Tuesday, June 28, 2016

[cvxgcxbv] Compress then random pad then encrypt

Compression before encryption used to be unambiguously recommended because it conceals structures in the plaintext like letter frequency that could aid cryptanalysis.  However, exploits like CRIME and BREACH cast doubt on whether compression is such a good idea, as information about structure of the plaintext gets visibly leaked as length of the ciphertext.

The acceptability of block ciphers in counter mode suggest that structure of the plaintext does not need to be concealed at all, so long as you aren't doing something silly like ECB mode.  (People used to be wary of counter mode.)

Consider compressing the plaintext, then padding the plaintext with random data to the length of the original plaintext.  There may be clever ways involving the encrypting cipher itself to generate the padding.  The purpose of the compression is not to decrease transmission cost, but to conceal plaintext structure, just in case that is still useful to do.

No comments :