scispace - formally typeset
Search or ask a question
Topic

Optimal asymmetric encryption padding

About: Optimal asymmetric encryption padding is a research topic. Over the lifetime, 299 publications have been published within this topic receiving 43101 citations. The topic is also known as: OAEP.


Papers
More filters
01 Mar 1998
TL;DR: This document describes a method for encrypting data using the RSA public-key cryptosystem to specify an Internet standard of any kind.
Abstract: This document describes a method for encrypting data using the RSA public-key cryptosystem. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.

118 citations

Book ChapterDOI
James Manger1
19 Aug 2001
TL;DR: In this article, an adaptive chosen ciphertext attack against PKCS #1 v20 RSA OAEP encryption is described, which recovers the plaintext -not the private key - from a given ciphertext in a little over log 2 n queries of an oracle implementing the algorithm, where n is the RSA modulus.
Abstract: An adaptive chosen ciphertext attack against PKCS #1 v20 RSA OAEP encryption is described It recovers the plaintext - not the private key - from a given ciphertext in a little over log2 n queries of an oracle implementing the algorithm, where n is the RSA modulus The high likelihood of implementations being susceptible to this attack is explained as well as the practicality of the attack Improvements to the algorithm to defend against the attack are discussed

116 citations

Book ChapterDOI
31 Oct 2016
TL;DR: In this paper, a hybrid encryption scheme is presented that is chosen ciphertext secure in the quantum random oracle model. But it is not secure against quantum adversaries. And it is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense.
Abstract: In this paper, we present a hybrid encryption scheme that is chosen ciphertext secure in the quantum random oracle model. Our scheme is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense. It is a slight modification of the Fujisaki-Okamoto transform that is secure against classical adversaries. In addition, we modify the OAEP-cryptosystem and prove its security in the quantum random oracle model based on the existence of a partial-domain one-way injective function secure against quantum adversaries.

116 citations

Journal ArticleDOI
TL;DR: In this paper, it was shown that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation.
Abstract: Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) onewayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight.

114 citations

Book ChapterDOI
18 Aug 2013
TL;DR: This paper provides a (standard-model) notion of security for (keyed) hash functions, called UCE, that it is shown enables instantiation of random oracles (ROs) in a fairly broad and systematic way.
Abstract: This paper provides a (standard-model) notion of security for (keyed) hash functions, called UCE, that we show enables instantiation of random oracles (ROs) in a fairly broad and systematic way. Goals and schemes we consider include deterministic PKE; message-locked encryption; hardcore functions; point-function obfuscation; OAEP; encryption secure for key-dependent messages; encryption secure under related-key attack; proofs of storage; and adaptively-secure garbled circuits with short tokens. We can take existing, natural and efficient ROM schemes and show that the instantiated scheme resulting from replacing the RO with a UCE function is secure in the standard model. In several cases this results in the first standard-model schemes for these goals. The definition of UCE-security itself is quite simple, asking that outputs of the function look random given some “leakage,” even if the adversary knows the key, as long as the leakage does not permit the adversary to compute the inputs.

111 citations

Network Information
Related Topics (5)
Public-key cryptography
27.2K papers, 547.7K citations
84% related
Cryptography
37.3K papers, 854.5K citations
80% related
Encryption
98.3K papers, 1.4M citations
79% related
Password
35K papers, 389.6K citations
78% related
Hash function
31.5K papers, 538.5K citations
77% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20211
20204
20192
20186
201714
201613