@article{oai:teapot.lib.ocha.ac.jp:00034629,
 author = {Nakashima, Takako and Okamoto, Tatsuaki},
 issue = {1},
 journal = {お茶の水女子大學自然科學報告},
 month = {Sep},
 note = {application/pdf, 紀要論文, Recently studies on asymmetric encryption schemes with proven security are very active. Among them, RSA-based schemes are practically most important. As such we have, the most popular OAEP, OAEP+, SAEP, SAEP+, REACT and so on. These schemes are proven semantically secure against adaptive chosen-ciphertext attack (denoted IND-CCA , which is the strongest security) under the random oracle model, on the RSA assumption. To assure the practical security theoretically, (for instance, to establish the security equivalent to the complexity of 1024 bits-long integer factorization), we must quantitatively estimate the exact key size needed for each scheme through the reduction. But this is not well studied until now. Therefore in this paper we estimate the exact key size needed by each scheme in order to theoretically guarantee security, based on the precise evaluation of the reduction efficiency. We compare the results among the schemes, and conclude that REACT is assured theoretical security with the shortest (almost minimum necessary) key size.},
 pages = {37--55},
 title = {Key Size Evaluation of Provably Secure RSA-based Encryption Schemes},
 volume = {57},
 year = {2006}
}