Abstract
The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.
| Original language | English |
|---|---|
| Pages (from-to) | 303-349 |
| Number of pages | 47 |
| Journal | Journal of Cryptology |
| Volume | 21 |
| Issue number | 3 |
| DOIs | |
| State | Published - Jul 2008 |
Bibliographical note
Funding Information:An extended abstract of this work appeared in the 2nd Theory of Cryptography Conference (TCC), 2005. This research was supported in part by Grant No. 2004240 from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel.
Funding
An extended abstract of this work appeared in the 2nd Theory of Cryptography Conference (TCC), 2005. This research was supported in part by Grant No. 2004240 from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel.
| Funders | Funder number |
|---|---|
| United States-Israel Binational Science Foundation |
Keywords
- Black-box simulation
- Expected polynomial-time
- Secure multiparty computation
- Zero-knowledge