XOR Encryption for Hidden Watermarks

Adding a Security Layer with XOR

LSB steganography hides data, but it does not protect it. Anyone who knows the technique can extract the raw bits and read the message. XOR encryption adds a lightweight security layer that makes the embedded data unreadable without the correct key.

How XOR Works

XOR (exclusive OR) is a bitwise operation:

0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0

The critical property: applying XOR twice with the same key restores the original value.

plaintext  XOR key = ciphertext
ciphertext XOR key = plaintext

Implementation

Before embedding, each byte of the message is XORed with the corresponding byte of the key (cycling the key if it is shorter than the message):

function xorEncrypt(message: Uint8Array, key: string): Uint8Array {
  const keyBytes = new TextEncoder().encode(key);
  const result = new Uint8Array(message.length);
  for (let i = 0; i < message.length; i++) {
    result[i] = message[i] ^ keyBytes[i % keyBytes.length];
  }
  return result;
}

Security Considerations

XOR with a short, repeating key is not cryptographically strong — it is vulnerable to frequency analysis. However, for watermarking purposes it provides meaningful protection:

• Without the key, extracted data looks like random noise
• Brute-forcing is impractical if the key is long enough (16+ characters)
• Plausible deniability — without the key, there is no proof a message exists

Key Recommendations

Key Length	Strength	Use Case
4-8 chars	Weak	Casual deterrent
16-32 chars	Moderate	Copyright watermarks
64+ chars / passphrase	Strong	Sensitive data

For maximum security, use a long passphrase and combine XOR with additional measures like hashing the key with SHA-256 before use.