[Cryptography] quantum computers & crypto

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>A paper quite some time ago showed that encrypted, compressed speech could be
>read with reasonable accuracy just by looking at the lengths of blocks in
>streams of compressed packets.  Similarly, determining which of the top 1000,
>say, most popular web sites is being browsed in an encrypted session has been
>shown to be pretty easy - again based on the lengths of the messages being
>exchanged.

There's a neverending series of papers on this, covering encrypted speech,
video and other types of content, but they're really just traffic analysis
papers rather than anything specific to compression use.  Even when
compression is used - and for a lot of the papers it isn't - it just changes
the problem to a slightly different form of traffic analysis.

>The fix for this is of course well known:  Padding.

That doesn't work either, there's an accompanying string of papers showing
that all of the obvious traffic-hiding/morphing techniques don't really work.

In a nutshell, defence against traffic analysis is really, really hard.  More
generally, the more interactive your traffic is - in the case of the CRIME
attack I referenced the victim's browser is under the control of the attacker
and does the attacker's bidding - the easier it is for at least some of your
crypto guarantees to be bypassed.

Peter.