2017-07-14 07:13:00 UTC

If you had to both encrypt and compress data during transmission, which would you do first and why?


Encrypt means to convert (information or data) into a cipher or code, especially to prevent unauthorized access.

Compression is a reduction in the number of bits needed to represent data.

So the question is, what do we do first? Encrypt or compress during data transmission?

Guest
2121 Answers

author avatar
Consultant

First compress and then encrypt.

2017-07-20 06:45:02 UTC
author avatar
Consultant

This question regarding encrypt and compress data, in which order was a good exercise. Other decision factors that you have to include in the decision process are, what are the business requirements, regulatory requirements, compliance requirements, cyber insurance requirements and the most important requirements are where is the data being stored and who will have access to it. Digital certificates, de-crypt keys and tokens have to be managed in a highly controlled environment. OneSignOn experienced a security breach in March 2017 that got to the de-crypt keys. Most likely an inside job. Here is the link to the news article.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

2017-07-18 19:36:01 UTC
author avatar
User

Compressing data assumes there is a “restoring” at the receiver’s end. Think zip/unzip a file.

If one first compresses then encrypts the file, it would not be able to be restored at the other end.

To me it makes more sense to first encrypt then compress.

Cat Moishanu

2017-07-19 15:39:56 UTC
author avatar
Consultant

Encrypt first, then compress.

2017-07-18 23:19:08 UTC
author avatar
Consultant

If original is plain text. I would compress and next encrypt. If original is binary. In which case compression might not reduce size much. Perhaps an extra conversion to Base64 could be added first, next compress and finally encrypt. In this case compression needs to reduce the size to (way) lower than 75 % to compensate for the expansion of the Base64 step, otherwise I wouldn't compress at all. There is a minimum size under which compression isn't feasible at all I guess.

2017-07-18 18:36:58 UTC
author avatar
Top 20Real User

First, you need to compress the data, and then to encrypt it.
Encryption of data converts the sequence into a unique set of characters, in some cases close to random distribution. Compression the unique set may not give the proper effect and the volume of transmitted data using most of the known algorithms will only be increased. The encryption, after data compression, will reduce the transmitted set.

2017-07-18 18:15:26 UTC
author avatar
Vendor

I would consider the requirements against this data transmission like:
- How data is produced and feeds this process?
- How fast and seamless transition is required?
- What is the maximum acceptable error rate?
- Size, type, structure and number of files in a package?
- Also how data will be used on the other side? E.g. if it is stored in encrypted but uncompressed format I would consider encrypt first despite the above comments.

I would also consider preferences, constraints and bottlenecks (like compressibility of files, amount of data, bandwidth, how secure connection we have, storage capacity, calculation capacity etc.) This could result surprising decisions sometimes like leaving compression out , changing the files' content or structure if possible (e.g. not including some resources in the pdf), etc.

After all the considerations if there are still more options I would plan and execute tests on these possible solutions. The results of the tests would be the base of my final decision.

2017-07-18 17:40:21 UTC
author avatar
Vendor

Compress and then encrypt.

2017-07-18 17:27:04 UTC
author avatar
Top 20Real User

With regard to your question regarding compression and encryption, my response is included below:

"Compression followed by encryption is a practical approach for secure data transmission. Most modern block ciphers/encryption processes will reduce the data to a pseudo-random sequence of bytes that will typically yield little, if any, compression gain at all. Thus if data in encrypted first, compression is ineffective. In addition, the reduced amount of data resulting from compression decreases the computational demand of the subsequent encryption process. On the receiving end, decryption is followed by decompression."

If you have any question, feel free to reach out to me.

Best regards,

Robert

2017-07-18 15:57:33 UTC
author avatar
Vendor

Hi,

There is no difference in the security provided, but because of the way compression algorithms work, it is advisable to compress first then encrypt.
Compression algorithms exploit statistical redundancies in the data. These would normally be eliminated when you encrypt it, therefore an encrypted message won’t be compressed that well.

2017-07-18 14:24:43 UTC
author avatar
Vendor

Compress then encrypt, basically compression reduces the size by removing redundancy and this in turn reduces some vector which can be used for attacks such as frequency analysis and brute force

2017-07-18 14:00:04 UTC
author avatar
Consultant

Compress before you encrypt in most cases. In some cases compression can serve as a form of encryption such as VoIP.

2017-07-18 13:34:24 UTC
author avatar
Vendor

My suggestion is to review any solution related to Format Preserving Encryption in order to encrypt and avoid big amounts of data. After this, compression would be optional for you. Check this link: https://en.wikipedia.org/wiki/Format-preserving_encryption

2017-07-18 13:31:26 UTC
author avatar
User

I learned that if you encrypt first you will only have random data, which will limit any potential benefit from compression.

So I would say that compress before encrypt

2017-07-18 13:11:11 UTC
author avatar
Vendor

Compress then encrypt

2017-07-18 13:00:20 UTC
author avatar
Real User

Hi,
Compression is based on the frequency of patterns in your data. If you encrypt first most of the patterns will be lost and the compression afterwards will not be efficient. Ex: take a text file, encrypt it then compress it, you will get a lower compression ration than if you compress then encrypt.
Same applies to video and other types of binary data.

2017-07-18 12:53:46 UTC
author avatar
Consultant

Typically, compression is done as the first step, in order to reduce the size of the data and to reduce the patterns and repetitions that original data could have, leading to a stronger encryption due to reducing some attacks (known plaint text and others). As noted, original data could be compressed better than encrypted one, so the logical steps that perform better are compress and encrypt.

2017-07-18 12:51:37 UTC
author avatar
Vendor

Hello,

You should compress first. If you encrypt first, the file will be incompressible because the compressor won’t know what to look for in the data stream. See this article:

https://security.stackexchange.com/questions/19969/encryption-and-compression-of-data

Chris Konicki
IT Security Engineer

2017-07-18 12:51:29 UTC
author avatar
Real User

I would say you first compress the data, as to reduce the number of bytes that need to be encrypted. Given the fact that encryption is a processor intensive activity...

2017-07-18 12:49:05 UTC
author avatar
Real User

My answer would be Compress first because If you encrypt then your data turns into (essentially) a stream of random bits. Random bits are incompressible because compression looks for patterns in the data and a random stream, by definition, has no patterns. Therefore, i believe to compress first.

Thanks,

2017-07-18 12:49:03 UTC
author avatar
Top 5Real User

My answer would be encrypt first as to protect information in the transit. Compress before encryption or after encryption is same as all depends on the data size.

2017-07-18 12:41:10 UTC
Find out what your peers are saying about SonarQube, Veracode, Sonatype and others in Application Security. Updated: May 2020.
419,214 professionals have used our research since 2012.