indistinguishable under chosen ciphertext attack in the quantum random oracle model
if the underlying trapdoor permutation is quantum partial-domain one-way.
The existing post-quantum security of OAEP (TCC 2016-B )
requires a modification to the OAEP transform using an extra hash function.
We prove the security of the OAEP transform without any modification
and this answers an open question in
one of the finalists of NIST competition, NTRU submission, affirmatively.