Can we compress the main document contents?

cyphar / paperback

Paper backup generator suitable for long-term storage.

GNU General Public License v3.0

1.09k stars 40 forks source link

Can we compress the main document contents? #7

Open cyphar opened 2 years ago

cyphar commented 2 years ago

Compress-then-encrypt is known to be unsafe for interactive sessions such as web browsers since 2012 (thanks to CRIME and BREACH). However, since paperback does not operate as an interactive session system (and we have pretty strong density requirements since we need to fit QR codes on paper), maybe it would be safe to compress the main document contents?

It would be nice to get a cryptographer's opinion on this...

Z3r0byte commented 2 years ago

(CS student, not a cryptographer) In my opinion this seems totally fine. Crime abuses the fact that an attacker can add chosen data to unknown data and use the resulting size of the message to check if the unkown data contains the added part. In the use case of Paperback, this is not possible because to encrypt a document you need to feed Paperback all data (and thus there is no unknown data).

PS I really like the idea of this project, keep up the good work :)