Common use of Proof sketch Clause in Contracts

Proof sketch. For every efficient adversary A, we describe a simulator SRFE such that no efficient environment can distinguish an execution with the real protocol ΠRFE and RFE A from an execution with the ideal functionality FP and SRFE. SRFE is described in Figure 21. We prove indistinguishability in a series of hybrid steps. First, we introduce the ideal functionality as a dummy node. Next, we allow the functionality to choose the parties’ keys, and we prove the indistinguishability of this step from the previous using the garbled output randomness property of our garbling scheme (Definition 9, Theorem 10). Next, we simulate an honest party’s interaction with another honest party without using their pass-string, and prove the indistinguishability of this step from the previous using the obliviousness property of our garbling scheme. Finally, we simulate an honest party’s interaction with a corrupted party without using the honest party’s pass-string, and prove the indistinguishability of this step from the previous using the privacy property of our garbling scheme. We give a more formal proof of Theorem 1 in Appendix C.

Proof sketch. For every efficient adversary A, we describe a simulator SRFE RFE such that no efficient environment can distinguish an execution with the real RFE protocol ΠRFE and RFE A from an execution with the ideal functionality FP and SRFERFE. SRFE RFE is described in Figure 21the full version of this paper. We prove indistinguishability indistinguisha- bility in a series of hybrid steps. First, we introduce the ideal functionality as a dummy node. Next, we allow the functionality to choose the parties’ keys, and we prove the indistinguishability of this step from the previous using the garbled output randomness property of our garbling scheme (Definition 9, Theorem 10). Next, we simulate an honest hon- est party’s interaction with another honest party without using their pass-string, and prove the indistinguishability of this step from the previous using the obliviousness obliv- iousness property of our garbling scheme. Finally, we simulate an honest party’s interaction with a corrupted party without using the honest party’s pass-string, and prove the indistinguishability of this step from the previous using the privacy property of our garbling scheme. We give a more formal proof of Theorem 1 in Appendix C.the full version of this paper [28].