[Cryptography] Compression before encryption?

Roland C. Dowdeswell elric at imrryr.org
Fri Jan 9 14:22:42 EST 2015

On Fri, Jan 09, 2015 at 01:22:14PM +0100, Stephan Neuhaus wrote:

> I have come across the recommendation to "compress before you encrypt", on
> the grounds that this makes plaintext recognition through frequency analysis
> much harder.
> However, compression algorithms surely have easily recognisable headers,
> right?  Also, I seem to recall a paper that did interesting things with
> encrypted compressed plaintext, but I can't recall any details.
> So, does any one know what paper I might be referring to?  Or is there any
> other hard evidence (not personal opinion, however well-informed, please)
> that compression before encryption does or does not help?

You need to be careful as compression can expose certain kinds of
"chosen plaintext" attacks.  Basically, if you can insert chosen
plaintext early in the compressed stream then it affects the size
of the resultant compressed stream in predictable ways that give
you insight into what the rest of the stream contains.

This is demonstrated in the exploit CRIME (Compression Ratio
Info-leak Made Easy) https://en.wikipedia.org/wiki/CRIME

    Roland Dowdeswell                      http://Imrryr.ORG/~elric/

More information about the cryptography mailing list