{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T20:04:19Z","timestamp":1780085059885,"version":"3.54.0"},"reference-count":79,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Spanish Government","award":["TED2021-132464B-I00"],"award-info":[{"award-number":["TED2021-132464B-I00"]}]},{"DOI":"10.13039\/100010663","name":"H2020 European Research Council","doi-asserted-by":"publisher","award":["101001283"],"award-info":[{"award-number":["101001283"]}],"id":[{"id":"10.13039\/100010663","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Spanish Government","award":["RTI2018-102043-B-I00"],"award-info":[{"award-number":["RTI2018-102043-B-I00"]}]},{"name":"Spanish Government","award":["ERC2018-092822"],"award-info":[{"award-number":["ERC2018-092822"]}]},{"name":"Spanish Government","award":["EUR2019-103816"],"award-info":[{"award-number":["EUR2019-103816"]}]},{"name":"Spanish Government","award":["RED2018-102321-T"],"award-info":[{"award-number":["RED2018-102321-T"]}]},{"name":"Madrid Regional Government","award":["S2018\/TCS-4339"],"award-info":[{"award-number":["S2018\/TCS-4339"]}]},{"name":"Protocol Labs","award":["Research Gift"],"award-info":[{"award-number":["Research Gift"]}]},{"name":"Nomadic Labs and the Tezos Foundation","award":["Research Gifts"],"award-info":[{"award-number":["Research Gifts"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2023,11]]},"abstract":"Abstract<\/jats:title>We consider the problem of proving in zero knowledge that an element of a public set satisfies a given property without disclosing the element, i.e., for someu<\/jats:italic>, \u201c$$u \\in S$$<\/jats:tex-math>u<\/mml:mi>\u2208<\/mml:mo>S<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>andP<\/jats:italic>(u<\/jats:italic>) holds\u201d. This problem arises in many applications (anonymous cryptocurrencies, credentials or whitelists) where, for privacy or anonymity reasons, it is crucial to hide certain data while ensuring properties of such data. We design newmodular<\/jats:italic>andefficient<\/jats:italic>constructions for this problem through newcommit-and-prove zero-knowledge systems for set membership<\/jats:italic>, i.e. schemes proving$$u \\in S$$<\/jats:tex-math>u<\/mml:mi>\u2208<\/mml:mo>S<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>for a valueu<\/jats:italic>that is in a public commitment$$c_u$$<\/jats:tex-math>c<\/mml:mi>u<\/mml:mi><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>. We also extend our results to supportnon-membership proofs<\/jats:italic>, i.e. proving$$u \\notin S$$<\/jats:tex-math>u<\/mml:mi>\u2209<\/mml:mo>S<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>. Being commit-and-prove, our solutions can act as plug-and-play modules in statements of the form \u201c$$u \\in S$$<\/jats:tex-math>u<\/mml:mi>\u2208<\/mml:mo>S<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>andP<\/jats:italic>(u<\/jats:italic>) holds\u201d by combining our set (non-)membership systems with any other commit-and-prove scheme forP<\/jats:italic>(u<\/jats:italic>). Also, they work with Pedersen commitments over prime order groups which makes them compatible with popular systems such as Bulletproofs or Groth16. We implemented our schemes as a software library, and tested experimentally their performance. Compared to previous work that achieves similar properties\u2014the clever techniques combining zkSNARKs and Merkle Trees in Zcash\u2014our solutions offer more flexibility, shorter public parameters and$$3.7 \\times $$<\/jats:tex-math>3.7<\/mml:mn>\u00d7<\/mml:mo><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>\u2013$$30\\times $$<\/jats:tex-math>30<\/mml:mn>\u00d7<\/mml:mo><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>faster proving time for a set of size$$2^{64}$$<\/jats:tex-math>2<\/mml:mn>64<\/mml:mn><\/mml:msup><\/mml:math><\/jats:alternatives><\/jats:inline-formula>.<\/jats:p>","DOI":"10.1007\/s10623-023-01245-1","type":"journal-article","created":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T17:01:46Z","timestamp":1688230906000},"page":"3457-3525","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Zero-knowledge proofs for set membership: efficient, succinct, modular"],"prefix":"10.1007","volume":"91","author":[{"given":"Daniel","family":"Benarroch","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Matteo","family":"Campanelli","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dario","family":"Fiore","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kobi","family":"Gurkan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6555-0589","authenticated-orcid":false,"given":"Dimitris","family":"Kolonelos","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,7,1]]},"reference":[{"key":"1245_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal S., Ganesh C., Mohassel P.: Non-interactive zero-knowledge proofs for composite statements. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, pp. 643\u2013673. Part III, volume 10993 of LNCS. Springer, Heidelberg (2018)","DOI":"10.1007\/978-3-319-96878-0_22"},{"key":"1245_CR2","first-page":"480","volume-title":"EUROCRYPT\u201997","author":"N Bari","year":"1997","unstructured":"Bari N., Pfitzmann B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy W. (ed.) EUROCRYPT\u201997, vol. 1233, pp. 480\u2013494. LNCS. Springer, Heidelberg (1997)."},{"key":"1245_CR3","doi-asserted-by":"crossref","unstructured":"Bartusek J., Ma F., Zhandry M.: The distinction between fixed and random generators in group-based assumptions. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2019, pp. 801\u2013830. Part II, LNCS. Springer, Heidelberg (2019)","DOI":"10.1007\/978-3-030-26951-7_27"},{"key":"1245_CR4","unstructured":"Ben L., Emilia K.: Revocation transparency. Google Research, September, p.\u00a033 (2012)"},{"key":"1245_CR5","doi-asserted-by":"crossref","unstructured":"Ben-Sasson E., Chiesa A., Garman C., Green M., Miers I., Tromer E., Virza M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459\u2013474. IEEE Computer Society Press (2014)","DOI":"10.1109\/SP.2014.36"},{"key":"1245_CR6","first-page":"274","volume-title":"EUROCRYPT\u201993","author":"JC Benaloh","year":"1994","unstructured":"Benaloh J.C., de Mare M.: One-way accumulators: a decentralized alternative to digital sinatures (extended abstract). In: Helleseth T. (ed.) EUROCRYPT\u201993, vol. 765, pp. 274\u2013285. LNCS. Springer, Heidelberg (1994)."},{"key":"1245_CR7","unstructured":"Benarroch D., Campanelli M., Fiore D.: Community standards proposal for commit-and-prove zero-knowledge proof systems (2019). https:\/\/www.binarywhales.com\/assets\/misc\/zkproof-cp-standards.pdf"},{"key":"1245_CR8","doi-asserted-by":"crossref","unstructured":"Benarroch D., Campanelli M., Fiore D., Gurkan K., Kolonelos D.: Zero-knowledge proofs for set membership: efficient, succinct, modular. In: International Conference on Financial Cryptography and Data Security, pp. 393\u2013414. Springer (2021)","DOI":"10.1007\/978-3-662-64322-8_19"},{"key":"1245_CR9","doi-asserted-by":"crossref","unstructured":"Beno\u00eet L., San L., Khoa N., Huaxiong W.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Marc F., Jean-S\u00e9bastien C. (eds.) EUROCRYPT 2016, pp. 1\u201331. Part II, volume 9666 of LNCS. Springer, Heidelberg (2016)","DOI":"10.1007\/978-3-662-49896-5_1"},{"key":"1245_CR10","unstructured":"Boneh D., B\u00fcnz B., Fisch B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018\/712 (2018). https:\/\/eprint.iacr.org\/2018\/712"},{"key":"1245_CR11","first-page":"1188","volume":"2018","author":"D Boneh","year":"2018","unstructured":"Boneh D., B\u00fcnz B., Fisch B.: Batching techniques for accumulators with applications to iops and stateless blockchains. IACR Cryptol. ePrint Arch. 2018, 1188 (2018).","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1245_CR12","unstructured":"Buchmann J., Hamdy S.: A survey on IQ cryptography (2001). http:\/\/tubiblio.ulb.tu-darmstadt.de\/100933\/"},{"key":"1245_CR13","doi-asserted-by":"crossref","unstructured":"B\u00fcnz B., Bootle J., Boneh D., Poelstra A., Wuille P., Maxwell G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pages 315\u2013334. IEEE Computer Society Press (2018)","DOI":"10.1109\/SP.2018.00020"},{"key":"1245_CR14","first-page":"402","volume-title":"EUROCRYPT\u201999","author":"C Cachin","year":"1999","unstructured":"Cachin C., Micali S., Stadler M.: Computationally private information retrieval with polylogarithmic communication. In: Stern J. (ed.) EUROCRYPT\u201999, vol. 1592, pp. 402\u2013414. LNCS. Springer, Heidelberg (1999)."},{"key":"1245_CR15","unstructured":"Cambrian Tech: Cryptographic accumulators in rust (2019). https:\/\/github.com\/cambrian\/accumulator"},{"key":"1245_CR16","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/3-540-45708-9_5","volume-title":"CRYPTO 2002","author":"J Camenisch","year":"2002","unstructured":"Camenisch J., Lysyanskaya A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung M. (ed.) CRYPTO 2002, vol. 2442, pp. 61\u201376. LNCS. Springer, Heidelberg (2002)."},{"key":"1245_CR17","first-page":"481","volume-title":"PKC 2009","author":"J Camenisch","year":"2009","unstructured":"Camenisch J., Kohlweiss M., Soriente C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In: Jarecki S., Tsudik G. (eds.) PKC 2009, vol. 5443, pp. 481\u2013500. LNCS. Springer, Heidelberg (2009)."},{"key":"1245_CR18","doi-asserted-by":"crossref","unstructured":"Campanelli M., Fiore D., Querol A.: Legosnark: modular design and composition of succinct zero-knowledge proofs. To appear at ACM CCS 2019. IACR Cryptology ePrint Archive, 2019 (2019)","DOI":"10.1145\/3319535.3339820"},{"key":"1245_CR19","doi-asserted-by":"crossref","unstructured":"Campanelli M., Fiore D., Han S., Kim J., Kolonelos D., Oh H.: Succinct zero-knowledge batch proofs for set accumulators. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 455\u2013469 (2022)","DOI":"10.1145\/3548606.3560677"},{"key":"1245_CR20","doi-asserted-by":"crossref","unstructured":"Canetti R., Lindell Y., Ostrovsky R., Sahai A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494\u2013503. ACM Press (2002)","DOI":"10.1145\/509907.509980"},{"key":"1245_CR21","first-page":"55","volume-title":"PKC 2013, volume 7778 of LNCS","author":"D Catalano","year":"2013","unstructured":"Catalano D., Fiore D.: Vector commitments and their applications. In: Kurosawa K., Hanaoka G. (eds.) PKC 2013, volume 7778 of LNCS, pp. 55\u201372. Springer, Heidelberg (2013)."},{"issue":"10","key":"1245_CR22","doi-asserted-by":"publisher","first-page":"1030","DOI":"10.1145\/4372.4373","volume":"28","author":"D Chaum","year":"1985","unstructured":"Chaum D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030\u20131044 (1985).","journal-title":"Commun. ACM"},{"key":"1245_CR23","unstructured":"Chepurnoy A., Papamanthou C., Yupeng Z.: A cryptocurrency with stateless transaction validation, Edrax (2018)"},{"key":"1245_CR24","doi-asserted-by":"crossref","unstructured":"Couteau G., Hartmann D.: Shorter non-interactive zero-knowledge arguments and zaps for algebraic languages. In: Advances in Cryptology\u2013CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17\u201321, 2020, Proceedings, Part III, pp. 768\u2013798. Springer (2020)","DOI":"10.1007\/978-3-030-56877-1_27"},{"key":"1245_CR25","first-page":"321","volume-title":"EUROCRYPT 2017, Part II, volume 10211 of LNCS","author":"G Couteau","year":"2017","unstructured":"Couteau G., Peters T., Pointcheval D.: Removing the strong RSA assumption from arguments over the integers. In: Coron J.-S., Nielsen J.B. (eds.) EUROCRYPT 2017, Part II, volume 10211 of LNCS, pp. 321\u2013350. Springer, Heidelberg (2017)."},{"key":"1245_CR26","doi-asserted-by":"crossref","unstructured":"Couteau G., Lipmaa H., Parisella R., \u00d8degaard A.T.: Efficient nizks for algebraic sets. In: Advances in Cryptology\u2013ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6\u201310, (2021), Proceedings, Part III, pp. 128\u2013158. Springer (2021)","DOI":"10.1007\/978-3-030-92078-4_5"},{"key":"1245_CR27","unstructured":"cpsnarks-librustzcash. https:\/\/github.com\/kobigurk\/cpsnarks-librustzcash"},{"key":"1245_CR28","unstructured":"Cpsnarks-set. https:\/\/github.com\/kobigurk\/cpsnarks-set"},{"key":"1245_CR29","doi-asserted-by":"crossref","unstructured":"Cramer R., Shoup V.: Signature schemes based on the strong RSA assumption. In: Motiwalla J., Tsudik G. (eds) ACM CCS 99, pp. 46\u201351. ACM Press (1999)","DOI":"10.1145\/319709.319716"},{"key":"1245_CR30","unstructured":"Dahlberg R., Pulls T., Peeters R.: Efficient sparse merkle trees: Caching strategies and secure (non-)membership proofs. Cryptology ePrint Archive, Report 2016\/683 (2016). https:\/\/eprint.iacr.org\/2016\/683"},{"key":"1245_CR31","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/3-540-36178-2_8","volume-title":"ASIACRYPT 2002","author":"I Damg\u00e5rd","year":"2002","unstructured":"Damg\u00e5rd I., Fujisaki E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Yuliang Zheng (ed.) ASIACRYPT 2002, vol. 2501, pp. 125\u2013142. LNCS. Springer, Heidelberg (2002)."},{"key":"1245_CR32","unstructured":"Damg\u00e5rd I., Triandopoulos N.: Supporting non-membership proofs with bilinear-map accumulators. Cryptology ePrint Archive, Report 2008\/538 (2008). http:\/\/eprint.iacr.org\/2008\/538"},{"key":"1245_CR33","unstructured":"de Valence, H.: Merlin: composable proof transcripts for public-coin arguments of knowledge (2019). https:\/\/github.com\/dalek-cryptography\/merlin"},{"key":"1245_CR34","unstructured":"Dobson S., Galbraith Steven\u00a0D.: Trustless groups of unknown order with hyperelliptic curves. Cryptology ePrint Archive, Report 2020\/196 (2020). https:\/\/eprint.iacr.org\/2020\/196"},{"key":"1245_CR35","unstructured":"Eagen L., Fiore D., Gabizon A.: cq: Cached quotients for fast lookups. Cryptology ePrint Archive (2022)"},{"key":"1245_CR36","first-page":"630","volume-title":"PKC 2014","author":"A Escala","year":"2014","unstructured":"Escala A., Groth J.: Fine-tuning Groth-Sahai proofs. In: Krawczyk H. (ed.) PKC 2014, vol. 8383, pp. 630\u2013649. LNCS. Springer, Heidelberg (2014)."},{"key":"1245_CR37","unstructured":"Fazio N., Nicolosi A.: Cryptographic accumulators: definitions, constructions and applications. Paper written for course at New York University. www.cs.nyu.edu\/nicolosi\/papers\/accumulators.pdf (2002)"},{"key":"1245_CR38","unstructured":"FINRA: https:\/\/www.finra.org\/rules-guidance\/rulebooks\/finra-rules\/2090#the-rule"},{"key":"1245_CR39","doi-asserted-by":"crossref","unstructured":"Fiore D., Fournet C., Ghosh E., Kohlweiss M., Ohrimenko O., Parno B.: Hash first, argue later: adaptive verifiable computations on outsourced data. In: Weippl E.R., Katzenbeisser S., Kruegel C., Myers A.C., Halevi S.(eds) ACM CCS 2016, pp. 1304\u20131316. ACM Press (2016)","DOI":"10.1145\/2976749.2978368"},{"key":"1245_CR40","doi-asserted-by":"crossref","unstructured":"Fouque P.-A., Tibouchi M.: Close to uniform prime number generation with fewer random bits. In: Esparza J., Fraigniaud P., Husfeldt T., Koutsoupias E. (eds.) ICALP 2014, pp. 991\u20131002. Part I, volume 8572 of LNCS. Springer, Heidelberg (2014)","DOI":"10.1007\/978-3-662-43948-7_82"},{"key":"1245_CR41","first-page":"16","volume-title":"CRYPTO\u201997, volume 1294 of LNCS","author":"E Fujisaki","year":"1997","unstructured":"Fujisaki E., Okamoto T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski B.S. (ed.) CRYPTO\u201997, volume 1294 of LNCS, pp. 16\u201330. Springer, Heidelberg (1997)."},{"key":"1245_CR42","unstructured":"Gabizon A., Khovratovich D.: Flookup: Fractional decomposition-based lookups in quasi-linear time independent of table size. Cryptology ePrint Archive (2022)"},{"key":"1245_CR43","first-page":"123","volume-title":"EUROCRYPT\u201999","author":"R Gennaro","year":"1999","unstructured":"Gennaro R., Halevi S., Rabin T.: Secure hash-and-sign signatures without the random oracle. In: Stern J. (ed.) EUROCRYPT\u201999, vol. 1592, pp. 123\u2013139. LNCS. Springer, Heidelberg (1999)."},{"key":"1245_CR44","doi-asserted-by":"crossref","unstructured":"Gentry C., Wichs D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow L., Vadhan S.P. (eds) 43rd ACM STOC, pp. 99\u2013108. ACM Press (2011)","DOI":"10.1145\/1993636.1993651"},{"issue":"1","key":"1245_CR45","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S Goldwasser","year":"1989","unstructured":"Goldwasser S., Micali S., Rackoff C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186\u2013208 (1989).","journal-title":"SIAM J. Comput."},{"key":"1245_CR46","doi-asserted-by":"crossref","unstructured":"Groth J.: On the size of pairing-based non-interactive arguments. In: Fischlin M., Coron J.-S. (eds.) EUROCRYPT 2016, pp. 305\u2013326. Part II, volume 9666 of LNCS. Springer, Heidelberg (2016)","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"1245_CR47","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-540-78967-3_24","volume-title":"EUROCRYPT 2008","author":"J Groth","year":"2008","unstructured":"Groth J., Sahai A.: Efficient non-interactive proof systems for bilinear groups. In: Smart N.P. (ed.) EUROCRYPT 2008, vol. 4965, pp. 415\u2013432. LNCS. Springer, Heidelberg (2008)."},{"key":"1245_CR48","first-page":"224","volume-title":"ACNS 12","author":"L Helger","year":"2012","unstructured":"Helger L.: Secure accumulators from euclidean rings without trusted setup. In: Feng B., Pierangela S., Jianying Z. (eds.) ACNS 12, vol. 7341, pp. 224\u2013240. LNCS. Springer, Heidelberg (2012)."},{"key":"1245_CR49","unstructured":"Hopwood D., Bowe S., Hornby T., Wilcox N.: Zcash protocol specification. Tech. rep. 2016\u20131.10. Zerocoin Electric Coin Company, Tech. Rep., (2016). https:\/\/github.com\/zcash\/zips\/blob\/master\/protocol\/sapling.pdf"},{"key":"1245_CR50","first-page":"253","volume-title":"ACNS 07","author":"L Jiangtao","year":"2007","unstructured":"Jiangtao L., Ninghui L., Rui X.: Universal accumulators with efficient nonmembership proofs. In: Jonathan K., Moti Y. (eds.) ACNS 07, vol. 4521, pp. 253\u2013269. LNCS. Springer, Heidelberg (2007)."},{"key":"1245_CR51","unstructured":"Lee J.: The security of groups of unknown order based on jacobians of hyperelliptic curves. Cryptology ePrint Archive, Report 2020\/289 (2020). https:\/\/eprint.iacr.org\/2020\/289"},{"key":"1245_CR52","first-page":"499","volume-title":"TCC 2010","author":"B Libert","year":"2010","unstructured":"Libert B., Yung M.: Concise mercurial vector commitments and independent zero-knowledge sets with short proofs. In: Micciancio D. (ed.) TCC 2010, vol. 5978, pp. 499\u2013517. LNCS. Springer, Heidelberg (2010)."},{"key":"1245_CR53","doi-asserted-by":"crossref","unstructured":"Lipmaa H., Parisella R.: Set (non-) membership nizks from determinantal accumulators. Cryptology ePrint Archive (2022)","DOI":"10.1007\/978-3-031-44469-2_18"},{"key":"1245_CR54","unstructured":"Lovecruft I.A., de\u00a0Valence H.: curve25519-dalek: a pure-rust implementation of group operations on ristretto and curve25519. https:\/\/github.com\/dalek-cryptography\/curve25519-dalek"},{"key":"1245_CR55","first-page":"369","volume-title":"CRYPTO\u201987","author":"RC Merkle","year":"1988","unstructured":"Merkle R.C.: A digital signature based on a conventional encryption function. In: Pomerance C. (ed.) CRYPTO\u201987, vol. 293, pp. 369\u2013378. LNCS. Springer, Heidelberg (1988)."},{"key":"1245_CR56","doi-asserted-by":"crossref","unstructured":"Miers I., Garman C., Green M., Rubin Aviel D: Zerocoin: anonymous distributed E-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397\u2013411. IEEE Computer Society Press (2013)","DOI":"10.1109\/SP.2013.34"},{"key":"1245_CR57","first-page":"275","volume-title":"CT-RSA 2005","author":"L Nguyen","year":"2005","unstructured":"Nguyen L.: Accumulators from bilinear pairings and applications. In: Menezes A. (ed.) CT-RSA 2005, vol. 3376, pp. 275\u2013292. LNCS. Springer, Heidelberg (2005)."},{"key":"1245_CR58","unstructured":"Ozdemir A., Wahby Riad S., Whitehat B., Boneh D.: Scaling verifiable computation using efficient set accumulators. Cryptology ePrint Archive, Report 2019\/1494 (2019). https:\/\/eprint.iacr.org\/2019\/1494"},{"key":"1245_CR59","first-page":"222","volume-title":"TCC 2013","author":"C Papamanthou","year":"2013","unstructured":"Papamanthou C., Shi E., Tamassia R.: Signatures of correct computation. In: Sahai A. (ed.) TCC 2013, vol. 7785, pp. 222\u2013242. LNCS. Springer, Heidelberg (2013)."},{"key":"1245_CR60","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/978-3-642-38348-9_22","volume-title":"EUROCRYPT 2013","author":"C Papamanthou","year":"2013","unstructured":"Papamanthou C., Shi E., Tamassia R., Yi K.: Streaming authenticated data structures. In: Johansson T., Nguyen P.Q. (eds.) EUROCRYPT 2013, vol. 7881, pp. 353\u2013370. LNCS. Springer, Heidelberg (2013)."},{"key":"1245_CR61","doi-asserted-by":"crossref","unstructured":"Parno B., Howell J., Gentry C., Raykova M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238\u2013252. IEEE Computer Society Press (2013)","DOI":"10.1109\/SP.2013.47"},{"key":"1245_CR62","unstructured":"Posen J., Kattis Assimakis A: Caulk+: table-independent lookup arguments. Cryptology ePrint Archive (2022)"},{"key":"1245_CR63","unstructured":"Ray J.: Patricia tree (2019). https:\/\/github.com\/ethereum\/wiki\/wiki\/Patricia-Tree"},{"key":"1245_CR64","unstructured":"rln Semaphore: rate limiting nullifier for spam prevention in anonymous p2p setting, February (2019). https:\/\/ethresear.ch\/t\/semaphore-rln-rate-limiting-nullifier-for-spam-prevention-in-anonymous-p2p-setting\/5009"},{"key":"1245_CR65","unstructured":"Rsa-2048. https:\/\/en.wikipedia.org\/wiki\/RSA_numbers#RSA-2048"},{"key":"1245_CR66","unstructured":"Rust implementation of LegoGroth16. https:\/\/github.com\/kobigurk\/legogro16"},{"key":"1245_CR67","unstructured":"SCIPR Lab: Zexe (zero knowledge execution). https:\/\/github.com\/scipr-lab\/zexe"},{"key":"1245_CR68","unstructured":"Securities U.S. and Exchange Commission: Anti-money laundering (aml) source tool for broker-dealers (2018). https:\/\/www.sec.gov\/about\/offices\/ocie\/amlsourcetool.htm"},{"key":"1245_CR69","first-page":"256","volume-title":"EUROCRYPT\u201997","author":"V Shoup","year":"1997","unstructured":"Shoup V.: Lower bounds for discrete logarithms and related problems. In: Fumy W. (ed.) EUROCRYPT\u201997, vol. 1233, pp. 256\u2013266. LNCS. Springer, Heidelberg (1997)."},{"key":"1245_CR70","doi-asserted-by":"crossref","unstructured":"Srinivasan S., Karantaidou I., Baldimtsi F., Papamanthou C.: Batching, aggregation, and zero-knowledge proofs in bilinear accumulators. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2719\u20132733 (2022)","DOI":"10.1145\/3548606.3560676"},{"key":"1245_CR71","first-page":"1","volume-title":"TCC 2008","author":"P Valiant","year":"2008","unstructured":"Valiant P.: Incrementally verifiable computation or proofs of knowledge imply time\/space efficiency. In: Canetti R. (ed.) TCC 2008, vol. 4948, pp. 1\u201318. LNCS. Springer, Heidelberg (2008)."},{"key":"1245_CR72","unstructured":"Wesolowski B.: Efficient verifiable delay functions. Cryptology ePrint Archive, Report 2018\/623 (2018). https:\/\/eprint.iacr.org\/2018\/623"},{"key":"1245_CR73","unstructured":"Yap R.: Cryptographic description of zerocoin attack (2019). https:\/\/zcoin.io\/cryptographic-description-of-zerocoin-attack\/"},{"key":"1245_CR74","doi-asserted-by":"crossref","unstructured":"Zapico A., Buterin V., Khovratovich D., Maller M., Nitulescu A., Simkin M.: Caulk: lookup arguments in sublinear time. In:Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 3121\u20133134 (2022)","DOI":"10.1145\/3548606.3560646"},{"key":"1245_CR75","volume-title":"Nearly optimal lookup arguments","author":"A Zapico","year":"2022","unstructured":"Zapico A., Gabizon A., Khovratovich D., Maller M., Carla R.: Nearly optimal lookup arguments. Cryptology ePrint Archive, Baloo (2022)."},{"key":"1245_CR76","unstructured":"Zcash: Zcash rust crates. https:\/\/github.com\/zcash\/librustzcash"},{"key":"1245_CR77","unstructured":"Zhang Y., Genkin D., Katz J., Papadopoulos D., Papamanthou C.: A zero-knowledge version of vSQL. Cryptology ePrint Archive, Report 2017\/1146 (2017). https:\/\/eprint.iacr.org\/2017\/1146"},{"key":"1245_CR78","doi-asserted-by":"crossref","unstructured":"Zhang Y., Katz J., Papamanthou C.: An expressive (zero-knowledge) set accumulator. In: 2017 IEEE European Symposium on Security and Privacy (EuroS P), pp. 158\u2013173 (2017)","DOI":"10.1109\/EuroSP.2017.35"},{"key":"1245_CR79","doi-asserted-by":"crossref","unstructured":"Zhang J., Xie T., Zhang Y., Song D.: Transparent polynomial delegation and its applications to zero knowledge proof. In: IEEE Symposium on Security and Privacy (2020)","DOI":"10.1109\/SP40000.2020.00052"}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-023-01245-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-023-01245-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-023-01245-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T13:42:29Z","timestamp":1729690949000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-023-01245-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,1]]},"references-count":79,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2023,11]]}},"alternative-id":["1245"],"URL":"https:\/\/doi.org\/10.1007\/s10623-023-01245-1","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,1]]},"assertion":[{"value":"6 July 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 March 2023","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 May 2023","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 July 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no conflicts interests to declare that are relevant to the content of this article, besides the funding that we already state and our affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}