{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T16:16:25Z","timestamp":1783008985039,"version":"3.54.5"},"publisher-location":"Cham","reference-count":64,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030457235","type":"print"},{"value":"9783030457242","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-45724-2_3","type":"book-chapter","created":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T04:17:18Z","timestamp":1588306638000},"page":"63-95","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":94,"title":["Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model"],"prefix":"10.1007","author":[{"given":"Georg","family":"Fuchsbauer","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Antoine","family":"Plouviez","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yannick","family":"Seurin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,5,1]]},"reference":[{"key":"3_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/3-540-44987-6_9","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"M Abe","year":"2001","unstructured":"Abe, M.: A secure three-move blind signature scheme for polynomially many signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136\u2013151. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_9"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Benhamouda, F., MacKenzie, P.: Security of the J-PAKE password-authenticated key exchange protocol. In: 2015 IEEE Symposium on Security and Privacy, pp. 571\u2013587 (2015)","DOI":"10.1109\/SP.2015.41"},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM CCS 2004, pp. 132\u2013145 (2004)","DOI":"10.1145\/1030083.1030103"},{"key":"3_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-642-03356-8_7","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"M Belenkiy","year":"2009","unstructured":"Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108\u2013125. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_7"},{"issue":"2","key":"3_CR6","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s13389-012-0027-1","volume":"2","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77\u201389 (2012). https:\/\/doi.org\/10.1007\/s13389-012-0027-1","journal-title":"J. Cryptogr. Eng."},{"key":"3_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-03329-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 435\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_15"},{"issue":"5","key":"3_CR8","doi-asserted-by":"publisher","first-page":"627","DOI":"10.3233\/JCS-130477","volume":"21","author":"O Blazy","year":"2013","unstructured":"Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Short blind signatures. J. Comput. Secur. 21(5), 627\u2013661 (2013)","journal-title":"J. Comput. Secur."},{"key":"3_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-662-49384-7_3","volume-title":"Public-Key Cryptography \u2013 PKC 2016","author":"D Bernhard","year":"2016","unstructured":"Bernhard, D., Fischlin, M., Warinschi, B.: On the hardness of proving CCA-security of signed ElGamal. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part I. LNCS, vol. 9614, pp. 47\u201369. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49384-7_3"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: ACM CCS 2013, pp. 1087\u20131098 (2013)","DOI":"10.1145\/2508859.2516687"},{"key":"3_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-642-42045-0_5","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"F Baldimtsi","year":"2013","unstructured":"Baldimtsi, F., Lysyanskaya, A.: On the security of one-witness blind signature schemes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 82\u201399. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42045-0_5"},{"issue":"4","key":"3_CR12","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004). https:\/\/doi.org\/10.1007\/s00145-004-0314-9","journal-title":"J. Cryptol."},{"issue":"3","key":"3_CR13","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s00145-002-0120-1","volume":"16","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptol. 16(3), 185\u2013215 (2003). https:\/\/doi.org\/10.1007\/s00145-002-0120-1","journal-title":"J. Cryptol."},{"key":"3_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-319-61204-1_17","volume-title":"Applied Cryptography and Network Security","author":"D Bernhard","year":"2017","unstructured":"Bernhard, D., Nguyen, N.K., Warinschi, B.: Adaptive proofs have straightline extractors (in the random oracle model). In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 336\u2013353. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61204-1_17"},{"key":"3_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-36288-6_3","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"A Boldyreva","year":"2003","unstructured":"Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31\u201346. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_3"},{"key":"3_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/3-540-45708-9_11","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"M Bellare","year":"2002","unstructured":"Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162\u2013177. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_11"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"3_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053428"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/3-540-48329-2_26","volume-title":"Advances in Cryptology \u2014 CRYPTO 1993","author":"S Brands","year":"1994","unstructured":"Brands, S.: Untraceable off-line cash in wallet with observers: extended abstract. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302\u2013318. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_26"},{"key":"3_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/0-387-34799-2_25","volume-title":"Advances in Cryptology \u2014 CRYPTO 1988","author":"D Chaum","year":"1990","unstructured":"Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319\u2013327. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_25"},{"key":"3_CR21","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-1-4757-0602-4_18","volume-title":"Advances in Cryptology","author":"D Chaum","year":"1983","unstructured":"Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199\u2013203. Springer, Boston (1983). https:\/\/doi.org\/10.1007\/978-1-4757-0602-4_18"},{"key":"3_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/11426639_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Camenisch","year":"2005","unstructured":"Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302\u2013321. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_18"},{"key":"3_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/3-540-44987-6_7","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"J Camenisch","year":"2001","unstructured":"Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93\u2013118. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_7"},{"key":"3_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/3-540-48071-4_7","volume-title":"Advances in Cryptology \u2014 CRYPTO 1992","author":"D Chaum","year":"1993","unstructured":"Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89\u2013105. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-48071-4_7"},{"issue":"1","key":"3_CR25","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R Cramer","year":"2003","unstructured":"Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003)","journal-title":"SIAM J. Comput."},{"issue":"4","key":"3_CR26","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","volume":"31","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469\u2013472 (1985)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"3_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-48000-7_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"G Fuchsbauer","year":"2015","unstructured":"Fuchsbauer, G., Hanser, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 233\u2013253. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_12"},{"issue":"2","key":"3_CR28","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/s00145-019-09311-5","volume":"32","author":"N Fleischhacker","year":"2019","unstructured":"Fleischhacker, N., Jager, T., Schr\u00f6der, D.: On tight security proofs for Schnorr signatures. J. Cryptol. 32(2), 566\u2013599 (2019). https:\/\/doi.org\/10.1007\/s00145-019-09311-5","journal-title":"J. Cryptol."},{"key":"3_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96881-0_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2"},{"key":"3_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/3-540-57220-1_66","volume-title":"Advances in Cryptology \u2014 AUSCRYPT 1992","author":"A Fujioka","year":"1993","unstructured":"Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244\u2013251. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57220-1_66"},{"key":"3_CR31","unstructured":"Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. Cryptology ePrint Archive, Report 2019\/877 (2019). https:\/\/eprint.iacr.org\/2019\/877"},{"key":"3_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-642-10433-6_15","volume-title":"Cryptology and Network Security","author":"G Fuchsbauer","year":"2009","unstructured":"Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Transferable constant-size fair e-cash. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 226\u2013247. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10433-6_15"},{"key":"3_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-642-13190-5_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"M Fischlin","year":"2010","unstructured":"Fischlin, M., Schr\u00f6der, D.: On the impossibility of three-move blind signature schemes. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 197\u2013215. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_10"},{"key":"3_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1007\/978-3-642-20465-4_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"G Fuchsbauer","year":"2011","unstructured":"Fuchsbauer, G.: Commuting signatures and verifiable encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 224\u2013245. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_14"},{"key":"3_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-540-85174-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"S Garg","year":"2008","unstructured":"Garg, S., Bhaskar, R., Lokam, S.V.: Improved bounds on security reductions for discrete log based signatures. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 93\u2013107. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_6"},{"key":"3_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/978-3-642-55220-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Garg","year":"2014","unstructured":"Garg, S., Gupta, D.: Efficient round optimal blind signatures. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 477\u2013495. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_27"},{"key":"3_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"630","DOI":"10.1007\/978-3-642-22792-9_36","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"S Garg","year":"2011","unstructured":"Garg, S., Rao, V., Sahai, A., Schr\u00f6der, D., Unruh, D.: Round optimal blind signatures. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 630\u2013648. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_36"},{"issue":"11","key":"3_CR38","doi-asserted-by":"publisher","first-page":"1243","DOI":"10.1016\/j.ic.2010.07.002","volume":"208","author":"J Herranz","year":"2010","unstructured":"Herranz, J., Hofheinz, D., Kiltz, E.: Some (in)sufficient conditions for secure hybrid encryption. Inf. Comput. 208(11), 1243\u20131257 (2010)","journal-title":"Inf. Comput."},{"key":"3_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-030-17659-4_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"E Hauck","year":"2019","unstructured":"Hauck, E., Kiltz, E., Loss, J.: A modular treatment of blind signatures from identification schemes. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 345\u2013375. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17659-4_12"},{"key":"3_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/BFb0054145","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1998","author":"M Jakobsson","year":"1998","unstructured":"Jakobsson, M.: A practical mix. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 448\u2013461. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054145"},{"issue":"9","key":"3_CR41","doi-asserted-by":"publisher","first-page":"2139","DOI":"10.1007\/s10623-019-00608-x","volume":"87","author":"G Maxwell","year":"2019","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Crypt. 87(9), 2139\u20132164 (2019). https:\/\/doi.org\/10.1007\/s10623-019-00608-x","journal-title":"Des. Codes Crypt."},{"issue":"2","key":"3_CR42","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1007\/s00145-011-9097-y","volume":"25","author":"L Minder","year":"2012","unstructured":"Minder, L., Sinclair, A.: The extended k-tree algorithm. J. Cryptol. 25(2), 349\u2013382 (2012). https:\/\/doi.org\/10.1007\/s00145-011-9097-y","journal-title":"J. Cryptol."},{"issue":"2","key":"3_CR43","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/BF02113297","volume":"55","author":"VI Nechaev","year":"1994","unstructured":"Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165\u2013172 (1994). https:\/\/doi.org\/10.1007\/BF02113297","journal-title":"Math. Notes"},{"key":"3_CR44","unstructured":"Nick, J.: Blind signatures in scriptless scripts. Presentation given at Building on Bitcoin 2019 (2019). Slides and video. https:\/\/jonasnick.github.io\/blog\/2018\/07\/31\/blind-signatures-in-scriptless-scripts\/"},{"key":"3_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/978-3-662-48800-3_28","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"I Nikoli\u0107","year":"2015","unstructured":"Nikoli\u0107, I., Sasaki, Y.: Refinements of the k-tree algorithm for the generalized birthday problem. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 683\u2013703. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_28"},{"key":"3_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1007\/3-540-46766-1_27","volume-title":"Advances in Cryptology \u2014 CRYPTO 1991","author":"T Okamoto","year":"1992","unstructured":"Okamoto, T., Ohta, K.: Universal electronic cash. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 324\u2013337. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/3-540-46766-1_27"},{"key":"3_CR47","doi-asserted-by":"crossref","unstructured":"Pass, R.: Limits of provable security from standard assumptions. In: 43rd ACM STOC, pp. 109\u2013118 (2011)","DOI":"10.1145\/1993636.1993652"},{"key":"3_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/BFb0034852","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 1996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Provably secure blind signature schemes. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 252\u2013265. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/BFb0034852"},{"key":"3_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387\u2013398. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_33"},{"issue":"3","key":"3_CR50","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000). https:\/\/doi.org\/10.1007\/s001450010003","journal-title":"J. Cryptol."},{"key":"3_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11593447_1","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"P Paillier","year":"2005","unstructured":"Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1\u201320. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11593447_1"},{"key":"3_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology \u2014 CRYPTO 1989","author":"CP Schnorr","year":"1990","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239\u2013252. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_22"},{"issue":"3","key":"3_CR53","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991). https:\/\/doi.org\/10.1007\/BF00196725","journal-title":"J. Cryptol."},{"key":"3_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45600-7_1","volume-title":"Information and Communications Security","author":"CP Schnorr","year":"2001","unstructured":"Schnorr, C.P.: Security of blind discrete log signatures against interactive attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1\u201312. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45600-7_1"},{"key":"3_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"554","DOI":"10.1007\/978-3-642-29011-4_33","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"Y Seurin","year":"2012","unstructured":"Seurin, Y.: On the exact security of Schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554\u2013571. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_33"},{"issue":"2","key":"3_CR56","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/s00145-001-0020-9","volume":"15","author":"V Shoup","year":"2002","unstructured":"Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75\u201396 (2002). https:\/\/doi.org\/10.1007\/s00145-001-0020-9","journal-title":"J. Cryptol."},{"key":"3_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-69053-0_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1997","author":"V Shoup","year":"1997","unstructured":"Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256\u2013266. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_18"},{"key":"3_CR58","unstructured":"Schnorr, C.-P., Jakobsson, M.: Security of discrete log cryptosystems in the random oracle and the generic model (1999). https:\/\/core.ac.uk\/download\/pdf\/14504220.pdf"},{"key":"3_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/3-540-44448-3_7","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"CP Schnorr","year":"2000","unstructured":"Schnorr, C.P., Jakobsson, M.: Security of signed ElGamal encryption. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 73\u201389. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44448-3_7"},{"key":"3_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-642-36095-4_5","volume-title":"Topics in Cryptology \u2013 CT-RSA 2013","author":"Y Seurin","year":"2013","unstructured":"Seurin, Y., Treger, J.: A robust and plaintext-aware variant of signed ElGamal encryption. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 68\u201383. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36095-4_5"},{"key":"3_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/BFb0054019","volume-title":"Public Key Cryptography","author":"Y Tsiounis","year":"1998","unstructured":"Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117\u2013134. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054019"},{"key":"3_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"},{"key":"3_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-540-85855-3_20","volume-title":"Security and Cryptography for Networks","author":"D Wikstr\u00f6m","year":"2008","unstructured":"Wikstr\u00f6m, D.: Simplified submission of inputs to protocols. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 293\u2013308. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85855-3_20"},{"key":"3_CR64","unstructured":"Wuille, P.: Schnorr signatures for secp256k1. Bitcoin Improvement Proposal (2018). https:\/\/github.com\/sipa\/bips\/blob\/bip-schnorr\/bip-schnorr.mediawiki"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-45724-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:09:05Z","timestamp":1682899745000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-45724-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030457235","9783030457242"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-45724-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"1 May 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 May 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"IACR websubrev","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"375","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"81","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}