Revision as of 17:02, 10 August 2015 edit Solomon7968 (talk \| contribs) Autopatrolled, Extended confirmed users 13,001 edits m link Lecture Notes in Computer Science using Find link; formatting: 5x HTML entity, 4x whitespace (using Advisor.js) ← Previous edit		Revision as of 06:24, 26 August 2015 edit undo 213.175.37.10 (talk) typo Next edit →
Line 14: An improved scheme (called OAEP+) that works with any trapdoor one-way permutation was offered by [[Victor Shoup]] to solve this problem.<ref> Victor Shoup. ''OAEP Reconsidered''. IBM Zurich Research Lab, Saumerstr. 4, 8803 Ruschlikon, Switzerland. September 18, 2001. [http://www.shoup.net/papers/oaep.pdf full version (pdf)]</ref> More recent work has shown that in the [[Standard Model (cryptography)\|standard model]] (that is, when hash functions are not ~~modelled~~modeled as random oracles)~~, that~~ it is impossible to prove the IND-CCA2 security of RSA-OAEP under the assumed hardness of the [[RSA problem]].<ref> P. Paillier and J. Villar, ''Trading One-Wayness against Chosen-Ciphertext Security in Factoring-Based Encryption'', Advances in Cryptology -- [[Asiacrypt]] 2006.</ref><ref> D. Brown, [http://eprint.iacr.org/2006/223 ''What Hashes Make RSA-OAEP Secure?''], IACR ePrint 2006/233.</ref>

Optimal asymmetric encryption padding: Difference between revisions