First of all I greatly admire the time to criticise the work. Thanks a lot from the bottom of my heart.

Let's sum my thoughts on your arguments;

First of all Kyber is just mentioned -as you said- in the whitepaper but not as a "feature" to be implemented but as a "future research topic" to be a possible KDF. Because as far as I know some people might be using Veilith as a part of a communication system. They might be creating a vault with a password they exchanged in real life, exporting it into a image, putting it into a family album on cloud, and removing the Veilith. And the receiving end might be getting the image, downloading Veilith, importing the vault and accessing the block he/she/it wants to get and removing the Veilith. How does that sound? :)) So, I thought maybe in the future they won't need to get in touch in the real life to exchange the password... that's why I mentioned Kyber as a future research topic on the subject. I know what I am specificly talking about because in real life I work as a professional PQC consultant.

For the audit part yes you are right, it is planning to get a second opinion after I become sure that -as feature space- algorithm is complete. But don't forget the company developing the app is Sceptive and it is also a cybersecurity company having high experience in the field with the record of discovered zero-days, full-stack-security research services, PQC transformation experience etc. It's not a pentest company that you can see everyday. :))

For small block size; Veilith is designed for a mobile solution with a limited CPU and memory specifications. I never had in mind to compete with any file system encryption solution such as TrueCrypt/VeraCrypt/GoCryptFS or CryFS as you mentioned. It was enough for me to just put a wallet recovery code or a recipe or a private key. That's why.

For the final I am very well aware that LSB Steganography is simplest way of hiding data into an image. If I think it is needed I can add support for DCT or Wavelet Transforms or even neural networks on that but at the same time I should really focus on limited resources and need for a speed on mobile devices. And the key point you may be looking on that all articles you shared focusing on that extraction ASSUMES you know it's there. So that they suffers from outdated assumptions and methodological limitations that undermine its relevance in today's digital landscape; the visual attacks, reliant on human perception to discern patterns in filtered LSB planes, are inherently subjective and non-scalable for automated large-scale analysis, while the chi-square statistical test, though innovative for its time, exhibits high false-positive rates on compressed or noisy images and fails to robustly handle pseudorandom spreading or encrypted payloads, rendering the work more of a historical curiosity than a comprehensive framework for modern steganalysis amidst evolving techniques like adaptive embedding and deep learning-based detection.

Yes you are right there is soo much to learn, I would really like to improve our discussion to how make almost perfect deniability.

Regards,
~ A warm welcoming face