OAEP: Optimal Asymmetric Encryption Padding
Walk through OAEP encoding and how it achieves IND-CCA2 security.
Welcome
OAEP (Optimal Asymmetric Encryption Padding) provides provably IND-CCA2 secure RSA encryption. It uses randomized encoding that makes oracle queries cryptographically worthless.
OAEP Goals
OAEP was designed by Bellare and Rogaway (1994) with two goals: (1) prevent all textbook RSA attacks via randomization, (2) achieve IND-CCA2 security with a formal security proof in the random oracle model.
All lessons in this course
- Textbook RSA & Why It Is Insecure
- PKCS#1 v1.5 Padding & Bleichenbacher
- OAEP: Optimal Asymmetric Encryption Padding
- RSA-PSS for Digital Signatures