J. B. Nielsen, “Non-Committing Encryption is Too Easy in the Random Oracle Model”, BRICS, vol. 8, no. 47, Dec. 2001.