-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/06/14 06:12, David Leon Gil wrote: > *Min-entropy choice:* Exponential-padding, i.e., padding to the > next-highest power of some constant, c. This asymptotically leaks > a bounded amount of information. And it only costs O(n) space. I > am puzzled why this is not the default for most messaging systems.
It seems to me that the information leak depends on the observer's prior knowledge about possible message sizes. For example, if the observer knows that the message is either "Yes" or "No" then padding to the next power of two does nothing to conceal the message size (which in turn reveals the content). So perhaps the asymptotic behaviour isn't the best metric - but I don't know what is. > Q2.Are there any good publications on adversarial models for > message padding? I'd also be interested to know this. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTrG0hAAoJEBEET9GfxSfMsz8H/1ePZv+bGiJ0iHaQPkDTRRcv b+EZu4541u4LITHdbl45q1h4eBXkGmgeH2+k7TqFbEDJaRPYDHqYlqA6CK+1UrU6 z3zq2xYXpxuOiVDb2lXopT9gUfb5SMQjnBBknINTIzcY98/vvQhgwoYt4R1m7Fu+ 2E8BSEYjizhylZ1EvuryTWUrinvp0qvyQMPbmQFiz3JnfgVvHPbQiCUzNbs4IGB7 qwFvTDazGgTzQ5PeTMPuZbSexRXRgjhlL/3OIfVcqnvYe1UOkwBYceaZU9243q6r dXsL5Ho6+pDzYZozisEqxWNTukxCb4g061CEFTa2eFPPi+oNFw2/McL5XQhr6sg= =Rnp7 -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
