[Cryptography] coding for compression or secrecy or both or neither

Henry Baker hbaker1 at pipeline.com
Tue Jan 20 23:47:39 EST 2015

Re compressible ciphertexts:

If I take a binary ciphertext and replace every "0" bit with the sequence "00", the result is compressible, but is no less (and no more) secure than the original ciphertext.

In fact, we do something analogous all the time: we embed the ciphertext in various kinds of error-correcting codes, which are then stripped off at the receiving end.

So long as the redundancy of the ciphertext is 100% uncorrelated with the original plaintext, there's nothing wrong with a ciphertext that is highly compressible; one example is steganography, in which one encrypted message is hidden inside another cover message: think of a person blinking Morse Code in a prisoner-of-war video.

The usual reason for preferring uncompressible ciphertext is that it potentially maximizes the bit rate, but if bit rate isn't the most pressing problem, then other goals can be given priority.

More information about the cryptography mailing list