Skip to main content
Cryptography

Questions tagged [simulation]

Ask Question

The tag has no summary.

35 questions
Newest Active Bountied Unanswered
1 vote
2 answers
85 views

I still do not understand the security model when proving the zero-knowledge property. Take the Sigma protocol as an example: In the book Proofs, Arguments, and Zero-Knowledge (Section 12.2.1), the ...
JACK GAO's user avatar
  • 65
5 votes
1 answer
144 views

The intuition behind simulation-based security proofs comes from the following idea — if any party participating in a protocol or system can fully simulate the entire interaction process without ...
DSTBP's user avatar
  • 321
1 vote
0 answers
47 views

Suppose in a protocol a client sends an encrypted message to a server using their common secret key. Now to simulate a malicious server's view, how can the simulator do this for this ciphertext for an ...
Ordinary's user avatar
  • 311
2 votes
0 answers
40 views

Lets say I have a self driving taxi company. I need to prove to the law enforcement that my cars do not break any traffic rules. The cars ride on urban streets where lots of things going on. I imagine ...
taha ismet sevgili's user avatar
  • 21
1 vote
0 answers
53 views

I was reading the paper How to simute it - A Tutorial on the Simulation Proof Technique by Yehuda Lindell, where he considers the Oblivious Transfer problem. (page 11) Basically, Oblivious Transfer is ...
Ace Roze's user avatar
  • 11
1 vote
3 answers
129 views

I'm currently learning the simulation-based proof. A lot of tutorials say a protocol is secure if the distinguisher cannot distinguish between the real view and the simulated view. And the view is the ...
JACK GAO's user avatar
  • 65
1 vote
0 answers
22 views

I am trying to learn simulation-based proof in malicious mode Suppose there are three parties. When a malicious party $P_2 $secret shares its input x, to the other two. $P_2$ sends $x_0$ to $P_0$ and ...
js wang's user avatar
  • 381
1 vote
2 answers
211 views

Suppose a key $K$, two messages $X,Y \in \{0,1\}^n$ and a encryption function $\text{Enc}_K(\cdot)$ that produces independent indistinguishable from uniform cyphertexts in $\{0,1\}^m$. Is $\text{Enc}...
Ntcld's user avatar
  • 35
0 votes
1 answer
129 views

I currently do not understand the definition of Zero-Knowledge proofs. When one initially starts reading about ZKPs, one learns that "no additional knowledge should be transmitted" other ...
Zabbulator's user avatar
  • 23
2 votes
1 answer
101 views

In UC, consider the protocol ρ^φ, which uses the protocol φ 'as a subroutine'. If I understand correctly, ρ would call φ with arguments, which would then perform computations, perhaps even calling its ...
Suraaj K S's user avatar
  • 232
2 votes
1 answer
130 views

I was learning about composable security frameworks, and I was wondering about the following when I was learning about Constructive Cryptography here (https://youtu.be/l7vyzRtLQCM?feature=shared&t=...
Suraaj K S's user avatar
  • 232
4 votes
1 answer
122 views

I have a construction $C$ which internally uses idealized primitive $\mathcal{P}$ (a random permutation) where the goal is that $C$ is indifferentiable from a random oracle $\mathcal{F}$. That is, $C$...
PeterRindal's user avatar
  • 83
3 votes
0 answers
132 views

I hope this is not off-topic for this SE, as it directly relates to the RSA problem. My background is in quantum information and computation, so please excuse me if my notation doesn't match your ...
Amirhossein Rezaei's user avatar
  • 131
1 vote
0 answers
99 views

I'm reading "How to Simulate It" section 8 'Extracting Inputs – Oblivious Transfer'. It makes me confused about the security proof when $P_1$ is corrupt. I wonder when the adversary $\...
Rui T.'s user avatar
  • 119
0 votes
1 answer
127 views

I have read into many papers and tutorials regarding "Universally Composable Security Proofs." I still have one confusion about the initial setup by the environment. On one hand, I got that ...
Novice User's user avatar
  • 101

15 30 50 per page
1
2 3