Handling expected polynomial-time strategies in simulation-based security proofs

TitleHandling expected polynomial-time strategies in simulation-based security proofs
Publication TypeJournal Articles
Year of Publication2008
AuthorsKatz J, Lindell Y
JournalJournal of Cryptology
Volume21
Issue3
Pagination303 - 349
Date Published2008///
Abstract

The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.

DOI10.1007/s00145-007-9004-8