Just a quick note on an somewhat related paper that defines 'entropy-restricted' (weaker) analogues of standard indistinguishability notions:
Kelley and Tamassio, Secure Compression: Theory & Practice: http://eprint.iacr.org/2014/113 (Their definitions seem weaker than I'd like, however.) (Somewhat more post-IO.) On Jun 26, 2014 12:03 PM, "Michael Rogers" <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 26/06/14 19:57, Michael Rogers wrote: > > It seems to me that the information leak depends on the observer's > > prior knowledge about possible message sizes. For example, if the > > observer knows that the message is either "Yes" or "No" then > > padding to the next power of two does nothing to conceal the > > message size (which in turn reveals the content). > > Sorry for the self-reply. Putting it in these terms made me wonder > whether we should aim to minimise the mutual information between the > input and output distributions. > > Cheers, > Michael > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEcBAEBCAAGBQJTrG5dAAoJEBEET9GfxSfMK3QH/04wK5XAC9yCM+5YJPNVNnE1 > b7iYKLTFbTqu7qc7EEPWS1qYC/+WNHGxPGzVQvvOmzLt4Cs0im3DvqMmPRHy02A7 > Przn6SW7HEJ8YjkShid4X7kQtxSe/3ena7ATgcYPzHZVLq6NvOYrltr+1oaRoxqj > h7xitBAredu7Q4TqY3XfXxYwgXk1CWMkIBLcicC3WPcTVIl6H66HRmTGzygqMnqp > LsSTptiYU/kxbQB5J1Xt/oGtY8p0U3h75uGgM3WgDiA21wjoq4s8+zMYdK1nZlWX > WojHgA7YEwOvoAoM3J78CwXK76vDRonlaqFCKI7trg2VNeVAB1zVQYisv2pHlGg= > =Ud6z > -----END PGP SIGNATURE----- >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
