Jerzy Urbanik wrote:

Hi everyone,

I would really appreciate if someone could help me out with few

issues/questions

I’m writing a thesis and I can not find anything specific related to

OEAP (modes of operation)

Not really the right forum. sci.crypt is probably better. You will also

want to know about the Handbook of Applied Cryptography, which is

online at uwaterloo.ca.

- Can OAEP be used with symmetrical algorithms and i.e. CBC with RSA.

If not why?

It can, but it’d be insanely slow. RSA is very very slow compared to

AES and other block ciphers. That’s why we use block ciphers for bulk

encryption.

- What would be a speed (throughput) of OAEP algorithm itself (without

RSA)

Maybe someone has done some tests.

It’s very quick - it’s a 2 stage Feistel network. The use of OAEP is to

prevent RSA from having a mathematical relationship with the output -

it breaks up that relationship.

One of the problems with RSA by itself is that is must encrypt in

blocks the same size as n (= p * q), and the value encrypted must be

smaller than n. Also, the output has a purely mathematical relationship

with the input, n and e. If the attacker can choose plaintexts, theren

there are certain attacks that become possible. OAEP mitigates these

attacks by mixing up the input space for RSA, making it non-linear, and

the matematical attacks harder, basiclly by bashing bits about first.

Importantly, this is reversible at the other end. OAEP also provides

evidence of someone having tampered with the ciphertext - if the

ciphertext was tampered with, then the leading bits in OAEP will not be

the correct pattern. This can be detected early in the OAEP decryption

phase, but it is worth noting that this is not done in practice,

because the early return can give the attacker timing information about

where the ciphertext was rejected.

- How are OAEP and hush function work together.

OAEP not not a hash function - it’s reversible. There’s no point in

combining the two of them, either, as they have a similar job, except

for the reversability of the OAEP.