I am working on creating an RSA Algorithm and learned that OAEP is a padding scheme that is commonly used before encrypting using RSA. Is this step necessary? Will it harm the integrity/security of the encrypted text?
Asked
Active
Viewed 408 times
1 Answers
4
Is this step necessary?
Yes. Assuming you don't want to adopt a RSA-KEM based approach, you need some form of padding to gain full IND-CCA2 security (textbook RSA even lacks the much weaker IND-CPA security!) and OAEP is the preferred such scheme, having a security reduction for IND-CCA2 (that is, it's IND-CCA2 as long as some reasonable assumptions hold).
SEJPM
- 46,697
- 9
- 103
- 214