Editing Chosen-ciphertext attack (section)

===Lunchtime attacks===
A specially noted variant of the chosen-ciphertext attack is the "lunchtime", "midnight", or "indifferent" attack, in which an attacker may make adaptive chosen-ciphertext queries but only up until a certain point, after which the attacker must demonstrate some improved ability to attack the system.<ref name="CS">[[Ronald Cramer]] and [[Victor Shoup]], "[https://dx.doi.org/10.1007/BFb0055717 A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack]", in Advances in Cryptology – [[CRYPTO]] '98 proceedings, [[Santa Barbara, California]], 1998, pp. 13-25. ([[Cramer-Shoup system|article]])</ref>  The term "lunchtime attack" refers to the idea that a user's computer, with the ability to decrypt, is available to an attacker while the user is out to lunch.  This form of the attack was the first one commonly discussed: obviously, if the attacker has the ability to make adaptive chosen ciphertext queries, no encrypted message would be safe, at least until that ability is taken away.  This attack is sometimes called the "non-adaptive chosen ciphertext attack";<ref name="BDPR">[[Mihir Bellare]], [[Anand Desai]], [[David Pointcheval]], and [[Phillip Rogaway]], [https://www.di.ens.fr/david.pointcheval/Documents/Papers/1998_crypto.pdf Relations among Notions of Security for Public-Key Encryption Schemes], in Advances in Cryptology – CRYPTO '98,  Santa Barbara, California, pp. 549-570.</ref> here, "non-adaptive" refers to the fact that the attacker cannot adapt their queries in response to the challenge, which is given after the ability to make chosen ciphertext queries has expired.