Cryptology ePrint Archive: Report 2005/379

Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs

Jonathan Katz and Yehuda Lindell

Abstract: The standard class of adversaries considered in cryptography is that of {\em strict} polynomial-time probabilistic machines. However, {\em expected} polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is {\em essential} for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.

Category / Keywords: foundations / expected polynomial-time, simulation, secure protocols

Publication Info: An extended abstract of this work appeared at TCC 2005. This full version will appear in the Journal of Cryptology.

Date: received 20 Oct 2005, last revised 20 Jul 2006

Contact author: lindell at cs biu ac il

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20060720:063818 (All versions of this report)

Short URL: ia.cr/2005/379

Discussion forum: Show discussion | Start new discussion