{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T14:03:01Z","timestamp":1760623381505,"version":"3.40.3"},"publisher-location":"Cham","reference-count":85,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031780196"},{"type":"electronic","value":"9783031780202"}],"license":[{"start":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:00:00Z","timestamp":1732924800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:00:00Z","timestamp":1732924800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78020-2_13","type":"book-chapter","created":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T09:38:44Z","timestamp":1732959524000},"page":"371-399","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["From One-Time to\u00a0Two-Round Reusable Multi-signatures Without Nested Forking"],"prefix":"10.1007","author":[{"given":"Lior","family":"Rotem","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gil","family":"Segev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eylon","family":"Yogev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,11,30]]},"reference":[{"key":"13_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/3-540-46035-7_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"M Abdalla","year":"2002","unstructured":"Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the fiat-shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418\u2013433. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_28"},{"key":"13_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-030-84242-0_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"H K\u0131l\u0131n\u00e7 Alper","year":"2021","unstructured":"K\u0131l\u0131n\u00e7 Alper, H., Burdges, J.: Two-round trip Schnorr multi-signatures via delinearized witnesses. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 157\u2013188. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_7"},{"key":"13_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-319-76953-0_12","volume-title":"Topics in Cryptology \u2013 CT-RSA 2018","author":"J-P Aumasson","year":"2018","unstructured":"Aumasson, J.-P., Endignoux, G.: Improving stateless hash-based signatures. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 219\u2013242. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76953-0_12"},{"key":"13_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/978-3-030-45724-2_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"T Agrikola","year":"2020","unstructured":"Agrikola, T., Hofheinz, D., Kastner, J.: On instantiating the algebraic group model from falsifiable assumptions. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 96\u2013126. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_4"},{"key":"13_CR5","unstructured":"Argent. Part I: WTF is account abstraction (2022). https:\/\/www.argent.xyz\/blog\/wtf-is-account-abstraction\/"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE Symposium on Security and Privacy, pp. 315\u2013334 (2018)","DOI":"10.1109\/SP.2018.00020"},{"key":"13_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-36594-2_18","volume-title":"Theory of Cryptography","author":"N Bitansky","year":"2013","unstructured":"Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315\u2013333. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36594-2_18"},{"key":"13_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-662-53644-5_2","volume-title":"Theory of Cryptography","author":"E Ben-Sasson","year":"2016","unstructured":"Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 31\u201360. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_2"},{"key":"13_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"650","DOI":"10.1007\/978-3-030-92068-5_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"M Bellare","year":"2021","unstructured":"Bellare, M., Dai, W.: Chain reductions for\u00a0multi-signatures and\u00a0the\u00a0HBMS scheme. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 650\u2013678. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92068-5_22"},{"key":"13_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-03329-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_15"},{"key":"13_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-030-56880-1_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"B Bauer","year":"2020","unstructured":"Bauer, B., Fuchsbauer, G., Loss, J.: A\u00a0classification\u00a0of\u00a0computational\u00a0assumptions in the algebraic group model. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 121\u2013151. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1_5"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, pp. 103\u2013112 (1988)","DOI":"10.1145\/62212.62222"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Gentry, C., O\u2019Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 276\u2013285 (2007)","DOI":"10.1145\/1315245.1315280"},{"key":"13_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-662-46800-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"DJ Bernstein","year":"2015","unstructured":"Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368\u2013397. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_15"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., H\u00fclsing, A., K\u00f6lbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS$$ ^{\\text{+}}$$ signature framework. : Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 2129\u20132146. ACM (2019)","DOI":"10.1145\/3319535.3363229"},{"key":"13_CR16","unstructured":"Boneh, D., Kim, S.: One-time and interactive aggregate signatures from lattices (2020). https:\/\/crypto.stanford.edu\/~skim13\/agg_ots.pdf"},{"key":"13_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/978-3-662-46447-2_12","volume-title":"Public-Key Cryptography \u2013 PKC 2015","author":"O Blazy","year":"2015","unstructured":"Blazy, O., Kakvi, S.A., Kiltz, E., Pan, J.: Tightly-secure signatures from chameleon hash functions. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 256\u2013279. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46447-2_12"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 390\u2013399 (2006)","DOI":"10.1145\/1180405.1180453"},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-36288-6_3","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"A Boldyreva","year":"2003","unstructured":"Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31\u201346. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_3"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"issue":"2","key":"13_CR21","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1049\/iet-ifs:20070089","volume":"2","author":"M Bellare","year":"2008","unstructured":"Bellare, M., Shoup, S.: Two-tier signatures from the Fiat-Shamir transform, with applications to strongly unforgeable and one-time signatures. IET Inf. Secur. 2(2), 47\u201363 (2008)","journal-title":"IET Inf. Secur."},{"key":"13_CR22","unstructured":"Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Paper 2018\/046 (2018)"},{"issue":"6","key":"13_CR23","doi-asserted-by":"publisher","first-page":"1084","DOI":"10.1137\/0220068","volume":"20","author":"M Blum","year":"1991","unstructured":"Blum, M., Santis, A.D., Micali, S., Persiano, G.: Non-interactive zero-knowledge. SIAM J. Comput. 20(6), 1084\u20131118 (1991)","journal-title":"SIAM J. Comput."},{"key":"13_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-031-15979-4_10","volume-title":"Advances in Cryptology - CRYPTO 2022","author":"C Boschini","year":"2022","unstructured":"Boschini, C., Takahashi, A., Tibouchi, M.: MuSig-L: lattice-based multi-signature with single-round online phase. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13508, pp. 276\u2013305. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_10"},{"key":"13_CR25","unstructured":"Buterin, V., et al.: EIP-4337: Account abstraction using Alt mempool [DRAFT]. Ethereum Improvement Proposals, no. 4337 (2021). https:\/\/eips.ethereum.org\/EIPS\/eip-4337)"},{"issue":"3","key":"13_CR26","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BF00208000","volume":"9","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Yung, M.: Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptol. 9(3), 149\u2013166 (1996)","journal-title":"J. Cryptol."},{"key":"13_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1007\/BFb0055745","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"R Cramer","year":"1998","unstructured":"Cramer, R., Damg\u00e5rd, I.: Zero-knowledge proofs for finite field arithmetic, or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424\u2013441. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0055745"},{"key":"13_CR28","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/j.tcs.2015.05.029","volume":"592","author":"D Catalano","year":"2015","unstructured":"Catalano, D., Fiore, D., Gennaro, R., Vamvourellis, K.: Algebraic (trapdoor) one-way functions: constructions and applications. Theor. Comput. Sci. 592, 143\u2013165 (2015)","journal-title":"Theor. Comput. Sci."},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-030-45721-1_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Chiesa","year":"2020","unstructured":"Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738\u2013768. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_26"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Canetti, R., Lichtenberg, A.: Certifying trapdoor permutations, revisited. In: Proceedings of the 16th Theory of Cryptography Conference, pp. 476\u2013506 (2018)","DOI":"10.1007\/978-3-030-03807-6_18"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Drijvers, M., et al.: On the security of two-round multi-signatures. In: IEEE Symposium on Security and Privacy, pp. 1084\u20131101 (2019)","DOI":"10.1109\/SP.2019.00050"},{"issue":"2","key":"13_CR32","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/s00145-022-09425-3","volume":"35","author":"I Damg\u00e5rd","year":"2022","unstructured":"Damg\u00e5rd, I., Orlandi, C., Takahashi, A., Tibouchi, M.: Two-round $$n$$-out-of-$$n$$ and multi-signatures and trapdoor commitment from lattices. J. Cryptol. 35(2), 14 (2022)","journal-title":"J. Cryptol."},{"issue":"2","key":"13_CR33","doi-asserted-by":"publisher","first-page":"319","DOI":"10.15803\/ijnc.11.2_319","volume":"11","author":"M Fukumitsu","year":"2021","unstructured":"Fukumitsu, M., Hasegawa, S.: A tightly secure DDH-based multisignature with public-key aggregation. Int. J. Network. Comput. 11(2), 319\u2013337 (2021)","journal-title":"Int. J. Network. Comput."},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96881-0_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2"},{"key":"13_CR35","unstructured":"Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string. In: Proceedings of the 31st Annual IEEE Symposium on Foundations of Computer Science, pp. 308\u2013317 (1990)"},{"key":"13_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-45724-2_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"G Fuchsbauer","year":"2020","unstructured":"Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 63\u201395. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_3"},{"key":"13_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 86","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Fleischhacker, N., Simkin, M., Zhang, Z.: Squirrel: efficient synchronized multi-signatures from lattices. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1109\u20131123 (2022)","DOI":"10.1145\/3548606.3560655"},{"key":"13_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-540-30539-2_20","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"R Gennaro","year":"2004","unstructured":"Gennaro, R., Leigh, D., Sundaram, R., Yerazunis, W.: Batching Schnorr identification scheme with applications to privacy-preserving authorization and low-bandwidth communication devices. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 276\u2013292. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30539-2_20"},{"key":"13_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/978-3-031-38545-2_7","volume-title":"Advances in Cryptology - CRYPTO 2023","author":"A Golovnev","year":"2023","unstructured":"Golovnev, A., Lee, J., Setty, S., Thaler, J., Wahby, R.S.: Brakedown: linear-time and field-agnostic SNARKs for R1CS. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14082, pp. 193\u2013226. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38545-2_7"},{"key":"13_CR41","unstructured":"Goldreich, O.: Foundations of Cryptography \u2013 Volume 1: Basic Techniques. Cambridge University Press, Cambridge (2001)"},{"key":"13_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-642-22670-0_20","volume-title":"Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation","author":"O Goldreich","year":"2011","unstructured":"Goldreich, O.: In a world of P=BPP. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 191\u2013232. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22670-0_20"},{"key":"13_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/11818175_6","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"J Groth","year":"2006","unstructured":"Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive zaps and new techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97\u2013111. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_6"},{"issue":"3","key":"13_CR44","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/s00145-012-9131-8","volume":"26","author":"O Goldreich","year":"2013","unstructured":"Goldreich, O., Rothblum, R.D.: Enhancements of trapdoor permutations. J. Cryptol. 26(3), 484\u2013512 (2013)","journal-title":"J. Cryptol."},{"key":"13_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/11935230_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"J Groth","year":"2006","unstructured":"Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444\u2013459. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_29"},{"key":"13_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-642-17373-8_20","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341\u2013358. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_20"},{"key":"13_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-662-49896-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"J Groth","year":"2016","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305\u2013326. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_11"},{"key":"13_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-540-78967-3_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"J Groth","year":"2008","unstructured":"Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415\u2013432. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_24"},{"key":"13_CR49","doi-asserted-by":"crossref","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, pp. 99\u2013108 (2011)","DOI":"10.1145\/1993636.1993651"},{"key":"13_CR50","unstructured":"Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Paper 2019\/953 (2019)"},{"key":"13_CR51","doi-asserted-by":"crossref","unstructured":"H\u00fclsing, A., Kudinov, M.A.: Recovering the tight security proof of SPHINCS$$ ^{\\text{+ }}$$. Cryptology ePrint Archive, Paper 2022\/346 (2022)","DOI":"10.1007\/978-3-031-22972-5_1"},{"key":"13_CR52","first-page":"1","volume":"71","author":"K Itakura","year":"1983","unstructured":"Itakura, K., Nakamura, K.: A public-key cryptosystem suitable for digital multisignatures. NEC Res. Dev. 71, 1\u20138 (1983)","journal-title":"NEC Res. Dev."},{"key":"13_CR53","doi-asserted-by":"crossref","unstructured":"Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 44\u201361 (1989)","DOI":"10.1145\/73007.73012"},{"key":"13_CR54","doi-asserted-by":"crossref","unstructured":"Kudinov, M.A., H\u00fclsing, A., Ronen, E., Yogev, E.: SPHINCS+C: compressing SPHINCS+ with (almost) no cost. Cryptology ePrint Archive, Paper 2022\/778 (2022)","DOI":"10.1109\/SP46215.2023.10179381"},{"key":"13_CR55","doi-asserted-by":"crossref","unstructured":"Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 3rd edn. CRC Press, Boca Raton (2021)","DOI":"10.1201\/9781351133036"},{"key":"13_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-662-53008-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"E Kiltz","year":"2016","unstructured":"Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 33\u201361. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_2"},{"key":"13_CR57","unstructured":"Lamport, L.: Constructing digital signatures from a one way function. Technical report SRI-CSL-98, SRI International Computer Science Laboratory (1979)"},{"key":"13_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/BFb0053435","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"C-M Li","year":"1995","unstructured":"Li, C.-M., Hwang, T., Lee, N.-Y.: Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 194\u2013204. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053435"},{"issue":"3","key":"13_CR59","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1007\/s00145-005-0345-x","volume":"19","author":"Y Lindell","year":"2006","unstructured":"Lindell, Y.: A simpler construction of CCA2-secure public-key encryption under general assumptions. J. Cryptol. 19(3), 359\u2013377 (2006)","journal-title":"J. Cryptol."},{"key":"13_CR60","doi-asserted-by":"crossref","unstructured":"Lee, K., Kim, H.: Two-round multi-signatures from Okamoto signatures. Mathematics 11(14) (2023)","DOI":"10.3390\/math11143223"},{"key":"13_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/11761679_28","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"S Lu","year":"2006","unstructured":"Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465\u2013485. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_28"},{"key":"13_CR62","doi-asserted-by":"crossref","unstructured":"Le, D., Yang, G., Ghorbani, A.A.: A new multisignature scheme with public key aggregation for blockchain. In: Proceedings of the 17th International Conference on Privacy, Security and Trust, pp. 1\u20137 (2019)","DOI":"10.1109\/PST47121.2019.8949046"},{"issue":"4","key":"13_CR63","doi-asserted-by":"publisher","first-page":"1253","DOI":"10.1137\/S0097539795284959","volume":"30","author":"S Micali","year":"2000","unstructured":"Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253\u20131298 (2000)","journal-title":"SIAM J. Comput."},{"key":"13_CR64","doi-asserted-by":"crossref","unstructured":"Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS), pp. 245\u2013254 (2001)","DOI":"10.1145\/501983.502017"},{"issue":"9","key":"13_CR65","doi-asserted-by":"publisher","first-page":"2139","DOI":"10.1007\/s10623-019-00608-x","volume":"87","author":"G Maxwell","year":"2019","unstructured":"Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Crypt. 87(9), 2139\u20132164 (2019). https:\/\/doi.org\/10.1007\/s10623-019-00608-x","journal-title":"Des. Codes Crypt."},{"key":"13_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-030-12612-4_9","volume-title":"Topics in Cryptology \u2013 CT-RSA 2019","author":"T Mizuide","year":"2019","unstructured":"Mizuide, T., Takayasu, A., Takagi, T.: Tight reductions for Diffie-Hellman variants in the algebraic group model. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 169\u2013188. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12612-4_9"},{"key":"13_CR67","unstructured":"Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009). http:\/\/www.bitcoin.org\/bitcoin.pdf"},{"issue":"2","key":"13_CR68","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/BF00196774","volume":"4","author":"M Naor","year":"1991","unstructured":"Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151\u2013158 (1991). https:\/\/doi.org\/10.1007\/BF00196774","journal-title":"J. Cryptol."},{"key":"13_CR69","doi-asserted-by":"crossref","unstructured":"Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1717\u20131731 (2020)","DOI":"10.1145\/3372297.3417236"},{"key":"13_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-030-84242-0_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"J Nick","year":"2021","unstructured":"Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round Schnorr multi-signatures. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 189\u2013221. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_8"},{"key":"13_CR71","doi-asserted-by":"crossref","unstructured":"Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 33\u201343 (1989)","DOI":"10.1145\/73007.73011"},{"key":"13_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-57332-1_11","volume-title":"Advances in Cryptology \u2014 ASIACRYPT \u201991","author":"K Ohta","year":"1993","unstructured":"Ohta, K., Okamoto, T.: A digital multisignature scheme based on the fiat-Shamir scheme. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 139\u2013148. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57332-1_11"},{"key":"13_CR73","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13, 361\u2013396 (2000)","journal-title":"J. Cryptol."},{"key":"13_CR74","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1007\/978-3-031-30589-4_21","volume-title":"Advances in Cryptology - EUROCRYPT 2023","author":"J Pan","year":"2023","unstructured":"Pan, J., Wagner, B.: Chopsticks: fork-free two-round multi-signatures from non-interactive assumptions. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 597\u2013627. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_21"},{"key":"13_CR75","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1007\/978-3-030-64381-2_13","volume-title":"Theory of Cryptography","author":"L Rotem","year":"2020","unstructured":"Rotem, L., Segev, G.: Algebraic distinguishers: from discrete logarithms to decisional Uber assumptions. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 366\u2013389. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64381-2_13"},{"key":"13_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-540-72540-4_13","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"T Ristenpart","year":"2007","unstructured":"Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228\u2013245. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-72540-4_13"},{"key":"13_CR77","doi-asserted-by":"crossref","unstructured":"Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science, pp. 543\u2013553 (1999)","DOI":"10.1109\/SFFCS.1999.814628"},{"issue":"3","key":"13_CR78","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991). https:\/\/doi.org\/10.1007\/BF00196725","journal-title":"J. Cryptol."},{"key":"13_CR79","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-44647-8_33","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"A De Santis","year":"2001","unstructured":"De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566\u2013598. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_33"},{"key":"13_CR80","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-69053-0_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"V Shoup","year":"1997","unstructured":"Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256\u2013266. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_18"},{"key":"13_CR81","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"334","DOI":"10.1007\/BFb0054137","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"DR Simon","year":"1998","unstructured":"Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334\u2013345. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054137"},{"key":"13_CR82","unstructured":"StarkWare. Account abstraction: improving security and user experience for mainstream crypto adoption (2023). https:\/\/medium.com\/starkware\/account-abstraction-improving-security-and-user-experience-for-mainstream-crypto-adoption-eb57cb09023"},{"key":"13_CR83","unstructured":"Takemure, K., Sakai, Y., Santoso, B., Hanaoka, G., Ohta, K.: More efficient two-round multi-signature scheme with provably secure parameters. Cryptology ePrint Archive, Paper 2023\/155 (2023)"},{"key":"13_CR84","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"628","DOI":"10.1007\/978-3-031-30589-4_22","volume-title":"Advances in Cryptology - EUROCRYPT 2023","author":"S Tessaro","year":"2023","unstructured":"Tessaro, S., Zhu, C.: Threshold and multi-signature schemes from linear hash functions. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14008, pp. 628\u2013658. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_22"},{"key":"13_CR85","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-031-15985-5_11","volume-title":"Advances in Cryptology - CRYPTO 2022","author":"T Xie","year":"2022","unstructured":"Xie, T., Zhang, Y., Song, D.: Orion: zero knowledge proof with linear prover time. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13510, pp. 299\u2013328. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15985-5_11"}],"container-title":["Lecture Notes in Computer Science","Theory of Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78020-2_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T10:03:28Z","timestamp":1732961008000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78020-2_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,30]]},"ISBN":["9783031780196","9783031780202"],"references-count":85,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78020-2_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,11,30]]},"assertion":[{"value":"30 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"TCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Theory of Cryptography Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Milan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"tcc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/tcc.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}