Skip to content

Textbook RSA

NEVER USE DIRECTLY

RSA in its raw form: real primes, real modular exponentiation, real key generation β€” but no padding. See exactly why determinism makes textbook RSA completely insecure.

Do not use textbook RSA for real data
Textbook RSA is deterministic. The same plaintext always produces the same ciphertext, enabling trivial chosen-plaintext attacks. Real-world RSA requires OAEP padding β€” see Panel 2.

Step 1 β€” Generate RSA Key Parameters

Generate real prime numbers p and q, then compute all RSA parameters step by step. Use small primes (~32-bit) for visual clarity, or 2048-bit for real cryptographic strength.

Side-by-Side β€” Textbook vs OAEP, Same Plaintext, Twice Each

Encrypt the same plaintext twice with textbook RSA and twice with RSA-OAEP. Compare byte-by-byte. Textbook collides on every byte (deterministic). OAEP differs on every byte (randomized). This is the single picture that makes "use OAEP" non-negotiable.

Why Textbook RSA Is Broken

  • Deterministic: Same plaintext always β†’ same ciphertext. Attacker can build an encryption oracle and test known messages.
  • Homomorphic weakness: c₁ Β· cβ‚‚ mod n = Enc(m₁ Β· mβ‚‚) β€” ciphertexts can be multiplied to produce the encryption of the product.
  • Small message space: Low-entropy messages (like symmetric keys) are vulnerable to brute-force with an encryption oracle.
  • No ciphertext integrity: Any integer is a valid ciphertext β€” malleability attacks are trivial.
RFC 8017 (PKCS#1 v2.2), Section 7.1 β€” RSA-OAEP is the recommended encryption scheme. Textbook RSA is described only to explain the mathematical structure.