Content deleted Content added
No edit summary |
|||
Line 6:
#Prevent partial decryption of ciphertexts (or other information leakage) by ensuring that an adversary cannot recover any portion of the plaintext without completely defeating the [[trapdoor one-way function]] <math>f</math>.
The original version of OAEP (Bellare/Rogaway, 1994) claimed a form of "[[plaintext-aware encryption|plaintext awareness]]" that implied security against [[chosen ciphertext attack]]. Subsequent results contradicted this result. However, for various reasons, the original scheme ''was'' found to be secure when OAEP is used with the RSA function using standard encryption exponents, as in the case of RSA-OAEP. An improved scheme called OAEP+ was offered by [[Victor Shoup]] to solve this problem.
==References==
| |||