On Tue, Aug 30, 2022 at 4:53 AM Peter Eisentraut
<peter.eisentraut@enterprisedb.com> wrote:
> I would be interested in learning more about such padding systems. I
> have done a lot of reading for this development project, and I have
> never come across a cryptographic approach to hide length differences by
> padding. Of course, padding to the block cipher's block size is already
> part of the process, but that is done out of necessity, not because you
> want to disguise the length. Are there any other methods? I'm
> interested to learn more.
TLS 1.3 has one example. Here is a description from GnuTLS:
https://gnutls.org/manual/html_node/On-Record-Padding.html (Note the
option to turn on constant-time padding; that may not be a good
tradeoff for us if we're focusing on offline attacks.)
Here's a recent paper that claims to formally characterize length
hiding, but it's behind a wall and I haven't read it:
https://dl.acm.org/doi/abs/10.1145/3460120.3484590
I'll try to find more when I get the chance.
--Jacob