Content deleted Content added
→Algorithm: Move sentence for sake of clarity |
|||
Line 36:
# ''Y'' = ''r'' ⊕ ''H''(''X'')
# The output is ''X'' || ''Y'' where ''X'' is shown in the diagram as the leftmost block and ''Y'' as the rightmost block.
Usage in RSA:▼
The encoded message can then be encrypted with RSA. The deterministic property of RSA is now avoided by using the OAEP encoding.▼
To decode,
Line 41 ⟶ 44:
# recover the message as ''m''00...0 = ''X'' ⊕ ''G''(''r'')
▲Usage in RSA:
▲The encoded message can then be encrypted with RSA. The deterministic property of RSA is now avoided by using the OAEP encoding.
===Security===
The "[[All-or-nothing transform|all-or-nothing]]" security is from the fact that to recover ''m'', one must recover the entire ''X'' and the entire ''Y''; ''X'' is required to recover ''r'' from ''Y'', and ''r'' is required to recover ''m'' from ''X''. Since any changed bit of a cryptographic hash completely changes the result, the entire ''X'', and the entire ''Y'' must both be completely recovered.
| |||