{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T09:34:04Z","timestamp":1780392844684,"version":"3.54.1"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032019066","type":"print"},{"value":"9783032019073","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01907-3_12","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T22:27:44Z","timestamp":1755383264000},"page":"362-395","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["On Knowledge-Soundness of\u00a0Plonk in\u00a0ROM from\u00a0Falsifiable Assumptions"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8393-6821","authenticated-orcid":false,"given":"Helger","family":"Lipmaa","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2241-801X","authenticated-orcid":false,"given":"Roberto","family":"Parisella","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5824-7215","authenticated-orcid":false,"given":"Janno","family":"Siim","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"12_CR1","doi-asserted-by":"publisher","unstructured":"Attema, T., Fehr, S., Kloo\u00df, M.: Fiat-Shamir transformation of multi-round interactive proofs, pp. 113\u2013142 (2022). https:\/\/doi.org\/10.1007\/978-3-031-22318-1_5","DOI":"10.1007\/978-3-031-22318-1_5"},{"key":"12_CR2","unstructured":"Attema, T., Fehr, S., Kloo\u00df, M., Resch, N.: The Fiat-Shamir transformation of $$(\\varGamma 1,\\dots ,\\varGamma {\\mu })$$-special-sound interactive proofs. Cryptology ePrint Archive, Report 2023\/1945 (2023). https:\/\/eprint.iacr.org\/2023\/1945"},{"key":"12_CR3","doi-asserted-by":"publisher","unstructured":"Bauer, B., Farshim, P., Harasser, P., Kohlweiss, M.: The uber-knowledge assumption: a bridge to the AGM. IACR Commun. Cryptol. (CiC) 1(3), 31 (2024). https:\/\/doi.org\/10.62056\/anr-zoja5","DOI":"10.62056\/anr-zoja5"},{"key":"12_CR4","doi-asserted-by":"publisher","unstructured":"Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast reed-solomon interactive oracle proofs of proximity. In: Chatzigiannakis, I., Kaklamanis, C., Marx, D., Sannella, D. (eds.) ICALP 2018: 45th International Colloquium on Automata, Languages and Programming. Leibniz International Proceedings in Informatics (LIPIcs), vol.\u00a0107, pp. 14:1\u201314:17. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Prague, Czech Republic (2018). https:\/\/doi.org\/10.4230\/LIPIcs.ICALP.2018.14","DOI":"10.4230\/LIPIcs.ICALP.2018.14"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 315\u2013334. IEEE Computer Society Press (2018). https:\/\/doi.org\/10.1109\/SP.2018.00020","DOI":"10.1109\/SP.2018.00020"},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1007\/978-3-030-45721-1_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"B B\u00fcnz","year":"2020","unstructured":"B\u00fcnz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 677\u2013706. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_24"},{"key":"12_CR7","doi-asserted-by":"publisher","unstructured":"Campanelli, M., Faonio, A., Fiore, D., Li, T., Lipmaa, H.: Lookup arguments: improvements, extensions and applications to zero-knowledge decision trees. In: Tang, Q., Teague, V. (eds.) PKC 2024, Part II. LNCS, vol. 14602, pp. 337\u2013369. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-57722-2_11","DOI":"10.1007\/978-3-031-57722-2_11"},{"key":"12_CR8","doi-asserted-by":"publisher","unstructured":"Campanelli, M., Faonio, A., Fiore, D., Querol, A., Rodr\u00edguez, H.: Lunar: a toolbox for more efficient universal and updatable zkSNARKs and commit-and-prove extensions. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part III. LNCS, vol. 13092, pp. 3\u201333. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_1","DOI":"10.1007\/978-3-030-92078-4_1"},{"key":"12_CR9","doi-asserted-by":"publisher","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: 30th Annual ACM Symposium on Theory of Computing, Dallas, TX, USA, pp. 209\u2013218. ACM Press (1998). https:\/\/doi.org\/10.1145\/276698.276741","DOI":"10.1145\/276698.276741"},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-030-45721-1_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Chiesa","year":"2020","unstructured":"Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738\u2013768. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_26"},{"key":"12_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201994","author":"R Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174\u2013187. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48658-5_19"},{"key":"12_CR12","doi-asserted-by":"publisher","unstructured":"Dao, Q., Grubbs, P.: Spartan and bulletproofs are simulation-extractable (for free!). In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part II. LNCS, vol. 14005, pp. 531\u2013562. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30617-4_18","DOI":"10.1007\/978-3-031-30617-4_18"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/3-540-36178-2_6","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2002","author":"AW Dent","year":"2002","unstructured":"Dent, A.W.: Adapting the weaknesses of the random oracle model to the generic group model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 100\u2013109. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-36178-2_6"},{"key":"12_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-540-69407-6_21","volume-title":"Logic and Theory of Algorithms","author":"G Di Crescenzo","year":"2008","unstructured":"Di Crescenzo, G., Lipmaa, H.: Succinct NP proofs from an extractability assumption. In: Beckmann, A., Dimitracopoulos, C., L\u00f6we, B. (eds.) CiE 2008. LNCS, vol. 5028, pp. 175\u2013185. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-69407-6_21"},{"key":"12_CR15","unstructured":"Eagen, L., Fiore, D., Gabizon, A.: CQ: cached quotients for fast lookups. Cryptology ePrint Archive, Report 2022\/1763 (2022). https:\/\/eprint.iacr.org\/2022\/1763"},{"key":"12_CR16","doi-asserted-by":"publisher","unstructured":"Faonio, A., Fiore, D., Russo, L.: Real-world universal zkSNARKs are non-malleable. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024: 31st Conference on Computer and Communications Security, Salt Lake City, UT, USA, pp. 3138\u20133151. ACM Press (2024). https:\/\/doi.org\/10.1145\/3658644.3690351","DOI":"10.1145\/3658644.3690351"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96881-0_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2"},{"key":"12_CR18","unstructured":"Gabizon, A., Williamson, Z.J.: plookup: a simplified polynomial protocol for lookup tables. Cryptology ePrint Archive, Report 2020\/315 (2020). https:\/\/eprint.iacr.org\/2020\/315"},{"key":"12_CR19","unstructured":"Gabizon, A., Williamson, Z.J.: Proposal: The Turbo-PLONK program syntax for specifying SNARK programs (2020). https:\/\/docs.zkproof.org\/pages\/standards\/accepted-workshop3\/proposal-turbo_plonk.pdf"},{"key":"12_CR20","unstructured":"Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019\/953 (2019). https:\/\/eprint.iacr.org\/2019\/953"},{"key":"12_CR21","doi-asserted-by":"publisher","unstructured":"Ganesh, C., Khoshakhlagh, H., Parisella, R.: NIWI and new notions of extraction for algebraic languages. In: Galdi, C., Jarecki, S. (eds.) SCN 2022. LNCS, vol. 13409, pp. 687\u2013710. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-14791-3_30","DOI":"10.1007\/978-3-031-14791-3_30"},{"key":"12_CR22","doi-asserted-by":"publisher","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd Annual ACM Symposium on Theory of Computing, San Jose, CA, USA, pp. 99\u2013108. ACM Press (2011). https:\/\/doi.org\/10.1145\/1993636.1993651","DOI":"10.1145\/1993636.1993651"},{"key":"12_CR23","doi-asserted-by":"publisher","unstructured":"Golovnev, A., Lee, J., Setty, S.T.V., Thaler, J., Wahby, R.S.: Brakedown: linear-time and field-agnostic SNARKs for R1CS. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023, Part II. LNCS, vol. 14082, pp. 193\u2013226. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38545-2_7","DOI":"10.1007\/978-3-031-38545-2_7"},{"key":"12_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"728","DOI":"10.1007\/978-3-030-34618-8_25","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"A Gonz\u00e1lez","year":"2019","unstructured":"Gonz\u00e1lez, A., R\u00e0fols, C.: Shorter pairing-based arguments under standard assumptions. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 728\u2013757. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_25"},{"key":"12_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-642-17373-8_19","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321\u2013340. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_19"},{"key":"12_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-662-49896-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"J Groth","year":"2016","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305\u2013326. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_11"},{"key":"12_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1007\/978-3-319-96878-0_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"J Groth","year":"2018","unstructured":"Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to\u00a0zk-SNARKs. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 698\u2013728. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96878-0_24"},{"key":"12_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-642-03356-8_18","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"T Icart","year":"2009","unstructured":"Icart, T.: How to hash into elliptic curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303\u2013316. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_18"},{"key":"12_CR29","doi-asserted-by":"publisher","unstructured":"Jaeger, J., Mohan, D.I.: Generic and algebraic computation models: When AGM proofs transfer to the GGM. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024, Part V. LNCS, vol. 14924, pp. 14\u201345. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68388-6_2","DOI":"10.1007\/978-3-031-68388-6_2"},{"key":"12_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"539","DOI":"10.1007\/978-3-642-17373-8_31","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"T Jager","year":"2010","unstructured":"Jager, T., Rupp, A.: The semi-generic group model and applications to pairing-based cryptography. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 539\u2013556. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_31"},{"key":"12_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-642-17373-8_11","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"A Kate","year":"2010","unstructured":"Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177\u2013194. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_11"},{"key":"12_CR32","unstructured":"Khovratovich, D., Rothblum, R.D., Soukhanov, L.: How to Prove False Statements: Practical Attacks on Fiat-Shamir. Technical Report 2025\/118, IACR (2025). https:\/\/eprint.iacr.org\/2025\/118"},{"key":"12_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-28914-9_10","volume-title":"Theory of Cryptography","author":"H Lipmaa","year":"2012","unstructured":"Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169\u2013189. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28914-9_10"},{"key":"12_CR34","doi-asserted-by":"publisher","unstructured":"Lipmaa, H.: Polymath: Groth16 is not the limit. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024, Part X. LNCS, vol. 14929, pp. 170\u2013206. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68403-6_6","DOI":"10.1007\/978-3-031-68403-6_6"},{"key":"12_CR35","doi-asserted-by":"publisher","unstructured":"Lipmaa, H., Parisella, R., Siim, J.: Algebraic group model with oblivious sampling. In: Rothblum, G.N., Wee, H. (eds.) TCC 2023, Part IV. LNCS, vol. 14372, pp. 363\u2013392. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-48624-1_14","DOI":"10.1007\/978-3-031-48624-1_14"},{"key":"12_CR36","doi-asserted-by":"publisher","unstructured":"Lipmaa, H., Parisella, R., Siim, J.: Constant-size zk-SNARKs in ROM from falsifiable assumptions. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VI. LNCS, vol. 14656, pp. 34\u201364. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58751-1_2","DOI":"10.1007\/978-3-031-58751-1_2"},{"key":"12_CR37","unstructured":"Lipmaa, H., Parisella, R., Siim, J.: On knowledge-soundness of plonk in ROM from falsifiable assumptions. Cryptology ePrint Archive, Report 2024\/994 (2024). https:\/\/eprint.iacr.org\/2024\/994"},{"key":"12_CR38","doi-asserted-by":"publisher","unstructured":"Lipmaa, H., Siim, J., Zajac, M.: Counting vampires: from univariate sumcheck to updatable ZK-SNARK. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part II. LNCS, vol. 13792, pp. 249\u2013278. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_9","DOI":"10.1007\/978-3-031-22966-4_9"},{"key":"12_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11586821_1","volume-title":"Cryptography and Coding","author":"U Maurer","year":"2005","unstructured":"Maurer, U.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1\u201312. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11586821_1"},{"key":"12_CR40","doi-asserted-by":"publisher","unstructured":"Micali, S.: CS proofs (extended abstracts). In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA, pp. 436\u2013453. IEEE Computer Society Press (1994). https:\/\/doi.org\/10.1109\/SFCS.1994.365746","DOI":"10.1109\/SFCS.1994.365746"},{"key":"12_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-36594-2_13","volume-title":"Theory of Cryptography","author":"C Papamanthou","year":"2013","unstructured":"Papamanthou, C., Shi, E., Tamassia, R.: Signatures of correct computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 222\u2013242. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36594-2_13"},{"key":"12_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"774","DOI":"10.1007\/978-3-030-84242-0_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"C R\u00e0fols","year":"2021","unstructured":"R\u00e0fols, C., Zapico, A.: An algebraic framework for universal and updatable SNARKs. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 774\u2013804. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_27"},{"key":"12_CR43","doi-asserted-by":"publisher","unstructured":"Sefranek, M.: How (not) to simulate PLONK. In: Galdi, C., Phan, D.H. (eds.) SCN 2024, Part I. LNCS, vol. 14973, pp. 96\u2013117. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-71070-4_5","DOI":"10.1007\/978-3-031-71070-4_5"},{"key":"12_CR44","doi-asserted-by":"publisher","unstructured":"Setty, S.T.V., Thaler, J., Wahby, R.S.: Unlocking the lookup singularity with Lasso. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VI. LNCS, vol. 14656, pp. 180\u2013209. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58751-1_7","DOI":"10.1007\/978-3-031-58751-1_7"},{"key":"12_CR45","doi-asserted-by":"publisher","unstructured":"Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 256\u2013266. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_18","DOI":"10.1007\/3-540-69053-0_18"},{"key":"12_CR46","doi-asserted-by":"publisher","unstructured":"Zhandry, M.: To label, or not to label (in generic groups). In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part III. LNCS, vol. 13509, pp. 66\u201396. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15982-4_3","DOI":"10.1007\/978-3-031-15982-4_3"},{"key":"12_CR47","doi-asserted-by":"publisher","unstructured":"Zhang, C., Zhou, H.S., Katz, J.: An analysis of the algebraic group model. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part IV. LNCS, vol. 13794, pp. 310\u2013322. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22972-5_11","DOI":"10.1007\/978-3-031-22972-5_11"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01907-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T22:27:46Z","timestamp":1755383266000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01907-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019066","9783032019073"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01907-3_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}