- Who chosen ciphertext security matters, V.Shoup, 1998
A nice paper by Victor Shoup that talks about why chosen cipher text security is so important in the public key settings. So if the Bleichenbacher attack wasn’t convincing enough, there are many other attacks like this that are possible if you don’t use a chosen cipher-text secure system.
- Twenty years of attacks on the RSA cryptosystem, D.Boneh, Notices of the AMS, 1999
- OAEP reconsidered, V.Shoup, Crypto 2001
- Key length, A.Lenstra, 2004
A nice paper by Arjen Lenstra that discusses how you should choose key lengths for your public key systems, and even for your symmetric key systems.