{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T18:13:12Z","timestamp":1770228792085,"version":"3.49.0"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T00:00:00Z","timestamp":1733356800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T00:00:00Z","timestamp":1733356800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2025,1]]},"DOI":"10.1007\/s00145-024-09525-2","type":"journal-article","created":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T23:09:47Z","timestamp":1733440187000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Fiat\u2013Shamir Bulletproofs are Non-malleable (in the Random Oracle Model)"],"prefix":"10.1007","volume":"38","author":[{"given":"Chaya","family":"Ganesh","sequence":"first","affiliation":[]},{"given":"Claudio","family":"Orlandi","sequence":"additional","affiliation":[]},{"given":"Mahak","family":"Pancholi","sequence":"additional","affiliation":[]},{"given":"Akira","family":"Takahashi","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Tschudi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,12,5]]},"reference":[{"key":"9525_CR1","doi-asserted-by":"crossref","unstructured":"M.\u00a0Abdalla, J.H. An, M.\u00a0Bellare, C.\u00a0Namprempre, From identification to signatures via the Fiat-Shamir transform: Minimizing assumptions for security and forward-security, in EUROCRYPT\u00a02002. LNCS, vol. 2332 (Springer, Berlin, 2002), pp. 418\u2013433","DOI":"10.1007\/3-540-46035-7_28"},{"key":"9525_CR2","doi-asserted-by":"crossref","unstructured":"T.\u00a0Attema, R.\u00a0Cramer, L.\u00a0Kohl, A compressed $$\\Sigma $$-protocol theory for lattices. Cryptology ePrint Archive, Report 2021\/307 (2021)","DOI":"10.1007\/978-3-030-84245-1_19"},{"key":"9525_CR3","doi-asserted-by":"crossref","unstructured":"T.\u00a0Attema, S.\u00a0Fehr, M.\u00a0Kloo\u00df, Fiat-shamir transformation of multi-round interactive proofs. Cryptology ePrint Archive, Report 2021\/1377, 2021.","DOI":"10.1007\/978-3-031-22318-1_5"},{"key":"9525_CR4","doi-asserted-by":"crossref","unstructured":"B.\u00a0Abdolmaleki, S.\u00a0Ramacher, D.\u00a0Slamanig, Lift-and-shift: obtaining simulation extractable subversion and updatable SNARKs generically, in ACM CCS 2020 (ACM Press, 2020), pp. 1987\u20132005","DOI":"10.1145\/3372297.3417228"},{"key":"9525_CR5","unstructured":"B.\u00a0B\u00fcnz, J.\u00a0Bootle, D.\u00a0Boneh, A.\u00a0Poelstra, P.\u00a0Wuille, G.\u00a0Maxwell, Bulletproofs: short proofs for confidential transactions and more. Cryptology ePrint Archive, Report 2017\/1066, 2017. https:\/\/eprint.iacr.org\/2017\/1066."},{"key":"9525_CR6","doi-asserted-by":"crossref","unstructured":"B.\u00a0B\u00fcnz, J.\u00a0Bootle, D.\u00a0Boneh, A.\u00a0Poelstra, P.\u00a0Wuille, G.\u00a0Maxwell, Bulletproofs: short proofs for confidential transactions and more, in 2018 IEEE Symposium on Security and Privacy (IEEE Computer Society Press, 2018), pp. 315\u2013334.","DOI":"10.1109\/SP.2018.00020"},{"key":"9525_CR7","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bootle, A.\u00a0Cerulli, P.\u00a0Chaidos, J.\u00a0Groth, C.\u00a0Petit, Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. Cryptology ePrint Archive, Report 2016\/263, (2016)","DOI":"10.1007\/978-3-662-49896-5_12"},{"key":"9525_CR8","doi-asserted-by":"crossref","unstructured":"E.\u00a0Ben-Sasson, A.\u00a0Chiesa, N.\u00a0Spooner, Interactive oracle proofs, in TCC\u00a02016-B, Part\u00a0II. LNCS, vol. 9986 (Springer, Berlin, 2016), pp. 31\u201360","DOI":"10.1007\/978-3-662-53644-5_2"},{"key":"9525_CR9","doi-asserted-by":"crossref","unstructured":"N.\u00a0Bitansky, D.\u00a0Dachman-Soled, S.\u00a0Garg, A.\u00a0Jain, Y.T. Kalai, A.\u00a0L\u00f3pez-Alt, D.\u00a0Wichs, Why \u201cFiat-Shamir for proofs\u201d lacks a proof, in TCC\u00a02013. LNCS, vol. 7785 (Springer, Berlin, 2013), pp. 182\u2013201","DOI":"10.1007\/978-3-642-36594-2_11"},{"key":"9525_CR10","unstructured":"K.\u00a0Baghery, M.\u00a0Kohlweiss, J.\u00a0Siim, M.\u00a0Volkhov, Another look at extraction and randomization of groth\u2019s zk-snark. Cryptology ePrint Archive, Report 2020\/811, 2020. https:\/\/ia.cr\/2020\/811."},{"key":"9525_CR11","unstructured":"B.\u00a0B\u00fcnz, M.\u00a0Maller, P.\u00a0Mishra, N.\u00a0Tyagi, P.\u00a0Vesely, Proofs for inner pairing products and applications. Cryptology ePrint Archive, Report 2019\/1177, 2019. https:\/\/eprint.iacr.org\/2019\/1177."},{"key":"9525_CR12","unstructured":"R.\u00a0Canetti, Y.\u00a0Chen, J.\u00a0Holmgren, A.\u00a0Lombardi, G.N. Rothblum, R.D. Rothblum, Fiat-shamir from simpler assumptions. Cryptology ePrint Archive, Report 2018\/1004, 2018. https:\/\/eprint.iacr.org\/2018\/1004."},{"key":"9525_CR13","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, Y.\u00a0Chen, J.\u00a0Holmgren, A.\u00a0Lombardi, G.N. Rothblum, R.D. Rothblum, D.\u00a0Wichs, Fiat-Shamir: from practice to theory, in 51st ACM STOC (ACM Press, 2019), pp. 1082\u20131090","DOI":"10.1145\/3313276.3316380"},{"key":"9525_CR14","doi-asserted-by":"crossref","unstructured":"R.\u00a0Cramer, I.\u00a0Damg\u00e5rd, B.\u00a0Schoenmakers, Proofs of partial knowledge and simplified design of witness hiding protocols, in CRYPTO\u201994. LNCS, vol. 839 (Springer, Berlin, 1994), pp. 174\u2013187","DOI":"10.1007\/3-540-48658-5_19"},{"key":"9525_CR15","doi-asserted-by":"crossref","unstructured":"D.\u00a0Dolev, C.\u00a0Dwork, M.\u00a0Naor, Non-malleable cryptography (extended abstract), in 23rd ACM STOC (ACM Press, 1991), pp. 542\u2013552.","DOI":"10.1145\/103418.103474"},{"key":"9525_CR16","doi-asserted-by":"crossref","unstructured":"J.\u00a0Don, S.\u00a0Fehr, C.\u00a0Majenz, The measure-and-reprogram technique 2.0: multi-round fiat-shamir and more, in CRYPTO\u00a02020, Part\u00a0III. LNCS, vol. 12172 (Springer, Cham, 2020), pp. 602\u2013631.","DOI":"10.1007\/978-3-030-56877-1_21"},{"key":"9525_CR17","doi-asserted-by":"crossref","unstructured":"Q.\u00a0Dao, P.\u00a0Grubbs, Spartan and bulletproofs are simulation-extractable (for free!), in EUROCRYPT\u00a02023, Part\u00a0II. LNCS, vol. 14005 (Springer, Cham, 2023), pp. 531\u2013562.","DOI":"10.1007\/978-3-031-30617-4_18"},{"key":"9525_CR18","doi-asserted-by":"crossref","unstructured":"C.\u00a0Decker, R.\u00a0Wattenhofer. Bitcoin transaction malleability and MtGox, in ESORICS\u00a02014, Part\u00a0II. LNCS, vol. 8713 (Springer, Cham, 2014), pp. 313\u2013326.","DOI":"10.1007\/978-3-319-11212-1_18"},{"key":"9525_CR19","doi-asserted-by":"crossref","unstructured":"G.\u00a0Fuchsbauer, E.\u00a0Kiltz, J.\u00a0Loss. The algebraic group model and its applications, in CRYPTO\u00a02018, Part\u00a0II. LNCS, vol. 10992 (Springer, Cham, 2018), pp. 33\u201362","DOI":"10.1007\/978-3-319-96881-0_2"},{"key":"9525_CR20","doi-asserted-by":"crossref","unstructured":"S.\u00a0Faust, M.\u00a0Kohlweiss, G.A. Marson, D.\u00a0Venturi, On the non-malleability of the Fiat-Shamir transform, in INDOCRYPT\u00a02012. LNCS, vol. 7668 (Springer, Berlin, 2012), pp. 60\u201379","DOI":"10.1007\/978-3-642-34931-7_5"},{"key":"9525_CR21","doi-asserted-by":"crossref","unstructured":"A.\u00a0Fiat, A.\u00a0Shamir, How to prove yourself: Practical solutions to identification and signature problems, in CRYPTO\u201986. LNCS, vol. 263 (Springer, Berlin, 1987), pp. 186\u2013194","DOI":"10.1007\/3-540-47721-7_12"},{"key":"9525_CR22","doi-asserted-by":"crossref","unstructured":"S.\u00a0Goldwasser, Y.T. Kalai, On the (in)security of the Fiat-Shamir paradigm, in 44th FOCS (IEEE Computer Society Press, 2003), pp. 102\u2013115","DOI":"10.1109\/SFCS.2003.1238185"},{"key":"9525_CR23","doi-asserted-by":"crossref","unstructured":"C.\u00a0Ganesh, H.\u00a0Khoshakhlagh, M.\u00a0Kohlweiss, A.\u00a0Nitulescu, M.\u00a0Zaj\u0105c, What makes fiat\u2013shamir zksnarks (updatable srs) simulation extractable? Security and Cryptography for Networks (2022). https:\/\/eprint.iacr.org\/2021\/511.pdf.","DOI":"10.1007\/978-3-031-14791-3_32"},{"key":"9525_CR24","doi-asserted-by":"crossref","unstructured":"J.\u00a0Groth, M.\u00a0Maller, Snarky signatures: Minimal signatures of knowledge from simulation-extractable SNARKs, in CRYPTO\u00a02017, Part\u00a0II. LNCS, vol. 10402 (Springer, Cham, 2017), pp. 581\u2013612","DOI":"10.1007\/978-3-319-63715-0_20"},{"key":"9525_CR25","doi-asserted-by":"crossref","unstructured":"S.\u00a0Goldwasser, S.\u00a0Micali, C.\u00a0Rackoff, The knowledge complexity of interactive proof-systems (extended abstract), in 17th ACM STOC (ACM Press, 1985), pp. 291\u2013304","DOI":"10.1145\/22145.22178"},{"key":"9525_CR26","doi-asserted-by":"crossref","unstructured":"C.\u00a0Ganesh, C.\u00a0Orlandi, M.\u00a0Pancholi, A.\u00a0Takahashi, D.\u00a0Tschudi, Fiat-shamir bulletproofs are non-malleable (in the algebraic group model), in EUROCRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13276 (Springer, Cham, 2022), pp. 397\u2013426","DOI":"10.1007\/978-3-031-07085-3_14"},{"key":"9525_CR27","doi-asserted-by":"crossref","unstructured":"J.\u00a0Groth. On the size of pairing-based non-interactive arguments, in EUROCRYPT\u00a02016, Part\u00a0II. LNCS, vol. 9666 (Springer, Berlin, 2016), pp. 305\u2013326","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"9525_CR28","doi-asserted-by":"crossref","unstructured":"A.\u00a0Ghoshal, S.\u00a0Tessaro, Tight state-restoration soundness in the algebraic group model, in CRYPTO\u00a02021, Part\u00a0III. LNCS, vol. 12827 (Virtual Event, 2021. Springer, Cham), pp. 64\u201393","DOI":"10.1007\/978-3-030-84252-9_3"},{"key":"9525_CR29","unstructured":"J.\u00a0Holmgren. On round-by-round soundness and state restoration attacks. Cryptology ePrint Archive, Report 2019\/1261, 2019. https:\/\/eprint.iacr.org\/2019\/1261."},{"key":"9525_CR30","doi-asserted-by":"crossref","unstructured":"J.\u00a0Jaeger, S.\u00a0Tessaro, Expected-time cryptography: generic techniques and applications to concrete soundness, in TCC\u00a02020, Part\u00a0III. LNCS, vol. 12552 (Springer, Cham, 2020), pp. 414\u2013443","DOI":"10.1007\/978-3-030-64381-2_15"},{"key":"9525_CR31","doi-asserted-by":"crossref","unstructured":"E.\u00a0Kiltz, D.\u00a0Masny, J.\u00a0Pan, Optimal security proofs for signatures from identification schemes, in CRYPTO\u00a02016, Part\u00a0II. LNCS, vol. 9815 (Springer, Berlin, 2016), pp. 33\u201361","DOI":"10.1007\/978-3-662-53008-5_2"},{"key":"9525_CR32","doi-asserted-by":"crossref","unstructured":"K.\u00a0Ohta, T.\u00a0Okamoto, On concrete security treatment of signatures derived from identification, in CRYPTO\u201998. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 354\u2013369","DOI":"10.1007\/BFb0055741"},{"issue":"3","key":"9525_CR33","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"D.\u00a0Pointcheval, J.\u00a0Stern, Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000)","journal-title":"J. Cryptol."},{"key":"9525_CR34","doi-asserted-by":"crossref","unstructured":"A.\u00a0Sahai, Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security, in 40th FOCS (IEEE Computer Society Press, 1999), pp. 543\u2013553","DOI":"10.1109\/SFFCS.1999.814628"},{"key":"9525_CR35","unstructured":"D.\u00a0Wikstr\u00f6m, Special soundness in the random oracle model. Cryptology ePrint Archive, Report 2021\/1265, (2021)"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-024-09525-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-024-09525-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-024-09525-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,11]],"date-time":"2025-02-11T21:33:17Z","timestamp":1739309597000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-024-09525-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,5]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["9525"],"URL":"https:\/\/doi.org\/10.1007\/s00145-024-09525-2","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,5]]},"assertion":[{"value":"6 February 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 October 2024","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 October 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 December 2024","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"11"}}