Wikipedia

Optimal asymmetric encryption padding

This is an old revision of this page, as edited by Dachshund (talk | contribs) at 17:10, 30 July 2005 (partial description). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In cryptography, Optimal Asymmetric Encryption Padding (OAEP) is a padding scheme often used together with RSA encryption. The OAEP algorithm is a form of feistel network which uses a pair of random oracles G and H to process a ciphertext prior to asymmetric encryption. When combined with any secure trapdoor one-way function , this processing results in a combined scheme which is provably secure against chosen ciphertext attack. To accomplish this result, OAEP satisfies the following three goals:

  1. Add an element of randomness which can be used to convert a deterministic encryption scheme (e.g., traditional RSA) into a probabilistic scheme.
  2. Prevent partial decryption of ciphertexts (or other information leakage) by ensuring that an adversary cannot recover any portion of the plaintext without completely defeating the trapdoor one-way function .
  3. Provide a cryptographic integrity check which guarantees "plaintext awareness", i.e., that no adversary can create a ciphertext without knowing the plaintext. This serves to prevent chosen ciphertext attacks.

See RFC2437 for an outline of how OAEP padding and un-padding works in conjunction with RSA.

Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Optimal_asymmetric_encryption_padding&oldid=19929740"