In the presence of oracle-dependent auxiliary input, the most important proof technique in the random oracle model - lazy sampling - does not apply directly. We present a theorem and a variant of the lazy sampling technique that allows one to perform proofs in the new model almost as easily as in the old one. As an application of our approach and to illustrate how existing proofs can be adapted, we prove that RSA-OAEP is IND-CCA2 secure in the random oracle model with oracle-dependent auxiliary input.
Category / Keywords: foundations / Random oracles, auxiliary input, proof techniques Publication Info: This is the full version of a paper appearing at Crypto 2007 Date: received 7 May 2007, last revised 8 Jun 2007 Contact author: unruh at cs uni-sb de Available format(s): PDF | BibTeX Citation Note: Minor corrections due to referee comments. Version: 20070608:161937 (All versions of this report) Discussion forum: Show discussion | Start new discussion