Fra [[SoK - Public Key Encryption with Openings]]:
> Heuer et al. (AC:HeuPoe16) show that any hybrid PKE combining an IND-CCA-secure KEM with a *simulatable* data encapsulation mechanism (DEM) satisfies SSO-CCA(sendop). Here the simulatability property can be thought of as a symmetric-key equivalent to non-committing encryption.
>
> Furthermore, common blockcipher modes of operation such as CTR, CBC, CCM, and GCM were shown to satisfy this property.
> hhnote:
> HWH: Actually, this one reminds me a lot of the old ideas I had for the MI construction, when I still wanted to find general deniability properties a DEM should satisfy in order for the construction to work, with the observation that AES-GCM seemed to have the needed properties (as pointed out to me by Nicky Mouha). Looks like another wheel we almost reinvented!
> (12-06) Highlight as open problem?
Extend to Standard Model for more restricted non-committingness, like the invisible salamanders? Can't achieve NCE then but could probably instantiate our MI construction to achieve MI-IND-CCA, replacing the OTP.
Also related to Jaeger's EC'23 work, ([[SIMstar]]).
### Neste steg
- [ ] Vurder om dette er interessant nok til å bruke tid på.