Abstract:
Strong security notions often introduce strong constraints on the construction of cryptographic schemes: semantic security implies probabilistic encryption, while the resistance to existential forgeries requires redundancy in signature schemes. Some padding has thus been designed in order to provide these minimal requirements to each of them, in order to achieve secure primitives. A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent, which is called OAEP (Optimal Asymmetric Encryption Padding).This paper proposed this notion of universal padding, OAEP, can also be used the same RSA key-pairs for encryption and decryption, in any trapdoor partial-domain one-way permutation.