[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?

[Hanno Böck]

On Wed, 6 May 2015 10:15:02 +0200
Francois BERENGER <francois.berenger.fun at gmail.com> wrote:

> then, instead of encrypting the whole resulting pair (to save some
> time), we would send over the wire
> 
> (symmetric_encrypt(compression_dictionary, secret_key),
> compressed_text)

That almost certainly would result in an insecure construction. While
an attacker can not regenerate the full secret text he'll learn a lot
about it, e.g. things like "this starts with a pattern that is then
repeated 3 times at certain locations in the text". That doesn't
fulfill any reasonable definition of encryption security.

It also hardly makes sense. Performance of symmetric encryption is
largely a non-issue these days. Compression performance is a trade-off.
There are very fast algos, but obviously they aren't the best
compressing ones.

I don't see any reasonable performance gain in a combined algorithm.

BUT and here comes the big BUT: It is tricky to combine compression and
encryption at all. Numerous attacks in the past have shown that this
combination is super-dangerous, e.g. the CRIME and BREACH attack.

I think for HTTP/2 there was some work done on creating a compression
system that is immune to these kinds of attacks (hpack), but I am not
familiar with the details.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150507/2f9e1a55/attachment.sig>