eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2016/958

SafeDeflate: compression without leaking secrets

Michał Zieliński

Abstract

CRIME and BREACH attacks on TLS/SSL leverage the fact that compression ratio is not hidden by encryption to recover content of secrets. We introduce SafeDeflate---a modification of a standard Deflate algorithm which compression ratio does not leak information about secret tokens. The modification is compatible with existing Deflate and gzip decompressors. We introduce a model in which attacker can obtain ciphertexts of arbitrary compressed plaintext containing secret values. Then we prove that SafeDeflate is secure in this model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
compressioninformation leakCRIME
Contact author(s)
michal @ zielinscy org pl
History
2016-10-04: received
Short URL
https://ia.cr/2016/958
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/958,
      author = {Michał Zieliński},
      title = {SafeDeflate: compression without leaking secrets},
      howpublished = {Cryptology ePrint Archive, Paper 2016/958},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/958}},
      url = {https://eprint.iacr.org/2016/958}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.