TY - JOUR
T1 - Handling expected polynomial-time strategies in simulation-based security proofs
AU - Katz, Jonathan
AU - Lindell, Yehuda
PY - 2005
Y1 - 2005
N2 - The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines (or circuits). However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only simulation techniques known run in expected (and not strict) polynomial-time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in the context of simulation-based security proofs.
AB - The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines (or circuits). However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only simulation techniques known run in expected (and not strict) polynomial-time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in the context of simulation-based security proofs.
UR - http://www.scopus.com/inward/record.url?scp=24144458878&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-30576-7_8
DO - 10.1007/978-3-540-30576-7_8
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.conferencearticle???
AN - SCOPUS:24144458878
SN - 0302-9743
VL - 3378
SP - 128
EP - 149
JO - Lecture Notes in Computer Science
JF - Lecture Notes in Computer Science
T2 - Second Theory of Cryptography Conference, TCC 2005
Y2 - 10 February 2005 through 12 February 2005
ER -