{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,27]],"date-time":"2025-07-27T07:32:58Z","timestamp":1753601578019},"reference-count":87,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2021,9,18]],"date-time":"2021-09-18T00:00:00Z","timestamp":1631923200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,9,18]],"date-time":"2021-09-18T00:00:00Z","timestamp":1631923200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2021,10]]},"DOI":"10.1007\/s00145-021-09408-w","type":"journal-article","created":{"date-parts":[[2021,9,18]],"date-time":"2021-09-18T08:02:51Z","timestamp":1631952171000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Compact Designated Verifier NIZKs from the CDH Assumption Without Pairings"],"prefix":"10.1007","volume":"34","author":[{"given":"Shuichi","family":"Katsumata","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryo","family":"Nishimaki","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shota","family":"Yamada","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takashi","family":"Yamakawa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,9,18]]},"reference":[{"key":"9408_CR1","unstructured":"H. Abusalah, Generic Instantiations of the Hidden Bits Model for Non-interactive Zero-Knowledge Proofs for NP. Master\u2019s thesis, RWTH-Aachen University (2013)"},{"key":"9408_CR2","doi-asserted-by":"crossref","unstructured":"E. Boyle, G. Couteau, N. Gilboa, Y. Ishai, Compressing vector OLE, in D. Lie, M. Mannan, M. Backes, X.F. Wang, editors, ACM CCS 2018 (ACM Press, 2018), pp. 896\u2013912","DOI":"10.1145\/3243734.3243868"},{"issue":"4","key":"9408_CR3","doi-asserted-by":"publisher","first-page":"994","DOI":"10.1137\/0215070","volume":"15","author":"PW Beame","year":"1986","unstructured":"P.W. Beame, S.A. Cook, H.J. Hoover, Log depth circuits for division and related problems. SIAM J. Comput. 15(4), 994\u20131003 (1986)","journal-title":"SIAM J. Comput."},{"key":"9408_CR4","doi-asserted-by":"crossref","unstructured":"M. Blum, P. Feldman, S. Micali, Non-interactive zero-knowledge and its applications (extended abstract), in 20th ACM STOC (ACM Press, 1988), pp. 103\u2013112","DOI":"10.1145\/62212.62222"},{"key":"9408_CR5","doi-asserted-by":"crossref","unstructured":"E. Boyle, N. Gilboa, Y. Ishai, Breaking the circuit size barrier for secure computation under DDH, in M. Robshaw, J. Katz, editors, CRYPTO\u00a02016, Part\u00a0I. LNCS, vol.9814 (Springer, Heidelberg, 2016), pp. 09\u2013539","DOI":"10.1007\/978-3-662-53018-4_19"},{"key":"9408_CR6","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, V. Koppula, T. Mour, NIZK from LPN and trapdoor hash via correlation intractability for approximable relations, in D. Micciancio, T. Ristenpart, editors, CRYPTO\u00a02020, Part\u00a0III, LNCS, vol. 12172 (Springer, Heidelberg, 2020), pp. 738\u2013767","DOI":"10.1007\/978-3-030-56877-1_26"},{"key":"9408_CR7","doi-asserted-by":"crossref","unstructured":"M. Bellare, D. Micciancio, B. Warinschi, Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions, in E. Biham, editor, EUROCRYPT\u00a02003. LNCS, vol. 2656 (Springer, Heidelberg, 2003), pp. 614\u2013629","DOI":"10.1007\/3-540-39200-9_38"},{"key":"9408_CR8","doi-asserted-by":"crossref","unstructured":"N. Bitansky O. Paneth, ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation, in Y. Dodis, J.B. Nielsen, editors, TCC\u00a02015, Part\u00a0II. LNCS, vol. 9015 (Springer, Heidelberg, 2015), pp. 401\u2013427","DOI":"10.1007\/978-3-662-46497-7_16"},{"key":"9408_CR9","doi-asserted-by":"crossref","unstructured":"N. Bitansky, O. Paneth, D. Wichs, Perfect structure on the edge of chaos\u2014trapdoor permutations from indistinguishability obfuscation, in E. Kushilevitz, T. Malkin, editors, TCC\u00a02016-A, Part\u00a0I. LNCS, vol. 9562 (Springer, Heidelberg, 2016), pp. 474\u2013502","DOI":"10.1007\/978-3-662-49096-9_20"},{"issue":"3","key":"9408_CR10","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BF00208000","volume":"9","author":"M Bellare","year":"1996","unstructured":"M. Bellare, M. Yung, Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptol. 9(3), 149\u2013166 (1996)","journal-title":"J. Cryptol."},{"key":"9408_CR11","doi-asserted-by":"crossref","unstructured":"P. Chaidos, G. Couteau, Efficient designated-verifier non-interactive zero-knowledge proofs of knowledge, in J.B. Nielsen, V. Rijmen, editors, EUROCRYPT\u00a02018, Part\u00a0III. LNCS, vol. 10822 (Springer, Heidelberg, 2018), pp. 193\u2013221","DOI":"10.1007\/978-3-319-78372-7_7"},{"key":"9408_CR12","doi-asserted-by":"crossref","unstructured":"R. Canetti, Y. Chen, J. Holmgren, A. Lombardi, G.N. Rothblum, R.D. Rothblum, D. Wichs, Fiat-Shamir: from practice to theory, in M. Charikar, E. Cohen, editors, 51st ACM STOC (ACM Press, 2019), pp. 1082\u20131090","DOI":"10.1145\/3313276.3316380"},{"key":"9408_CR13","doi-asserted-by":"crossref","unstructured":"R. Canetti, Y. Chen, L. Reyzin, R.D. Rothblum, Fiat-Shamir and correlation intractability from strong KDM-secure encryption, in J.B. Nielsen, V. Rijmen, editors, EUROCRYPT\u00a02018, Part\u00a0I. LNCS, vol. 10820 (Springer, Heidelberg, 2018), pp. 91\u2013122","DOI":"10.1007\/978-3-319-78381-9_4"},{"key":"9408_CR14","doi-asserted-by":"crossref","unstructured":"R. Cramer, I. Damg\u00e5rd, Secret-key zero-knowlegde and non-interactive verifiable exponentiation, in M. Naor, editor, TCC\u00a02004. LNCS, vol. 2951 (Springer, Heidelberg, 2004), pp. 223\u2013237","DOI":"10.1007\/978-3-540-24638-1_13"},{"key":"9408_CR15","doi-asserted-by":"crossref","unstructured":"M. Chase, Y. Dodis, Y. Ishai, D. Kraschewski, T. Liu, R. Ostrovsky, V. Vaikuntanathan, Reusable non-interactive secure computation, in A. Boldyreva, D. Micciancio, editors, CRYPTO\u00a02019, Part\u00a0III, LNCS, vol. 11694 (Springer, Heidelberg, 2019), pp. 462\u2013488","DOI":"10.1007\/978-3-030-26954-8_15"},{"issue":"1","key":"9408_CR16","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/s00145-016-9249-1","volume":"31","author":"D Catalano","year":"2018","unstructured":"D. Catalano, D. Fiore, Practical homomorphic message authenticators for arithmetic circuits. J. Cryptol. 31(1), 23\u201359 (2018)","journal-title":"J. Cryptol."},{"key":"9408_CR17","doi-asserted-by":"crossref","unstructured":"R. Canetti, U. Feige, O. Goldreich, M. Naor, Adaptively secure multi-party computation, in 28th ACM STOC (ACM Press, 1996), pp. 639\u2013648","DOI":"10.1145\/237814.238015"},{"key":"9408_CR18","doi-asserted-by":"crossref","unstructured":"D. Chaum, A. Fiat, M. Naor, Untraceable electronic cash, in S. Goldwasser, editor, CRYPTO\u201988. LNCS, vol. 403 (Springer, Heidelberg, 1990), pp. 319\u2013327","DOI":"10.1007\/0-387-34799-2_25"},{"key":"9408_CR19","doi-asserted-by":"crossref","unstructured":"P. Chaidos, J. Groth, Making sigma-protocols non-interactive without random oracles, in J. Katz, editor, PKC\u00a02015 LNCS, vol. 9020 (Springer, Heidelberg, April 2015), pp. 650\u2013670","DOI":"10.1007\/978-3-662-46447-2_29"},{"key":"9408_CR20","doi-asserted-by":"crossref","unstructured":"G. Couteau, D. Hofheinz, Designated-verifier pseudorandom generators, and their applications, in Y. Ishai, V. Rijmen, editors, EUROCRYPT\u00a02019, Part\u00a0II LNCS, vol. 11477 (Springer, Heidelberg, 2019), pp. 562\u2013592","DOI":"10.1007\/978-3-030-17656-3_20"},{"issue":"10","key":"9408_CR21","doi-asserted-by":"publisher","first-page":"1030","DOI":"10.1145\/4372.4373","volume":"28","author":"D Chaum","year":"1985","unstructured":"D. Chaum, Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030\u20131044 (1985)","journal-title":"Commun. ACM"},{"key":"9408_CR22","doi-asserted-by":"crossref","unstructured":"R. Canetti, S. Halevi, J. Katz, A forward-secure public-key encryption scheme, in E. Biham, editor, EUROCRYPT\u00a02003. LNCS, vol. 2656 (Springer, Heidelberg, 2003), pp. 255\u2013271","DOI":"10.1007\/3-540-39200-9_16"},{"issue":"3","key":"9408_CR23","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/s00145-006-0442-5","volume":"20","author":"R Canetti","year":"2007","unstructured":"R. Canetti, S. Halevi, J. Katz, A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265\u2013294 (2007)","journal-title":"J. Cryptol."},{"issue":"4","key":"9408_CR24","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1007\/s00145-009-9041-6","volume":"22","author":"D Cash","year":"2009","unstructured":"D. Cash, E. Kiltz, V. Shoup, The twin Diffie\u2013Hellman problem and applications. J. Cryptol. 22(4), 470\u2013504 (2009)","journal-title":"J. Cryptol."},{"key":"9408_CR25","doi-asserted-by":"crossref","unstructured":"G. Couteau, S. Katsumata, B. Ursu, Non-interactive zero-knowledge in pairing-free groups from weaker assumptions, in A. Canteaut, Y. Ishai, editors, EUROCRYPT\u00a02020, Part\u00a0III. LNCS, vol. 12107 (Springer, Heidelberg, 2020), pp. 442\u2013471","DOI":"10.1007\/978-3-030-45727-3_15"},{"key":"9408_CR26","doi-asserted-by":"crossref","unstructured":"R. Canetti, A. Lichtenberg, Certifying trapdoor permutations, revisited, in A. Beimel, S. Dziembowski, editors, TCC\u00a02018, Part\u00a0I. LNCS, vol. 11239 (Springer, Heidelberg, 2018), pp. 476\u2013506","DOI":"10.1007\/978-3-030-03807-6_18"},{"key":"9408_CR27","doi-asserted-by":"crossref","unstructured":"R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in L.R. Knudsen, editor, EUROCRYPT\u00a02002. LNCS, vol. 2332 (Springer, Heidelberg, 2002), pp. 45\u201364","DOI":"10.1007\/3-540-46035-7_4"},{"issue":"1","key":"9408_CR28","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R Cramer","year":"2003","unstructured":"R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003)","journal-title":"SIAM J. Comput."},{"key":"9408_CR29","doi-asserted-by":"crossref","unstructured":"R. Cohen, A. Shelat, D. Wichs, Adaptively secure MPC with sublinear communication complexity, in A. Boldyreva, D. Micciancio, editors, CRYPTO\u00a02019, Part\u00a0II. LNCS, vol. 11693 (Springer, Heidelberg, 2019), pp. 30\u201360","DOI":"10.1007\/978-3-030-26951-7_2"},{"key":"9408_CR30","doi-asserted-by":"crossref","unstructured":"D. Chaum, E. van Heyst, Group signatures, in D.W. Davies, editor, EUROCRYPT\u201991. LNCS, vol. 547 (Springer, Heidelberg, 1991), pp. 257\u2013265","DOI":"10.1007\/3-540-46416-6_22"},{"key":"9408_CR31","doi-asserted-by":"crossref","unstructured":"I. Damg\u00e5rd, On the randomness of Legendre and Jacobi sequences, in S. Goldwasser, editor, CRYPTO\u201988. LNCS, vol. 403 (Springer, Heidelberg, 1990), pp. 163\u2013172","DOI":"10.1007\/0-387-34799-2_13"},{"key":"9408_CR32","doi-asserted-by":"crossref","unstructured":"I. Damg\u00e5rd, Non-interactive circuit based proofs and non-interactive perfect zero-knowledge with proprocessing, in R.A. Rueppel, editor, EUROCRYPT\u201992. LNCS, vol. 658 (Springer, Heidelberg, 1993), pp. 341\u2013355","DOI":"10.1007\/3-540-47555-9_28"},{"issue":"2","key":"9408_CR33","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D Dolev","year":"2000","unstructured":"D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput. 30(2), 391\u2013437 (2000)","journal-title":"SIAM J. Comput."},{"key":"9408_CR34","doi-asserted-by":"crossref","unstructured":"I. Damg\u00e5rd, N. Fazio, A. Nicolosi, Non-interactive zero-knowledge from homomorphic encryption, in S. Halevi, T. Rabin, editors, TCC\u00a02006. LNCS, vol. 3876 (Springer, Heidelberg, 2006), pp. 41\u201359","DOI":"10.1007\/11681878_3"},{"key":"9408_CR35","doi-asserted-by":"crossref","unstructured":"A. De Santis, S. Micali, G. Persiano, Non-interactive zero-knowledge with preprocessing, in S. Goldwasser, editor, CRYPTO\u201988. LNCS, vol. 403 (Springer, Heidelberg, 1990), pp. 269\u2013282","DOI":"10.1007\/0-387-34799-2_21"},{"issue":"6","key":"9408_CR36","doi-asserted-by":"publisher","first-page":"1513","DOI":"10.1137\/S0097539703426817","volume":"36","author":"C Dwork","year":"2007","unstructured":"C. Dwork, M. Naor, Zaps and their applications. SIAM J. Comput. 36(6), 1513\u20131543 (2007)","journal-title":"SIAM J. Comput."},{"issue":"1","key":"9408_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1137\/S0097539792230010","volume":"29","author":"U Feige","year":"1999","unstructured":"U. Feige, D. Lapidot, A. Shamir, Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1\u201328 (1999)","journal-title":"SIAM J. Comput."},{"key":"9408_CR38","doi-asserted-by":"crossref","unstructured":"A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature problems, in A.M. Odlyzko, editor, CRYPTO\u201986. LNCS, vol. 263 (Springer, Heidelberg, 1987), pp. 186\u2013194","DOI":"10.1007\/3-540-47721-7_12"},{"key":"9408_CR39","doi-asserted-by":"crossref","unstructured":"C. Gentry, A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford University (2009)","DOI":"10.1145\/1536414.1536440"},{"issue":"4","key":"9408_CR40","doi-asserted-by":"publisher","first-page":"820","DOI":"10.1007\/s00145-014-9184-y","volume":"28","author":"C Gentry","year":"2015","unstructured":"C. Gentry, J. Groth, Y. Ishai, C. Peikert, A. Sahai, A.D. Smith, Using fully homomorphic hybrid encryption to minimize non-interative zero-knowledge proofs. J. Cryptol. 28(4), 820\u2013843 (2015)","journal-title":"J. Cryptol."},{"key":"9408_CR41","doi-asserted-by":"crossref","unstructured":"R. Gennaro, C. Gentry, B. Parno, M. Raykova, Quadratic span programs and succinct NIZKs without PCPs, in T. Johansson, P.Q. Nguyen, editors, EUROCRYPT\u00a02013. LNCS, vol. 7881 (Springer, Heidelberg, 2013), pp. 626\u2013645","DOI":"10.1007\/978-3-642-38348-9_37"},{"key":"9408_CR42","doi-asserted-by":"crossref","unstructured":"O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in 21st ACM STOC (ACM Press, 1989), pp. 25\u201332","DOI":"10.1145\/73007.73010"},{"issue":"1","key":"9408_CR43","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S Goldwasser","year":"1989","unstructured":"S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186\u2013208 (1989)","journal-title":"SIAM J. Comput."},{"key":"9408_CR44","doi-asserted-by":"crossref","unstructured":"O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in A. Aho, editor, 19th ACM STOC (ACM Press, 1987), pp. 218\u2013229","DOI":"10.1145\/28395.28420"},{"issue":"1","key":"9408_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BF00195207","volume":"7","author":"O Goldreich","year":"1994","unstructured":"O. Goldreich, Y. Oren, Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1\u201332 (1994)","journal-title":"J. Cryptol."},{"key":"9408_CR46","doi-asserted-by":"crossref","unstructured":"O. Goldreich, Foundations of Cryptography: Volume 2, Basic Applications (2004)","DOI":"10.1017\/CBO9780511721656"},{"issue":"3","key":"9408_CR47","doi-asserted-by":"publisher","first-page":"11:1\u201311:35","DOI":"10.1145\/2220357.2220358","volume":"59","author":"J Groth","year":"2012","unstructured":"J. Groth, R. Ostrovsky, A. Sahai, New techniques for noninteractive zero-knowledge. J. ACM 59(3), 11:1\u201311:35 (2012)","journal-title":"J. ACM"},{"key":"9408_CR48","doi-asserted-by":"crossref","unstructured":"J. Groth, Short non-interactive zero-knowledge proofs, in M. Abe, editor, ASIACRYPT\u00a02010. LNCS, vol. 6477 (Springer, Heidelberg, 2010), pp. 341\u2013358","DOI":"10.1007\/978-3-642-17373-8_20"},{"key":"9408_CR49","doi-asserted-by":"crossref","unstructured":"J. Groth, Short pairing-based non-interactive zero-knowledge arguments, in M. Abe, editor, ASIACRYPT\u00a02010. LNCS, vol. 6477 (Springer, Heidelberg, 2010), pp. 321\u2013340","DOI":"10.1007\/978-3-642-17373-8_19"},{"issue":"5","key":"9408_CR50","doi-asserted-by":"publisher","first-page":"1193","DOI":"10.1137\/080725386","volume":"41","author":"J Groth","year":"2012","unstructured":"J. Groth, A. Sahai, Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41(5), 1193\u20131232 (2012)","journal-title":"SIAM J. Comput."},{"key":"9408_CR51","doi-asserted-by":"crossref","unstructured":"S. Gorbunov, V. Vaikuntanathan, H. Wee, Functional encryption with bounded collusions via multi-party computation, in R. Safavi-Naini, R. Canetti, editors, CRYPTO\u00a02012. LNCS, vol. 7417 (Springer, Heidelberg, 2012), pp. 162\u2013179","DOI":"10.1007\/978-3-642-32009-5_11"},{"key":"9408_CR52","doi-asserted-by":"crossref","unstructured":"C. Gentry, D. Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, in L. Fortnow, S.P. Vadhan, editors, 43rd ACM STOC (ACM Press, 2011), pp. 99\u2013108","DOI":"10.1145\/1993636.1993651"},{"key":"9408_CR53","doi-asserted-by":"crossref","unstructured":"J. Holmgren, A. Lombardi, Cryptographic hashing from strong one-way functions (or: one-way product functions and their applications), in M. Thorup, editor, 59th FOCS (IEEE Computer Society Press, 2018), pp. 850\u2013858","DOI":"10.1109\/FOCS.2018.00085"},{"issue":"3","key":"9408_CR54","doi-asserted-by":"publisher","first-page":"1121","DOI":"10.1137\/080725398","volume":"39","author":"Y Ishai","year":"2009","unstructured":"Y. Ishai, E. Kushilevitz, R. Ostrovsky, A. Sahai, Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121\u20131152 (2009)","journal-title":"SIAM J. Comput."},{"key":"9408_CR55","doi-asserted-by":"crossref","unstructured":"A. Jain, Z. Jin, Non-interactive zero knowledge from sub-exponential DDH, in A. Canteaut, F.-X. Standaert, editors, Advances in Cryptology\u2014EUROCRYPT 2021\u201440th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17\u201321, 2021, Proceedings, Part I. Lecture Notes in Computer Science, vol. 12696 (Springer, 2021), pp. 3\u201332","DOI":"10.1007\/978-3-030-77870-5_1"},{"key":"9408_CR56","doi-asserted-by":"crossref","unstructured":"S. Katsumata, On the untapped potential of encoding predicates by arithmetic circuits and their applications, in T. Takagi, T. Peyrin, editors, ASIACRYPT\u00a02017, Part\u00a0III. LNCS, vol. 10626 (Springer, Heidelberg, 2017), pp. 95\u2013125","DOI":"10.1007\/978-3-319-70700-6_4"},{"key":"9408_CR57","unstructured":"J. Kilian, On the complexity of bounded-interaction and noninteractive zero-knowledge proofs. In 35th FOCS (IEEE Computer Society Press, 1994), pp. 466\u2013477"},{"key":"9408_CR58","doi-asserted-by":"crossref","unstructured":"J. Kilian, S. Micali, R. Ostrovsky, Minimum resource zero-knowledge proofs (extended abstract), in G. Brassard, editor, CRYPTO\u201989. LNCS, vol. 435 (Springer, Heidelberg, 1990), pp. 545\u2013546","DOI":"10.1007\/0-387-34805-0_47"},{"key":"9408_CR59","doi-asserted-by":"crossref","unstructured":"S. Katsumata, R. Nishimaki, S. Yamada, T. Yamakawa, Designated verifier\/prover and preprocessing NIZKs from Diffie\u2013Hellman assumptions, in Y. Ishai, V. Rijmen, editors, EUROCRYPT\u00a02019, Part\u00a0II. LNCS, vol. 11477 (Springer, Heidelberg, 2019), pp. 622\u2013651","DOI":"10.1007\/978-3-030-17656-3_22"},{"key":"9408_CR60","doi-asserted-by":"crossref","unstructured":"S. Katsumata, R. Nishimaki, S. Yamada, T. Yamakawa, Exploring constructions of compact NIZKs from various assumptions, in A. Boldyreva, D. Micciancio, editors, CRYPTO\u00a02019, Part\u00a0III LNCS, vol. 11694 (Springer, Heidelberg, 2019), pp. 639\u2013669","DOI":"10.1007\/978-3-030-26954-8_21"},{"key":"9408_CR61","doi-asserted-by":"crossref","unstructured":"S. Katsumata, R. Nishimaki, S. Yamada, T. Yamakawa, Compact NIZKs from standard assumptions on bilinear maps, in A. Canteaut, Y. Ishai, editors, EUROCRYPT\u00a02020, Part\u00a0III. LNCS, vol. 12107 (Springer, Heidelberg, 2020), pp. 379\u2013409","DOI":"10.1007\/978-3-030-45727-3_13"},{"issue":"1","key":"9408_CR62","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s001459900032","volume":"11","author":"J Kilian","year":"1998","unstructured":"J. Kilian, E. Petrank, An efficient noninteractive zero-knowledge proof system for NP with general assumptions. J. Cryptol. 11(1), 1\u201327 (1998)","journal-title":"J. Cryptol."},{"key":"9408_CR63","doi-asserted-by":"crossref","unstructured":"Y.T. Kalai, G.N. Rothblum, R.D. Rothblum, From obfuscation to the security of Fiat-Shamir for proofs, in J. Katz, H. Shacham, editors, CRYPTO\u00a02017, Part\u00a0II. LNCS, vol. 10402 (Springer, Heidelberg, 2017), pp. 224\u2013251","DOI":"10.1007\/978-3-319-63715-0_8"},{"key":"9408_CR64","doi-asserted-by":"crossref","unstructured":"S. Kim, D.J. Wu, Multi-theorem preprocessing NIZKs from lattices, in H. Shacham, A. Boldyreva, editors, CRYPTO\u00a02018, Part\u00a0II. LNCS, vol. 10992 (Springer, Heidelberg, 2018), pp. 733\u2013765","DOI":"10.1007\/978-3-319-96881-0_25"},{"key":"9408_CR65","unstructured":"S. Kim, D.J. Wu, Multi-theorem preprocessing nizks from lattices. Cryptology ePrint Archive, Report 2018 https:\/\/eprint.iacr.org\/2018\/272.pdf, Version 20180606:204702. Preliminary version appeared in CRYPTO 2018"},{"key":"9408_CR66","doi-asserted-by":"crossref","unstructured":"H. Lipmaa, Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments, in R. Cramer, editor, TCC\u00a02012. LNCS, vol. 7194 (Springer, Heidelberg, 2012), pp. 169\u2013189","DOI":"10.1007\/978-3-642-28914-9_10"},{"key":"9408_CR67","doi-asserted-by":"crossref","unstructured":"H. Lipmaa, Optimally sound sigma protocols under DCRA, in A. Kiayias, editor, FC 2017. LNCS, vol. 10322 (Springer, Heidelberg, 2017), pp. 182\u2013203","DOI":"10.1007\/978-3-319-70972-7_10"},{"key":"9408_CR68","doi-asserted-by":"crossref","unstructured":"B. Libert, A. Passel\u00e8gue, Ho. Wee, D.J. Wu, New constructions of statistical NIZKs: dual-mode DV-NIZKs and more, in A. Canteaut, Y. Ishai, editors, EUROCRYPT\u00a02020, Part\u00a0III. LNCS, vol. 12107 (Springer, Heidelberg, 2020), pp. 410\u2013441","DOI":"10.1007\/978-3-030-45727-3_14"},{"key":"9408_CR69","doi-asserted-by":"crossref","unstructured":"A. Lombardi, W. Quach, R.D. Rothblum, D. Wichs, D.J. Wu, New constructions of reusable designated-verifier NIZKs, in A. Boldyreva, D. Micciancio, editors, CRYPTO\u00a02019, Part\u00a0III. LNCS, vol. 11694 (Springer, Heidelberg, 2019), pp. 670\u2013700","DOI":"10.1007\/978-3-030-26954-8_22"},{"key":"9408_CR70","doi-asserted-by":"crossref","unstructured":"D. Lapidot, A. Shamir, Publicly verifiable non-interactive zero-knowledge proofs, in A.J. Menezes, S.A. Vanstone, editors, CRYPTO\u201990. LNCS, vol. 537 (Springer, Heidelberg, 1991), pp. 353\u2013365","DOI":"10.1007\/3-540-38424-3_26"},{"key":"9408_CR71","first-page":"481","volume":"E85-A(2)","author":"S Mitsunari","year":"2002","unstructured":"S. Mitsunari, R. Sakai, M. Kasahara, A new traitor tracing. IEICE Trans. E85-A(2), 481\u2013484 (2002)","journal-title":"IEICE Trans."},{"key":"9408_CR72","doi-asserted-by":"crossref","unstructured":"M. Naor, On cryptographic assumptions and challenges (invited talk), in D. Boneh, editor, CRYPTO\u00a02003. LNCS, vol. 2729 (Springer, Heidelberg, 2003), pp. 96\u2013109","DOI":"10.1007\/978-3-540-45146-4_6"},{"issue":"2","key":"9408_CR73","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1145\/972639.972643","volume":"51","author":"M Naor","year":"2004","unstructured":"M. Naor, O. Reingold, Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231\u2013262 (2004)","journal-title":"J. ACM"},{"key":"9408_CR74","doi-asserted-by":"crossref","unstructured":"D. Naccache, J. Stern, A new public key cryptosystem based on higher residues, in L. Gong, M.K. Reiter, editors, ACM CCS 98 (ACM Press, 1998), pp. 59\u201366","DOI":"10.1145\/288090.288106"},{"key":"9408_CR75","doi-asserted-by":"crossref","unstructured":"M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in 22nd ACM STOC (ACM Press, 1990), pp. 427\u2013437","DOI":"10.1145\/100216.100273"},{"issue":"3","key":"9408_CR76","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000)","journal-title":"J. Cryptol."},{"key":"9408_CR77","doi-asserted-by":"crossref","unstructured":"C. Peikert, S. Shiehian, Noninteractive zero knowledge for NP from (plain) learning with errors, in A. Boldyreva, D. Micciancio, editors, CRYPTO\u00a02019, Part\u00a0I. LNCS, vol. 11692 (Springer, Heidelberg, 2019), pp. 89\u2013114","DOI":"10.1007\/978-3-030-26948-7_4"},{"key":"9408_CR78","doi-asserted-by":"crossref","unstructured":"R. Pass, A. Shelat, V. Vaikuntanathan, Construction of a non-malleable encryption scheme from any semantically secure one, in C. Dwork, editor, CRYPTO\u00a02006. LNCS, vol. 4117 (Springer, Heidelberg, 2006), pp. 271\u2013289","DOI":"10.1007\/11818175_16"},{"key":"9408_CR79","doi-asserted-by":"crossref","unstructured":"W. Quach, R.D. Rothblum, D. Wichs, Reusable designated-verifier NIZKs for all NP from CDH, in Y. Ishai, V. Rijmen, editors, EUROCRYPT\u00a02019, Part\u00a0II. LNCS, vol. 11477 (Springer, Heidelberg, 2019), pp. 593\u2013621","DOI":"10.1007\/978-3-030-17656-3_21"},{"issue":"6","key":"9408_CR80","doi-asserted-by":"publisher","first-page":"34:1\u201334:40","DOI":"10.1145\/1568318.1568324","volume":"56","author":"O Regev","year":"2009","unstructured":"O. Regev, On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1\u201334:40 (2009)","journal-title":"J. ACM"},{"key":"9408_CR81","doi-asserted-by":"crossref","unstructured":"R.D. Rothblum, A. Sealfon, K. Sotiraki, Towards non-interactive zero-knowledge for NP from LWE, in D. Lin, K. Sako, editors, PKC\u00a02019, Part\u00a0II. LNCS, vol. 11443 (Springer, Heidelberg, 2019), pp. 472\u2013503","DOI":"10.1007\/978-3-030-17259-6_16"},{"key":"9408_CR82","doi-asserted-by":"crossref","unstructured":"R.L. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in C. Boyd, editor, ASIACRYPT\u00a02001. LNCS, vol. 2248 (Springer, Heidelberg, 2001), pp. 552\u2013565","DOI":"10.1007\/3-540-45682-1_32"},{"key":"9408_CR83","unstructured":"A. Sahai, Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security, in 40th FOCS (IEEE Computer Society Press, 1999), pp. 543\u2013553"},{"key":"9408_CR84","doi-asserted-by":"crossref","unstructured":"A. Sahai, H. Seyalioglu, Worry-free encryption: functional encryption with public keys, in E. Al-Shaer, A.D. Keromytis, V. Shmatikov, editors, ACM CCS 2010 (ACM Press, 2010), pp. 463\u2013472","DOI":"10.1145\/1866307.1866359"},{"key":"9408_CR85","doi-asserted-by":"crossref","unstructured":"A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in D.B. Shmoys, editor, 46th ACM STOC (ACM Press, 2014), pp. 475\u2013484","DOI":"10.1145\/2591796.2591825"},{"key":"9408_CR86","doi-asserted-by":"crossref","unstructured":"I. Teranishi, J. Furukawa, K. Sako, k-Times anonymous authentication (extended abstract), in P.J. Lee, editor, ASIACRYPT\u00a02004. LNCS, vol. 3329 (Springer, Heidelberg, 2004), pp. 308\u2013322","DOI":"10.1007\/978-3-540-30539-2_22"},{"key":"9408_CR87","doi-asserted-by":"crossref","unstructured":"C. Ventre, I. Visconti, Co-sound zero-knowledge with public keys, in B. Preneel, editor, AFRICACRYPT 09. LNCS, vol. 5580 (Springer, Heidelberg, 2009), pp. 287\u2013304","DOI":"10.1007\/978-3-642-02384-2_18"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09408-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-021-09408-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09408-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,21]],"date-time":"2021-12-21T16:04:45Z","timestamp":1640102685000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-021-09408-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,18]]},"references-count":87,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["9408"],"URL":"https:\/\/doi.org\/10.1007\/s00145-021-09408-w","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,18]]},"assertion":[{"value":"9 January 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 August 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 August 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 September 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"42"}}