In this exercise, we illustrate the problem of using nonprobabilistic cryptosystems, such as schoolbook RSA, imprudently. Nonprobabilistic means that the same sequence of plaintext letters maps to the same ciphertext. This allows traffic analysis (i.e., to draw some conclusion about the cleartext by merely observing the ciphertext) and in some cases even to the total break of the cryptoystem. The latter holds especially if the number of possible plaintexts is small. Suppose the following situation
Alice wants to send a message to Bob encrypted with his public key pair (n,e). Therefore, she decides to use the ASCII table to assign a number to each character
1. Oscar eavesdrops on the transferred ciphertext. Describe how he can successfully decrypt the message by exploiting the nonprobabilistic property of RSA.
2. Bob's RSA public key is (n,e)=(3763,11). Decrypt the ciphertext
y = 2514,1125,333,3696,2514,2929,3368,2514
with the attack proposed in 1. For simplification, assume that Alice only chose capital letters A-Z during the encryption.
3. Is the attack still possible if we use the OAEP padding? Exactly explain your answer