[Cryptography] Summary: compression before encryption

Nemo nemo at self-evident.org
Sun Jan 25 17:47:30 EST 2015

Jerry Leichter <leichter at lrw.com> writes:

> That's not what the claim about one bit is about.  If you want
> semantic security, you can't use a mode like CBC (which doesn't come
> closet to providing it).

CBC mode is provably secure against chosen-plaintext attack assuming the
underlying block cipher is. Pull up
http://theory.stanford.edu/~trevisan/books/crypto.pdf and search for
"CBC" for a proof.

> Semantic security requires that you be able to securely transmit a
> single bit, even in the face of a chosen-plaintext attack.  That
> immediately implies that encryption with a particular key *cannot be
> deterministic*.

CBC mode obtains the requisite non-determinism from its random IV. It is
a perfectly good mode, superior to many defined later (e.g. the
laughable "PCBC mode" created by overconfident M.I.T. undergrads). Lots
of good lessons in this particular history.

Anyway, this is extremely elementary stuff, so I am guessing you made a
typo and meant "ECB mode" (?)

 - Nemo

More information about the cryptography mailing list