Re: question to simulation

From: Johanna Bernstein (
Date: 08/19/05

Date: Fri, 19 Aug 2005 20:46:41 +0200

Kristian Gjøsteen wrote:
> Johanna Bernstein <> wrote:
>>Kristian Gjøsteen wrote:
>>>They prove that given an oracle, they can simulate the adversary's
>>>view of the decryption protocol, and clearly you can replace the
>>>oracle with the centralized trusted party.
>>>This is why they are allowed to use the oracle to create the
>>Is this always allowed to prove the semantic security of a threshold
>>encryption scheme under the semantic security of the encryption scheme?
> They are not talking about proving that the semantic security of
> the threshold scheme follows from the semantic security of the
> encryption scheme.
> They have a big protocol for doing threshold decryption. For their
> purposes, replacing the threshold decryption protocol by a protocol
> where a trusted third party does the decryption would "obviously"
> result in security.
> So what they do is prove that the threshold decryption protocol
> does not reveal any more information than a trusted third party
> that does the decryption. (That is, it reveals the decryption, and
> that's it.)
Ok, that helps. Thanks!

Btw. do you know of any paper which gives a proof of the semantic
security of threshold elgamal?