{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T07:33:15Z","timestamp":1774510395163,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662464465","type":"print"},{"value":"9783662464472","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-46447-2_2","type":"book-chapter","created":{"date-parts":[[2015,3,16]],"date-time":"2015-03-16T01:21:25Z","timestamp":1426468885000},"page":"27-51","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["On the Selective Opening Security of Practical Public-Key Encryption Schemes"],"prefix":"10.1007","author":[{"given":"Felix","family":"Heuer","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tibor","family":"Jager","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eike","family":"Kiltz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sven","family":"Sch\u00e4ge","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,3,17]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache [33], pp. 143\u2013158","DOI":"10.1007\/3-540-45353-9_12"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1007\/978-3-540-89255-7_31","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"M Backes","year":"2008","unstructured":"Backes, M., D\u00fcrmuth, M., Unruh, D.: OAEP is secure under key-dependent messages. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 506\u2013523. Springer, Heidelberg (2008)"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Beaver, D.: Plug and play encryption. In: Kaliski Jr., [29], pp. 75\u201389","DOI":"10.1007\/BFb0052228"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/3-540-47555-9_26","volume-title":"Advances in Cryptology - EUROCRYPT \u201992","author":"D Beaver","year":"1993","unstructured":"Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307\u2013323. Springer, Heidelberg (1993)"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, Johansson [37], pp. 645\u2013662","DOI":"10.1007\/978-3-642-29011-4_38"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux [28], pp. 1\u201335","DOI":"10.1007\/978-3-642-01001-9_1"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 1993, pp. 62\u201373. ACM Press, Fairfax (1993)","DOI":"10.1145\/168588.168596"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995)"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006)"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-642-19571-6_15","volume-title":"Theory of Cryptography","author":"M Bellare","year":"2011","unstructured":"Bellare, M., Waters, B., Yilek, S.: Identity-Based encryption secure against selective opening attack. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235\u2013252. Springer, Heidelberg (2011)"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"522","DOI":"10.1007\/978-3-642-30057-8_31","volume-title":"Public Key Cryptography \u2013 PKC 2012","author":"F B\u00f6hl","year":"2012","unstructured":"B\u00f6hl, F., Hofheinz, D., Kraschewski, D.: On definitions of selective opening security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522\u2013539. Springer, Heidelberg (2012)"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/11935230_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"A Boldyreva","year":"2006","unstructured":"Boldyreva, A., Fischlin, M.: On the security of OAEP. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 210\u2013225. Springer, Heidelberg (2006)"},{"key":"2_CR13","unstructured":"Brown, D.R.L.: What hashes make RSA-OAEP secure? Cryptology ePrint Archive, Report 2006\/223 (2006). \n                      http:\/\/eprint.iacr.org\/"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski Jr. [29], pp. 90\u2013104","DOI":"10.1007\/BFb0052229"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: 28th ACM STOC, pp. 639\u2013648. ACM Press, Philadephia (1996)","DOI":"10.1145\/237814.238015"},{"key":"2_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-540-30576-7_9","volume-title":"Theory of Cryptography","author":"R Canetti","year":"2005","unstructured":"Canetti, R., Halevi, S., Katz, J.: Adaptively-Secure, non-interactive public-key encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 150\u2013168. Springer, Heidelberg (2005)"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Clancy, T., Arbaugh, W.: Extensible Authentication Protocol (EAP) Password Authenticated Exchange. RFC 4746 (Informational) (November 2006)","DOI":"10.17487\/rfc4746"},{"issue":"1","key":"2_CR18","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R Cramer","year":"2003","unstructured":"Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003)","journal-title":"SIAM J. Comput."},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). Updated by RFCs 5746, 5878, 6176 (August 2008)","DOI":"10.17487\/rfc5246"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1007\/978-3-642-13190-5_20","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"S Fehr","year":"2010","unstructured":"Fehr, S., Hofheinz, D., Kiltz, E., Wee, H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381\u2013402. Springer, Heidelberg (2010)"},{"key":"2_CR21","unstructured":"Fujisaki, E.: All-but-many encryptions: A new framework for fully-equipped UC commitments. Cryptology ePrint Archive, Report 2012\/379. \n                      http:\/\/eprint.iacr.org\/\n                      \n                     (2012)"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/3-540-44647-8_16","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"E Fujisaki","year":"2001","unstructured":"Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 260\u2013274. Springer, Heidelberg (2001)"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Harris, B.: RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol. RFC 4432 (Proposed Standard) (March 2006)","DOI":"10.17487\/rfc4432"},{"key":"2_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-25385-0_4","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"B Hemenway","year":"2011","unstructured":"Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy encryption: constructions from general assumptions and efficient selective opening chosen ciphertext security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70\u201388. Springer, Heidelberg (2011)"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Hofheinz, D.:. All-but-many lossy trapdoor functions. In: Pointcheval, Johansson [37], pp. 209\u2013227","DOI":"10.1007\/978-3-642-29011-4_14"},{"key":"2_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"591","DOI":"10.1007\/978-3-642-54242-8_25","volume-title":"Theory of Cryptography","author":"D Hofheinz","year":"2014","unstructured":"Hofheinz, D., Rupp, A.: Standard versus selective opening security: separation and equivalence results. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 591\u2013615. Springer, Heidelberg (2014)"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Housley, R.: Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS). RFC 3560 (Proposed Standard) (July 2003)","DOI":"10.17487\/rfc3560"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology - EUROCRYPT 2009","year":"2009","unstructured":"Joux, A. (ed.): EUROCRYPT 2009. LNCS, vol. 5479. Springer, Heidelberg (2009)"},{"key":"2_CR29","unstructured":"Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997)"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/978-3-642-14623-7_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"E Kiltz","year":"2010","unstructured":"Kiltz, E., O\u2019Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295\u2013313. Springer, Heidelberg (2010)"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Kiltz, E., Pietrzak, K.: On the security of padding-based encryption schemes - or - why we cannot prove OAEP secure in the standard model. In: Joux [28], pp. 389\u2013406","DOI":"10.1007\/978-3-642-01001-9_23"},{"key":"2_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-642-55220-5_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"J Lai","year":"2014","unstructured":"Lai, J., Deng, R.H., Liu, S., Weng, J., Zhao, Y.: Identity-Based encryption secure against selective opening chosen-ciphertext attack. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 77\u201392. Springer, Heidelberg (2014)"},{"key":"2_CR33","series-title":"Lecture Notes in Computer Science","volume-title":"Topics in Cryptology - CT-RSA 2001","year":"2001","unstructured":"Naccache, D. (ed.): CT-RSA 2001. LNCS, vol. 2020. Springer, Heidelberg (2001)"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Nadeau, T., Srinivasan, C., Farrel, A.: Multiprotocol Label Switching (MPLS) Management Overview. RFC 4221 (Informational) (November 2005)","DOI":"10.17487\/rfc4221"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Okamoto, T., Pointcheval, D.: REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In: Naccache [33], pp. 159\u2013175","DOI":"10.1007\/3-540-45353-9_13"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 187\u2013196. ACM Press, Victoria (2008)","DOI":"10.1145\/1374376.1374406"},{"key":"2_CR37","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","year":"2012","unstructured":"Pointcheval, D., Johansson, T. (eds.): EUROCRYPT 2012. LNCS, vol. 7237. Springer, Heidelberg (2012)"},{"key":"2_CR38","doi-asserted-by":"crossref","unstructured":"Raeburn, K.: Encryption and Checksum Specifications for Kerberos 5. RFC 3961 (Proposed Standard)(February 2005)","DOI":"10.17487\/rfc3961"},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Ramsdell, B., Turner, S.: Secure\/Multipurpose Internet Mail Extensions (S\/MIME) Version 3.2 Message Specification. RFC 5751 (Proposed Standard) (January 2010)","DOI":"10.17487\/rfc5751"},{"key":"2_CR40","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: Preventing the Million Message Attack on Cryptographic Message Syntax. RFC 3218 (Informational) (January 2002)","DOI":"10.17487\/rfc3218"},{"key":"2_CR41","doi-asserted-by":"crossref","unstructured":"Shoup, V.: OAEP reconsidered. Journal of Cryptology 15(4), 223\u2013249 (2002)","DOI":"10.1007\/s00145-002-0133-9"},{"key":"2_CR42","unstructured":"Shoup, V.: ISO 18033\u20132: An emerging standard for public-key encryption. Final Committee Draft (December 2004). \n                      http:\/\/shoup.net\/iso\/std6.pdf"},{"key":"2_CR43","unstructured":"Shoup, V.: Sequences of games: a tool for taming complexity in security proofs 13166 received (November 30, 2004). shoup@cs.nyu.edu (last revised January 18, 2006)"},{"key":"2_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/3-540-45450-0_20","volume-title":"Information Security and Privacy","author":"R Steinfeld","year":"2002","unstructured":"Steinfeld, R., Baek, J., Zheng, Y.: On the necessity of strong assumptions for the security of a class of asymmetric encryption schemes. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 241\u2013256. Springer, Heidelberg (2002)"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography -- PKC 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-46447-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T11:58:55Z","timestamp":1559131135000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-46447-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662464465","9783662464472"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-46447-2_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"17 March 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}