%0 Journal Article
%J Journal of Cryptology
%D 2008
%T Handling expected polynomial-time strategies in simulation-based security proofs
%A Katz, Jonathan
%A Lindell,Y.
%X The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs.
%B Journal of Cryptology
%V 21
%P 303 - 349
%8 2008///
%G eng
%N 3
%R 10.1007/s00145-007-9004-8