Paper 2002/034

An OAEP Variant With a Tight Security Proof

Jakob Jonsson

Abstract

We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if $f$ is a one-way trapdoor function that is hard to invert, then OAEP++ combined with $f$ is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against $f$-OAEP++ can be extended to an $f$-inverter with a running time linear in the number of oracle queries.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. This paper has not been published elsewhere.
Keywords
RSApublic-key cryptography
Contact author(s)
jjonsson @ rsasecurity com
History
2002-03-18: received
Short URL
https://ia.cr/2002/034
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2002/034,
      author = {Jakob Jonsson},
      title = {An OAEP Variant With a Tight Security Proof},
      howpublished = {Cryptology ePrint Archive, Paper 2002/034},
      year = {2002},
      note = {\url{https://eprint.iacr.org/2002/034}},
      url = {https://eprint.iacr.org/2002/034}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.