CryptoDB
An OAEP Variant With a Tight Security Proof
Authors: | |
---|---|
Download: | |
Abstract: | We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if $f$ is a one-way trapdoor function that is hard to invert, then OAEP++ combined with $f$ is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against $f$-OAEP++ can be extended to an $f$-inverter with a running time linear in the number of oracle queries. |
BibTeX
@misc{eprint-2002-11558, title={An OAEP Variant With a Tight Security Proof}, booktitle={IACR Eprint archive}, keywords={public-key cryptography / RSA , public-key cryptography}, url={http://eprint.iacr.org/2002/034}, note={This paper has not been published elsewhere. jjonsson@rsasecurity.com 11764 received 18 Mar 2002}, author={Jakob Jonsson}, year=2002 }