Discussion forum for Cryptology ePrint Archive
reports posted in 2007
Please put the report number in the subject.
your report on ePrint
Posted by: cryptography
Date: 19 October 2007 15:06
Hi, I just happened to look at your report on almost everywhere secure computation on ePrint. Interesting, work...
(1) I looked at your remarks about simulation based definition and KKMO definition and I think you are not understanding that a simulator is just an "abstract mental construct" which does not have to be possessed by the adversary or for the adversary to be even aware that such a simulator at all exists.
It is just a way (or can be a way) of proving/bounding the amount of knowledge/information that an adversary learns about the inputs/outputs of other parties but other then that it is "hypothetical mental construct". Your problem seems to be arising from the fact that you are seeing "simulator" as a tangible entity - who is provided inputs from somewhere and who is providing outputs to someone. This is not the case!! There is no simulator out there that is working and producing results - just like there is no ideal case. Its just a way of modelling and proving certain properties of MPC protocols.
Remember when you show that there exists a simulator (which is given inputs/outputs etc. etc.) by which the entire logs of the adversary could be created, then the claim is that adversary has this much knowledge /information about the I/O of some parties - which essentially conveys that adversary has learnt not one more bit of information about the inputs and outputs of the parties then this! Thats it.
Its only a way of proving things - that you have understand [Don't start looking out for a real simulator which is given inputs about different variables and parties on the network!]
My students also initially faced some difficulties in understanding this at first - but now they are understanding that a simulator is just an "abstract mental construct".
(2) I find it a little funny that you like to claim that you understand the definitions of your co-author. The previous version that you sent to ICALP - without his permission and without infact his approval to send a paper with his name on it [And he has logs of these emails] you mention that you do not understand those definitions [namely you mention that they are too complex], then he sent some draft to Canetti who seem told you inputs are not handled satisfactorially - it seems that too was fixed by the fellow in the new version and in a still new version Canetti seems to have given you an example - but as I tell you - the problem is in your misunderstanding the whole "simulation" thing for which you actually go out looking for real inputs from real life!!
Have fun doing cryptography!