International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

An OAEP Variant With a Tight Security Proof

Authors:
Jakob Jonsson
Download:
URL: http://eprint.iacr.org/2002/034
Search ePrint
Search Google
Abstract: We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if $f$ is a one-way trapdoor function that is hard to invert, then OAEP++ combined with $f$ is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against $f$-OAEP++ can be extended to an $f$-inverter with a running time linear in the number of oracle queries.
BibTeX
@misc{eprint-2002-11558,
  title={An OAEP Variant With a Tight Security Proof},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / RSA , public-key cryptography},
  url={http://eprint.iacr.org/2002/034},
  note={This paper has not been published elsewhere. jjonsson@rsasecurity.com 11764 received 18 Mar 2002},
  author={Jakob Jonsson},
  year=2002
}