2017.12.09 01:43:34 (939294417281798144) from Daniel J. Bernstein, replying to "Adam Langley (@agl__)" (939290748192567296):
It's critical to distinguish CCA security (can reuse one key to receive many ciphertexts) from CPA security (need new keygen for every ciphertext).