[messaging] Padding

Michael Rogers michael at briarproject.org
Thu Jun 26 11:57:37 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/06/14 06:12, David Leon Gil wrote:
> *Min-entropy choice:* Exponential-padding, i.e., padding to the 
> next-highest power of some constant, c. This asymptotically leaks
> a bounded amount of information. And it only costs O(n) space. I
> am puzzled why this is not the default for most messaging systems.

It seems to me that the information leak depends on the observer's
prior knowledge about possible message sizes. For example, if the
observer knows that the message is either "Yes" or "No" then padding
to the next power of two does nothing to conceal the message size
(which in turn reveals the content).

So perhaps the asymptotic behaviour isn't the best metric - but I
don't know what is.

> Q2.Are there any good publications on adversarial models for
> message padding?

I'd also be interested to know this.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTrG0hAAoJEBEET9GfxSfMsz8H/1ePZv+bGiJ0iHaQPkDTRRcv
b+EZu4541u4LITHdbl45q1h4eBXkGmgeH2+k7TqFbEDJaRPYDHqYlqA6CK+1UrU6
z3zq2xYXpxuOiVDb2lXopT9gUfb5SMQjnBBknINTIzcY98/vvQhgwoYt4R1m7Fu+
2E8BSEYjizhylZ1EvuryTWUrinvp0qvyQMPbmQFiz3JnfgVvHPbQiCUzNbs4IGB7
qwFvTDazGgTzQ5PeTMPuZbSexRXRgjhlL/3OIfVcqnvYe1UOkwBYceaZU9243q6r
dXsL5Ho6+pDzYZozisEqxWNTukxCb4g061CEFTa2eFPPi+oNFw2/McL5XQhr6sg=
=Rnp7
-----END PGP SIGNATURE-----


More information about the Messaging mailing list