{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T21:17:10Z","timestamp":1768771030378,"version":"3.49.0"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031918223","type":"print"},{"value":"9783031918230","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-91823-0_8","type":"book-chapter","created":{"date-parts":[[2025,5,7]],"date-time":"2025-05-07T04:51:23Z","timestamp":1746593483000},"page":"237-270","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Efficient Verifiable Mixnets from\u00a0Lattices, Revisited"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3582-3368","authenticated-orcid":false,"given":"Jonathan","family":"Bootle","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-5149-264X","authenticated-orcid":false,"given":"Vadim","family":"Lyubashevsky","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3766-2476","authenticated-orcid":false,"given":"Antonio","family":"Merino-Gallardo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,5]]},"reference":[{"key":"8_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-540-48000-6_21","volume-title":"Advances in Cryptology - ASIACRYPT\u201999","author":"M Abe","year":"1999","unstructured":"Abe, M.: Mix-networks on permutation networks. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 258\u2013273. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/978-3-540-48000-6_21"},{"key":"8_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44586-2_23","volume-title":"Public Key Cryptography","author":"M Abe","year":"2001","unstructured":"Abe, M., Hoshino, F.: Remarks on mix-network based on permutation networks. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 317\u2013324. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44586-2_23"},{"key":"8_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-48523-6_1","volume-title":"Automata, Languages and Programming","author":"M Ajtai","year":"1999","unstructured":"Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1\u20139. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48523-6_1"},{"key":"8_CR4","doi-asserted-by":"publisher","unstructured":"Aranha, D.F., Baum, C., Gj\u00f8steen, K., Silde, T.: Verifiable mix-nets and distributed decryption for voting from lattice-based assumptions. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 1467\u20131481. CCS \u201923, Association for Computing Machinery, New York, NY, USA (2023). https:\/\/doi.org\/10.1145\/3576915.3616683","DOI":"10.1145\/3576915.3616683"},{"key":"8_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-030-75539-3_10","volume-title":"Topics in Cryptology \u2013 CT-RSA 2021","author":"DF Aranha","year":"2021","unstructured":"Aranha, D.F., Baum, C., Gj\u00f8steen, K., Silde, T., Tunge, T.: Lattice-based proof of shuffle and applications to electronic voting. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 227\u2013251. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75539-3_10"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1007\/978-3-319-96881-0_23","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"C Baum","year":"2018","unstructured":"Baum, C., Bootle, J., Cerulli, A., del Pino, R., Groth, J., Lyubashevsky, V.: Sub-linear lattice-based zero-knowledge arguments for arithmetic circuits. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 669\u2013699. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_23"},{"key":"8_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/978-3-642-29011-4_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"S Bayer","year":"2012","unstructured":"Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263\u2013280. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_17"},{"key":"8_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-11799-2_13","volume-title":"Theory of Cryptography","author":"R Bendlin","year":"2010","unstructured":"Bendlin, R., Damg\u00e5rd, I.: Threshold decryption and zero-knowledge proofs for lattice-based cryptosystems. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 201\u2013218. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_13"},{"key":"8_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-319-72565-9_12","volume-title":"Selected Areas in Cryptography \u2013 SAC 2017","author":"DJ Bernstein","year":"2018","unstructured":"Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 235\u2013260. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-72565-9_12"},{"key":"8_CR10","doi-asserted-by":"publisher","unstructured":"Beullens, W., Seiler, G.: LaBRADOR: Compact proofs for R1CS from module-SIS. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0V. LNCS, vol. 14085, pp. 518\u2013548. Springer, Cham (Aug 2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_17","DOI":"10.1007\/978-3-031-38554-4_17"},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-319-44618-9_4","volume-title":"Security and Cryptography for Networks","author":"S Biagioni","year":"2016","unstructured":"Biagioni, S., Masny, D., Venturi, D.: Naor-Yung paradigm with shared randomness and applications. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 62\u201380. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-44618-9_4"},{"key":"8_CR12","doi-asserted-by":"publisher","unstructured":"Bos, J., et al.: CRYSTALS - Kyber: A CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 353\u2013367 (2018). https:\/\/doi.org\/10.1109\/EuroSP.2018.00032","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"8_CR13","doi-asserted-by":"publisher","unstructured":"Boudgoust, K., Scholl, P.: Simple threshold (fully homomorphic) encryption from LWE with polynomial modulus. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT\u00a02023, Part\u00a0I. LNCS, vol. 14438, pp. 371\u2013404. Springer, Singapore (Dec 2023). https:\/\/doi.org\/10.1007\/978-981-99-8721-4_12","DOI":"10.1007\/978-981-99-8721-4_12"},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-030-59013-0_17","volume-title":"Computer Security \u2013 ESORICS 2020","author":"X Boyen","year":"2020","unstructured":"Boyen, X., Haines, T., M\u00fcller, J.: A verifiable and practical lattice-based decryption mix net with external auditing. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 336\u2013356. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-59013-0_17"},{"key":"8_CR15","doi-asserted-by":"publisher","unstructured":"Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS 2012, pp. 309\u2013325. ACM (Jan 2012). https:\/\/doi.org\/10.1145\/2090236.2090262","DOI":"10.1145\/2090236.2090262"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1007\/978-3-319-61204-1_28","volume-title":"Applied Cryptography and Network Security","author":"D Chaum","year":"2017","unstructured":"Chaum, D., et al.: cMix: mixing with minimal real-time asymmetric cryptographic operations. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 557\u2013578. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61204-1_28"},{"key":"8_CR17","doi-asserted-by":"publisher","unstructured":"Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84-90 (feb 1981). https:\/\/doi.org\/10.1145\/358549.358563","DOI":"10.1145\/358549.358563"},{"key":"8_CR18","unstructured":"Chowdhury, S., et al.: Efficient threshold FHE with application to real-time systems. Cryptology ePrint Archive, Report 2022\/1625 (2022). https:\/\/eprint.iacr.org\/2022\/1625"},{"key":"8_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-319-70290-2_17","volume-title":"Secure IT Systems","author":"N Costa","year":"2017","unstructured":"Costa, N., Mart\u00ednez, R., Morillo, P.: Proof of a shuffle for lattice-based cryptography. In: Lipmaa, H., Mitrokotsa, A., Matulevi\u010dius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 280\u2013296. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70290-2_17"},{"key":"8_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1007\/978-3-030-43725-1_23","volume-title":"Financial Cryptography and Data Security","author":"N Costa","year":"2020","unstructured":"Costa, N., Mart\u00ednez, R., Morillo, P.: Lattice-based proof of a shuffle. In: Bracciali, A., Clark, J., Pintore, F., R\u00f8nne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 330\u2013346. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-43725-1_23"},{"key":"8_CR21","doi-asserted-by":"publisher","unstructured":"Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003). https:\/\/doi.org\/10.1137\/S0097539702403773","DOI":"10.1137\/S0097539702403773"},{"key":"8_CR22","doi-asserted-by":"publisher","unstructured":"Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type III anonymous remailer protocol. In: 2003 IEEE Symposium on Security and Privacy, pp. 2\u201315. IEEE Computer Society Press (May 2003). https:\/\/doi.org\/10.1109\/SECPRI.2003.1199323","DOI":"10.1109\/SECPRI.2003.1199323"},{"key":"8_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985). https:\/\/doi.org\/10.1007\/3-540-39568-7_2"},{"key":"8_CR24","doi-asserted-by":"publisher","unstructured":"Farzaliyev, V., Willemson, J., Kaasik, J.K.: Improved lattice-based mix-nets for electronic voting. In: Park, J.H., Seo, S.H. (eds.) ICISC 21. LNCS, vol. 13218, pp. 119\u2013136. Springer, Cham (Dec 2021). https:\/\/doi.org\/10.1007\/978-3-031-08896-4_6","DOI":"10.1007\/978-3-031-08896-4_6"},{"key":"8_CR25","doi-asserted-by":"publisher","unstructured":"Furukawa, J.: Efficient and verifiable shuffling and shuffle-decryption. IEICE Trans. 88-A, 172\u2013188 (2005). https:\/\/doi.org\/10.1093\/ietfec\/E88-A.1.172","DOI":"10.1093\/ietfec\/E88-A.1.172"},{"key":"8_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-44647-8_22","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"J Furukawa","year":"2001","unstructured":"Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368\u2013387. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_22"},{"key":"8_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/3-540-36288-6_11","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"J Groth","year":"2003","unstructured":"Groth, J.: A verifiable secret shuffe of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145\u2013160. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36288-6_11"},{"key":"8_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-540-78967-3_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"J Groth","year":"2008","unstructured":"Groth, J., Ishai, Y.: Sub-linear zero-knowledge argument for correctness of a shuffle. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 379\u2013396. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_22"},{"key":"8_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1007\/978-3-540-71677-8_25","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"J Groth","year":"2007","unstructured":"Groth, J., Lu, S.: Verifiable shuffle of large size ciphertexts. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 377\u2013392. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-71677-8_25"},{"key":"8_CR30","doi-asserted-by":"publisher","unstructured":"Haines, T., M\u00fcller, J.: SoK: Techniques for verifiable mix nets. In: Jia, L., K\u00fcsters, R. (eds.) CSF 2020 Computer Security Foundations Symposium, pp. 49\u201364. IEEE Computer Society Press (2020). https:\/\/doi.org\/10.1109\/CSF49147.2020.00012","DOI":"10.1109\/CSF49147.2020.00012"},{"key":"8_CR31","doi-asserted-by":"publisher","unstructured":"Herranz, J., Hofheinz, D., Kiltz, E.: Some (in)sufficient conditions for secure hybrid encryption. Inf. Comput. 208(11), 1243\u20131257 (Nov 2010). https:\/\/doi.org\/10.1016\/j.ic.2010.07.002","DOI":"10.1016\/j.ic.2010.07.002"},{"key":"8_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-662-63958-0_27","volume-title":"Financial Cryptography and Data Security. FC 2021 International Workshops","author":"J Herranz","year":"2021","unstructured":"Herranz, J., Mart\u00ednez, R., S\u00e1nchez, M.: Shorter lattice-based zero-knowledge proofs for the correctness of a shuffle. In: Bernhard, M., Bracciali, A., Gudgeon, L., Haines, T., Klages-Mundt, A., Matsuo, S., Perez, D., Sala, M., Werner, S. (eds.) FC 2021. LNCS, vol. 12676, pp. 315\u2013329. Springer, Heidelberg (2021). https:\/\/doi.org\/10.1007\/978-3-662-63958-0_27"},{"key":"8_CR33","doi-asserted-by":"publisher","unstructured":"van\u00a0den Hooff, J., Lazar, D., Zaharia, M., Zeldovich, N.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: Proceedings of the 25th Symposium on Operating Systems Principles, pp. 137\u2013152. SOSP \u201915, Association for Computing Machinery, New York, NY, USA (2015). https:\/\/doi.org\/10.1145\/2815400.2815417","DOI":"10.1145\/2815400.2815417"},{"key":"8_CR34","doi-asserted-by":"publisher","unstructured":"Hough, P., Sandsbr\u00e5ten, C., Silde, T.: More efficient lattice-based electronic voting from NTRU. IACR Communications in Cryptology 1(4) (2025). https:\/\/doi.org\/10.62056\/a69qudhdj","DOI":"10.62056\/a69qudhdj"},{"key":"8_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/3-540-48892-8_13","volume-title":"Selected Areas in Cryptography","author":"M Jacobson","year":"1999","unstructured":"Jacobson, M., M\u2019Ra\u00efhi, D.: Mix-based electronic payments. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 157\u2013173. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48892-8_13"},{"key":"8_CR36","doi-asserted-by":"publisher","unstructured":"Kwon, A., Corrigan-Gibbs, H., Devadas, S., Ford, B.: Atom: horizontally scaling strong anonymity. In: Proceedings of the 26th Symposium on Operating Systems Principles, pp. 406\u2013422. SOSP \u201917, Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3132747.3132755","DOI":"10.1145\/3132747.3132755"},{"key":"8_CR37","unstructured":"Lyubashevsky, V.: Basic lattice cryptography: The concepts behind kyber (ML-KEM) and dilithium (ML-DSA). Cryptology ePrint Archive, Report 2024\/1287 (2024). https:\/\/eprint.iacr.org\/2024\/1287"},{"key":"8_CR38","doi-asserted-by":"publisher","unstructured":"Lyubashevsky, V., Nguyen, N.K., Plan\u00e7on, M.: Lattice-based zero-knowledge proofs and applications: Shorter, simpler, and more general. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO\u00a02022, Part\u00a0II. LNCS, vol. 13508, pp. 71\u2013101. Springer, Cham (Aug 2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_3","DOI":"10.1007\/978-3-031-15979-4_3"},{"key":"8_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-319-78381-9_8","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"V Lyubashevsky","year":"2018","unstructured":"Lyubashevsky, V., Seiler, G.: Short, invertible elements in partially splitting cyclotomic rings and applications to lattice-based zero-knowledge proofs. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 204\u2013224. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_8"},{"key":"8_CR40","doi-asserted-by":"publisher","unstructured":"Lyubashevsky, V., Seiler, G., Steuer, P.: The LaZer library: Lattice-based zero knowledge and succinct proofs for quantum-safe privacy. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024, pp. 3125\u20133137. ACM Press (Oct 2024). https:\/\/doi.org\/10.1145\/3658644.3690330","DOI":"10.1145\/3658644.3690330"},{"key":"8_CR41","unstructured":"Micciancio, D., Suhl, A.: Simulation-secure threshold PKE from LWE with polynomial modulus. Cryptology ePrint Archive, Paper 2023\/1728 (2023). https:\/\/eprint.iacr.org\/2023\/1728"},{"key":"8_CR42","doi-asserted-by":"publisher","unstructured":"Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427\u2013437. ACM Press (May 1990). https:\/\/doi.org\/10.1145\/100216.100273","DOI":"10.1145\/100216.100273"},{"key":"8_CR43","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology (NIST): Module-lattice-based digital signature standard. Tech. Rep. Federal Information Processing Standards Publications (FIPS PUBS) 204, U.S. Department of Commerce, Washington, D.C. (2024). https:\/\/doi.org\/10.6028\/NIST.FIPS.204","DOI":"10.6028\/NIST.FIPS.204"},{"key":"8_CR44","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology (NIST): Module-lattice-based key-encapsulation mechanism standard. Tech. Rep. Federal Information Processing Standards Publications (FIPS PUBS) 203, U.S. Department of Commerce, Washington, D.C. (2024). https:\/\/doi.org\/10.6028\/NIST.FIPS.203","DOI":"10.6028\/NIST.FIPS.203"},{"key":"8_CR45","doi-asserted-by":"publisher","unstructured":"Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 116\u2013125. ACM Press (Nov 2001). https:\/\/doi.org\/10.1145\/501983.502000","DOI":"10.1145\/501983.502000"},{"key":"8_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/3-540-48285-7_21","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201993","author":"C Park","year":"1994","unstructured":"Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all\/nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248\u2013259. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_21"},{"key":"8_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/3-540-49264-X_32","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201995","author":"K Sako","year":"1995","unstructured":"Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393\u2013403. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-49264-X_32"},{"key":"8_CR48","unstructured":"Sotiraki, K.: Personal communication with Jonathan Bootle (January 2022)"},{"key":"8_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_4"},{"key":"8_CR50","doi-asserted-by":"publisher","unstructured":"Strand, M.: A verifiable shuffle for the GSW cryptosystem. In: Zohar, A., Eyal, I., Teague, V., Clark, J., Bracciali, A., Pintore, F., Sala, M. (eds.) FC 2018. LNCS, vol. 10958, pp. 165\u2013180. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-662-58820-8_12","DOI":"10.1007\/978-3-662-58820-8_12"},{"key":"8_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/978-3-642-12678-9_7","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2010","author":"B Terelius","year":"2010","unstructured":"Terelius, B., Wikstr\u00f6m, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100\u2013113. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-12678-9_7"},{"key":"8_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1007\/978-3-642-02620-1_28","volume-title":"Information Security and Privacy","author":"D Wikstr\u00f6m","year":"2009","unstructured":"Wikstr\u00f6m, D.: A Commitment-Consistent Proof of a Shuffle. In: Boyd, C., Gonz\u00e1lez Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 407\u2013421. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02620-1_28"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-91823-0_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,7]],"date-time":"2025-05-07T04:51:28Z","timestamp":1746593488000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-91823-0_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031918223","9783031918230"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-91823-0_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"5 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Conference on Public-Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"R\u00f8ros","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pkc.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}