Simplified OAEP for the RSA and Rabin functions
Authors: D. Boneh
Abstract:
Optimal Asymmetric Encryption Padding (OAEP) is a technique for
converting the RSA trapdoor permutation into a chosen ciphertext secure
system in the random oracle model. OAEP padding can be viewed as
two rounds of a Feistel network. We show that for the Rabin and RSA
trapdoor functions a much simpler padding scheme is sufficient for chosen
ciphertext security in the random oracle model. We show that only one
round of a Feistel network is sufficient. The proof of security for
this simpler padding is more efficient than the proof for OAEP,
resulting in much tighter security bounds. The proof of security uses
the algebraic properties of the RSA and Rabin functions.
Reference:
In proceedings of Crypto '2001, Lecture Notes in Computer Science, Vol. 2139, Springer-Verlag, pp. 275-291, 2001
Full paper: PostScript [first posted 3/2001 ]