{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2021,10,2]],"date-time":"2021-10-02T16:06:59Z","timestamp":1633190819962},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2013,11,14]],"date-time":"2013-11-14T00:00:00Z","timestamp":1384387200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2015,1]]},"DOI":"10.1007\/s00145-013-9167-4","type":"journal-article","created":{"date-parts":[[2013,11,13]],"date-time":"2013-11-13T15:43:57Z","timestamp":1384357437000},"page":"29-48","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Subtleties in the Definition of IND-CCA: When and How Should Challenge Decryption Be Disallowed?"],"prefix":"10.1007","volume":"28","author":[{"given":"Mihir","family":"Bellare","sequence":"first","affiliation":[]},{"given":"Dennis","family":"Hofheinz","sequence":"additional","affiliation":[]},{"given":"Eike","family":"Kiltz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2013,11,14]]},"reference":[{"key":"9167_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1007\/11787006_26","volume-title":"ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part\u00a0II","author":"M. Abdalla","year":"2006","unstructured":"M. Abdalla, D. Catalano, A. Dent, J. Malone-Lee, G. Neven, N. Smart, Identity-based encryption gone wild, in ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part\u00a0II, ed. by M. Bugliesi, B. Preneel, V. Sassone, I. Wegener. Lecture Notes in Computer Science, vol.\u00a04052 (Springer, Berlin, 2006), pp.\u00a0300\u2013311"},{"issue":"1","key":"9167_CR2","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1093\/comjnl\/47.1.58","volume":"47","author":"M. Abe","year":"2004","unstructured":"M. Abe, Combining encryption and proof of knowledge in the random oracle model. Comput. J.\n 47(1), 58\u201370 (2004)","journal-title":"Comput. J."},{"key":"9167_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/3-540-45539-6_18","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"M. Bellare, A. Boldyreva, S. Micali, Public-key encryption in a multi-user setting: Security proofs and improvements, in Advances in Cryptology\u2014EUROCRYPT 2000, ed. by B. Preneel. Lecture Notes in Computer Science, vol.\u00a01807 (Springer, Berlin, 2000), pp.\u00a0259\u2013274"},{"key":"9167_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Advances in Cryptology\u2014CRYPTO\u201998","author":"M. Bellare","year":"1998","unstructured":"M. Bellare, A. Desai, D. Pointcheval, P. Rogaway, Relations among notions of security for public-key encryption schemes, in Advances in Cryptology\u2014CRYPTO\u201998, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol.\u00a01462 (Springer, Berlin, 1998), pp.\u00a026\u201345"},{"issue":"5","key":"9167_CR5","doi-asserted-by":"publisher","first-page":"1301","DOI":"10.1137\/S009753970544713X","volume":"36","author":"D. Boneh","year":"2007","unstructured":"D. Boneh, R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. SIAM J. Comput.\n 36(5), 1301\u20131328 (2007)","journal-title":"SIAM J. Comput."},{"key":"9167_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-44647-8_13","volume-title":"Advances in Cryptology\u2014CRYPTO 2001","author":"D. Boneh","year":"2001","unstructured":"D. Boneh, M.K. Franklin, Identity-based encryption from the Weil pairing, in Advances in Cryptology\u2014CRYPTO 2001, ed. by J. Kilian. Lecture Notes in Computer Science, vol.\u00a02139 (Springer, Berlin, 2001), pp.\u00a0213\u2013229"},{"key":"9167_CR7","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1145\/1102120.1102162","volume-title":"ACM CCS 05: 12th Conference on Computer and Communications Security","author":"X. Boyen","year":"2005","unstructured":"X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM CCS 05: 12th Conference on Computer and Communications Security, ed. by V. Atluri, C. Meadows, A. Juels (ACM, New York, 2005), pp.\u00a0320\u2013329"},{"key":"9167_CR8","first-page":"136","volume-title":"42nd Annual Symposium on Foundations of Computer Science","author":"R. Canetti","year":"2001","unstructured":"R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in 42nd Annual Symposium on Foundations of Computer Science (IEEE Comput. Soc., Los Alamitos, 2001), pp.\u00a0136\u2013145"},{"key":"9167_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/978-3-540-45146-4_33","volume-title":"Advances in Cryptology\u2014CRYPTO 2003","author":"R. Canetti","year":"2003","unstructured":"R. Canetti, H. Krawczyk, J.B. Nielsen, Relaxing chosen-ciphertext security, in Advances in Cryptology\u2014CRYPTO 2003, ed. by D. Boneh. Lecture Notes in Computer Science, vol.\u00a02729 (Springer, Berlin, 2003), pp.\u00a0565\u2013582"},{"key":"9167_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/11496137_18","volume-title":"ACNS 05: 3rd International Conference on Applied Cryptography and Network Security","author":"B. Chevallier-Mames","year":"2005","unstructured":"B. Chevallier-Mames, D.H. Phan, D. Pointcheval, Optimal asymmetric encryption and signature paddings, in ACNS 05: 3rd International Conference on Applied Cryptography and Network Security, ed. by J. Ioannidis, A. Keromytis, M. Yung. Lecture Notes in Computer Science, vol.\u00a03531 (Springer, Berlin, 2005), pp.\u00a0254\u2013268"},{"key":"9167_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/3-540-45664-3_2","volume-title":"PKC 2002: 5th International Workshop on Theory and Practice in Public Key Cryptography","author":"J.-S. Coron","year":"2002","unstructured":"J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, C. Tymen, Optimal chosen-ciphertext secure encryption of arbitrary-length messages, in PKC 2002: 5th International Workshop on Theory and Practice in Public Key Cryptography, ed. by D. Naccache, P. Paillier. Lecture Notes in Computer Science, vol.\u00a02274 (Springer, Berlin, 2002), pp.\u00a017\u201333"},{"key":"9167_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/BFb0055717","volume-title":"Advances in Cryptology\u2014CRYPTO\u201998","author":"R. Cramer","year":"1998","unstructured":"R. Cramer, V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, in Advances in Cryptology\u2014CRYPTO\u201998, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol.\u00a01462 (Springer, Berlin, 1998), pp.\u00a013\u201325"},{"issue":"1","key":"9167_CR13","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R. Cramer","year":"2003","unstructured":"R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput.\n 33(1), 167\u2013226 (2003)","journal-title":"SIAM J. Comput."},{"key":"9167_CR14","doi-asserted-by":"publisher","volume-title":"Introduction to Cryptography: Principles and Applications","author":"H. Delfs","year":"2002","unstructured":"H. Delfs, H. Knebl, Introduction to Cryptography: Principles and Applications (Springer, Berlin, 2002)","DOI":"10.1007\/978-3-642-87126-9"},{"key":"9167_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-3-540-40974-8_12","volume-title":"9th IMA International Conference on Cryptography and Coding","author":"A.W. Dent","year":"2003","unstructured":"A.W. Dent, A designer\u2019s guide to KEMs, in 9th IMA International Conference on Cryptography and Coding, ed. by K.G. Paterson. Lecture Notes in Computer Science, vol.\u00a02898 (Springer, Berlin, 2003), pp.\u00a0133\u2013151"},{"issue":"2","key":"9167_CR16","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D. Dolev","year":"2000","unstructured":"D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput.\n 30(2), 391\u2013437 (2000)","journal-title":"SIAM J. Comput."},{"key":"9167_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology\u2014CRYPTO\u201984","author":"T. ElGamal","year":"1985","unstructured":"T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, in Advances in Cryptology\u2014CRYPTO\u201984, ed. by G.R. Blakley, D. Chaum. Lecture Notes in Computer Science, vol.\u00a0196 (Springer, Berlin, 1985), pp.\u00a010\u201318"},{"key":"9167_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology\u2014CRYPTO\u201999","author":"E. Fujisaki","year":"1999","unstructured":"E. Fujisaki, T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, in Advances in Cryptology\u2014CRYPTO\u201999, ed. by M.J. Wiener. Lecture Notes in Computer Science, vol.\u00a01666 (Springer, Berlin, 1999), pp.\u00a0537\u2013554"},{"issue":"2","key":"9167_CR19","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/s00145-002-0204-y","volume":"17","author":"E. Fujisaki","year":"2004","unstructured":"E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, RSA-OAEP is secure under the RSA assumption. J.\u00a0Cryptol.\n 17(2), 81\u2013104 (2004)","journal-title":"J.\u00a0Cryptol."},{"key":"9167_CR20","doi-asserted-by":"publisher","volume-title":"Foundations of Cryptography: Basic Applications","author":"O. Goldreich","year":"2004","unstructured":"O. Goldreich, Foundations of Cryptography: Basic Applications, vol.\u00a02 (Cambridge University Press, Cambridge, 2004)","DOI":"10.1017\/CBO9780511721656"},{"issue":"2","key":"9167_CR21","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"S. Goldwasser, S. Micali, Probabilistic encryption. J.\u00a0Comput. Syst. Sci.\n 28(2), 270\u2013299 (1984)","journal-title":"J.\u00a0Comput. Syst. Sci."},{"key":"9167_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1007\/978-3-540-24638-1_9","volume-title":"TCC 2004: 1st Theory of Cryptography Conference","author":"J. Groth","year":"2004","unstructured":"J. Groth, Rerandomizable and replayable adaptive chosen ciphertext attack secure cryptosystems, in TCC 2004: 1st Theory of Cryptography Conference, ed. by M. Naor. Lecture Notes in Computer Science, vol.\u00a02951 (Springer, Berlin, 2004), pp.\u00a0152\u2013170"},{"key":"9167_CR23","first-page":"83","volume":"33","author":"D. Hofheinz","year":"2006","unstructured":"D. Hofheinz, J. M\u00fcller-Quade, R. Steinwandt, On modeling ind-cca security in cryptographic protocols. Tatra Mt. Math. Publ.\n 33, 83\u201397 (2006)","journal-title":"Tatra Mt. Math. Publ."},{"key":"9167_CR24","doi-asserted-by":"crossref","volume-title":"Introduction to Modern Cryptography","author":"J. Katz","year":"2007","unstructured":"J. Katz, J. Lindell, Introduction to Modern Cryptography (Chapman & Hall\/CRC Press, London\/Boca Raton, 2007)","DOI":"10.1201\/9781420010756"},{"key":"9167_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"581","DOI":"10.1007\/11681878_30","volume-title":"TCC 2006: 3rd Theory of Cryptography Conference","author":"E. Kiltz","year":"2006","unstructured":"E. Kiltz, Chosen-ciphertext security from tag-based encryption, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol.\u00a03876 (Springer, Berlin, 2006), pp.\u00a0581\u2013600"},{"key":"9167_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-540-71677-8_19","volume-title":"PKC 2007: 10th International Conference on Theory and Practice of Public Key Cryptography","author":"E. Kiltz","year":"2007","unstructured":"E. Kiltz, Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie\u2013Hellman, in PKC 2007: 10th International Conference on Theory and Practice of Public Key Cryptography, ed. by T.\u00a0Okamoto, X. Wang. Lecture Notes in Computer Science, vol.\u00a04450 (Springer, Berlin, 2007), pp.\u00a0282\u2013297"},{"key":"9167_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/11780656_28","volume-title":"ACISP 06: 11th Australasian Conference on Information Security and Privacy","author":"E. Kiltz","year":"2006","unstructured":"E. Kiltz, D. Galindo, Direct chosen-ciphertext secure identity-based key encapsulation without random oracles, in ACISP 06: 11th Australasian Conference on Information Security and Privacy, ed. by L.M. Batten, R. Safavi-Naini. Lecture Notes in Computer Science, vol.\u00a04058 (Springer, Berlin, 2006), pp.\u00a0336\u2013347"},{"key":"9167_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"426","DOI":"10.1007\/978-3-540-28628-8_26","volume-title":"Advances in Cryptology\u2014CRYPTO 2004","author":"K. Kurosawa","year":"2004","unstructured":"K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology\u2014CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol.\u00a03152 (Springer, Berlin, 2004), pp.\u00a0426\u2013442"},{"issue":"3","key":"9167_CR29","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1007\/s00145-005-0345-x","volume":"19","author":"Y. Lindell","year":"2006","unstructured":"Y. Lindell, A simpler construction of CCA2-secure public-key encryption under general assumptions. J.\u00a0Cryptol.\n 19(3), 359\u2013377 (2006)","journal-title":"J.\u00a0Cryptol."},{"key":"9167_CR30","series-title":"The CRC Press Series on Discrete Mathematics and Its Applications","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"2000","unstructured":"A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography. The CRC Press Series on Discrete Mathematics and Its Applications (CRC Press, Boca Raton, 2000). N.W. Corporate Blvd., Boca Raton, FL 33431-9868, USA (1997)"},{"key":"9167_CR31","volume-title":"22nd Annual ACM Symposium on Theory of Computing","author":"M. Naor","year":"1990","unstructured":"M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in 22nd Annual ACM Symposium on Theory of Computing (ACM, New York, 1990)"},{"key":"9167_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/3-540-45353-9_13","volume-title":"Topics in Cryptology\u2014CT-RSA 2001","author":"T. Okamoto","year":"2001","unstructured":"T. Okamoto, D. Pointcheval, REACT: rapid enhanced-security asymmetric cryptosystem transform, in Topics in Cryptology\u2014CT-RSA 2001, ed. by D. Naccache. Lecture Notes in Computer Science, vol.\u00a02020 (Springer, Berlin, 2001), pp.\u00a0159\u2013175"},{"key":"9167_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/11935230_17","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2006","author":"P. Paillier","year":"2006","unstructured":"P. Paillier, J.L. Villar, Trading one-wayness against chosen-ciphertext security in factoring-based encryption, in Advances in Cryptology\u2014ASIACRYPT 2006, ed. by X. Lai, K. Chen. Lecture Notes in Computer Science, vol.\u00a04284 (Springer, Berlin, 2006), pp.\u00a0252\u2013266"},{"key":"9167_CR34","series-title":"Lecture Notes in Computer Science","first-page":"33","volume-title":"SCN 04: 4th International Conference on Security in Communication Networks","author":"D.H. Phan","year":"2004","unstructured":"D.H. Phan, D. Pointcheval, On the security notions for public-key encryption schemes, in SCN 04: 4th International Conference on Security in Communication Networks, ed. by C. Blundo, S. Cimato. Lecture Notes in Computer Science, vol.\u00a03352 (Springer, Berlin, 2004), pp.\u00a033\u201346"},{"key":"9167_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"517","DOI":"10.1007\/978-3-540-74143-5_29","volume-title":"Advances in Cryptology\u2014CRYPTO 2007","author":"M. Prabhakaran","year":"2007","unstructured":"M. Prabhakaran, M. Rosulek, Rerandomizable RCCA encryption, in Advances in Cryptology\u2014CRYPTO 2007, ed. by A. Menezes. Lecture Notes in Computer Science, vol.\u00a04622 (Springer, Berlin, 2007), pp.\u00a0517\u2013534"},{"key":"9167_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1007\/3-540-46766-1_35","volume-title":"Advances in Cryptology\u2014CRYPTO\u201991","author":"C. Rackoff","year":"1992","unstructured":"C. Rackoff, D.R. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology\u2014CRYPTO\u201991, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol.\u00a0576 (Springer, Berlin, 1992), pp.\u00a0433\u2013444"},{"key":"9167_CR37","first-page":"543","volume-title":"40th Annual Symposium on Foundations of Computer Science","author":"A. Sahai","year":"1999","unstructured":"A. Sahai, Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security, in 40th Annual Symposium on Foundations of Computer Science (IEEE Comput. Soc., Los Alamitos, 1999), pp.\u00a0543\u2013553"},{"issue":"4","key":"9167_CR38","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/s00145-002-0133-9","volume":"15","author":"V. Shoup","year":"2002","unstructured":"V. Shoup, OAEP reconsidered. J.\u00a0Cryptol.\n 15(4), 223\u2013249 (2002)","journal-title":"J.\u00a0Cryptol."},{"key":"9167_CR39","unstructured":"V. Shoup, ISO 18033-2: An emerging standard for public-key encryption. \n http:\/\/shoup.net\/iso\/std6.pdf\n \n , Dec. 2004. Final Committee Draft"},{"key":"9167_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/3-540-45325-3_8","volume-title":"Cryptography and Coding, 8th IMA International Conference","author":"N.P. Smart","year":"2001","unstructured":"N.P. Smart, The exact security of ECIES in the generic group model, in Cryptography and Coding, 8th IMA International Conference, ed. by B. Honary. Lecture Notes in Computer Science, vol.\u00a02260 (Springer, Berlin, 2001), pp.\u00a073\u201384"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-013-9167-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-013-9167-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-013-9167-4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-013-9167-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:13:29Z","timestamp":1586333609000},"score":1,"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,11,14]]},"references-count":40,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,1]]}},"alternative-id":["9167"],"URL":"http:\/\/dx.doi.org\/10.1007\/s00145-013-9167-4","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":["Applied Mathematics","Computer Science Applications","Software"],"published":{"date-parts":[[2013,11,14]]},"assertion":[{"value":"13 June 2012","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 November 2013","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}