RSA padding questions
- From: "vedaal" <vedaal@xxxxxxxxx>
- Date: 25 Sep 2006 06:40:46 -0700
assume a plaintext of 'm1', encrypted using RSA and standard OAEP
padding, to produce a ciphertext 'c'
is it possible to construct a different padding system, so that a
different plaintext 'm2',
encrypted with the same RSA key, but with the new padding,
still produces the same ciphertext 'c' ?
the goal here is to secure the messages after 'leaking' the RSA key
now, since the person who wants to send the message of 'real' content,
'm2',
is also the one composing 'm1',
there may be some latitude in the composition of 'm1' to make it easier
to construct
the padding for 'm2'
alternatively,
shouldn't it at least be possible to construct 'm2' first, then the
padding, and obtain 'c',
and then have 'm1' be any gibberish random text that would encrypt to
'c' using standard
OAEP padding
the gibberish text may plausibly be considered an 'already encrypted'
message,
that is then RSA encrypted
is this practically possible,
or only theoretically so, but with the same infeasability of
constructing a collision ?
TIA,
vedaal
.
- Follow-Ups:
- Re: RSA padding questions
- From: Joseph Ashwood
- Re: RSA padding questions
- Prev by Date: Key generation question
- Next by Date: Re: Key generation question
- Previous by thread: Key generation question
- Next by thread: Re: RSA padding questions
- Index(es):
Relevant Pages
|
|
