Handling expected polynomial-time strategies in simulation-based security proofs

Jonathan Katz, Yehuda Lindell

Research output: Contribution to journalConference articlepeer-review

13 Scopus citations

Abstract

The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines (or circuits). However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only simulation techniques known run in expected (and not strict) polynomial-time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in the context of simulation-based security proofs.

Original languageEnglish
Pages (from-to)128-149
Number of pages22
JournalLecture Notes in Computer Science
Volume3378
DOIs
StatePublished - 2005
EventSecond Theory of Cryptography Conference, TCC 2005 - Cambridge, MA, United States
Duration: 10 Feb 200512 Feb 2005

Fingerprint

Dive into the research topics of 'Handling expected polynomial-time strategies in simulation-based security proofs'. Together they form a unique fingerprint.

Cite this