1994-05-30 - Re: Compress before encrypting? (Was Re: NSA Helped Yeltsin…)

Header Data

From: jpp@jpplap.markv.com (Jay Prime Positive)
To: cypherpunks@toad.com
Message Hash: d480ddcf6ad1794777b67cae7574ac60f38d54f0615636397d367f11428e4806
Message ID: <m0q87CU-0003paC@jpplap>
Reply To: <9405272043.AA23269@loki.idacom.hp.com>
UTC Datetime: 1994-05-30 14:17:05 UTC
Raw Date: Mon, 30 May 94 07:17:05 PDT

Raw message

From: jpp@jpplap.markv.com (Jay Prime Positive)
Date: Mon, 30 May 94 07:17:05 PDT
To: cypherpunks@toad.com
Subject: Re: Compress before encrypting?  (Was Re: NSA Helped Yeltsin...)
In-Reply-To: <9405272043.AA23269@loki.idacom.hp.com>
Message-ID: <m0q87CU-0003paC@jpplap>
MIME-Version: 1.0
Content-Type: text/plain

   From: Martin Janzen <janzen@idacom.hp.com>
   Date: Fri, 27 May 94 14:43:02 MDT

   Most compression programs add a characteristic signature to the beginning
   of the compressed output file.  If a cryptanalyst guesses that you may
   be compressing before encrypting, wouldn't this make his job easier?
   To me, this sounds as though you're adding a known bit of "plaintext" to
   the start of each message.

  In short, you are right, compression algorithms often _do_ include a
magic number at the begining.

  However, compression algorithms intended for cryptographic
applications don't have to include a magic number.  This is especialy
true if the crypto system is never used without the compression

  And if magic numbers are unavoidable, then they can be put at the
end, and the system run in CFB or CBC modes.  Alternatively, a random
block can be prepended to the plaintext, and then exored with each of
the folowing plaintext blocks (thus creating a garanteed flat
distribution for the first bytes of the plain text).

  Finaly, the state of the art in cryptanalysis (as far as I know),
sugests that modern crypto systems aren't as vulnerable to known
plaintext as past systems.  The best attacks I know of (differential,
and linear cryptanalysis) require masive (about 2^30 blocks for DES)
amounts of known, or chosen, plaintext -- though miniscule relative to
the key size (2^56 again for DES).