RSA-OAEP Is Secure under the RSA Assumption

被引：0

作者：

Eiichiro Fujisaki

Tatsuaki Okamoto

David Pointcheval

Jacques Stern

机构：

[1] NTT Labs,

[2] 1-1 Hikarino-oka,undefined

[3] Yokosuka-shi 239-0847,undefined

[4] Département d’Informatique,undefined

[5] ENS – CNRS,undefined

[6] 45 rue d’Ulm,undefined

[7] 75230 Paris Cedex 05,undefined

来源：

Journal of Cryptology | 2004年 / 17卷

关键词：

Public-key encryption; Provable security; RSA; OAEP;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) onewayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.

引用

页码：81 / 104

页数：23

共 50 条

[11] On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures
Schuldt, Jacob C. N.
Shinagawa, Kazumasa
PROCEEDINGS OF THE 2017 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIA CCS'17), 2017, : 241 - 252
[12] Analysis of Rabin-P and RSA-OAEP Encryption Scheme on Microprocessor Platform
Mazlisham, Muhammad Hafiz
Adnan, Syed Farid Syed
Isa, Mohd Anuar Mat
Mahad, Zahari
Asbullah, Muhammad Asyraf
IEEE 10TH SYMPOSIUM ON COMPUTER APPLICATIONS AND INDUSTRIAL ELECTRONICS (ISCAIE 2020), 2020, : 292 - 296
[13] The RSA Group Is Adaptive Pseudo-Free under the RSA Assumption
Fukumitsu, Masayuki
Hasegawa, Shingo
Isobe, Shuji
Shizuya, Hiroki
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2014, E97A (01) : 200 - 214
[14] Deniable Encryption based on Standard RSA with OAEP
Yajam, Habib Allah
Ahmadabadi, Younes Karimi
Akhaee, Mohammadali
2016 8TH INTERNATIONAL SYMPOSIUM ON TELECOMMUNICATIONS (IST), 2016, : 84 - 88
[15] The Attack of the RSA Subgroup Assumption
Weng, Jiang
Dou, Yun-Qi
Ma, Chuan-Gui
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2016, 32 (03) : 597 - 610
[16] On the strength of the strong RSA assumption
Itagaki, S
Mambo, M
Shizuya, H
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2003, E86A (05) : 1164 - 1170
[17] A forward-secure blind signature scheme based on the strong RSA assumption
Duc, DN
Cheon, JH
Kim, K
INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, 2003, 2836 : 11 - 21
[18] On the Impossibility of Proving Security of Strong-RSA Signatures via the RSA Assumption
Fukumitsu, Masayuki
Hasegawa, Shingo
Isobe, Shuji
Shizuya, Hiroki
INFORMATION SECURITY AND PRIVACY, ACISP 2014, 2014, 8544 : 290 - 305
[19] Certification of secure RSA keys
Blackburn, SR
Galbraith, SD
ELECTRONICS LETTERS, 2000, 36 (01) : 29 - 30
[20] Synchronized Aggregate Signatures from the RSA Assumption
Hohenberger, Susan
Waters, Brent
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2018, PT II, 2018, 10821 : 197 - 229

← 1 2 3 4 5 →