Abstract
Optimal Asymmetric Encryption Padding (OAEP) is a technique for converting the RSA trapdoor permutation into a chosen cipher-text secure system in the random oracle model. OAEP padding can be viewed as two rounds of a Feistel network. We show that for the Rabin and RSA trapdoor functions a much simpler padding scheme is sufficient for chosen ciphertext security in the random oracle model. We show that only one round of a Feistel network is sufficient. The proof of security uses the algebraic properties of the RSA and Rabin functions.
Supported by NSF and the Packard Foundation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, In ACM conference on Computers and Communication Security, pp. 62–73, 1993.
M. Bellare, P. Rogaway, “Optimal asymmetric encryption”, Eurocrypt’ 94, pp. 92–111, 1994.
M. Bellare, A. Desai, D. Pointcheval, P. Rogaway, “Relations among notions of security for public-key encryption schemes”, in proc. Crypto’ 98, pp. 26–45, 1998.
D. Boneh, R. Venkatesan, “Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes”, in proc. Crypto’ 96, pp. 129–142, 1996.
R. Canetti, O. Goldreich, S. Halevi, “The random oracle model, revisited”, in proc. STOC’ 98.
D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, vol. 10, pp. 233–260, 1997.
D. Dolev, C. Dwork, M. Naor, “Non-malleable cryptography”, SIAM J. of Computing, Vol. 30(2), pp. 391–437, 2000.
E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, “RSA-OAEP is secure under the RSA assumption”, In proc. Crypto’ 2001, Springer-Verlag, 2001.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
J. Manger, “A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1”, In proc. Crypto’ 2001.
V. Shoup, “OAEP reconsidered”, In proc. Crypto’ 2001, Springer-Verlag, 2001.
C. Rackoff, D. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack”, in proc. Crypto’ 91, pp. 433–444, 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boneh, D. (2001). Simplified OAEP for the RSA and Rabin Functions. In: Kilian, J. (eds) Advances in Cryptology — CRYPTO 2001. CRYPTO 2001. Lecture Notes in Computer Science, vol 2139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44647-8_17
Download citation
DOI: https://doi.org/10.1007/3-540-44647-8_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42456-7
Online ISBN: 978-3-540-44647-7
eBook Packages: Springer Book Archive