{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T01:58:18Z","timestamp":1778291898497,"version":"3.51.4"},"publisher-location":"Cham","reference-count":72,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032019066","type":"print"},{"value":"9783032019073","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01907-3_4","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T22:27:34Z","timestamp":1755383254000},"page":"95-127","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Straight-Line Knowledge Extraction for\u00a0Multi-Round Protocols"],"prefix":"10.1007","author":[{"given":"Lior","family":"Rotem","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefano","family":"Tessaro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Ambainis, A.,\u00a0Rosmanis, A.,\u00a0Unruh, D.: Quantum attacks on classical proof systems: the hardness of quantum rewinding. In: 55th FOCS, pp. 474\u2013483. IEEE Computer Society Press (2014)","DOI":"10.1109\/FOCS.2014.57"},{"key":"4_CR2","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/978-3-030-56877-1_18","volume-title":"CRYPTO 2020, Part III","author":"T Attema","year":"2020","unstructured":"Attema, T., Cramer, R.: Compressed $$\\varSigma $$-protocol theory and practical application to plug & play secure algorithmics. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 513\u2013543. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_18"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-030-84259-8_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"T Attema","year":"2021","unstructured":"Attema, T., Cramer, R., Fehr, S.: Compressing proofs of k-out-of-n partial knowledge. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part IV. LNCS, vol. 12828, pp. 65\u201391. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84259-8_3"},{"key":"4_CR4","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1007\/978-3-030-92068-5_18","volume-title":"ASIACRYPT 2021, Part IV","author":"T Attema","year":"2021","unstructured":"Attema, T., Cramer, R., Rambaud, M.: Compressed $$\\varSigma $$-protocols for bilinear group arithmetic circuits and application to logarithmic transparent threshold signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part IV. LNCS, vol. 13093, pp. 526\u2013556. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92068-5_18"},{"key":"4_CR5","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-031-22318-1_5","volume-title":"TCC 2022, Part I","author":"T Attema","year":"2022","unstructured":"Attema, T., Fehr, S., Kloo\u00df, M.: Fiat-shamir transformation of multi-round interactive proofs. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022, Part I. LNCS, vol. 13747, pp. 113\u2013142. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22318-1_5"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M.,\u00a0Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In:\u00a0Juels, A., Wright, R.N.,\u00a0De Capitani di Vimercati, S. (eds.) ACM CCS 2006, pp. 390\u2013399. ACM Press (2006)","DOI":"10.1145\/1180405.1180453"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93, pp. 62\u201373. ACM Press (1993)","DOI":"10.1145\/168588.168596"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-662-53644-5_2","volume-title":"Theory of Cryptography","author":"E Ben-Sasson","year":"2016","unstructured":"Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 31\u201360. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_2"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Bitansky, N.,\u00a0Canetti, R.,\u00a0Chiesa, A.,\u00a0Tromer, E.: Recursive composition and bootstrapping for SNARKS and proof-carrying data. In:\u00a0Boneh, D.,\u00a0Roughgarden, T.,\u00a0Feigenbaum, J. (eds.) 45th ACM STOC, pp. 111\u2013120. ACM Press (2013)","DOI":"10.1145\/2488608.2488623"},{"key":"4_CR10","unstructured":"Boneh, D.,\u00a0Chen, B.: LatticeFold: a lattice-based folding scheme and its applications to succinct proof systems. Cryptology ePrint Archive, Report 2024\/257 (2024)"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_3"},{"key":"4_CR12","unstructured":"Boneh, D.,\u00a0Shoup, V.: A graduate course in applied cryptography (version 0.6). cryptobook.us (2023)"},{"key":"4_CR13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-662-49896-5_12","volume-title":"EUROCRYPT 2016, Part II","author":"J Bootle","year":"2016","unstructured":"Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 327\u2013357. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_12"},{"key":"4_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1007\/978-3-031-07085-3_15","volume-title":"EUROCRYPT 2022, Part II","author":"J Bootle","year":"2022","unstructured":"Bootle, J., Chiesa, A., Hu, Y., Orr\u00f9, M.: Gemini: elastic SNARKs for diverse environments. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part II. LNCS, vol. 13276, pp. 427\u2013457. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_15"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1007\/978-3-030-84242-0_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"J Bootle","year":"2021","unstructured":"Bootle, J., Chiesa, A., Sotiraki, K.: Sumcheck arguments and their applications. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 742\u2013773. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_26"},{"key":"4_CR16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/978-3-030-56880-1_16","volume-title":"CRYPTO 2020, Part II","author":"J Bootle","year":"2020","unstructured":"Bootle, J., Lyubashevsky, V., Nguyen, N.K., Seiler, G.: A non-PCP approach to succinct quantum-safe zero-knowledge. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part II. LNCS, vol. 12171, pp. 441\u2013469. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1_16"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"B\u00fcnz, B.,\u00a0Bootle, J.,\u00a0Boneh, D.,\u00a0Poelstra, A.,\u00a0Wuille, P.,\u00a0Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315\u2013334. IEEE Computer Society Press (2018)","DOI":"10.1109\/SP.2018.00020"},{"key":"4_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1007\/978-3-030-45721-1_24","volume-title":"EUROCRYPT 2020, Part I","author":"B B\u00fcnz","year":"2020","unstructured":"B\u00fcnz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 677\u2013706. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_24"},{"key":"4_CR19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-030-92078-4_3","volume-title":"ASIACRYPT 2021, Part III","author":"B B\u00fcnz","year":"2021","unstructured":"B\u00fcnz, B., Maller, M., Mishra, P., Tyagi, N., Vesely, P.: Proofs for inner pairing products and applications. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part III. LNCS, vol. 13092, pp. 65\u201397. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_3"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-36362-7_5","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"D Catalano","year":"2013","unstructured":"Catalano, D., Fiore, D.: Vector commitments and their applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 55\u201372. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36362-7_5"},{"key":"4_CR22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-031-30617-4_17","volume-title":"EUROCRYPT 2023, Part II","author":"B Chen","year":"2023","unstructured":"Chen, B., B\u00fcnz, B., Boneh, D., Zhang, Z.: HyperPlonk: plonk with linear-time prover and high-degree custom gates. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part II. LNCS, vol. 14005, pp. 499\u2013530. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30617-4_17"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Chen, M.,\u00a0Dey, P.,\u00a0Ganesh, C.,\u00a0Mukherjee, P.,\u00a0Sarkar, P.,\u00a0Sasmal, S.: Universally composable non-interactive zero-knowledge from sigma protocols via a new straight-line compiler. Cryptology ePrint Archive, Paper 2024\/1713 (2024)","DOI":"10.1007\/978-3-031-91820-9_13"},{"key":"4_CR24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-76581-5_1","volume-title":"PKC 2018, Part II","author":"M-S Chen","year":"2018","unstructured":"Chen, M.-S., H\u00fclsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: SOFIA: $$\\cal{MQ} $$-based signatures in the QROM. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part II. LNCS, vol. 10770, pp. 3\u201333. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76581-5_1"},{"issue":"2","key":"4_CR25","first-page":"11","volume":"1","author":"Y Chen","year":"2024","unstructured":"Chen, Y., Lindell, Y.: Optimizing and implementing fischlin\u2019s transform for uc-secure zero knowledge. IACR Commun. Cryptol. 1(2), 11 (2024)","journal-title":"IACR Commun. Cryptol."},{"key":"4_CR26","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-030-36033-7_1","volume-title":"TCC 2019, Part II","author":"A Chiesa","year":"2019","unstructured":"Chiesa, A., Manohar, P., Spooner, N.: Succinct arguments in the quantum random oracle model. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part II. LNCS, vol. 11892, pp. 1\u201329. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36033-7_1"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"356","DOI":"10.1007\/978-3-319-06734-6_22","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2014","author":"\u00d6 Dagdelen","year":"2014","unstructured":"Dagdelen, \u00d6., Venturi, D.: A second look at Fischlin\u2019s transformation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 356\u2013376. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06734-6_22"},{"key":"4_CR28","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/978-3-030-56877-1_21","volume-title":"CRYPTO 2020, Part III","author":"J Don","year":"2020","unstructured":"Don, J., Fehr, S., Majenz, C.: The measure-and-reprogram technique 2.0: Multi-round fiat-shamir and more. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 602\u2013631. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_21"},{"key":"4_CR29","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"356","DOI":"10.1007\/978-3-030-26951-7_13","volume-title":"CRYPTO 2019, Part II","author":"J Don","year":"2019","unstructured":"Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the Fiat-Shamir transformation in the quantum random-oracle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 356\u2013383. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26951-7_13"},{"key":"4_CR30","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"729","DOI":"10.1007\/978-3-031-15979-4_25","volume-title":"CRYPTO 2022, Part II","author":"J Don","year":"2022","unstructured":"Don, J., Fehr, S., Majenz, C., Schaffner, C.: Efficient NIZKs and signatures from commit-and-open protocols in the QROM. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 729\u2013757. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_25"},{"key":"4_CR31","unstructured":"Feist, D.,\u00a0Khovratovich, D.: Fast amortized KZG proofs. Cryptology ePrint Archive, Paper 2023\/033 (2023)"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 86","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/11535218_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"M Fischlin","year":"2005","unstructured":"Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152\u2013168. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_10"},{"key":"4_CR34","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96881-0_2","volume-title":"CRYPTO 2018, Part II","author":"G Fuchsbauer","year":"2018","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2"},{"key":"4_CR35","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-45724-2_3","volume-title":"EUROCRYPT 2020, Part II","author":"G Fuchsbauer","year":"2020","unstructured":"Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind Schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 63\u201395. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_3"},{"key":"4_CR36","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-031-30617-4_11","volume-title":"EUROCRYPT 2023, Part II","author":"C Ganesh","year":"2023","unstructured":"Ganesh, C., Kondi, Y., Orlandi, C., Pancholi, M., Takahashi, A., Tschudi, D.: Witness-succinct universally-composable SNARKs. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part II. LNCS, vol. 14005, pp. 315\u2013346. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30617-4_11"},{"key":"4_CR37","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1007\/978-3-031-07085-3_14","volume-title":"EUROCRYPT 2022, Part II","author":"C Ganesh","year":"2022","unstructured":"Ganesh, C., Orlandi, C., Pancholi, M., Takahashi, A., Tschudi, D.: Fiat-shamir bulletproofs are non-malleable (in the algebraic group model). In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part II. LNCS, vol. 13276, pp. 397\u2013426. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_14"},{"issue":"1","key":"4_CR38","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/s00145-024-09525-2","volume":"38","author":"C Ganesh","year":"2024","unstructured":"Ganesh, C., Orlandi, C., Pancholi, M., Takahashi, A., Tschudi, D.: Fiat-shamir bulletproofs are non-malleable (in the random oracle model). J. Cryptol. 38(1), 11 (2024)","journal-title":"J. Cryptol."},{"key":"4_CR39","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/3-540-39200-9_11","volume-title":"EUROCRYPT 2003","author":"JA Garay","year":"2003","unstructured":"Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177\u2013194. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_11"},{"key":"4_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-030-84252-9_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"A Ghoshal","year":"2021","unstructured":"Ghoshal, A., Tessaro, S.: Tight state-restoration soundness in the algebraic group model. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 64\u201393. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84252-9_3"},{"key":"4_CR41","unstructured":"Goldreich, O.: The Foundations of Cryptography, Volume 1: Basic Tools. Cambridge University Press, Cambridge (2001)"},{"key":"4_CR42","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-85174-5_2","volume-title":"CRYPTO 2008","author":"D Hofheinz","year":"2008","unstructured":"Hofheinz, D., Kiltz, E.: Programmable hash functions and their applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 21\u201338. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_2"},{"key":"4_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-642-17373-8_11","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"A Kate","year":"2010","unstructured":"Kate, A., Zaverucha, G.M., Goldberg, I.: Constant-size commitments to polynomials and their applications. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 177\u2013194. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_11"},{"key":"4_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1007\/978-3-030-84245-1_20","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"S Katsumata","year":"2021","unstructured":"Katsumata, S.: A new simple technique to bootstrap various lattice zero-knowledge proofs to\u00a0QROM secure NIZKs. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 580\u2013610. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_20"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp 723\u2013732. ACM Press (1992)","DOI":"10.1145\/129712.129782"},{"key":"4_CR46","doi-asserted-by":"publisher","unstructured":"Kondi, Y.,\u00a0Shelat, A.: Improved straight-line extraction in the random oracle model with applications to signature aggregation. In:\u00a0Agrawal, S.,\u00a0Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13792, pp 279\u2013309. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_10","DOI":"10.1007\/978-3-031-22966-4_10"},{"key":"4_CR47","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-031-68403-6_11","volume-title":"CRYPTO 2024, Part X","author":"A Kothapalli","year":"2024","unstructured":"Kothapalli, A., Setty, S.T.V.: HyperNova: recursive arguments for customizable constraint systems. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024, Part X. LNCS, vol. 14929, pp. 345\u2013379. Springer, Cham (2024)"},{"key":"4_CR48","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1007\/978-3-030-26948-7_19","volume-title":"CRYPTO 2019, Part I","author":"RWF Lai","year":"2019","unstructured":"Lai, R.W.F., Malavolta, G.: Subvector commitments with application to succinct arguments. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part I. LNCS, vol. 11692, pp. 530\u2013560. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_19"},{"key":"4_CR49","doi-asserted-by":"crossref","unstructured":"Lai, R.W.F., Malavolta, G., Ronge, V.: Succinct arguments for bilinear group arithmetic: practical structure-preserving cryptography. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2057\u20132074. ACM Press (2019)","DOI":"10.1145\/3319535.3354262"},{"key":"4_CR50","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-031-22318-1_4","volume-title":"TCC 2022, Part I","author":"RWF Lai","year":"2022","unstructured":"Lai, R.W.F., Malavolta, G., Spooner, N.: Quantum rewinding for many-round protocols. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022, Part I. LNCS, vol. 13747, pp. 80\u2013109. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22318-1_4"},{"key":"4_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-642-11799-2_30","volume-title":"Theory of Cryptography","author":"B Libert","year":"2010","unstructured":"Libert, B., Yung, M.: Concise mercurial vector commitments and independent zero-knowledge sets with short proofs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 499\u2013517. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_30"},{"key":"4_CR52","doi-asserted-by":"crossref","unstructured":"Lund, C.,\u00a0Fortnow, L., Karloff, H.J.,\u00a0Nisan, N.: Algebraic methods for interactive proof systems. In: 31st FOCS, pp. 2\u201310. IEEE Computer Society Press (1990)","DOI":"10.1109\/FSCS.1990.89518"},{"key":"4_CR53","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-031-22318-1_8","volume-title":"TCC 2022, Part I","author":"A Lysyanskaya","year":"2022","unstructured":"Lysyanskaya, A., Rosenbloom, L.N.: Universally composable $$\\varSigma $$-protocols in the global random-oracle model. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022, Part I. LNCS, vol. 13747, pp. 203\u2013233. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22318-1_8"},{"key":"4_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11586821_1","volume-title":"Cryptography and Coding","author":"U Maurer","year":"2005","unstructured":"Maurer, U.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1\u201312. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11586821_1"},{"key":"4_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/3-540-48184-2_32","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201987","author":"RC Merkle","year":"1988","unstructured":"Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369\u2013378. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-48184-2_32"},{"key":"4_CR56","doi-asserted-by":"crossref","unstructured":"Micali, S.: CS proofs (extended abstracts). In: 35th FOCS, pp. 436\u2013453. IEEE Computer Society Press (1994)","DOI":"10.1109\/SFCS.1994.365746"},{"key":"4_CR57","doi-asserted-by":"crossref","unstructured":"Naor, M.,\u00a0Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427\u2013437. ACM Press (1990)","DOI":"10.1145\/100216.100273"},{"key":"4_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/978-3-540-45146-4_19","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"R Pass","year":"2003","unstructured":"Pass, R.: On deniability in the common reference string and random oracle model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316\u2013337. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_19"},{"issue":"3","key":"4_CR59","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000)","journal-title":"J. Cryptol."},{"key":"4_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/3-540-46766-1_35","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201991","author":"C Rackoff","year":"1992","unstructured":"Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433\u2013444. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/3-540-46766-1_35"},{"key":"4_CR61","unstructured":"Rotem, L.,\u00a0Tessaro, S.: Straight-line knowledge extraction for multi-round protocols. Cryptology ePrint Archive, Paper 2024\/1724 (2024)"},{"key":"4_CR62","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"704","DOI":"10.1007\/978-3-030-56877-1_25","volume-title":"CRYPTO 2020, Part III","author":"S Setty","year":"2020","unstructured":"Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 704\u2013737. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_25"},{"key":"4_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-69053-0_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"V Shoup","year":"1997","unstructured":"Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256\u2013266. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_18"},{"issue":"2","key":"4_CR64","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/s00145-001-0020-9","volume":"15","author":"V Shoup","year":"2002","unstructured":"Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75\u201396 (2002)","journal-title":"J. Cryptol."},{"key":"4_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-642-29011-4_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Unruh","year":"2012","unstructured":"Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135\u2013152. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_10"},{"key":"4_CR66","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"755","DOI":"10.1007\/978-3-662-46803-6_25","volume-title":"EUROCRYPT 2015, Part II","author":"D Unruh","year":"2015","unstructured":"Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 755\u2013784. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_25"},{"key":"4_CR67","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-662-49896-5_18","volume-title":"EUROCRYPT 2016, Part II","author":"D Unruh","year":"2016","unstructured":"Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 497\u2013527. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_18"},{"key":"4_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-78524-8_1","volume-title":"Theory of Cryptography","author":"P Valiant","year":"2008","unstructured":"Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time\/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1\u201318. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78524-8_1"},{"key":"4_CR69","doi-asserted-by":"crossref","unstructured":"Wahby, R.S.,\u00a0Tzialla, I.,\u00a0Shelat, A.,\u00a0Thaler, J.,\u00a0Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. In: 2018 IEEE Symposium on Security and Privacy, pp. 926\u2013943. IEEE Computer Society Press (2018)","DOI":"10.1109\/SP.2018.00060"},{"key":"4_CR70","unstructured":"Wikstr\u00f6m, D.: Special soundness in the random oracle model. Cryptology ePrint Archive, Report 2021\/1265 (2021)"},{"key":"4_CR71","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1007\/978-3-030-26954-8_24","volume-title":"CRYPTO 2019, Part III","author":"T Xie","year":"2019","unstructured":"Xie, T., Zhang, J., Zhang, Y., Papamanthou, C., Song, D.: Libra: succinct zero-knowledge proofs with optimal prover computation. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 733\u2013764. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26954-8_24"},{"key":"4_CR72","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-030-26951-7_9","volume-title":"CRYPTO 2019, Part II","author":"M Zhandry","year":"2019","unstructured":"Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 239\u2013268. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26951-7_9"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01907-3_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T01:23:45Z","timestamp":1757467425000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01907-3_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019066","9783032019073"],"references-count":72,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01907-3_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}