{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T13:00:39Z","timestamp":1772283639002,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540245735","type":"print"},{"value":"9783540305767","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/978-3-540-30576-7_4","type":"book-chapter","created":{"date-parts":[[2010,7,4]],"date-time":"2010-07-04T15:03:26Z","timestamp":1278255806000},"page":"50-65","source":"Crossref","is-referenced-by-count":38,"title":["Cryptography in Subgroups of $\\mathbb{Z}_{n}^{*}$"],"prefix":"10.1007","author":[{"given":"Jens","family":"Groth","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"480","DOI":"10.1007\/3-540-69053-0_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"N. Bari","year":"1997","unstructured":"Bari, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 480\u2013494. Springer, Heidelberg (1997)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"4_CR3","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/BF01933190","volume":"20","author":"R.P. Brent","year":"1980","unstructured":"Brent, R.P.: An improved monte carlo factorization algorithm. BIT\u00a020, 176\u2013184 (1980)","journal-title":"BIT"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology - CRYPTO 1994","author":"R. Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 174\u2013187. Springer, Heidelberg (1994)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Cohen, J.D., Fischer, M.J.: A robust and verifiable cryptographically secure election scheme. In: Proceedings of FOCS 1985, pp. 372\u2013382 (1985)","DOI":"10.1109\/SFCS.1985.2"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/978-3-540-30598-9_9","volume-title":"Security in Communication Networks","author":"J. Camenisch","year":"2005","unstructured":"Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol.\u00a03352, pp. 120\u2013133. Springer, Heidelberg (2005)"},{"key":"4_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1007\/3-540-36413-7_20","volume-title":"Security in Communication Networks","author":"J. Camenisch","year":"2003","unstructured":"Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol.\u00a02576, pp. 268\u2013289. Springer, Heidelberg (2003)"},{"key":"4_CR8","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4684-9316-0","volume-title":"Prime Numbers - a Computational Perspective","author":"R. Crandall","year":"2001","unstructured":"Crandall, R., Pomerance, C.: Prime Numbers - a Computational Perspective. Springer, Heidelberg (2001)"},{"issue":"3","key":"4_CR9","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1145\/357830.357847","volume":"3","author":"R. Cramer","year":"2000","unstructured":"Cramer, R., Shoup, V.: Signature schemes based on the strong rsa assumption. ACM Transactions on Information and System Security (TISSEC)\u00a03(3), 161\u2013185 (2000)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"4_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/3-540-36178-2_8","volume-title":"Advances in Cryptology - ASIACRYPT 2002","author":"I. Damg\u00e5rd","year":"2002","unstructured":"Damg\u00e5rd, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol.\u00a02501, pp. 125\u2013142. Springer, Heidelberg (2002)"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44586-2_9","volume-title":"Public Key Cryptography","author":"I. Damg\u00e5rd","year":"2001","unstructured":"Damg\u00e5rd, I., Jurik, M.J.: A generalisation, a simplification and some applications of paillier\u2019s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol.\u00a01992. Springer, Heidelberg (2001)"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-46035-7_17","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"I. Damg\u00e5rd","year":"2002","unstructured":"Damg\u00e5rd, I., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 256\u2013271. Springer, Heidelberg (2002)"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"581","DOI":"10.1007\/3-540-45708-9_37","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"I. Damg\u00e5rd","year":"2002","unstructured":"Damg\u00e5rd, I., Nielsen, J.B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 581\u2013596. Springer, Heidelberg (2002); Full paper available at \n                    \n                      http:\/\/www.brics.dk\/RS\/01\/41\/index.html"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-540-45146-4_15","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"I. Damg\u00e5rd","year":"2003","unstructured":"Damg\u00e5rd, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 247\u2013264. Springer, Heidelberg (2003)"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/3-540-45760-7_7","volume-title":"Topics in Cryptology - CT-RSA 2002","author":"M. Fischlin","year":"2002","unstructured":"Fischlin, M.: On the impossibility of constructing non-interactive statistically-secret protocols from any trapdoor one-way function. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol.\u00a02271, pp. 79\u201395. Springer, Heidelberg (2002)"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/3-540-36288-6_9","volume-title":"Public Key Cryptography - PKC 2003","author":"M. Fischlin","year":"2002","unstructured":"Fischlin, M.: The cramer-shoup strong-rsasignature scheme revisited. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol.\u00a02567, pp. 116\u2013129. Springer, Heidelberg (2002)"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1007\/BFb0052225","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"E. Fujisaki","year":"1997","unstructured":"Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 16\u201330. Springer, Heidelberg (1997)"},{"issue":"2","key":"4_CR18","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci.\u00a028(2), 270\u2013299 (1984)","journal-title":"J. Comput. Syst. Sci."},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"374","DOI":"10.1007\/3-540-46877-3_34","volume-title":"Advances in Cryptology - EUROCRYPT \u201990","author":"K. Kurosawa","year":"1991","unstructured":"Kurosawa, K., Katayama, Y., Ogata, W., Tsujii, S.: General public key residue cryptosystems and mental poker protocols. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol.\u00a0473, pp. 374\u2013388. Springer, Heidelberg (1991)"},{"key":"4_CR20","unstructured":"Koprowski, M.: Cryptographic protocols based on root extracting. Dissertation Series DS-03-11, BRICS, PhD thesis, pp.\u00a0xii+138 (2003)"},{"key":"4_CR21","doi-asserted-by":"publisher","first-page":"649","DOI":"10.2307\/1971363","volume":"126","author":"H.W. Lenstra","year":"1987","unstructured":"Lenstra, H.W.: Factoring integers with elliptic curves. Ann. of Math.\u00a0126, 649\u2013673 (1987)","journal-title":"Ann. of Math."},{"key":"4_CR22","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1090\/S0894-0347-1992-1137100-0","volume":"5","author":"H.W. Lenstra","year":"1992","unstructured":"Lenstra, H.W., Pomerance, C.: A rigourous time bound for factoring integers. J. Amer. Math. Soc.\u00a05, 483\u2013516 (1992)","journal-title":"J. Amer. Math. Soc."},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-540-24676-3_23","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"P.D. MacKenzie","year":"2004","unstructured":"MacKenzie, P.D., Yang, K.: On simulation-sound trapdoor commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol.\u00a03027, pp. 382\u2013400. Springer, Heidelberg (2004); Full paper available at \n                    \n                      http:\/\/eprint.iacr.org\/2003\/252"},{"key":"4_CR24","unstructured":"Nielsen, J.B.: On protocol security in the cryptographic model. Dissertation Series DS-03-8, BRICS, PhD thesis, pp.\u00a0xiv+341 (2003)"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: ACM Conference on Computer and Communications Security, pp. 59\u201366 (1998)","DOI":"10.1145\/288090.288106"},{"key":"4_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/BFb0054135","volume-title":"Advances in Cryptology - EUROCRYPT 1998","author":"T. Okamoto","year":"1998","unstructured":"Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol.\u00a01403, pp. 308\u2013318. Springer, Heidelberg (1998)"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/3-540-48910-X_16","volume-title":"Advances in Cryptology - EUROCRYPT 1999","author":"P. Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.\u00a01592, pp. 223\u2013239. Springer, Heidelberg (1999)"},{"key":"4_CR28","doi-asserted-by":"publisher","first-page":"521","DOI":"10.1017\/S0305004100049252","volume":"76","author":"J.M. Pollard","year":"1974","unstructured":"Pollard, J.M.: Theorems of factorization and primality testing. Proc. Cambridge Phil. Soc.\u00a076, 521\u2013528 (1974)","journal-title":"Proc. Cambridge Phil. Soc."},{"key":"4_CR29","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/BF01933667","volume":"15","author":"J.M. Pollard","year":"1975","unstructured":"Pollard, J.M.: A monte carlo method for factorization. BIT\u00a015, 331\u2013334 (1975)","journal-title":"BIT"},{"issue":"143","key":"4_CR30","first-page":"918","volume":"32","author":"J.M. Pollard","year":"1978","unstructured":"Pollard, J.M.: Monte carlo methods for index computation (mod p). Math. Comp.\u00a032(143), 918\u2013924 (1978)","journal-title":"Math. Comp."},{"key":"4_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-3-540-48000-6_14","volume-title":"Advances in Cryptology - ASIACRYPT\u201999","author":"P. Paillier","year":"1999","unstructured":"Paillier, P., Pointcheval, D.: Efficient public-key cryptosystems provably secure against active adversaries. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol.\u00a01716, pp. 165\u2013179. Springer, Heidelberg (1999)"},{"key":"4_CR32","unstructured":"Rabin, M.O.: Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT\/LCS\/TR-212, MIT Laboratory for Computer Science (1979)"},{"issue":"2","key":"4_CR33","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM\u00a021(2), 120\u2013126 (1978)","journal-title":"Commun. ACM"},{"key":"4_CR34","doi-asserted-by":"crossref","first-page":"415","DOI":"10.1090\/pspum\/020\/0316385","volume-title":"1969 Number Theory Institute (Proc. Sympos. Pure Math.)","author":"D. Shanks","year":"1971","unstructured":"Shanks, D.: Class number, a theory of factorization, and genera. In: 1969 Number Theory Institute (Proc. Sympos. Pure Math.), State Univ. New York, Stony Brook, N.Y, vol.\u00a0XX, pp. 415\u2013440. Amer. Math. Soc, Providence (1971)"},{"key":"4_CR35","unstructured":"Zhu, H.: A formal proof of zhu\u2019s signature scheme. Cryptology ePrint Archive, Report 2003\/155 (2003), \n                    \n                      http:\/\/eprint.iacr.org\/"}],"container-title":["Lecture Notes in Computer Science","Theory of Cryptography"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30576-7_4.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,2]],"date-time":"2021-05-02T23:30:58Z","timestamp":1619998258000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30576-7_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540245735","9783540305767"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30576-7_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005]]}}}