Standard security does not imply security against selective-opening

Mihir Bellare, Rafael Dowsley, Brent Waters, Scott Yilek

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

56 Citations (Scopus)


We show that no commitment scheme that is hiding and binding according to the standard definition is semantically-secure under selective opening attack (SOA), resolving a long-standing and fundamental open question about the power of SOAs. We also obtain the first examples of IND-CPA encryption schemes that are not secure under SOA, both for sender corruptions where encryption coins are revealed and receiver corruptions where decryption keys are revealed. These results assume only the existence of collision-resistant hash functions.

Original languageEnglish
Title of host publicationAdvances in Cryptology, EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsDavid Pointcheval, Thomas Johansson
Place of PublicationCambridge UK
Number of pages18
ISBN (Print)9783642290107
Publication statusPublished - 2012
Externally publishedYes
EventInternational Conference on the Theory and Application of Cryptographic Techniques 2012 - Cambridge, United Kingdom
Duration: 15 Apr 201219 Apr 2012
Conference number: 31st (Proceedings)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7237 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on the Theory and Application of Cryptographic Techniques 2012
Abbreviated titleEuroCrypt 2012
Country/TerritoryUnited Kingdom
Internet address

Cite this