{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T23:45:20Z","timestamp":1776296720291,"version":"3.50.1"},"publisher-location":"Cham","reference-count":89,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031786785","type":"print"},{"value":"9783031786792","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78679-2_9","type":"book-chapter","created":{"date-parts":[[2025,2,15]],"date-time":"2025-02-15T09:29:24Z","timestamp":1739611764000},"page":"160-187","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["SoK: Signatures with Randomizable Keys"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3333-7764","authenticated-orcid":false,"given":"Sof\u00eda","family":"Celi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6016-5163","authenticated-orcid":false,"given":"Scott","family":"Griffy","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1941-693X","authenticated-orcid":false,"given":"Lucjan","family":"Hanzlik","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3377-9802","authenticated-orcid":false,"given":"Octavio","family":"Perez-Kempner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4181-2561","authenticated-orcid":false,"given":"Daniel","family":"Slamanig","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,2,16]]},"reference":[{"key":"9_CR1","unstructured":"Abdolmaleki, B., Glaeser, N., Ramacher, S., Slamanig, D.: Universally composable NIZKs: circuit-succinct, non-malleable and CRS-updatable. Cryptology ePrint Archive, Report 2023\/097 (2023). https:\/\/eprint.iacr.org\/2023\/097"},{"key":"9_CR2","doi-asserted-by":"publisher","unstructured":"Abdolmaleki, B., Ramacher, S., Slamanig, D.: Lift-and-shift: obtaining simulation extractable subversion and updatable SNARKs generically. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1987\u20132005. ACM Press, November 2020. https:\/\/doi.org\/10.1145\/3372297.3417228","DOI":"10.1145\/3372297.3417228"},{"key":"9_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1007\/978-3-662-44371-2_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"M Abe","year":"2014","unstructured":"Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Structure-preserving signatures from type II pairings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 390\u2013407. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_22"},{"key":"9_CR4","doi-asserted-by":"publisher","unstructured":"Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., Shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC\u00a02012. LNCS, vol.\u00a07194, pp. 1\u201320. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28914-9_1","DOI":"10.1007\/978-3-642-28914-9_1"},{"key":"9_CR5","doi-asserted-by":"publisher","unstructured":"Alkeilani Alkadri, N., et al.: Deterministic wallets in a quantum world. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1017\u20131031. ACM Press, November 2020. https:\/\/doi.org\/10.1145\/3372297.3423361","DOI":"10.1145\/3372297.3423361"},{"key":"9_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-642-34961-4_23","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"N Attrapadung","year":"2012","unstructured":"Attrapadung, N., Libert, B., Peters, T.: Computing on authenticated data: new privacy definitions and constructions. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 367\u2013385. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_23"},{"key":"9_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-030-03329-3_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"M Backes","year":"2018","unstructured":"Backes, M., Hanzlik, L., Kluczniak, K., Schneider, J.: Signatures with Flexible public key: introducing equivalence classes for public keys. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 405\u2013434. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_14"},{"key":"9_CR8","doi-asserted-by":"publisher","unstructured":"Backes, M., Hanzlik, L., Schneider-Bensch, J.: Membership privacy for fully dynamic group signatures. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2181\u20132198. ACM Press, November 2019. https:\/\/doi.org\/10.1145\/3319535.3354257","DOI":"10.1145\/3319535.3354257"},{"key":"9_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"486","DOI":"10.1007\/978-3-642-25385-0_26","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"M Bellare","year":"2011","unstructured":"Bellare, M., Cash, D., Miller, R.: Cryptography secure against related-key attacks and tampering. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 486\u2013503. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_26"},{"key":"9_CR10","doi-asserted-by":"publisher","unstructured":"Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 431\u2013448. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_28","DOI":"10.1007\/3-540-48405-1_28"},{"key":"9_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/978-3-642-34961-4_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"M Bellare","year":"2012","unstructured":"Bellare, M., Paterson, K.G., Thomson, S.: RKA security beyond the linear barrier: IBE, encryption and signatures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 331\u2013348. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_21"},{"key":"9_CR12","doi-asserted-by":"publisher","unstructured":"Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. J. Cryptol. 22(1), 114\u2013138 (2009). https:\/\/doi.org\/10.1007\/s00145-007-9011-9","DOI":"10.1007\/s00145-007-9011-9"},{"key":"9_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-642-38980-1_33","volume-title":"Applied Cryptography and Network Security","author":"D Bernhard","year":"2013","unstructured":"Bernhard, D., Fuchsbauer, G., Ghadafi, E.: Efficient signatures of knowledge and DAA in the standard model. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 518\u2013533. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38980-1_33"},{"key":"9_CR14","doi-asserted-by":"publisher","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptographic Eng. 2(2), 77\u201389 (2012). https:\/\/doi.org\/10.1007\/s13389-012-0027-1","DOI":"10.1007\/s13389-012-0027-1"},{"key":"9_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-030-92548-2_9","volume-title":"Cryptology and Network Security","author":"J Bobolz","year":"2021","unstructured":"Bobolz, J., Eidens, F., Krenn, S., Ramacher, S., Samelin, K.: Issuer-hiding attribute-based credentials. In: Conti, M., Stevens, M., Krenn, S. (eds.) CANS 2021. LNCS, vol. 13099, pp. 158\u2013178. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92548-2_9"},{"key":"9_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-24676-3_4","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"D Boneh","year":"2004","unstructured":"Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56\u201373. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24676-3_4"},{"key":"9_CR17","doi-asserted-by":"publisher","unstructured":"Boneh, D., Freeman, D., Katz, J., Waters, B.: Signing a linear subspace: signature schemes for network coding. In: Jarecki, S., Tsudik, G. (eds.) PKC\u00a02009. LNCS, vol.\u00a05443, pp. 68\u201387. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00468-1_5","DOI":"10.1007\/978-3-642-00468-1_5"},{"key":"9_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/978-3-642-20465-4_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Freeman, D.M.: Homomorphic signatures for polynomial functions. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 149\u2013168. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_10"},{"key":"9_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1007\/978-3-642-55220-5_30","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"D Boneh","year":"2014","unstructured":"Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533\u2013556. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_30"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-642-40041-4_23","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D Boneh","year":"2013","unstructured":"Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410\u2013428. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_23"},{"key":"9_CR21","doi-asserted-by":"publisher","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004). https:\/\/doi.org\/10.1007\/s00145-004-0314-9","DOI":"10.1007\/s00145-004-0314-9"},{"key":"9_CR22","doi-asserted-by":"publisher","unstructured":"Bowe, S., Chiesa, A., Green, M., Miers, I., Mishra, P., Wu, H.: ZEXE: enabling decentralized private computation. In: 2020 IEEE Symposium on Security and Privacy, pp. 947\u2013964. IEEE Computer Society Press, May 2020. https:\/\/doi.org\/10.1109\/SP40000.2020.00050","DOI":"10.1109\/SP40000.2020.00050"},{"key":"9_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-13708-2_6","volume-title":"Applied Cryptography and Network Security","author":"C Brzuska","year":"2010","unstructured":"Brzuska, C., et al.: Redactable signatures for tree-structured data: definitions and constructions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 87\u2013104. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13708-2_6"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/978-3-642-00468-1_18","volume-title":"Public Key Cryptography \u2013 PKC 2009","author":"C Brzuska","year":"2009","unstructured":"Brzuska, C., et al.: Security of sanitizable signatures revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317\u2013336. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00468-1_18"},{"key":"9_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-642-13013-7_26","volume-title":"Public Key Cryptography \u2013 PKC 2010","author":"C Brzuska","year":"2010","unstructured":"Brzuska, C., Fischlin, M., Lehmann, A., Schr\u00f6der, D.: Unlinkability of sanitizable signatures. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 444\u2013461. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13013-7_26"},{"key":"9_CR26","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol.\u00a02576, pp. 268\u2013289. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36413-7_20","DOI":"10.1007\/3-540-36413-7_20"},{"key":"9_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-28628-8_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"J Camenisch","year":"2004","unstructured":"Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56\u201372. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_4"},{"key":"9_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-662-44371-2_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"D Catalano","year":"2014","unstructured":"Catalano, D., Fiore, D., Warinschi, B.: Homomorphic signatures with efficient verification for polynomial functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 371\u2013389. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_21"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Celi, S., Davidson, A., Valdez, S., Wood, C.: Privacy pass issuance protocol (2023). https:\/\/datatracker.ietf.org\/doc\/draft-ietf-privacypass-protocol\/","DOI":"10.17487\/RFC9578"},{"key":"9_CR30","unstructured":"Celi, S., Griffy, S., Hanzlik, L., Kempner, O.P., Slamanig, D.: SoK: signatures with randomizable keys. Cryptology ePrint Archive, Paper 2023\/1524 (2023). https:\/\/eprint.iacr.org\/2023\/1524"},{"key":"9_CR31","doi-asserted-by":"publisher","unstructured":"Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Malleable signatures: new definitions and delegatable anonymous credentials. In: Datta, A., Fournet, C. (eds.) CSF 2014 Computer Security Foundations Symposium, pp. 199\u2013213. IEEE Computer Society Press (2014). https:\/\/doi.org\/10.1109\/CSF.2014.22","DOI":"10.1109\/CSF.2014.22"},{"key":"9_CR32","unstructured":"Chator, A., Green, M., Tiwari, P.R.: SoK: privacy-preserving signatures. IACR Cryptol. ePrint Arch., p.\u00a01039 (2023). https:\/\/eprint.iacr.org\/2023\/1039"},{"key":"9_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1007\/978-3-030-75245-3_25","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"V Cini","year":"2021","unstructured":"Cini, V., Ramacher, S., Slamanig, D., Striecks, C., Tairi, E.: Updatable signatures and message authentication codes. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 691\u2013723. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75245-3_25"},{"key":"9_CR34","doi-asserted-by":"publisher","unstructured":"Connolly, A., Deschamps, J., Lafourcade, P., Perez\u00a0Kempner, O.: Protego: efficient, revocable and auditable anonymous credentials with applications to hyperledger fabric. In: Progress in Cryptology - INDOCRYPT 2022: 23rd International Conference on Cryptology in India, Kolkata, India, 11\u201314 December 2022, Proceedings, pp. 249\u2013271. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-22912-1_11","DOI":"10.1007\/978-3-031-22912-1_11"},{"key":"9_CR35","doi-asserted-by":"publisher","unstructured":"Connolly, A., Lafourcade, P., Perez-Kempner, O.: Improved constructions of anonymous credentials from structure-preserving signatures on equivalence classes. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC\u00a02022, Part\u00a0I. LNCS, vol. 13177, pp. 409\u2013438. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-030-97121-2_15","DOI":"10.1007\/978-3-030-97121-2_15"},{"key":"9_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-030-12612-4_27","volume-title":"Topics in Cryptology \u2013 CT-RSA 2019","author":"EC Crites","year":"2019","unstructured":"Crites, E.C., Lysyanskaya, A.: Delegatable anonymous credentials from mercurial signatures. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 535\u2013555. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12612-4_27"},{"key":"9_CR37","doi-asserted-by":"publisher","unstructured":"Crites, E.C., Lysyanskaya, A.: Mercurial signatures for variable-length messages. PoPETs 2021(4), 441\u2013463 (2021). https:\/\/doi.org\/10.2478\/popets-2021-0079","DOI":"10.2478\/popets-2021-0079"},{"key":"9_CR38","unstructured":"Das, P., Erwig, A., Faust, S., Loss, J., Riahi, S.: BIP32-compatible threshold wallets. Cryptology ePrint Archive, Report 2023\/312 (2023). https:\/\/eprint.iacr.org\/2023\/312"},{"key":"9_CR39","unstructured":"Das, P., Erwig, A., Meyer, M., Struck, P.: Efficient post-quantum secure deterministic threshold wallets from isogenies. Cryptology ePrint Archive, Paper 2023\/1915 (2023). https:\/\/eprint.iacr.org\/2023\/1915"},{"key":"9_CR40","doi-asserted-by":"publisher","unstructured":"Das, P., Faust, S., Loss, J.: A formal treatment of deterministic wallets. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 651\u2013668. ACM Press, November 2019. https:\/\/doi.org\/10.1145\/3319535.3354236","DOI":"10.1145\/3319535.3354236"},{"key":"9_CR41","doi-asserted-by":"publisher","unstructured":"Davidson, A., Goldberg, I., Sullivan, N., Tankersley, G., Valsorda, F.: Privacy pass: bypassing internet challenges anonymously. PoPETs 2018(3), 164\u2013180 (2018). https:\/\/doi.org\/10.1515\/popets-2018-0026","DOI":"10.1515\/popets-2018-0026"},{"key":"9_CR42","doi-asserted-by":"crossref","unstructured":"Davidson, A., Iyengar, J., Wood, C.: The privacy pass architecture (2023). https:\/\/datatracker.ietf.org\/doc\/draft-ietf-privacypass-architecture\/","DOI":"10.17487\/RFC9576"},{"key":"9_CR43","unstructured":"Demirel, D., Derler, D., Hanser, C., P\u00f6hls, H., Slamanig, D., Traverso, G.: PRISMACLOUD D4.4: overview of functional and malleable signature schemes (2015)"},{"key":"9_CR44","unstructured":"Derler, D., Slamanig, D.: Key-homomorphic signatures and applications to multiparty signatures. Cryptology ePrint Archive, Report 2016\/792 (2016). https:\/\/eprint.iacr.org\/2016\/792"},{"key":"9_CR45","doi-asserted-by":"publisher","unstructured":"Derler, D., Slamanig, D.: Key-homomorphic signatures: definitions and applications to multiparty signatures and non-interactive zero-knowledge. Des. Codes Cryptography 87(6), 1373\u20131413 (2019). https:\/\/doi.org\/10.1007\/s10623-018-0535-9","DOI":"10.1007\/s10623-018-0535-9"},{"key":"9_CR46","doi-asserted-by":"publisher","unstructured":"Dowling, B., Hauck, E., Riepel, D., R\u00f6sler, P.: Strongly anonymous ratcheted key exchange. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13793, pp. 119\u2013150. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_5","DOI":"10.1007\/978-3-031-22969-5_5"},{"key":"9_CR47","unstructured":"Eaton, E., Lepoint, T., Wood, C.A.: Security analysis of signature schemes with key blinding. Cryptology ePrint Archive, Paper 2023\/380 (2023). https:\/\/eprint.iacr.org\/2023\/380"},{"key":"9_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-030-88238-9_4","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2021","author":"E Eaton","year":"2021","unstructured":"Eaton, E., Stebila, D., Stracovsky, R.: Post-quantum key-blinding for authentication in anonymity networks. In: Longa, P., R\u00e0fols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 67\u201387. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-88238-9_4"},{"key":"9_CR49","doi-asserted-by":"publisher","unstructured":"Erwig, A., Riahi, S.: Deterministic wallets for adaptor signatures. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS\u00a02022, Part\u00a0II. LNCS, vol. 13555, pp. 487\u2013506. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-17146-8_24","DOI":"10.1007\/978-3-031-17146-8_24"},{"key":"9_CR50","doi-asserted-by":"publisher","unstructured":"Ferreira, L., Dahab, R.: Optimistic blinded-key signatures. In: IEEE First Symposium on Multi-Agent Security and Survivability, pp. 65\u201372 (2004). https:\/\/doi.org\/10.1109\/MASSUR.2004.1368419","DOI":"10.1109\/MASSUR.2004.1368419"},{"key":"9_CR51","doi-asserted-by":"publisher","unstructured":"Ferreira, L.C., Dahab, R.: Blinded-key signatures: securing private keys embedded in mobile agents. In: Proceedings of the 2002 ACM Symposium on Applied Computing, SAC 2002, pp. 82\u201386. Association for Computing Machinery, New York, NY, USA (2002). https:\/\/doi.org\/10.1145\/508791.508808","DOI":"10.1145\/508791.508808"},{"key":"9_CR52","doi-asserted-by":"publisher","unstructured":"Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schr\u00f6der, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.M., Chung, K.M., Persiano, G., Yang, B.Y. (eds.) PKC\u00a02016, Part\u00a0I. LNCS, vol.\u00a09614, pp. 301\u2013330. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49384-7_12","DOI":"10.1007\/978-3-662-49384-7_12"},{"key":"9_CR53","doi-asserted-by":"publisher","unstructured":"Frymann, N., Gardham, D., Kiefer, F., Lundberg, E., Manulis, M., Nilsson, D.: Asynchronous remote key generation: an analysis of Yubico\u2019s proposal for W3C WebAuthn. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 939\u2013954. ACM Press, November 2020. https:\/\/doi.org\/10.1145\/3372297.3417292","DOI":"10.1145\/3372297.3417292"},{"key":"9_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1007\/978-3-642-20465-4_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"G Fuchsbauer","year":"2011","unstructured":"Fuchsbauer, G.: Commuting signatures and verifiable encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 224\u2013245. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_14"},{"key":"9_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-48000-7_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"G Fuchsbauer","year":"2015","unstructured":"Fuchsbauer, G., Hanser, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 233\u2013253. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_12"},{"key":"9_CR56","doi-asserted-by":"publisher","unstructured":"Fuchsbauer, G., Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and constant-size anonymous credentials. J. Cryptol. 32(2), 498\u2013546 (2019). https:\/\/doi.org\/10.1007\/s00145-018-9281-4","DOI":"10.1007\/s00145-018-9281-4"},{"key":"9_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-319-29485-8_18","volume-title":"Topics in Cryptology \u2013 CT-RSA 2016","author":"E Ghadafi","year":"2016","unstructured":"Ghadafi, E.: Short structure-preserving signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 305\u2013321. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29485-8_18"},{"key":"9_CR58","doi-asserted-by":"publisher","unstructured":"Goh, E.J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptol. 20(4), 493\u2013514 (2007). https:\/\/doi.org\/10.1007\/s00145-007-0549-3","DOI":"10.1007\/s00145-007-0549-3"},{"key":"9_CR59","doi-asserted-by":"publisher","unstructured":"Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Servedio, R.A., Rubinfeld, R. (eds.) 47th ACM STOC, pp. 469\u2013477. ACM Press, June 2015. https:\/\/doi.org\/10.1145\/2746539.2746576","DOI":"10.1145\/2746539.2746576"},{"key":"9_CR60","unstructured":"Griffy, S., Lysyanskaya, A.: PACIFIC: privacy-preserving automated contact tracing scheme featuring integrity against cloning. Cryptology ePrint Archive, Report 2023\/371 (2023). https:\/\/eprint.iacr.org\/2023\/371"},{"key":"9_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1007\/978-3-319-96878-0_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"J Groth","year":"2018","unstructured":"Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to\u00a0zk-SNARKs. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 698\u2013728. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96878-0_24"},{"key":"9_CR62","doi-asserted-by":"publisher","unstructured":"Guillou, L.C., Quisquater, J.J.: A \u201cparadoxical\u201d indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol.\u00a0403, pp. 216\u2013231. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_16","DOI":"10.1007\/0-387-34799-2_16"},{"key":"9_CR63","doi-asserted-by":"crossref","unstructured":"Haber, S., et al.: Efficient signature schemes supporting redaction, pseudonymization, and data deidentification. In: Abe, M., Gligor, V. (eds.) ASIACCS 2008, pp. 353\u2013362. ACM Press, March 2008","DOI":"10.1145\/1368310.1368362"},{"key":"9_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/978-3-662-45611-8_26","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"C Hanser","year":"2014","unstructured":"Hanser, C., Slamanig, D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 491\u2013511. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_26"},{"key":"9_CR65","doi-asserted-by":"publisher","unstructured":"Hanzlik, L., Slamanig, D.: With a little help from my friends: constructing practical anonymous credentials. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 2004\u20132023. ACM Press, November 2021. https:\/\/doi.org\/10.1145\/3460120.3484582","DOI":"10.1145\/3460120.3484582"},{"key":"9_CR66","unstructured":"Hendrickson, S., Iyengar, J., Pauly, T., Valdez, S., Wood, C.: Rate-limited token issuance protocol (2023). https:\/\/datatracker.ietf.org\/doc\/draft-ietf-privacypass-rate-limit-tokens\/02\/"},{"key":"9_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-85174-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"D Hofheinz","year":"2008","unstructured":"Hofheinz, D., Kiltz, E.: Programmable hash functions and their applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 21\u201338. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_2"},{"key":"9_CR68","doi-asserted-by":"publisher","unstructured":"Hofheinz, D., Kiltz, E.: Programmable hash functions and their applications. J. Cryptol. 25(3), 484\u2013527 (2012). https:\/\/doi.org\/10.1007\/s00145-011-9102-5","DOI":"10.1007\/s00145-011-9102-5"},{"key":"9_CR69","unstructured":"Hopper, N.: Proving security of tor\u2019s hidden service identity blinding protocol (2013). https:\/\/www-users.cse.umn.edu\/~hoppernj\/basic-proof.pdf"},{"key":"9_CR70","unstructured":"Hu, M.: Post-quantum secure deterministic wallet: stateless, hot\/cold setting, and more secure. Cryptology ePrint Archive, Report 2023\/062 (2023). https:\/\/eprint.iacr.org\/2023\/062"},{"key":"9_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96884-1_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"J Jaeger","year":"2018","unstructured":"Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_2"},{"key":"9_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/3-540-45760-7_17","volume-title":"Topics in Cryptology \u2014 CT-RSA 2002","author":"R Johnson","year":"2002","unstructured":"Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244\u2013262. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45760-7_17"},{"key":"9_CR73","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-17653-2_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: Efficient ratcheting: almost-optimal guarantees for secure messaging. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 159\u2013188. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_6"},{"key":"9_CR74","doi-asserted-by":"publisher","unstructured":"Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM CCS 2003, pp. 155\u2013164. ACM Press, October 2003. https:\/\/doi.org\/10.1145\/948109.948132","DOI":"10.1145\/948109.948132"},{"key":"9_CR75","doi-asserted-by":"publisher","unstructured":"Khalili, M., Slamanig, D., Dakhilalian, M.: Structure-preserving signatures on equivalence classes from standard assumptions. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT\u00a02019, Part\u00a0III. LNCS, vol. 11923, pp. 63\u201393. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_3","DOI":"10.1007\/978-3-030-34618-8_3"},{"key":"9_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-662-53008-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"E Kiltz","year":"2016","unstructured":"Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 33\u201361. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_2"},{"key":"9_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/978-3-662-48000-7_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"E Kiltz","year":"2015","unstructured":"Kiltz, E., Pan, J., Wee, H.: Structure-preserving signatures from standard assumptions, revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 275\u2013295. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_14"},{"key":"9_CR78","doi-asserted-by":"publisher","unstructured":"Kloo\u00df, M., Lehmann, A., Rupp, A.: (R)CCA secure updatable encryption with integrity protection. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT\u00a02019, Part\u00a0I. LNCS, vol. 11476, pp. 68\u201399. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_3","DOI":"10.1007\/978-3-030-17653-2_3"},{"key":"9_CR79","doi-asserted-by":"publisher","unstructured":"Lehmann, A., Tackmann, B.: Updatable encryption with post-compromise security. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT\u00a02018, Part\u00a0III. LNCS, vol. 10822, pp. 685\u2013716. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_22","DOI":"10.1007\/978-3-319-78372-7_22"},{"key":"9_CR80","doi-asserted-by":"crossref","unstructured":"Mir, O., Bauer, B., Griffy, S., Lysyanskaya, A., Slamanig, D.: Aggregate signatures with versatile randomization and issuer-hiding multi-authority anonymous credentials. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) ACM CCS 2023, pp. 30\u201344. ACM (2023)","DOI":"10.1145\/3576915.3623203"},{"key":"9_CR81","doi-asserted-by":"publisher","unstructured":"Morita, H., Schuldt, J.C.N., Matsuda, T., Hanaoka, G., Iwata, T.: On the security of the Schnorr signature scheme and DSA against related-key attacks. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol.\u00a09558, pp. 20\u201335. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-319-30840-1_2","DOI":"10.1007\/978-3-319-30840-1_2"},{"key":"9_CR82","doi-asserted-by":"publisher","unstructured":"Park, S., Sealfon, A.: It wasn\u2019t me! - Repudiability and claimability of ring signatures. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO\u00a02019, Part\u00a0III. LNCS, vol. 11694, pp. 159\u2013190. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-26954-8_6","DOI":"10.1007\/978-3-030-26954-8_6"},{"key":"9_CR83","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-319-29485-8_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2016","author":"D Pointcheval","year":"2016","unstructured":"Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111\u2013126. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29485-8_7"},{"key":"9_CR84","doi-asserted-by":"crossref","unstructured":"Pu, S., Thyagarajan, S.A.K., D\u00f6ttling, N., Hanzlik, L.: Post quantum fuzzy stealth signatures and applications. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) ACM SIGSAC CCS 2023, pp. 371\u2013385. ACM (2023)","DOI":"10.1145\/3576915.3623148"},{"key":"9_CR85","doi-asserted-by":"publisher","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 239\u2013252. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_22","DOI":"10.1007\/0-387-34805-0_22"},{"key":"9_CR86","doi-asserted-by":"publisher","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991). https:\/\/doi.org\/10.1007\/BF00196725","DOI":"10.1007\/BF00196725"},{"key":"9_CR87","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/3-540-45861-1_22","volume-title":"Information Security and Cryptology \u2014 ICISC 2001","author":"R Steinfeld","year":"2002","unstructured":"Steinfeld, R., Bull, L., Zheng, Y.: Content extraction signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285\u2013304. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45861-1_22"},{"key":"9_CR88","unstructured":"The Tor\u00a0Project, I.: Tor rendezvous specification - version 3 (2023). https:\/\/gitweb.torproject.org\/torspec.git\/tree\/rend-spec-v3.txt"},{"key":"9_CR89","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/11426639_7","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"B Waters","year":"2005","unstructured":"Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114\u2013127. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_7"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78679-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,15]],"date-time":"2025-02-15T09:29:45Z","timestamp":1739611785000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78679-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031786785","9783031786792"],"references-count":89,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78679-2_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 February 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Financial Cryptography and Data Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Willemstad","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cura\u00e7ao","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 March 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/fc24.ifca.ai\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}