{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T04:25:47Z","timestamp":1769315147578,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662490983","type":"print"},{"value":"9783662490990","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,12,24]],"date-time":"2015-12-24T00:00:00Z","timestamp":1450915200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-49099-0_5","type":"book-chapter","created":{"date-parts":[[2015,12,23]],"date-time":"2015-12-23T13:42:48Z","timestamp":1450878168000},"page":"112-141","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":38,"title":["Improved OR-Composition of Sigma-Protocols"],"prefix":"10.1007","author":[{"given":"Michele","family":"Ciampi","sequence":"first","affiliation":[]},{"given":"Giuseppe","family":"Persiano","sequence":"additional","affiliation":[]},{"given":"Alessandra","family":"Scafuro","sequence":"additional","affiliation":[]},{"given":"Luisa","family":"Siniscalchi","sequence":"additional","affiliation":[]},{"given":"Ivan","family":"Visconti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,24]]},"reference":[{"issue":"1","key":"5_CR1","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1587\/transfun.E96.A.92","volume":"96\u2013A","author":"M Abe","year":"2013","unstructured":"Abe, M., Okamoto, T., Suzuki, K.: Message recovery signature schemes from sigma-protocols. IEICE Trans. 96\u2013A(1), 92\u2013100 (2013)","journal-title":"IEICE Trans."},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/3-540-44987-6_30","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Fischlin, M., Goldwasser, S., Micali, S.: Identification protocols secure against reset attacks. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 495\u2013511. Springer, Heidelberg (2001)"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1007\/3-540-48071-4_28","volume-title":"Advances in Cryptology - CRYPTO \u201992","author":"M Bellare","year":"1993","unstructured":"Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390\u2013420. Springer, Heidelberg (1993)"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1007\/978-3-662-46497-7_16","volume-title":"Theory of Cryptography","author":"N Bitansky","year":"2015","unstructured":"Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 401\u2013427. Springer, Heidelberg (2015)"},{"key":"5_CR5","unstructured":"Blum, M.: How to prove a theorem so no one else can claim it. In: International Congress of Mathematicians, p. 1444 (1986)"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/978-3-540-88313-5_24","volume-title":"Computer Security - ESORICS 2008","author":"C Blundo","year":"2008","unstructured":"Blundo, C., Persiano, G., Sadeghi, A.-R., Visconti, I.: Improved security notions and protocols for non-transferable identification. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 364\u2013378. Springer, Heidelberg (2008)"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1007\/978-3-540-70583-3_37","volume-title":"Automata, Languages and Programming","author":"R Canetti","year":"2008","unstructured":"Canetti, R., Dakdouk, R.R.: Extractable perfectly one-way functions. In: Aceto, L., Damg\u00e5rd, I., Goldberg, L.A., Halld\u00f3rsson, M.M., Ing\u00f3lfsd\u00f3ttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 449\u2013460. Springer, Heidelberg (2008)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235\u2013244 (2000)","DOI":"10.1145\/335305.335334"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/11681878_7","volume-title":"Theory of Cryptography","author":"D Catalano","year":"2006","unstructured":"Catalano, D., Dodis, Y., Visconti, I.: Mercurial commitments: minimal assumptions and efficient constructions. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 120\u2013144. Springer, Heidelberg (2006)"},{"key":"5_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1007\/11523468_25","volume-title":"Automata, Languages and Programming","author":"D Catalano","year":"2005","unstructured":"Catalano, D., Visconti, I.: Hybrid trapdoor commitments and their applications. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 298\u2013310. Springer, Heidelberg (2005)"},{"issue":"1\u20133","key":"5_CR11","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1016\/j.tcs.2007.01.007","volume":"374","author":"D Catalano","year":"2007","unstructured":"Catalano, D., Visconti, I.: Hybrid commitments and their applications to zero-knowledge proof systems. Theor. Comput. Sci. 374(1\u20133), 229\u2013260 (2007)","journal-title":"Theor. Comput. Sci."},{"key":"5_CR12","first-page":"650","volume":"2015","author":"P Chaidos","year":"2015","unstructured":"Chaidos, P., Groth, J.: Making sigma-protocols non-interactive without random oracles. PKC 2015, 650\u2013670 (2015)","journal-title":"PKC"},{"key":"5_CR13","unstructured":"Ciampi, M., Persiano, G., Scafuro, A., Siniscalchi, L., Visconti, I.: Improved OR composition of Sigma-protocols. IACR Cryptology ePrint Archive 2015, vol. 810 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/810"},{"key":"5_CR14","unstructured":"Ciampi, M., Persiano, G., Siniscalchi, L., Visconti, I.: A transform for NIZK almost as efficient and general as the Fiat-Shamir transform without programmable random oracles. IACR Cryptology ePrint Archive, vol. 770 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/770"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Ciampi, M., Persiano, G., Siniscalchi, L., Visconti, I.: A transform for NIZK almost as efficient and general as the Fiat-Shamir transform without programmable random oracles. In: Theory of Cryptography - 13th Theory of Cryptography Conference, TCC 2016-A, Tel Aviv, Israel, 10\u201313 January 2016","DOI":"10.1007\/978-3-662-49099-0_4"},{"key":"5_CR16","unstructured":"Cramer, R.: Modular design of secure yet practical cryptographic protocols. Ph.D. thesis, University of Amsterdam (1996)"},{"key":"5_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1007\/BFb0055745","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"R Cramer","year":"1998","unstructured":"Cramer, R., Damg\u00e5rd, I.B.: Zero-knowledge proofs for finite field arithmetic or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424\u2013441. Springer, Heidelberg (1998)"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/3-540-48658-5_19","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"R Cramer","year":"1994","unstructured":"Cramer, R., Damg\u00e5rd, I.B., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174\u2013187. Springer, Heidelberg (1994)"},{"key":"5_CR19","unstructured":"Damg\u00e5rd, I.: On \n                      \n                        \n                      \n                      $$\\Sigma $$\n                    -protocol (2010). \n                      http:\/\/www.cs.au.dk\/~ivan\/Sigma.pdf"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: STOC 2003, pp. 426\u2013437 (2003)","DOI":"10.1145\/780542.780605"},{"key":"5_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-540-28628-8_15","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"G Crescenzo Di","year":"2004","unstructured":"Di Crescenzo, G., Persiano, G., Visconti, I.: Constant-round resettable zero knowledge with concurrent soundness in the bare public-key model. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 237\u2013253. Springer, Heidelberg (2004)"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"816","DOI":"10.1007\/11523468_66","volume-title":"Automata, Languages and Programming","author":"G Crescenzo Di","year":"2005","unstructured":"Di Crescenzo, G., Visconti, I.: Concurrent zero knowledge in the public-key model. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 816\u2013827. Springer, Heidelberg (2005)"},{"key":"5_CR23","first-page":"283","volume":"2000","author":"C Dwork","year":"2000","unstructured":"Dwork, C., Naor, M.: Zaps and their applications. FOCS 2000, 283\u2013293 (2000)","journal-title":"FOCS"},{"key":"5_CR24","unstructured":"Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string (extended abstract). In: FOCS 1990, pp. 308\u2013317. IEEE Computer Society (1990)"},{"issue":"2","key":"5_CR25","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/s00145-005-0307-3","volume":"19","author":"JA Garay","year":"2006","unstructured":"Garay, J.A., MacKenzie, P., Yang, K.: Strengthening zero-knowledge protocols using signatures. J. Cryptology 19(2), 169\u2013209 (2006)","journal-title":"J. Cryptology"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Goyal, V., Richelson, S., Rosen, A., Vald, M.: An algebraic approach to non-malleability. In: 55th FOCS 2014, pp. 41\u201350, Philadelphia, PA, USA. IEEE Computer Society, 18\u201321 October 2014","DOI":"10.1109\/FOCS.2014.13"},{"key":"5_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1007\/978-3-662-46803-6_9","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"J Groth","year":"2015","unstructured":"Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253\u2013280. Springer, Heidelberg (2015)"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/11761679_21","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"J Groth","year":"2006","unstructured":"Groth, J., Ostrovsky, R., Sahai, A.: Perfect Non-interactive Zero Knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339\u2013358. Springer, Heidelberg (2006)"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/3-540-45961-8_11","volume-title":"Advances in Cryptology - EUROCRYPT \u201988","author":"LC Guillou","year":"1988","unstructured":"Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: G\u00fcnther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123\u2013128. Springer, Heidelberg (1988)"},{"key":"5_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-540-28628-8_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"J Katz","year":"2004","unstructured":"Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335\u2013354. Springer, Heidelberg (2004)"},{"key":"5_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/3-540-38424-3_26","volume-title":"Advances in Cryptology - CRYPTO \u201990","author":"D Lapidot","year":"1991","unstructured":"Lapidot, D., Shamir, A.: Publicly Verifiable Non-interactive Zero-Knowledge Proofs. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 353\u2013365. Springer, Heidelberg (1991)"},{"key":"5_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-662-46494-6_5","volume-title":"Theory of Cryptography","author":"Y Lindell","year":"2015","unstructured":"Lindell, Y.: An efficient transform from sigma protocols to NIZK with a CRS and non-programmable random oracle. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 93\u2013109. Springer, Heidelberg (2015)"},{"issue":"2","key":"5_CR33","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/s00145-014-9177-x","volume":"28","author":"Y Lindell","year":"2015","unstructured":"Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. J. Cryptology 28(2), 312\u2013350 (2015)","journal-title":"J. Cryptology"},{"issue":"2-3","key":"5_CR34","doi-asserted-by":"crossref","first-page":"663","DOI":"10.1007\/s10623-015-0103-5","volume":"77","author":"Ueli Maurer","year":"2015","unstructured":"Maurer, U.: Zero-knowledge proofs of knowledge for group homomorphisms. Des. Codes Crypt. 77, 663\u2013676 (2015)","journal-title":"Designs, Codes and Cryptography"},{"key":"5_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-642-02384-2_17","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2009","author":"U Maurer","year":"2009","unstructured":"Maurer, U.: Unifying zero-knowledge proofs of knowledge. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 272\u2013286. Springer, Heidelberg (2009)"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-642-11799-2_32","volume-title":"Theory of Cryptography","author":"R Ostrovsky","year":"2010","unstructured":"Ostrovsky, R., Pandey, O., Visconti, I.: Efficiency preserving transformations for concurrent non-malleable zero knowledge. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 535\u2013552. Springer, Heidelberg (2010)"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"578","DOI":"10.1007\/978-3-319-10879-7_33","volume-title":"Security and Cryptography for Networks","author":"R Ostrovsky","year":"2014","unstructured":"Ostrovsky, R., Rao, V., Visconti, I.: On selective-opening attacks against encryption schemes. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 578\u2013597. Springer, Heidelberg (2014)"},{"key":"5_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/3-540-39200-9_10","volume-title":"Advances in Cryptology \u2013 EUROCRPYT 2003","author":"R Pass","year":"2003","unstructured":"Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160\u2013176. Springer, Heidelberg (2003)"},{"key":"5_CR39","unstructured":"Pass, R.: Alternative Variants of Zero-Knowledge Proofs. Master\u2019s thesis, Kungliga Tekniska H\u00f6gskolan, licentiate Thesis Stockholm, Sweden (2004)"},{"key":"5_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387\u2013398. Springer, Heidelberg (1996)"},{"key":"5_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-642-29011-4_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Scafuro","year":"2012","unstructured":"Scafuro, A., Visconti, I.: On round-optimal zero knowledge in the bare public-key model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 153\u2013171. Springer, Heidelberg (2012)"},{"key":"5_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"C-P Schnorr","year":"1990","unstructured":"Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239\u2013252. Springer, Heidelberg (1990)"},{"key":"5_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1007\/11787006_3","volume-title":"Automata, Languages and Programming","author":"I Visconti","year":"2006","unstructured":"Visconti, I.: Efficient zero knowledge on the internet. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 22\u201333. Springer, Heidelberg (2006)"},{"key":"5_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-72540-4_8","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"M Yung","year":"2007","unstructured":"Yung, M., Zhao, Y.: Generic and practical resettable zero-knowledge in the bare public-key model. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 129\u2013147. Springer, Heidelberg (2007)"}],"container-title":["Lecture Notes in Computer Science","Theory of Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-49099-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,8]],"date-time":"2020-01-08T20:06:00Z","timestamp":1578513960000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-49099-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12,24]]},"ISBN":["9783662490983","9783662490990"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-49099-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,12,24]]},"assertion":[{"value":"24 December 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}