{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T17:07:23Z","timestamp":1781284043011,"version":"3.54.1"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319395548","type":"print"},{"value":"9783319395555","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-39555-5_9","type":"book-chapter","created":{"date-parts":[[2016,6,8]],"date-time":"2016-06-08T14:11:31Z","timestamp":1465395091000},"page":"156-174","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":176,"title":["Threshold-Optimal DSA\/ECDSA Signatures and an Application to Bitcoin Wallet Security"],"prefix":"10.1007","author":[{"given":"Rosario","family":"Gennaro","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Steven","family":"Goldfeder","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Arvind","family":"Narayanan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2016,6,9]]},"reference":[{"key":"9_CR1","unstructured":"Andresen, G.: Github: Shared Wallets Design. https:\/\/gist.github.com\/gavinandresen\/4039433"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Baudron, O., Fouque, P.-A., Pointcheval, D., Poupard, G., Stern, J.: Practical multi-candidate election system. In: PODC 2001","DOI":"10.1145\/383962.384044"},{"key":"9_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"480","DOI":"10.1007\/3-540-69053-0_33","volume-title":"Advances in Cryptology - EUROCRYPT 1997","author":"N Bari\u0107","year":"1997","unstructured":"Bari\u0107, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480\u2013494. Springer, Heidelberg (1997)"},{"key":"9_CR4","unstructured":"Bitcoin Forum member dree12, List of Bitcoin Heists (2013). https:\/\/bitcointalk.org\/index.php?topic=83794.0"},{"key":"9_CR5","unstructured":"Bitcoin Forum member gmaxwell, Coinjoin: Bitcoin privacy in the real world (2013). https:\/\/bitcointalk.org\/index.php?topic=279249.0"},{"key":"9_CR6","unstructured":"Bitcoin wiki: Transactions. https:\/\/en.bitcoin.it\/wiki\/Transactions"},{"key":"9_CR7","unstructured":"Bitcoin wiki: Elliptic Curve Digital Signature Algorithm. https:\/\/en.bitcoin.it\/wiki\/Elliptic_Curve_Digital_Signature_Algorithm"},{"key":"9_CR8","unstructured":"Bitcoin wiki: Secp256k1. https:\/\/en.bitcoin.it\/w\/index.php?title=Secp256k1"},{"key":"9_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"486","DOI":"10.1007\/978-3-662-45472-5_31","volume-title":"Financial Cryptography and Data Security","author":"J Bonneau","year":"2014","unstructured":"Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486\u2013504. Springer, Heidelberg (2014)"},{"key":"9_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/978-3-642-01001-9_25","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"J Camenisch","year":"2009","unstructured":"Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425\u2013442. Springer, Heidelberg (2009)"},{"key":"9_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1007\/978-3-642-25385-0_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"J Camenisch","year":"2011","unstructured":"Camenisch, J., Krenn, S., Shoup, V.: A framework for practical universally composable zero-knowledge protocols. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 449\u2013467. Springer, Heidelberg (2011)"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Canetti, R., Security, U.C.: A new paradigm for cryptographic protocols. In: Proceedings of 42nd IEEE Symposium on Foundations of Computer Science (FOCS 2001) (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"9_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1007\/3-540-48405-1_7","volume-title":"Advances in Cryptology - CRYPTO 1999","author":"R Canetti","year":"1999","unstructured":"Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98\u2013116. Springer, Heidelberg (1999)"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: Proceedings of 35th ACM Symposium on Theory of Computing (STOC 2003) (2003)","DOI":"10.1145\/780542.780605"},{"key":"9_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/3-540-44586-2_9","volume-title":"Public Key Cryptography","author":"I Damg\u00e5rd","year":"2001","unstructured":"Damg\u00e5rd, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier\u2019s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119\u2013136. Springer, Heidelberg (2001)"},{"key":"9_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/3-540-44987-6_10","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"IB Damg\u00e5rd","year":"2001","unstructured":"Damg\u00e5rd, I.B., Koprowski, M.: Practical threshold RSA signatures without a trusted dealer. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 152\u2013165. Springer, Heidelberg (2001)"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: Proceedings of 30th ACM Symposium on Theory of Computing (STOC 1998) (1998)","DOI":"10.1145\/276698.276722"},{"key":"9_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/3-540-44987-6_4","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"G Di Crescenzo","year":"2001","unstructured":"Di Crescenzo, G., Katz, J., Ostrovsky, R., Smith, A.: Efficient and non-interactive non-malleable commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 40\u201359. Springer, Heidelberg (2001)"},{"issue":"2","key":"9_CR19","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D Dolev","year":"2000","unstructured":"Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. Comp. 30(2), 391\u2013437 (2000)","journal-title":"SIAM J. Comp."},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/BFb0052225","volume-title":"Advances in Cryptology - CRYPTO 1997","author":"E Fujisaki","year":"1997","unstructured":"Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16\u201330. Springer, Heidelberg (1997)"},{"key":"9_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-28628-8_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"R Gennaro","year":"2004","unstructured":"Gennaro, R.: Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 220\u2013236. Springer, Heidelberg (2004)"},{"key":"9_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1007\/3-540-68339-9_31","volume-title":"Advances in Cryptology - EUROCRYPT 1996","author":"R Gennaro","year":"1996","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354\u2013371. Springer, Heidelberg (1996)"},{"key":"9_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1007\/3-540-48910-X_21","volume-title":"Advances in Cryptology - EUROCRYPT 1999","author":"R Gennaro","year":"1999","unstructured":"Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295\u2013310. Springer, Heidelberg (1999)"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/11787006_4","volume-title":"Automata, Languages and Programming","author":"R Gennaro","year":"2006","unstructured":"Gennaro, R., Micali, S.: Independent zero-knowledge sets. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 34\u201345. Springer, Heidelberg (2006)"},{"issue":"2","key":"9_CR25","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"issue":"1","key":"9_CR26","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S Goldwasser","year":"1989","unstructured":"Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. SIAM. J. Comput. 18(1), 186\u2013208 (1989)","journal-title":"SIAM. J. Comput."},{"key":"9_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-27954-6_20","volume-title":"Topics in Cryptology \u2013 CT-RSA 2012","author":"C Hazay","year":"2012","unstructured":"Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T.: Efficient RSA key generation and threshold paillier in the two-party setting. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 313\u2013331. Springer, Heidelberg (2012)"},{"key":"9_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/3-540-45539-6_16","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"S Jarecki","year":"2000","unstructured":"Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: introducing concurrency, removing erasures (Extended Abstract). In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221\u2013242. Springer, Heidelberg (2000)"},{"issue":"1","key":"9_CR29","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s102070100002","volume":"1","author":"D Johnson","year":"2001","unstructured":"Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36\u201363 (2001)","journal-title":"Int. J. Inf. Secur."},{"key":"9_CR30","unstructured":"Kaspersky Labs, Financial cyber threats in: 2013. Part 2: malware (2013). http:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/59414\/financial-cyber-threats-in-2013-part-2-malware\/"},{"key":"9_CR31","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/s10207-004-0041-0","volume":"2","author":"P MacKenzie","year":"2004","unstructured":"MacKenzie, P., Reiter, M.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2, 218\u2013239 (2004)","journal-title":"Int. J. Inf. Secur."},{"key":"9_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-540-24676-3_23","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"PD MacKenzie","year":"2004","unstructured":"MacKenzie, P.D., Yang, K.: On simulation-sound trapdoor commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382\u2013400. Springer, Heidelberg (2004)"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Internet Measurement Conference. ACM (2013)","DOI":"10.1145\/2504730.2504747"},{"key":"9_CR34","first-page":"28","volume":"1","author":"S Nakamoto","year":"2008","unstructured":"Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1, 28 (2008)","journal-title":"Consulted"},{"key":"9_CR35","series-title":"Lecture Notes in Computer Science","first-page":"223","volume-title":"Advances in Cryptology - EUROCRYPT 1999","author":"P Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223\u2013238. Springer, Heidelberg (1999)"},{"key":"9_CR36","unstructured":"Paillier Threshold Encryption Toolbox. http:\/\/cs.utdallas.edu\/dspl\/cgi-bin\/pailliertoolbox\/manual.pdf"},{"key":"9_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/3-540-46416-6_20","volume-title":"Advances in Cryptology - EUROCRYPT 1991","author":"TP Pedersen","year":"1991","unstructured":"Pedersen, T.P.: Distributed provers with applications to undeniable signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 221\u2013242. Springer, Heidelberg (1991)"},{"key":"9_CR38","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R Rivest","year":"1978","unstructured":"Rivest, R., Shamir, A., Adelman, L.: A method for obtaining digital signature and public key cryptosystems. Comm. ACM 21, 120\u2013126 (1978)","journal-title":"Comm. ACM"},{"key":"9_CR39","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1145\/359168.359176","volume":"22","author":"A Shamir","year":"1979","unstructured":"Shamir, A.: How to share a secret. Comm. ACM 22, 612\u2013613 (1979)","journal-title":"Comm. ACM"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-39555-5_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,10]],"date-time":"2021-06-10T00:05:12Z","timestamp":1623283512000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-39555-5_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319395548","9783319395555"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-39555-5_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"9 June 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}