Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation

  • Yuichi Komano
  • Kazuo Ohta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


Coron et al. proposed the ES-based scheme PSS-ES which realizes an encryption scheme and a signature scheme with a unique padding technique and key pair. The security of PSS-ES as an encryption scheme is based on the partial-domain one-wayness of the encryption permutation. In this paper, we propose new ES schemes OAEP-ES, OAEP++-ES, and REACT-ES, and prove their security under the assumption of only the one-wayness of encryption permutation. OAEP-ES, OAEP++-ES, and REACT-ES suit practical implementation because they use the same padding technique for encryption and for signature, and their security proof guarantees that we can prepare one key pair to realize encryption and signature in the same way as PSS-ES. Since one-wayness is a weaker assumption than partial-domain one-wayness, the proposed schemes offer tighter security than PSS-ES. Hence, we conclude that OAEP-ES, OAEP++-ES, and REACT-ES are more effective than PSS-ES. REACT-ES is the most practical approach in terms of the tightness of security and communication efficiency.


Encryption Scheme Signature Scheme Random Oracle Security Proof Signing Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Optimal asymetric encryption — how to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: The exact security of digital signatures –how to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Coron, J.S., Joye, M., Naccache, D., Paillier, P.: Universal padding schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is chosenciphertext secure under the RSA assumption. Journal of Cryptology (2002)Google Scholar
  6. 6.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme against adaptive chosen message attack. Journal of Computing (Society for Industrial and Applied Mathematics) 17(2), 281–308 (1988)zbMATHMathSciNetGoogle Scholar
  7. 7.
    Kobara, K., Imai, H.: OAEP++: A very simple way to apply OAEP to deterministic OW-CPA primitives (2002), Available at
  8. 8.
    Komano, Y., Ohta, K.: OAEP-ES – Methodology of universal padding technique. manuscript (2003)Google Scholar
  9. 9.
    Nakashima, T., Okamoto, T.: Key size evaluation of provably secure RSA-based encryption schemes. In: SCIS 2002, The 2002 Symposium on Cryptography and Information Security (2002)Google Scholar
  10. 10.
    Okamoto, T., Pointcheval, D.: REACT: Rapid Enhanced-security Asymmetric Encryptosystem Tranceform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159–175. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Shoup, V.: A proposal for an ISO standard for public key encryption (version 2.1), in manuscript (2001),
  14. 14.
    Zheng, Y.: Degital signcryption or how to achieve cost(signature & encryption) < < cost(signature) + cost(encryption). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Yuichi Komano
    • 1
  • Kazuo Ohta
    • 2
  1. 1.ToshibaKawasaki-shi, KanagawaJapan
  2. 2.The University of Electro-CommunicationsTokyoJapan

Personalised recommendations