Related Concepts
Definition
OAEP (for Optimal Asymmetric Encryption Padding) is the main standard padding for RSA (Rivest–Shamir–Adleman) Public-Key Encryption: a way to format the message before encryption in order to reach a higher security level.
Background
It has been noticed that the plain RSA public-Key Encryption [11] cannot be used directly for practical purpose, paddings are required, in order to rule out basic attacks.
Theory
The RSA–PKCS #1 v1.5 Encryption
A widely deployed padding for RSA-based encryption is defined in the PKCS #1 v1.5 standard (Public-Key Cryptography Standards): for any modulus \({2}^{8(k-1)} \leq n < {2}^{8k}\), in order to encrypt a message m, one defines the k-byte long string \(M = 02\|r\|0\|m\), where r is a string of randomly chosen nonzero bytes (at least 8). This block is thereafter encrypted with the RSA permutation, \(C = {M}^{e}{\rm mod}\,\,n\) (modular arithmetic). When decrypting a...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st CCS. ACM Press, New York, 1993, pp 62–73
Bellare M, Rogaway P (1995) Optimal asymmetric encryption–how to encrypt with RSA. In: De Santi A (ed) Advances in cryptology–EUROCRYPT’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 92–111
Bleichenbacher D (1998) A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1. In: Krawazy H (ed) Advances in cryptology–CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 1–12
Blum M, Micali S (1984) How to generate cryptographically strong sequences of pseudorandom bits. SIAM J Comput 13: 850–864
Boneh D (2001) Simplified OAEP for the RSA and rabin functions. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 275–291
Fiat A, Shamir A (1987) How to prove yourself: Practical solutions of identification and signature problems. In: Odlyzko A (ed) Advances in cryptology–CRYPTO’86. Lecture notes in computer science, vol 263. Springer, Berlin, pp 186–194
Fujisaki E, Okamoto T, Pointcheval D, Stern J (2001) RSA–OAEP is secure under the RSA assumption. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 260–274
Naor M, Yung M (1989) Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st STOC. ACM Press, New York, pp 33–43
Rabin MO (1978). Digitalized signatures. In: Lipton R, De Millo R (eds) Foundations of secure computation. Academic, New York, pp 155–166
Rackoff C, Simon DR (1992). Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J (ed) Advances in cryptology–CRYPTO’91. Lecture notes in computer science, vol 576. Springer, Berlin, pp 433–444
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public key cryptosystems. Commun ACM 21(2):120–126
Shoup V (2001) OAEP reconsidered. In: Kilian J (ed) Advances in cryptology–CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 239–259
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Pointcheval, D. (2011). OAEP: Optimal Asymmetric Encryption Padding. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_150
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_150
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering