Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities With Local Computation

Composition theorems in simulation-based approaches allow building complex protocols from sub-protocols in a modular way. However, as first pointed out and studied by Canetti and Rabin, this modular approach often leads to impractical implementations. For example, when using functionality for digital signatures within a more complex protocol, parties have to generate new verification and signing keys for every session of the protocol. This motivates to generalize composition theorems to so-called joint state theorems, where different copies of functionality may share some state, e.g., the same verification and signing keys.