RSA与Padding模式

一、RSA公钥加密同一明文，每次密文不一致

根据PKCS#1加密块格式定义，RSA每次使用公钥进行加密时，原文需要进行伪随机填充。这就相当于是增加了噪声，达到同一原文的加密结果每次都不一样，使攻击者无法通过密文知晓原文是否一致。

二、PKCS#1 Encryption-block formatting摘要

A block type BT, a padding string PS, and the data D shall be
   formatted into an octet string EB, the encryption block.

              EB = 00 || BT || PS || 00 || D .           (1)

The block type BT shall be a single octet indicating the structure of
the encryption block. For this version of the document it shall have
value 00, 01, or 02. For a private- key operation, the block type
shall be 00 or 01. For a public-key operation, it shall be 02.

The padding string PS shall consist of k-3-||D|| octets. For block
type 00, the octets shall have value 00; for block type 01, they
shall have value FF; and for block type 02, they shall be
pseudorandomly generated and nonzero. This makes the length of the
encryption block EB equal to k.

# 参考

1. 百度百科 PKCS
2. PKCS#1 RSA Encryption
3. PKCS#1 Encryption-block formatting
4. CSDN-为什么RSA公钥每次加密得到的结果都不一样？
5. why-are-rsa-ciphertexts-different-for-the-same-plaintext