{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T11:27:23Z","timestamp":1769340443712,"version":"3.49.0"},"reference-count":89,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2015,1,27]],"date-time":"2015-01-27T00:00:00Z","timestamp":1422316800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2016,4]]},"DOI":"10.1007\/s00145-014-9196-7","type":"journal-article","created":{"date-parts":[[2015,1,26]],"date-time":"2015-01-26T18:55:02Z","timestamp":1422298502000},"page":"363-421","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":50,"title":["Structure-Preserving Signatures and Commitments to Group Elements"],"prefix":"10.1007","volume":"29","author":[{"given":"Masayuki","family":"Abe","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Georg","family":"Fuchsbauer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jens","family":"Groth","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kristiyan","family":"Haralambiev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Miyako","family":"Ohkubo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,1,27]]},"reference":[{"key":"9196_CR1","doi-asserted-by":"crossref","unstructured":"M. Abe, J. Camenisch, M. Dubovitskaya, R. Nishimaki, Universally composable adaptive oblivious transfer (with access control) from standard assumptions, in Digital Identity Management, pp. 1\u201312 (2013)","DOI":"10.1145\/2517881.2517883"},{"key":"9196_CR2","unstructured":"M. Abe, M. Chase, B. David, M. Kohlweiss, R. Nishimaki, M. Ohkubo, Constant-size structure-preserving signatures generic constructions and simple assumptions, in X. Wang and K. Sako, editors, Advances in Cryptology\u2014ASIACRYPT 2012. LNCS, vol. 7658 (Springer, Berlin, 2012), pp. 4\u201324."},{"key":"9196_CR3","doi-asserted-by":"crossref","unstructured":"M. Abe, B. David, M. Kohlweiss, R. Nishimaki, M. Ohkubo, Tagged one-time signatures: tight security and optimal tag size, in K. Kurosawa, G. Hanaoka, editors, Public Key Cryptography\u2014PKC 2013. LNCS, vol. 7778 (Springer, Berlin, 2013), pp. 312\u2013331","DOI":"10.1007\/978-3-642-36362-7_20"},{"key":"9196_CR4","doi-asserted-by":"crossref","unstructured":"M. Abe, S, Fehr, Perfect NIZK with adaptive soundness, in S. P. Vadhan, editor, Theory of Cryptography\u2013TCC2007. LNCS, vol. 4392 (Springer, Berlin, 2007), pp. 118\u2013136","DOI":"10.1007\/978-3-540-70936-7_7"},{"key":"9196_CR5","unstructured":"M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Structure-preserving signatures and commitments to group elements, in T. Rabin, editor, Advances in Cryptology\u2014CRYPTO 2010. LNCS, vol. 6223, pp. 209\u2013237 (2010)"},{"key":"9196_CR6","doi-asserted-by":"crossref","unstructured":"M. Abe, J. Groth, K. Haralambiev, M. Ohkubo, Optimal structure-preserving signatures in asymmetric bilinear groups, in P. Rogaway, editor, Advances in Cryptology\u2014CRYPTO \u201911. LNCS, vol. 6841 (Springer, Berlin, 2011), pp. 649\u2013666","DOI":"10.1007\/978-3-642-22792-9_37"},{"key":"9196_CR7","unstructured":"M. Abe, K. Haralambiev, M. Ohkubo, Signing on group elements for modular protocol designs. IACR ePrint Archive, Report 2010\/133, (2010). \n                    http:\/\/eprint.iacr.org"},{"key":"9196_CR8","doi-asserted-by":"crossref","unstructured":"M. Abe, K. Haralambiev, M. Ohkubo, Efficient message space extension for automorphic signatures, in Information Security\u2013ISC 2010. LNCS, vol. 6531 (Springer, Berlin, 2011), pp. 319\u2013330","DOI":"10.1007\/978-3-642-18178-8_28"},{"key":"9196_CR9","doi-asserted-by":"crossref","unstructured":"M. Abe, K. Haralambiev, M. Ohkubo, Group to group commitments do not shrink, in D. Pointcheval, T. Johansson, editors, Advances in Cryptology\u2014EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Berlin, 2012), pp. 301\u2013317","DOI":"10.1007\/978-3-642-29011-4_19"},{"key":"9196_CR10","doi-asserted-by":"crossref","unstructured":"M. Abe, M. Ohkubo, A framework for universally composable non-committing blind signatures. IJACT\n                           2(3), 229\u2013249 (2012)","DOI":"10.1504\/IJACT.2012.045581"},{"key":"9196_CR11","doi-asserted-by":"crossref","unstructured":"J. Alwen, Y. Dodis, D. Wichs, Survey: leakage resilience and the bounded retrieval model, in K. Kurosawa, editor, Information Theoretic Security. LNCS, vol. 5973 (Springer, Berlin, 2010), pp. 1\u201318","DOI":"10.1007\/978-3-642-14496-7_1"},{"key":"9196_CR12","unstructured":"G. Ateniese, J. Camenisch, S. Hohenberger, B. de Medeiros, Practical group signatures without random oracles. IACRePrint Archive, Report 2005\/385 (2005). \n                    http:\/\/eprint.iacr.org"},{"key":"9196_CR13","doi-asserted-by":"crossref","unstructured":"N. Attrapadung, B. Libert, T. Peters, Computing on authenticated data: new privacy definitions and constructions, in X. Wang, K. Sako, editors, Advances in Cryptology\u2014ASIACRYPT 2012. LNCS, vol. 7658 (Springer, Berlin, 2012), pp. 367\u2013385","DOI":"10.1007\/978-3-642-34961-4_23"},{"key":"9196_CR14","doi-asserted-by":"crossref","unstructured":"N. Attrapadung, B. Libert, T. Peters, Efficient completely context-hiding quotable and linearly homomorphic signatures, in K. Kurosawa, G. Hanaoka, editors, Public Key Cryptography\u2014PKC 2013. LNCS, vol. 7778 (Springer, Berlin, 2013) pp. 386\u2013404","DOI":"10.1007\/978-3-642-36362-7_24"},{"key":"9196_CR15","doi-asserted-by":"crossref","unstructured":"M. Belenkiy, M. Chase, M. Kohlweiss, A. Lysyanskaya, P-signatures and noninteractive anonymous credentials, in R. Canetti, editor, Theory of Cryptography\u2014TCC 2008. LNCS, vol. 4948, (Springer, Berlin, 2008), pp. 356\u2013374","DOI":"10.1007\/978-3-540-78524-8_20"},{"key":"9196_CR16","unstructured":"M. Bellare, D. Micciancio, B. Warinschi, Foundations of group signatures: formal definitions, simplified requirements and a construction based on general assumptions, in E. Biham, editor, Advances in Cryptology\u2014EUROCRPYT \u201903, LNCS, vol. 2656, pp. 614\u2013629 (2003)"},{"key":"9196_CR17","doi-asserted-by":"crossref","unstructured":"M. Bellare, C. Namprempre, D. Pointcheval, M. Eko, Theone-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptol.\n                           16(3), 185\u2013215 (2003)","DOI":"10.1007\/s00145-002-0120-1"},{"key":"9196_CR18","doi-asserted-by":"crossref","unstructured":"M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in First ACM Conference on Computer and Communication Security. (Association for Computing Machinery, 1993), pp. 62\u201373","DOI":"10.1145\/168588.168596"},{"key":"9196_CR19","doi-asserted-by":"crossref","unstructured":"M. Bellare, H. Shi, C. Zhang, Foundations of group signatures: the case of dynamic groups, in A. Menezes, editor, Topics in Cryptology\u2014CT-RSA 2005. LNCS, vol. 3376 (Springer, Berlin, 2005), pp. 154","DOI":"10.1007\/978-3-540-30574-3_11"},{"key":"9196_CR20","doi-asserted-by":"crossref","unstructured":"D. Bernhard, G. Fuchsbauer, E. Ghadafi, Efficient signatures of knowledge and DAA in the standard model, in M.J. Jacobson Jr., M.E. Locasto, P. Mohassel, R. Safavi-Naini, editors, Applied Cryptography and Network Security\u2014ACNS 2013. LNCS, vol. 7954. (Springer, Berlin, 2013), pp. 518\u2013533","DOI":"10.1007\/978-3-642-38980-1_33"},{"key":"9196_CR21","doi-asserted-by":"crossref","unstructured":"O. Blazy, S. Canard, G. Fuchsbauer, A. Gouget, H. Sibert, J. Traor\u00e9, Achieving optimal anonymity in transferable e-cash with a judge, in A. Nitaj, D. Pointcheval, editors, Progress in Cryptology\u2014AFRICACRYPT 2011. LNCS, vol. 6737 (Springer, Berlin, 2011), pp. 206\u2013223","DOI":"10.1007\/978-3-642-21969-6_13"},{"key":"9196_CR22","unstructured":"D. Boneh, X. Boyen. Short signatures without random oracles, in C. Cachin, J. Camenisch, editors, Advances in Cryptology\u2014EUROCRYPT 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 56\u201373."},{"key":"9196_CR23","doi-asserted-by":"crossref","unstructured":"D. Boneh, X. Boyen, H. Shacham, Short group signatures, in M. Franklin, editor, Advances in Cryptology\u2014CRYPTO \u201904. LNCS, vol. 3152 (Springer, Berlin, 2004), pp. 41\u201355","DOI":"10.1007\/978-3-540-28628-8_3"},{"key":"9196_CR24","doi-asserted-by":"crossref","unstructured":"D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, in J. Kilian, editor, Advances in Cryptology\u2014Crypto 2001. LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 213\u2013229","DOI":"10.1007\/3-540-44647-8_13"},{"key":"9196_CR25","doi-asserted-by":"crossref","unstructured":"D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in C. Boyd, editor, Advances in Cryptology\u2014ASIACRYPT 2001. LNCS, vol. 2248 (Springer, Berlin, 2001), pp. 514\u2013532","DOI":"10.1007\/3-540-45682-1_30"},{"key":"9196_CR26","doi-asserted-by":"crossref","unstructured":"D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in E. Biham, editor, Advances in Cryptology\u2014EUROCRYPT 2003, LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 416\u2013432","DOI":"10.1007\/3-540-39200-9_26"},{"key":"9196_CR27","doi-asserted-by":"crossref","unstructured":"D. Boneh, E.-J. Goh, K. Nissim, Evaluating 2-DNF formulas on ciphertexts, in J. Kilian, editor, Theory of Cryptography Conference\u2014TCC\u20192005. LNCS, vol. 3378 (Springer, Berlin, 2005), pp. 325\u2013341","DOI":"10.1007\/978-3-540-30576-7_18"},{"key":"9196_CR28","doi-asserted-by":"crossref","unstructured":"X. Boyen, B. Waters, Compact group signatures without random oracles, in Advances in Cryptology\u2014EUROCRYPT 2006. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 427\u2013444","DOI":"10.1007\/11761679_26"},{"key":"9196_CR29","doi-asserted-by":"crossref","unstructured":"X. Boyen, B. Waters, Full-domain subgroup hiding and constant-size group signatures, in Public Key Cryptography\u2014PKC 2007, LNCS, vol. 4450 (Springer, Berlin, 2007), pp. 1\u201315","DOI":"10.1007\/978-3-540-71677-8_1"},{"key":"9196_CR30","doi-asserted-by":"crossref","unstructured":"S. Brands, Rethinking public key infrastructure and digital certificates\u2014building privacy. Ph.D. thesis, (Eindhoven Institute of Technology, The Netherlands, 1999)","DOI":"10.7551\/mitpress\/5931.001.0001"},{"key":"9196_CR31","doi-asserted-by":"crossref","unstructured":"J. Camenisch, A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in Advances in Cryptology\u2014CRYPTO \u201904. LNCS, vol. 3152 (Springer, Berlin, 2004), pp. 56\u201372","DOI":"10.1007\/978-3-540-28628-8_4"},{"key":"9196_CR32","doi-asserted-by":"crossref","unstructured":"J. Camenisch, M. Stadler. Efficient group signature schemes for large groups, in B.S. Kaliski Jr., editor, Advances in Cryptology\u2014CRYPTO\u201997. LNCS, vol. 1294 (Springer, Berlin, 1997), pp. 410\u2013424","DOI":"10.1007\/BFb0052252"},{"key":"9196_CR33","doi-asserted-by":"crossref","unstructured":"J. Camenisch, M. Dubovitskaya, R.R. Enderlein, G. Neven. Oblivious transfer with hidden access control from attribute-based encryption, in I. Visconti, R. De Prisco, editors, SCN. LNCS, vol. 7485 (Springer, Berlin, 2012), pp. 559\u2013579","DOI":"10.1007\/978-3-642-32928-9_31"},{"key":"9196_CR34","doi-asserted-by":"crossref","unstructured":"J. Camenisch, K. Haralambiev, M. Kohlweiss, J. Lapon, V. Naessens, Structure preserving CCA secure encryption and applications, in D. H. Lee, X. Wang, editors, Advances in Cryptology\u2014ASIACRYPT 2011. LNCS, vol. 7073 (Springer, Berlin, 2011), pp. 89\u2013106","DOI":"10.1007\/978-3-642-25385-0_5"},{"key":"9196_CR35","doi-asserted-by":"crossref","unstructured":"J. Camenisch, M. Kohlweiss, C. Soriente, An accumulator based on bilinear maps and efficient revocation for anonymous credentials, in Public Key Cryptography\u2014PKC2009. LNCS, vol. 5443. (Springer, Berlin, 2009), pp. 481\u2013500","DOI":"10.1007\/978-3-642-00468-1_27"},{"key":"9196_CR36","doi-asserted-by":"crossref","unstructured":"J. Camenisch, M. Koprowski, B. Warinschi, Efficient blind signatures without random oracles, in C. Blundo, S. Cimato, editors, Security in Communication Networks\u2014SCN 2004. LNCS, vol. 3352. (Springer, Berlin, 2005), pp. 134\u2013148","DOI":"10.1007\/978-3-540-30598-9_10"},{"key":"9196_CR37","doi-asserted-by":"crossref","unstructured":"R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited, in Proceedings of the 30th Annual ACM Symposium on Theory of Computing, pp. 209\u2013218 (1998)","DOI":"10.1145\/276698.276741"},{"key":"9196_CR38","unstructured":"J. Cathalo, B. Libert, M. Yung, Group encryption: Non-interactive realization in the standard model, in M. Matsui, editor, Advances in Cryptology\u2014ASIACRYPT 2009. LNCS, vol. 5912, pp. 179\u2013196 (2009)"},{"key":"9196_CR39","doi-asserted-by":"crossref","unstructured":"M. Chase, M. Kohlweiss, A. Lysyanskaya, S. Meiklejohn, Malleable proof systems and applications, in D. Pointcheval, T. Johansson, editors, Advances in Cryptology\u2014EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Berlin, 2012), pp. 281\u2013300","DOI":"10.1007\/978-3-642-29011-4_18"},{"key":"9196_CR40","doi-asserted-by":"crossref","unstructured":"D. Chaum, Blind signatures for untraceable payments, in D. Chaum, R. Rivest, A. Sherman, editors, Advances in Cryptology\u2014Proceedings of Crypto\u201982. (Prenum Publishing Corporation, 1982), pp. 199\u2013204","DOI":"10.1007\/978-1-4757-0602-4_18"},{"key":"9196_CR41","doi-asserted-by":"crossref","unstructured":"D. Chaum, E. Van Heyst, Group signatures, in D.W. Davies, editor, Advances in Cryptology\u2014EUROCRYPT \u201991. LNCS, vol. 547 (Springer, Berlin, 1991), pp. 257\u2013265","DOI":"10.1007\/3-540-46416-6_22"},{"key":"9196_CR42","doi-asserted-by":"crossref","unstructured":"S. Chow, Real traceable signatures, in Selected Areas in Cryptography\u2014SAC \u201909. LNCS, vol. 5867 (Springer, Berlin, 2009), pp. 92\u2013107","DOI":"10.1007\/978-3-642-05445-7_6"},{"key":"9196_CR43","doi-asserted-by":"crossref","unstructured":"M. Fischlin, Round-optimal composable blind signatures in the common reference model, in C. Dwork, editor, Advances in Cryptology\u2014CRYPTO 2006. LNCS, vol. 4117 pp. 60\u201377 (2006)","DOI":"10.1007\/11818175_4"},{"key":"9196_CR44","doi-asserted-by":"crossref","unstructured":"M. Fischlin, D. Schr\u00f6der, Security of blind signatures under aborts, in Public Key Cryptography\u2014PKC2009. LNCS, vol. 5443 (Springer, Berlin, 2009), pp. 297\u2013316","DOI":"10.1007\/978-3-642-00468-1_17"},{"key":"9196_CR45","unstructured":"G. Fuchsbauer, Automorphic signatures in bilinear groups. Cryptology ePrint Archive, Report 2009\/320 (2009). \n                    http:\/\/eprint.iacr.org\/"},{"key":"9196_CR46","doi-asserted-by":"crossref","unstructured":"G. Fuchsbauer. Commuting signatures and verifiable encryption, in K.G. Paterson, editor, Advances in Cryptology\u2014EUROCRYPT 2011. LNCS, vol. 6632 (Springer, Berlin, 2011), pp. 224\u2013245","DOI":"10.1007\/978-3-642-20465-4_14"},{"key":"9196_CR47","doi-asserted-by":"crossref","unstructured":"G. Fuchsbauer, D. Pointcheval, Anonymous proxy signatures, in R. Ostrovsky, R. De Prisco, I. Visconti, editors, Security in Communication Networks\u2014SCN 2008. LNCS, vol. 5229 (Springer, Berlin, 2008), pp. 201\u2013217","DOI":"10.1007\/978-3-540-85855-3_14"},{"key":"9196_CR48","doi-asserted-by":"crossref","unstructured":"G. Fuchsbauer, D. Pointcheval, D. Vergnaud. Transferable constant-size fair e-cash, in J.A. Garay, A. Miyaji, A. Otsuka, editors, Cryptology and Network Security\u2014CANS 2009. LNCS, vol. 5888 (Springer, Berlin, 2009), pp. 226\u2013247","DOI":"10.1007\/978-3-642-10433-6_15"},{"key":"9196_CR49","doi-asserted-by":"crossref","unstructured":"G. Fuchsbauer, D. Vergnaud, Fair blind signatures without random oracles, in D.J. Bernstein, T. Lange, editors, Progress in Cryptology\u2014AFRICACRYPT 2010. LNCS, vol. 6055 (Springer, Berlin, 2010), pp. 16\u201333","DOI":"10.1007\/978-3-642-12678-9_2"},{"key":"9196_CR50","doi-asserted-by":"crossref","unstructured":"J. Furukawa, K. Sako, An efficient scheme for proving a shuffle, in J. Kilian, editor, Advances in Cryptology\u2014CRYPTO 2001. LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 368\u2013387","DOI":"10.1007\/3-540-44647-8_22"},{"key":"9196_CR51","doi-asserted-by":"crossref","unstructured":"S.D. Galbraith, K.G. Paterson, N.P. Smart, Pairings for cryptographers. Discrete Appl. Math.\n                           156(16), 3113\u20133121 (2008)","DOI":"10.1016\/j.dam.2007.12.010"},{"key":"9196_CR52","doi-asserted-by":"crossref","unstructured":"S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.\n                           17(2), 281\u2013308 (1988)","DOI":"10.1137\/0217017"},{"key":"9196_CR53","unstructured":"M. Green, S. Hohenberger, Universally composable adaptive oblivious transfer, in J. Pieprzyk, editor, Advances in Cryptology\u2014ASIACRYPT. LNCS, vol. 5350, pp. 179\u2013197 (2008)"},{"key":"9196_CR54","doi-asserted-by":"crossref","unstructured":"J. Groth, Simulation-sound NIZK proofs for a practical language and constant size group signatures, in X. Lai, K. Chen, editors, Advances in Cryptology\u2014ASIACRYPT 2006. LNCS, vol. 4284 (Springer, Berlin, 2006), pp. 444\u2013459","DOI":"10.1007\/11935230_29"},{"key":"9196_CR55","doi-asserted-by":"crossref","unstructured":"J. Groth, Fully anonymous group signatures without random oracles, in Advances in Cryptology\u2013ASIACRYPT 2007. LNCS, vol. 4833. (Springer, Berlin, 2007), pp. 164\u2013180","DOI":"10.1007\/978-3-540-76900-2_10"},{"key":"9196_CR56","unstructured":"J. Groth, Homomorphic trapdoor commitments to group elements. IACR ePrint Archive, Report 2009\/007, January 2009. Update version available from the author\u2019s homepage"},{"key":"9196_CR57","doi-asserted-by":"crossref","unstructured":"J. Groth, Linear algebra with sub-linear zero-knowledge arguments, in Advances in Cryptology\u2014CRYPTO 2009. LNCS, vol. 5677, pp. 192\u2013208 (2009)","DOI":"10.1007\/978-3-642-03356-8_12"},{"key":"9196_CR58","doi-asserted-by":"crossref","unstructured":"J. Groth, Efficient zero-knowledge arguments from two-tiered homomorphic commitments, in Advances in Cryptology\u2014ASIACRYPT 2011. LNCS (Springer, Berlin, 2011)","DOI":"10.1007\/978-3-642-25385-0_23"},{"key":"9196_CR59","doi-asserted-by":"crossref","unstructured":"J. Groth, A. Sahai, Efficient non-interactive proof systems for bilinear groups, in N.P. Smart, editor, Advances in Cryptology\u2014EUROCRYPT 2008. LNCS, vol. 4965 (Springer, Berlin, 2008), pp. 415\u2013432","DOI":"10.1007\/978-3-540-78967-3_24"},{"key":"9196_CR60","doi-asserted-by":"crossref","unstructured":"L.C. Guillou, J.-J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, in C.G. G\u00fcnther, editor, Advances in Cryptology\u2014EUROCRYPT \u201988. LNCS, vol. 330 (Springer, Berlin, 1988), pp. 123\u2013128","DOI":"10.1007\/3-540-45961-8_11"},{"key":"9196_CR61","doi-asserted-by":"crossref","unstructured":"C. Hazay, J. Katz, C. Koo, and Y. Lindell, Concurrently-secure blind signatures without random oracles or setup assumptions, in Theory of Cryptography Conference\u2014TCC 2007. LNCS, vol. 4392 (Springer, Berlin, 2007), pp. 323\u2013341","DOI":"10.1007\/978-3-540-70936-7_18"},{"key":"9196_CR62","doi-asserted-by":"crossref","unstructured":"D. Hofheinz, T. Jager, Tightly secure signatures and public-key encryption, in Advances in Cryptology\u2014CRYPTO 2012. LNCS, vol. 7417 (Springer, Berlin, 2012), pp. 590\u2013607","DOI":"10.1007\/978-3-642-32009-5_35"},{"key":"9196_CR63","doi-asserted-by":"crossref","unstructured":"A. Joux, A one round protocol for tripartite Diffie\u2013Hellman, in W. Bosma, editor, Algorithmic Number Theory\u2014ANTS-IV 2000. LNCS, vol. 1838 (Springer, Berlin, 2000), pp. 385\u2013394","DOI":"10.1007\/10722028_23"},{"key":"9196_CR64","doi-asserted-by":"crossref","unstructured":"A. Juels, M. Luby, R. Ostrovsky, Security of blind digital signatures, in B.S. Kaliski Jr., editor, Advances in Cryptology\u2014CRYPTO \u201997. LNCS, vol. 1294. (Springer, Berlin, 1997), pp. 150\u2013164","DOI":"10.1007\/BFb0052233"},{"key":"9196_CR65","doi-asserted-by":"crossref","unstructured":"J. Katz, Digital Signatures, (Springer, Berlin, 2010)","DOI":"10.1007\/978-0-387-27712-7"},{"key":"9196_CR66","doi-asserted-by":"crossref","unstructured":"A. Kiayias, H. Zhou, Concurrent blind signatures without random oracles, in Security in Communication Networks\u2014SCN 2006. LNCS, vol. 4116 (Springer, Berlin, 2006), pp. 49\u201362","DOI":"10.1007\/11832072_4"},{"key":"9196_CR67","doi-asserted-by":"crossref","unstructured":"A. Kiayias, H. Zhou. Equivocal blind signatures and adaptive UC-security, in R. Canetti, editor, Theory of Cryptography Conference\u2014TCC 2008. LNCS, vol. 4948 (Springer, Berlin, 2008), pp. 340\u2013355","DOI":"10.1007\/978-3-540-78524-8_19"},{"key":"9196_CR68","doi-asserted-by":"crossref","unstructured":"A. Kiayias, M. Yung, Group signatures with efficient concurrent join, in R. Cramer, editor, Advances in Cryptology\u2014EUROCRYPT 2005. LNCS, vol. 3494 (Springer, Berlin, 2005), pp. 198\u2013214","DOI":"10.1007\/11426639_12"},{"key":"9196_CR69","unstructured":"H. Krawczyk, T. Rabin, Chameleon Hashing and Signatures. Technical Report 1998\/010, IACR ePrint archive (1998)"},{"key":"9196_CR70","doi-asserted-by":"crossref","unstructured":"S. Kunz-Jacques, D. Pointcheval, About the security of MTI\/C0 and MQV, in R. De Prisco, M. Yung, editors, Security in Communication Networks\u2014SCN 2006. LNCS, vol. 4116 (Springer, Berlin, 2006), pp. 156\u2013172","DOI":"10.1007\/11832072_11"},{"key":"9196_CR71","doi-asserted-by":"crossref","unstructured":"B. Libert, T. Peters, M. Joye, M. Yung, Linearly homomorphic structure-preserving signatures and their applications, in R. Canetti, J. Garay, editors, Advances in Cryptology\u2014CRYPTO 2013. LNCS (Springer, Berlin, 2013)","DOI":"10.1007\/978-3-642-40084-1_17"},{"key":"9196_CR72","doi-asserted-by":"crossref","unstructured":"B. Libert, T. Peters, M. Yung, Group signatures with almost-for-free revocation, in R. Safavi-Naini, R. Canetti, editors, Advances in Cryptology\u2014CRYPTO 2012. LNCS, vol. 7417 (Springer, Berlin, 2012), pp. 571\u2013589","DOI":"10.1007\/978-3-642-32009-5_34"},{"key":"9196_CR73","doi-asserted-by":"crossref","unstructured":"B. Libert, T. Peters, M. Yung, Scalable group signatures with revocation, in Advances in Cryptology\u2014EUROCRYPT 2012. LNCS (Springer, Berlin, 2012)","DOI":"10.1007\/978-3-642-29011-4_36"},{"key":"9196_CR74","doi-asserted-by":"crossref","unstructured":"B. Libert, D. Vergnaud, Multi-use unidirectional proxy re-signatures, in P. Ning, P. F. Syverson, S. Jha, editors, ACM Conference on Computer and Communications Security (ACM, 2008), pp. 511\u2013520","DOI":"10.1145\/1455770.1455835"},{"key":"9196_CR75","doi-asserted-by":"crossref","unstructured":"B. Libert, D. Vergnaud, Group signatures with verifier-local revocation and backward unlinkability in the standard model, in Cryptology and Network Security\u2014CANS 2009 (Springer, Berlin, 2009), pp. 498\u2013517","DOI":"10.1007\/978-3-642-10433-6_34"},{"key":"9196_CR76","doi-asserted-by":"crossref","unstructured":"B. Libert, D. Vergnaud, Group signatures with verifier-local revocation and backward unlinkability in the standard model, in Cryptology and Network Security\u2014CANS 2009. (Springer, Berlin, 2009), pp. 498\u2013517","DOI":"10.1007\/978-3-642-10433-6_34"},{"key":"9196_CR77","doi-asserted-by":"crossref","unstructured":"H. Lipmaa, Verifiable homomorphic oblivious transfer and private equality test, in C.-S. Laih, editor, Advances in Cryptology\u2014ASIACRYPT 2003, LNCS, vol. 2894 (Springer, Berlin, 2003), pp. 416\u2013433","DOI":"10.1007\/978-3-540-40061-5_27"},{"key":"9196_CR78","doi-asserted-by":"crossref","unstructured":"A. Lysyanskaya, R.L. Rivest, A. Sahai, S. Wolf, Pseudonym systems, in Selected Areas in Cryptography\u2014SAC \u201999. LNCS, vol. 1758 (Springer, Berlin, 2000), pp. 184\u2013199","DOI":"10.1007\/3-540-46513-8_14"},{"key":"9196_CR79","doi-asserted-by":"crossref","unstructured":"P. Mohassel, One-time signatures and chameleon hash functions, in A. Biryukov, G. Gong, D.R. Stinson, editors, Selected Areas in Cryptography\u2014SAC 2010. LNCS, vol. 6544 (Springer, Berlin, 2011), pp. 302\u2013319","DOI":"10.1007\/978-3-642-19574-7_21"},{"key":"9196_CR80","doi-asserted-by":"crossref","unstructured":"M. Naor. On cryptographic assumptions and challenges, in D. Boneh, editor, Advances in Cryptology\u2014CRYPTO 2003. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 96\u2013109","DOI":"10.1007\/978-3-540-45146-4_6"},{"key":"9196_CR81","doi-asserted-by":"crossref","unstructured":"C.A. Neff, A verifiable secret shuffle and its application toe-voting, in M.K. Reiter, P. Samarati, editors, ACM Conference on Computer and Communications Security\u2014CCS 2001 (ACM, 2001), pp. 116\u2013125","DOI":"10.1145\/501983.502000"},{"key":"9196_CR82","doi-asserted-by":"crossref","unstructured":"T. Okamoto, Efficient blind and partially blind signatures without random oracles, in S. Halevi, T. Rabin, editors, Theory of Cryptography Conference\u2014TCC 2006. LNCS, vol. 3876 (Springer, Berlin, 2006), pp. 80\u201399. Full version available onePrint archive","DOI":"10.1007\/11681878_5"},{"key":"9196_CR83","doi-asserted-by":"crossref","unstructured":"T.P. Pedersen, A threshold cryptosystem without a trusted party, in D.W. Davies, editor, Advances in Cryptology\u2014EUROCRYPT\u201991. LNCS, vol. 547 (Springer, Berlin, 1991), pp. 522\u2013526","DOI":"10.1007\/3-540-46416-6_47"},{"key":"9196_CR84","doi-asserted-by":"crossref","unstructured":"D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. J. Cryptol.\n                           13(3), 339\u2013360 (2000)","DOI":"10.1007\/s001450010003"},{"key":"9196_CR85","doi-asserted-by":"crossref","unstructured":"M. R\u00fcckert, D. Schr\u00f6der, Security of verifiably encrypted signatures and a construction without random oracles, in H. Shacham, B. Waters, editors, Pairing-Based Cryptography\u2014PAIRING 2009. LNCS, vol. 5671 (Springer, Berlin, 2009), pp. 17\u201334","DOI":"10.1007\/978-3-642-03298-1_2"},{"key":"9196_CR86","unstructured":"R. Sakai, M. Kasahara, Cryptosystems based on pairing over elliptic curve (in japanese), in Symposium on Cryptography and Information Security. SCIS, vol. SCIS00-C20 (2000)"},{"key":"9196_CR87","doi-asserted-by":"crossref","unstructured":"J.T. Schwartz, Fast probabilistic algorithms for verification of polynomial identities. J. ACM\u00a0 27(4) (1980)","DOI":"10.1145\/322217.322225"},{"key":"9196_CR88","doi-asserted-by":"crossref","unstructured":"V. Shoup. Lower bounds for discrete logarithms and related problems, in W. Fumy, editor, Advances in Cryptology\u2014EUROCRYPT \u201997. LNCS, vol. 1233 (Springer, Berlin, 1997), pp. 256\u2013266","DOI":"10.1007\/3-540-69053-0_18"},{"key":"9196_CR89","doi-asserted-by":"crossref","unstructured":"J. Zhang, Z. Li, H. Guo. Anonymous transferable conditional e-cash, in A.D. Keromytis, R. Di Pietro, editors, Secure Comm. LNICST. vol. 106 (Springer, Berlin, 2012), pp. 45\u201360","DOI":"10.1007\/978-3-642-36883-7_4"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-014-9196-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-014-9196-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-014-9196-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-014-9196-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:21:55Z","timestamp":1586334115000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-014-9196-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,1,27]]},"references-count":89,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,4]]}},"alternative-id":["9196"],"URL":"https:\/\/doi.org\/10.1007\/s00145-014-9196-7","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,1,27]]},"assertion":[{"value":"20 August 2013","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 January 2015","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}