On Definitions of Selective Opening Security
Assume that an adversary observes many ciphertexts, and may then ask for openings, i.e., the plaintext and the randomness used for encryption, of some of them. Do the unopened ciphertexts remain secure? There are several ways to formalize this question, and the ensuing security notions are not known to be implied by standard notions of encryption security. In this paper, the authors relate the two existing flavors of selective opening security. Their main result is that indistinguishability-based selective opening security and simulation-based selective opening security do not imply each other.