Related Concepts
Definition
OAEP (for Optimal Asymmetric Encryption Padding) is the main standard padding for RSA (Rivest–Shamir–Adleman) Public-Key Encryption: a way to format the message before encryption in order to reach a higher security level.
Background
It has been noticed that the plain RSA public-Key Encryption [11] cannot be used directly for practical purpose, paddings are required, in order to rule out basic attacks.
Theory
The RSA–PKCS #1 v1.5 Encryption
A widely deployed padding for RSA-based encryption is defined in the PKCS #1 v1.5 standard (Public-Key Cryptography Standards): for any modulus \({2}^{8(k-1)} \leq n < {2}^{8k}\), in order to encrypt a message m, one defines the k-byte long string \(M = 02\|r\|0\|m\), where r is a string of randomly chosen nonzero bytes (at least 8). This block is thereafter encrypted with the RSA permutation, \(C = {M}^{e}{\rm mod}\,\,n\) (modular arithmetic). When decrypting a...
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st CCS. ACM Press, New York, 1993, pp 62–73
Bellare M, Rogaway P (1995) Optimal asymmetric encryption–how to encrypt with RSA. In: De Santi A (ed) Advances in cryptology–EUROCRYPT’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 92–111
Bleichenbacher D (1998) A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1. In: Krawazy H (ed) Advances in cryptology–CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 1–12
Blum M, Micali S (1984) How to generate cryptographically strong sequences of pseudorandom bits. SIAM J Comput 13: 850–864
Boneh D (2001) Simplified OAEP for the RSA and rabin functions. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 275–291
Fiat A, Shamir A (1987) How to prove yourself: Practical solutions of identification and signature problems. In: Odlyzko A (ed) Advances in cryptology–CRYPTO’86. Lecture notes in computer science, vol 263. Springer, Berlin, pp 186–194
Fujisaki E, Okamoto T, Pointcheval D, Stern J (2001) RSA–OAEP is secure under the RSA assumption. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 260–274
Naor M, Yung M (1989) Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st STOC. ACM Press, New York, pp 33–43
Rabin MO (1978). Digitalized signatures. In: Lipton R, De Millo R (eds) Foundations of secure computation. Academic, New York, pp 155–166
Rackoff C, Simon DR (1992). Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J (ed) Advances in cryptology–CRYPTO’91. Lecture notes in computer science, vol 576. Springer, Berlin, pp 433–444
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public key cryptosystems. Commun ACM 21(2):120–126
Shoup V (2001) OAEP reconsidered. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 239–259
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Pointcheval, D. (2011). OAEP: Optimal Asymmetric Encryption Padding. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_150
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_150
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering