RSA-OAEP Is Secure under the RSA Assumption

被引:0
|
作者
Eiichiro Fujisaki
Tatsuaki Okamoto
David Pointcheval
Jacques Stern
机构
[1] NTT Labs,
[2] 1-1 Hikarino-oka,undefined
[3] Yokosuka-shi 239-0847,undefined
[4] Département d’Informatique,undefined
[5] ENS – CNRS,undefined
[6] 45 rue d’Ulm,undefined
[7] 75230 Paris Cedex 05,undefined
来源
Journal of Cryptology | 2004年 / 17卷
关键词
Public-key encryption; Provable security; RSA; OAEP;
D O I
暂无
中图分类号
学科分类号
摘要
Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) onewayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.
引用
收藏
页码:81 / 104
页数:23
相关论文
共 50 条
  • [21] Signature scheme based on the strong RSA assumption
    Wang, Bao-You
    Hu, Yun-Fa
    Ruan Jian Xue Bao/Journal of Software, 2002, 13 (08): : 1729 - 1734
  • [22] Short and Stateless Signatures from the RSA Assumption
    Hohenberger, Susan
    Waters, Brent
    ADVANCES IN CRYPTOLOGY - CRYPTO 2009, 2009, 5677 : 654 - +
  • [23] Signature schemes based on the strong RSA assumption
    Cramer, R
    Shoup, V
    6TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 1999, : 46 - 51
  • [24] A Simple Secure Signature Scheme Based on the Strong RSA Assumption without Random Oracle Model
    Naji, Akram
    Abu Hasan, Yahya
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (11): : 159 - 162
  • [25] Identity-Based Provable Data Possession From RSA Assumption for Secure Cloud Storage
    Ni, Jianbing
    Zhang, Kuan
    Yu, Yong
    Yang, Tingting
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (03) : 1753 - 1769
  • [26] Security Proof of Identity-based Signature under RSA Assumption, Reconsidered
    Kimura, Shogo
    Yoneyama, Kazuki
    PROCEEDINGS OF 2016 INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY AND ITS APPLICATIONS (ISITA 2016), 2016, : 86 - 90
  • [27] New signature scheme based on the strong RSA assumption
    State Key Lab. of Integrated Service Networks, Xidian Univ., Xi'an 710071, China
    不详
    不详
    Xi'an Dianzi Keji Daxue Xuebao, 2007, 4 (634-637):
  • [28] Space Efficient Signature Schemes from the RSA Assumption
    Yamada, Shota
    Hanaoka, Goichiro
    Kunihiro, Noboru
    PUBLIC KEY CRYPTOGRAPHY - PKC 2012, 2012, 7293 : 102 - 119
  • [29] A New Group Signature Scheme Based on RSA Assumption
    Yang, Chou-Chen
    Chan, Ting-Yi
    Hwang, Min-Shiang
    INFORMATION TECHNOLOGY AND CONTROL, 2013, 42 (01): : 61 - 66
  • [30] Cryptanalysis of the RSA Subgroup Assumption from TCC 2005
    Coron, Jean-Sebastien
    Joux, Antoine
    Mandal, Avradip
    Naccache, David
    Tibouchi, Mehdi
    PUBLIC KEY CRYPTOGRAPHY - PKC 2011, 2011, 6571 : 147 - +
12345