What Hashes Make RSA-OAEP Secure?

RSA–REACT: An Alternative to RSA–OAEP

The last few months, several new results appeared about the OAEP construction, and namely the RSA–OAEP cryptosystem. Whereas OAEP was believed to provide the highest security level (IND-CCA2), with an efficient exact security level, the effective security result had been showed to be incomplete. Nevertheless, the particular instantiation with RSA (which is anyway almost the sole application) ha...

RSA-OAEP is Secure under the RSA Assumption

RSA { REACT : An Alternative to RSA {

The last few months, several new results appeared about the OAEP construction , and namely the RSA{OAEP cryptosystem. Whereas OAEP was believed to provide the highest security level (IND-CCA2), with an eecient exact security level, the eeective security result had been showed to be incomplete. Nevertheless, the particular instantiation with RSA (which is anyway almost the sole application) had ...

Strengthening Security of RSA-OAEP

OAEP is one of the few standardized and widely deployed public-key encryption schemes. It was designed by Bellare and Rogaway as a scheme based on a trapdoor permutation such as RSA. RSA-OAEP is standardized in RSA’s PKCS #1 v2.1 and is part of several standards. RSA-OAEP was shown to be IND-CCA secure in the random oracle model under the standard RSA assumption. However, the reduction is not t...

Simplified OAEP for the RSA and Rabin Functions

Optimal Asymmetric Encryption Padding (OAEP) is a technique for converting the RSA trapdoor permutation into a chosen ciphertext secure system in the random oracle model. OAEP padding can be viewed as two rounds of a Feistel network. We show that for the Rabin and RSA trapdoor functions a much simpler padding scheme is sufficient for chosen ciphertext security in the random oracle model. We sho...