Instantiability of RSA-OAEP Under Chosen-Plaintext Attack View Full Text


Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2016-09-19

AUTHORS

Eike Kiltz, Adam O’Neill, Adam Smith

ABSTRACT

We show that the widely deployed RSA-OAEP encryption scheme of Bellare and Rogaway (Eurocrypt 1994), which combines RSA with two rounds of an underlying Feistel network whose hash ( i.e., round) functions are modeled as random oracles, meets indistinguishability under chosen-plaintext attack (IND-CPA) in the standard model based on simple, non-interactive, and non-interdependent assumptions on RSA and the hash functions. To prove this, we first give a result on a more general notion called “padding-based” encryption, saying that such a scheme is IND-CPA if (1) its underlying padding transform satisfies a “fooling" condition against small-range distinguishers on a class of high-entropy input distributions, and (2) its trapdoor permutation is sufficiently lossy as defined by Peikert and Waters (STOC 2008). We then show that the first round of OAEP satisfies condition (1) if its hash function is t-wise independent for t roughly proportional to the allowed message length. We clarify that this result requires the hash function to be keyed, and for its key to be included in the public key of RSA-OAEP. We also show that RSA satisfies condition (2) under the Φ\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\Phi $$\end{document}-Hiding Assumption of Cachin et al. (Eurocrypt 1999). This is the first positive result about the instantiability of RSA-OAEP. In particular, it increases confidence that chosen-plaintext attacks are unlikely to be found against the scheme. In contrast, RSA-OAEP’s predecessor in PKCS #1 v1.5 was shown to be vulnerable to such attacks by Coron et al. (Eurocrypt 2000). More... »

PAGES

889-919

References to SciGraph publications

  • 2008-01-01. Public-Key Locally-Decodable Codes in ADVANCES IN CRYPTOLOGY – CRYPTO 2008
  • 2013. Instantiating Random Oracles via UCEs in ADVANCES IN CRYPTOLOGY – CRYPTO 2013
  • 2009. The Group of Signed Quadratic Residues and Applications in ADVANCES IN CRYPTOLOGY - CRYPTO 2009
  • 1992. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack in ADVANCES IN CRYPTOLOGY — CRYPTO ’91
  • 2002-09-13. Universal Padding Schemes for RSA in ADVANCES IN CRYPTOLOGY — CRYPTO 2002
  • 2014. On the Lossiness of the Rabin Trapdoor Function in PUBLIC-KEY CRYPTOGRAPHY – PKC 2014
  • 2000-05-12. New Attacks on PKCS#1 v1.5 Encryption in ADVANCES IN CRYPTOLOGY — EUROCRYPT 2000
  • 2011. Improved Cryptanalysis of the Multi-Prime φ - Hiding Assumption in PROGRESS IN CRYPTOLOGY – AFRICACRYPT 2011
  • 2005. Analysis of Random Oracle Instantiation Scenarios for OAEP and Other Practical Schemes in ADVANCES IN CRYPTOLOGY – CRYPTO 2005
  • 1999-04-15. Computationally Private Information Retrieval with Polylogarithmic Communication in ADVANCES IN CRYPTOLOGY — EUROCRYPT ’99
  • 2005. On the Generic Insecurity of the Full Domain Hash in ADVANCES IN CRYPTOLOGY – CRYPTO 2005
  • 1997. Towards realizing random oracles: Hash functions that hide all partial information in ADVANCES IN CRYPTOLOGY — CRYPTO '97
  • 2013. Regularity of Lossy RSA on Subdomains and Its Applications in ADVANCES IN CRYPTOLOGY – EUROCRYPT 2013
  • 2001-11-20. Unbelievable Security Matching AES Security Using Public Key Systems in ADVANCES IN CRYPTOLOGY — ASIACRYPT 2001
  • 2007-01-01. Deterministic and Efficiently Searchable Encryption in ADVANCES IN CRYPTOLOGY - CRYPTO 2007
  • 2009. On the Security of Padding-Based Encryption Schemes – or – Why We Cannot Prove OAEP Secure in the Standard Model in ADVANCES IN CRYPTOLOGY - EUROCRYPT 2009
  • 2010. Instantiability of RSA-OAEP under Chosen-Plaintext Attack in ADVANCES IN CRYPTOLOGY – CRYPTO 2010
  • 2001-04-02. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES in TOPICS IN CRYPTOLOGY — CT-RSA 2001
  • 1997-09. Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities in JOURNAL OF CRYPTOLOGY
  • 2008. On the Validity of the Φ-Hiding Assumption in Cryptographic Protocols in ADVANCES IN CRYPTOLOGY - ASIACRYPT 2008
  • 2015. On the Regularity of Lossy RSA in THEORY OF CRYPTOGRAPHY
  • 1990. Proving Security Against Chosen Ciphertext Attacks in ADVANCES IN CRYPTOLOGY — CRYPTO’ 88
  • 2006. Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption in ADVANCES IN CRYPTOLOGY – ASIACRYPT 2006
  • 2015. Non-committing Encryption from Φ-hiding in THEORY OF CRYPTOGRAPHY
  • 2006. On the Security of OAEP in ADVANCES IN CRYPTOLOGY – ASIACRYPT 2006
  • 2004. Towards Plaintext-Aware Public-Key Encryption Without Random Oracles in ADVANCES IN CRYPTOLOGY - ASIACRYPT 2004
  • 2011-11-11. More Constructions of Lossy and Correlation-Secure Trapdoor Functions in JOURNAL OF CRYPTOLOGY
  • 2008-01-01. On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles in ADVANCES IN CRYPTOLOGY – CRYPTO 2008
  • 2002-08-12. RSA-OAEP Is Secure under the RSA Assumption in JOURNAL OF CRYPTOLOGY
  • 2009. Foundations of Non-malleable Hash and One-Way Functions in ADVANCES IN CRYPTOLOGY – ASIACRYPT 2009
  • 1995. Optimal asymmetric encryption in ADVANCES IN CRYPTOLOGY — EUROCRYPT'94
  • 2003. True Random Number Generators Secure in a Changing Environment in CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2003
  • 2001-08-02. Simplified OAEP for the RSA and Rabin Functions in ADVANCES IN CRYPTOLOGY — CRYPTO 2001
  • 2002-09. OAEP Reconsidered in JOURNAL OF CRYPTOLOGY
  • 2001-04-15. On Perfect and Adaptive Security in Exposure-Resilient Cryptography in ADVANCES IN CRYPTOLOGY — EUROCRYPT 2001
  • 2000-12-01. The Notion of Security for Probabilistic Cryptosystems (Extended Abstract) in ADVANCES IN CRYPTOLOGY — CRYPTO’ 86
  • 2008-01-01. Extractable Perfectly One-Way Functions in AUTOMATA, LANGUAGES AND PROGRAMMING
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s00145-016-9238-4

    DOI

    http://dx.doi.org/10.1007/s00145-016-9238-4

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1035989082


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Data Format", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Ruhr-Universit\u00e4t Bochum, Bochum, Germany", 
              "id": "http://www.grid.ac/institutes/grid.5570.7", 
              "name": [
                "Ruhr-Universit\u00e4t Bochum, Bochum, Germany"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Kiltz", 
            "givenName": "Eike", 
            "id": "sg:person.011110230247.96", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011110230247.96"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Georgetown University, Washington, DC, USA", 
              "id": "http://www.grid.ac/institutes/grid.213910.8", 
              "name": [
                "Georgetown University, Washington, DC, USA"
              ], 
              "type": "Organization"
            }, 
            "familyName": "O\u2019Neill", 
            "givenName": "Adam", 
            "id": "sg:person.014355003777.71", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014355003777.71"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Pennsylvania State University, University Park, PA, USA", 
              "id": "http://www.grid.ac/institutes/grid.29857.31", 
              "name": [
                "Pennsylvania State University, University Park, PA, USA"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Smith", 
            "givenName": "Adam", 
            "id": "sg:person.013307226666.21", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013307226666.21"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/3-540-48910-x_28", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1017908723", 
              "https://doi.org/10.1007/3-540-48910-x_28"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-89255-7_21", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1015069617", 
              "https://doi.org/10.1007/978-3-540-89255-7_21"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-54631-0_22", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1003820973", 
              "https://doi.org/10.1007/978-3-642-54631-0_22"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00145-002-0133-9", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1030924084", 
              "https://doi.org/10.1007/s00145-002-0133-9"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-10366-7_31", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1030652162", 
              "https://doi.org/10.1007/978-3-642-10366-7_31"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s001459900030", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1004544479", 
              "https://doi.org/10.1007/s001459900030"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-46494-6_25", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1042535398", 
              "https://doi.org/10.1007/978-3-662-46494-6_25"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45353-9_12", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1023039026", 
              "https://doi.org/10.1007/3-540-45353-9_12"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-85174-5_8", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1004916209", 
              "https://doi.org/10.1007/978-3-540-85174-5_8"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00145-002-0204-y", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1037088098", 
              "https://doi.org/10.1007/s00145-002-0204-y"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-14623-7_16", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1003428365", 
              "https://doi.org/10.1007/978-3-642-14623-7_16"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45708-9_15", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1032928311", 
              "https://doi.org/10.1007/3-540-45708-9_15"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-38348-9_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1041449845", 
              "https://doi.org/10.1007/978-3-642-38348-9_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-74143-5_30", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002281087", 
              "https://doi.org/10.1007/978-3-540-74143-5_30"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-47721-7_27", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1021006744", 
              "https://doi.org/10.1007/3-540-47721-7_27"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-40084-1_23", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1021415438", 
              "https://doi.org/10.1007/978-3-642-40084-1_23"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/11535218_25", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1049732998", 
              "https://doi.org/10.1007/11535218_25"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/11935230_14", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1053291772", 
              "https://doi.org/10.1007/11935230_14"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-44987-6_19", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1015139947", 
              "https://doi.org/10.1007/3-540-44987-6_19"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-01001-9_23", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1041093246", 
              "https://doi.org/10.1007/978-3-642-01001-9_23"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/11535218_27", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1034562243", 
              "https://doi.org/10.1007/11535218_27"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bfb0053428", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1035370576", 
              "https://doi.org/10.1007/bfb0053428"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/11935230_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1045271661", 
              "https://doi.org/10.1007/11935230_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/bfb0052255", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1033233326", 
              "https://doi.org/10.1007/bfb0052255"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-30539-2_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1044260446", 
              "https://doi.org/10.1007/978-3-540-30539-2_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-21969-6_6", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1002272846", 
              "https://doi.org/10.1007/978-3-642-21969-6_6"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-44647-8_17", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1048442413", 
              "https://doi.org/10.1007/3-540-44647-8_17"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-70583-3_37", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1006236942", 
              "https://doi.org/10.1007/978-3-540-70583-3_37"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/0-387-34799-2_20", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1007936646", 
              "https://doi.org/10.1007/0-387-34799-2_20"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-662-46494-6_24", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1039851442", 
              "https://doi.org/10.1007/978-3-662-46494-6_24"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45539-6_25", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1000220017", 
              "https://doi.org/10.1007/3-540-45539-6_25"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-46766-1_35", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1038119898", 
              "https://doi.org/10.1007/3-540-46766-1_35"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-45238-6_14", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1045341369", 
              "https://doi.org/10.1007/978-3-540-45238-6_14"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s00145-011-9112-3", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1019545133", 
              "https://doi.org/10.1007/s00145-011-9112-3"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/3-540-45682-1_5", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1013919939", 
              "https://doi.org/10.1007/3-540-45682-1_5"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-642-03356-8_37", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1011646169", 
              "https://doi.org/10.1007/978-3-642-03356-8_37"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-85174-5_19", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1048809352", 
              "https://doi.org/10.1007/978-3-540-85174-5_19"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2016-09-19", 
        "datePublishedReg": "2016-09-19", 
        "description": "We show that the widely deployed RSA-OAEP encryption scheme of Bellare and Rogaway (Eurocrypt 1994), which combines RSA with two rounds of an underlying Feistel network whose hash ( i.e., round) functions are modeled as random oracles, meets indistinguishability under chosen-plaintext attack (IND-CPA) in the standard model based on simple, non-interactive, and non-interdependent assumptions on RSA and the hash functions. To prove this, we first give a result on a more general notion called \u201cpadding-based\u201d encryption, saying that such a scheme is IND-CPA if (1) its underlying padding transform satisfies a \u201cfooling\" condition against small-range distinguishers on a class of high-entropy input distributions, and (2) its trapdoor permutation is sufficiently lossy as defined by Peikert and Waters (STOC 2008). We then show that the first round of OAEP satisfies condition (1) if its hash function is t-wise independent for t roughly proportional to the allowed message length. We clarify that this result requires the hash function to be keyed, and for its key to be included in the public key of RSA-OAEP. We also show that RSA satisfies condition (2) under the \u03a6\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\Phi $$\\end{document}-Hiding Assumption of Cachin et al.\u00a0(Eurocrypt 1999). This is the first positive result about the instantiability of RSA-OAEP. In particular, it increases confidence that chosen-plaintext attacks are unlikely to be found against the scheme. In contrast, RSA-OAEP\u2019s predecessor in PKCS #1 v1.5 was shown to be vulnerable to such attacks by Coron et al.\u00a0(Eurocrypt 2000).", 
        "genre": "article", 
        "id": "sg:pub.10.1007/s00145-016-9238-4", 
        "inLanguage": "en", 
        "isAccessibleForFree": true, 
        "isFundedItemOf": [
          {
            "id": "sg:grant.3082012", 
            "type": "MonetaryGrant"
          }, 
          {
            "id": "sg:grant.3084991", 
            "type": "MonetaryGrant"
          }, 
          {
            "id": "sg:grant.3092817", 
            "type": "MonetaryGrant"
          }, 
          {
            "id": "sg:grant.3798711", 
            "type": "MonetaryGrant"
          }, 
          {
            "id": "sg:grant.7553629", 
            "type": "MonetaryGrant"
          }, 
          {
            "id": "sg:grant.3063698", 
            "type": "MonetaryGrant"
          }
        ], 
        "isPartOf": [
          {
            "id": "sg:journal.1136278", 
            "issn": [
              "0933-2790", 
              "1432-1378"
            ], 
            "name": "Journal of Cryptology", 
            "publisher": "Springer Nature", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "3", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "30"
          }
        ], 
        "keywords": [
          "hash function", 
          "chosen-plaintext attack", 
          "RSA-OAEP", 
          "first positive results", 
          "positive results", 
          "RSA-OAEP encryption scheme", 
          "encryption scheme", 
          "random oracles", 
          "IND-CPA", 
          "first round", 
          "public key", 
          "such attacks", 
          "plaintext attack", 
          "Feistel network", 
          "trapdoor permutations", 
          "message length", 
          "Cachin et al", 
          "Coron et al", 
          "attacks", 
          "scheme", 
          "RSA", 
          "function", 
          "v1.5", 
          "rounds", 
          "encryption", 
          "input distribution", 
          "instantiability", 
          "Bellare", 
          "Rogaway", 
          "network", 
          "oracle", 
          "results", 
          "general notion", 
          "Peikert", 
          "key", 
          "Hiding Assumption", 
          "contrast", 
          "indistinguishability", 
          "conditions", 
          "distinguisher", 
          "length", 
          "et al", 
          "confidence", 
          "PKCs", 
          "standard model", 
          "permutations", 
          "predecessors", 
          "model", 
          "assumption", 
          "notion", 
          "satisfies", 
          "class", 
          "distribution", 
          "satisfies condition", 
          "al", 
          "water"
        ], 
        "name": "Instantiability of RSA-OAEP Under Chosen-Plaintext Attack", 
        "pagination": "889-919", 
        "productId": [
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1035989082"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s00145-016-9238-4"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s00145-016-9238-4", 
          "https://app.dimensions.ai/details/publication/pub.1035989082"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2022-06-01T22:15", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-springernature-scigraph/baseset/20220601/entities/gbq_results/article/article_710.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://doi.org/10.1007/s00145-016-9238-4"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s00145-016-9238-4'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s00145-016-9238-4'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s00145-016-9238-4'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s00145-016-9238-4'


     

    This table displays all metadata directly associated to this object as RDF triples.

    294 TRIPLES      22 PREDICATES      118 URIs      73 LITERALS      6 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s00145-016-9238-4 schema:about anzsrc-for:08
    2 anzsrc-for:0804
    3 schema:author Nde3a9ffebdde44d291b2f6efb11bc5cd
    4 schema:citation sg:pub.10.1007/0-387-34799-2_20
    5 sg:pub.10.1007/11535218_25
    6 sg:pub.10.1007/11535218_27
    7 sg:pub.10.1007/11935230_14
    8 sg:pub.10.1007/11935230_17
    9 sg:pub.10.1007/3-540-44647-8_17
    10 sg:pub.10.1007/3-540-44987-6_19
    11 sg:pub.10.1007/3-540-45353-9_12
    12 sg:pub.10.1007/3-540-45539-6_25
    13 sg:pub.10.1007/3-540-45682-1_5
    14 sg:pub.10.1007/3-540-45708-9_15
    15 sg:pub.10.1007/3-540-46766-1_35
    16 sg:pub.10.1007/3-540-47721-7_27
    17 sg:pub.10.1007/3-540-48910-x_28
    18 sg:pub.10.1007/978-3-540-30539-2_4
    19 sg:pub.10.1007/978-3-540-45238-6_14
    20 sg:pub.10.1007/978-3-540-70583-3_37
    21 sg:pub.10.1007/978-3-540-74143-5_30
    22 sg:pub.10.1007/978-3-540-85174-5_19
    23 sg:pub.10.1007/978-3-540-85174-5_8
    24 sg:pub.10.1007/978-3-540-89255-7_21
    25 sg:pub.10.1007/978-3-642-01001-9_23
    26 sg:pub.10.1007/978-3-642-03356-8_37
    27 sg:pub.10.1007/978-3-642-10366-7_31
    28 sg:pub.10.1007/978-3-642-14623-7_16
    29 sg:pub.10.1007/978-3-642-21969-6_6
    30 sg:pub.10.1007/978-3-642-38348-9_4
    31 sg:pub.10.1007/978-3-642-40084-1_23
    32 sg:pub.10.1007/978-3-642-54631-0_22
    33 sg:pub.10.1007/978-3-662-46494-6_24
    34 sg:pub.10.1007/978-3-662-46494-6_25
    35 sg:pub.10.1007/bfb0052255
    36 sg:pub.10.1007/bfb0053428
    37 sg:pub.10.1007/s00145-002-0133-9
    38 sg:pub.10.1007/s00145-002-0204-y
    39 sg:pub.10.1007/s00145-011-9112-3
    40 sg:pub.10.1007/s001459900030
    41 schema:datePublished 2016-09-19
    42 schema:datePublishedReg 2016-09-19
    43 schema:description We show that the widely deployed RSA-OAEP encryption scheme of Bellare and Rogaway (Eurocrypt 1994), which combines RSA with two rounds of an underlying Feistel network whose hash ( i.e., round) functions are modeled as random oracles, meets indistinguishability under chosen-plaintext attack (IND-CPA) in the standard model based on simple, non-interactive, and non-interdependent assumptions on RSA and the hash functions. To prove this, we first give a result on a more general notion called “padding-based” encryption, saying that such a scheme is IND-CPA if (1) its underlying padding transform satisfies a “fooling" condition against small-range distinguishers on a class of high-entropy input distributions, and (2) its trapdoor permutation is sufficiently lossy as defined by Peikert and Waters (STOC 2008). We then show that the first round of OAEP satisfies condition (1) if its hash function is t-wise independent for t roughly proportional to the allowed message length. We clarify that this result requires the hash function to be keyed, and for its key to be included in the public key of RSA-OAEP. We also show that RSA satisfies condition (2) under the Φ\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\Phi $$\end{document}-Hiding Assumption of Cachin et al. (Eurocrypt 1999). This is the first positive result about the instantiability of RSA-OAEP. In particular, it increases confidence that chosen-plaintext attacks are unlikely to be found against the scheme. In contrast, RSA-OAEP’s predecessor in PKCS #1 v1.5 was shown to be vulnerable to such attacks by Coron et al. (Eurocrypt 2000).
    44 schema:genre article
    45 schema:inLanguage en
    46 schema:isAccessibleForFree true
    47 schema:isPartOf N1e23dc0042e44e7da82a2d8308b9fcd0
    48 N263638b69f7f4117935f246c6bbb4e3e
    49 sg:journal.1136278
    50 schema:keywords Bellare
    51 Cachin et al
    52 Coron et al
    53 Feistel network
    54 Hiding Assumption
    55 IND-CPA
    56 PKCs
    57 Peikert
    58 RSA
    59 RSA-OAEP
    60 RSA-OAEP encryption scheme
    61 Rogaway
    62 al
    63 assumption
    64 attacks
    65 chosen-plaintext attack
    66 class
    67 conditions
    68 confidence
    69 contrast
    70 distinguisher
    71 distribution
    72 encryption
    73 encryption scheme
    74 et al
    75 first positive results
    76 first round
    77 function
    78 general notion
    79 hash function
    80 indistinguishability
    81 input distribution
    82 instantiability
    83 key
    84 length
    85 message length
    86 model
    87 network
    88 notion
    89 oracle
    90 permutations
    91 plaintext attack
    92 positive results
    93 predecessors
    94 public key
    95 random oracles
    96 results
    97 rounds
    98 satisfies
    99 satisfies condition
    100 scheme
    101 standard model
    102 such attacks
    103 trapdoor permutations
    104 v1.5
    105 water
    106 schema:name Instantiability of RSA-OAEP Under Chosen-Plaintext Attack
    107 schema:pagination 889-919
    108 schema:productId N18a9f5a748674672b9a422f49b49cd29
    109 Nd2e092a97d824a4c9423f4c57c93c8b0
    110 schema:sameAs https://app.dimensions.ai/details/publication/pub.1035989082
    111 https://doi.org/10.1007/s00145-016-9238-4
    112 schema:sdDatePublished 2022-06-01T22:15
    113 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    114 schema:sdPublisher N46d2c1202408416a8b81aca924d90585
    115 schema:url https://doi.org/10.1007/s00145-016-9238-4
    116 sgo:license sg:explorer/license/
    117 sgo:sdDataset articles
    118 rdf:type schema:ScholarlyArticle
    119 N0938f31faa65451a8afe9f16a3afa1d2 rdf:first sg:person.014355003777.71
    120 rdf:rest N1d95462b16444cfb9874761884339c32
    121 N18a9f5a748674672b9a422f49b49cd29 schema:name dimensions_id
    122 schema:value pub.1035989082
    123 rdf:type schema:PropertyValue
    124 N1d95462b16444cfb9874761884339c32 rdf:first sg:person.013307226666.21
    125 rdf:rest rdf:nil
    126 N1e23dc0042e44e7da82a2d8308b9fcd0 schema:volumeNumber 30
    127 rdf:type schema:PublicationVolume
    128 N263638b69f7f4117935f246c6bbb4e3e schema:issueNumber 3
    129 rdf:type schema:PublicationIssue
    130 N46d2c1202408416a8b81aca924d90585 schema:name Springer Nature - SN SciGraph project
    131 rdf:type schema:Organization
    132 Nd2e092a97d824a4c9423f4c57c93c8b0 schema:name doi
    133 schema:value 10.1007/s00145-016-9238-4
    134 rdf:type schema:PropertyValue
    135 Nde3a9ffebdde44d291b2f6efb11bc5cd rdf:first sg:person.011110230247.96
    136 rdf:rest N0938f31faa65451a8afe9f16a3afa1d2
    137 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    138 schema:name Information and Computing Sciences
    139 rdf:type schema:DefinedTerm
    140 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
    141 schema:name Data Format
    142 rdf:type schema:DefinedTerm
    143 sg:grant.3063698 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    144 rdf:type schema:MonetaryGrant
    145 sg:grant.3082012 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    146 rdf:type schema:MonetaryGrant
    147 sg:grant.3084991 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    148 rdf:type schema:MonetaryGrant
    149 sg:grant.3092817 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    150 rdf:type schema:MonetaryGrant
    151 sg:grant.3798711 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    152 rdf:type schema:MonetaryGrant
    153 sg:grant.7553629 http://pending.schema.org/fundedItem sg:pub.10.1007/s00145-016-9238-4
    154 rdf:type schema:MonetaryGrant
    155 sg:journal.1136278 schema:issn 0933-2790
    156 1432-1378
    157 schema:name Journal of Cryptology
    158 schema:publisher Springer Nature
    159 rdf:type schema:Periodical
    160 sg:person.011110230247.96 schema:affiliation grid-institutes:grid.5570.7
    161 schema:familyName Kiltz
    162 schema:givenName Eike
    163 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011110230247.96
    164 rdf:type schema:Person
    165 sg:person.013307226666.21 schema:affiliation grid-institutes:grid.29857.31
    166 schema:familyName Smith
    167 schema:givenName Adam
    168 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013307226666.21
    169 rdf:type schema:Person
    170 sg:person.014355003777.71 schema:affiliation grid-institutes:grid.213910.8
    171 schema:familyName O’Neill
    172 schema:givenName Adam
    173 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014355003777.71
    174 rdf:type schema:Person
    175 sg:pub.10.1007/0-387-34799-2_20 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007936646
    176 https://doi.org/10.1007/0-387-34799-2_20
    177 rdf:type schema:CreativeWork
    178 sg:pub.10.1007/11535218_25 schema:sameAs https://app.dimensions.ai/details/publication/pub.1049732998
    179 https://doi.org/10.1007/11535218_25
    180 rdf:type schema:CreativeWork
    181 sg:pub.10.1007/11535218_27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1034562243
    182 https://doi.org/10.1007/11535218_27
    183 rdf:type schema:CreativeWork
    184 sg:pub.10.1007/11935230_14 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053291772
    185 https://doi.org/10.1007/11935230_14
    186 rdf:type schema:CreativeWork
    187 sg:pub.10.1007/11935230_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1045271661
    188 https://doi.org/10.1007/11935230_17
    189 rdf:type schema:CreativeWork
    190 sg:pub.10.1007/3-540-44647-8_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048442413
    191 https://doi.org/10.1007/3-540-44647-8_17
    192 rdf:type schema:CreativeWork
    193 sg:pub.10.1007/3-540-44987-6_19 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015139947
    194 https://doi.org/10.1007/3-540-44987-6_19
    195 rdf:type schema:CreativeWork
    196 sg:pub.10.1007/3-540-45353-9_12 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023039026
    197 https://doi.org/10.1007/3-540-45353-9_12
    198 rdf:type schema:CreativeWork
    199 sg:pub.10.1007/3-540-45539-6_25 schema:sameAs https://app.dimensions.ai/details/publication/pub.1000220017
    200 https://doi.org/10.1007/3-540-45539-6_25
    201 rdf:type schema:CreativeWork
    202 sg:pub.10.1007/3-540-45682-1_5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1013919939
    203 https://doi.org/10.1007/3-540-45682-1_5
    204 rdf:type schema:CreativeWork
    205 sg:pub.10.1007/3-540-45708-9_15 schema:sameAs https://app.dimensions.ai/details/publication/pub.1032928311
    206 https://doi.org/10.1007/3-540-45708-9_15
    207 rdf:type schema:CreativeWork
    208 sg:pub.10.1007/3-540-46766-1_35 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038119898
    209 https://doi.org/10.1007/3-540-46766-1_35
    210 rdf:type schema:CreativeWork
    211 sg:pub.10.1007/3-540-47721-7_27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1021006744
    212 https://doi.org/10.1007/3-540-47721-7_27
    213 rdf:type schema:CreativeWork
    214 sg:pub.10.1007/3-540-48910-x_28 schema:sameAs https://app.dimensions.ai/details/publication/pub.1017908723
    215 https://doi.org/10.1007/3-540-48910-x_28
    216 rdf:type schema:CreativeWork
    217 sg:pub.10.1007/978-3-540-30539-2_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1044260446
    218 https://doi.org/10.1007/978-3-540-30539-2_4
    219 rdf:type schema:CreativeWork
    220 sg:pub.10.1007/978-3-540-45238-6_14 schema:sameAs https://app.dimensions.ai/details/publication/pub.1045341369
    221 https://doi.org/10.1007/978-3-540-45238-6_14
    222 rdf:type schema:CreativeWork
    223 sg:pub.10.1007/978-3-540-70583-3_37 schema:sameAs https://app.dimensions.ai/details/publication/pub.1006236942
    224 https://doi.org/10.1007/978-3-540-70583-3_37
    225 rdf:type schema:CreativeWork
    226 sg:pub.10.1007/978-3-540-74143-5_30 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002281087
    227 https://doi.org/10.1007/978-3-540-74143-5_30
    228 rdf:type schema:CreativeWork
    229 sg:pub.10.1007/978-3-540-85174-5_19 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048809352
    230 https://doi.org/10.1007/978-3-540-85174-5_19
    231 rdf:type schema:CreativeWork
    232 sg:pub.10.1007/978-3-540-85174-5_8 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004916209
    233 https://doi.org/10.1007/978-3-540-85174-5_8
    234 rdf:type schema:CreativeWork
    235 sg:pub.10.1007/978-3-540-89255-7_21 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015069617
    236 https://doi.org/10.1007/978-3-540-89255-7_21
    237 rdf:type schema:CreativeWork
    238 sg:pub.10.1007/978-3-642-01001-9_23 schema:sameAs https://app.dimensions.ai/details/publication/pub.1041093246
    239 https://doi.org/10.1007/978-3-642-01001-9_23
    240 rdf:type schema:CreativeWork
    241 sg:pub.10.1007/978-3-642-03356-8_37 schema:sameAs https://app.dimensions.ai/details/publication/pub.1011646169
    242 https://doi.org/10.1007/978-3-642-03356-8_37
    243 rdf:type schema:CreativeWork
    244 sg:pub.10.1007/978-3-642-10366-7_31 schema:sameAs https://app.dimensions.ai/details/publication/pub.1030652162
    245 https://doi.org/10.1007/978-3-642-10366-7_31
    246 rdf:type schema:CreativeWork
    247 sg:pub.10.1007/978-3-642-14623-7_16 schema:sameAs https://app.dimensions.ai/details/publication/pub.1003428365
    248 https://doi.org/10.1007/978-3-642-14623-7_16
    249 rdf:type schema:CreativeWork
    250 sg:pub.10.1007/978-3-642-21969-6_6 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002272846
    251 https://doi.org/10.1007/978-3-642-21969-6_6
    252 rdf:type schema:CreativeWork
    253 sg:pub.10.1007/978-3-642-38348-9_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1041449845
    254 https://doi.org/10.1007/978-3-642-38348-9_4
    255 rdf:type schema:CreativeWork
    256 sg:pub.10.1007/978-3-642-40084-1_23 schema:sameAs https://app.dimensions.ai/details/publication/pub.1021415438
    257 https://doi.org/10.1007/978-3-642-40084-1_23
    258 rdf:type schema:CreativeWork
    259 sg:pub.10.1007/978-3-642-54631-0_22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1003820973
    260 https://doi.org/10.1007/978-3-642-54631-0_22
    261 rdf:type schema:CreativeWork
    262 sg:pub.10.1007/978-3-662-46494-6_24 schema:sameAs https://app.dimensions.ai/details/publication/pub.1039851442
    263 https://doi.org/10.1007/978-3-662-46494-6_24
    264 rdf:type schema:CreativeWork
    265 sg:pub.10.1007/978-3-662-46494-6_25 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042535398
    266 https://doi.org/10.1007/978-3-662-46494-6_25
    267 rdf:type schema:CreativeWork
    268 sg:pub.10.1007/bfb0052255 schema:sameAs https://app.dimensions.ai/details/publication/pub.1033233326
    269 https://doi.org/10.1007/bfb0052255
    270 rdf:type schema:CreativeWork
    271 sg:pub.10.1007/bfb0053428 schema:sameAs https://app.dimensions.ai/details/publication/pub.1035370576
    272 https://doi.org/10.1007/bfb0053428
    273 rdf:type schema:CreativeWork
    274 sg:pub.10.1007/s00145-002-0133-9 schema:sameAs https://app.dimensions.ai/details/publication/pub.1030924084
    275 https://doi.org/10.1007/s00145-002-0133-9
    276 rdf:type schema:CreativeWork
    277 sg:pub.10.1007/s00145-002-0204-y schema:sameAs https://app.dimensions.ai/details/publication/pub.1037088098
    278 https://doi.org/10.1007/s00145-002-0204-y
    279 rdf:type schema:CreativeWork
    280 sg:pub.10.1007/s00145-011-9112-3 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019545133
    281 https://doi.org/10.1007/s00145-011-9112-3
    282 rdf:type schema:CreativeWork
    283 sg:pub.10.1007/s001459900030 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004544479
    284 https://doi.org/10.1007/s001459900030
    285 rdf:type schema:CreativeWork
    286 grid-institutes:grid.213910.8 schema:alternateName Georgetown University, Washington, DC, USA
    287 schema:name Georgetown University, Washington, DC, USA
    288 rdf:type schema:Organization
    289 grid-institutes:grid.29857.31 schema:alternateName Pennsylvania State University, University Park, PA, USA
    290 schema:name Pennsylvania State University, University Park, PA, USA
    291 rdf:type schema:Organization
    292 grid-institutes:grid.5570.7 schema:alternateName Ruhr-Universität Bochum, Bochum, Germany
    293 schema:name Ruhr-Universität Bochum, Bochum, Germany
    294 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...