[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?

Ray Dillinger bear at sonic.net
Sat May 9 21:15:01 EDT 2015

On 05/09/2015 01:48 PM, Ben Laurie wrote:
> On 9 May 2015 at 21:47, Ben Laurie <ben at links.org> wrote:
>> On 8 May 2015 at 22:23, Bill Frantz <frantz at pwpconsult.com> wrote:
>>> Probably compression is safe if each source of data is compressed
>>> separately.
>> Surely not. Some plaintexts of the same length compress shorter than
>> others. That gives me a distinguisher. If I have a distinguisher, it
>> is not "safe".
> P.S. you can fix this with padding.

Which, sorta, defeats the initial purpose of compression.

Unless you simply state a priori, "all messages will be compressed
by exactly 30%" or something, add padding if compression is better
than that, and reject messages for which compression is worse.  Now
the only thing an attacker can tell is that the original message
was exactly 30% longer, AND was at least 30% compressible.

Hmmm.  That's actually not a bad construction when working with
data that's fairly reliably compressible (text, etc).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150509/e3c811c5/attachment.sig>

More information about the cryptography mailing list