Is there a simple example of a cryptographic protocol that is secure when used on its own (with only one instance active at a time) but becomes insecure in a concurrent setting, i.e., a failure of parallel composition? (Ideally, one that doesn't require understanding zero-knowledge proofs or multiparty secure computation?)
Asked
Active
Viewed 40 times
