%0 Journal Article %J Journal of Cryptology %D 2008 %T Handling expected polynomial-time strategies in simulation-based security proofs %A Katz, Jonathan %A Lindell,Y. %X The standard class of adversaries considered in cryptography is that of strict polynomial-time probabilistic machines. However, expected polynomial-time machines are often also considered. For example, there are many zero-knowledge protocols for which the only known simulation techniques run in expected (and not strict) polynomial time. In addition, it has been shown that expected polynomial-time simulation is essential for achieving constant-round black-box zero-knowledge protocols. This reliance on expected polynomial-time simulation introduces a number of conceptual and technical difficulties. In this paper, we develop techniques for dealing with expected polynomial-time adversaries in simulation-based security proofs. %B Journal of Cryptology %V 21 %P 303 - 349 %8 2008/// %G eng %N 3 %R 10.1007/s00145-007-9004-8