G. Barthe, J. Cederquist, and S. Tarento, A Machine-Checked Formalization of the Generic Model and the Random Oracle Model, IJCAR, pp.385-399, 2004.
DOI : 10.1007/978-3-540-25984-8_29

G. Barthe, B. Grégoire, R. Janvier, and S. Zanella-béguelin, A framework for language-based cryptographic proofs, ACM SIGPLAN Workshop on Mechanizing Metatheory, 2007.

G. Barthe and S. Tarento, A Machine-Checked Formalization of the Random Oracle Model, Proceedings of TYPES'04, pp.33-49, 2004.
DOI : 10.1007/11617990_3

M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes, CRYPTO'98, pp.26-45, 1998.
DOI : 10.1007/BFb0055718

M. Bellare and P. Rogaway, Optimal asymmetric encryption, EUROCRYPT'04, pp.92-111, 1994.
DOI : 10.1007/BFb0053428
URL : http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/E94/92.PDF

M. Bellare and P. Rogaway, The Security of Triple Encryption and a Framework??for??Code-Based??Game-Playing??Proofs, Cryptology ePrint Archive Report, vol.28, issue.4, 2004.
DOI : 10.1002/j.1538-7305.1949.tb00928.x

M. Bellare and P. Rogaway, Random oracles are practical, Proceedings of the 1st ACM conference on Computer and communications security , CCS '93, pp.62-73, 1993.
DOI : 10.1145/168588.168596

B. Blanchet, A computationally sound mechanized prover for security protocols, S&P'06, pp.140-154, 2006.

B. Blanchet and D. Pointcheval, Automated Security Proofs with Sequences of Games, CRYPTO'06, pp.537-554, 2006.
DOI : 10.1007/11818175_32

R. Corin and J. Hartog, A Probabilistic Hoare-style Logic for Game-Based Cryptographic Proofs, ICALP'06, pp.252-263, 2006.
DOI : 10.1007/11787006_22

I. Damgard, Towards Practical Public Key Systems Secure Against Chosen Ciphertext attacks, CRYPTO'91, pp.445-456, 1992.
DOI : 10.1007/3-540-46766-1_36

A. Datta, A. Derek, J. C. Mitchell, and B. Warinschi, Computationally Sound Compositional Logic for Key Exchange Protocols, 19th IEEE Computer Security Foundations Workshop (CSFW'06), pp.321-334, 2006.
DOI : 10.1109/CSFW.2006.9

U. Feige, A. Fiat, and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, vol.3, issue.2, pp.77-94, 1988.
DOI : 10.1145/359340.359342

E. Fujisaki and T. Okamoto, How to Enhance the Security of Public-Key Encryption at Minimum Cost, PKC'99, pp.53-68, 1999.
DOI : 10.1007/3-540-49162-7_5

S. Halevi, A plausible approach to computer-aided cryptographic proofs. ePrint archive report, 2005.

T. Okamoto and D. Pointcheval, REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform, CT-RSA'01, pp.159-175, 2001.
DOI : 10.1007/3-540-45353-9_13

V. Shoup, Oaep reconsidered Sequences of games: a tool for taming complexity in security proofs, J. Cryptology, vol.15332, issue.4, pp.223-249, 2002.

D. Soldera, J. Seberry, and C. Qu, The Analysis of Zheng-Seberry Scheme, ACISP, pp.159-168, 2002.
DOI : 10.1007/3-540-45450-0_13

S. Tarento, Machine-Checked Security Proofs of Cryptographic Signature Schemes, ESORICS'05, pp.140-158, 2005.
DOI : 10.1007/11555827_9

Y. Zheng and J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attacks, IEEE Journal on Selected Areas in Communications, vol.11, issue.5, pp.715-724, 1993.
DOI : 10.1109/49.223871
URL : http://ro.uow.edu.au/cgi/viewcontent.cgi?article=2093&context=infopapers

. X. Proof and . |=-indis, ?y; V 1 , y, z; V 2 ) can be written as X ? V 1 ,y,z;V 2 ?y.X. Hence, by transitivity we get X ? V 1 ,y,z;V 2 ?y.?z.X. Since y||z is constructible from (V 1 , y, z; V 2 ), we apply lemma 11 to obtain Using the properties of || and that {y, y||z]](?y.?z.X), and by weakening we get z} ? (V 1 ? V 2 ) = ?, we have D([[x := y||z]](?y.?z.X), V 1 ? {x}, V 2 ) = D(?x.X, V 1 ? {x}, V 2 ), and hence by transitivity of indistinguishability, [[x := y||z]](X) ? V 1 ,x;V 2 ?x.X

. Proof, Since y||z is constructible from (V 1 , y, z; V 2 ), we apply corollary 1 to obtain [[x := y||z]](X) |= Indis(?t

. Proof, Since y||z is constructible from (V 1 , y, z; V 2 ), we apply lemma 12 to obtain