michael at briarproject.org
Thu Jun 26 11:57:37 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 08/06/14 06:12, David Leon Gil wrote:
> *Min-entropy choice:* Exponential-padding, i.e., padding to the
> next-highest power of some constant, c. This asymptotically leaks
> a bounded amount of information. And it only costs O(n) space. I
> am puzzled why this is not the default for most messaging systems.
It seems to me that the information leak depends on the observer's
prior knowledge about possible message sizes. For example, if the
observer knows that the message is either "Yes" or "No" then padding
to the next power of two does nothing to conceal the message size
(which in turn reveals the content).
So perhaps the asymptotic behaviour isn't the best metric - but I
don't know what is.
> Q2.Are there any good publications on adversarial models for
> message padding?
I'd also be interested to know this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Messaging