[messaging] Padding

David Leon Gil coruus at gmail.com
Thu Jun 26 12:34:57 PDT 2014


Just a quick note on an somewhat related  paper that defines
'entropy-restricted' (weaker) analogues of standard indistinguishability
notions:

Kelley and Tamassio, Secure Compression: Theory & Practice:
http://eprint.iacr.org/2014/113

(Their definitions seem weaker than I'd like, however.)

(Somewhat more post-IO.)
 On Jun 26, 2014 12:03 PM, "Michael Rogers" <michael at briarproject.org>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 26/06/14 19:57, Michael Rogers wrote:
> > It seems to me that the information leak depends on the observer's
> > prior knowledge about possible message sizes. For example, if the
> > observer knows that the message is either "Yes" or "No" then
> > padding to the next power of two does nothing to conceal the
> > message size (which in turn reveals the content).
>
> Sorry for the self-reply. Putting it in these terms made me wonder
> whether we should aim to minimise the mutual information between the
> input and output distributions.
>
> Cheers,
> Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBCAAGBQJTrG5dAAoJEBEET9GfxSfMK3QH/04wK5XAC9yCM+5YJPNVNnE1
> b7iYKLTFbTqu7qc7EEPWS1qYC/+WNHGxPGzVQvvOmzLt4Cs0im3DvqMmPRHy02A7
> Przn6SW7HEJ8YjkShid4X7kQtxSe/3ena7ATgcYPzHZVLq6NvOYrltr+1oaRoxqj
> h7xitBAredu7Q4TqY3XfXxYwgXk1CWMkIBLcicC3WPcTVIl6H66HRmTGzygqMnqp
> LsSTptiYU/kxbQB5J1Xt/oGtY8p0U3h75uGgM3WgDiA21wjoq4s8+zMYdK1nZlWX
> WojHgA7YEwOvoAoM3J78CwXK76vDRonlaqFCKI7trg2VNeVAB1zVQYisv2pHlGg=
> =Ud6z
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140626/1545fb42/attachment.html>


More information about the Messaging mailing list