ADC encryption and compression
Moderator: Moderators
ADC encryption and compression
I find that the ADC spec is a bit unclear about the combination of encryption and compression (either that, or I'm a bit blind). Should incoming traffic be decrypted first, and then decompressed, or should it be decompressed first, and then decrypted?
A couple more points:
(1) Ciphertext should contain no evident structure, and thus should be incompressible. Detectable structure would allow for easier cryptanalysis, all else equal. Thus, ideally, C = compress(encrypt(P)) should be no more effective bandwidthwise than E = encrypt(P), and therefore pointless. This isn't the case for C = encrypt(compress(P)).
(2) Defending against cryptanalysis plays into this preference as well in that structure (such as repetition) in plaintext might seep out through (this is one of the bases of known-plaintext cryptanalysis, where one intentionally feeds a cipher known data) the encryption function. First compressing the plaintext ameliorates such a threat. Again, this argues for C = encrypt(compress(P)).
(1) Ciphertext should contain no evident structure, and thus should be incompressible. Detectable structure would allow for easier cryptanalysis, all else equal. Thus, ideally, C = compress(encrypt(P)) should be no more effective bandwidthwise than E = encrypt(P), and therefore pointless. This isn't the case for C = encrypt(compress(P)).
(2) Defending against cryptanalysis plays into this preference as well in that structure (such as repetition) in plaintext might seep out through (this is one of the bases of known-plaintext cryptanalysis, where one intentionally feeds a cipher known data) the encryption function. First compressing the plaintext ameliorates such a threat. Again, this argues for C = encrypt(compress(P)).