RSA-OAEP is Secure under the RSA Assumption
ثبت نشده
چکیده
منابع مشابه
RSA–REACT: An Alternative to RSA–OAEP
The last few months, several new results appeared about the OAEP construction, and namely the RSA–OAEP cryptosystem. Whereas OAEP was believed to provide the highest security level (IND-CCA2), with an efficient exact security level, the effective security result had been showed to be incomplete. Nevertheless, the particular instantiation with RSA (which is anyway almost the sole application) ha...
متن کاملRSA { REACT : An Alternative to RSA {
The last few months, several new results appeared about the OAEP construction , and namely the RSA{OAEP cryptosystem. Whereas OAEP was believed to provide the highest security level (IND-CCA2), with an eecient exact security level, the eeective security result had been showed to be incomplete. Nevertheless, the particular instantiation with RSA (which is anyway almost the sole application) had ...
متن کاملStrengthening Security of RSA-OAEP
OAEP is one of the few standardized and widely deployed public-key encryption schemes. It was designed by Bellare and Rogaway as a scheme based on a trapdoor permutation such as RSA. RSA-OAEP is standardized in RSA’s PKCS #1 v2.1 and is part of several standards. RSA-OAEP was shown to be IND-CCA secure in the random oracle model under the standard RSA assumption. However, the reduction is not t...
متن کاملWhat Hashes Make RSA-OAEP Secure?
Firstly, we demonstrate a pathological hash function choice that makes RSA-OAEP insecure. This shows that at least some security property is necessary for the hash functions used in RSAOAEP. Nevertheless, we conjecture that only some very minimal security properties of the hash functions are actually necessary for the security of RSA-OAEP. Secondly, we consider certain types of reductions that ...
متن کاملHD{RSA: Hybrid Dependent RSA a New Public-Key Encryption Scheme
This paper describes a new hybrid RSA-based public-key encryption scheme, the HD-RSA. It relies on the recently proposed Dependent{RSA problem, which can be proven as di cult as the original RSA problem, in some circumstances. The basic scheme, using the \one-time pad" symmetric encryption, provides a both very e cient scheme and secure relative to the sole Dependent{RSA problem. A more general...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002