Revision as of 02:23, 29 September 2008 edit 76.65.29.234 (talk) No edit summary ← Previous edit		Revision as of 16:44, 17 October 2008 edit undo Michael Hardy (talk \| contribs) Administrators 210,596 edits →Diagram of OAEP: math notation cleanup Next edit →
Line 24: In the diagram, * ''n'' is the number of bits in the RSA modulus. * k0''k''<sub>0</sub> and k1''k''<sub>1</sub> are integers fixed by the protocol. * ''m'' is the plaintext message, a (''n'' − ''k''</sub>0</sub> − ''k''<sub>1</sub> )- ~~k0 - k1~~ bit string * ''G'' and ''H'' are typically some [[cryptographic hash function]]s fixed by the protocol. To encode, # messages are padded with k1''k''<sub>1</sub> zeros to be ''n ~~- k0~~'' − ''k''<sub>0</sub> bits in length. # ''r'' is a random k0''k''<sub>0</sub> bit string # ''G'' expands the k0''k''<sub>0</sub> bits of ''r'' to ''n ~~- k0~~'' − ''k''<sub>0</sub> bits. # ''X'' = ~~m00~~''m''00..0 &oplus; ''G''(''r'') # ''H'' reduces the ''n ~~- k0~~'' − ''k''<sub>0</sub> bits of ''X'' to k0''k''<sub>0</sub> bits. # ''Y'' = ''r'' &oplus; ''H''(''X'') # The output is ''X'' \|\| ''Y'' where ''X'' is shown in the diagram as the leftmost block and ''Y'' as the rightmost block. To decode, # recover the random string as ''r'' = ''Y'' &oplus; ''H''(''X'') # recover the message as ~~m00~~''m''00..0 = ''X'' &oplus; ''G''(''r'') ==References==

Optimal asymmetric encryption padding: Difference between revisions