{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T04:21:46Z","timestamp":1778127706180,"version":"3.51.4"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319637143","type":"print"},{"value":"9783319637150","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63715-0_20","type":"book-chapter","created":{"date-parts":[[2017,7,28]],"date-time":"2017-07-28T01:19:51Z","timestamp":1501204791000},"page":"581-612","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":115,"title":["Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs"],"prefix":"10.1007","author":[{"given":"Jens","family":"Groth","sequence":"first","affiliation":[]},{"given":"Mary","family":"Maller","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,7,29]]},"reference":[{"key":"20_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/978-3-540-70936-7_7","volume-title":"Theory of Cryptography","author":"M Abe","year":"2007","unstructured":"Abe, M., Fehr, S.: Perfect NIZK with adaptive soundness. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 118\u2013136. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-70936-7_7"},{"issue":"6","key":"20_CR2","doi-asserted-by":"publisher","first-page":"1084","DOI":"10.1137\/0220068","volume":"20","author":"MB Bdmp","year":"1991","unstructured":"Bdmp, M.B., De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge proof systems. SIAM J. Comput. 20(6), 1084\u20131118 (1991)","journal-title":"SIAM J. Comput."},{"key":"20_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"520","DOI":"10.1007\/978-3-642-54631-0_30","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"M Bellare","year":"2014","unstructured":"Bellare, M., Fuchsbauer, G.: Policy-based signatures. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 520\u2013537. Springer, Heidelberg (2014). doi:10.1007\/978-3-642-54631-0_30"},{"key":"20_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-662-44381-1_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"E Ben-Sasson","year":"2014","unstructured":"Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Scalable zero knowledge via cycles of elliptic curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 276\u2013294. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-44381-1_16"},{"key":"20_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/978-3-662-45611-8_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"F Benhamouda","year":"2014","unstructured":"Benhamouda, F., Camenisch, J., Krenn, S., Lyubashevsky, V., Neven, G.: Better zero-knowledge proofs for lattice encryption and their application to group signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 551\u2013572. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-45611-8_29"},{"key":"20_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-642-38980-1_33","volume-title":"Applied Cryptography and Network Security","author":"D Bernhard","year":"2013","unstructured":"Bernhard, D., Fuchsbauer, G., Ghadafi, E.: Efficient signatures of knowledge and DAA in the standard model. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 518\u2013533. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-38980-1_33"},{"issue":"3","key":"20_CR7","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/s10207-013-0191-z","volume":"12","author":"D Bernhard","year":"2013","unstructured":"Bernhard, D., Fuchsbauer, G., Ghadafi, E., Smart, N.P., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Secur. 12(3), 219\u2013249 (2013)","journal-title":"Int. J. Inf. Secur."},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for snarks and proof-carrying data. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 111\u2013120. ACM (2013)","DOI":"10.1145\/2488608.2488623"},{"key":"20_CR9","unstructured":"Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: Indistinguishability obfuscation vs. auxiliary-input extractable functions: One must fall. IACR Cryptology ePrint Archive, 2013:641 (2013)"},{"issue":"5","key":"20_CR10","doi-asserted-by":"publisher","first-page":"1910","DOI":"10.1137\/140975048","volume":"45","author":"N Bitansky","year":"2016","unstructured":"Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. SIAM J. Comput. 45(5), 1910\u20131952 (2016)","journal-title":"SIAM J. Comput."},{"key":"20_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-36594-2_18","volume-title":"Theory of Cryptography","author":"N Bitansky","year":"2013","unstructured":"Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315\u2013333. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-36594-2_18"},{"key":"20_CR12","doi-asserted-by":"crossref","unstructured":"Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 103\u2013112. ACM (1988)","DOI":"10.1145\/62212.62222"},{"key":"20_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1007\/11426639_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"D Boneh","year":"2005","unstructured":"Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440\u2013456. Springer, Heidelberg (2005). doi:10.1007\/11426639_26"},{"key":"20_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1007\/978-3-662-48800-3_10","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"E Boyle","year":"2015","unstructured":"Boyle, E., Pass, R.: Limits of extractability assumptions with distributional auxiliary input. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 236\u2013261. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-48800-3_10"},{"key":"20_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-540-68979-9_13","volume-title":"Trusted Computing - Challenges and Applications","author":"E Brickell","year":"2008","unstructured":"Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166\u2013178. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-68979-9_13"},{"key":"20_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/BFb0052252","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"J Camenisch","year":"1997","unstructured":"Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410\u2013424. Springer, Heidelberg (1997). doi:10.1007\/BFb0052252"},{"key":"20_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/11818175_5","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Chase","year":"2006","unstructured":"Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 78\u201396. Springer, Heidelberg (2006). doi:10.1007\/11818175_5"},{"key":"20_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/3-540-47555-9_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u2019 92","author":"I Damg\u00e5rd","year":"1993","unstructured":"Damg\u00e5rd, I.: Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with preprocessing. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 341\u2013355. Springer, Heidelberg (1993). doi:10.1007\/3-540-47555-9_28"},{"key":"20_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1007\/978-3-662-45611-8_28","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"G Danezis","year":"2014","unstructured":"Danezis, G., Fournet, C., Groth, J., Kohlweiss, M.: Square span programs with applications to succinct NIZK arguments. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 532\u2013550. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-45611-8_28"},{"key":"20_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1007\/3-540-45022-X_38","volume-title":"Automata, Languages and Programming","author":"A Santis","year":"2000","unstructured":"Santis, A., Crescenzo, G., Persiano, G.: Necessary and sufficient assumptions for non-interactive zero-knowledge proofs of knowledge for All NP relations. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 451\u2013462. Springer, Heidelberg (2000). doi:10.1007\/3-540-45022-X_38"},{"key":"20_CR21","doi-asserted-by":"crossref","unstructured":"De Santis, A., Persiano, G.: Zero-knowledge proofs of knowledge without interaction. In: 33rd Annual Symposium on Foundations of Computer Science, 1992, Proceedings, pp. 427\u2013436. IEEE (1992)","DOI":"10.1109\/SFCS.1992.267809"},{"key":"20_CR22","unstructured":"Derler, D., Slamanig, D.: Fully-anonymous short dynamic group signatures without encryption. IACR Cryptology ePrint Archive 2016:154 (2016)"},{"issue":"1","key":"20_CR23","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/s00145-015-9220-6","volume":"30","author":"A Escala","year":"2017","unstructured":"Escala, A., Herold, G., Kiltz, E., Rafols, C., Villar, J.: An algebraic framework for diffie-hellman assumptions. J. Cryptol. 30(1), 242\u2013288 (2017)","journal-title":"J. Cryptol."},{"key":"20_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/978-3-642-34931-7_5","volume-title":"Progress in Cryptology - INDOCRYPT 2012","author":"S Faust","year":"2012","unstructured":"Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the fiat-shamir transform. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60\u201379. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-34931-7_5"},{"issue":"1","key":"20_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1137\/S0097539792230010","volume":"29","author":"U Feige","year":"1999","unstructured":"Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1\u201328 (1999)","journal-title":"SIAM J. Comput."},{"issue":"10","key":"20_CR26","first-page":"1076","volume":"8","author":"D-G Feng","year":"2009","unstructured":"Feng, D.-G., Xu, J., Chen, X.-F.: An efficient direct anonymous attestation scheme with forward security. WSEAS Trans. Commun. 8(10), 1076\u20131085 (2009)","journal-title":"WSEAS Trans. Commun."},{"key":"20_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/978-3-642-21554-4_18","volume-title":"Applied Cryptography and Network Security","author":"M Fischlin","year":"2011","unstructured":"Fischlin, M., Onete, C.: Relaxed security notions for signatures of knowledge. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 309\u2013326. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-21554-4_18"},{"issue":"16","key":"20_CR28","doi-asserted-by":"publisher","first-page":"3113","DOI":"10.1016\/j.dam.2007.12.010","volume":"156","author":"SD Galbraith","year":"2008","unstructured":"Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113\u20133121 (2008)","journal-title":"Discrete Appl. Math."},{"key":"20_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-71677-8_2","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"H Ge","year":"2007","unstructured":"Ge, H., Tate, S.R.: A direct anonymous attestation scheme for embedded devices. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 16\u201330. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-71677-8_2"},{"key":"20_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/978-3-642-38348-9_37","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"R Gennaro","year":"2013","unstructured":"Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626\u2013645. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-38348-9_37"},{"issue":"4","key":"20_CR31","doi-asserted-by":"publisher","first-page":"820","DOI":"10.1007\/s00145-014-9184-y","volume":"28","author":"C Gentry","year":"2015","unstructured":"Gentry, C., Groth, J., Ishai, Y., Peikert, C., Sahai, A., Smith, A.D.: Using fully homomorphic hybrid encryption to minimize non-interative zero-knowledge proofs. J. Cryptol. 28(4), 820\u2013843 (2015)","journal-title":"J. Cryptol."},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, pp. 99\u2013108. ACM (2011)","DOI":"10.1145\/1993636.1993651"},{"key":"20_CR33","doi-asserted-by":"crossref","unstructured":"Ghadafi, E., Groth, J.: Towards a classification of non-interactive computational assumptions in cyclic groups. Cryptology ePrint Archive, Report 2017\/343 (2017)","DOI":"10.1007\/978-3-319-70697-9_3"},{"key":"20_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/11935230_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"J Groth","year":"2006","unstructured":"Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444\u2013459. Springer, Heidelberg (2006). doi:10.1007\/11935230_29"},{"key":"20_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-642-17373-8_20","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341\u2013358. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-17373-8_20"},{"key":"20_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-662-49896-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"J Groth","year":"2016","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305\u2013326. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-49896-5_11"},{"issue":"3","key":"20_CR37","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1007\/s00145-013-9152-y","volume":"27","author":"J Groth","year":"2014","unstructured":"Groth, J., Ostrovsky, R.: Cryptography in the multi-string model. J. Cryptol. 27(3), 506\u2013543 (2014)","journal-title":"J. Cryptol."},{"issue":"3","key":"20_CR38","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/2220357.2220358","volume":"59","author":"J Groth","year":"2012","unstructured":"Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM (JACM) 59(3), 11 (2012)","journal-title":"J. ACM (JACM)"},{"issue":"5","key":"20_CR39","doi-asserted-by":"publisher","first-page":"1193","DOI":"10.1137\/080725386","volume":"41","author":"J Groth","year":"2012","unstructured":"Groth, J., Sahai, A.: Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41(5), 1193\u20131232 (2012)","journal-title":"SIAM J. Comput."},{"key":"20_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/3-540-44750-4_25","volume-title":"Advances in Cryptology \u2014 CRYPT0\u2019 95","author":"J Kilian","year":"1995","unstructured":"Kilian, J.: Improved efficient arguments. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 311\u2013324. Springer, Heidelberg (1995). doi:10.1007\/3-540-44750-4_25"},{"issue":"1","key":"20_CR41","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s001459900032","volume":"11","author":"J Kilian","year":"1998","unstructured":"Kilian, J., Petrank, E.: An efficient noninteractive zero-knowledge proof system for np with general assumptions. J. Cryptol. 11(1), 1\u201327 (1998)","journal-title":"J. Cryptol."},{"key":"20_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/BFb0054118","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"U Maurer","year":"1998","unstructured":"Maurer, U., Wolf, S.: Lower bounds on generic algorithms in groups. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 72\u201384. Springer, Heidelberg (1998). doi:10.1007\/BFb0054118"},{"issue":"4","key":"20_CR43","doi-asserted-by":"publisher","first-page":"1253","DOI":"10.1137\/S0097539795284959","volume":"30","author":"S Micali","year":"2000","unstructured":"Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253\u20131298 (2000)","journal-title":"SIAM J. Comput."},{"key":"20_CR44","doi-asserted-by":"crossref","unstructured":"Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397\u2013411. IEEE (2013)","DOI":"10.1109\/SP.2013.34"},{"issue":"2","key":"20_CR45","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/BF02113297","volume":"55","author":"VI Nechaev","year":"1994","unstructured":"Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165\u2013172 (1994)","journal-title":"Math. Notes"},{"key":"20_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"554","DOI":"10.1007\/978-3-540-85174-5_31","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"C Peikert","year":"2008","unstructured":"Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554\u2013571. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85174-5_31"},{"key":"20_CR47","doi-asserted-by":"crossref","unstructured":"Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science, 1999, pp. 543\u2013553. IEEE (1999)","DOI":"10.1109\/SFFCS.1999.814628"},{"key":"20_CR48","unstructured":"Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 459\u2013474. IEEE (2014)"},{"issue":"3","key":"20_CR49","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"C-P Schnorr","year":"1991","unstructured":"Schnorr, C.-P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991)","journal-title":"J. Cryptol."},{"key":"20_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-69053-0_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"V Shoup","year":"1997","unstructured":"Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256\u2013266. Springer, Heidelberg (1997). doi:10.1007\/3-540-69053-0_18"},{"key":"20_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-78524-8_1","volume-title":"Theory of Cryptography","author":"P Valiant","year":"2008","unstructured":"Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time\/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1\u201318. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-78524-8_1"},{"key":"20_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-319-22846-4_13","volume-title":"Trust and Trustworthy Computing","author":"B Yang","year":"2015","unstructured":"Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 209\u2013227. Springer, Cham (2015). doi:10.1007\/978-3-319-22846-4_13"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63715-0_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T18:33:09Z","timestamp":1750789989000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63715-0_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319637143","9783319637150"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63715-0_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"29 July 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}