First of all, I would like to note that I am not building my own crypto. I am si

Question

First of all, I would like to note that I am not building my own crypto. I am simply curious and would like to learn.

What I am wondering is this: if we are worried about randomness of something like a one time pad, why don't we run the pad through a compression process (like bzip) to eliminate any patterns? Wouldn't we essentially then be working with data guaranteed not to have patterns (at least over the chunk size of the compression algorithm)?

Is anyone doing this? Would it even work? If not, why not?

Explanation / Answer

A one time pad (OTP) should by definition not have any patterns. An entropy source can have patterns, but an OTP by definition should consist of pure random bits.

In general you can create something that is close to a true random number generator by applying a cryptographic hash function over the output of an entropy source. According to NIST you should however provide twice the entropy within the input compared with the output. A cryptographic hash function is often referred to as a compression function.

Such a compression function should however not be confused with the underlying compression functions used for creating zip or bzip (etcetera) archives. Those are fully reversible compression functions, and will therefore only add some complexity, not security.

So there is probably somebody doing this, but no, it won't work.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.