{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:56:05Z","timestamp":1781567765898,"version":"3.54.5"},"publisher-location":"Cham","reference-count":95,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032195661","type":"print"},{"value":"9783032195678","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-19567-8_1","type":"book-chapter","created":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:41:09Z","timestamp":1781566869000},"page":"3-25","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SoK: Anonymous Credentials for\u00a0Digital Identity Wallets"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-2237-4337","authenticated-orcid":false,"given":"Christian","family":"Bormann","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2872-7899","authenticated-orcid":false,"given":"Anja","family":"Lehmann","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"1_CR1","doi-asserted-by":"publisher","unstructured":"Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: Lightweight sublinear arguments without a trusted setup. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 2087\u20132104. ACM Press (2017). https:\/\/doi.org\/10.1145\/3133956.3134104","DOI":"10.1145\/3133956.3134104"},{"key":"1_CR2","unstructured":"Amrein, P.: https:\/\/github.com\/UbiqueInnovation\/zkattest-rs (2025)"},{"key":"1_CR3","doi-asserted-by":"publisher","unstructured":"Aranha, D.F., Fotiadis, G., Guillevic, A.: A short-list of pairing-friendly curves resistant to the special TNFS algorithm at the 192-bit security level. CiC 1(3), 3 (2024). https:\/\/doi.org\/10.62056\/angyl86bm","DOI":"10.62056\/angyl86bm"},{"key":"1_CR4","doi-asserted-by":"publisher","unstructured":"Argo, S., G\u00fcneysu, T., Jeudy, C., Land, G., Roux-Langlois, A., Sanders, O.: Practical post-quantum signatures for privacy. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024, pp. 1523\u20131537. ACM Press (Oct 2024). https:\/\/doi.org\/10.1145\/3658644.3670297","DOI":"10.1145\/3658644.3670297"},{"key":"1_CR5","doi-asserted-by":"publisher","unstructured":"Arun, A., Setty, S.T.V., Thaler, J.: Jolt: SNARKs for virtual machines via lookups. In: Joye, M., Leander, G. (eds.) EUROCRYPT\u00a02024, Part\u00a0VI. LNCS, vol. 14656, pp. 3\u201333. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58751-1_1","DOI":"10.1007\/978-3-031-58751-1_1"},{"key":"1_CR6","doi-asserted-by":"publisher","unstructured":"Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 06. LNCS, vol.\u00a04116, pp. 111\u2013125. Springer, Berlin, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11832072_8","DOI":"10.1007\/11832072_8"},{"key":"1_CR7","unstructured":"Bailey, B., Miller, A.: Formalizing soundness proofs of SNARKs. Cryptology ePrint Archive, Report 2023\/656 (2023). https:\/\/eprint.iacr.org\/2023\/656"},{"key":"1_CR8","doi-asserted-by":"publisher","unstructured":"Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 1087\u20131098. ACM Press (2013). https:\/\/doi.org\/10.1145\/2508859.2516687","DOI":"10.1145\/2508859.2516687"},{"key":"1_CR9","doi-asserted-by":"publisher","unstructured":"Barki, A., Brunet, S., Desmoulins, N., Traor\u00e9, J.: Improved algebraic MACs and practical keyed-verification anonymous credentials. In: Avanzi, R., Heys, H.M. (eds.) SAC 2016. LNCS, vol. 10532, pp. 360\u2013380. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-69453-5_20","DOI":"10.1007\/978-3-319-69453-5_20"},{"key":"1_CR10","unstructured":"Baum, et al.: Cryptographers\u2019 feedback on the eu digital identity\u2019s ARF (2024). https:\/\/github.com\/eu-digital-identity-wallet\/eudi-doc-architecture-and-reference-framework\/issues\/200"},{"key":"1_CR11","doi-asserted-by":"publisher","unstructured":"Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast reed-solomon interactive oracle proofs of proximity. In: Chatzigiannakis, I., Kaklamanis, C., Marx, D., Sannella, D. (eds.) ICALP 2018. LIPIcs, vol.\u00a0107, pp. 14:1\u201314:17. Schloss Dagstuhl (2018). https:\/\/doi.org\/10.4230\/LIPIcs.ICALP.2018.14","DOI":"10.4230\/LIPIcs.ICALP.2018.14"},{"key":"1_CR12","doi-asserted-by":"publisher","unstructured":"Beullens, W., Seiler, G.: LaBRADOR: Compact proofs for R1CS from module-SIS. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0V. LNCS, vol. 14085, pp. 518\u2013548. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_17","DOI":"10.1007\/978-3-031-38554-4_17"},{"key":"1_CR13","unstructured":"Bichsel, P., et\u00a0al.: D2. 2 architecture for attribute-based credential technologies-final version. ABC4TRUST project deliverable (2014)"},{"key":"1_CR14","doi-asserted-by":"publisher","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Goldwasser, S. (ed.) ITCS 2012, pp. 326\u2013349. ACM (2012). https:\/\/doi.org\/10.1145\/2090236.2090263","DOI":"10.1145\/2090236.2090263"},{"key":"1_CR15","doi-asserted-by":"publisher","unstructured":"Block, A.R., Tiwari, P.R.: On the concrete security of non-interactive FRI. In: Galdi, C., Phan, D.H. (eds.) SCN 24, Part\u00a0I. LNCS, vol. 14973, pp. 275\u2013296. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-71070-4_13","DOI":"10.1007\/978-3-031-71070-4_13"},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Bobolz, J., Eidens, F., Krenn, S., Ramacher, S., Samelin, K.: Issuer-hiding attribute-based credentials. In: Conti, M., Stevens, M., Krenn, S. (eds.) CANS 21. LNCS, vol. 13099, pp. 158\u2013178. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92548-2_9","DOI":"10.1007\/978-3-030-92548-2_9"},{"key":"1_CR17","doi-asserted-by":"publisher","unstructured":"Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO\u00a02004. LNCS, vol.\u00a03152, pp. 41\u201355. Springer, Berlin, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_3","DOI":"10.1007\/978-3-540-28628-8_3"},{"issue":"4","key":"1_CR18","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004). https:\/\/doi.org\/10.1007\/s00145-004-0314-9","journal-title":"J. Cryptol."},{"key":"1_CR19","doi-asserted-by":"publisher","unstructured":"Bootle, J., Lyubashevsky, V., Nguyen, N.K., Sorniotti, A.: A framework for practical anonymous credentials from lattices. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0II. LNCS, vol. 14082, pp. 384\u2013417. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38545-2_13","DOI":"10.1007\/978-3-031-38545-2_13"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Brickell, E., Li, J.: Enhanced privacy id from bilinear pairing for hardware authentication and attestation. In: IEEE International Conference on Social Computing (2010)","DOI":"10.1109\/SocialCom.2010.118"},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Brickell, E., Li, J.: A pairing-based daa scheme further reducing tpm resources. In: International Conference on Trust and Trustworthy Computing (2010), pp. 181\u2013195. Springer, Cham (2010)","DOI":"10.1007\/978-3-642-13869-0_12"},{"key":"1_CR22","doi-asserted-by":"publisher","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315\u2013334. IEEE Computer Society Press (2018). https:\/\/doi.org\/10.1109\/SP.2018.00020","DOI":"10.1109\/SP.2018.00020"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. Cryptology ePrint Archive, Report 2016\/663 (2016). https:\/\/eprint.iacr.org\/2016\/663","DOI":"10.1007\/978-3-319-45572-3_1"},{"key":"1_CR24","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.M., Chung, K.M., Persiano, G., Yang, B.Y. (eds.) PKC\u00a02016, Part\u00a0II. LNCS, vol.\u00a09615, pp. 234\u2013264. Springer, Berlin (2016). https:\/\/doi.org\/10.1007\/978-3-662-49387-8_10","DOI":"10.1007\/978-3-662-49387-8_10"},{"key":"1_CR25","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A., Neven, G., Towa, P.: Short threshold dynamic group signatures. In: Galdi, C., Kolesnikov, V. (eds.) SCN 20. LNCS, vol. 12238, pp. 401\u2013423. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57990-6_20","DOI":"10.1007\/978-3-030-57990-6_20"},{"key":"1_CR26","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.\u00d8.: Formal treatment of privacy-enhancing credential systems. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol.\u00a09566, pp. 3\u201324. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-31301-6_1","DOI":"10.1007\/978-3-319-31301-6_1"},{"key":"1_CR27","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT\u00a02001. LNCS, vol.\u00a02045, pp. 93\u2013118. Springer, Cham (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_7","DOI":"10.1007\/3-540-44987-6_7"},{"key":"1_CR28","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO\u00a02004. LNCS, vol.\u00a03152, pp. 56\u201372. Springer, Cham (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_4","DOI":"10.1007\/978-3-540-28628-8_4"},{"key":"1_CR29","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO\u00a02003. LNCS, vol.\u00a02729, pp. 126\u2013144. Springer, Cham (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_8","DOI":"10.1007\/978-3-540-45146-4_8"},{"key":"1_CR30","doi-asserted-by":"publisher","unstructured":"Celi, S., Levin, S., Rowell, J.: CDLS: Proving knowledge of committed discrete logarithms with soundness. In: Vaudenay, S., Petit, C. (eds.) AFRICACRYPT 24. LNCS, vol. 14861, pp. 69\u201393. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-64381-1_4","DOI":"10.1007\/978-3-031-64381-1_4"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Chairattana-Apirom, R., Harding, F., Lysyanskaya, A., Tessaro, S.: Server-aided anonymous credentials. Cryptology ePrint Archive, Report 2025\/513 (2025). https:\/\/eprint.iacr.org\/2025\/513","DOI":"10.1007\/978-3-032-01887-8_10"},{"key":"1_CR32","unstructured":"Chaliasos, S., Ernstberger, J., Theodore, D., Wong, D., Jahanara, M., Livshits, B.: SoK: What don\u2019t we know? Understanding security vulnerabilities in SNARKs. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/chaliasos"},{"key":"1_CR33","doi-asserted-by":"publisher","unstructured":"Chase, M., Meiklejohn, S., Zaverucha, G.: Algebraic MACs and keyed-verification anonymous credentials. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 1205\u20131216. ACM Press (2014). https:\/\/doi.org\/10.1145\/2660267.2660328","DOI":"10.1145\/2660267.2660328"},{"key":"1_CR34","doi-asserted-by":"publisher","unstructured":"Chase, M., Perrin, T., Zaverucha, G.: The Signal private group system and anonymous credentials supporting efficient verifiable encryption. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1445\u20131459. ACM Press (2020). https:\/\/doi.org\/10.1145\/3372297.3417887","DOI":"10.1145\/3372297.3417887"},{"key":"1_CR35","unstructured":"Ciobotaru, O., Peter, M., Velichkov, V.: The last challenge attack: exploiting a vulnerable implementation of the fiat-shamir transform in a KZG-based SNARK. Cryptology ePrint Archive, Report 2024\/398 (2024). https:\/\/eprint.iacr.org\/2024\/398"},{"key":"1_CR36","unstructured":"cloudflare.com: The dnssec root signing ceremony (2025). https:\/\/www.cloudflare.com\/en-gb\/learning\/dns\/dnssec\/root-signing-ceremony\/"},{"key":"1_CR37","unstructured":"Coglio, A., McCarthy, E., Smith, E., Chin, C., Gaddamadugu, P., Dellepere, M.: Compositional formal verification of zero-knowledge circuits. Cryptology ePrint Archive, Report 2023\/1278 (2023). https:\/\/eprint.iacr.org\/2023\/1278"},{"key":"1_CR38","doi-asserted-by":"publisher","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y. (ed.) CRYPTO\u201994. LNCS, vol.\u00a0839, pp. 174\u2013187. Springer, Cham (1994). https:\/\/doi.org\/10.1007\/3-540-48658-5_19","DOI":"10.1007\/3-540-48658-5_19"},{"key":"1_CR39","doi-asserted-by":"publisher","unstructured":"Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Parno, B.: Cinderella: Turning shabby X.509 certificates into elegant anonymous credentials with the magic of verifiable computation. In: 2016 IEEE Symposium on Security and Privacy, pp. 235\u2013254. IEEE Computer Society Press (2016). https:\/\/doi.org\/10.1109\/SP.2016.22","DOI":"10.1109\/SP.2016.22"},{"key":"1_CR40","unstructured":"Desmoulins, N., Dumanois, A., Kane, S., Traor\u00e9, J.: Making BBS anonymous credentials eIDAS 2.0 compliant (2025)"},{"key":"1_CR41","unstructured":"DG Connect: The european digital identity wallet architecture and reference framework (2025). Retrieved January, https:\/\/github.com\/eu-digital-identity-wallet\/eudi-doc-architecture-and-reference-framework"},{"key":"1_CR42","unstructured":"Doyle, J., Ilunga, M.: Google longfellow security assessment. https:\/\/github.com\/google\/longfellow-zk\/blob\/main\/docs\/static\/reviews\/Longfellow_report_2025_08_18.pdf"},{"key":"1_CR43","doi-asserted-by":"publisher","unstructured":"Dubois, A., Kloo\u00df, M., Lai, R.W.F., Woo, I.K.Y.: Lattice-based proof-friendly signatures from vanishing short integer solutions. In: Jager, T., Pan, J. (eds.) PKC\u00a02025, Part\u00a0I. LNCS, vol. 15674, pp. 452\u2013486. Springer, Cham (2025). https:\/\/doi.org\/10.1007\/978-3-031-91820-9_15","DOI":"10.1007\/978-3-031-91820-9_15"},{"key":"1_CR44","unstructured":"European Commission (2024). https:\/\/commission.europa.eu\/strategy-and-policy\/priorities-2019-2024\/europe-fit-digital-age\/european-digital-identity_en"},{"key":"1_CR45","unstructured":"European Commission: Regulation on electronic identification and trust services for electronic transactions (2024). https:\/\/eur-lex.europa.eu\/eli\/reg\/2024\/1183\/oj\/eng"},{"key":"1_CR46","doi-asserted-by":"publisher","unstructured":"Faz-Hern\u00e1ndez, A., Ladd, W., Maram, D.: ZKAttest: Ring and group signatures for existing ECDSA keys. In: AlTawy, R., H\u00fclsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 68\u201383. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-99277-4_4","DOI":"10.1007\/978-3-030-99277-4_4"},{"key":"1_CR47","doi-asserted-by":"publisher","unstructured":"Faz-Hernandez, A., Scott, S., Sullivan, N., Wahby, R.S., Wood, C.A.: Hashing to Elliptic Curves. Request for Comments RFC 9380, Internet Engineering Task Force (2023). https:\/\/doi.org\/10.17487\/RFC9380","DOI":"10.17487\/RFC9380"},{"key":"1_CR48","unstructured":"Friedrichs, K., Harding, F., Lehmann, A., Lysyanskaya, A.: Device-bound anonymous credentials with(out) trusted hardware. Cryptology ePrint Archive, Report 2025\/1995 (2025). https:\/\/eprint.iacr.org\/2025\/1995"},{"key":"1_CR49","unstructured":"Frigo, M., shelat, a.: Anonymous credentials from ECDSA. Cryptology ePrint Archive, Report 2024\/2010 (2024). https:\/\/eprint.iacr.org\/2024\/2010"},{"key":"1_CR50","doi-asserted-by":"publisher","unstructured":"Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO\u00a02018, Part\u00a0II. LNCS, vol. 10992, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_2","DOI":"10.1007\/978-3-319-96881-0_2"},{"key":"1_CR51","unstructured":"Gabizon, A., Williamson, Z.J., Ciobotaru, O.: PLONK: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive, Report 2019\/953 (2019). https:\/\/eprint.iacr.org\/2019\/953"},{"key":"1_CR52","unstructured":"Goldberg, L., Papini, S., Riabzev, M.: Cairo \u2013 a Turing-complete STARK-friendly CPU architecture. Cryptology ePrint Archive, Report 2021\/1063 (2021). https:\/\/eprint.iacr.org\/2021\/1063"},{"key":"1_CR53","doi-asserted-by":"publisher","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.S. (eds.) EUROCRYPT\u00a02016, Part\u00a0II. LNCS, vol.\u00a09666, pp. 305\u2013326. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_11","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"1_CR54","unstructured":"Hesse, J., Singh, N., Sorniotti, A.: How to bind anonymous credentials to humans. In: Calandrino, J.A., Troncoso, C. (eds.) USENIX Security 2023. pp. 3047\u20133064. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/hesse"},{"key":"1_CR55","unstructured":"ISO: Iso 20008-2:2013: Information technology - security techniques - anonymous digital signatures - part 2: Mechanisms using a group public key. Standard, International Organization for Standardization, Geneva, CH (2013)"},{"key":"1_CR56","unstructured":"ISO: Iso\/iec 24843: Information security - attribute-based credentials. Working draft, International Organization for Standardization, Geneva, CH (2025)"},{"key":"1_CR57","unstructured":"Kadianakis, G., Maller, M., Novakovic, A.: Sigmabus: binding sigmas in circuits for fast curve operations. Cryptology ePrint Archive, Report 2023\/1406 (2023). https:\/\/eprint.iacr.org\/2023\/1406"},{"key":"1_CR58","doi-asserted-by":"publisher","unstructured":"Kakvi, S., Martin, K., Putman, C., Quaglia, E.: Sok: Anonymous credentials. In: SSR 2023. https:\/\/doi.org\/10.1007\/978-3-031-30731-7","DOI":"10.1007\/978-3-031-30731-7"},{"key":"1_CR59","unstructured":"Kalos, V., Bernstein, G.: Blind bbs signatures. Internet Draft draft-irtf-cfrg-bbs-blind-signatures-01, Internet Research Task Force (2025)"},{"key":"1_CR60","unstructured":"Kalos, V., Bernstein, G.M.: Bbs per verifier linkability. Internet Draft draft-irtf-cfrg-bbs-per-verifier-linkability-01, Internet Research Task Force (2025)"},{"key":"1_CR61","doi-asserted-by":"crossref","unstructured":"Khovratovich, D., Rothblum, R.D., Soukhanov, L.: How to prove false statements: Practical attacks on fiat-shamir. Cryptology ePrint Archive, Report 2025\/118 (2025). https:\/\/eprint.iacr.org\/2025\/118","DOI":"10.1007\/978-3-032-01887-8_1"},{"key":"1_CR62","unstructured":"Liang, J., Hu, D., Wu, P., Yang, Y., Shen, Q., Wu, Z.: SoK: Understanding zk-SNARKs: The gap between research and practice. Cryptology ePrint Archive, Report 2025\/172 (2025). https:\/\/eprint.iacr.org\/2025\/172"},{"key":"1_CR63","unstructured":"Looker, T., Kalos, V., Whitehead, A., Lodder, M.: The BBS Signature Scheme. Internet Draft draft-irtf-cfrg-bbs-signatures-09, Internet Research Task Force (2025)"},{"key":"1_CR64","doi-asserted-by":"publisher","unstructured":"Lyubashevsky, V., Nguyen, N.K., Plan\u00e7on, M.: Lattice-based zero-knowledge proofs and applications: Shorter, simpler, and more general. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO\u00a02022, Part\u00a0II. LNCS, vol. 13508, pp. 71\u2013101. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_3","DOI":"10.1007\/978-3-031-15979-4_3"},{"key":"1_CR65","doi-asserted-by":"publisher","unstructured":"Lyubashevsky, V., Seiler, G., Steuer, P.: The LaZer library: Lattice-based zero knowledge and succinct proofs for quantum-safe privacy. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024, pp. 3125\u20133137. ACM Press (2024). https:\/\/doi.org\/10.1145\/3658644.3690330","DOI":"10.1145\/3658644.3690330"},{"key":"1_CR66","doi-asserted-by":"publisher","unstructured":"Mir, O., Bauer, B., Griffy, S., Lysyanskaya, A., Slamanig, D.: Aggregate signatures with versatile randomization and issuer-hiding multi-authority anonymous credentials. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) ACM CCS 2023, pp. 30\u201344. ACM Press (2023). https:\/\/doi.org\/10.1145\/3576915.3623203","DOI":"10.1145\/3576915.3623203"},{"key":"1_CR67","doi-asserted-by":"publisher","unstructured":"Moody, D., Peralta, R., Perlner, R., Regenscheid, A., Roginsky, A., Chen, L.: Report on Pairing-based Cryptography. J. Res. Nat. Inst. Stan. Technol. 120, 11\u201327 (2015). https:\/\/doi.org\/10.6028\/jres.120.002","DOI":"10.6028\/jres.120.002"},{"key":"1_CR68","doi-asserted-by":"crossref","unstructured":"Moody, D., Perlner, R., Regenscheid, A., Robinson, A., Cooper, D.: Nist ir 8547: Transition to post-quantum cryptography standards (2024)","DOI":"10.6028\/NIST.IR.8547.ipd"},{"key":"1_CR69","doi-asserted-by":"publisher","unstructured":"Naor, M.: On cryptographic assumptions and challenges (invited talk). In: Boneh, D. (ed.) CRYPTO\u00a02003. LNCS, vol.\u00a02729, pp. 96\u2013109. Springer, Cham (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_6","DOI":"10.1007\/978-3-540-45146-4_6"},{"key":"1_CR70","doi-asserted-by":"publisher","unstructured":"Nikolaenko, V., Ragsdale, S., Bonneau, J., Boneh, D.: Powers-of-tau to the people: decentralizing setup ceremonies. In: P\u00f6pper, C., Batina, L. (eds.) ACNS 2024, Part\u00a0III. LNCS, vol. 14585, pp. 105\u2013134. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-54776-8_5","DOI":"10.1007\/978-3-031-54776-8_5"},{"key":"1_CR71","unstructured":"Orr\u00f9, M.: Revisiting keyed-verification anonymous credentials. Cryptology ePrint Archive, Report 2024\/1552 (2024). https:\/\/eprint.iacr.org\/2024\/1552"},{"key":"1_CR72","doi-asserted-by":"crossref","unstructured":"Orr\u00f9, M., Kadianakis, G., Maller, M., Zaverucha, G.: Beyond the circuit: how to minimize foreign arithmetic in ZKP circuits. Cryptology ePrint Archive, Report 2024\/265 (2024). https:\/\/eprint.iacr.org\/2024\/265","DOI":"10.62056\/an-4c3c2h"},{"key":"1_CR73","unstructured":"Orr\u00f9, M., Yun, C.: Sigma protocols. Internet Draft draft-irtf-cfrg-sigma-protocols-01, Internet Research Task Force (2025)"},{"key":"1_CR74","unstructured":"Paquin, C., Policharla, G.V., Zaverucha, G.: Crescent: Stronger privacy for existing credentials. Cryptology ePrint Archive, Report 2024\/2013 (2024). https:\/\/eprint.iacr.org\/2024\/2013"},{"key":"1_CR75","unstructured":"Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1. 1. Technical Report, Microsoft Corporation (2011)"},{"key":"1_CR76","doi-asserted-by":"publisher","unstructured":"Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: Nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238\u2013252. IEEE Computer Society Press (2013). https:\/\/doi.org\/10.1109\/SP.2013.47","DOI":"10.1109\/SP.2013.47"},{"key":"1_CR77","doi-asserted-by":"publisher","unstructured":"Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA\u00a02016. LNCS, vol.\u00a09610, pp. 111\u2013126. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29485-8_7","DOI":"10.1007\/978-3-319-29485-8_7"},{"key":"1_CR78","unstructured":"Prime Minister\u2019s Office: https:\/\/www.gov.uk\/government\/news\/new-digital-id-scheme-to-be-rolled-out-across-uk (2025)"},{"key":"1_CR79","unstructured":"Project, D.E.W.: Nl wallet: Software system overview (2025). https:\/\/minbzk.github.io\/nl-wallet\/main\/architecture\/c4\/software-system.html"},{"key":"1_CR80","unstructured":"Project, G.E.W.: German national eudi wallet: Architecture documentation (2025). https:\/\/bmi.usercontent.opencode.de\/eudi-wallet\/wallet-development-documentation-public\/v0.7.0\/architecture-concept\/02-decomposition\/"},{"key":"1_CR81","unstructured":"Project, S.E.W.: Remote pake-protected services protocol (r2ps) (2025). https:\/\/expg.eidasweb.se\/s\/03jK698rE"},{"key":"1_CR82","unstructured":"Rosa, P.D.: Response to cryptographer\u2019s feedback. https:\/\/github.com\/eu-digital-identity-wallet\/eudi-doc-architecture-and-reference-framework\/discussions\/211#discussioncomment-9882388"},{"key":"1_CR83","doi-asserted-by":"publisher","unstructured":"Rosenberg, M., White, J.D., Garman, C., Miers, I.: zk-creds: flexible anonymous credentials from zkSNARKs and existing identity infrastructure. In: 2023 IEEE Symposium on Security and Privacy, pp. 790\u2013808. IEEE Computer Society Press (2023). https:\/\/doi.org\/10.1109\/SP46215.2023.10179430","DOI":"10.1109\/SP46215.2023.10179430"},{"key":"1_CR84","unstructured":"Sakemi, Y., Kobayashi, T., Saito, T., Wahby, R.S.: Pairing-Friendly Curves. Internet Draft draft-irtf-cfrg-pairing-friendly-curves-12, Internet Engineering Task Force (2025)"},{"key":"1_CR85","doi-asserted-by":"publisher","unstructured":"Sanders, O., Traor\u00e9, J.: Compact issuer-hiding authentication, application to anonymous credential. PoPETs 2024(3), 645\u2013658 (2024). https:\/\/doi.org\/10.56553\/popets-2024-0097","DOI":"10.56553\/popets-2024-0097"},{"key":"1_CR86","unstructured":"Schlesinger, S., Katz, J.: Anonymous credit tokens. Internet Draft draft-schlesinger-cfrg-act, Internet Engineering Task Force (2025)"},{"key":"1_CR87","doi-asserted-by":"publisher","unstructured":"Sonnino, A., Al-Bassam, M., Bano, S., Meiklejohn, S., Danezis, G.: Coconut: threshold issuance selective disclosure credentials with applications to distributed ledgers. In: NDSS\u00a02019. The Internet Society (2019). https:\/\/doi.org\/10.14722\/ndss.2019.23272","DOI":"10.14722\/ndss.2019.23272"},{"key":"1_CR88","unstructured":"Swiss federal authorities: e-id law approved at the ballot box (2025). https:\/\/www.eid.admin.ch\/en\/e-id-gesetz-an-der-urne-angenommen-e"},{"key":"1_CR89","doi-asserted-by":"publisher","unstructured":"Tessaro, S., Zhu, C.: Revisiting BBS signatures. In: Hazay, C., Stam, M. (eds.) EUROCRYPT\u00a02023, Part\u00a0V. LNCS, vol. 14008, pp. 691\u2013721. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_24","DOI":"10.1007\/978-3-031-30589-4_24"},{"key":"1_CR90","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.comcom.2024.07.017","volume":"225","author":"D Tortola","year":"2024","unstructured":"Tortola, D., Lisi, A., Mori, P., Ricci, L.: Tethering layer 2 solutions to the blockchain: a survey on proving schemes. Comput. Commun. 225, 289\u2013310 (2024)","journal-title":"Comput. Commun."},{"key":"1_CR91","unstructured":"Transportation Security Administration (2025). https:\/\/www.tsa.gov\/real-id\/real-id-mobile-drivers-license-mdls"},{"key":"1_CR92","doi-asserted-by":"publisher","unstructured":"Wang, R., Hazay, C., Venkitasubramaniam, M.: Ligetron: Lightweight scalable end-to-end zero-knowledge proofs post-quantum ZK-SNARKs on a browser. In: 2024 IEEE Symposium on Security and Privacy, pp. 1760\u20131776. IEEE Computer Society Press (2024). https:\/\/doi.org\/10.1109\/SP54263.2024.00086","DOI":"10.1109\/SP54263.2024.00086"},{"key":"1_CR93","doi-asserted-by":"crossref","unstructured":"Woo, A.P.Y., Ozdemir, A., Sharp, C., Pornin, T., Grubbs, P.: Efficient proofs of possession for legacy signatures. Cryptology ePrint Archive, Report 2025\/538 (2025). https:\/\/eprint.iacr.org\/2025\/538","DOI":"10.1109\/SP61157.2025.00080"},{"key":"1_CR94","unstructured":"Wood, C.A., Yun, C.: Anonymous rate-limited credentials. Internet Draft draft-yun-privacypass-crypto-arc-00, Internet Engineering Task Force (2025)"},{"key":"1_CR95","unstructured":"ZKProof.org: Zkproof charter (2018). https:\/\/docs.zkproof.org\/general"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-19567-8_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:41:17Z","timestamp":1781566877000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-19567-8_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032195661","9783032195678"],"references-count":95,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-19567-8_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Passau","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.uni-passau.de\/ssr2025","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}