Cleartext Block Size for RSA Encryption

This section discusses what is the most efficient block size when dividing a Cleartext message into blocks for RSA public encryption. The suggested block size is 'floor((x-1)/8)', where 'x' is the RSA key size, or the key modulus bit length.

In the previous section, we learned how to convert a byte sequence into a positive integer, so that it can be encrypted by the RSA public key.

But what happens if the converted positive integer is too large? We know that the RSA public key encryption algorithm will not work on integers that are greater than the modulus of the RSA key.

To resolve this problem, we have to divide the cleartext byte sequence into blocks, and convert each block into a positive number smaller than the modulus of the RSA so it can be encrypted correctly. The next question is then, what block size should we use?

One option is use 1 byte as the block size. This will ensure that the converted integer is in the range of 0 and 255. Any RSA key with a modulus value greater than 255 will work on 1-byte blocks. In other words, any RSA key with a key size of 9 bites or higher will work 1-byte blocks.

However, if we have a RSA key with a much higher key size, like 2048 bites, using 1-byte blocks is not that efficient. This is because larger blocks can be used with larger keys to reduce the number of blocks to reduce the total encryption time and ciphertext data size.

Let's use a RSA key with 2048 bits with a cleartext byte sequence of 200 bytes to see the impact of using different block size.

1. If we set the block size to 1 byte, we will have:

2. If we set the block size to 200 bytes, we will have:

Obviously, using 200-bytes as the block size is much more efficient than 1-byte block size. This means the higher block size, the more efficient.

So we need to find the highest block size allowed for a given RSA key with x bits key size. This can be calculated as: "floor((x-1)/8)" in bytes. The resulting block size is at least 1 bit less than the RSA key bit length, which ensures that the integer value in each block is smaller than the key modulus.

Note that, we cannot use a block size that is the same bit length as the RSA key, because the result block may represent an integer greater than the key modulus. For example, block value 0xF0000000 is greater than a key modulus 0xEC134ECB. But their bit length is the same, 32 bits, 4 bytes.

Last update: 2013.

Table of Contents

 About This Book

 Cryptography Terminology

 Cryptography Basic Concepts

 Introduction to AES (Advanced Encryption Standard)

 Introduction to DES Algorithm

 DES Algorithm - Illustrated with Java Programs

 DES Algorithm Java Implementation

 DES Algorithm - Java Implementation in JDK JCE

 DES Encryption Operation Modes

 DES in Stream Cipher Modes

 PHP Implementation of DES - mcrypt

 Blowfish - 8-Byte Block Cipher

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

 Introduction of RSA Algorithm

RSA Implementation using java.math.BigInteger Class

 java.Math.BigInteger Class

 Generating Prime Number with BigInteger Class

 Performance of Prime Number Generation

 RSA Encryption Implementation using BigInteger Class for RSA Key Generation

 RSA Keys Generated by for RSA Key Validation

 64-bit RSA Key Validated by

 Converting Byte Sequences to Positive Integers

Cleartext Block Size for RSA Encryption

 Cleartext Message Padding and Revised Block Size

 Ciphertext Block Size for RSA Encryption for RSA Encryption Operation for RSA Decryption Operation

 Testing with a 16-bit Key

 Testing with a 64-bit Key

 Testing with a 3072-bit Key

 Introduction of DSA (Digital Signature Algorithm)

 Java Default Implementation of DSA

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Cipher - Public Key Encryption and Decryption

 MD5 Mesasge Digest Algorithm

 SHA1 Mesasge Digest Algorithm

 OpenSSL Introduction and Installation

 OpenSSL Generating and Managing RSA Keys

 OpenSSL Managing Certificates

 OpenSSL Generating and Signing CSR

 OpenSSL Validating Certificate Path

 "keytool" and "keystore" from JDK

 "OpenSSL" Signing CSR Generated by "keytool"

 Migrating Keys from "keystore" to "OpenSSL" Key Files

 Certificate X.509 Standard and DER/PEM Formats

 Migrating Keys from "OpenSSL" Key Files to "keystore"

 Using Certificates in IE (Internet Explorer)

 Using Certificates in Firefox

 Using Certificates in Google Chrome

 Outdated Tutorials


 PDF Printing Version