slack chosen by the designer (Bash et al., 2014, Weissenborn et al., 27 Nov 2025). Equivalently, covertness is ensured if the statistical divergence (total variation for classical/discrete, quantum trace distance or relative entropy for quantum systems) between the distributions under communication and silence is small (Arrazola et al., 2017, Bullock et al., 2016). The adversary is assumed to have full knowledge of the channel, detection algorithms, and coding schemes, with only the secret key or randomness being private.

A critical distinction is made between content security (hiding the message’s semantic contents) and behavioral or structural security (hiding the communication act itself, including timing, topology, or protocol deviations). Recent frameworks treat both axes jointly (Yang et al., 2019).

2. Fundamental Limits and Scaling Laws

The dominant limitation of covert communication is captured in the square-root law: in memoryless, noise-limited channels, the maximum number of covert bits that can be reliably and covertly transmitted over $n$ channel uses is $O(\sqrt{n})$ (Bash et al., 2014, Bullock et al., 2016, Ramtin et al., 2024). For AWGN channels (optical, radio) and classical-quantum channels, attempting to send more than $O(\sqrt{n})$ bits results in detection by the warden with probability approaching one (Bash et al., 2014, Bullock et al., 2016, Ramtin et al., 2024). This law arises from the weak scaling of signal energy relative to noise fluctuations: to avoid detection, the total transmitted energy must be buried beneath noise, resulting in vanishing per-symbol rates.

Regime	Achievable Covert Bits	Conditions
Classical AWGN, memoryless	$O(\sqrt{n})$	No external jamming, strict covertness
Quantum channels (bosonic)	$O(\sqrt{n})$	Noise required for non-trivial CC
Continuous-time w/ jammer	$\Theta(n)$	Full 'uninformed' jamming assistance (Li et al., 2020)
Channels with non-causal CSI	$O(n)$ (positive rate)	CSI at transmitter, resolvability (Lee et al., 2017, ZivariFard et al., 22 Jan 2025)
Action-dependent states	$O(n)$ (positive rate)	Adversarially chosen but known states (ZivariFard et al., 22 Jan 2025)

In compound or state-dependent channels, a variant of the square-root law applies: the number of covert bits scales as $L^*(\delta)\sqrt{n}$, determined by channel divergence and correlation parameters (Salehkalaibar et al., 2019). In channels with certain forms of side information (e.g., with non-causal CSI, action-dependent states), and in continuous-time channels augmented with uninformed jammers, the square-root law can be overcome, permitting positive-rate ($\Theta(n)$) covert communication (Lee et al., 2017, ZivariFard et al., 22 Jan 2025, Li et al., 2020).

3. CC Methods: Physical, Network, and Algorithmic Channels

CC schemes fall into several broad methodological categories:

• Physical-layer embedding: Information is encoded in low-probability signaling (e.g., sparse pulse-position, on-off keying), fine-grained power control, and artificial noise addition. These schemes are most often analyzed under the square-root law and are optimal under adversarial detection (Bash et al., 2014, Forouzesh et al., 2018, Xie et al., 7 May 2025).
• Federated learning and distributed ML: In collaborative deep learning, covert channels are constructed by poisoning attacks that bias small subsets of model parameters across rounds, encoding bits in the aggregate trajectory. Such schemes achieve robust, high-bandwidth CC without affecting model accuracy, and evade existing statistical, norm- or accuracy-based defenses (Liang et al., 2023).
• History Covert Channels (HCC): These refer not to altering new packets, but to sending small “pointers” to historical traffic or timing features, thereby exploiting network noise or pre-existing events (“Silent History Protocol”). HCCs can provide high capacity with negligible statistical footprint under network traffic analysis (Weissenborn et al., 27 Nov 2025).
• Behavioral and timing steganography: Bits are encoded in user actions (e.g., social media post times, connection patterns), camouflaged to match the temporal, graph, and content statistics of the broader population (Yang et al., 2019).
• Key expansion and randomness extraction: Covert communication can be repurposed to expand shared keys: if messages are covert, their contents are also information-theoretically secret; protocols can be arranged so that the number of secret bits output exceeds the input ones, under proper noise and block-design constraints (Arrazola et al., 2017).

4. Covert Communication in the Presence of Adversaries and Uncertainty

In practical and adversarial regimes, covert communication must account for:

• Powerful physically-permitted adversaries: Adversaries (Willie) may exploit quantum memory, joint measurements, or worst-case channel knowledge. Security is defined in information-theoretic terms, and is maintained even when the adversary’s capabilities outstrip those of the legitimate parties (Bash et al., 2014, Bullock et al., 2016, Liu et al., 2017).
• Channel uncertainty and fading: Block-fading, estimation error, and channel uncertainty directly affect both detection performance (via thresholds) and achievable rates. Under high uncertainty at the warden, covertness constraints are relaxed, increasing achievable covert rates; however, increased uncertainty at legitimate receivers degrades both covert and overt performance (Shahzad et al., 2017, Wang et al., 2021, Ramtin et al., 2024).
• Adversarial detection and defense failures: Classical defenses in federated learning (differential privacy, clustering, norm clipping, update validation) fail to detect well-designed small-bias poisoning-based CC; only noise magnitude comparable to the embedded signal can suppress the covert channel, but at the cost of model utility (Liang et al., 2023). In HCC, classical traffic anomaly detectors (KS-tests, gzip-compressibility, ML/LSTM models) fail to distinguish pointer-based CC at realistic operating points (Weissenborn et al., 27 Nov 2025).

5. Protocol Design and Achievability Constructions

CC protocols employ carefully engineered signaling and embedding strategies:

• Power control and jamming optimization: Optimization of artificial noise power, codebook parameters, and power sharing between Alice and friendly jammers is central to maximizing covert throughput under reliability and covertness constraints (Xie et al., 7 May 2025, Forouzesh et al., 2018).
• Structured embedding and extraction in distributed learning: A subset of model parameters is modulated with small, sign-controlled bias (poisoning), and the receiver aggregates their temporal evolution over multiple federated rounds for error-free decoding. Payload and undetectability are traded off by tuning embedding magnitude η, size of parameter subset P, and cycle length n (Liang et al., 2023).
• Block-Markov coding and state-derived secret generation: For channels with state-side information, schemes use block-Markov chaining, Wyner–Ziv source coding and Gelfand–Pinsker binning so that secret keys are distilled from state randomness in each block, supporting o(1) secret-key usage and O(n) message embedding (ZivariFard et al., 22 Jan 2025, Lee et al., 2017).
• History-pointer algorithms (SHP): Covert bits are represented as deterministic hash-functions of network history, and transmitted by emitting pointer packets synchronized to natural traffic events; error correction and pointer collisions are managed by cyclic redundancy and subchanneling (Weissenborn et al., 27 Nov 2025).
• GAN-based and ML-driven autoencoder architectures: In modern wireless and multi-user systems, neural generative modeling (covert GANs) jointly optimizes covertness, payload reliability, and user utility. The adversarial loss loop between sender (generator), receiver (decoder), and detector (discriminator) enforces undetectability while maximizing covert throughput, and is robust across channel models (Teshnizi et al., 2023).
• Optimization via LLMs and retrieval-augmented generation (RAG): For complicated parameter spaces (multi-constraint power control under full-duplex AN), AI-driven solvers with MoE architectures and RAG can synthesize and validate protocol parameters at scale, achieving high accuracy in closed-form derivations and simulation code (Xie et al., 7 May 2025).

6. Practical Implications and Future Directions

Practical covert communication supports bitrates up to O(√n) per n channel uses in most memoryless channels, but can achieve O(n) in the presence of adequate randomness (state knowledge, action-dependent states, or external jamming) (Lee et al., 2017, ZivariFard et al., 22 Jan 2025, Li et al., 2020). In federated learning, up to tens of thousands of bits can be covertly transmitted with no learning performance degradation, and defense requires across-round cross-parameter anomaly detection, which is computationally expensive (Liang et al., 2023). HCC-based pointer channels achieve two orders of magnitude better rates than prior timing CCs while remaining indistinguishable from benign background traffic (Weissenborn et al., 27 Nov 2025).

Key open challenges include:

• Lightweight, trajectory-aware detection mechanisms to monitor persistent, low-amplitude embedding patterns in high-dimensional systems (Liang et al., 2023).
• Joint content-behavioral embedding and detection for systems observable across both content and user-action dimensions (Yang et al., 2019).
• CC in decentralized or permissionless distributed systems (e.g., blockchain, federated multi-agent learning), where both statistical and behavioral attacks must be concurrently addressed.
• LLM-driven adaptivity for context-aware protocol and power adaptation, with seamless integration of domain-specific constraints and real-time feedback (Xie et al., 7 May 2025).
• Information-theoretic analysis of key expansion, perhaps in quantum or hybrid computational-compositional frameworks (Arrazola et al., 2017, Liu et al., 2017).

7. Representative Case Studies and Experimentally Validated Systems

• Covert FD-AN power optimization: LLM-guided symbolic reasoning supports real-time AN power scheduling in 6G wireless to maximize covert throughput and adapt to channel changes, outperforming traditional optimization and code synthesis baselines (Xie et al., 7 May 2025).
• Federated learning covert channel: Model poisoning enables robust, undetectable bit embedding at rates up to 10,000 bits per 200 rounds on ResNet-18 for CIFAR-10, with zero bit-error-rate up to 50% server-added Gaussian noise (Liang et al., 2023).
• History Covert Channel (SHP): In LAN tests, SHP achieves 2.68 bps on real traffic, 121 bps in high-traffic synthetic LAN regimes, and remains undetectable under KS-test, compressibility, and ML-based analysis (Weissenborn et al., 27 Nov 2025).
• Experimental fiber-optic CC: Unconditionally secure CC over 10 km DWDM optical fiber links achieved reliable message transmission with detection biases <0.07, and no error, in typical metropolitan distances (Liu et al., 2017).

• Covert communication based on the poisoning attack in federated learning (Liang et al., 2023)
• Covert optical communication (Bash et al., 2014)
• Covert communication in continuous-time systems (Li et al., 2020)
• Covert communication over a compound channel (Salehkalaibar et al., 2019)
• Experimental unconditionally secure covert communication in DWDM networks (Liu et al., 2017)
• Secret key expansion from covert communication (Arrazola et al., 2017)
• Behavioral security in covert communication systems (Yang et al., 2019)
• Covert communication in wireless relay networks (Hu et al., 2017)
• Fundamental limits of covert communication over classical-quantum channels (Bullock et al., 2016)
• Covert communication with channel-state information at the transmitter (Lee et al., 2017)
• Fundamental scaling laws of covert communication in the presence of block fading (Ramtin et al., 2024)
• Covert communication in fading channels under channel uncertainty (Shahzad et al., 2017)
• Covert communication in autoencoder wireless systems (Teshnizi et al., 2023)
• Covert communication achieved by a greedy relay in wireless networks (Hu et al., 2017)
• Information-theoretic security or covert communication (Forouzesh et al., 2018)
• Shadow wireless intelligence: LLM-driven reasoning in covert communications (Xie et al., 7 May 2025)
• Probabilistic accumulate-then-transmit in wireless-powered covert communications (Wang et al., 2021)
• Covert communication via action-dependent states (ZivariFard et al., 22 Jan 2025)
• Silence speaks volumes: a new paradigm for covert communication via history timing patterns (Weissenborn et al., 27 Nov 2025)