Hi everyone,

I would like to ask clarification about the security notion in this article.

On Page 6, the advantage of an adversary in violating the privacy of a conventional IV-based encryption scheme \Pi (called the **priv$** security notion) is defined.

Then, the next page (Page 7) describes about the advantage of an adversary in violating the pseudorandomness of a function F.

On the same page (Page 7), when describing about the SIV construction, the authors wrote:

We will now show that if F is PRF-secure and \Pi is

IND$-securethen …

Is **IND$-secure** written here a typo since this notion does not appear anywhere else in the article, and should instead be written as **Priv$-secure**? Or does **IND$-secure** here means something else?

Thanks.