The following questions occurred to me while I was reading the intro:

1. What is the PRIV notion?  ([BBO, C’07])  How does it relate to the notion of entropic security of Dodis and Smith?

2. Can we find attacks on DtR when the message-randomness entropy is badly split between the message and encryption randomness? (First, what’s “badly split”?)

3. What is this notion of anonymity of encryptions? ([BBDP, AC’01])

4. What is the “crooked LHL”?  ([BFO, C’08])

5. Where are the proofs?! 🙂 (Perhaps we can sketch out the main ideas for some of them…)