{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T22:40:09Z","timestamp":1760740809486,"version":"build-2065373602"},"reference-count":56,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:00:00Z","timestamp":1753401600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:00:00Z","timestamp":1753401600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cryptogr. Commun."],"published-print":{"date-parts":[[2025,9]]},"DOI":"10.1007\/s12095-025-00827-1","type":"journal-article","created":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T07:32:46Z","timestamp":1753428766000},"page":"1249-1286","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Hybrid zero-knowledge from garbled circuits"],"prefix":"10.1007","volume":"17","author":[{"given":"Masayuki","family":"Abe","sequence":"first","affiliation":[]},{"given":"Miguel","family":"Ambrona","sequence":"additional","affiliation":[]},{"given":"Miyako","family":"Ohkubo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,25]]},"reference":[{"key":"827_CR1","doi-asserted-by":"crossref","unstructured":"Abe, M., Ambrona, M., Bogdanov, A., Ohkubo, M., Rosen, A.: Non-interactive composition of sigma-protocols via share-then-hash. In ASIACRYPT 2020, vol. 12493 of LNCS, pp. 749\u2013773 (2020)","DOI":"10.1007\/978-3-030-64840-4_25"},{"key":"827_CR2","doi-asserted-by":"crossref","unstructured":"Abe, M., Ambrona, M., Bogdanov, A., Ohkubo, M., Rosen, A.: Acyclicity programming for sigma-protocols. In TCC 2021, Part I, vol. 13042 of LNCS, pp. 435\u2013465 (2021)","DOI":"10.1007\/978-3-030-90459-3_15"},{"key":"827_CR3","doi-asserted-by":"crossref","unstructured":"Agrawal, S., Ganesh, C., Mohassel, P.: Non-interactive zero-knowledge proofs for composite statements. In CRYPTO 2018, Part III, vol. 10993 of LNCS, pp. 643\u2013673 (2018)","DOI":"10.1007\/978-3-319-96878-0_22"},{"key":"827_CR4","doi-asserted-by":"crossref","unstructured":"Aranha, D.F., Bennedsen, E.M., Campanelli, M., Ganesh, C., Orlandi, C., Takahashi, A.: ECLIPSE: enhanced compiling method for pedersen-committed zksnark engines. In PKC 2022, Part I, vol. 13177 of LNCS, pp. 584\u2013614 (2022)","DOI":"10.1007\/978-3-030-97121-2_21"},{"key":"827_CR5","doi-asserted-by":"crossref","unstructured":"Attema, T., Cascudo, I., Cramer, R., Damg\u00e5rd, I., Escudero, D.: Vector commitments over rings and compressed $$\\varsigma $$-protocols. In TCC 2022, Part I, vol. 13747 of LNCS, pp. 173\u2013202 (2022)","DOI":"10.1007\/978-3-031-22318-1_7"},{"key":"827_CR6","doi-asserted-by":"crossref","unstructured":"Attema, T., Cramer, R.: Compressed $$\\Sigma $$-protocol theory and practical application to plug & play secure algorithmics. IACR Cryptol. ePrint Arch., p. 152 (2020)","DOI":"10.1007\/978-3-030-56877-1_18"},{"key":"827_CR7","doi-asserted-by":"crossref","unstructured":"Attema, T., Cramer, R.: Compressed $$\\varsigma $$-protocol theory and practical application to plug & play secure algorithmics. In CRYPTO 2020, Part III, volume 12172 of LNCS, pp. 513\u2013543 (2020)","DOI":"10.1007\/978-3-030-56877-1_18"},{"key":"827_CR8","doi-asserted-by":"crossref","unstructured":"Attema, T., Cramer, R., Fehr, S.: Compressing proofs of k-out-of-n partial knowledge. In CRYPTO 2021, Part IV, vol. 12828 of LNCS, pp. 65\u201391 (2021)","DOI":"10.1007\/978-3-030-84259-8_3"},{"key":"827_CR9","doi-asserted-by":"crossref","unstructured":"Attema, T., Cramer, R., Kohl, L.: A compressed $$\\varsigma $$-protocol theory for lattices. In CRYPTO 2021, Part II, vol. 12826 of LNCS, pp. 549\u2013579 (2021)","DOI":"10.1007\/978-3-030-84245-1_19"},{"key":"827_CR10","doi-asserted-by":"crossref","unstructured":"Attema, T., Fehr, S., Resch, N.: Generalized special-sound interactive proofs and their knowledge soundness. In TCC 2023, Part III, vol. 14371 of LNCS, pp. 424\u2013454 (2023). Springer","DOI":"10.1007\/978-3-031-48621-0_15"},{"key":"827_CR11","doi-asserted-by":"crossref","unstructured":"Avitabile, G., Botta, V., Friolo, D., Visconti, I.: Efficient proofs of knowledge for threshold relations. In ESORICS 2022, Part III, vol. 13556 of LNCS, pp. 42\u201362 (2022)","DOI":"10.1007\/978-3-031-17143-7_3"},{"key":"827_CR12","doi-asserted-by":"crossref","unstructured":"Ball, M., Malkin, T., Rosulek, M.: Garbling gadgets for boolean and arithmetic circuits. In ACM CCS 2016, pp. 565\u2013577 (2016)","DOI":"10.1145\/2976749.2978410"},{"key":"827_CR13","doi-asserted-by":"crossref","unstructured":"Baum, C., Braun, L., Munch-Hansen, A., Razet, B., Scholl, P.: Appenzeller to brie: Efficient zero-knowledge proofs for mixed-mode arithmetic and z2k. In ACM CCS 2021, pp. 192\u2013211 (2021)","DOI":"10.1145\/3460120.3484812"},{"key":"827_CR14","doi-asserted-by":"crossref","unstructured":"Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In ACM CCS 2012, pp. 784\u2013796 (2012)","DOI":"10.1145\/2382196.2382279"},{"key":"827_CR15","doi-asserted-by":"crossref","unstructured":"Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: Silent OT extension and more. In CRYPTO 2019, Part III, volume 11694 of LNCS, pp. 489\u2013518 (2019)","DOI":"10.1007\/978-3-030-26954-8_16"},{"issue":"4","key":"827_CR16","doi-asserted-by":"publisher","first-page":"521","DOI":"10.1007\/s10817-020-09581-w","volume":"65","author":"D Butler","year":"2021","unstructured":"Butler, D., Lochbihler, A., Aspinall, D., Gasc\u00f3n, A.: Formalising $$\\varsigma $$-protocols and commitment schemes using crypthol. J. Autom. Reason. 65(4), 521\u2013567 (2021)","journal-title":"J. Autom. Reason."},{"key":"827_CR17","doi-asserted-by":"crossref","unstructured":"Campanelli, M., Faonio, A., Fiore, D., Querol, A., Rodr\u00edguez, H.: Lunar: A toolbox for more efficient universal and updatable zksnarks and commit-and-prove extensions. In ASIACRYPT 2021, Part III, vol. 13092 of LNCS, pp. 3\u201333 (2021)","DOI":"10.1007\/978-3-030-92078-4_1"},{"key":"827_CR18","doi-asserted-by":"crossref","unstructured":"Campanelli, M., Fiore, D., Querol, A.: LegoSNARK: Modular design and composition of succinct zero-knowledge proofs. In ACM CCS 2019, pp. 2075\u20132092 (2019)","DOI":"10.1145\/3319535.3339820"},{"key":"827_CR19","doi-asserted-by":"crossref","unstructured":"Chase, M., Ganesh, C., Mohassel, P.: Efficient zero-knowledge proof of algebraic and non-algebraic statements with applications to privacy preserving credentials. In CRYPTO 2016, Part III, vol. 9816 of LNCS, pp. 499\u2013530 (2016)","DOI":"10.1007\/978-3-662-53015-3_18"},{"key":"827_CR20","doi-asserted-by":"crossref","unstructured":"Chou, T., Orlandi, C.: The simplest protocol for oblivious transfer. In LATINCRYPT 2015, vol. 9230 of LNCS, pp. 40\u201358 (2015)","DOI":"10.1007\/978-3-319-22174-8_3"},{"key":"827_CR21","doi-asserted-by":"crossref","unstructured":"Ciampi, M., Persiano, G., Scafuro, A., Siniscalchi, L., Visconti, I.: Improved or-composition of sigma-protocols. In TCC 2016-A, Part II, vol. 9563 of LNCS, pp. 112\u2013141 (2016)","DOI":"10.1007\/978-3-662-49099-0_5"},{"key":"827_CR22","doi-asserted-by":"crossref","unstructured":"Ciampi, M., Persiano, G., Scafuro, A., Siniscalchi, L., Visconti, I.: Online\/offline OR composition of sigma protocols. In Fischlin, M., Coron, J.-S. (eds.), EUROCRYPT 2016, Part II, vol. 9666 of LNCS, pp. 63\u201392, (2016)","DOI":"10.1007\/978-3-662-49896-5_3"},{"key":"827_CR23","unstructured":"Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocols. PhD thesis, University of Amsterdam, (1997)"},{"key":"827_CR24","doi-asserted-by":"crossref","unstructured":"Cramer, R., Damg\u00e5rd, I., Escudero, D., Scholl, P., Xing, C.: SPDZ$$_{\\text{2}^{\\text{k }}}$$: Efficient MPC mod $$2^{\\text{ k }}$$ for dishonest majority. In CRYPTO 2018, Part II, vol. 10992 of LNCS, pp. 769\u2013798 (2018)","DOI":"10.1007\/978-3-319-96881-0_26"},{"key":"827_CR25","doi-asserted-by":"crossref","unstructured":"Cramer, R., Damg\u00e5rd, I., MacKenzie, P.D.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In PKC 2000, vol. 1751 of LNCS, pp. 354\u2013372 (2000)","DOI":"10.1007\/978-3-540-46588-1_24"},{"key":"827_CR26","doi-asserted-by":"crossref","unstructured":"Cramer, R., Damg\u00e5rd, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO 1994, vol. 839 of LNCS, pp. 174\u2013187 (1994)","DOI":"10.1007\/3-540-48658-5_19"},{"key":"827_CR27","doi-asserted-by":"crossref","unstructured":"Cui, H., Zhang, K.: A simple post-quantum non-interactive zero-knowledge proof from garbled circuits. In Inscrypt 2021, vol. 13007 of LNCS, pp. 269\u2013280 (2021)","DOI":"10.1007\/978-3-030-88323-2_14"},{"key":"827_CR28","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I.: On the existence of bit commitment schemes and zero-knowledge proofs. In CRYPTO 1989, vol. 435 of LNCS, pp. 17\u201327, (1989)","DOI":"10.1007\/0-387-34805-0_3"},{"key":"827_CR29","doi-asserted-by":"crossref","unstructured":"Escudero, D., Ghosh, S., Keller, M., Rachuri, R., Scholl, P.: Improved primitives for MPC over mixed arithmetic-binary circuits. In CRYPTO 2020, Part II, vol. 12171 of LNCS, pp. 823\u2013852, (2020)","DOI":"10.1007\/978-3-030-56880-1_29"},{"key":"827_CR30","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., Georgescu, A., Qian, C., Roux-Langlois, A., Wen, W.: A generic transform from multi-round interactive proof to NIZK. In PKC 2023, Part II, vol. 13941 of LNCS, pp. 461\u2013481 (2023)","DOI":"10.1007\/978-3-031-31371-4_16"},{"key":"827_CR31","doi-asserted-by":"crossref","unstructured":"Frederiksen, T.K., Nielsen, J.B., Orlandi, C.: Privacy-free garbled circuits with applications to efficient zero-knowledge. In EUROCRYPT 2015, Part II, vol. 9057 of LNCS, pp. 191\u2013219 (2015)","DOI":"10.1007\/978-3-662-46803-6_7"},{"key":"827_CR32","first-page":"315","volume":"2020","author":"A Gabizon","year":"2020","unstructured":"Gabizon, A., Williamson, Z.J.: plookup: A simplified polynomial protocol for lookup tables. IACR Cryptol. ePrint Arch 2020, 315 (2020)","journal-title":"IACR Cryptol. ePrint Arch"},{"key":"827_CR33","doi-asserted-by":"crossref","unstructured":"Ganesh, C., Kondi, Y., Patra, A., Sarkar, P.: Efficient adaptively secure zero-knowledge from garbled circuits. In PKC 2018, Part II, vol. 10770 of LNCS, pp. 499\u2013529 (2018)","DOI":"10.1007\/978-3-319-76581-5_17"},{"key":"827_CR34","doi-asserted-by":"crossref","unstructured":"Garillot, F., Kondi, Y., Mohassel, P., Nikolaenko, V.: Threshold schnorr with stateless deterministic signing from standard assumptions. In CRYPTO 2021, Part I, vol. 12825 of LNCS, pp. 127\u2013156, (2021)","DOI":"10.1007\/978-3-030-84242-0_6"},{"key":"827_CR35","doi-asserted-by":"crossref","unstructured":"Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct nizks without pcps. In EUROCRYPT 2013, vol. 7881 of LNCS, pp. 626\u2013645 (2013)","DOI":"10.1007\/978-3-642-38348-9_37"},{"key":"827_CR36","doi-asserted-by":"crossref","unstructured":"Goel, A., Hall-Andersen, M., Kaptchuk, G., Spooner, N.: Speed-stacking: Fast sublinear zero-knowledge proofs for disjunctions. In EUROCRYPT 2023, Part II, vol. 14005 of LNCS, pp. 347\u2013378 (2023)","DOI":"10.1007\/978-3-031-30617-4_12"},{"key":"827_CR37","doi-asserted-by":"crossref","unstructured":"Hazay, C., Venkitasubramaniam, M.: On the Power of Secure Two-Party Computation. J. Cryptol. 33(1), 271\u2013318 (2020)","DOI":"10.1007\/s00145-019-09314-2"},{"key":"827_CR38","doi-asserted-by":"crossref","unstructured":"Heath, D., Kolesnikov, V., Lu, J.: Efficient generic arithmetic for KKW - practical linear mpc-in-the-head NIZK on commodity hardware without trusted setup. In CSCML 2021, vol. 12716 of LNCS, pp. 414\u2013431 (2021)","DOI":"10.1007\/978-3-030-78086-9_31"},{"key":"827_CR39","doi-asserted-by":"crossref","unstructured":"Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In ACM STOC 2007, pp. 21\u201330 (2007)","DOI":"10.1145\/1250790.1250794"},{"key":"827_CR40","doi-asserted-by":"crossref","unstructured":"Jawurek, M., Kerschbaum, F., Orlandi, C.: Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In ACM CCS 2013, pp. 955\u2013966 (2013)","DOI":"10.1145\/2508859.2516662"},{"key":"827_CR41","doi-asserted-by":"crossref","unstructured":"Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In ACM CCS 2018, pp. 525\u2013537 (2018)","DOI":"10.1145\/3243734.3243805"},{"key":"827_CR42","doi-asserted-by":"crossref","unstructured":"Khurana, D., Ostrovsky, R., Srinivasan, A.: Round optimal black-box \u201ccommit-and-prove\u201d. In TCC 2018, Part I, vol. 11239 of LNCS, pp. 286\u2013313 (2018)","DOI":"10.1007\/978-3-030-03807-6_11"},{"key":"827_CR43","doi-asserted-by":"crossref","unstructured":"Kolesnikov, V., Schneider, T.: Improved garbled circuit: Free XOR gates and applications. In ICALP 2008, Part II - Track B: Logic, Semantics, and Theory of Programming & Track C: Security and Cryptography Foundations, vol. 5126 of LNCS, pp. 486\u2013498 (2008)","DOI":"10.1007\/978-3-540-70583-3_40"},{"key":"827_CR44","unstructured":"Libert, B., Ramanna, S.C., Yung, M.: Functional commitment schemes: From polynomial commitments to pairing-based accumulators from simple assumptions. In ICALP 2016, vol.\u00a055 of LIPIcs, pp. 30:1\u201330:14 (2016)"},{"key":"827_CR45","doi-asserted-by":"crossref","unstructured":"Libert, B., Yung, M.: Concise mercurial vector commitments and independent zero-knowledge sets with short proofs. In TCC 2010, vol. 5978 of LNCS, pp. 499\u2013517 (2010)","DOI":"10.1007\/978-3-642-11799-2_30"},{"key":"827_CR46","doi-asserted-by":"crossref","unstructured":"Lipmaa, H., Pavlyk, K.: Succinct functional commitment for a large class of arithmetic circuits. In ASIACRYPT 2020, Part III, vol. 12493 of LNCS, pp. 686\u2013716 (2020)","DOI":"10.1007\/978-3-030-64840-4_23"},{"key":"827_CR47","doi-asserted-by":"crossref","unstructured":"Merkle, R.C.: A digital signature based on a conventional encryption function. In CRYPTO 1987, vol. 293 of LNCS, pp. 369\u2013378 (1987)","DOI":"10.1007\/3-540-48184-2_32"},{"key":"827_CR48","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Peikert, C.: Trapdoors for lattices: Simpler, tighter, faster, smaller. In EUROCRYPT 2012, volume 7237 of LNCS, pp. 700\u2013718 (2012)","DOI":"10.1007\/978-3-642-29011-4_41"},{"key":"827_CR49","doi-asserted-by":"crossref","unstructured":"Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In CRYPTO 2001, vol. 2139 of LNCS, pp. 41\u201362 (2001)","DOI":"10.1007\/3-540-44647-8_3"},{"key":"827_CR50","doi-asserted-by":"crossref","unstructured":"Nguyen, K., Ambrona, M., Abe, M.: WI is almost enough: Contingent payment all over again. In ACM CCS 2020, pp. 641\u2013656 (2020)","DOI":"10.1145\/3372297.3417888"},{"key":"827_CR51","doi-asserted-by":"crossref","unstructured":"Peikert, C., Pepin, Z., Sharp, C.: Vector and functional commitments from lattices. In TCC 2021, Part III, vol. 13044 of LNCS, pp. 480\u2013511 (2021)","DOI":"10.1007\/978-3-030-90456-2_16"},{"issue":"1","key":"827_CR52","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/BF02122563","volume":"8","author":"C Weng","year":"1988","unstructured":"Weng, C.: The gap between monotone and non-monotone circuit complexity is exponential. Combinatorica 8(1), 141\u2013142 (1988)","journal-title":"Combinatorica"},{"key":"827_CR53","unstructured":"Weng, C., Yang, K., Xie, X., Katz, J., Wang, X.: Mystique: Efficient conversions for zero-knowledge proofs with applications to machine learning. In USENIX Security 2021, pp. 501\u2013518 (2021)"},{"key":"827_CR54","doi-asserted-by":"crossref","unstructured":"Yao, A.C.: Protocols for secure computations (extended abstract). In IEEE FOCS 1982, pp. 160\u2013164 (1982)","DOI":"10.1109\/SFCS.1982.38"},{"key":"827_CR55","doi-asserted-by":"crossref","unstructured":"Yao, A.C.: How to generate and exchange secrets (extended abstract). In IEEE FOCS 1986, pp. 162\u2013167 (1986)","DOI":"10.1109\/SFCS.1986.25"},{"key":"827_CR56","doi-asserted-by":"crossref","unstructured":"Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole - reducing data transfer in garbled circuits using half gates. In EUROCRYPT 2015, Part II, vol. 9057 of LNCS, pp. 220\u2013250 (2015)","DOI":"10.1007\/978-3-662-46803-6_8"}],"container-title":["Cryptography and Communications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12095-025-00827-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12095-025-00827-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12095-025-00827-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T22:02:48Z","timestamp":1760738568000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12095-025-00827-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,25]]},"references-count":56,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,9]]}},"alternative-id":["827"],"URL":"https:\/\/doi.org\/10.1007\/s12095-025-00827-1","relation":{},"ISSN":["1936-2447","1936-2455"],"issn-type":[{"type":"print","value":"1936-2447"},{"type":"electronic","value":"1936-2455"}],"subject":[],"published":{"date-parts":[[2025,7,25]]},"assertion":[{"value":"12 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 July 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}