Cryptology ePrint Archive: Report 2016/958

SafeDeflate: compression without leaking secrets

Michał Zieliński

Abstract: CRIME and BREACH attacks on TLS/SSL leverage the fact that compression ratio is not hidden by encryption to recover content of secrets. We introduce SafeDeflate---a modification of a standard Deflate algorithm which compression ratio does not leak information about secret tokens. The modification is compatible with existing Deflate and gzip decompressors. We introduce a model in which attacker can obtain ciphertexts of arbitrary compressed plaintext containing secret values. Then we prove that SafeDeflate is secure in this model.

Category / Keywords: cryptographic protocols / compression, information leak, CRIME

Date: received 4 Oct 2016

Contact author: michal at zielinscy org pl

Available format(s): PDF | BibTeX Citation

Version: 20161004:165058 (All versions of this report)

Short URL: ia.cr/2016/958

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]