A Note on the Security of the OAEP - Enhanced RSA Public - Key Encryption Scheme
نویسنده
چکیده
In choosing between different public-key encryption schemes, the two most important issues to consider are (1) security and (2) cost (practicality). The latter issue is readily quantified and most experts can agree on which systems are likely to offer performance advantages. Our purpose in this note is to clarify the primary considerations involved in analyzing security, as assessing the security of different cryptosystems is far less straightforward than determining their cost.
منابع مشابه
Lecture 14 - CCA Security
The OAEP encryption scheme was introduced by Bellare and Rogaway at Eurocrypt ’94. It converts any trapdoor permutation scheme into a public-key encryption scheme. OAEP is widely believed to provide resistance against adaptive chosen ciphertext attack. The main justification for this belief is a supposed proof of security in the random oracle model, assuming the underlying trapdoor permutation ...
متن کاملStrengthening Security of RSA-OAEP
OAEP is one of the few standardized and widely deployed public-key encryption schemes. It was designed by Bellare and Rogaway as a scheme based on a trapdoor permutation such as RSA. RSA-OAEP is standardized in RSA’s PKCS #1 v2.1 and is part of several standards. RSA-OAEP was shown to be IND-CCA secure in the random oracle model under the standard RSA assumption. However, the reduction is not t...
متن کاملREACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosen-ciphertext secure encryption scheme from any trapdoor one-way permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model: it is optimal from both the computational and the security points of view. In...
متن کاملHD{RSA: Hybrid Dependent RSA a New Public-Key Encryption Scheme
This paper describes a new hybrid RSA-based public-key encryption scheme, the HD-RSA. It relies on the recently proposed Dependent{RSA problem, which can be proven as di cult as the original RSA problem, in some circumstances. The basic scheme, using the \one-time pad" symmetric encryption, provides a both very e cient scheme and secure relative to the sole Dependent{RSA problem. A more general...
متن کاملOn the Selective Opening Security of Practical Public-Key Encryption Schemes
We show that two well-known and widely employed public-key encryption schemes – RSA Optimal Asymmetric Encryption Padding (RSA-OAEP) and Diffie-Hellman Integrated Encryption Standard (DHIES), the latter one instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model...
متن کامل