Paper 2016/342

On the Selective Opening Security of Practical Public-Key Encryption Schemes

Felix Heuer, Tibor Jager, Eike Kiltz, and Sven Schäge


We show that two well-known and widely employed public-key encryption schemes -- RSA Optimal Asymmetric Encryption Padding (RSA-OAEP) and Diffie-Hellman Integrated Encryption Scheme (DHIES), instantiated with a one-time pad, -- are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to IND-CCA secure encryption schemes. We also show a similar result for the well-known Fujisaki-Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a INDCCA-secure public-key encryption system. We prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki-Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2015
Contact author(s)
felix heuer @ rub de
2016-06-27: revised
2016-03-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Felix Heuer and Tibor Jager and Eike Kiltz and Sven Schäge},
      title = {On the Selective Opening Security of Practical Public-Key Encryption Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2016/342},
      year = {2016},
      doi = {10.1007/978-3-662-46447-2_2},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.