Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CRYPTO
2001
Springer
2001
Springer
RSA-OAEP Is Secure under the RSA Assumption
Recently Victor Shoup noted that there is a gap in the widely-believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) one-wayness, it follows that the security of RSA–OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight. This is a revised version, with improvements, of the original archive paper “RSA–OAEP is Still Alive” (November 27th 2000)
Real-time TrafficAdaptive Chosen-ciphertext Attacks | CRYPTO 2001 | Cryptology | Partial-domain One-wayness | Security |
Related Content
| Added | 28 Jul 2010 |
| Updated | 28 Jul 2010 |
| Type | Conference |
| Year | 2001 |
| Where | CRYPTO |
| Authors | Eiichiro Fujisaki, Tatsuaki Okamoto, David Pointcheval, Jacques Stern |
Comments (0)
Researcher Info
|
