{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T12:59:11Z","timestamp":1772283551237,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540406747","type":"print"},{"value":"9783540451464","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-45146-4_8","type":"book-chapter","created":{"date-parts":[[2010,6,22]],"date-time":"2010-06-22T17:51:19Z","timestamp":1277229079000},"page":"126-144","source":"Crossref","is-referenced-by-count":323,"title":["Practical Verifiable Encryption and Decryption of Discrete Logarithms"],"prefix":"10.1007","author":[{"given":"Jan","family":"Camenisch","sequence":"first","affiliation":[]},{"given":"Victor","family":"Shoup","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/3-540-44598-6_16","volume-title":"Advances in Cryptology - CRYPTO 2000","author":"G. Ateniese","year":"2000","unstructured":"Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol.\u00a01880, pp. 255\u2013270. Springer, Heidelberg (2000)"},{"key":"8_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/3-540-46035-7_6","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"J.H. An","year":"2002","unstructured":"An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 83\u2013107. Springer, Heidelberg (2002)"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: 4th ACM Conference on Computer and Communication Security, pp. 6\u201317 (1997)","DOI":"10.1145\/266420.266426"},{"issue":"4","key":"8_CR4","doi-asserted-by":"publisher","first-page":"591","DOI":"10.1109\/49.839935","volume":"18","author":"N. Asokan","year":"2000","unstructured":"Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications\u00a018(4), 591\u2013610 (2000)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"8_CR5","first-page":"77","volume-title":"IEEE Symposium on Security and Privacy","author":"F. Bao","year":"1998","unstructured":"Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: IEEE Symposium on Security and Privacy, pp. 77\u201385. IEEE Computer Society Press, Los Alamitos (1998)"},{"key":"8_CR6","unstructured":"Bellare, M., Goldwasser, S.: Encapsulated key escrow (1996) (Preprint)"},{"key":"8_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/3-540-45539-6_31","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"F. Boudot","year":"2000","unstructured":"Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 431\u2013444. Springer, Heidelberg (2000)"},{"issue":"8","key":"8_CR8","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1016\/0167-4048(90)90114-9","volume":"9","author":"H. B\u00fcrk","year":"1990","unstructured":"B\u00fcrk, H., Pfitzmann, A.: Digital payment systems enabling security and unobservability. Computer & Security\u00a09(8), 715\u2013721 (1990)","journal-title":"Computer & Security"},{"key":"8_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/3-540-45811-5_21","volume-title":"Information Security","author":"E. Bresson","year":"2002","unstructured":"Bresson, E., Stern, J.: Proofs of knowledge for non-monotone discretelog formulae and applications. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol.\u00a02433, pp. 272\u2013288. Springer, Heidelberg (2002)"},{"key":"8_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/3-540-44448-3_25","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"J. Camenisch","year":"2000","unstructured":"Camenisch, J., Damg\u00e5rd, I.: Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 331\u2013345. Springer, Heidelberg (2000)"},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"R. Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 174\u2013187. Springer, Heidelberg (1994)"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-44647-8_2","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"R. Canetti","year":"2001","unstructured":"Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 19\u201340. Springer, Heidelberg (2001)"},{"key":"8_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1007\/BFb0055723","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"D. Catalano","year":"1998","unstructured":"Catalano, D., Gennaro, R.: New efficient and secure protocols for verifiable signature sharing and other applications. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 105\u2013120. Springer, Heidelberg (1998)"},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1007\/3-540-48910-X_7","volume-title":"Advances in Cryptology - EUROCRYPT \u201999","author":"R. Canetti","year":"1999","unstructured":"Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.\u00a01592, pp. 90\u2013106. Springer, Heidelberg (1999)"},{"issue":"10","key":"8_CR15","doi-asserted-by":"publisher","first-page":"1030","DOI":"10.1145\/4372.4373","volume":"28","author":"D. Chaum","year":"1985","unstructured":"Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM\u00a028(10), 1030\u20131044 (1985)","journal-title":"Communications of the ACM"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/BFb0053427","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"D. Chaum","year":"1995","unstructured":"Chaum, D.: Designated confirmer signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 86\u201391. Springer, Heidelberg (1995)"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/3-540-44987-6_7","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"J. Camenisch","year":"2001","unstructured":"Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 93\u2013118. Springer, Heidelberg (2001)"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1007\/3-540-48910-X_8","volume-title":"Advances in Cryptology - EUROCRYPT \u201999","author":"J. Camenisch","year":"1999","unstructured":"Camenisch, J., Michels, M.: Proving in zero-knowledge that a number n is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.\u00a01592, pp. 107\u2013122. Springer, Heidelberg (1999)"},{"key":"8_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1007\/3-540-48405-1_27","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"J. Camenisch","year":"1999","unstructured":"Camenisch, J., Michels, M.: Separability and efficiency for generic group signature schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 413\u2013430. Springer, Heidelberg (1999)"},{"key":"8_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/3-540-45539-6_17","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"J. Camenisch","year":"2000","unstructured":"Camenisch, J., Michels, M.: Confirmer signature schemes secure against adaptive adversaries. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 243\u2013258. Springer, Heidelberg (2000)"},{"key":"8_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1007\/3-540-48071-4_7","volume-title":"Advances in Cryptology - CRYPTO \u201992","author":"D. Chaum","year":"1993","unstructured":"Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol.\u00a0740, pp. 89\u2013105. Springer, Heidelberg (1993)"},{"key":"8_CR22","unstructured":"Cramer, R.: Modular design of secure yet practical cryptographic protocols, Ph.D. thesis, University of Amsterdam (1996)"},{"key":"8_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"410","DOI":"10.1007\/BFb0052252","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"J. Camenisch","year":"1997","unstructured":"Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 410\u2013424. Springer, Heidelberg (1997)"},{"key":"8_CR24","unstructured":"Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption (2001), \n                    \n                      http:\/\/eprint.iacr.org\/2001\/108"},{"key":"8_CR25","unstructured":"Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms (2002), \n                    \n                      http:\/\/eprint.iacr.org\/2002\/161"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proc. 9th ACM Conference on Computer and Communications Security (2002)","DOI":"10.1145\/586110.586114"},{"key":"8_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/3-540-45539-6_31","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"I. Damg\u00e5rd","year":"2000","unstructured":"Damg\u00e5rd, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 431\u2013444. Springer, Heidelberg (2000)"},{"key":"8_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/3-540-36178-2_8","volume-title":"Advances in Cryptology - ASIACRYPT 2002","author":"I. Damg\u00e5rd","year":"2002","unstructured":"Damg\u00e5rd, I., Fujisaki, E.: An integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol.\u00a02501, pp. 125\u2013142. Springer, Heidelberg (2002)"},{"key":"8_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1007\/BFb0052225","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"E. Fujisaki","year":"1997","unstructured":"Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 16\u201330. Springer, Heidelberg (1997)"},{"key":"8_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1007\/3-540-49264-X_5","volume-title":"Advances in Cryptology - EUROCRYPT \u201995","author":"M. Franklin","year":"1995","unstructured":"Franklin, M., Reiter, M.: Verifiable signature sharing. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol.\u00a0921, pp. 50\u201363. Springer, Heidelberg (1995)"},{"key":"8_CR31","series-title":"Lecture Notes in Computer Science","first-page":"186","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"A. Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: Practical solution to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol.\u00a0263, pp. 186\u2013194. Springer, Heidelberg (1987)"},{"key":"8_CR32","unstructured":"Kilian, J., Petrank, E.: Identity escrow. Theory of Cryptography Library, Record Nr. 97-11 (August 1997), \n                    \n                      http:\/\/theory.lcs.mit.edu\/~tcryptol"},{"key":"8_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1007\/BFb0055727","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"J. Kilian","year":"1998","unstructured":"Kilian, J., Petrank, E.: Identity escrow. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 169\u2013185. Springer, Heidelberg (1998)"},{"key":"8_CR34","unstructured":"Micali, S.: Efficient certificate revocation and certified e-mail with transparent post offices, Presentation at the, RSA Security Conference (1997)"},{"key":"8_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"406","DOI":"10.1007\/BFb0054142","volume-title":"Advances in Cryptology - EUROCRYPT \u201998","author":"M. Michels","year":"1998","unstructured":"Michels, M., Stadler, M.: Generic constructions for secure and efficient confirmer signature schemes. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol.\u00a01403, pp. 406\u2013421. Springer, Heidelberg (1998)"},{"key":"8_CR36","series-title":"Lecture Notes in Computer Science","first-page":"223","volume-title":"Advances in Cryptology - EUROCRYPT \u201999","author":"P. Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.\u00a01592, pp. 223\u2013239. Springer, Heidelberg (1999)"},{"key":"8_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/3-540-46766-1_9","volume-title":"Advances in Cryptology - CRYPTO \u201991","author":"T.P. Pedersen","year":"1992","unstructured":"Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol.\u00a0576, pp. 129\u2013140. Springer, Heidelberg (1992)"},{"key":"8_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/3-540-45539-6_13","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"G. Poupard","year":"2000","unstructured":"Poupard, G., Stern, J.: Fair encryption of RSA keys. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 173\u2013190. Springer, Heidelberg (2000)"},{"key":"8_CR39","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1002\/cpa.3160390713","volume":"39","author":"M.O. Rabin","year":"1986","unstructured":"Rabin, M.O., Shallit, J.O.: Randomized algorithms in number theory. Communications on Pure and Applied Mathematics\u00a039, 239\u2013256 (1986)","journal-title":"Communications on Pure and Applied Mathematics"},{"key":"8_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"433","DOI":"10.1007\/3-540-46766-1_35","volume-title":"Advances in Cryptology - CRYPTO \u201991","author":"C. Rackoff","year":"1992","unstructured":"Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol.\u00a0576, pp. 433\u2013444. Springer, Heidelberg (1992)"},{"key":"8_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0054113","volume-title":"Advances in Cryptology - EUROCRYPT \u201998","author":"V. Shoup","year":"1998","unstructured":"Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol.\u00a01403, pp. 1\u201316. Springer, Heidelberg (1998)"},{"key":"8_CR42","unstructured":"Shoup, V.: A proposal for an ISO standard for public key encryption (2001), \n                    \n                      http:\/\/eprint.iacr.org\/2001\/112"},{"key":"8_CR43","series-title":"Lecture Notes in Computer Science","first-page":"191","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"M. Stadler","year":"1996","unstructured":"Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 191\u2013199. Springer, Heidelberg (1996)"},{"key":"8_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/BFb0054114","volume-title":"Advances in Cryptology - EUROCRYPT \u201998","author":"A. Young","year":"1998","unstructured":"Young, A., Young, M.: Auto-recoverable auto-certifiable cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol.\u00a01403, pp. 17\u201331. Springer, Heidelberg (1998)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology - CRYPTO 2003"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-45146-4_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,14]],"date-time":"2019-03-14T21:14:19Z","timestamp":1552598059000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-45146-4_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540406747","9783540451464"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-45146-4_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2003]]}}}