[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?
francois.berenger.fun at gmail.com
Sat May 9 08:01:54 EDT 2015
On Thu, May 7, 2015 at 12:16 AM, Hanno Böck <hanno at hboeck.de> wrote:
> On Wed, 6 May 2015 10:15:02 +0200
> Francois BERENGER <francois.berenger.fun at gmail.com> wrote:
> > then, instead of encrypting the whole resulting pair (to save some
> > time), we would send over the wire
> > (symmetric_encrypt(compression_dictionary, secret_key),
> > compressed_text)
> That almost certainly would result in an insecure construction. While
> an attacker can not regenerate the full secret text he'll learn a lot
> about it, e.g. things like "this starts with a pattern that is then
> repeated 3 times at certain locations in the text". That doesn't
> fulfill any reasonable definition of encryption security.
> It also hardly makes sense. Performance of symmetric encryption is
> largely a non-issue these days. Compression performance is a trade-off.
> There are very fast algos, but obviously they aren't the best
> compressing ones.
> I don't see any reasonable performance gain in a combined algorithm.
If such method exists, I can measure how fast it is compared
to compressing then encrypting the whole output of compression.
I guess it will matter on large data, which my system is supposed to handle
> BUT and here comes the big BUT: It is tricky to combine compression and
> encryption at all. Numerous attacks in the past have shown that this
> combination is super-dangerous, e.g. the CRIME and BREACH attack.
> I think for HTTP/2 there was some work done on creating a compression
> system that is immune to these kinds of attacks (hpack), but I am not
> familiar with the details.
> Hanno Böck
> mail/jabber: hanno at hboeck.de
> GPG: BBB51E42
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography