Closed LPardue closed 3 years ago
The issue is about guess-and-check attacks, mentioned in the previous paragraph. If there's a mixture of confidential and attacker-controlled data in the same context, the attacker can guess a value and then see if the resulting compressed data is shorter because their guess was compressed against the confidential value. The requirement is that data from different sources be maintained in separate contexts so the attacker can't check its guesses against the confidential value.
Encryption is relevant here only because the attacker can't simply observe the data stream to get the confidential information.
On reading it again, the existing text is probably clear enough, so you can close this issue.
@rgwilton said