I have 2 questions regarding the definition of semantic security, in Recitation 6 slide 6:
1. Why do we need 'r'? Why don't just encrypt m0 and m1?
2. Do we randomly choose a key (pk, sk) and then the adversary needs to distinguish Enc_pk(m0, r) from Enc_pk(m1, r)? Or does the adversary needs to distinguish pairs of (pk, Enc_pk(m0, r)) from pairs of (pk, enc_pk(m1, r))? (In the second case, the public key is generated for each message and can be different between m0 and m1)