On definitions of selective opening security

  title={On definitions of selective opening security},
  author={Florian B{\"o}hl and Dennis Hofheinz and Daniel Kraschewski},
  journal={IACR Cryptology ePrint Archive},
Assume that an adversary observes many ciphertexts, and may then ask for openings, i.e. the plaintext and the randomness used for encryption, of some of them. Do the unopened ciphertexts remain secure? There are several ways to formalize this question, and the ensuing security notions are not known to be implied by standard notions of encryption security. In this work, we relate the two existing flavors of selective opening security. Our main result is that indistinguishability-based selective… CONTINUE READING