[Cryptography] quantum computers & crypto
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Nov 7 01:08:34 EDT 2021
Christian Huitema <huitema at huitema.net> writes:
>The general guidance that I read is "don't do that, because compressing
>different clear texts results in different compressed lengths, and the
>adversary can use the length to guess the message." But then, by definition,
>compression reduces the entropy of the compressed plain text, which makes the
>heuristics that you describe here harder. So, what gives?
"Don't compress before encryption" applies to specific very carefully-chosen
examples for conference papers (CRIME, BREACH, etc). "Compress before
encryption" applies to real life.
Peter.
More information about the cryptography
mailing list