Score:1

# Is asymmetric decryption guessable?

I AM an amateur (for some reason, I have originaly written "I am not"... embarassing, sorry) in cryptography so this might be a very basic question.

I am interested to know if there exist ciphers such that if I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?

My problem is basically that I don't have any knowledge about existing ciphers and I don't know what to look for on the internet. All I know is that there exists some ciphers with random access read ability so I probably don't want those ones.

That sounds like an All-Or-Nothing transformation.
A simple modification of CBC can handle this, the IV for each block is the x-or of all previous ciphertext blocks. Though it will be very inefficient.
@kelalaka That's symmetric encryption, asymmetric encryption is asked for in the title.
@MaartenBodewes do we encrypt with those? It is highly possible that the OP confuses the terms.
If I read the question again, `I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?` I read this as symmetric.
If it literally reads "asymmetric" then it is asymmetric until the OP changes the title. I don't see how you can conclude "symmetric" or "asymmetric" from that piece of text. If any it reads "asymmetric" as it talks specially about a "decryption key". And e.g. RSA-OAEP can certainly be used to "encrypt with those", yes.
Score:3

I guess most asymmetric schemes fall into this. 300 bits is quite a large chunk. Most schemes randomize, if possibly in a specific domain. For instance, removing 300 bits from a randomized RSA ciphertext would mean that the modular exponentiation would return the incorrect response - if it would execute at all (RSA explicitly requires a ciphertext that is the same size as the modulus size in bytes). Guessing 300 bits of what is essentially randomized data is computationally infeasible.

Note that if you'd use a deterministic scheme then you could try and guess the plaintext message, and then test if it generates the same ciphertext, after which you could decrypt. Generally we don't use deterministic schemes though.

Similarly, if you'd remove the entire ephemeral DH public key within an hybrid IES scheme then the receiver would not be able to calculate the (symmetric) secret used to encrypt the data.

For hybrid encryption an all-or-nothing transform could also be used, as indicated in the comment section.

Beware that there are many protocols and container formats out there. It is very possible that you remove 300 bits or 37 / 38 bytes from those and still be able to decrypt if you miss the actual ciphertext or an important part of header required derive the actual decryption key.

I sit in a Tesla and translated this thread with Ai: