Deterministic
– for the same key, a particular plaintext is always mapped to a particular ciphertext
– special-case plaintexts 0, 1, or -1 produce ciphertexts 0, 1, or -1 regardless of keys
Malleable
– Transforming a ciphertext into another leads to predictable transformation to plaintext
For c = m^e mod n, attacker change c to s^exc
-Receiver gets sxm instead of m
RSA in practice
– PKCS(public key cryptography standard) uses OAEP(optimal asymmetric encryption padding)
– Append padding(seeded from random byte) as prefix to m
Diffie and Hellman Key Exchange
– first published public-key algorithm
– by diffie and Hellman in 1976 along with the exposition of public key concepts
– Used in a number of commercial products
– Practical method to exchange a secret key securely that can then be used for subsequent encryption of messages
– Security relies on difficulty of computing discrete logarithms
