In cryptography, padding is any of a number of distinct practices which all include adding data to the beginning, middle, or end of a message prior to encryption.
This is a condensed sentence;
Block cipher modes like CBC and ECB require padding so that one can encrypt the message blocks properly - not all messages are multiple of the block size of the cipher. The common padding is PKCS#7 and applied in the end. Recently, the trend is on the modes like CTR that don't require padding. This removed one attack vector; padding oracle attack.
Public key encryption of RSA requires padding to be secure against attacks, in this case, data prefixed some fixed and random characters.
- OAEP : $\text{T=lhash||PS||01||Message}$
- PKCS#1.v5 : $\text{EM = 0x00 || 0x02 || PS || 0x00 || Message}$
While hashing, if we need concatanation of two string, we don't concatanate two strings in way of pure sting concatanation, rather we add some special delimeters so that we can pervent simple collision;
$$Hash(\texttt{abcd||efgh}) = Hash(\texttt{abc||defgh})$$ where $s_1 = abcd, s_2 = efgh, s_3 = abc, s_4 = defgh$ are 4 different string, still their concatanation creates the same hash value. To mitigate we apply some padding on the middle with some special values to the domain;
$$Hash(\texttt{abcd||<sperator>||efgh}) \neq Hash(\texttt{abc||<sperator>||defgh})$$ the change of collision is negligible for a good cryptographic hash.
In classical cryptography, padding may include adding nonsense phrases to a message to obscure the fact that many messages end in predictable ways.
This is due to the fact that we don't want to give an attacker known-plaintext where almost all classical algorithms were insecure against this.
Consider the Hill cipher of size $n$ and if the last block just contains one character from the message and if you fill the remaining with a fixed known value then you gave the adversary your key. They just need to solve the system of of equation 26 times to derive the encryption key.
As you can see that the padding is more about security and operationality.
Checksum seems to serve in the same way, which is added in the message, and the verifier verifies by sum and modular the pre-agreed divisor.
The checksum is about detecting errors. Here we distinguish checksum with integrity in cryptography where we use hash functions. Hash functions can provide error detection, however, they are more powerful than checksums.
Keep in mind that, although padding can indicate the errors, like PKCS#7 padding, that doesn't mean that the purpose is integrity ( or checksum) and interestingly, this error is used padding oracle attacks to decrypt messages on the servers that return the error.
