Compression and Information Leakage of Plaintext
- Cite this paper as:
- Kelsey J. (2002) Compression and Information Leakage of Plaintext. In: Daemen J., Rijmen V. (eds) Fast Software Encryption. FSE 2002. Lecture Notes in Computer Science, vol 2365. Springer, Berlin, Heidelberg
Cryptosystems like AES and triple-DES are designed to encrypt a sequence of input bytes (the plaintext) into a sequence of output bytes (the ciphertext) in such a way that the output carries no information about that plaintext except its length. In recent years, concerns have been raised about ”side-channel” attacks on various cryptosystems—attacks that make use of some kind of leaked information about the cryptographic operations (e.g., power consumption or timing) to defeat them. In this paper, we describe a somewhat different kind of side-channel provided by data compression algorithms, yielding information about their inputs by the size of their outputs. The existence of some information about a compressor’s input in the size of its output is obvious; here, we discuss ways to use this apparently very small leak of information in surprisingly powerful ways.