OAEP Is Secure under Key-Dependent Messages


Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. We extend this definition to include the cases of adaptive corruptions and arbitrary active attacks, called adKDM security incorporating several novel design choices and substantially differing from prior definitions for public-key security. We also show that the OAEP encryption scheme (using a partial-domain oneway function) satisfies the strong notion of adKDM security in the random oracle model. The OAEP construction thus constitutes a suitable candidate for implementating symbolic abstractions of encryption schemes in a computationally sound manner under active adversaries.

DOI: 10.1007/978-3-540-89255-7_31

Extracted Key Phrases

Cite this paper

@inproceedings{Backes2008OAEPIS, title={OAEP Is Secure under Key-Dependent Messages}, author={Michael Backes and Markus D{\"{u}rmuth and Dominique Unruh}, booktitle={ASIACRYPT}, year={2008} }