Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Adaptive chosen-ciphertext attack
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Preventing attacks== In order to prevent adaptive-chosen-ciphertext attacks, it is necessary to use an encryption or encoding scheme that limits ciphertext [[malleability (cryptography)|malleability]] and a proof of security of the system. After the theoretical and foundation level development of CCA secure systems, a number of systems have been proposed in the Random Oracle model: the most common standard for RSA encryption is [[Optimal Asymmetric Encryption Padding]] (OAEP). Unlike improvised schemes such as the padding used in the early versions of PKCS#1, OAEP has been proven secure in the [[random oracle]] model,<ref>{{cite journal |last1=Fujisaki |first1=Eiichiro |authorlink1= |last2=Okamoto |first2=Tatsuaki |last3=Pointcheval |first3=David |last4=Stern |first4=Jacques |title=RSA-OAEP Is Secure under the RSA Assumption |journal=Journal of Cryptology |volume=17 |issue=2 |pages=81β104 |year=2004 |url=https://www.di.ens.fr/~pointche/Documents/Papers/2004_joc.pdf |doi=10.1007/s00145-002-0204-y |id= |accessdate=2009-01-12|citeseerx=10.1.1.11.7519 |s2cid=218582909 }}</ref> OAEP was incorporated into PKCS#1 as of version 2.0 published in 1998 as the now-recommended encoding scheme, with the older scheme still supported but not recommended for new applications.<ref>{{cite IETF |title=PKCS #1: RSA Cryptography Specifications Version 2.0 |rfc=2437 |last1=Kaliski |first1=B. |last2=Staddon |first2=J. |date=October 1998 |publisher=[[Internet Engineering Task Force |IETF]] |accessdate=February 20, 2019 |doi=10.17487/RFC2437}}</ref> However, the golden standard for security is to show the system secure without relying on the Random Oracle idealization.<ref name="katz">{{cite book |last1=Katz |first1=Jonathan |last2=Lindell |first2=Yehuda |title=Introduction to Modern Cryptography |date=2015 |publisher=Chapman & Hall/CRC |location=Boca Raton |isbn=978-1-4665-7027-6 |pages=174β175, 179β181 |edition=2}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)