On the selective opening security of public-key encryption