Sciweavers

ASIACRYPT
2006
Springer

On the Security of OAEP

14 years 3 months ago
On the Security of OAEP
Currently, the best and only evidence of the security of the OAEP encryption scheme is a proof in the contentious random oracle model. Here we give further arguments in support of the security of OAEP. We first show that partial instantiations, where one of the two random oracles used in OAEP is instantiated by a function family, can be provably secure (still in the random oracle model). For various security statements about OAEP we specify sufficient conditions for the instantiating function families that, in some cases, are realizable through standard cryptographic primitives and, in other cases, may currently not be known to be achievable but appear moderate and plausible. Furthermore, we give the first non-trivial security result about fully instantiated OAEP in the standard model, where both oracles are instantiated simultaneously. Namely, we show that instantiating both random oracles in OAEP by modest functions implies non-malleability under chosen plaintext attacks for random ...
Alexandra Boldyreva, Marc Fischlin
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ASIACRYPT
Authors Alexandra Boldyreva, Marc Fischlin
Comments (0)