RSA-OAEP is secure under the RSA assumption

被引:79
|
作者
Fujisaki, E
Okamoto, T
Pointcheval, D
Stern, J
机构
[1] NTT Labs, Yokosuka, Kanagawa, Japan
[2] ENS, CNRS, Dept Informat, F-75230 Paris 05, France
来源
JOURNAL OF CRYPTOLOGY | 2004年 / 17卷 / 02期
关键词
public-key encryption; provable security; RSA; OAEP;
D O I
10.1007/s00145-002-0204-y
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven Secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) one-wayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.
引用
收藏
页码:81 / 104
页数:24
相关论文
共 50 条
  • [1] RSA-OAEP Is Secure under the RSA Assumption
    Eiichiro Fujisaki
    Tatsuaki Okamoto
    David Pointcheval
    Jacques Stern
    Journal of Cryptology, 2004, 17 : 81 - 104
  • [2] Instantiability of RSA-OAEP Under Chosen-Plaintext Attack
    Eike Kiltz
    Adam O’Neill
    Adam Smith
    Journal of Cryptology, 2017, 30 : 889 - 919
  • [3] How to Strengthen the Security of RSA-OAEP
    Boldyreva, Alexandra
    Imai, Hideki
    Kobara, Kazukuni
    IEEE TRANSACTIONS ON INFORMATION THEORY, 2010, 56 (11) : 5876 - 5886
  • [4] Instantiability of RSA-OAEP Under Chosen-Plaintext Attack
    Kiltz, Eike
    O'Neill, Adam
    Smith, Adam
    JOURNAL OF CRYPTOLOGY, 2017, 30 (03) : 889 - 919
  • [5] Toward RSA-OAEP Without Random Oracles
    Cao, Nairen
    O'Neill, Adam
    Zaheri, Mohammad
    PUBLIC-KEY CRYPTOGRAPHY - PKC 2020, PT I, 2020, 12110 : 279 - 308
  • [6] A Rational Secret-Sharing Scheme Based on RSA-OAEP
    Isshiki, Toshiyuki
    Wada, Koichiro
    Tanaka, Keisuke
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2010, E93A (01) : 42 - 49
  • [7] On the strength of the strong RSA assumption
    Itagaki, S
    Mambo, M
    Shizuya, H
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2003, E86A (05) : 1164 - 1170
  • [8] A Simple Secure Signature Scheme Based on the Strong RSA Assumption without Random Oracle Model
    Naji, Akram
    Abu Hasan, Yahya
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (11): : 159 - 162
  • [9] Deep learning to evaluate secure rsa implementations
    Carbone M.
    Conin V.
    Cornélie M.-A.
    Dassance F.
    Dufresne G.
    Dumas C.
    Prouff E.
    Venelli A.
    IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019, 2019 (02): : 132 - 161
  • [10] A-RSA: Augmented RSA
    Karakra, Abdallah
    Alsadeh, Ahmad
    PROCEEDINGS OF THE 2016 SAI COMPUTING CONFERENCE (SAI), 2016, : 1016 - 1023
12345