If you had to both encrypt and compress data during transmission, which would you do first and why?

First compress and then encrypt.

This question regarding encrypt and compress data, in which order was a good exercise. Other decision factors that you have to include in the decision process are, what are the business requirements, regulatory requirements, compliance requirements, cyber insurance requirements and the most important requirements are where is the data being stored and who will have access to it. Digital certificates, de-crypt keys and tokens have to be managed in a highly controlled environment. OneSignOn experienced a security breach in March 2017 that got to the de-crypt keys. Most likely an inside job. Here is the link to the news article.

krebsonsecurity.com

Compressing data assumes there is a “restoring” at the receiver’s end. Think zip/unzip a file.

If one first compresses then encrypts the file, it would not be able to be restored at the other end.

To me it makes more sense to first encrypt then compress.

Cat Moishanu

Encrypt first, then compress.

If original is plain text. I would compress and next encrypt. If original is binary. In which case compression might not reduce size much. Perhaps an extra conversion to Base64 could be added first, next compress and finally encrypt. In this case compression needs to reduce the size to (way) lower than 75 % to compensate for the expansion of the Base64 step, otherwise I wouldn't compress at all. There is a minimum size under which compression isn't feasible at all I guess.

First, you need to compress the data, and then to encrypt it.
Encryption of data converts the sequence into a unique set of characters, in some cases close to random distribution. Compression the unique set may not give the proper effect and the volume of transmitted data using most of the known algorithms will only be increased. The encryption, after data compression, will reduce the transmitted set.

I would consider the requirements against this data transmission like:
- How data is produced and feeds this process?
- How fast and seamless transition is required?
- What is the maximum acceptable error rate?
- Size, type, structure and number of files in a package?
- Also how data will be used on the other side? E.g. if it is stored in encrypted but uncompressed format I would consider encrypt first despite the above comments.

I would also consider preferences, constraints and bottlenecks (like compressibility of files, amount of data, bandwidth, how secure connection we have, storage capacity, calculation capacity etc.) This could result surprising decisions sometimes like leaving compression out , changing the files' content or structure if possible (e.g. not including some resources in the pdf), etc.

After all the considerations if there are still more options I would plan and execute tests on these possible solutions. The results of the tests would be the base of my final decision.

Compress and then encrypt.

With regard to your question regarding compression and encryption, my response is included below:

"Compression followed by encryption is a practical approach for secure data transmission. Most modern block ciphers/encryption processes will reduce the data to a pseudo-random sequence of bytes that will typically yield little, if any, compression gain at all. Thus if data in encrypted first, compression is ineffective. In addition, the reduced amount of data resulting from compression decreases the computational demand of the subsequent encryption process. On the receiving end, decryption is followed by decompression."

If you have any question, feel free to reach out to me.

Best regards,

Robert

Hi,

There is no difference in the security provided, but because of the way compression algorithms work, it is advisable to compress first then encrypt.
Compression algorithms exploit statistical redundancies in the data. These would normally be eliminated when you encrypt it, therefore an encrypted message won’t be compressed that well.

Compress then encrypt, basically compression reduces the size by removing redundancy and this in turn reduces some vector which can be used for attacks such as frequency analysis and brute force

Compress before you encrypt in most cases. In some cases compression can serve as a form of encryption such as VoIP.

My suggestion is to review any solution related to Format Preserving Encryption in order to encrypt and avoid big amounts of data. After this, compression would be optional for you. Check this link: en.wikipedia.org

I learned that if you encrypt first you will only have random data, which will limit any potential benefit from compression.

So I would say that compress before encrypt

Compress then encrypt

Hi,
Compression is based on the frequency of patterns in your data. If you encrypt first most of the patterns will be lost and the compression afterwards will not be efficient. Ex: take a text file, encrypt it then compress it, you will get a lower compression ration than if you compress then encrypt.
Same applies to video and other types of binary data.

Typically, compression is done as the first step, in order to reduce the size of the data and to reduce the patterns and repetitions that original data could have, leading to a stronger encryption due to reducing some attacks (known plaint text and others). As noted, original data could be compressed better than encrypted one, so the logical steps that perform better are compress and encrypt.

Hello,

You should compress first. If you encrypt first, the file will be incompressible because the compressor won’t know what to look for in the data stream. See this article:

security.stackexchange.com

Chris Konicki
IT Security Engineer

I would say you first compress the data, as to reduce the number of bytes that need to be encrypted. Given the fact that encryption is a processor intensive activity...

My answer would be Compress first because If you encrypt then your data turns into (essentially) a stream of random bits. Random bits are incompressible because compression looks for patterns in the data and a random stream, by definition, has no patterns. Therefore, i believe to compress first.

Thanks,

My answer would be encrypt first as to protect information in the transit. Compress before encryption or after encryption is same as all depends on the data size.