Suppose I have a fixed message pool of 1000 messages, person A is sending message from this fixed message pool to person B using RSA. If an interceptor also have the message pool he can precompute all the encrypted messages using B's public key. Now if he intercept A's message can he surely tell which message A has sent to B? In this case should we use RSA only for a symmetric key exchange and then messages should be encrypted using a symmetric algorithm?
Asked
Active
Viewed 101 times
0
-
1Yes, provided you use it properly (by adding [randomized padding](https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Padding_schemes) to all your plaintext messages). – r3mainer Nov 22 '18 at 12:04
-
In this case why doesn't rsa use randomise padding to make the encryption more secure? – Habibullah Araphat Nov 22 '18 at 16:39
-
The premise of your question is false. Randomized padding is *an essential part* of the RSA algorithm. – r3mainer Nov 22 '18 at 17:04
-
Got it. Thanks. – Habibullah Araphat Nov 22 '18 at 17:54
1 Answers
0
The text-book RSA encryption algorithm is deterministic. But the official RSA specifications (and also all implementations used in practice) include some (partly random) padding, so we don't actually encrypt plaintext, but pad(plaintext). So the above mentioned problem will not occur.
More details can be found in this answer https://stackoverflow.com/a/7933071/10690480