Cryptology ePrint Archive: Report 2002/034
An OAEP Variant With a Tight Security Proof
Abstract: We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if $f$ is a one-way trapdoor function that is hard to invert, then OAEP++ combined with $f$ is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against $f$-OAEP++ can be extended to an $f$-inverter with a running time linear in the number of oracle queries.
Category / Keywords: public-key cryptography / RSA , public-key cryptography
Publication Info: This paper has not been published elsewhere.
Date: received 18 Mar 2002
Contact author: jjonsson at rsasecurity com
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20020318:191608 (All versions of this report)
Short URL: ia.cr/2002/034
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]