{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T08:02:33Z","timestamp":1771920153664,"version":"3.50.1"},"publisher-location":"Cham","reference-count":72,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031159787","type":"print"},{"value":"9783031159794","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15979-4_4","type":"book-chapter","created":{"date-parts":[[2022,10,12]],"date-time":"2022-10-12T16:25:31Z","timestamp":1665591931000},"page":"102-132","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":61,"title":["Lattice-Based SNARKs: Publicly Verifiable, Preprocessing, and\u00a0Recursively Composable"],"prefix":"10.1007","author":[{"given":"Martin R.","family":"Albrecht","sequence":"first","affiliation":[]},{"given":"Valerio","family":"Cini","sequence":"additional","affiliation":[]},{"given":"Russell W. F.","family":"Lai","sequence":"additional","affiliation":[]},{"given":"Giulio","family":"Malavolta","sequence":"additional","affiliation":[]},{"given":"Sri AravindaKrishnan","family":"Thyagarajan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,13]]},"reference":[{"key":"4_CR1","unstructured":"Agrawal, S.: Unlikely friendships: the fruitful interplay of cryptography assumptions. Invited talk at ASIACRYPT 2020, December 2020. https:\/\/youtu.be\/Owz8UuWTsqg"},{"key":"4_CR2","doi-asserted-by":"publisher","unstructured":"Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: 28th ACM STOC, pp. 99\u2013108. ACM Press, May 1996. https:\/\/doi.org\/10.1145\/237814.237838","DOI":"10.1145\/237814.237838"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-030-64834-3_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"MR Albrecht","year":"2020","unstructured":"Albrecht, M.R., Gheorghiu, V., Postlethwaite, E.W., Schanck, J.M.: Estimating quantum speedups for lattice sieves. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 583\u2013613. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_20"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-030-84245-1_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"MR Albrecht","year":"2021","unstructured":"Albrecht, M.R., Lai, R.W.F.: Subtractive sets over cyclotomic rings. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 519\u2013548. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_18"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_17"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1007\/978-3-030-84245-1_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"T Attema","year":"2021","unstructured":"Attema, T., Cramer, R., Kohl, L.: A compressed $$\\Sigma $$-protocol theory for\u00a0lattices. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 549\u2013579. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_19"},{"key":"4_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"635","DOI":"10.1007\/978-3-030-92075-3_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"L Aumayr","year":"2021","unstructured":"Aumayr, L., et al.: Generalized channels from limited blockchain scripts and adaptor signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13091, pp. 635\u2013664. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92075-3_22"},{"key":"4_CR8","doi-asserted-by":"publisher","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) 27th SODA, pp. 10\u201324. ACM-SIAM, January 2016. https:\/\/doi.org\/10.1137\/1.9781611974331.ch2","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-642-03356-8_7","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"M Belenkiy","year":"2009","unstructured":"Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108\u2013125. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_7"},{"key":"4_CR10","doi-asserted-by":"publisher","unstructured":"Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459\u2013474. IEEE Computer Society Press, May 2014. https:\/\/doi.org\/10.1109\/SP.2014.36","DOI":"10.1109\/SP.2014.36"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1007\/978-3-642-40084-1_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Ben-Sasson","year":"2013","unstructured":"Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 90\u2013108. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40084-1_6"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-662-44381-1_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"E Ben-Sasson","year":"2014","unstructured":"Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 276\u2013294. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44381-1_16"},{"key":"4_CR13","unstructured":"Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von neumann architecture. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 781\u2013796. USENIX Association, August 2014"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"757","DOI":"10.1007\/978-3-319-96884-1_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Bonneau, J., B\u00fcnz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 757\u2013788. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_25"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-030-84242-0_23","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"D Boneh","year":"2021","unstructured":"Boneh, D., Drake, J., Fisch, B., Gabizon, A.: Halo Infinite: proof-carrying data from additive polynomial commitments. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 649\u2013680. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_23"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-03329-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 435\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_15"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-19379-8_1","volume-title":"Public Key Cryptography \u2013 PKC 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Freeman, D.M.: Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 1\u201316. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19379-8_1"},{"key":"4_CR18","unstructured":"Bonneau, J., Meckler, I., Rao, V., Shapiro, E.: Coda: decentralized cryptocurrency at scale. Cryptology ePrint Archive (2020)"},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1007\/978-3-030-84242-0_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"J Bootle","year":"2021","unstructured":"Bootle, J., Chiesa, A., Sotiraki, K.: Sumcheck arguments and their applications. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 742\u2013773. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_26"},{"key":"4_CR20","unstructured":"Bowe, S., Grigg, J., Hopwood, D.: Halo: recursive proof composition without a trusted setup. Cryptology ePrint Archive, Report 2019\/1021 (2019). https:\/\/eprint.iacr.org\/2019\/1021"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-030-92078-4_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"B B\u00fcnz","year":"2021","unstructured":"B\u00fcnz, B., Maller, M., Mishra, P., Tyagi, N., Vesely, P.: Proofs for\u00a0inner pairing products and\u00a0applications. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part III. LNCS, vol. 13092, pp. 65\u201397. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_3"},{"key":"4_CR22","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Gro\u00df, T.: Efficient attributes for anonymous credentials. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008, pp. 345\u2013356. ACM Press, October 2008. https:\/\/doi.org\/10.1145\/1455770.1455814","DOI":"10.1145\/1455770.1455814"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-64834-3_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"M Campanelli","year":"2020","unstructured":"Campanelli, M., Fiore, D., Greco, N., Kolonelos, D., Nizzardo, L.: Incrementally aggregatable vector commitments and applications to verifiable decentralized storage. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 3\u201335. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_1"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-36362-7_5","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"D Catalano","year":"2013","unstructured":"Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55\u201372. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36362-7_5"},{"key":"4_CR25","unstructured":"Chepurnoy, A., Papamanthou, C., Zhang, Y.: Edrax: a cryptocurrency with stateless transaction validation. Cryptology ePrint Archive, Report 2018\/968 (2018). https:\/\/eprint.iacr.org\/2018\/968"},{"key":"4_CR26","unstructured":"Drijvers, M., Gorbunov, S., Neven, G., Wee, H.: Pixel: multi-signatures for consensus. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2093\u20132110. USENIX Association, August 2020. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/drijvers"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 86","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"4_CR28","unstructured":"Fisch, B.: PoReps: proofs of space on useful data. Cryptology ePrint Archive, Report 2018\/678 (2018). https:\/\/eprint.iacr.org\/2018\/678"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1007\/978-3-030-17656-3_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"B Fisch","year":"2019","unstructured":"Fisch, B.: Tight proofs of space and replication. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 324\u2013348. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_12"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: NDSS 2014. The Internet Society, February 2014","DOI":"10.14722\/ndss.2014.23253"},{"key":"4_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/978-3-319-78381-9_7","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"N Genise","year":"2018","unstructured":"Genise, N., Micciancio, D.: Faster gaussian sampling for trapdoor lattices with arbitrary modulus. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part I. LNCS, vol. 10820, pp. 174\u2013203. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_7"},{"key":"4_CR32","doi-asserted-by":"publisher","unstructured":"Gennaro, R., Minelli, M., Nitulescu, A., Orr\u00f9, M.: Lattice-based zk-SNARKs from square span programs. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 556\u2013573. ACM Press, October 2018. https:\/\/doi.org\/10.1145\/3243734.3243845","DOI":"10.1145\/3243734.3243845"},{"key":"4_CR33","doi-asserted-by":"publisher","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) 41st ACM STOC, pp. 169\u2013178. ACM Press, May\/June 2009. https:\/\/doi.org\/10.1145\/1536414.1536440","DOI":"10.1145\/1536414.1536440"},{"key":"4_CR34","doi-asserted-by":"publisher","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 197\u2013206. ACM Press, May 2008. https:\/\/doi.org\/10.1145\/1374376.1374407","DOI":"10.1145\/1374376.1374407"},{"key":"4_CR35","doi-asserted-by":"publisher","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99\u2013108. ACM Press, June 2011. https:\/\/doi.org\/10.1145\/1993636.1993651","DOI":"10.1145\/1993636.1993651"},{"key":"4_CR36","unstructured":"Golovnev, A., Lee, J., Setty, S., Thaler, J., Wahby, R.S.: Brakedown: linear-time and post-quantum SNARKs for R1CS. Cryptology ePrint Archive, Report 2021\/1043 (2021). https:\/\/eprint.iacr.org\/2021\/1043"},{"key":"4_CR37","doi-asserted-by":"publisher","unstructured":"Gorbunov, S., Reyzin, L., Wee, H., Zhang, Z.: Pointproofs: aggregating proofs for multiple vector commitments. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 2007\u20132023. ACM Press, November 2020. https:\/\/doi.org\/10.1145\/3372297.3417244","DOI":"10.1145\/3372297.3417244"},{"key":"4_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"503","DOI":"10.1007\/978-3-662-48000-7_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"S Gorbunov","year":"2015","unstructured":"Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 503\u2013523. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_25"},{"key":"4_CR39","doi-asserted-by":"publisher","unstructured":"Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: Umans, C. (ed.) 58th FOCS, pp. 612\u2013621. IEEE Computer Society Press, October 2017. https:\/\/doi.org\/10.1109\/FOCS.2017.62","DOI":"10.1109\/FOCS.2017.62"},{"key":"4_CR40","unstructured":"Grassi, L., Kales, D., Khovratovich, D., Roy, A., Rechberger, C., Schofnegger, M.: Starkad and Poseidon: New hash functions for zero knowledge proof systems. Cryptology ePrint Archive, Report 2019\/458 (2019). https:\/\/eprint.iacr.org\/2019\/458"},{"key":"4_CR41","unstructured":"Gross, J.: Practical SNARK based VDF (2021). https:\/\/zkproof.org\/2021\/11\/24\/practical-snark-based-vdf\/"},{"key":"4_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-662-49896-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"J Groth","year":"2016","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 305\u2013326. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_11"},{"key":"4_CR43","doi-asserted-by":"publisher","unstructured":"Ishai, Y., Su, H., Wu, D.J.: Shorter and faster post-quantum designated-verifier zkSNARKs from lattices. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 212\u2013234. ACM Press, November 2021. https:\/\/doi.org\/10.1145\/3460120.3484572","DOI":"10.1145\/3460120.3484572"},{"key":"4_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-642-17373-8_11","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"A Kate","year":"2010","unstructured":"Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177\u2013194. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_11"},{"key":"4_CR45","doi-asserted-by":"publisher","unstructured":"Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723\u2013732. ACM Press, May 1992. https:\/\/doi.org\/10.1145\/129712.129782","DOI":"10.1145\/129712.129782"},{"issue":"3","key":"4_CR46","first-page":"357","volume":"57","author":"N Koblitz","year":"2010","unstructured":"Koblitz, N., Menezes, A.: The brave new world of bodacious assumptions in cryptography. Not. Am. Math. Soc. 57(3), 357\u2013365 (2010)","journal-title":"Not. Am. Math. Soc."},{"key":"4_CR47","doi-asserted-by":"publisher","unstructured":"Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839\u2013858. IEEE Computer Society Press, May 2016. https:\/\/doi.org\/10.1109\/SP.2016.55","DOI":"10.1109\/SP.2016.55"},{"key":"4_CR48","unstructured":"Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving. Ph.D. thesis, Eindhoven University of Technology (2015)"},{"key":"4_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1007\/978-3-030-26948-7_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"RWF Lai","year":"2019","unstructured":"Lai, R.W.F., Malavolta, G.: Subvector commitments with application to succinct arguments. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part I. LNCS, vol. 11692, pp. 530\u2013560. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_19"},{"key":"4_CR50","doi-asserted-by":"publisher","unstructured":"Lai, R.W.F., Malavolta, G., Ronge, V.: Succinct arguments for bilinear group arithmetic: Practical structure-preserving cryptography. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2057\u20132074. ACM Press, November 2019. https:\/\/doi.org\/10.1145\/3319535.3354262","DOI":"10.1145\/3319535.3354262"},{"issue":"3","key":"4_CR51","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","volume":"75","author":"A Langlois","year":"2014","unstructured":"Langlois, A., Stehl\u00e9, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565\u2013599 (2014). https:\/\/doi.org\/10.1007\/s10623-014-9938-4","journal-title":"Des. Codes Crypt."},{"key":"4_CR52","doi-asserted-by":"publisher","unstructured":"Libert, B., Ramanna, S.C., Yung, M.: Functional commitment schemes: from polynomial commitments to pairing-based accumulators from simple assumptions. In: Chatzigiannakis, I., Mitzenmacher, M., Rabani, Y., Sangiorgi, D. (eds.) ICALP 2016. LIPIcs, vol. 55, pp. 30:1\u201330:14. Schloss Dagstuhl, July 2016. https:\/\/doi.org\/10.4230\/LIPIcs.ICALP.2016.30","DOI":"10.4230\/LIPIcs.ICALP.2016.30"},{"key":"4_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-642-11799-2_30","volume-title":"Theory of Cryptography","author":"B Libert","year":"2010","unstructured":"Libert, B., Yung, M.: Concise mercurial vector commitments and independent zero-knowledge sets with short proofs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 499\u2013517. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_30"},{"key":"4_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-662-44371-2_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"S Ling","year":"2014","unstructured":"Ling, S., Phan, D.H., Stehl\u00e9, D., Steinfeld, R.: Hardness of k-LWE and applications in traitor tracing. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 315\u2013334. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_18"},{"key":"4_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/11593447_10","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"M Liskov","year":"2005","unstructured":"Liskov, M.: Updatable zero-knowledge databases. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 174\u2013198. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11593447_10"},{"key":"4_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11787006_13","volume-title":"Automata, Languages and Programming","author":"V Lyubashevsky","year":"2006","unstructured":"Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 144\u2013155. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11787006_13"},{"key":"4_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-38348-9_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"V Lyubashevsky","year":"2013","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35\u201354. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_3"},{"key":"4_CR58","doi-asserted-by":"publisher","unstructured":"Micali, S.: CS proofs (extended abstracts). In: 35th FOCS, pp. 436\u2013453. IEEE Computer Society Press, November 1994. https:\/\/doi.org\/10.1109\/SFCS.1994.365746","DOI":"10.1109\/SFCS.1994.365746"},{"key":"4_CR59","doi-asserted-by":"publisher","unstructured":"Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: 44th FOCS, pp. 80\u201391. IEEE Computer Society Press, October 2003. https:\/\/doi.org\/10.1109\/SFCS.2003.1238183","DOI":"10.1109\/SFCS.2003.1238183"},{"key":"4_CR60","doi-asserted-by":"crossref","unstructured":"Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Comput. Complex. 16(4), 365\u2013411 (2007)","DOI":"10.1007\/s00037-007-0234-9"},{"key":"4_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-642-29011-4_41","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Micciancio","year":"2012","unstructured":"Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700\u2013718. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_41"},{"key":"4_CR62","doi-asserted-by":"publisher","unstructured":"Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238\u2013252. IEEE Computer Society Press, May 2013. https:\/\/doi.org\/10.1109\/SP.2013.47","DOI":"10.1109\/SP.2013.47"},{"key":"4_CR63","unstructured":"Peikert, C., Pepin, Z., Sharp, C.: Vector and functional commitments from lattices. Cryptology ePrint Archive, Report 2021\/1254 (2021). https:\/\/ia.cr\/2021\/1254"},{"key":"4_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/11681878_8","volume-title":"Theory of Cryptography","author":"C Peikert","year":"2006","unstructured":"Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145\u2013166. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11681878_8"},{"key":"4_CR65","unstructured":"Prest, T., et al.: FALCON. Technical report, National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"4_CR66","doi-asserted-by":"publisher","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84\u201393. ACM Press, May 2005. https:\/\/doi.org\/10.1145\/1060590.1060603","DOI":"10.1145\/1060590.1060603"},{"key":"4_CR67","doi-asserted-by":"crossref","unstructured":"Schnorr, C., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181\u2013199 (1994)","DOI":"10.1007\/BF01581144"},{"key":"4_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_4"},{"key":"4_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-642-10366-7_36","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"D Stehl\u00e9","year":"2009","unstructured":"Stehl\u00e9, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617\u2013635. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_36"},{"key":"4_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-662-49896-5_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"D Unruh","year":"2016","unstructured":"Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 497\u2013527. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_18"},{"key":"4_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-78524-8_1","volume-title":"Theory of Cryptography","author":"P Valiant","year":"2008","unstructured":"Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time\/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1\u201318. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78524-8_1"},{"key":"4_CR72","doi-asserted-by":"publisher","unstructured":"Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: Umans, C. (ed.) 58th FOCS, pp. 600\u2013611. IEEE Computer Society Press, October 2017. https:\/\/doi.org\/10.1109\/FOCS.2017.61","DOI":"10.1109\/FOCS.2017.61"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15979-4_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T22:03:32Z","timestamp":1760220212000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15979-4_4"}},"subtitle":["(Extended Abstract)"],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031159787","9783031159794"],"references-count":72,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15979-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"13 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}