RSA-OAEP is secure under the RSA assumption

被引:77
|
作者
Fujisaki, E
Okamoto, T
Pointcheval, D
Stern, J
机构
[1] NTT Labs, Yokosuka, Kanagawa, Japan
[2] ENS, CNRS, Dept Informat, F-75230 Paris 05, France
来源
JOURNAL OF CRYPTOLOGY | 2004年 / 17卷 / 02期
关键词
public-key encryption; provable security; RSA; OAEP;
D O I
10.1007/s00145-002-0204-y
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven Secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) one-wayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.
引用
收藏
页码:81 / 104
页数:24
相关论文
共 50 条
  • [41] All-But-Many Lossy Trapdoor Functions under Decisional RSA Subgroup Assumption and Application
    Cao, Nanyuan
    Cao, Zhenfu
    Liu, Zhen
    Dong, Xiaolei
    Zhao, Xiaopeng
    [J]. COMPUTER JOURNAL, 2019, 62 (08): : 1148 - 1157
  • [42] CCA SECURE CERTIFICATELESS ENCRYPTION SCHEMES BASED ON RSA
    Vivek, S. Sree
    Selvi, S. Shamila Deva
    Rangan, C. Pandu
    [J]. SECRYPT 2011: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2011, : 208 - 217
  • [43] Secure Convertible Authenticated Encryption Scheme Based on RSA
    Wu, Tzong-Sun
    Lin, Han-Yu
    [J]. INFORMATICA-JOURNAL OF COMPUTING AND INFORMATICS, 2009, 33 (04): : 481 - 486
  • [44] Secure digital certificate design based on the RSA algorithm
    [J]. Zhong, Y. (ashunjz@sohu.com), 1600, Digital Information Research Foundation, 2 Srinivasamoorthy Avenue, L.B Road, Adyar, Chennai, 600 020, India (11):
  • [45] Improved secure RSA cryptosystem for data confidentiality in cloud
    Thangavel M.
    Varalakshmi P.
    [J]. Thangavel, M. (thangavelmuruganme@gmail.com), 1600, Inderscience Publishers, 29, route de Pre-Bois, Case Postale 856, CH-1215 Geneva 15, CH-1215, Switzerland (09): : 261 - 277
  • [46] Image Steganography using RSA Algorithm for Secure Communication
    Preksha, B.
    Harish, Rishika
    Sreenivas, B.
    Vasanthalakshmi, M.
    [J]. 2021 IEEE INTERNATIONAL CONFERENCE ON MOBILE NETWORKS AND WIRELESS COMMUNICATIONS (ICMNWC), 2021,
  • [47] Secure batch verification protocol for RSA signature scheme
    Jia, ZP
    Li, QC
    Li, ZC
    [J]. CHINESE JOURNAL OF ELECTRONICS, 2005, 14 (01) : 54 - 57
  • [48] Digital RSA versus manual RSA
    Valstar, ER
    Vrooman, HA
    Toksvig-Larsen, S
    Ryd, L
    Nelissen, RGHH
    [J]. SIROT 99, 1999, : 363 - 368
  • [49] OAEP Is Secure under Key-Dependent Messages
    Backes, Michael
    Duermuth, Markus
    Unruh, Dominique
    [J]. ADVANCES IN CRYPTOLOGY - ASIACRYPT 2008, 2008, 5350 : 506 - 523
  • [50] An Efficient Synchronized Aggregate Signature Scheme From Standard RSA Assumption
    Quo, Xinshun
    Wang, Zhiwei
    [J]. INTERNATIONAL JOURNAL OF FUTURE GENERATION COMMUNICATION AND NETWORKING, 2014, 7 (03): : 229 - 240
12345