{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T18:31:18Z","timestamp":1773772278799,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319430041","type":"print"},{"value":"9783319430058","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-43005-8_1","type":"book-chapter","created":{"date-parts":[[2016,8,13]],"date-time":"2016-08-13T15:40:59Z","timestamp":1471102859000},"page":"1-31","source":"Crossref","is-referenced-by-count":6,"title":["Efficient Zero-Knowledge Proof Systems"],"prefix":"10.1007","author":[{"given":"Jonathan","family":"Bootle","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrea","family":"Cerulli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pyrros","family":"Chaidos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jens","family":"Groth","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,8,14]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (2012)","DOI":"10.1145\/2090236.2090263"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for SNARKS and proof-carrying data. In: Proceedings of the 45th Annual ACM Symposium on Theory of Computing - STOC 2013, p. 111 (2013)","DOI":"10.1145\/2488608.2488623"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Blum, M., Feldman, P., Micali, S.: Non-interactive Zero Knowledge and Its Applications (Extended Abstract), pp. 103\u2013112. MIT (1988)","DOI":"10.1145\/62212.62222"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1007\/978-3-540-30576-7_18","volume-title":"Theory of Cryptography","author":"D Boneh","year":"2005","unstructured":"Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325\u2013341. Springer, Heidelberg (2005)"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: Proceedings of 38th Annual Symposium on Foundations of Computer Science, pp. 374\u2013383. IEEE (1997)","DOI":"10.1109\/SFCS.1997.646126"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, 1\u201321 November 1993","DOI":"10.1145\/168588.168596"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1007\/978-3-662-44381-1_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"E Ben-Sasson","year":"2014","unstructured":"Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 276\u2013294. Springer, Heidelberg (2014)"},{"issue":"3","key":"1_CR8","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1007\/s001459900009","volume":"9","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Yung, M.: Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptol. 9(3), 149\u2013166 (1996)","journal-title":"J. Cryptol."},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"424","DOI":"10.1007\/BFb0055745","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"R Cramer","year":"1998","unstructured":"Cramer, R., Damg\u00e5rd, I.B.: Zero-knowledge proofs for finite field arithmetic or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424\u2013441. Springer, Heidelberg (1998)"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"R Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I.B., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174\u2013187. Springer, Heidelberg (1994)"},{"key":"1_CR11","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology. Revisited, p. 31 (2000)"},{"issue":"1","key":"1_CR12","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/BF00206326","volume":"1","author":"D Chaum","year":"1988","unstructured":"Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65\u201375 (1988)","journal-title":"J. Cryptol."},{"key":"1_CR13","unstructured":"Chiesa, A., Tromer, E.: Proof-carrying data and hearsay arguments from signature cards. In: ICS, vol. 10, pp. 310\u2013331 (2010)"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/0-387-34805-0_3","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: On the existence of bit commitment schemes and zero-knowledge proofs. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 17\u201327. Springer, Heidelberg (1990)"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"418","DOI":"10.1007\/3-540-45539-6_30","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"IB Damg\u00e5rd","year":"2000","unstructured":"Damg\u00e5rd, I.B.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418\u2013430. Springer, Heidelberg (2000)"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1007\/3-540-44750-4_26","volume-title":"Advances in Cryptology - CRYPTO \u201995","author":"IB Damg\u00e5rd","year":"1995","unstructured":"Damg\u00e5rd, I.B., Goldreich, O., Okamoto, T., Wigderson, A.: Honest verifier vs dishonest verifier in public coin zero-knowledge proofs. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 325\u2013338. Springer, Heidelberg (1995)"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T El Gamal","year":"1985","unstructured":"El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985)"},{"issue":"1","key":"1_CR18","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1137\/S0097539792230010","volume":"29","author":"U Feige","year":"1999","unstructured":"Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1\u201328 (1999)","journal-title":"SIAM J. Comput."},{"issue":"4","key":"1_CR19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s00145-014-9184-y","volume":"28","author":"C Gentry","year":"2015","unstructured":"Gentry, C., Groth, J., Ishai, Y., Peikert, C., Sahai, A., Smith, A.: Using fully homomorphic hybrid encryption to minimize non-interative zero-knowledge proofs. J. Cryptol. 28(4), 1\u201322 (2015)","journal-title":"J. Cryptol."},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"465","DOI":"10.1007\/978-3-642-14623-7_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"R Gennaro","year":"2010","unstructured":"Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465\u2013482. Springer, Heidelberg (2010)"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"626","DOI":"10.1007\/978-3-642-38348-9_37","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"R Gennaro","year":"2013","unstructured":"Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626\u2013645. Springer, Heidelberg (2013)"},{"issue":"1","key":"1_CR22","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1137\/S0097539791220688","volume":"25","author":"O Goldreich","year":"1996","unstructured":"Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169\u2013192 (1996)","journal-title":"SIAM J. Comput."},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: Proceedings of 44th Annual IEEE Symposium on Foundations of Computer Science, 2003 (2003)","DOI":"10.1109\/SFCS.2003.1238185"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, pp. 291\u2013304. ACM (1985)","DOI":"10.1145\/22145.22178"},{"issue":"3","key":"1_CR25","doi-asserted-by":"crossref","first-page":"690","DOI":"10.1145\/116825.116852","volume":"38","author":"O Goldreich","year":"1991","unstructured":"Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM (JACM) 38(3), 690\u2013728 (1991)","journal-title":"J. ACM (JACM)"},{"issue":"2","key":"1_CR26","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1007\/s00145-005-0307-3","volume":"19","author":"JA Garay","year":"2006","unstructured":"Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. J. Cryptol. 19(2), 169\u2013209 (2006)","journal-title":"J. Cryptol."},{"issue":"3","key":"1_CR27","doi-asserted-by":"crossref","first-page":"506","DOI":"10.1007\/s00145-013-9152-y","volume":"27","author":"J Groth","year":"2014","unstructured":"Groth, J., Ostrovsky, R.: Cryptography in the multi-string model. J. Cryptol. 27(3), 506\u2013543 (2014)","journal-title":"J. Cryptol."},{"key":"1_CR28","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511546891","volume-title":"The Foundations of Cryptography. Basic Techniques","author":"O Goldreich","year":"2001","unstructured":"Goldreich, O.: The Foundations of Cryptography. Basic Techniques, vol. 1. Cambridge University Press, Cambridge (2001)"},{"key":"1_CR29","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1145\/2220357.2220358","volume":"59","author":"J Groth","year":"2012","unstructured":"Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM (JACM) 59, 11 (2012)","journal-title":"J. ACM (JACM)"},{"key":"1_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/978-3-642-03356-8_12","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"J Groth","year":"2009","unstructured":"Groth, J.: Linear algebra with sub-linear zero-knowledge arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 192\u2013208. Springer, Heidelberg (2009)"},{"key":"1_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/978-3-642-17373-8_20","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341\u2013358. Springer, Heidelberg (2010)"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1007\/978-3-642-17373-8_19","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321\u2013340. Springer, Heidelberg (2010)"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing (2011)","DOI":"10.1145\/1993636.1993651"},{"key":"1_CR34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s001459900032","volume":"11","author":"J Kilian","year":"1998","unstructured":"Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for NP with general assumptions. J. Cryptol. 11, 1\u201327 (1998)","journal-title":"J. Cryptol."},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1007\/978-3-642-28914-9_10","volume-title":"Theory of Cryptography","author":"H Lipmaa","year":"2012","unstructured":"Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169\u2013189. Springer, Heidelberg (2012)"},{"issue":"4","key":"1_CR36","doi-asserted-by":"crossref","first-page":"1253","DOI":"10.1137\/S0097539795284959","volume":"30","author":"S Micali","year":"2000","unstructured":"Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253\u20131298 (2000)","journal-title":"SIAM J. Comput."},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/3-540-46766-1_9","volume-title":"Advances in Cryptology - CRYPTO \u201991","author":"TP Pedersen","year":"1992","unstructured":"Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129\u2013140. Springer, Heidelberg (1992)"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238\u2013252, May 2013","DOI":"10.1109\/SP.2013.47"}],"container-title":["Lecture Notes in Computer Science","Foundations of Security Analysis and Design VIII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-43005-8_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,12]],"date-time":"2019-09-12T14:47:17Z","timestamp":1568299637000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-43005-8_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319430041","9783319430058"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-43005-8_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}