[1] Shannon, C. E., "Communication Theory of Secrecy Systems," Bell System Technical Journal, Vol. 28, 1949, pp. 656 715.

[2] Shannon, C. E., "A Mathematical Theory of Communication," Bell System Technical Journal, Vol. 27, 1948, pp. 379 423 and 623 656.

[3] Diffie, W., and M.E. Hellmans, "New Directions in Cryptography," IEEE Tram. on Information Theory, Vol. 22, 1976, pp. 644 654.

[4] Rivest, R., A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signature and Public-Key Cryptosystems," Communication of the ACM, Vol. 21, No.2, 1978, pp. 120 126.

[5] Bellare, M., and P. Rogaway, "Optimal Asymmetric Encryption," Advances in Cryptology EUROCRYPT'94, Lecture Notes in Computer Science 950, Springer-Verlag, 1994, pp. 92 111.

[6] ElGamal, T., "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Trans. on Information Theory, Vol. IT-31, No. 4, 1985, pp. 469 472.

[7] Rackoff, C., and D.R. Simon, "Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack," Advances in Cryptology CRYPTO'91, Lecture Notes in Computer Science 576, Springer-Verlag, 1992, pp. 433 444.

[8] Bellare, M. et al., "Relations Among Notions of Security for Public-Key Encryption Schemes," Advances in Cryptology CRYPTO'98, Lecture Notes in Computer Science 1462, Springer-Verlag, 1998, pp. 26 45.

[9] Bleichenbacher, D., "Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1," Advances in Cryptology CRYPTO'98, Lecture Notes in Computer Science 1462, Springer-Verlag, 1998, pp. 1 12.

[10] Cramer, R., and