In general, I see two patterns:
- Compression incidentally thwarts some attacks
- Compression fundamentally breaks privacy by leaking plaintext entropy (see
the Wikimedia Foundation case for a quite convincing example)
In general, compression does the opposite of your second bullet. It *protects*
privacy by taking things that are typically not pseudo-random (what you're
calling entropic) -- e.g. text -- into something that is highly pseudo-random.
In specific cases, *flaws* in this conversion when combined with an interactive
protocol can lead to an attack that is in general, not applicable to a
non-interactive protocol with large amounts of compressed data.
But in general, this benefits the defender, as the attacker has no idea what
the *actual* plaintext is (the compressed data) unless they know the base
plaintext is, and small inaccuracies in the attackers guess lead to large
differences.
Of course, I could be wrong. I offered an outline for research where you could
come up with some results that would be impressive. Why not do some work on it?
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp