Authors: Jonathan Katz Yehuda Lindell
Publish Date: 2007/09/28
Volume: 21, Issue: 3, Pages: 303-349
Abstract
The standard class of adversaries considered in cryptography is that of strict polynomialtime probabilistic machines However expected polynomialtime machines are often also considered For example there are many zeroknowledge protocols for which the only known simulation techniques run in expected and not strict polynomial time In addition it has been shown that expected polynomialtime simulation is essential for achieving constantround blackbox zeroknowledge protocols This reliance on expected polynomialtime simulation introduces a number of conceptual and technical difficulties In this paper we develop techniques for dealing with expected polynomialtime adversaries in simulationbased security proofs
Keywords: