[Cryptography] quantum computers & crypto

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Nov 7 01:08:34 EDT 2021


Christian Huitema <huitema at huitema.net> writes:

>The general guidance that I read is "don't do that, because compressing
>different clear texts results in different compressed lengths, and the
>adversary can use the length to guess the message." But then, by definition,
>compression reduces the entropy of the compressed plain text, which makes the
>heuristics that you describe here harder. So, what gives?

"Don't compress before encryption" applies to specific very carefully-chosen
examples for conference papers (CRIME, BREACH, etc).  "Compress before
encryption" applies to real life.

Peter.



More information about the cryptography mailing list