Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs
- 108 Downloads
The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.
KeywordsExpected polynomial-time Black-box simulation Secure multiparty computation Zero-knowledge
Unable to display preview. Download preview PDF.
- B. Barak, How to go beyond the black-box simulation barrier, in 42nd FOCS, 2001, pp. 106–115 Google Scholar
- B. Barak, O. Goldreich, Universal arguments and their applications, in 17th IEEE Conference on Computational Complexity, 2002, pp. 194–203 Google Scholar
- R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in 42nd FOCS, 2001, pp. 136–145 Google Scholar
- R. Canetti, O. Goldreich, S. Goldwasser, S. Micali, Resettable zero-knowledge, in 32nd STOC, 2000, pp. 235–244 Google Scholar
- U. Feige, Alternative models for zero knowledge interactive proofs. Ph.D. Thesis, Weizmann Institute, 1990 Google Scholar
- U. Feige, A. Shamir, Zero-knowledge proofs of knowledge in two rounds, in CRYPTO’89. LNCS, vol. 435 (Springer, Berlin, 1989), pp. 526–544 Google Scholar
- O. Goldreich, S. Micali, A. Wigderson, How to play any mental game—a completeness theorem for protocols with honest majority, in 19th STOC, 1987, pp. 218–229. For details see  Google Scholar