{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T01:56:45Z","timestamp":1778291805794,"version":"3.51.4"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2007,9,11]],"date-time":"2007-09-11T00:00:00Z","timestamp":1189468800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2008,4]]},"DOI":"10.1007\/s00145-007-9005-7","type":"journal-article","created":{"date-parts":[[2007,9,10]],"date-time":"2007-09-10T15:20:22Z","timestamp":1189437622000},"page":"149-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":453,"title":["Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups"],"prefix":"10.1007","volume":"21","author":[{"given":"Dan","family":"Boneh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xavier","family":"Boyen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2007,9,11]]},"reference":[{"key":"9005_CR1","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/3-540-46035-7_6","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2002","author":"J.H. An","year":"2002","unstructured":"J.H. An, Y. Dodis, T. Rabin, On the security of joint signature and encryption. In Advances in Cryptology\u2014EUROCRYPT 2002. LNCS, vol.\u00a02332 (Springer, Berlin, 2002), pp.\u00a083\u2013107."},{"key":"9005_CR2","unstructured":"P.S.L.M. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order. Cryptology ePrint Archive, Report 2005\/133, 2005. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"key":"9005_CR3","unstructured":"P.S.L.M. Barreto, S. Galbraith, C. O\u2019hEigeartaigh, M. Scott, Efficient pairing computation on supersingular Abelian varieties. Cryptology ePrint Archive, Report 2004\/375, 2004. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"key":"9005_CR4","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/168588.168596","volume-title":"Proceedings of ACM CCS 1993","author":"M. Bellare","year":"1993","unstructured":"M. Bellare, P. Rogaway, Random oracle are practical: a paradigm for designing efficient protocols. In Proceedings of ACM CCS 1993 (ACM Press, New York, 1993), pp.\u00a062\u201373."},{"key":"9005_CR5","series-title":"LNCS","first-page":"399","volume-title":"Advances in Cryptology\u2014EUROCRYPT 1996","author":"M. Bellare","year":"1996","unstructured":"M. Bellare, P. Rogaway, The exact security of digital signatures: how to sign with RSA and Rabin. In Advances in Cryptology\u2014EUROCRYPT 1996. LNCS, vol.\u00a01070 (Springer, Berlin, 1996), pp.\u00a0399\u2013416."},{"key":"9005_CR6","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1007\/BFb0052256","volume-title":"Advances in Cryptology\u2014CRYPTO 1997","author":"M. Bellare","year":"1997","unstructured":"M. Bellare, P. Rogaway, Collision-resistant hashing: Towards making UOWHFs practical. In Advances in Cryptology\u2014CRYPTO 1997. LNCS, vol.\u00a01294 (Springer, Berlin, 1997), pp.\u00a0470\u2013484."},{"key":"9005_CR7","series-title":"London Mathematical Society Lecture Notes","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781107360211","volume-title":"Elliptic Curves in Cryptography","author":"I. Blake","year":"1999","unstructured":"I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography. London Mathematical Society Lecture Notes, vol.\u00a0265 (Cambridge University Press, Cambridge, 1999)."},{"key":"9005_CR8","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1007\/978-3-540-24676-3_14","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, Efficient selective-ID identity based encryption without random oracles. In Advances in Cryptology\u2014EUROCRYPT 2004. LNCS, vol.\u00a03027 (Springer, Berlin, 2004), pp.\u00a0223\u2013238."},{"key":"9005_CR9","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1007\/978-3-540-24676-3_4","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, Short signatures without random oracles. In Advances in Cryptology\u2014EUROCRYPT 2004. LNCS, vol.\u00a03027 (Springer, Berlin, 2004), pp.\u00a056\u201373."},{"key":"9005_CR10","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1007\/978-3-540-28628-8_3","volume-title":"Advances in Cryptology\u2014CRYPTO 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, H. Shacham, Short group signatures. In Advances in Cryptology\u2014CRYPTO 2004. LNCS, vol.\u00a03152 (Springer, Berlin, 2004), pp.\u00a041\u201355."},{"issue":"4","key":"9005_CR11","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J.\u00a0Crypt.\n                           17(4), 297\u2013319 (2004). Extended abstract in Proceedings of Asiacrypt 2001, LNCS, vol.\u00a02248.","journal-title":"J.\u00a0Crypt."},{"key":"9005_CR12","unstructured":"D. Brown, R. Gallant, The static Diffie-Hellman problem. Cryptology ePrint Archive, Report 2004\/306, 2004. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"key":"9005_CR13","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1007\/978-3-540-24676-3_13","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2004","author":"R. Canetti","year":"2004","unstructured":"R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. In Advances in Cryptology\u2014EUROCRYPT 2004. LNCS, vol.\u00a03027 (Springer, Berlin, 2004), pp. 207\u2013222."},{"key":"9005_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11761679_1","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2006","author":"J.H. Cheon","year":"2006","unstructured":"J.H. Cheon, Security analysis of the strong Diffie-Hellman problem. In Advances in Cryptology\u2014EUROCRYPT 2006. LNCS, vol.\u00a04004 (Springer, Berlin, 2006), pp.\u00a01\u201313."},{"key":"9005_CR15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/3-540-44598-6_14","volume-title":"Advances in Cryptology\u2014CRYPTO 2000","author":"J.-S. Coron","year":"2000","unstructured":"J.-S. Coron, On the exact security of full domain hash. In Advances in Cryptology\u2014CRYPTO 2000. LNCS, vol.\u00a01880 (Springer, Berlin, 2000), pp.\u00a0229\u2013235."},{"key":"9005_CR16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/3-540-45539-6_7","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2000","author":"J.-S. Coron","year":"2000","unstructured":"J.-S. Coron, D. Naccache, Security analysis of the Gennaro-Halevi-Rabin signature scheme. In Advances in Cryptology\u2014EUROCRYPT 2000. LNCS, vol.\u00a01807 (Springer, Berlin, 2000), pp.\u00a091\u2013101."},{"key":"9005_CR17","series-title":"LNCS","first-page":"337","volume-title":"Proceedings of PKC 2003","author":"N. Courtois","year":"2003","unstructured":"N. Courtois, M. Daum, P. Felke, On the security of HFE, HFEv- and Quartz. In Proceedings of PKC 2003. LNCS, vol.\u00a02567 (Springer, Berlin, 2003), pp.\u00a0337\u2013350."},{"issue":"3","key":"9005_CR18","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1145\/357830.357847","volume":"3","author":"R. Cramer","year":"2000","unstructured":"R. Cramer, V. Shoup, Signature schemes based on the strong RS assumption. ACM TISSEC\n                           3(3), 161\u2013185 (2000). Extended abstract in Proceedings of ACM CCS, ACM Press, 1999.","journal-title":"ACM TISSEC"},{"key":"9005_CR19","series-title":"LNCS","first-page":"416","volume-title":"Proceedings of PKC 2005","author":"Y. Dodis","year":"2005","unstructured":"Y. Dodis, A. Yampolskiy, A\u00a0verifiable random function with short proofs and keys. In Proceedings of PKC 2005. LNCS, vol.\u00a03386 (Springer, Berlin, 2005), pp.\u00a0416\u2013431."},{"key":"9005_CR20","series-title":"LNCS","first-page":"116","volume-title":"Proceedings of PKC 2003","author":"M. Fischlin","year":"2003","unstructured":"M. Fischlin, The Cramer-Shoup strong-RSA signature scheme revisited. In Proceedings of PKC 2003. LNCS, vol.\u00a02567 (Springer, Berlin, 2003), pp.\u00a0116\u2013129."},{"key":"9005_CR21","series-title":"London Mathematical Society Lecture Notes","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1017\/CBO9780511546570.011","volume-title":"Advances in Elliptic Curve Cryptography","author":"S. Galbraith","year":"2005","unstructured":"S. Galbraith, Pairings. In Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N.\u00a0Smart, London Mathematical Society Lecture Notes, vol.\u00a0317 (Cambridge University Press, Cambridge, 2005), pp.\u00a0183\u2013213, chap.\u00a0IX."},{"key":"9005_CR22","unstructured":"S. Galbraith, K. Paterson, N. Smart, Pairings for cryptographers. Cryptology ePrint Archive, Report 2006\/165, 2006. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"key":"9005_CR23","series-title":"LNCS","first-page":"123","volume-title":"Advances in Cryptology\u2014EUROCRYPT 1999","author":"R. Gennaro","year":"1999","unstructured":"R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology\u2014EUROCRYPT 1999. LNCS, vol.\u00a01592 (Springer, Berlin, 1999), pp.\u00a0123\u2013139."},{"key":"9005_CR24","unstructured":"GMP Project. The GnuMP multiprecision arithmetic library. \n                    http:\/\/www.swox.com\/gmp\/\n                    \n                  ."},{"issue":"2","key":"9005_CR25","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"S. Goldwasser, S. Micali, R. Rivest, A\u00a0digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.\n                           17(2), 281\u2013308 (1988).","journal-title":"SIAM J. Comput."},{"key":"9005_CR26","unstructured":"R. Granger, N. Smart, On computing products of pairings. Cryptology ePrint Archive, Report 2006\/172, 2006. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"key":"9005_CR27","unstructured":"F. Hess, N.P. Smart, F. Vercauteren, The Eta pairing revisited. Cryptology ePrint Archive, Report 2006\/110, 2006. \n                    http:\/\/eprint.iacr.org\/\n                    \n                  ."},{"issue":"4","key":"9005_CR28","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/s00145-003-0052-4","volume":"16","author":"A. Joux","year":"2003","unstructured":"A. Joux, K. Nguyen, Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups. J.\u00a0Cryptol.\n                           16(4), 239\u2013247 (2003).","journal-title":"J.\u00a0Cryptol."},{"key":"9005_CR29","first-page":"155","volume-title":"Proceedings of ACM CCS 2003","author":"J. Katz","year":"2003","unstructured":"J. Katz, N. Wang, Efficiency improvements for signature schemes with tight security reductions. In Proceedings of ACM CCS 2003 (ACM Press, New York, 2003), pp.\u00a0155\u2013164."},{"key":"9005_CR30","unstructured":"H. Krawczyk, T. Rabin, Chameleon signatures. In Proceedings of NDSS 2000 (Internet Society, 2000)."},{"key":"9005_CR31","unstructured":"B. Lynn, The PBC pairing-based cryptography library. \n                    http:\/\/rooster.stanford.edu\/~ben\/pbc\/\n                    \n                  ."},{"issue":"5","key":"9005_CR32","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A. Menezes","year":"1993","unstructured":"A. Menezes, T. Okamoto, S. Vanstone, Reducing elliptic curve logarithms in a finite field. IEEE Trans. Inform. Theory\n                           39(5), 1639\u20131646 (1993).","journal-title":"IEEE Trans. Inform. Theory"},{"key":"9005_CR33","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"1997","unstructured":"A.J. Menezes, P.C. Van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography (CRC Press, Boca Raton, 1997)"},{"issue":"4","key":"9005_CR34","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/s00145-004-0315-8","volume":"17","author":"V. Miller","year":"2004","unstructured":"V. Miller, The Weil pairing, and its efficient calculation. J.\u00a0Cryptol.\n                           17(4), 235\u2013261 (2004).","journal-title":"J.\u00a0Cryptol."},{"issue":"2","key":"9005_CR35","first-page":"481","volume":"E85-A","author":"S. Mitsunari","year":"2002","unstructured":"S. Mitsunari, R. Sakai, M. Kasahara, A new traitor tracing. IEICE Trans. Fundam.\n                           E85-A(2), 481\u201384 (2002).","journal-title":"IEICE Trans. Fundam."},{"issue":"5","key":"9005_CR36","first-page":"1234","volume":"E84-A","author":"A. Miyaji","year":"2001","unstructured":"A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam.\n                           E84-A(5), 1234\u20131243 (2001).","journal-title":"IEICE Trans. Fundam."},{"key":"9005_CR37","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/3-540-45472-1_9","volume-title":"Proceedings of Financial Cryptography\u2014FC 2000","author":"D. Naccache","year":"2000","unstructured":"D. Naccache, J. Stern, Signing on a postcard. In Proceedings of Financial Cryptography\u2014FC 2000. LNCS, vol.\u00a01962 (Springer, Berlin, 2000), pp.\u00a0121\u2013135."},{"key":"9005_CR38","first-page":"33","volume-title":"Proceedings of ACM STOC 1989","author":"M. Naor","year":"1989","unstructured":"M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications. In Proceedings of ACM STOC 1989 (ACM Press, New York, 1989), pp.\u00a033\u201343."},{"key":"9005_CR39","series-title":"LNCS","first-page":"282","volume-title":"Proceedings of CT-RSA 2001","author":"J. Patarin","year":"2001","unstructured":"J. Patarin, N. Courtois, L. Goubin, QUARTZ, 128-bit long digital signatures. In Proceedings of CT-RSA 2001. LNCS, vol.\u00a02020 (Springer, Berlin, 2001), pp.\u00a0282\u2013297."},{"key":"9005_CR40","series-title":"London Mathematical Society Lecture Notes","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1017\/CBO9780511546570.012","volume-title":"Advances in Elliptic Curve Cryptography","author":"K. Paterson","year":"2005","unstructured":"K. Paterson, Cryptography from pairings. In Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N. Smart, London Mathematical Society Lecture Notes, vol.\u00a0317 (Cambridge University Press, Cambridge, 2005), pp.\u00a0215\u2013251, chap.\u00a0X."},{"key":"9005_CR41","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/3-540-45472-1_8","volume-title":"Proceedings of Financial Cryptography\u2014FC 2000","author":"L. Pintsov","year":"2000","unstructured":"L. Pintsov, S. Vanstone, Postal revenue collection in the digital age. In Proceedings of Financial Cryptography\u2014FC 2000. LNCS, vol.\u00a01962 (Springer, Berlin, 2000), pp.\u00a0105\u2013120."},{"key":"9005_CR42","volume-title":"Proceedings of IEEE FOCS 1999","author":"A. Sahai","year":"1999","unstructured":"A. Sahai, Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In Proceedings of IEEE FOCS 1999 (IEEE Press, New York, 1999)."},{"key":"9005_CR43","unstructured":"H. Shacham, Implementing pairing-based signature schemes. Presentation at the Pairings in Cryptography workshop\u2014PiC 2005. Dublin, Ireland, 2005."},{"key":"9005_CR44","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/3-540-44647-8_21","volume-title":"Advances in Cryptology\u2014CRYPTO 2001","author":"A. Shamir","year":"2001","unstructured":"A. Shamir, Y. Tauman, Improved online\/offline signature schemes. In Advances in Cryptology\u2014CRYPTO 2001. LNCS, vol.\u00a02139 (Springer, Berlin, 2001), pp.\u00a0355\u2013367."},{"key":"9005_CR45","series-title":"LNCS","first-page":"256","volume-title":"Advances in Cryptology\u2014EUROCRYPT 1997","author":"V. Shoup","year":"1997","unstructured":"V. Shoup, Lower bounds for discrete logarithms and related problems. In Advances in Cryptology\u2014EUROCRYPT 1997. LNCS, vol.\u00a01233 (Springer, Berlin, 1997), pp.\u00a0256\u2013266."},{"key":"9005_CR46","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1007\/3-540-45539-6_32","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2000","author":"V. Shoup","year":"2000","unstructured":"V. Shoup, A composition theorem for universal one-way hash functions. In Advances in Cryptology\u2014EUROCRYPT 2000. LNCS, vol.\u00a01807 (Springer, Berlin, 2000), pp.\u00a0445\u2013452."},{"key":"9005_CR47","unstructured":"V.D. T\u00f4, R. Safavi-Naini, F. Zhang, New traitor tracing schemes using bilinear map. In Proceedings of DRM Workshop, 2003."},{"key":"9005_CR48","series-title":"LNCS","first-page":"277","volume-title":"Proceedings of PKC 2004","author":"F. Zhang","year":"2004","unstructured":"F. Zhang, R. Safavi-Naini, W. Susilo, An efficient signature scheme from bilinear pairings and its applications, In Proceedings of PKC 2004. LNCS, vol.\u00a02947 (Springer, Berlin, 2004), pp.\u00a0277\u2013290."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9005-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-007-9005-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9005-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9005-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:37:36Z","timestamp":1586335056000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-007-9005-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,9,11]]},"references-count":48,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,4]]}},"alternative-id":["9005"],"URL":"https:\/\/doi.org\/10.1007\/s00145-007-9005-7","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,9,11]]},"assertion":[{"value":"20 January 2005","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 December 2006","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 September 2007","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}