Full Capacity Steganography

Updated 29 October 2025

Full capacity steganography is a field that maximizes the amount of covert data in cover media while ensuring undetectability and high fidelity.
Modern methods employ deep neural networks, invertible architectures, and adaptive strategies to achieve near-theoretical payload limits across images, video, speech, and text.
Engineering trade-offs between capacity, imperceptibility, and robustness are addressed through innovative capacity-distortion metrics and security constraints.

Full capacity steganography refers to the practical and theoretical maximization of the amount of hidden information that can be embedded in a cover medium—be it image, speech, video, or text—subject to a prescribed level of security (undetectability), fidelity (imperceptibility), and robustness. The concept is anchored in information-theoretic treatments of steganographic rate, but has evolved to encompass both operational codes (e.g., structured datasets, neural networks, invertible algorithms) and strong indistinguishability constraints. Across modalities, modern full capacity steganography is characterized by the simultaneous achievement of near-channel-rate payloads and resistance to advanced detection, under sometimes adversarial or adaptive conditions.

1. Theoretical Framework: Steganographic Capacity

The foundational studies of steganographic capacity provide the upper bound on undetectable embedding rates for given channels and attack models. Using the information-spectrum approach (0810.4171), the secure steganographic capacity of a general channel $(W, g, A)$ , where $W$ is a (potentially non-stationary) encoder channel, $g$ a steganalyzer sequence, and $A$ an attack channel, is

$C(W, g, A) = \sup_{X \in S_0} \underline{I}(X; Z)$

where $S_0$ is the set of input distributions not triggering detection, $\underline{I}(X; Z)$ is the spectral inf-mutual information rate between input $X$ and channel output $Z$ . For noiseless channels, capacity degenerates to the growth rate of the permissible set ( $|\mathcal{P}_g|$ ); for memoryless Gaussian channels with power/variance detection, to $\frac{1}{2}\log\left(1+\frac{c}{\sigma_e^2+\sigma_a^2}\right)$ , with $c$ the permissible variance.

Perfect undetectability further constrains steganographic mappings: capacity is maximized under the constraint $P_X = P_S$ , where $P_X$ is the stegotext distribution and $P_S$ the cover distribution [0702161]. Under uniform cover distributions and symmetric distortions, there is no capacity loss for perfect security; randomized constructions (e.g., via permutation binning) achieve this upper bound.

These general formulas establish the ceiling against which all practical full capacity steganography is measured.

2. Modalities and Practical Algorithms

Full capacity steganography research spans images, speech, video, and text, each with unique embedding and detection properties.

Image and Video

Historically, classical bit-plane techniques (e.g., LSB, DCT) were limited to a few bits per pixel due to rapid onset of perceptible or statistical distortion. Modern approaches employ:

Deep Neural Networks: StegNet achieves 23.57 bpp (bits per pixel) payloads, embedding full-sized RGB images, altering only ∼0.76% of cover pixels. Payload approaches the theoretical maximum for pixelwise embedding (Wu et al., 2018). FC-DenseNet, SteganoGAN, and MIAIS similarly achieve image-to-image full-size hiding.
Invertible Architectures: InvMIHNet conceals/retrieves up to 16 images per cover (Chen et al., 2023); SMILENet extends this to 25 via cover-driven mosaic embedding, invertible or non-invertible modules, and a capacity-distortion metric (Huang et al., 7 Mar 2025).
Foveated and Latent Models: Foveation-based methods leverage varying perceptual sensitivity across the image to maximize bits in less sensitive areas, yielding payloads 5× higher than prior latent models at comparable PSNR/LPIPS (Lin et al., 15 Oct 2025).
Coverless/Yolo-based: Dynamic substring matching, object detection, and combinatorial keying (e.g., 19 bits/image with only 200 images in database) achieve full-capacity coverless steganography with minimal database bloat and high robustness (Liu et al., 22 Jan 2024).

Video steganography similarly advances through invertible neural pipelines (LF-VSN: 7 videos hidden in 1, key-controllable), indicating scalable full-capacity schemes for temporal media (Mou et al., 2023).

Speech

For low-bit-rate speech, full utilization of available quantization parameters (e.g., the three LSP codebook indices in G.723.1) sets the maximum rate. The 3D-Magic matrix method embeds 6 bits/frame (200 bps)—double previous QIM bounds—while maintaining ≤3% PESQ quality loss and statistical undetectability (Yang et al., 2018).

Text (Linguistic Steganography)

Entropy-Driven Mappings: RTMStega uses rank-based adaptive coding and entropy monitors, tripling payload (e.g., 17.3% vs 5.3% for baselines) while achieving statistical indistinguishability and rapid encode/decode (Jiang et al., 27 Oct 2025).
Interval Shifting/Merging: ShiMer applies symmetric-key, pseudorandom interval shifting in LLM probability space, achieving near-entropy limit utilization and indistinguishable outputs, with efficient, always-correct decoding (Bai et al., 1 Jan 2025).
Semantic Steganography: Moving from token-level to semantic entity selections, capacity is determined by the richness of the semantic space (e.g., ~28.5 bits/sentence; bit/token ratio more than double that of adaptive LLM sampling), with resilience to token and semantic perturbations (Bai et al., 15 Dec 2024).
Color Coding/Numeration: For stylized text, combinatorial color assignments (up to 75% capacity per character block) far exceed traditional schemes limited by pattern or compression (Sadié et al., 2020).

3. Engineering Trade-offs: Capacity, Imperceptibility, and Security

The pursuit of capacity must balance distortion and detectability:

Image Quality Metrics: Peak SNR, SSIM, and subjective evaluations are core quality measures. Modern deep/full-capacity methods (StegNet, InvMIHNet, SMILENet) ensure PSNR ≥ 36 dB at max payload.
Robustness to Steganalysis: Dense, learned mappings (StegNet, SteganoGAN), invertible transforms, and key-controlled embed-reveal cycles (SMILENet, LF-VSN) defeat classical and advanced steganalysis (RS analysis, StegExpose, SRNet, Zhu-Net).
Textual Naturalness: Choices like entropy normalization and semantic entity mapping ensure stegotext is indistinguishable under sampling, perplexity, and semantic quality metrics (e.g., GPT-4 scoring).

There exists a practical security/capacity boundary. As capacity approaches the information-theoretic channel maximum, even minuscule cover distortions risk detection by sensitive adversaries, and some modalities (e.g., low-entropy text, fixed semantic content) present hard limits. In the context of perfectly secure steganography ( $P_X = P_S$ ), actual capacity is bounded by cover distribution entropy and practical constraints on code construction [0702161].

4. Techniques Exploiting Channel and Cover Redundancy

Full-capacity schemes achieve their rates by leveraging:

Redundant numerical representations: Use of generalized Fibonacci, adjunctive, or other non-standard number system decompositions enables more flexible, higher-order bit-planes without compromising order statistics (Collins et al., 2016, Abdulla et al., 2020).
Mosaic and spatial multiplexing: Arranging multiple secrets in a mosaic form along low-correlated axes (SMILENet, InvMIHNet) allows simultaneous, non-interfering embedding.
Latent and conditional spaces: VQGAN/F4-based encodings and attention-driven fusion unlock structure for precise, dense payloads (Lin et al., 15 Oct 2025).
Adaptive strategies: Foveated metameric loss and semantic-space coding dynamically concentrate fidelity or information density, matching both human perceptual and channel-aligned redundancy (Lin et al., 15 Oct 2025, Bai et al., 15 Dec 2024).

5. Capacity-Distortion-Evaluation Paradigms

The necessity for fair comparison across variable $N$ (number of hidden objects/messages), distortion, and robustness has produced new evaluation paradigms:

Capacity–Distortion Curves: SMILENet's metric (normalized sum mutual information per secret under explicit distortion constraint) enables unified performance comparison across embedding rates, number of secrets, and covering modalities (Huang et al., 7 Mar 2025).
BITS-per-token/PSNR: Payload is systematically reported per pixel/character/token with reference to theoretical and practical maxima, allowing benchmarking under standardized fidelity targets.
Error exponents: Reliability is quantified via embedding error exponents, linked to code length and target error, especially in the context of perfectly secure schemes [0702161].

6. Practical and Security Implications

Full capacity steganography advances have immediate implications for both steganographer and analyst:

In symmetric, high-rate channels with matched cover and stego probabilities, capacity is channel-entropy limited and practical schemes can approach this limit [0702161, (0810.4171)].
For non-symmetric or constrained sources, advanced designs (mosaic, invertible, adaptive) are required to match the ceiling set by information-spectrum calculations, and may need to forgo a fraction of channel capacity for imperceptibility or robustness guarantees.
Modern detection approaches must adapt, as distributed, learned, or semantically aligned payload architectures present few exploitable statistical signatures.
For text, semantic and entropy-aware methods demonstrate robustness to editing, paraphrasing, or token mutation, crucial for real-world covert scenarios.

7. Outlook and Limitations

Despite dramatic empirical gains, full capacity steganography is bounded by principled signal and statistical constraints:

Absolute capacity is ultimately defined by the permissible set under all relevant adversaries; in many practical settings this set may be implicit, unknown, and evolving.
Hard limitations are found in low-entropy or semantic rigidity, where little or no information can be covertly embedded (e.g., minimal-diversity text, fixed answers).
Computational complexity: Non-invertible, large-scale, or adaptive pipelines may challenge real-time, resource-constrained, or distributed scenarios.
Key management: For perfectly secure or coverless schemes, secret sharing and randomized mapping pose real operational demands.

Nevertheless, the field continues to move toward realizing the full information-theoretic capacity prescribed by channel and adversary models, with empirical systems increasingly providing both robust security and near-maximal data rates under real-world conditions.