What is the difference between Encryption and Compression? What order should they be done in?

The Digital Age we live in requires more and more data to be sent at one time, but this can quickly become an issue for the hardware sending the data. If too much data is sent across a connection, it could take hours or days to transfer, when the recipient needs it in minutes. This is where compression comes in. Compression uses patterns in data to shorten the size of the data, saving bandwidth and storage space in the process. This works well, but what if the compressed data is stolen in transit? Compression is not complicated to reverse so retrieving the original would be easy. This is why many people use encryption and compression together when sending messages.

Encryption and Compression

Encryption can be either symmetric or asymmetric. Symmetric encryption is the less complicated of the two, using one key to encrypt and decrypt data. Symmetric encryption is much faster than asymmetric encryption, but is not as secure, as only the one key needs to be compromised to compromise the original data. Asymmetric encryption uses a public and private key pair to encrypt plaintext data. The plaintext is run through the encryption algorithm along with a private key, which only the sender knows. The data is then sent to the recipient, who uses the public key to decrypt the data. This ensures the identity of the sender of the data, as the public key only decrypts data encrypted with the private key in that pair.

Using encryption and compression, larger portions of data can be sent across the Internet securely. If only compression is used, the security of the data is at risk. A Man in the Middle attack could retrieve the data, decompress it, and read the original message. On the other hand, if only encryption were used, there is a limit to how big a message that is encrypted can be. This is why the majority of messages are both encrypted and compressed. The next question to answer is do you compress the data and then encrypt the data, or vice versa?

Glossary Image for the middle of the glossary terms

Encryption or Compression first?

The choice of encrypting or compressing data first depends on the types of attacks you need to circumnavigate. Initially, it was thought that the only way to combine encryption and compression was to compress the data before encryption. This is due to the fact that compression relies on patterns in data to function, while encryption attempts to destroy these patterns in data. The method of compression then encryption has been found to be weak to side channel attacks. These types of attacks use JavaScript code to perform a brute force attack on the victim’s browser, allowing the attacker to infer what the transmitted data is based on the size of that compressed data.

Though this issue was found with the method of compression then encryption, encryption then compression has many more issues comparatively. This method is more difficult than the previous method, because compression needs patterns in data to work correctly. This means the value of compressing data will not exist, as there should be no patterns in encrypted data. Due to this, differential cryptanalysis can be used against this method to determine the sensitive data’s value. Compression then encryption is much more resilient to differential cryptanalysis.

Common Encryption and Compression Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

Hashing Algorithms:

  • Deflate
  • Huffman Coding
  • LZ77