On Hiding a Plaintext Length by Preencryption

  • Cihangir Tezcan
  • Serge Vaudenay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6715)


It is a well known fact that encryption schemes cannot hide a plaintext length when it is unbounded. We thus admit that an approximation of it may leak and we focus on hiding its precise value. Some standards such as TLS or SSH offer to do it by applying some pad-then-encrypt techniques. In this study, we investigate the information leakage when these techniques are used. We define the notion of padding scheme and its associated security. We show that when a padding length is uniformly distributed, the scheme is nearly optimal. We also show that the insecurity degrades linearly with the padding length.


Encryption Scheme Block Cipher Information Leakage Symmetric Encryption Security Notion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Albrecht, M.R., Watson, G.J., Paterson, K.G.: Plaintext Recovery Attacks Against SSH. In: IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp. 16–26. IEEE, Los Alamitos (2009)Google Scholar
  2. 2.
    Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Chor, B., Kushilevitz, E.: Secret sharing over infinite domains (Extended Abstract). In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 299–306. Springer, Heidelberg (1990)Google Scholar
  4. 4.
    Chor, B., Kushilevitz, E.: Secret Sharing over Infinite Domains. Journal of Cryptology 6, 87–95 (1993)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Degabriele, J.-P., Paterson, K.G.: Attacking the IPsec Standards in Encryption-only Configurations. In: IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp. 335–349. IEEE, Los Alamitos (2007)Google Scholar
  6. 6.
    Dierks, T., Rescola, C.: The TLS Protocol Version 1.2. RFC 5246, standard tracks, the Internet Society (2008)Google Scholar
  7. 7.
    Paterson, K.G., Yau, A.K.L.: Cryptography in theory and practice: The case of encryption in iPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12–29. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Paterson, K.G., Watson, G.J.: Plaintext-dependent decryption: A formal security treatment of SSH-CTR. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 345–361. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Phan, R.C.-W., Vaudenay, S.: On the impossibility of strong encryption over \(\aleph_0\). In: Chee, Y.M., Li, C., Ling, S., Wang, H., Xing, C. (eds.) IWCC 2009. LNCS, vol. 5557, pp. 202–218. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Shannon, C.E.: Communication Theory of Secrecy Systems. Bell System Technical Journal 28, 656–715 (1949)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Vaudenay, S.: Security flaws induced by CBC padding – applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Ylonen, T.: The Secure Shell (SSH) Transport Layer Protocol. RFC 4253, standard tracks, the Internet Society (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Cihangir Tezcan
    • 1
  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland

Personalised recommendations