Score:1

Revealing original message length having random padding

pl flag
Lee

If I have a message that has a fixed unknown length $L$, and we add to it's TLS encryption a random sized padding $0\leq n \leq N$ so the sent message if $L+n$. I'm also able to make the target re-encrypt and send the message over and over again.

How many times do I need to make the target send the message over and over again, until I reveal whether the original length is $L$ or $L+1$?

I think that I need to make it send it at least $N+1$ times, so i'll "cover" all of the options of the padding length, but I don't know how to continue from here.

kelalaka avatar
in flag
Does the attacker know that $t \in [0,N]$? if then it is Bernoulli trials.
pl flag
Lee
@kelalaka, yes the attacker knows the length. Why is it Bernoulli trials? Isn't it the unified probability because each case has a probability of $\frac{1}{n+1}$?
kelalaka avatar
in flag
I'm talking about the exact length, probability of $t=0$ and others...
pl flag
Lee
Can you please elaborate some more?
kelalaka avatar
in flag
You can combine them? [Bernoulli trial](https://en.wikipedia.org/wiki/Bernoulli_trial)
Score:1
ru flag

Assuming that the message is known to be of length $L$ or $L+1$ and that the padding length is uniformly distributed, then unless the cipher is of length $L$ or $L+N$ both message lengths are equally likely.

The question then is how long do we have to wait to see a cipher of distinguishing length. As noted in the comments, this is a Bernoulli process with parameter $1/(N+1)$. As such the waiting time for a success satisfies a geometric distribution with parameter $1/(N+1)$.

Your intuition is correct that the mean waiting time is $N+1$, but you should beware that the geometric distribution has a heavy tail. For example, the chance that you might need to examine $2N$ or more ciphers is about $e^{-2}\approx 0.135$ which is quite large. If you wanted to be 95% sure of seeing a cipher of distinguishing length, you might need to look at $3N$ or more ciphers.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.