16

Is it better to encrypt a plain text file before compression, or vice versa?

fola
  • 161
  • 1
  • 1
  • 5

5 Answers5

26

Neither:

  • Encrypting first and then compressing does not work.

  • Compressing first can leak information about plaintext content through the ciphertext length, as poncho mentioned in comments to another answer.

Specifically, compression allows an attacker who can control parts of the message that is encrypted to reveal things about the other, secret parts, like cookies in the case of web traffic. It is most dangerous in a live protocol like TLS. Some forms of compression (e.g. truly constant bitrate lossy video/audio compression) may be immune to such attacks (but even then there might be side channel attacks due to the compression).

In most cases you should just encrypt the uncompressed data and be done with it.

Data storage and transmission is usually cheap enough. If you cannot live without compression, you must do it first, but then you have to really know what you are doing and likely accept at least some loss of security.

Community
  • 1
otus
  • 32,462
  • 5
  • 75
  • 167
5

Make sure to also check out the CRIME and BREACH attacks, which are made possible by protocols using compression inside encryption.

Ivo
  • 231
  • 1
  • 3
3

It is better to compress before encrypting.

Any proven block cipher will reduce the data to a pseudo-random sequence of bytes that will typically yield little to no compression gain at all.

Additionally, encrypting compressed data can potentially also carry the added benefit of making statistical analysis harder (though this of course does depend on the compression algorithm and whether it inserts any predictable metadata), although this isn't particularly relevant with a block cipher and a sensible operation mode (i.e. not ECB)

Olipro
  • 155
  • 1
1

It depends on the operational constraints. If you have storage or bandwidth constraints and need to compress data, you should compress first then encrypt (compressing an encrypted text doesn't make sense as the cryptogram is a random series of bytes provided the algorithm is good - so the output won't compress well). Compression will also have a performance penalty, something that should be taken into account when selecting a compression algorithm.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Kiss Alexander
  • 156
  • 1
  • 3
0

Compress and then encrypt is better. Data compression removes redundant character strings in a file. So the compressed file has a more uniform distribution of characters.

This also provides shorter plaintext and ciphertext, which reduces the time spent encrypting, decrypting and transmiting the file.

By comparison, encrypting and then compressing is innefficient.

Luz A
  • 17
  • 3