Abstract
Currently, the best and only evidence of the security of the OAEP encryption scheme is a proof in the contentious random oracle model. Here we give further arguments in support of the security of OAEP. We first show that partial instantiations, where one of the two random oracles used in OAEP is instantiated by a function family, can be provably secure (still in the random oracle model). For various security statements about OAEP we specify sufficient conditions for the instantiating function families that, in some cases, are realizable through standard cryptographic primitives and, in other cases, may currently not be known to be achievable but appear moderate and plausible. Furthermore, we give the first non-trivial security result about fully instantiated OAEP in the standard model, where both oracles are instantiated simultaneously. Namely, we show that instantiating both random oracles in OAEP by modest functions implies non-malleability under chosen plaintext attacks for random messages. We also discuss the implications, especially of the full instantiation result, to the usage of OAEP for secure hybird encryption (as required in SSL/TLS, for example). © 2006 Springer-Verlag.
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
Cite
CITATION STYLE
Boldyreva, A., & Fischlin, M. (2006). On the security of OAEP. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4284 LNCS, pp. 210–225). https://doi.org/10.1007/11935230_14
Readers' Seniority
Readers' Discipline
