X-Git-Url: https://git.distorted.org.uk/~mdw/doc/ips/blobdiff_plain/53aa10b5d9431ced4e98673cc872c6627cac1d5f..b912aadfc4eb26f1c4cf3332eb510b41a4d9a036:/enc-ies.tex

diff --git a/enc-ies.tex b/enc-ies.tex
index 7150019..3f53936 100644
--- a/enc-ies.tex
+++ b/enc-ies.tex
@@ -29,9 +29,9 @@ in \cite{Abdalla:2001:DHIES}.
   \head{An obvious approach}
   
   A simple approach would be to generate a random key for some secure (i.e.,
-  IND-CCA) symmetric scheme, encrypt the message under that key, and, encrypt
-  the key under the recipient's public key (using some IND-CCA2 public-key
-  scheme).
+  IND-CCA2) symmetric scheme, encrypt the message under that key, and,
+  encrypt the key under the recipient's public key (using some IND-CCA2
+  public-key scheme).
 
   This is obviously secure.  But the security results for most public-key
   schemes are less than encouraging: the reductions, even for OAEP+, are
@@ -322,7 +322,7 @@ in \cite{Abdalla:2001:DHIES}.
      \InSec{ind-cca2}(\Xid{G}{IES}^{\mathcal{K}, \mathcal{E}}; t, q_D) \\
      & \le
        2 \cdot \InSec{ohd}(\mathcal{K}; t + O(q_D), q_D) +
-       \InSec{ftg-cca}(\mathcal{E}; t + O(q_D), 0, q_D).
+       \InSec{ftg-cca2}(\mathcal{E}; t + O(q_D), 0, q_D).
   \end{eqnarray*}
   Note how weak the security requirements on the encryption scheme are: no
   chosen-plaintext queries are permitted!
@@ -349,7 +349,7 @@ in \cite{Abdalla:2001:DHIES}.
   simulation of $A$'s attack game, and hence wins with probability
   \[ \frac{\Adv{ind-cca2}{\Xid{G}{IES}^{\mathcal{K}, \mathcal{E}}}}{2} +
      \frac{1}{2}. \]%
-  We construct a new adversary $C$, attacking $\mathcal{E}$ in the FTG-CCA
+  We construct a new adversary $C$, attacking $\mathcal{E}$ in the FTG-CCA2
   sense, to help us bound $B$'s probability of success when $h$ is chosen
   randomly.
   \begin{program}