{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T15:55:42Z","timestamp":1772553342276,"version":"3.50.1"},"publisher-location":"Cham","reference-count":62,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319968773","type":"print"},{"value":"9783319968780","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-96878-0_22","type":"book-chapter","created":{"date-parts":[[2018,7,23]],"date-time":"2018-07-23T12:53:57Z","timestamp":1532350437000},"page":"643-673","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":73,"title":["Non-Interactive Zero-Knowledge Proofs for Composite Statements"],"prefix":"10.1007","author":[{"given":"Shashank","family":"Agrawal","sequence":"first","affiliation":[]},{"given":"Chaya","family":"Ganesh","sequence":"additional","affiliation":[]},{"given":"Payman","family":"Mohassel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,7,24]]},"reference":[{"key":"22_CR1","unstructured":"Secp256k1. https:\/\/en.bitcoin.it\/wiki\/Secp256k1"},{"key":"22_CR2","unstructured":"Technical background of version 1 bitcoin addresses. https:\/\/en.bitcoin.it\/wiki\/Technical_background_of_version_1_Bitcoin_addresses"},{"key":"22_CR3","unstructured":"Zcash 1.0 \u201cSprout\u201d Guide. https:\/\/github.com\/zcash\/zcash\/wiki\/1.0-User-Guide"},{"key":"22_CR4","unstructured":"Zcash Parameter Generation. https:\/\/z.cash\/technology\/paramgen.html"},{"key":"22_CR5","unstructured":"Aho, A. (ed.): 19th ACM STOC. ACM Press, May 1987"},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17, pp. 2087\u20132104. ACM Press, October\/November 2017","DOI":"10.1145\/3133956.3134104"},{"key":"22_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/0-387-34799-2_4","volume-title":"Advances in Cryptology \u2014 CRYPTO 1988","author":"M Ben-Or","year":"1990","unstructured":"Ben-Or, M., Goldreich, O., Goldwasser, S., H\u00e5stad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37\u201356. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_4"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459\u2013474. IEEE Computer Society Press, May 2014","DOI":"10.1109\/SP.2014.36"},{"key":"22_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1007\/978-3-642-40084-1_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Ben-Sasson","year":"2013","unstructured":"Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 90\u2013108. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40084-1_6"},{"key":"22_CR10","unstructured":"Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 781\u2013796. USENIX Association, San Diego, CA (2014)"},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Goldwasser, S. (ed.) ITCS 2012, pp. 326\u2013349. ACM, January 2012","DOI":"10.1145\/2090236.2090263"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-36594-2_18","volume-title":"Theory of Cryptography","author":"N Bitansky","year":"2013","unstructured":"Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315\u2013333. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36594-2_18"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: 20th ACM STOC, pp. 103\u2013112. ACM Press, May 1988","DOI":"10.1145\/62212.62222"},{"key":"22_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/3-540-45539-6_31","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2000","author":"F Boudot","year":"2000","unstructured":"Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431\u2013444. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_31"},{"key":"22_CR15","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: efficient range proofs for confidential transactions. Cryptology ePrint Archive, Report 2017\/1066 (2017). https:\/\/eprint.iacr.org\/2017\/1066"},{"key":"22_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-540-89255-7_15","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"J Camenisch","year":"2008","unstructured":"Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234\u2013252. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-89255-7_15"},{"key":"22_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/3-540-44987-6_7","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2001","author":"J Camenisch","year":"2001","unstructured":"Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93\u2013118. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_7"},{"key":"22_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/3-540-48910-X_8","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1999","author":"J Camenisch","year":"1999","unstructured":"Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107\u2013122. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_8"},{"key":"22_CR19","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/BFb0052252","volume-title":"Advances in Cryptology \u2014 CRYPTO '97","author":"Jan Camenisch","year":"1997","unstructured":"Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski Jr. [49], pp. 410\u2013424"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"Chase, M., Derler, D., Goldfeder, S., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D., Zaverucha, G.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1825\u20131842. ACM (2017)","DOI":"10.1145\/3133956.3133997"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-662-53015-3_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Chase","year":"2016","unstructured":"Chase, M., Ganesh, C., Mohassel, P.: Efficient zero-knowledge proof of algebraic and non-algebraic statements with applications to privacy preserving credentials. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 499\u2013530. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53015-3_18"},{"key":"22_CR22","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-1-4757-0602-4_18","volume-title":"Advances in Cryptology","author":"D Chaum","year":"1982","unstructured":"Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, pp. 199\u2013203. Plenum Press, New York (1982). https:\/\/doi.org\/10.1007\/978-1-4757-0602-4_18"},{"key":"22_CR23","doi-asserted-by":"crossref","unstructured":"Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: 26th FOCS, pp. 372\u2013382. IEEE Computer Society Press, October 1985","DOI":"10.1109\/SFCS.1985.2"},{"key":"22_CR24","doi-asserted-by":"crossref","unstructured":"Costello, C., Fournet, C., Howell, J., Kohlweiss, M., Kreuter, B., Naehrig, M., Parno, B., Zahur, S.: Geppetto: versatile verifiable computation. In: 2015 IEEE Symposium on Security and Privacy, pp. 253\u2013270. IEEE Computer Society Press, May 2015","DOI":"10.1109\/SP.2015.23"},{"key":"22_CR25","series-title":"LNCS","volume-title":"TCC 2012","year":"2012","unstructured":"Cramer, R. (ed.): TCC 2012. LNCS, vol. 7194. Springer, Heidelberg (2012)"},{"key":"22_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 1994","author":"R Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174\u2013187. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48658-5_19"},{"key":"22_CR27","doi-asserted-by":"crossref","unstructured":"Dagher, G.G., B\u00fcnz, B., Bonneau, J., Clark, J., Boneh, D.: Provisions: privacy-preserving proofs of solvency for bitcoin exchanges. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 720\u2013731. ACM Press, October 2015","DOI":"10.1145\/2810103.2813674"},{"key":"22_CR28","unstructured":"D\u00e5mgard, I.: On Sigma Protocols. http:\/\/www.cs.au.dk\/~ivan\/Sigma.pdf"},{"key":"22_CR29","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/978-3-642-28914-9_4","volume-title":"Theory of Cryptography","author":"Ivan Damg\u00e5rd","year":"2012","unstructured":"Damg\u00e5rd, I., Faust, S., Hazay, C.: Secure two-party computation with low communication. In: Cramer [25], pp. 54\u201374"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Parno, B.: Cinderella: turning shabby X.509 certificates into elegant anonymous credentials with the magic of verifiable computation. In: 2016 IEEE Symposium on Security and Privacy, pp. 235\u2013254. IEEE Computer Society Press, May 2016","DOI":"10.1109\/SP.2016.22"},{"issue":"3","key":"22_CR31","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1090\/S0273-0979-07-01153-6","volume":"44","author":"H Edwards","year":"2007","unstructured":"Edwards, H.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44(3), 393\u2013422 (2007)","journal-title":"Bull. Am. Math. Soc."},{"key":"22_CR32","doi-asserted-by":"crossref","unstructured":"Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: Aho [5], pp. 210\u2013217","DOI":"10.1145\/28395.28419"},{"key":"22_CR33","unstructured":"Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string (extended abstract). In: 31st FOCS, pp. 308\u2013317. IEEE Computer Society Press, October 1990"},{"key":"22_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO 1986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"22_CR35","doi-asserted-by":"crossref","unstructured":"Fiore, D., Fournet, C., Ghosh, E., Kohlweiss, M., Ohrimenko, O., Parno, B.: Hash first, argue later: adaptive verifiable computations on outsourced data. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1304\u20131316. ACM Press, October 2016","DOI":"10.1145\/2976749.2978368"},{"key":"22_CR36","doi-asserted-by":"crossref","unstructured":"Fortnow, L.: The complexity of perfect zero-knowledge (extended abstract). In: Aho [5], pp. 204\u2013209","DOI":"10.1145\/28395.28418"},{"key":"22_CR37","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/BFb0052225","volume-title":"Advances in Cryptology \u2014 CRYPTO '97","author":"Eiichiro Fujisaki","year":"1997","unstructured":"Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr. [49], pp. 16\u201330"},{"issue":"2","key":"22_CR38","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/s00145-005-0307-3","volume":"19","author":"JA Garay","year":"2006","unstructured":"Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. J. Cryptol. 19(2), 169\u2013209 (2006)","journal-title":"J. Cryptol."},{"key":"22_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/978-3-642-38348-9_37","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"R Gennaro","year":"2013","unstructured":"Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626\u2013645. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_37"},{"key":"22_CR40","unstructured":"Giacomelli, I., Madsen, J., Orlandi, C.: Zkboo: faster zero-knowledge for boolean circuits. In: 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10\u201312 August 2016 (2016)"},{"key":"22_CR41","doi-asserted-by":"crossref","unstructured":"Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th FOCS, pp. 174\u2013187. IEEE Computer Society Press, October 1986","DOI":"10.1109\/SFCS.1986.47"},{"key":"22_CR42","doi-asserted-by":"crossref","unstructured":"Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho [5], pp. 218\u2013229","DOI":"10.1145\/28395.28420"},{"key":"22_CR43","unstructured":"Goldwasser, S., Lin, H., Rubinstein, A.: Delegation of computation without rejection problem from designated verifier CS-Proofs. Cryptology ePrint Archive, Report 2011\/456 (2011). http:\/\/eprint.iacr.org\/2011\/456"},{"key":"22_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-642-17373-8_19","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Groth","year":"2010","unstructured":"Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321\u2013340. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_19"},{"key":"22_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-662-46803-6_9","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"J Groth","year":"2015","unstructured":"Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 253\u2013280. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_9"},{"key":"22_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/3-540-45961-8_11","volume-title":"Advances in Cryptology\u2014EUROCRYPT 1988","author":"LC Guillou","year":"1988","unstructured":"Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123\u2013128. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-45961-8_11"},{"key":"22_CR47","unstructured":"2013 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2013"},{"key":"22_CR48","doi-asserted-by":"crossref","unstructured":"Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: Johnson, D.S., Feige, U. (eds.) 39th ACM STOC, pp. 21\u201330. ACM Press, June 2007","DOI":"10.1145\/1250790.1250794"},{"key":"22_CR49","series-title":"LNCS","volume-title":"CRYPTO 1997","year":"1997","unstructured":"Kaliski Jr., B.S. (ed.): CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997)"},{"key":"22_CR50","doi-asserted-by":"crossref","unstructured":"Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: Proceedings of the Twenty-fourth Annual ACM Symposium on Theory of Computing, pp. 723\u2013732. ACM (1992)","DOI":"10.1145\/129712.129782"},{"key":"22_CR51","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-28914-9_10","volume-title":"Theory of Cryptography","author":"Helger Lipmaa","year":"2012","unstructured":"Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer [25], pp. 169\u2013189"},{"key":"22_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-42033-7_3","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"H Lipmaa","year":"2013","unstructured":"Lipmaa, H.: Succinct non-interactive zero knowledge arguments from span programs and linear error-correcting codes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 41\u201360. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42033-7_3"},{"issue":"4","key":"22_CR53","doi-asserted-by":"publisher","first-page":"1253","DOI":"10.1137\/S0097539795284959","volume":"30","author":"S Micali","year":"2000","unstructured":"Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253\u20131298 (2000)","journal-title":"SIAM J. Comput."},{"key":"22_CR54","doi-asserted-by":"crossref","unstructured":"Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed E-cash from Bitcoin. In: IEEE S&P 2013 [47], pp. 397\u2013411","DOI":"10.1109\/SP.2013.34"},{"key":"22_CR55","doi-asserted-by":"crossref","unstructured":"Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427\u2013437. ACM Press, May 1990","DOI":"10.1145\/100216.100273"},{"key":"22_CR56","unstructured":"Noether, S., Mackenzie, A., Team, M.C.: Ring confidential transactions. https:\/\/lab.getmonero.org\/pubs\/MRL-0005.pdf"},{"key":"22_CR57","doi-asserted-by":"crossref","unstructured":"Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: IEEE S&P 2013 [47], pp. 238\u2013252","DOI":"10.1109\/SP.2013.47"},{"key":"22_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-46766-1_9","volume-title":"Advances in Cryptology \u2014 CRYPTO 1991","author":"TP Pedersen","year":"1992","unstructured":"Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129\u2013140. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/3-540-46766-1_9"},{"key":"22_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387\u2013398. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_33"},{"issue":"3","key":"22_CR60","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991)","journal-title":"J. Cryptol."},{"key":"22_CR61","unstructured":"Vadhan, S.P.: A study of statistical zero-knowledge proofs. Ph.D. thesis, Massachusetts Institute of Technology (1999)"},{"key":"22_CR62","unstructured":"Wilcox, Z.: Proving bitcoin reserves. https:\/\/iwilcox.me.uk\/2014\/proving-bitcoin-reserves"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-96878-0_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T23:35:02Z","timestamp":1751758502000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-96878-0_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319968773","9783319968780"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-96878-0_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"24 July 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"38","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}