I'm new in cryptography and there are a couple of things that i'm not sure if i understand correctly.

First, when using padding (PKCS or OAEP), if the chiphertext has errors in transmission we'll we always get an error at the decyption process? Will it detect all errors, or is there a possibility that a certain combination of errors will result in a decryption but with a false result in plaintext?

Second, if no padding is used, (i believe it is called vanilla rsa?) and there are errors on the ciphertext, then the decryption will work any time but will give wrong results instead of the original encrypted plaintext?

Finally with padding or not, with no errors on ciphertext and by using a wrong private key will we get an error in decryption or just a false decrypted plaintext?

First, when using padding (PKCS or OAEP), if the chiphertext has errors in transmission we'll we always get an error at the decyption process?

Yes, with extremely high probability. This is basically a chosen ciphertext attack and RSA-OAEP is fully immune to them, so the odds that you won't detect this attack (a.k.a. "error") are extremely low (below $2^{-128}$).

Will it detect all errors, or is there a possibility that a certain combination of errors will result in a decryption but with a false result in plaintext?

This is possible but extremely unlikely, again due to the IND-CCA2 security of RSA-OAEP.

Second, if no padding is used, (i believe it is called vanilla rsa?) and there are errors on the ciphertext, then the decryption will work any time but will give wrong results instead of the original encrypted plaintext?

Sometimes it's called "textbook RSA", "plain RSA" or "unpadded RSA".

If you follow the textbook RSA description, any errors will change the value of the ciphertext, resulting in a different number being decoded, resulting in an (unrelated) decryption, which will always work. If the error is malicious it could be exploited, depending on the reaction of the system.

Finally with padding or not, with no errors on ciphertext and by using a wrong private key will we get an error in decryption or just a false decrypted plaintext?

If you use a wrong private key $d$, which, by definition, doesn't satisfy $ed\equiv 1 \pmod{\lambda(n)}$, you'll decrypt a wrong message, which will lead to a verification error for OAEP and to a simple wrong message for unpadded RSA.

- +0 – Thank you for the detailed responce. Only one more clarification on the first question. Only OAEP is using IND-CCA2 and is capable of detecting all errors in ciphertext, or is there a version of PKCS that can too? — Feb 20, 2016 at 09:36
- +0 – @alf IND-CCA2 is a property of RSA-OAEP (= it resists all chosen ciphertext attacks). OAEP is actually the currently recommended encryption mode in PKCS#1 v2 (and more recent versions). The old PKCS#1 v1.5 schemes either weren't secure (no padding) or could be broken. — Feb 20, 2016 at 19:39
- +0 – First question is related to channel coding. If channel is too noisy, Symbols has error and can't recreate bitstream properly. So, before it reaches to application layer, packet will be rejected by lower layers. Now let's say if error correction by other layers are not accurate (extremely less likely) , and it reaches to decryptor, then it up the the encryption scheme to reject. In standard encryption scheme it will reject and send error response. — Dec 29, 2020 at 13:24