## CryptoDB

### Paper: An OAEP Variant With a Tight Security Proof

Authors: Jakob Jonsson URL: http://eprint.iacr.org/2002/034 Search ePrint Search Google We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if $f$ is a one-way trapdoor function that is hard to invert, then OAEP++ combined with $f$ is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against $f$-OAEP++ can be extended to an $f$-inverter with a running time linear in the number of oracle queries.
##### BibTeX
@misc{eprint-2002-11558,
title={An OAEP Variant With a Tight Security Proof},
booktitle={IACR Eprint archive},
keywords={public-key cryptography / RSA , public-key cryptography},
url={http://eprint.iacr.org/2002/034},
note={This paper has not been published elsewhere. jjonsson@rsasecurity.com 11764 received 18 Mar 2002},
author={Jakob Jonsson},
year=2002
}