[Cryptography] Summary: compression before encryption

Jonathan Katz jkatz at cs.umd.edu
Wed Jan 14 12:52:28 EST 2015


On Tue, Jan 13, 2015 at 11:22 PM, Phillip Hallam-Baker
<phill at hallambaker.com> wrote:
>
>
> On Tue, Jan 13, 2015 at 5:23 PM, Nemo <nemo at self-evident.org> wrote:
>>
>> Nice summary, with one nitpick...
>>
>> Stephan Neuhaus <stephan.neuhaus at zhaw.ch> writes:
>>
>> > Another respondent (albert at puigsech.com) argued that
>> > Encrypt-then-Compress was also an option ("has its pros")
>>
>> Compression after encryption is nonsense. Under any modern definition of
>> "secure", a secure cipher's output is computationally indistinguishable
>> from random noise, which is not compressible.
>>
>> Put another way, to compress the long-run output of a cipher is to break
>> it, by definition.
>
>
> Its a little off topic but not much, but Rob Stradling and I have a way to
> compress CRLs that are essentially just collections of hashes.
>
> Yes, it is not possible to compress encrypted data if the encryption is any
> good and this is actually a good check to see if you have goofed by using
> ECB or whatever. But don't be too sure that random data can't compress.
> Sometimes it can - we get down to 3-4 bits per revoked cert.

Slightly tangential, but list members may be interested to know that
in some cases, and under certain assumptions, encrypted data *can* be
compressed; see:
  http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1337277
  http://www.cs.au.dk/%7Ecarmit/compressingAES_journal_revision_1.pdf


More information about the cryptography mailing list