Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs

Authors:
Jonathan Katz;Yehuda Lindell
Affiliations:
University of Maryland, Department of Computer Science, College Park, MD, USA;Bar-Ilan University, Department of Computer Science, Ramat Gan, MD, Israel
Venue:
Journal of Cryptology
Year:
2008

Citing 0
Cited 1

On expected probabilistic polynomial-time adversaries: a suggestion for restricted definitions and their benefits

TCC'07 Proceedings of the 4th conference on Theory of cryptography

Quantified Score

Hi-index	0.01

Visualization

Abstract

The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.