TY - JOUR

T1 - Handling expected polynomial-time strategies in simulation-based security proofs

AU - Katz, Jonathan

AU - Lindell, Yehuda

PY - 2005

Y1 - 2005

N2 - The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines (or circuits). However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only simulation techniques known run in expected (and not strict) polynomial-time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in the context of simulation-based security proofs.

AB - The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines (or circuits). However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only simulation techniques known run in expected (and not strict) polynomial-time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in the context of simulation-based security proofs.

UR - http://www.scopus.com/inward/record.url?scp=24144458878&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-30576-7_8

DO - 10.1007/978-3-540-30576-7_8

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.conferencearticle???

AN - SCOPUS:24144458878

SN - 0302-9743

VL - 3378

SP - 128

EP - 149

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

T2 - Second Theory of Cryptography Conference, TCC 2005

Y2 - 10 February 2005 through 12 February 2005

ER -