Ciphertext Block Size for RSA Encryption

This section discusses what is the most efficient block size when packaging encrypted integers resulted from the RSA encryption operation on ciphertext blocks. The suggested block size is '1+floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.

The previous section, we figured out the best block size (can be called as cleartext block size) and padding schema for dividing the cleartext message into blocks for RSA encryption.

Now let's look that how we can package individual encrypted integers generated from cleartext message blocks into a ciphertext byte sequence.

We have 2 general options:

1. Convert encrypted integers into byte blocks with the minimum number of bytes for each integer. Then package byte blocks sequentially with block markers to separate them.

2. Convert encrypted integers into byte blocks with a equal number of bytes for each integer. Then package byte blocks sequentially with no block markers to separate them.

The option 2 seems to be better, because it avoids the trouble of designing the special block marker and informing the receiver of the encrypted message what the marker is.

If we go with option 2, we need to figure out what is the best block size for encrypted integer blocks. The only requirement is that the block must long enough to hold the highest possible encrypted integer, which is the RSA key modulus.

Base on this requirement, the best block size (can be called as ciphertext block size) for encrypted integer blocks is "ceiling(RsaKeySize/8)" in bytes, which can also be expressed as "1+floor((RsaKeySize-1)/8)" in bytes.

If we compare the ciphertext block size "1+floor((RsaKeySize-1)/8)" with the cleartext block size "min(floor((RsaKeySize-1)/8),256)", the ciphertext block size is always 1 byte larger, if the RSA key size is 2056 or less.

Last update: 2013.