{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T13:10:35Z","timestamp":1765113035289,"version":"3.40.3"},"publisher-location":"Cham","reference-count":84,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031683756"},{"type":"electronic","value":"9783031683763"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-68376-3_7","type":"book-chapter","created":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T21:02:07Z","timestamp":1723755727000},"page":"210-245","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Pairing-Free Blind Signatures from\u00a0Standard Assumptions in\u00a0the\u00a0ROM"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8879-8226","authenticated-orcid":false,"given":"Julia","family":"Kastner","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3867-4209","authenticated-orcid":false,"given":"Ky","family":"Nguyen","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3498-5472","authenticated-orcid":false,"given":"Michael","family":"Reichle","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,16]]},"reference":[{"key":"7_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/3-540-44987-6_9","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"M Abe","year":"2001","unstructured":"Abe, M.: A secure three-move blind signature scheme for polynomially many signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136\u2013151. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_9"},{"key":"7_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-90459-3_15","volume-title":"Theory of Cryptography","author":"M Abe","year":"2021","unstructured":"Abe, M., Ambrona, M., Bogdanov, A., Ohkubo, M., Rosen, A.: Acyclicity programming for sigma-protocols. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 435\u2013465. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90459-3_15"},{"issue":"2","key":"7_CR3","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1007\/s00145-014-9196-7","volume":"29","author":"M Abe","year":"2016","unstructured":"Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. J. Cryptol. 29(2), 363\u2013421 (2016). https:\/\/doi.org\/10.1007\/s00145-014-9196-7","journal-title":"J. Cryptol."},{"key":"7_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/978-3-030-03326-2_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"M Abe","year":"2018","unstructured":"Abe, M., Jutla, C.S., Ohkubo, M., Roy, A.: Improved (almost) tightly-secure simulation-sound QA-NIZK with applications. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 627\u2013656. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03326-2_21"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-642-10366-7_26","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Abe","year":"2009","unstructured":"Abe, M., Ohkubo, M.: A framework for universally composable non-committing blind signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 435\u2013450. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_26"},{"key":"7_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/3-540-44598-6_17","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"M Abe","year":"2000","unstructured":"Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271\u2013286. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44598-6_17"},{"key":"7_CR7","doi-asserted-by":"publisher","unstructured":"Agrawal, S., Kirshanova, E., Stehl\u00e9, D., Yadav, A.: Practical, round-optimal lattice-based blind signatures. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022 pp. 39\u201353. ACM Press (2022). https:\/\/doi.org\/10.1145\/3548606.3560650","DOI":"10.1145\/3548606.3560650"},{"key":"7_CR8","unstructured":"Amjad, G., Yeo, K., Yung, M.: Rsa blind signatures with public metadata. Cryptology ePrint Archive, Paper 2023\/1199 (2023). https:\/\/eprint.iacr.org\/2023\/1199"},{"key":"7_CR9","doi-asserted-by":"publisher","unstructured":"Attema, T., Fehr, S., Kloo\u00df, M.: Fiat-shamir transformation of multi-round interactive proofs. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC\u00a02022, Part\u00a0I. LNCS, vol. 13747, pp. 113\u2013142. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22318-1_5","DOI":"10.1007\/978-3-031-22318-1_5"},{"key":"7_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/3-540-36413-7_19","volume-title":"Security in Communication Networks","author":"PSLM Barreto","year":"2003","unstructured":"Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257\u2013267. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36413-7_19"},{"key":"7_CR11","doi-asserted-by":"publisher","unstructured":"Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: Security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT\u00a02016, Part\u00a0II. LNCS, vol. 10032, pp. 777\u2013804. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_26","DOI":"10.1007\/978-3-662-53890-6_26"},{"issue":"3","key":"7_CR12","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s00145-002-0120-1","volume":"16","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptol. 16(3), 185\u2013215 (2003). https:\/\/doi.org\/10.1007\/s00145-002-0120-1","journal-title":"J. Cryptol."},{"key":"7_CR13","doi-asserted-by":"publisher","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 2006, pp. 390\u2013399. ACM Press (2006). https:\/\/doi.org\/10.1145\/1180405.1180453","DOI":"10.1145\/1180405.1180453"},{"key":"7_CR14","doi-asserted-by":"publisher","unstructured":"Benhamouda, F., Lepoint, T., Loss, J., Orr\u00f9, M., Raykova, M.: On the (in)security of ROS. In: Canteaut, A., Standaert, F.X. (eds.) EUROCRYPT\u00a02021, Part\u00a0I. LNCS, vol. 12696, pp. 33\u201353. Springer, Heidelberg (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_2","DOI":"10.1007\/978-3-030-77870-5_2"},{"key":"7_CR15","doi-asserted-by":"publisher","unstructured":"Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Signatures on randomizable ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC\u00a02011. LNCS, vol.\u00a06571, pp. 403\u2013422. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19379-8_25","DOI":"10.1007\/978-3-642-19379-8_25"},{"issue":"5","key":"7_CR16","doi-asserted-by":"publisher","first-page":"627","DOI":"10.3233\/JCS-130477","volume":"21","author":"O Blazy","year":"2013","unstructured":"Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Short blind signatures. J. Comput. Secur. 21(5), 627\u2013661 (2013)","journal-title":"J. Comput. Secur."},{"key":"7_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-642-32928-9_6","volume-title":"Security and Cryptography for Networks","author":"O Blazy","year":"2012","unstructured":"Blazy, O., Pointcheval, D., Vergnaud, D.: Compact round-optimal partially-blind signatures. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 95\u2013112. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32928-9_6"},{"key":"7_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-36288-6_3","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"A Boldyreva","year":"2003","unstructured":"Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31\u201346. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_3"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/3-540-48329-2_26","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"S Brands","year":"1994","unstructured":"Brands, S.: Untraceable off-line cash in wallet with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302\u2013318. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_26"},{"key":"7_CR20","doi-asserted-by":"publisher","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315\u2013334. IEEE Computer Society Press (2018). https:\/\/doi.org\/10.1109\/SP.2018.00020","DOI":"10.1109\/SP.2018.00020"},{"key":"7_CR21","doi-asserted-by":"publisher","unstructured":"Buser, M., et al.: A survey on exotic signatures for post-quantum blockchain: challenges and research directions. ACM Comput. Surv. 55(12) (2023). https:\/\/doi.org\/10.1145\/3572771","DOI":"10.1145\/3572771"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1007\/3-540-36413-7_20","volume-title":"Security in Communication Networks","author":"J Camenisch","year":"2003","unstructured":"Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268\u2013289. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36413-7_20"},{"key":"7_CR23","doi-asserted-by":"publisher","unstructured":"Chairattana-Apirom, R., Hanzlik, L., Loss, J., Lysyanskaya, A., Wagner, B.: PI-cut-choo and friends: compact blind signatures via parallel instance cut-and-choose and more. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO\u00a02022, Part\u00a0III. LNCS, vol. 13509, pp. 3\u201331. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-15982-4_1","DOI":"10.1007\/978-3-031-15982-4_1"},{"key":"7_CR24","unstructured":"Chairattana-Apirom, R., Tessaro, S., Zhu, C.: Pairing-free blind signatures from cdh assumptions. Cryptology ePrint Archive, Paper 2023\/1780 (2023). https:\/\/eprint.iacr.org\/2023\/1780"},{"key":"7_CR25","unstructured":"Chator, A., Green, M., Tiwari, P.R.: Sok: Privacy-preserving signatures. Cryptology ePrint Archive, Paper 2023\/1039 (2023). https:\/\/eprint.iacr.org\/2023\/1039"},{"key":"7_CR26","first-page":"199","volume-title":"CRYPTO\u201982","author":"D Chaum","year":"1982","unstructured":"Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO\u201982, pp. 199\u2013203. Plenum Press, New York (1982)"},{"key":"7_CR27","doi-asserted-by":"publisher","unstructured":"Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030\u20131044 (1985). https:\/\/doi.org\/10.1145\/4372.4373","DOI":"10.1145\/4372.4373"},{"key":"7_CR28","doi-asserted-by":"publisher","unstructured":"Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: G\u00fcnther, C.G. (ed.) EUROCRYPT\u201988. LNCS, vol.\u00a0330, pp. 177\u2013182. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-45961-8_15","DOI":"10.1007\/3-540-45961-8_15"},{"key":"7_CR29","doi-asserted-by":"publisher","unstructured":"Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO\u201988. LNCS, vol.\u00a0403, pp. 319\u2013327. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_25","DOI":"10.1007\/0-387-34799-2_25"},{"key":"7_CR30","doi-asserted-by":"publisher","unstructured":"Couteau, G., Goudarzi, D., Kloo\u00df, M., Reichle, M.: Sharp: short relaxed range proofs. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, pp. 609\u2013622. ACM Press (2022). https:\/\/doi.org\/10.1145\/3548606.3560628","DOI":"10.1145\/3548606.3560628"},{"key":"7_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-56614-6_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"G Couteau","year":"2017","unstructured":"Couteau, G., Peters, T., Pointcheval, D.: Removing the strong RSA assumption from arguments over the integers. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 321\u2013350. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_11"},{"key":"7_CR32","doi-asserted-by":"publisher","unstructured":"Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: Motiwalla, J., Tsudik, G. (eds.) ACM CCS 99, pp. 46\u201351. ACM Press (1999). https:\/\/doi.org\/10.1145\/319709.319716","DOI":"10.1145\/319709.319716"},{"key":"7_CR33","doi-asserted-by":"publisher","first-page":"710","DOI":"10.1007\/978-3-031-38557-5_23","volume-title":"Advances in Cryptology - CRYPTO 2023","author":"E Crites","year":"2023","unstructured":"Crites, E., Komlo, C., Maller, M., Tessaro, S., Zhu, C.: Snowblind: A threshold blind signature in pairing-free groups. In: Handschuh, H., Lysyanskaya, A. (eds.) Advances in Cryptology - CRYPTO 2023, pp. 710\u2013742. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38557-5_23"},{"key":"7_CR34","doi-asserted-by":"publisher","unstructured":"del Pino, R., Katsumata, S.: A new framework for more efficient round-optimal lattice-based (partially) blind signature via trapdoor sampling. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO\u00a02022, Part\u00a0II. LNCS, vol. 13508, pp. 306\u2013336. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_11","DOI":"10.1007\/978-3-031-15979-4_11"},{"key":"7_CR35","unstructured":"Denis, F., Jacobs, F., Wood, C.A.: RSA Blind Signatures. Internet-Draft draft-irtf-cfrg-rsa-blind-signatures-02, Internet Engineering Task Force, August 2021. https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-rsa-blind-signatures\/02\/, work in Progress"},{"key":"7_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985). https:\/\/doi.org\/10.1007\/3-540-39568-7_2"},{"key":"7_CR37","doi-asserted-by":"publisher","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol.\u00a0263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12","DOI":"10.1007\/3-540-47721-7_12"},{"key":"7_CR38","doi-asserted-by":"publisher","unstructured":"Fischlin, M.: The Cramer-Shoup strong-RSA signature scheme revisited. In: Desmedt, Y. (ed.) PKC\u00a02003. LNCS, vol.\u00a02567, pp. 116\u2013129. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_9","DOI":"10.1007\/3-540-36288-6_9"},{"key":"7_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/11818175_4","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Fischlin","year":"2006","unstructured":"Fischlin, M.: Round-optimal composable blind signatures in the common reference string model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60\u201377. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_4"},{"key":"7_CR40","doi-asserted-by":"publisher","unstructured":"Fischlin, M., Schr\u00f6der, D.: On the impossibility of three-move blind signature schemes. In: Gilbert, H. (ed.) EUROCRYPT\u00a02010. LNCS, vol.\u00a06110, pp. 197\u2013215. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_10","DOI":"10.1007\/978-3-642-13190-5_10"},{"key":"7_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-319-76578-5_11","volume-title":"Public-Key Cryptography \u2013 PKC 2018","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315\u2013347. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76578-5_11"},{"key":"7_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/978-3-319-44618-9_21","volume-title":"Security and Cryptography for Networks","author":"G Fuchsbauer","year":"2016","unstructured":"Fuchsbauer, G., Hanser, C., Kamath, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model from weaker assumptions. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 391\u2013408. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-44618-9_21"},{"key":"7_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-48000-7_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"G Fuchsbauer","year":"2015","unstructured":"Fuchsbauer, G., Hanser, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 233\u2013253. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_12"},{"key":"7_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-45724-2_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"G Fuchsbauer","year":"2020","unstructured":"Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 63\u201395. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_3"},{"key":"7_CR45","unstructured":"Fuchsbauer, G., Wolf, M.: Concurrently secure blind schnorr signatures. Cryptology ePrint Archive, Paper 2022\/1676 (2022). https:\/\/eprint.iacr.org\/2022\/1676, https:\/\/eprint.iacr.org\/2022\/1676"},{"key":"7_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/3-540-57220-1_66","volume-title":"Advances in Cryptology \u2014 AUSCRYPT \u201992","author":"A Fujioka","year":"1993","unstructured":"Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244\u2013251. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57220-1_66"},{"key":"7_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/978-3-642-55220-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Garg","year":"2014","unstructured":"Garg, S., Gupta, D.: Efficient round optimal blind signatures. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 477\u2013495. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_27"},{"key":"7_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"630","DOI":"10.1007\/978-3-642-22792-9_36","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"S Garg","year":"2011","unstructured":"Garg, S., Rao, V., Sahai, A., Schr\u00f6der, D., Unruh, D.: Round optimal blind signatures. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 630\u2013648. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_36"},{"key":"7_CR49","series-title":"LNCS","first-page":"455","volume-title":"FC 2017","author":"E Ghadafi","year":"2017","unstructured":"Ghadafi, E.: Efficient round-optimal blind signatures in the standard model. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 455\u2013473. Springer, Heidelberg (2017)"},{"key":"7_CR50","unstructured":"Google: VPN Google One. https:\/\/one.google.com\/about\/vpn\/howitworks"},{"key":"7_CR51","doi-asserted-by":"crossref","unstructured":"Hanzlik, L., Loss, J., Wagner, B.: Rai-choo! evolving blind signatures to the next level. EUROCRYPT 2023 (2023). https:\/\/eprint.iacr.org\/2022\/1350","DOI":"10.1007\/978-3-031-30589-4_26"},{"key":"7_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-030-17659-4_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"E Hauck","year":"2019","unstructured":"Hauck, E., Kiltz, E., Loss, J.: A modular treatment of blind signatures from identification schemes. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 345\u2013375. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17659-4_12"},{"key":"7_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-540-70936-7_18","volume-title":"Theory of Cryptography","author":"C Hazay","year":"2007","unstructured":"Hazay, C., Katz, J., Koo, C.-Y., Lindell, Y.: Concurrently-secure blind signatures without random oracles or setup assumptions. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 323\u2013341. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-70936-7_18"},{"key":"7_CR54","doi-asserted-by":"crossref","unstructured":"Heath-Brown, D.: The number of primes in a short interval. J. f\u00fcr die reine und angewandte Mathematik 389, 22\u201363 (1988). http:\/\/eudml.org\/doc\/153047","DOI":"10.1515\/crll.1988.389.22"},{"key":"7_CR55","doi-asserted-by":"publisher","unstructured":"Heath-Brown, R.: The differences between consecutive primes, V. Int. Math. Res. Not. 2021(22), 17514\u201317562 (2019). https:\/\/doi.org\/10.1093\/imrn\/rnz295","DOI":"10.1093\/imrn\/rnz295"},{"key":"7_CR56","unstructured":"Hendrickson, S., Iyengar, J., Pauly, T., Valdez, S., Wood, C.A.: Private access tokens. In: Internet-Draft Draft-Private-Access-Tokens-01, Internet Engineering Task Force (2021). https:\/\/datatracker.ietf.org\/doc\/draft-private-access-tokens\/01\/. work in Progress"},{"key":"7_CR57","doi-asserted-by":"crossref","unstructured":"Huxley, M.: On the difference between consecutive primes. Invention. Math. 15, 164\u2013170 (1971\/1972). http:\/\/eudml.org\/doc\/142126","DOI":"10.1007\/BF01418933"},{"key":"7_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/BFb0052233","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"A Juels","year":"1997","unstructured":"Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150\u2013164. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052233"},{"key":"7_CR59","doi-asserted-by":"publisher","unstructured":"Kastner, J., Loss, J., Xu, J.: The abe-okamoto partially blind signature scheme revisited. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0IV. LNCS, vol. 13794, pp. 279\u2013309. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22972-5_10","DOI":"10.1007\/978-3-031-22972-5_10"},{"key":"7_CR60","doi-asserted-by":"publisher","unstructured":"Kastner, J., Loss, J., Xu, J.: On pairing-free blind signature schemes in the algebraic group model. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC\u00a02022, Part\u00a0II. LNCS, vol. 13178, pp. 468\u2013497. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-030-97131-1_16","DOI":"10.1007\/978-3-030-97131-1_16"},{"key":"7_CR61","unstructured":"Kastner, J., Nguyen, K., Reichle, M.: Pairing-free blind signatures from standard assumptions in the rom. Cryptology ePrint Archive, Paper 2023\/1810 (2023). https:\/\/eprint.iacr.org\/2023\/1810, full version of this work"},{"key":"7_CR62","doi-asserted-by":"publisher","first-page":"729","DOI":"10.1007\/978-3-031-38548-3_24","volume-title":"Advances in Cryptology - CRYPTO 2023","author":"S Katsumata","year":"2023","unstructured":"Katsumata, S., Lai, Y.F., LeGrow, J.T., Qin, L.: Csi-otter: isogeny-based (partially) blind signatures from the class group action with a twist. In: Handschuh, H., Lysyanskaya, A. (eds.) Advances in Cryptology - CRYPTO 2023, pp. 729\u2013761. Springer, Cham (2023)"},{"key":"7_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-030-77870-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"S Katsumata","year":"2021","unstructured":"Katsumata, S., Nishimaki, R., Yamada, S., Yamakawa, T.: Round-optimal blind signatures in the plain model from classical and quantum standard assumptions. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 404\u2013434. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_15"},{"key":"7_CR64","doi-asserted-by":"crossref","unstructured":"Katsumata, S., Reichle, M., Sakai, Y.: Practical round-optimal blind signatures in the rom from standard assumptions. to appear in Asiacrypt (2023). https:\/\/eprint.iacr.org\/2023\/1447","DOI":"10.1007\/978-981-99-8724-5_12"},{"key":"7_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"468","DOI":"10.1007\/978-3-030-92068-5_16","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"J Katz","year":"2021","unstructured":"Katz, J., Loss, J., Rosenberg, M.: Boosting the\u00a0security of\u00a0blind signature schemes. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 468\u2013492. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92068-5_16"},{"issue":"2","key":"7_CR66","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/s00145-007-9015-5","volume":"21","author":"Y Lindell","year":"2008","unstructured":"Lindell, Y.: Lower bounds and impossibility results for concurrent self composition. J. Cryptol. 21(2), 200\u2013249 (2008). https:\/\/doi.org\/10.1007\/s00145-007-9015-5","journal-title":"J. Cryptol."},{"key":"7_CR67","doi-asserted-by":"crossref","unstructured":"Lysyanskaya, A.: Security analysis of rsa-bssa (2023). https:\/\/eprint.iacr.org\/2022\/895","DOI":"10.1007\/978-3-031-31368-4_10"},{"key":"7_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-642-17373-8_30","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"S Meiklejohn","year":"2010","unstructured":"Meiklejohn, S., Shacham, H., Freeman, D.M.: Limitations on transformations from composite-order to prime-order groups: the case of round-optimal blind signatures. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 519\u2013538. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_30"},{"key":"7_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-540-45146-4_6","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"M Naor","year":"2003","unstructured":"Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96\u2013109. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_6"},{"key":"7_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/978-3-030-64375-1_7","volume-title":"Theory of Cryptography","author":"R Nishimaki","year":"2020","unstructured":"Nishimaki, R.: Equipping public-key cryptographic primitives with watermarking (or: a hole is to watermark). In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 179\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64375-1_7"},{"key":"7_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-48071-4_3","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 92","author":"T Okamoto","year":"1993","unstructured":"Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31\u201353. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-48071-4_3"},{"key":"7_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1007\/3-540-46766-1_27","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201991","author":"T Okamoto","year":"1992","unstructured":"Okamoto, T., Ohta, K.: Universal electronic cash. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 324\u2013337. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/3-540-46766-1_27"},{"key":"7_CR73","doi-asserted-by":"publisher","unstructured":"Pass, R.: Limits of provable security from standard assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 109\u2013118. ACM Press (2011). https:\/\/doi.org\/10.1145\/1993636.1993652","DOI":"10.1145\/1993636.1993652"},{"key":"7_CR74","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/BFb0054141","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"D Pointcheval","year":"1998","unstructured":"Pointcheval, D.: Strengthened security for blind signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 391\u2013405. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054141"},{"issue":"3","key":"7_CR75","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000). https:\/\/doi.org\/10.1007\/s001450010003","journal-title":"J. Cryptol."},{"key":"7_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45600-7_1","volume-title":"Information and Communications Security","author":"CP Schnorr","year":"2001","unstructured":"Schnorr, C.P.: Security of blind discrete log signatures against interactive attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1\u201312. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45600-7_1"},{"key":"7_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-3-642-28914-9_8","volume-title":"Theory of Cryptography","author":"JH Seo","year":"2012","unstructured":"Seo, J.H., Cheon, J.H.: Beyond the limitation of prime-order bilinear groups, and round optimal blind signatures. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 133\u2013150. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28914-9_8"},{"key":"7_CR78","doi-asserted-by":"publisher","unstructured":"Tessaro, S., Zhu, C.: Short pairing-free blind signatures with exponential security. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13276, pp. 782\u2013811. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_27","DOI":"10.1007\/978-3-031-07085-3_27"},{"key":"7_CR79","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"},{"key":"7_CR80","unstructured":"Nist announcess additional digital signature candidates for the pqc standardization process (2023). https:\/\/csrc.nist.gov\/projects\/pqc-dig-sig. Accessed 06 Oct 2023"},{"key":"7_CR81","unstructured":"mcl-wasm library for pairings (2023). https:\/\/github.com\/herumi\/mcl-wasm. Accessed 02 Oct 2023"},{"key":"7_CR82","unstructured":"PCM. Click fraud prevention and attribution sent to advertiser (2022). https:\/\/webkit.org\/blog\/11940\/pcm-click-fraud-prevention-and-attribution-sent-to-advertiser\/. Accessed 06 Oct 2023"},{"key":"7_CR83","unstructured":"Supported SSH Algorithms. (2022). https:\/\/privx.docs.ssh.com\/docs\/supported-ssh-key-exchange-algorithms. Accessed 06 Oct 2023"},{"key":"7_CR84","doi-asserted-by":"publisher","unstructured":"Yi, X., Lam, K.Y.: A new blind ECDSA scheme for bitcoin transaction anonymity. In: Galbraith, S.D., Russello, G., Susilo, W., Gollmann, D., Kirda, E., Liang, Z. (eds.) ASIACCS 19, pp. 613\u2013620. ACM Press (2019). https:\/\/doi.org\/10.1145\/3321705.3329816","DOI":"10.1145\/3321705.3329816"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-68376-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T21:03:41Z","timestamp":1723755821000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-68376-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031683756","9783031683763"],"references-count":84,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-68376-3_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"16 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}