What are the safety issues of using the the hash of plaintext as the key to encrypt it? The first that comes to mind is that if I can guess an approximation or part of the plain text, brute force attack complexity will be reduced considerably. Suppose that this is not an issue. Are there other security risks on this approach?
Asked
Active
Viewed 384 times
1 Answers
4
No, there are no security risk beyond "(with) an approximation or part of the plain text, brute force attack complexity will be reduced considerably", understood to cover the fact that an exact (or near complete) guess of the plaintext can be verified with near certainty by one not holding the key. That is under the plausible assumptions that the hash is secure in the random oracle model, and the cipher's design is independent of the hash (the later condition takes care of a cipher purposely made insecure specifically when the key is equal to the hash of the plaintext).
Decryption works just as usual: under the standard assumption that the ciphertext is public, revealing the key allows decryption. The only functionality issues that I can think of are that encryption requires more work, including two passes on the plaintext, and on-the-fly encryption is impossible.
So-called Convergent Encryption goes one step further: it uses a hash of the plaintext as key, and deterministic encryption (the hash is typically stored conventionally encrypted along the ciphertext, possibly using asymmetric cryptography). The same plaintext is therefore always enciphered to the same ciphertext (except for the conventionally encrypted hash). That is nice for de-duplicating encrypted data, but gives up a little more on security: it becomes slightly easier to recognize a known piece of data from its enciphered form.
fgrieu
- 149,326
- 13
- 324
- 622