{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T12:53:25Z","timestamp":1768913605785,"version":"3.49.0"},"reference-count":31,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,9,15]],"date-time":"2022-09-15T00:00:00Z","timestamp":1663200000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,9,15]],"date-time":"2022-09-15T00:00:00Z","timestamp":1663200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1007\/s00145-022-09436-0","type":"journal-article","created":{"date-parts":[[2022,9,15]],"date-time":"2022-09-15T23:02:51Z","timestamp":1663282971000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["On the (in)Security of ROS"],"prefix":"10.1007","volume":"35","author":[{"given":"Fabrice","family":"Benhamouda","sequence":"first","affiliation":[]},{"given":"Tancr\u00e8de","family":"Lepoint","sequence":"additional","affiliation":[]},{"given":"Julian","family":"Loss","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Orr\u00f9","sequence":"additional","affiliation":[]},{"given":"Mariana","family":"Raykova","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,15]]},"reference":[{"key":"9436_CR1","doi-asserted-by":"crossref","unstructured":"Masayuki Abe. A secure three-move blind signature scheme for polynomially many signatures. In Birgit Pfitzmann, editor, EUROCRYPT\u00a02001, volume 2045 of LNCS, pages 136\u2013151. Springer, Heidelberg, May 2001.","DOI":"10.1007\/3-540-44987-6_9"},{"key":"9436_CR2","doi-asserted-by":"crossref","unstructured":"Masayuki Abe and Tatsuaki Okamoto. Provably secure partially blind signatures. In Mihir Bellare, editor, CRYPTO\u00a02000, volume 1880 of LNCS, pages 271\u2013286. Springer, Heidelberg, August 2000.","DOI":"10.1007\/3-540-44598-6_17"},{"key":"9436_CR3","doi-asserted-by":"crossref","unstructured":"Foteini Baldimtsi, Anna Lysyanskaya. Anonymous credentials light. In Ahmad-Reza Sadeghi, Virgil\u00a0D. Gligor, and Moti Yung, editors, ACM CCS 2013, pages 1087\u20131098. ACM Press, November 2013.","DOI":"10.1145\/2508859.2516687"},{"key":"9436_CR4","doi-asserted-by":"crossref","unstructured":"Alexandra Boldyreva. Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In Yvo Desmedt, editor, PKC\u00a02003, volume 2567 of LNCS, pages 31\u201346. Springer, Heidelberg, January 2003.","DOI":"10.1007\/3-540-36288-6_3"},{"key":"9436_CR5","series-title":"LNCS","first-page":"302","volume-title":"CRYPTO\u201993","author":"Stefan Brands","year":"1994","unstructured":"Stefan Brands. Untraceable off-line cash in wallets with observers (extended abstract). In Douglas\u00a0R. Stinson, editor, CRYPTO\u201993, volume 773 of LNCS, pages 302\u2013318. Springer, Heidelberg, August 1994."},{"key":"9436_CR6","doi-asserted-by":"crossref","unstructured":"Tony\u00a0K. Chan, Karyin Fung, Joseph\u00a0K. Liu, and Victor\u00a0K. Wei. Blind spontaneous anonymous group signatures for ad hoc groups. In ESAS, volume 3313 of Lecture Notes in Computer Science, pages 82\u201394. Springer, 2004.","DOI":"10.1007\/978-3-540-30496-8_8"},{"key":"9436_CR7","first-page":"199","volume-title":"CRYPTO\u201982","author":"David Chaum","year":"1982","unstructured":"David Chaum. Blind signatures for untraceable payments. In David Chaum, Ronald\u00a0L. Rivest, and Alan\u00a0T. Sherman, editors, CRYPTO\u201982, pages 199\u2013203. Plenum Press, New York, USA, 1982."},{"key":"9436_CR8","doi-asserted-by":"crossref","unstructured":"Sherman S.\u00a0M. Chow, Lucas Chi\u00a0Kwong Hui, Siu-Ming Yiu, and K.\u00a0P. Chow. Two improved partially blind signature schemes from bilinear pairings. In Colin Boyd and Juan Manuel\u00a0Gonz\u00e1lez Nieto, editors, ACISP 05, volume 3574 of LNCS, pages 316\u2013328. Springer, Heidelberg, July 2005.","DOI":"10.1007\/11506157_27"},{"key":"9436_CR9","doi-asserted-by":"crossref","unstructured":"Xiaofeng Chen, Fangguo Zhang, Yi\u00a0Mu, and Willy Susilo. Efficient provably secure restrictive partially blind signatures from bilinear pairings. In Giovanni Di Crescenzo and Avi Rubin, editors, FC 2006, volume 4107 of LNCS, pages 251\u2013265. Springer, Heidelberg, February\u00a0\/\u00a0March 2006.","DOI":"10.1007\/11889663_21"},{"key":"9436_CR10","doi-asserted-by":"crossref","unstructured":"Manu Drijvers, Kasra Edalatnejad, Bryan Ford, Eike Kiltz, Julian Loss, Gregory Neven, and Igors Stepanovs. On the security of two-round multi-signatures. In 2019 IEEE Symposium on Security and Privacy, pages 1084\u20131101. IEEE Computer Society Press, May 2019.","DOI":"10.1109\/SP.2019.00050"},{"key":"9436_CR11","doi-asserted-by":"crossref","unstructured":"Paul Feldman. A practical scheme for non-interactive verifiable secret sharing. In 28th FOCS, pages 427\u2013437. IEEE Computer Society Press, October 1987.","DOI":"10.1109\/SFCS.1987.4"},{"key":"9436_CR12","doi-asserted-by":"crossref","unstructured":"Georg Fuchsbauer, Antoine Plouviez, and Yannick Seurin. Blind schnorr signatures and signed ElGamal encryption in the algebraic group model. In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT\u00a02020, Part\u00a0II, volume 12106 of LNCS, pages 63\u201395. Springer, Heidelberg, May 2020.","DOI":"10.1007\/978-3-030-45724-2_3"},{"issue":"1","key":"9436_CR13","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s00145-006-0347-3","volume":"20","author":"Rosario Gennaro","year":"2007","unstructured":"Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Secure distributed key generation for discrete-log based cryptosystems. Journal of Cryptology, 20(1):51\u201383, January 2007.","journal-title":"Journal of Cryptology"},{"key":"9436_CR14","doi-asserted-by":"crossref","unstructured":"Panagiotis Grontas, Aris Pagourtzis, Alexandros Zacharakis, and Bingsheng Zhang. Towards everlasting privacy and efficient coercion resistance in remote electronic voting. In Aviv Zohar, Ittay Eyal, Vanessa Teague, Jeremy Clark, Andrea Bracciali, Federico Pintore, and Massimiliano Sala, editors, FC 2018 Workshops, volume 10958 of LNCS, pages 210\u2013231. Springer, Heidelberg, March 2019.","DOI":"10.1007\/978-3-662-58820-8_15"},{"key":"9436_CR15","doi-asserted-by":"crossref","unstructured":"Eduard Hauck, Eike Kiltz, and Julian Loss. A modular treatment of blind signatures from identification schemes. In Yuval Ishai and Vincent Rijmen, editors, EUROCRYPT\u00a02019, Part\u00a0III, volume 11478 of LNCS, pages 345\u2013375. Springer, Heidelberg, May 2019.","DOI":"10.1007\/978-3-030-17659-4_12"},{"key":"9436_CR16","doi-asserted-by":"crossref","unstructured":"Eduard Hauck, Eike Kiltz, Julian Loss, and Ngoc\u00a0Khanh Nguyen. Lattice-based blind signatures, revisited. In Daniele Micciancio and Thomas Ristenpart, editors, CRYPTO\u00a02020, Part\u00a0II, volume 12171 of LNCS, pages 500\u2013529. Springer, Heidelberg, August 2020.","DOI":"10.1007\/978-3-030-56880-1_18"},{"key":"9436_CR17","unstructured":"Chelsea Komlo and Ian Goldberg. FROST: Flexible round-optimized Schnorr threshold signatures, 2020. https:\/\/crysp.uwaterloo.ca\/software\/frost\/frost-extabs.pdf; version from \"January 7, 2020\"; accessed 2020-10-04."},{"key":"9436_CR18","unstructured":"Chelsea Komlo and Ian Goldberg. FROST: Flexible round-optimized Schnorr threshold signatures. Cryptology ePrint Archive, Report 2020\/852, 2020. https:\/\/eprint.iacr.org\/2020\/852."},{"key":"9436_CR19","unstructured":"Julia Kaster, Julian Loss, Michael Rosenberg, and Jiayu Xu. On pairing-free blind signature schemes in the algebraic group model. Cryptology ePrint Archive, Report 2020\/1071, 2020."},{"key":"9436_CR20","unstructured":"Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille. Simple Schnorr multi-signature with applications to Bitcoin. Cryptology ePrint Archive, Report 2018\/068, Revision 20180118:124757, 2018. https:\/\/eprint.iacr.org\/2018\/068\/20180118:124757."},{"key":"9436_CR21","unstructured":"Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille. Simple Schnorr multi-signature with applications to Bitcoin. Cryptology ePrint Archive, Report 2018\/068, Revision 20180520:191909, 2018. https:\/\/eprint.iacr.org\/2018\/068\/20180520:191909."},{"key":"9436_CR22","doi-asserted-by":"crossref","unstructured":"Lorenz Minder and Alistair Sinclair. The extended k-tree algorithm. In Claire Mathieu, editor, 20th SODA, pages 586\u2013595. ACM-SIAM, January 2009.","DOI":"10.1137\/1.9781611973068.65"},{"issue":"3","key":"9436_CR23","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"David Pointcheval","year":"2000","unstructured":"David Pointcheval and Jacques Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3):361\u2013396, June 2000.","journal-title":"Journal of Cryptology"},{"key":"9436_CR24","unstructured":"Christian Paquin and Greg Zaverucha. U-prove cryptographic specification v1. 1. Technical Report, Microsoft Corporation, 2011."},{"key":"9436_CR25","unstructured":"W. A. Stein et\u00a0al. Sage Mathematics Software (Version 9.1). The Sage Development Team, 2020. http:\/\/www.sagemath.org."},{"key":"9436_CR26","doi-asserted-by":"crossref","unstructured":"Claus-Peter Schnorr. Security of blind discrete log signatures against interactive attacks. In Sihan Qing, Tatsuaki Okamoto, and Jianying Zhou, editors, ICICS 01, volume 2229 of LNCS, pages 1\u201312. Springer, Heidelberg, November 2001.","DOI":"10.1007\/3-540-45600-7_1"},{"key":"9436_CR27","doi-asserted-by":"crossref","unstructured":"Ewa Syta, Iulia Tamas, Dylan Visher, David\u00a0Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. Keeping authorities \u201chonest or bust\u201d with decentralized witness cosigning. In 2016 IEEE Symposium on Security and Privacy, pages 526\u2013545. IEEE Computer Society Press, May 2016.","DOI":"10.1109\/SP.2016.38"},{"key":"9436_CR28","doi-asserted-by":"crossref","unstructured":"Stefano Tessaro and Chenzhi Zhu. Short pairing-free blind signatures with exponential security. Cryptology ePrint Archive, Report 2022\/047, 2022. https:\/\/ia.cr\/2022\/047.","DOI":"10.1007\/978-3-031-07085-3_27"},{"key":"9436_CR29","doi-asserted-by":"crossref","unstructured":"David Wagner. A generalized birthday problem. In Moti Yung, editor, CRYPTO\u00a02002, volume 2442 of LNCS, pages 288\u2013303. Springer, Heidelberg, August 2002.","DOI":"10.1007\/3-540-45708-9_19"},{"key":"9436_CR30","doi-asserted-by":"crossref","unstructured":"Tsz\u00a0Hon Yuen and Victor\u00a0K. Wei. Fast and proven secure blind identity-based signcryption from pairings. In Alfred Menezes, editor, CT-RSA\u00a02005, volume 3376 of LNCS, pages 305\u2013322. Springer, Heidelberg, February 2005.","DOI":"10.1007\/978-3-540-30574-3_21"},{"key":"9436_CR31","unstructured":"Alexandros Zacharakis, Panagiotis Grontas, and Aris Pagourtzis. Conditional blind signatures. Cryptology ePrint Archive, Report 2017\/682, 2017. http:\/\/eprint.iacr.org\/2017\/682."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-022-09436-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-022-09436-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-022-09436-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,20]],"date-time":"2022-10-20T20:11:48Z","timestamp":1666296708000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-022-09436-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,15]]},"references-count":31,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["9436"],"URL":"https:\/\/doi.org\/10.1007\/s00145-022-09436-0","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,15]]},"assertion":[{"value":"26 July 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 July 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 July 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 September 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"25"}}