RSA-OAEP is secure under the RSA assumption

被引:79
|
作者
Fujisaki, E
Okamoto, T
Pointcheval, D
Stern, J
机构
[1] NTT Labs, Yokosuka, Kanagawa, Japan
[2] ENS, CNRS, Dept Informat, F-75230 Paris 05, France
来源
JOURNAL OF CRYPTOLOGY | 2004年 / 17卷 / 02期
关键词
public-key encryption; provable security; RSA; OAEP;
D O I
10.1007/s00145-002-0204-y
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven Secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) one-wayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.
引用
收藏
页码:81 / 104
页数:24
相关论文
共 50 条
  • [21] Signature scheme based on the strong RSA assumption
    Wang, Bao-You
    Hu, Yun-Fa
    Ruan Jian Xue Bao/Journal of Software, 2002, 13 (08): : 1729 - 1734
  • [22] Short and Stateless Signatures from the RSA Assumption
    Hohenberger, Susan
    Waters, Brent
    ADVANCES IN CRYPTOLOGY - CRYPTO 2009, 2009, 5677 : 654 - +
  • [23] Signature schemes based on the strong RSA assumption
    Cramer, R
    Shoup, V
    6TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 1999, : 46 - 51
  • [24] A Simple Secure Signature Scheme Based on the Strong RSA Assumption without Random Oracle Model
    Naji, Akram
    Abu Hasan, Yahya
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (11): : 159 - 162
  • [25] Identity-Based Provable Data Possession From RSA Assumption for Secure Cloud Storage
    Ni, Jianbing
    Zhang, Kuan
    Yu, Yong
    Yang, Tingting
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (03) : 1753 - 1769
  • [26] Security Proof of Identity-based Signature under RSA Assumption, Reconsidered
    Kimura, Shogo
    Yoneyama, Kazuki
    PROCEEDINGS OF 2016 INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (ISITA 2016), 2016, : 86 - 90
  • [27] New signature scheme based on the strong RSA assumption
    State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an 710071, China
    不详
    不详
    Xi'an Dianzi Keji Daxue Xuebao, 2007, 4 (634-637):
  • [28] Space Efficient Signature Schemes from the RSA Assumption
    Yamada, Shota
    Hanaoka, Goichiro
    Kunihiro, Noboru
    PUBLIC KEY CRYPTOGRAPHY - PKC 2012, 2012, 7293 : 102 - 119
  • [29] A New Group Signature Scheme Based on RSA Assumption
    Yang, Chou-Chen
    Chan, Ting-Yi
    Hwang, Min-Shiang
    INFORMATION TECHNOLOGY AND CONTROL, 2013, 42 (01): : 61 - 66
  • [30] Cryptanalysis of the RSA Subgroup Assumption from TCC 2005
    Coron, Jean-Sebastien
    Joux, Antoine
    Mandal, Avradip
    Naccache, David
    Tibouchi, Mehdi
    PUBLIC KEY CRYPTOGRAPHY - PKC 2011, 2011, 6571 : 147 - +
12345