Revision as of 01:31, 22 December 2024 edit Discospinster (talk \| contribs) Administrators 490,052 edits m Reverted edits by 156.155.15.80 (talk) (HG) (3.4.12) Tags: Huggle Rollback ← Previous edit		Revision as of 06:54, 21 May 2025 edit undo 212.114.159.142 (talk) Avoid unnecessary redirection to standard model page Next edit →
Line 15: An improved scheme (called OAEP+) that works with any trapdoor one-way permutation was offered by [[Victor Shoup]] to solve this problem.<ref> Victor Shoup. ''OAEP Reconsidered''. IBM Zurich Research Lab, Saumerstr. 4, 8803 Ruschlikon, Switzerland. September 18, 2001. [http://www.shoup.net/papers/oaep.pdf full version (pdf)]</ref> More recent work has shown that in the [[Standard ~~Model~~model (cryptography)\|standard model]] (that is, when hash functions are not modeled as random oracles) it is impossible to prove the IND-CCA2 security of RSA-OAEP under the assumed hardness of the [[RSA problem]].<ref> P. Paillier and J. Villar, ''Trading One-Wayness against Chosen-Ciphertext Security in Factoring-Based Encryption'', Advances in Cryptology – [[Asiacrypt]] 2006.</ref><ref> D. Brown, [http://eprint.iacr.org/2006/223 ''What Hashes Make RSA-OAEP Secure?''], IACR ePrint 2006/233.</ref>

Optimal asymmetric encryption padding: Difference between revisions