[Cryptography] Summary: compression before encryption

Ray Dillinger bear at sonic.net
Thu Jan 15 15:11:11 EST 2015

In general, compression algorithms ought to be beneficial in
cryptography.  Greater information density means less redundant
structure of the sort that results in "cribs" for the analysts
to use.  The problem with most compression programs is that
they have very distinctive headers that instead provide cribs
for the analysts in the first few hundred bytes of the file.

It would actually be fairly easy to make a compression format
that is safe to use with cryptography.  It is also easy to
encrypt in a way that is safe to use with compression.

So you could solve the problem in either of two ways.  On
the encryption side, absolutely regardless of where in the
file the predictable header information might be, you could
simply apply a whole-file transformation during encryption.
It would suffice to loop through the file twice in a block
cipher using CBC mode for example, making every bit of the
output depend on every bit of the file.

On the compression side, where you actually know exactly
which bytes are the header, you could do something that
would work with streamed data, not requiring access to the
whole ciphertext before someone can start decrypting. It's
essentially the same thing as above, but only applied to
the section of the file containing the header and some
immediately adjacent compressed data. So, when someone is
decompressing a file with a 1k header block for example,
he might start by scrambling blocks 1-3 of the compressed
file and XORing the result with block 0 to get the header

We don't need security in the compression side; he could
use a simple "scramble" here instead of a real cryptographic
hash. The compressor could use pretty much any method that
achieves the diffusion needed without worrying about adding
confusion.  Confusion is the job of the cryptography (in
the cases where the compressed format gets encrypted). But
the scramble would make the format safe to use with


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150115/ef56e460/attachment.sig>

More information about the cryptography mailing list