gfybnguyukhmhuiiuhnmu78uikjnukjnmiujkOAEP_in_RSA_Presentation.pptx
MsAGOMATHYASSISTANTP
5 views
15 slides
Oct 31, 2025
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
=
Slide Content
Optimal Asymmetric Encryption Padding (OAEP) in RSA Postgraduate Presentation Prepared by: Ms. A. Gomathy Department of Computer Science and Engineering
Introduction to RSA • RSA is an asymmetric cryptographic algorithm. • It uses a pair of keys: Public key (encryption) and Private key (decryption). • Plain RSA is deterministic – the same plaintext produces the same ciphertext. • This makes it vulnerable to chosen-plaintext attacks. • Padding schemes like OAEP improve RSA’s security.
Need for Padding in RSA • Without padding, RSA is not semantically secure. • Predictable ciphertexts can leak information. • Padding introduces randomness into encryption. • Ensures two encryptions of the same message produce different ciphertexts. • Prevents dictionary and replay attacks.
What is OAEP? • OAEP stands for Optimal Asymmetric Encryption Padding. • Introduced by Bellare and Rogaway in 1994. • It combines a message with random data using hash-based masks. • Designed to make RSA encryption probabilistic and secure under chosen plaintext attacks. • Standardized in PKCS#1 v2.0.
OAEP Components • Message (M): The plaintext to encrypt. • Random seed (r): Randomly generated bit string. • Hash function (G, H): Used to create masks. • Mask Generation Function (MGF1): Expands input to desired length. • XOR operations: Combine masks with data to hide information.
OAEP Encoding Process 1. Start with message M and random seed r. 2. Generate a mask for M using G(r). 3. XOR M with G(r) to produce masked message. 4. Generate a mask for r using H(masked message). 5. XOR r with H(masked message) to produce masked seed. 6. Concatenate masked seed || masked message for encryption.
OAEP Decoding Process 1. Split the ciphertext block into masked seed and masked message. 2. Recover r by XORing masked seed with H(masked message). 3. Recover message by XORing masked message with G(r). 4. Verify correctness and remove padding. 5. Output original message M.
Mathematical Representation Let M be the message and r the random seed. Encoding: X = M ⊕ G(r) Y = r ⊕ H(X) Encoded = X || Y Decoding: r = Y ⊕ H(X) M = X ⊕ G(r)
Mask Generation Function (MGF1) • MGF1 is a deterministic algorithm based on a hash function. • Expands a fixed-length seed into an arbitrary-length mask. • Example: MGF1(SHA-256, seed, maskLen) • Ensures uniform randomness distribution across data blocks.
Example of OAEP with RSA Given: • Message M = 'HELLO' • Random seed r = 0xA1B2C3 Process: 1. Compute G(r) and H(M⊕G(r)). 2. Apply XOR to create masked message and masked seed. 3. Encrypt concatenated block using RSA public key. 4. Decrypt and reverse the process to recover 'HELLO'.
Security Benefits of OAEP • Provides semantic security (IND-CPA). • Protects against partial decryption attacks. • Prevents chosen-plaintext and replay attacks. • Randomized process ensures unique ciphertexts. • Enhances RSA’s theoretical and practical security.
Comparison: OAEP vs PKCS#1 v1.5 Feature | PKCS#1 v1.5 | OAEP ---------|---------------|------ Randomness | Partial | Full Security Level | Moderate | High Chosen Plaintext Attack | Vulnerable | Resistant Standardization | Older | PKCS#1 v2.0+ Mathematical Proof | Limited | Proven under RSA assumptions
OAEP in Practice • Widely used in modern cryptographic libraries. • Supported in RSA implementations like OpenSSL, Java, .NET, and Python. • Used for encrypting small data or symmetric keys (not bulk data). • Often combined with hybrid encryption (RSA-OAEP + AES).
Limitations of OAEP • Only applicable to RSA encryption (not signatures). • Relies on strong hash functions (e.g., SHA-256). • Sensitive to implementation errors. • Still requires proper key management for full security.
Summary and References • OAEP strengthens RSA by introducing randomness and masks. • Provides provable security against chosen plaintext attacks. • Essential in modern public-key cryptography. References: 1. Bellare, M., & Rogaway, P. (1994). Optimal Asymmetric Encryption. 2. PKCS #1 v2.2: RSA Cryptography Standard. 3. RFC 8017 - PKCS #1: RSA Cryptography Specifications.
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 5
- Slides 15
- Age 7 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
0 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
0 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
0 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
0 views
21
Know for Certain
0 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
0 views