{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T18:48:02Z","timestamp":1770230882559,"version":"3.49.0"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031786785","type":"print"},{"value":"9783031786792","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78679-2_10","type":"book-chapter","created":{"date-parts":[[2025,2,15]],"date-time":"2025-02-15T09:29:50Z","timestamp":1739611790000},"page":"188-205","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Subset-Optimized BLS Multi-signature with\u00a0Key Aggregation"],"prefix":"10.1007","author":[{"given":"Foteini","family":"Baldimtsi","sequence":"first","affiliation":[]},{"given":"Konstantinos Kryptos","family":"Chalkias","sequence":"additional","affiliation":[]},{"given":"Fran\u00e7ois","family":"Garillot","sequence":"additional","affiliation":[]},{"given":"Jonas","family":"Lindstr\u00f8m","sequence":"additional","affiliation":[]},{"given":"Ben","family":"Riva","sequence":"additional","affiliation":[]},{"given":"Arnab","family":"Roy","sequence":"additional","affiliation":[]},{"given":"Mahdi","family":"Sedaghat","sequence":"additional","affiliation":[]},{"given":"Alberto","family":"Sonnino","sequence":"additional","affiliation":[]},{"given":"Pun","family":"Waiwitlikhit","sequence":"additional","affiliation":[]},{"given":"Joy","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,2,16]]},"reference":[{"key":"10_CR1","doi-asserted-by":"publisher","unstructured":"Bagherzandi, A., Cheon, J.H., Jarecki, S.: Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008: 15th Conference on Computer and Communications Security, pp. 449\u2013458. ACM Press, Alexandria, Virginia, USA (2008). https:\/\/doi.org\/10.1145\/1455770.1455827","DOI":"10.1145\/1455770.1455827"},{"key":"10_CR2","unstructured":"Baldimtsi, F., et al.: Subset-optimized BLS multi-signature with key aggregation. Cryptology ePrint Archive, Paper 2023\/498 (2023). https:\/\/eprint.iacr.org\/2023\/498"},{"key":"10_CR3","doi-asserted-by":"publisher","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 2006: 13th Conference on Computer and Communications Security, pp. 390\u2013399. ACM Press, Alexandria, Virginia, USA (2006). https:\/\/doi.org\/10.1145\/1180405.1180453","DOI":"10.1145\/1180405.1180453"},{"key":"10_CR4","unstructured":"bheisler: cargo-criterion. https:\/\/github.com\/bheisler\/cargo-criterion (2022)"},{"key":"10_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-36288-6_3","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"A Boldyreva","year":"2003","unstructured":"Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31\u201346. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_3"},{"key":"10_CR6","doi-asserted-by":"publisher","unstructured":"Boldyreva, A., Gentry, C., O\u2019Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) ACM CCS 2007: 14th Conference on Computer and Communications Security, pp. 276\u2013285. ACM Press, Alexandria, Virginia, USA (2007). https:\/\/doi.org\/10.1145\/1315245.1315280","DOI":"10.1145\/1315245.1315280"},{"key":"10_CR7","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Bls multi-signatures with public-key aggregation. https:\/\/crypto.stanford.edu\/~dabo\/pubs\/papers\/BLSmultisig.html (2018)"},{"key":"10_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-030-03329-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Boneh","year":"2018","unstructured":"Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for Smaller Blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_15"},{"key":"10_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"514","DOI":"10.1007\/3-540-45682-1_30","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"D Boneh","year":"2001","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514\u2013532. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_30"},{"key":"10_CR10","first-page":"25","volume-title":"Advances in Cryptology - CRYPTO\u201983","author":"EF Brickell","year":"1983","unstructured":"Brickell, E.F.: Solving low density Knapsacks. In: Chaum, D. (ed.) Advances in Cryptology - CRYPTO\u201983, pp. 25\u201337. Plenum Press, New York, USA, Santa Barbara, CA, USA (1983)"},{"key":"10_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-46416-6_4","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201991","author":"MJ Coster","year":"1991","unstructured":"Coster, M.J., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.P.: An improved low-density subset sum algorithm. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 54\u201367. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46416-6_4"},{"key":"10_CR12","doi-asserted-by":"publisher","unstructured":"Crites, E.C., Kohlweiss, M., Preneel, B., Sedaghat, M., Slamanig, D.: Threshold structure-preserving signatures. In: Guo, J., Steinfeld, R. (eds.) Advances in Cryptology - ASIACRYPT 2023 - 29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, December 4-8, 2023, Proceedings, Part II. Lecture Notes in Computer Science, vol. 14439, pp. 348\u2013382. Springer (2023). https:\/\/doi.org\/10.1007\/978-981-99-8724-5_11, https:\/\/doi.org\/10.1007\/978-981-99-8724-5_11","DOI":"10.1007\/978-981-99-8724-5_11"},{"key":"10_CR13","unstructured":"Crites, E.C., Komlo, C., Maller, M.: How to prove schnorr assuming schnorr: Security of multi- and threshold signatures. IACR Cryptol. ePrint Arch. 1375 (2021). https:\/\/eprint.iacr.org\/2021\/1375"},{"key":"10_CR14","doi-asserted-by":"publisher","unstructured":"Deirmentzoglou, E., Papakyriakopoulos, G., Patsakis, C.: A survey on long-range attacks for proof of stake protocols. IEEE Access 7, 28712\u201328725 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2901858, https:\/\/doi.org\/10.1109\/ACCESS.2019.2901858","DOI":"10.1109\/ACCESS.2019.2901858"},{"key":"10_CR15","unstructured":"Drake, J.: Pragmatic signature aggregation with BLS - Sharding (2018). https:\/\/ethresear.ch\/t\/pragmatic-signature-aggregation-with-bls\/2105"},{"key":"10_CR16","doi-asserted-by":"publisher","unstructured":"Drijvers, M., et al.: On the security of two-round multi-signatures. In: 2019 IEEE Symposium on Security and Privacy, pp. 1084\u20131101. IEEE Computer Society Press, San Francisco, CA, USA (2019). https:\/\/doi.org\/10.1109\/SP.2019.00050","DOI":"10.1109\/SP.2019.00050"},{"key":"10_CR17","unstructured":"Edginton, B.: Upgrading Ethereum. https:\/\/eth2book.info\/bellatrix\/"},{"key":"10_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-319-48965-0_9","volume-title":"Cryptology and Network Security","author":"R El Bansarkhani","year":"2016","unstructured":"El Bansarkhani, R., Sturm, J.: An efficient lattice-based multisignature scheme with applications to bitcoins. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 140\u2013155. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48965-0_9"},{"key":"10_CR19","unstructured":"Ethereum Core developers: Ethereum Proof-of-Stake Consensus Specifications. https:\/\/github.com\/ethereum\/consensus-specs"},{"issue":"2","key":"10_CR20","doi-asserted-by":"publisher","first-page":"536","DOI":"10.1137\/0215038","volume":"15","author":"AM Frieze","year":"1986","unstructured":"Frieze, A.M.: On the lagarias-odlyzko algorithm for the subset sum problem. SIAM J. Comput. 15(2), 536\u2013539 (1986)","journal-title":"SIAM J. Comput."},{"key":"10_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96881-0_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2"},{"key":"10_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-030-62576-4_3","volume-title":"Provable and Practical Security","author":"M Fukumitsu","year":"2020","unstructured":"Fukumitsu, M., Hasegawa, S.: A lattice-based provably secure multisignature scheme in quantum random oracle model. In: Nguyen, K., Wu, W., Lam, K.Y., Wang, H. (eds.) ProvSec 2020. LNCS, vol. 12505, pp. 45\u201364. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-62576-4_3"},{"key":"10_CR23","unstructured":"Groth, J.: Non-interactive distributed key generation and key resharing (2021). https:\/\/eprint.iacr.org\/2021\/339, report Number: 339"},{"key":"10_CR24","doi-asserted-by":"publisher","unstructured":"Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptology 9(4), 199\u2013216 (1996). https:\/\/doi.org\/10.1007\/BF00189260","DOI":"10.1007\/BF00189260"},{"key":"10_CR25","unstructured":"Itakura, K.: A public-key cryptosystem suitable for digital multisignatures (1983)"},{"issue":"1","key":"10_CR26","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1145\/2455.2461","volume":"32","author":"JC Lagarias","year":"1985","unstructured":"Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. J. ACM (JACM) 32(1), 229\u2013246 (1985)","journal-title":"J. ACM (JACM)"},{"key":"10_CR27","unstructured":"Lindell, Y.: Simple three-round multiparty schnorr signing with full simulatability. IACR Cryptol. ePrint Arch. 374 (2022). https:\/\/eprint.iacr.org\/2022\/374"},{"key":"10_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/11761679_28","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"S Lu","year":"2006","unstructured":"Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465\u2013485. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_28"},{"key":"10_CR29","unstructured":"Lyubashevsky, V.: On random high density subset sums. Electron. Colloquium Comput. Complex. TR05 (2005)"},{"key":"10_CR30","doi-asserted-by":"publisher","unstructured":"Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001: 8th Conference on Computer and Communications Security, pp. 245\u2013254. ACM Press, Philadelphia, PA, USA (2001). https:\/\/doi.org\/10.1145\/501983.502017","DOI":"10.1145\/501983.502017"},{"key":"10_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-030-84242-0_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"J Nick","year":"2021","unstructured":"Nick, J., Ruffing, T., Seurin, Y.: MuSig2: simple two-round schnorr multi-signatures. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 189\u2013221. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_8"},{"key":"10_CR32","doi-asserted-by":"publisher","unstructured":"Nick, J., Ruffing, T., Seurin, Y., Wuille, P.: MuSig-DN: Schnorr multi-signatures with verifiably deterministic nonces. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020: 27th Conference on Computer and Communications Security, pp. 1717\u20131731. ACM Press, Virtual Event, USA (2020). https:\/\/doi.org\/10.1145\/3372297.3417236","DOI":"10.1145\/3372297.3417236"},{"key":"10_CR33","unstructured":"Nicolosi, A., Krohn, M.N., Dodis, Y., Mazi\u00e8res, D.: Proactive two-party signatures for user authentication. In: ISOC Network and Distributed System Security Symposium \u2013 NDSS\u00a02003. The Internet Society, San Diego, CA, USA (2003)"},{"key":"10_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-57332-1_11","volume-title":"Advances in Cryptology \u2014 ASIACRYPT \u201991","author":"K Ohta","year":"1993","unstructured":"Ohta, K., Okamoto, T.: A digital multisignature scheme based on the Fiat-Shamir scheme. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 139\u2013148. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57332-1_11"},{"key":"10_CR35","doi-asserted-by":"publisher","unstructured":"Pan, J., Wagner, B.: Chopsticks: Fork-free two-round multi-signatures from non-interactive assumptions. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23-27, 2023, Proceedings, Part V. Lecture Notes in Computer Science, vol. 14008, pp. 597\u2013627. Springer (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_21, https:\/\/doi.org\/10.1007\/978-3-031-30589-4_21","DOI":"10.1007\/978-3-031-30589-4_21"},{"key":"10_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-540-72540-4_13","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"T Ristenpart","year":"2007","unstructured":"Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228\u2013245. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-72540-4_13"},{"key":"10_CR37","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology \u2013 CRYPTO\u2019 89 Proceedings","author":"CP Schnorr","year":"1990","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) Advances in Cryptology \u2013 CRYPTO\u2019 89 Proceedings, pp. 239\u2013252. Springer, New York, New York, NY (1990)"},{"key":"10_CR38","unstructured":"Supranational: blst. https:\/\/github.com\/supranational\/blst (2022)"},{"key":"10_CR39","doi-asserted-by":"publisher","unstructured":"Tessaro, S., Zhu, C.: Threshold and multi-signature schemes from linear hash functions. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23-27, 2023, Proceedings, Part V. Lecture Notes in Computer Science, vol. 14008, pp. 628\u2013658. Springer (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_22, https:\/\/doi.org\/10.1007\/978-3-031-30589-4_22","DOI":"10.1007\/978-3-031-30589-4_22"},{"key":"10_CR40","doi-asserted-by":"publisher","unstructured":"Vesely, P., Gurkan, K., Straka, M., Gabizon, A., Jovanovic, P., Konstantopoulos, G., Oines, A., Olszewski, M., Tromer, E.: Plumo: An Ultralight Blockchain Client. In: Financial Cryptography and Data Security: 26th International Conference, FC 2022, Grenada, May 2\u20136, 2022, Revised Selected Papers, pp. 597\u2013614. Springer-Verlag, Berlin, Heidelberg (May 2022). https:\/\/doi.org\/10.1007\/978-3-031-18283-9_30, https:\/\/doi.org\/10.1007\/978-3-031-18283-9_30","DOI":"10.1007\/978-3-031-18283-9_30"},{"key":"10_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_19"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78679-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,15]],"date-time":"2025-02-15T09:29:56Z","timestamp":1739611796000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78679-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031786785","9783031786792"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78679-2_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 February 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Financial Cryptography and Data Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Willemstad","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cura\u00e7ao","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 March 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/fc24.ifca.ai\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}