[Resource Topic] 2002/034: An OAEP Variant With a Tight Security Proof

Welcome to the resource topic for 2002/034

An OAEP Variant With a Tight Security Proof

Authors: Jakob Jonsson


We introduce the OAEP++ encoding method, which is an adaptation of the OAEP encoding method, replacing the last step of the encoding operation with an application of a block cipher such as AES. We demonstrate that if f is a one-way trapdoor function that is hard to invert, then OAEP++ combined with f is secure against an IND-CCA2 adversary in the random oracle model. Moreover, the security reduction is tight; an adversary against f-OAEP++ can be extended to an f-inverter with a running time linear in the number of oracle queries.

ePrint: https://eprint.iacr.org/2002/034

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .