Paper 2016/958

SafeDeflate: compression without leaking secrets

Michał Zieliński

Abstract

CRIME and BREACH attacks on TLS/SSL leverage the fact that compression ratio is not hidden by encryption to recover content of secrets. We introduce SafeDeflate---a modification of a standard Deflate algorithm which compression ratio does not leak information about secret tokens. The modification is compatible with existing Deflate and gzip decompressors. We introduce a model in which attacker can obtain ciphertexts of arbitrary compressed plaintext containing secret values. Then we prove that SafeDeflate is secure in this model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
compressioninformation leakCRIME
Contact author(s)
michal @ zielinscy org pl
History
2016-10-04: received
Short URL
https://ia.cr/2016/958
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/958,
      author = {Michał Zieliński},
      title = {SafeDeflate: compression without leaking secrets},
      howpublished = {Cryptology ePrint Archive, Paper 2016/958},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/958}},
      url = {https://eprint.iacr.org/2016/958}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.