Electronic code book (ECB) cipher chaining

Question

I need to implement RSA algorithm using ECB (Electronic Code Book) as a school assignment. I know that ECB is bad and I should never use such thing in real life, but I have no other option here (we will eventually turn it to CBC and then move forward to AES, but at the moment I need to use ECB).

I've stumbled upon an issue with chaining the encrypted blocks: let's say I have a key of size 256 bits, and as a result I set each block size to be have 256 bits (block size = key size). I also make sure to pad the last block in case its size is smaller. The problem is that the encrypted block result size varies, so I don't know how to chain the result, so that when I decrypt the data I would know exactly when a block starts and when a block ends. What is the common thing to do in such event? I thought about putting some kind of delimiter between each block, but I think it's a lousy solution.

Answer 1

RSA uses internal padding, so you don't need to pad the input. RSA encryption can normally be performed in two different padding modes: OAEP and PKCS#1.5 padding. Both add substantial padding to each block. This is different from e.g. AES padding, where the padding is only performed on the last block to be encrypted. Also different is that the security of RSA heavily relies on the padding, so it must be performed.

Now, because each block is padded, obviously the plain text that fits into the block is less then the key size (the size of the modulus). In other words, the block size is smaller than the key size. In the case of PKCS#1.5 it is 11 bytes less than the key size (if this is on a byte boundary at least). Keeping to a slightly higher (say up to 19 bytes) block size would be better regarding security though, 8 bytes of the padding should be (secure) random bytes.

With Java you can actually ask the block size from the Cipher object, and for RSA it will correctly subtract the overhead from the key size. Otherwise you will have to calculate it yourself. As said, you don't require padding of the last block, the block padding will fill the last block for you.

Note that the RSA PKCS#1 specifications are a free download. So you can do the calculations yourself for the (tougher) OAEP padding. For your particular assignment I would keep to 1.5 padding though.

Answer 2

ECB is a block cipher mode of operation. RSA is a public key encryption scheme, not a block cipher, so "RSA in ECB mode" doesn't really make sense. I suspect something must've gotten mixed up somewhere between your original assignment and your description of it here.

In any case, the output length of an actual block cipher is always constant (and equal to the input block length). One thing that might be confusing you is that the encrypted output can occasionally contain null bytes, so you cannot treat it as a null-terminated string. Just treat the output as a fixed-length block of binary data and you'll be fine.