Is the result of a RSA encryption guaranteed to be random

Question

I use RSACryptoServiceProvider to encrypt some small blocks of data. For the solution I\'m working on, it\'s important that if the same piece of source data is encrypted twice w

Answer 1

The text-book RSA encryption algorithm is deterministic:

ciphertext = plaintext ^ encryption-exponent  mod  modulus

(Here ^ is integer exponentiation, mod the remainder operation.)

But as you remarked, this does not provide a good security guarantee, as an attacker which can guess the plaintext can simply verify this guess by encrypting it himself and comparing the results.

For this reason, the official RSA specifications (and also all implementations used in practice) include some (partly random) padding, so we don't actually encrypt plaintext, but pad(plaintext):

ciphertext = pad(plaintext) ^ encryption-exponent  mod  modulus

Decryption:

plaintext = unpad( ciphertext ^ decryption-exponent mod modulus )

Only with this padding RSA is actually a secure encryption scheme.

A similar padding is also used for RSA signatures, to avoid easy forging of signatures.