{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T15:28:15Z","timestamp":1767972495327,"version":"3.49.0"},"publisher-location":"Cham","reference-count":87,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030752446","type":"print"},{"value":"9783030752453","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-75245-3_5","type":"book-chapter","created":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T15:04:51Z","timestamp":1619795091000},"page":"99-130","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":42,"title":["Two-Round n-out-of-n and Multi-signatures and Trapdoor Commitment from Lattices"],"prefix":"10.1007","author":[{"given":"Ivan","family":"Damg\u00e5rd","sequence":"first","affiliation":[]},{"given":"Claudio","family":"Orlandi","sequence":"additional","affiliation":[]},{"given":"Akira","family":"Takahashi","sequence":"additional","affiliation":[]},{"given":"Mehdi","family":"Tibouchi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,1]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Fouque, P.A., Lyubashevsky, V., Tibouchi, M.: Tightly secure signatures from Lossy identification schemes. J. Cryptol. 29(3), 597\u2013631","DOI":"10.1007\/s00145-015-9203-7"},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/978-3-540-28628-8_20","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"M Abe","year":"2004","unstructured":"Abe, M., Fehr, S.: Adaptively secure Feldman VSS and applications to universally-composable threshold cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317\u2013334. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_20"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Bagherzandi, A., Cheon, J.H., Jarecki, S.: Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In: ACM CCS 2008, pp. 449\u2013458. ACM Press (2008)","DOI":"10.1145\/1455770.1455827"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-319-48965-0_9","volume-title":"Cryptology and Network Security","author":"R El Bansarkhani","year":"2016","unstructured":"El Bansarkhani, R., Sturm, J.: An efficient lattice-based multisignature scheme with applications to bitcoins. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 140\u2013155. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48965-0_9"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/978-3-319-78375-8_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"G Barthe","year":"2018","unstructured":"Barthe, G., et al.: Masking the GLP lattice-based signature scheme at any order. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 354\u2013384. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78375-8_12"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Barthe, G., Bela\u00efd, S., Espitau, T., Fouque, P.A., Rossi, M., Tibouchi, M.: GALACTICS: Gaussian sampling for lattice-based constant- time implementation of cryptographic signatures, revisited. In: ACM CCS 2019, pp. 2147\u20132164. ACM Press (2019)","DOI":"10.1145\/3319535.3363223"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-319-98113-0_20","volume-title":"Security and Cryptography for Networks","author":"C Baum","year":"2018","unstructured":"Baum, C., Damg\u00e5rd, I., Lyubashevsky, V., Oechsner, S., Peikert, C.: More efficient commitments from structured lattice assumptions. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 368\u2013385. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98113-0_20"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-45724-2_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Bellare","year":"2020","unstructured":"Bellare, M., Davis, H., G\u00fcnther, F.: Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 3\u201332. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_1"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM CCS 2006, pp. 390\u2013399. ACM Press (2006)","DOI":"10.1145\/1180405.1180453"},{"key":"5_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-642-38980-1_14","volume-title":"Applied Cryptography and Network Security","author":"R Bendlin","year":"2013","unstructured":"Bendlin, R., Krehbiel, S., Peikert, C.: How to share a lattice trapdoor: threshold protocols for signatures and (H)IBE. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 218\u2013236. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38980-1_14"},{"key":"5_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/978-3-662-45611-8_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"F Benhamouda","year":"2014","unstructured":"Benhamouda, F., Camenisch, J., Krenn, S., Lyubashevsky, V., Neven, G.: Better zero-knowledge proofs for lattice encryption and their application to group signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 551\u2013572. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_29"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"Benhamouda, F., Krenn, S., Lyubashevsky, V., Pietrzak, K.: Efficient zero-knowledge proofs for commitments from learning with errors over rings. In: ESORICS 2015, Part I. LNCS, vol. 9326, pp. 305\u2013325. Springer, Heidelberg. https:\/\/doi.org\/10.1007\/978-3-319-24174-6_16","DOI":"10.1007\/978-3-319-24174-6_16"},{"key":"5_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-642-38616-9_3","volume-title":"Post-Quantum Cryptography","author":"S Bettaieb","year":"2013","unstructured":"Bettaieb, S., Schrek, J.: Improved lattice-based threshold ring signature scheme. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 34\u201351. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38616-9_3"},{"key":"5_CR14","unstructured":"Bindel, N., et al.: qTESLA. Technical report, National Institute of Standards and Technology"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/978-3-319-96884-1_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., et al.: Threshold cryptosystems from threshold fully homomorphic encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 565\u2013596. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_19"},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/978-3-030-26948-7_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"J Bootle","year":"2019","unstructured":"Bootle, J., Lyubashevsky, V., Seiler, G.: Algebraic techniques for short(er) exact lattice-based zero-knowledge proofs. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 176\u2013202. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_7"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Canetti, R., Makriyannis, N., Peled, U.: UC non-interactive, proactive, threshold ecdsa. Cryptology ePrint Archive, Report 2020\/492","DOI":"10.1145\/3372297.3423367"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-642-13190-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"D Cash","year":"2010","unstructured":"Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523\u2013552. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_27"},{"key":"5_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-030-26954-8_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"G Castagnos","year":"2019","unstructured":"Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Two-party ECDSA from Hash proof systems and efficient instantiations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 191\u2013221. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26954-8_7"},{"key":"5_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/978-3-030-45388-6_10","volume-title":"Public-Key Cryptography \u2013 PKC 2020","author":"G Castagnos","year":"2020","unstructured":"Castagnos, G., Catalano, D., Laguillaumie, F., Savasta, F., Tucker, I.: Bandwidth-efficient threshold EC-DSA. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 266\u2013296. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45388-6_10"},{"key":"5_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/978-3-642-14712-8_16","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2010","author":"P-L Cayrel","year":"2010","unstructured":"Cayrel, P.-L., Lindner, R., R\u00fcckert, M., Silva, R.: A Lattice-based threshold ring signature scheme. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 255\u2013272. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14712-8_16"},{"key":"5_CR22","unstructured":"Choi, R., Kim, K.: Lattice-based multi-signature with linear homomorphism. In: 2016 Symposium on Cryptography and Information Security (SCIS 2016)"},{"key":"5_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1007\/978-3-319-70500-2_24","volume-title":"Theory of Cryptography","author":"M Ciampi","year":"2017","unstructured":"Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Delayed-input non-malleable zero knowledge and multi-party coin tossing in four rounds. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 711\u2013742. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70500-2_24"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-319-63715-0_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Ciampi","year":"2017","unstructured":"Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Four-round concurrent non-malleable commitments from one-way functions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 127\u2013157. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_5"},{"key":"5_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/978-3-662-49099-0_5","volume-title":"Theory of Cryptography","author":"M Ciampi","year":"2016","unstructured":"Ciampi, M., Persiano, G., Scafuro, A., Siniscalchi, L., Visconti, I.: Improved OR-composition of Sigma-protocols. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 112\u2013141. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49099-0_5"},{"key":"5_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-030-35199-1_7","volume-title":"Cryptography and Coding","author":"D Cozzo","year":"2019","unstructured":"Cozzo, D., Smart, N.P.: Sharing the LUOV: threshold post-quantum signatures. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 128\u2013153. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35199-1_7"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Dalskov, A., Keller, M., Orlandi, C., Shrishak, K., Shulman, H.: Securing DNSSEC keys via threshold ECDSA from generic MPC. Cryptology ePrint Archive, Report 2019\/889","DOI":"10.1007\/978-3-030-59013-0_32"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/3-540-45539-6_30","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"I Damg\u00e5rd","year":"2000","unstructured":"Damg\u00e5rd, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418\u2013430. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_30"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I., \u00d8sterg\u00e5rd, M.B.: Fast threshold ECDSA with honest majority. Cryptology ePrint Archive, Report 2020\/501","DOI":"10.1007\/978-3-030-57990-6_19"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I., Orlandi, C., Takahashi, A., Tibouchi, M.: Two-round $$n$$-out-of-$$n$$ and multi-signatures and trapdoor commitment from lattices. Cryptology ePrint Archive, Report 2020\/1110","DOI":"10.1007\/978-3-030-75245-3_5"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"del Pino, R., Lyubashevsky, V., Seiler, G.: Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In: ACM CCS 2018. pp. 574\u2013591. ACM Press (2018)","DOI":"10.1145\/3243734.3243852"},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Doerner, J., Kondi, Y., Lee, E., shelat, A.: Secure two-party threshold ECDSA from ECDSA assumptions. In: 2018 IEEE Symposium on Security and Privacy, pp. 980\u2013997. IEEE Computer Society Press (2018)","DOI":"10.1109\/SP.2018.00036"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA from ECDSA assumptions: the multiparty case. In: 2019 IEEE Symposium on Security and Privacy, pp. 1051\u20131066. IEEE Computer Society Press (2019)","DOI":"10.1109\/SP.2019.00024"},{"key":"5_CR34","unstructured":"Dor\u00f6z, Y., Hoffstein, J., Silverman, J.H., Sunar, B.: MMSAT: a scheme for multimessage multiuser signature aggregation. Cryptology ePrint Archive, Report 2020\/520"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy, pp. 1084\u20131101. IEEE Computer Society Press (2019)","DOI":"10.1109\/SP.2019.00050"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-40041-4_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"L Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40\u201356. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_3"},{"key":"5_CR37","unstructured":"Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehl\u00e9, D.: Crystals-dilithium: digital signatures from module lattices"},{"key":"5_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-662-44371-2_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"L Ducas","year":"2014","unstructured":"Ducas, L., Micciancio, D.: Improved short lattice signatures in the standard model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 335\u2013352. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_19"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Esgin, M.F., Ersoy, O., Erkin, Z.: Post-quantum adaptor signatures and payment channel networks. Cryptology ePrint Archive, Report 2020\/845","DOI":"10.1007\/978-3-030-59013-0_19"},{"key":"5_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-030-26948-7_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"MF Esgin","year":"2019","unstructured":"Esgin, M.F., Steinfeld, R., Liu, J.K., Liu, D.: Lattice-based zero-knowledge proofs: new techniques for shorter and faster constructions and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 115\u2013146. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_5"},{"key":"5_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-030-21568-2_4","volume-title":"Applied Cryptography and Network Security","author":"MF Esgin","year":"2019","unstructured":"Esgin, M.F., Steinfeld, R., Sakzad, A., Liu, J.K., Liu, D.: Short lattice-based one-out-of-many proofs and applications to ring signatures. In: Deng, R.H., Gauthier-Uma\u00f1a, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 67\u201388. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21568-2_4"},{"key":"5_CR42","doi-asserted-by":"crossref","unstructured":"Fukumitsu, M., Hasegawa, S.: A tightly-secure lattice-based multisignature. In: APKC@AsiaCCS 2019, pp. 3\u201311. ACM (2019)","DOI":"10.1145\/3327958.3329542"},{"key":"5_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-030-62576-4_3","volume-title":"Provable and Practical Security","author":"M Fukumitsu","year":"2020","unstructured":"Fukumitsu, M., Hasegawa, S.: A lattice-based provably secure multisignature scheme in quantum random oracle model. In: Nguyen, K., Wu, W., Lam, K.Y., Wang, H. (eds.) ProvSec 2020. LNCS, vol. 12505, pp. 45\u201364. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-62576-4_3"},{"key":"5_CR44","unstructured":"Gagol, A., Kula, J., Straszak, D., Swietek, M.: Threshold ECDSA for decentralized asset custody. Cryptology ePrint Archive, Report 2020\/498"},{"key":"5_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/978-3-319-78381-9_7","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"N Genise","year":"2018","unstructured":"Genise, N., Micciancio, D.: Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 174\u2013203. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_7"},{"key":"5_CR46","doi-asserted-by":"crossref","unstructured":"Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: ACM CCS 2018, pp. 1179\u20131194. ACM Press (2018)","DOI":"10.1145\/3243734.3243859"},{"key":"5_CR47","unstructured":"Gennaro, R., Goldfeder, S.: One round threshold ECDSA with identifiable abort. Cryptology ePrint Archive, Report 2020\/540"},{"key":"5_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-319-39555-5_9","volume-title":"Applied Cryptography and Network Security","author":"R Gennaro","year":"2016","unstructured":"Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA\/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156\u2013174. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-39555-5_9"},{"key":"5_CR49","doi-asserted-by":"crossref","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51\u201383","DOI":"10.1007\/s00145-006-0347-3"},{"key":"5_CR50","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: 40th ACM STOC, pp. 197\u2013206. ACM Press"},{"key":"5_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-642-40041-4_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"C Gentry","year":"2013","unstructured":"Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75\u201392. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_5"},{"key":"5_CR52","unstructured":"Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: 47th ACM STOC, pp. 469\u2013477. ACM Press"},{"key":"5_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1007\/978-3-642-33027-8_31","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2012","author":"T G\u00fcneysu","year":"2012","unstructured":"G\u00fcneysu, T., Lyubashevsky, V., P\u00f6ppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530\u2013547. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33027-8_31"},{"key":"5_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-642-13190-5_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"N Howgrave-Graham","year":"2010","unstructured":"Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235\u2013256. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_12"},{"key":"5_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-030-51938-4_14","volume-title":"Progress in Cryptology - AFRICACRYPT 2020","author":"M Kansal","year":"2020","unstructured":"Kansal, M., Dutta, R.: Round optimal secure multisignature schemes from lattice with public key aggregation and signature compression. In: Nitaj, A., Youssef, A. (eds.) AFRICACRYPT 2020. LNCS, vol. 12174, pp. 281\u2013300. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-51938-4_14"},{"key":"5_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-319-78372-7_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"E Kiltz","year":"2018","unstructured":"Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552\u2013586. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_18"},{"key":"5_CR57","doi-asserted-by":"crossref","unstructured":"Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures. Cryptology ePrint Archive, Report 2020\/852","DOI":"10.1007\/978-3-030-81652-0_2"},{"key":"5_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/978-3-030-17253-4_9","volume-title":"Public-Key Cryptography \u2013 PKC 2019","author":"B Libert","year":"2019","unstructured":"Libert, B., Nguyen, K., Tan, B.H.M., Wang, H.: Zero-knowledge elementary databases with more expressive queries. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 255\u2013285. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17253-4_9"},{"key":"5_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1007\/978-3-319-63715-0_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Y Lindell","year":"2017","unstructured":"Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 613\u2013644. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_21"},{"key":"5_CR60","doi-asserted-by":"crossref","unstructured":"Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: ACM CCS 2018, pp. 1837\u20131854. ACM Press (2018)","DOI":"10.1145\/3243734.3243788"},{"key":"5_CR61","unstructured":"Liu, Z.Y., Tseng, Y.F., Tso, R.: Cryptanalysis of a round optimal lattice-based multisignature scheme. Cryptology ePrint Archive, Report 2020\/1172"},{"key":"5_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"598","DOI":"10.1007\/978-3-642-10366-7_35","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"V Lyubashevsky","year":"2009","unstructured":"Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598\u2013616. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_35"},{"key":"5_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"V Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738\u2013755. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_43"},{"key":"5_CR64","unstructured":"Lyubashevsky, V.: Lattice-based zero-knowledge and applications. CIS 2019"},{"key":"5_CR65","unstructured":"Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology"},{"key":"5_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-38348-9_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"V Lyubashevsky","year":"2013","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35\u201354. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_3"},{"key":"5_CR67","doi-asserted-by":"crossref","unstructured":"Ma, C., Jiang, M.: Practical lattice-based multisignature schemes for blockchains. IEEE Access 7, 179765\u2013179778","DOI":"10.1109\/ACCESS.2019.2958816"},{"key":"5_CR68","doi-asserted-by":"publisher","unstructured":"Ma, C., Weng, J., Li, Y., Deng, R.H.: Efficient discrete logarithm based multi-signature scheme in the plain public key model. Des. Codes Cryptogr. 54(2), 121\u2013133. https:\/\/doi.org\/10.1007\/s10623-009-9313-z","DOI":"10.1007\/s10623-009-9313-z"},{"issue":"9","key":"5_CR69","doi-asserted-by":"publisher","first-page":"2139","DOI":"10.1007\/s10623-019-00608-x","volume":"87","author":"G Maxwell","year":"2019","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Crypt. 87(9), 2139\u20132164 (2019). https:\/\/doi.org\/10.1007\/s10623-019-00608-x","journal-title":"Des. Codes Crypt."},{"key":"5_CR70","doi-asserted-by":"crossref","unstructured":"Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: ACM CCS 2001, pp. 245\u2013254. ACM Press (2001)","DOI":"10.1145\/501983.502017"},{"key":"5_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-642-29011-4_41","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Micciancio","year":"2012","unstructured":"Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700\u2013718. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_41"},{"key":"5_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-40041-4_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D Micciancio","year":"2013","unstructured":"Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 21\u201339. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_2"},{"key":"5_CR73","doi-asserted-by":"crossref","unstructured":"Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round Schnorr multi-signatures. Cryptology ePrint Archive, Report 2020\/1261","DOI":"10.1007\/978-3-030-84242-0_8"},{"key":"5_CR74","doi-asserted-by":"crossref","unstructured":"Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. Cryptology ePrint Archive, Report 2020\/1057","DOI":"10.1145\/3372297.3417236"},{"key":"5_CR75","unstructured":"Nicolosi, A., Krohn, M.N., Dodis, Y., Mazi\u00e8res, D.: Proactive two-party signatures for user authentication. In: NDSS 2003. The Internet Society (2003)"},{"key":"5_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/978-3-540-45146-4_19","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"R Pass","year":"2003","unstructured":"Pass, R.: On deniability in the common reference string and random oracle model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316\u2013337. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_19"},{"key":"5_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-46766-1_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201991","author":"TP Pedersen","year":"1992","unstructured":"Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129\u2013140. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/3-540-46766-1_9"},{"key":"5_CR78","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-14623-7_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"C Peikert","year":"2010","unstructured":"Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80\u201397. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_5"},{"key":"5_CR79","doi-asserted-by":"crossref","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396","DOI":"10.1007\/s001450010003"},{"key":"5_CR80","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology \u2014 CRYPTO 1989 Proceedings","author":"CP Schnorr","year":"1990","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239\u2013252. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_22"},{"key":"5_CR81","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"417","DOI":"10.1007\/3-540-47719-5_33","volume-title":"Information Security and Privacy","author":"DR Stinson","year":"2001","unstructured":"Stinson, D.R., Strobl, R.: Provably secure distributed Schnorr signatures and a (t, n) threshold scheme for implicit certificates. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 417\u2013434. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-47719-5_33"},{"key":"5_CR82","doi-asserted-by":"crossref","unstructured":"Syta, E., et al.: Keeping authorities \u201chonest or bust\u201d with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy, pp. 526\u2013545. IEEE Computer Society Press (2016)","DOI":"10.1109\/SP.2016.38"},{"key":"5_CR83","unstructured":"Toluee, R., Eghlidos, T.: An efficient and secure ID-based multi-proxy multi-signature scheme based on lattice. Cryptology ePrint Archive, Report 2019\/1031"},{"key":"5_CR84","unstructured":"Torres, W.A., Steinfeld, R., Sakzad, A., Kuchta, V.: Post-quantum linkable ring signature enabling distributed authorised ring confidential transactions in blockchain. Cryptology ePrint Archive, Report 2020\/1121"},{"key":"5_CR85","doi-asserted-by":"crossref","unstructured":"Tso, R., Liu, Z., Tseng, Y.: Identity-based blind multisignature from lattices. IEEE Access 7, 182916\u2013182923","DOI":"10.1109\/ACCESS.2019.2959943"},{"key":"5_CR86","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"},{"key":"5_CR87","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-030-26948-7_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"R Yang","year":"2019","unstructured":"Yang, R., Au, M.H., Zhang, Z., Xu, Q., Yu, Z., Whyte, W.: Efficient lattice-based zero-knowledge arguments with standard soundness: construction and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 147\u2013175. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_6"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-75245-3_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,30]],"date-time":"2024-04-30T00:05:36Z","timestamp":1714435536000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-75245-3_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030752446","9783030752453"],"references-count":87,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-75245-3_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 May 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Conference on Public-Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 May 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pkc.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Web-Submission-and-Review","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"156","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}