{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T04:47:11Z","timestamp":1769316431361,"version":"3.49.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030778699","type":"print"},{"value":"9783030778705","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77870-5_2","type":"book-chapter","created":{"date-parts":[[2021,6,15]],"date-time":"2021-06-15T23:11:50Z","timestamp":1623798710000},"page":"33-53","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":60,"title":["On the (in)security of ROS"],"prefix":"10.1007","author":[{"given":"Fabrice","family":"Benhamouda","sequence":"first","affiliation":[]},{"given":"Tancr\u00e8de","family":"Lepoint","sequence":"additional","affiliation":[]},{"given":"Julian","family":"Loss","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Orr\u00f9","sequence":"additional","affiliation":[]},{"given":"Mariana","family":"Raykova","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,16]]},"reference":[{"key":"2_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/3-540-44987-6_9","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"M Abe","year":"2001","unstructured":"Abe, M.: A secure three-move blind signature scheme for polynomially many signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136\u2013151. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_9"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/3-540-44598-6_17","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"M Abe","year":"2000","unstructured":"Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271\u2013286. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44598-6_17"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 1087\u20131098. ACM Press, November 2013","DOI":"10.1145\/2508859.2516687"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-36288-6_3","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"A Boldyreva","year":"2003","unstructured":"Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31\u201346. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_3"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/3-540-48329-2_26","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"S Brands","year":"1994","unstructured":"Brands, S.: Untraceable off-line cash in wallet with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302\u2013318. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_26"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-540-30496-8_8","volume-title":"Security in Ad-hoc and Sensor Networks","author":"TK Chan","year":"2005","unstructured":"Chan, T.K., Fung, K., Liu, J.K., Wei, V.K.: Blind spontaneous anonymous group signatures for ad hoc groups. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 82\u201394. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30496-8_8"},{"key":"2_CR7","first-page":"199","volume-title":"CRYPTO 1982","author":"D Chaum","year":"1982","unstructured":"Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, pp. 199\u2013203. Plenum Press, New York (1982)"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/11506157_27","volume-title":"Information Security and Privacy","author":"SSM Chow","year":"2005","unstructured":"Chow, S.S.M., Hui, L.C.K., Yiu, S.M., Chow, K.P.: Two improved partially blind signature schemes from bilinear pairings. In: Boyd, C., Gonz\u00e1lez Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 316\u2013328. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11506157_27"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/11889663_21","volume-title":"Financial Cryptography and Data Security","author":"X Chen","year":"2006","unstructured":"Chen, X., Zhang, F., Mu, Y., Susilo, W.: Efficient provably secure restrictive partially blind signatures from bilinear pairings. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 251\u2013265. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11889663_21"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy, pp. 1084\u20131101. IEEE Computer Society Press, May 2019","DOI":"10.1109\/SP.2019.00050"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th FOCS, pp. 427\u2013437. IEEE Computer Society Press, October 1987","DOI":"10.1109\/SFCS.1987.4"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-45724-2_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"G Fuchsbauer","year":"2020","unstructured":"Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 63\u201395. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_3"},{"issue":"1","key":"2_CR13","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s00145-006-0347-3","volume":"20","author":"R Gennaro","year":"2007","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51\u201383 (2007)","journal-title":"J. Cryptol."},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-662-58820-8_15","volume-title":"Financial Cryptography and Data Security","author":"P Grontas","year":"2019","unstructured":"Grontas, P., Pagourtzis, A., Zacharakis, A., Zhang, B.: Towards everlasting privacy and efficient coercion resistance in remote electronic voting. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 210\u2013231. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-662-58820-8_15"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-030-17659-4_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"E Hauck","year":"2019","unstructured":"Hauck, E., Kiltz, E., Loss, J.: A modular treatment of blind signatures from identification schemes. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 345\u2013375. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17659-4_12"},{"key":"2_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1007\/978-3-030-56880-1_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"E Hauck","year":"2020","unstructured":"Hauck, E., Kiltz, E., Loss, J., Nguyen, N.K.: Lattice-based blind signatures, revisited. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part II. LNCS, vol. 12171, pp. 500\u2013529. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1_18"},{"key":"2_CR17","unstructured":"Komlo, C., Goldberg, I.: FROST: flexible round-optimized Schnorr threshold signatures (2020). https:\/\/crysp.uwaterloo.ca\/software\/frost\/frost-extabs.pdf. Version from 7 January 2020. Accessed 04 Oct 2020"},{"key":"2_CR18","unstructured":"Komlo, C., Goldberg, I.: FROST: Flexible round-optimized Schnorr threshold signatures. Cryptology ePrint Archive, Report 2020\/852 (2020). https:\/\/eprint.iacr.org\/2020\/852"},{"key":"2_CR19","unstructured":"Kastner, J., Loss, J., Xu, J.: On pairing-free blind signature schemes in the algebraic group model. Cryptology ePrint Archive, Report 2020\/1071 (2020)"},{"key":"2_CR20","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signature with applications to Bitcoin. Cryptology ePrint Archive, Report 2018\/068, Revision 20180118:124757 (2018). https:\/\/eprint.iacr.org\/2018\/068\/20180118:124757"},{"key":"2_CR21","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signature with applications to Bitcoin. Cryptology ePrint Archive, Report 2018\/068, Revision 20180520:191909 (2018). https:\/\/eprint.iacr.org\/2018\/068\/20180520:191909"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Minder, L., Sinclair, A.: The extended k-tree algorithm. In: Mathieu, C. (ed.) 20th SODA, pp. 586\u2013595. ACM-SIAM, January 2009","DOI":"10.1137\/1.9781611973068.65"},{"issue":"3","key":"2_CR23","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000)","journal-title":"J. Cryptol."},{"key":"2_CR24","unstructured":"Stein, W.A., et al.: Sage Mathematics Software (Version 9.1). The Sage Development Team (2020). http:\/\/www.sagemath.org"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45600-7_1","volume-title":"Information and Communications Security","author":"CP Schnorr","year":"2001","unstructured":"Schnorr, C.P.: Security of blind discrete log signatures against interactive attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1\u201312. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45600-7_1"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Syta, E., et al.: Keeping authorities \u201chonest or bust\u201d with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy, pp. 526\u2013545. IEEE Computer Society Press, May 2016","DOI":"10.1109\/SP.2016.38"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-540-30574-3_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"TH Yuen","year":"2005","unstructured":"Yuen, T.H., Wei, V.K.: Fast and proven secure blind identity-based signcryption from pairings. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 305\u2013322. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_21"},{"key":"2_CR29","unstructured":"Zacharakis, A., Grontas, P., Pagourtzis, A.: Conditional blind signatures. Cryptology ePrint Archive, Report 2017\/682 (2017). http:\/\/eprint.iacr.org\/2017\/682"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77870-5_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,16]],"date-time":"2024-06-16T00:10:50Z","timestamp":1718496650000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77870-5_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030778699","9783030778705"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77870-5_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"16 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"400","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"78","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"at least 3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}