{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T10:01:19Z","timestamp":1780048879017,"version":"3.53.1"},"reference-count":81,"publisher":"International Association for Cryptologic Research","issue":"1","license":[{"start":{"date-parts":[[2025,1,14]],"date-time":"2025-01-14T00:00:00Z","timestamp":1736812800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,3,11]]},"abstract":"<jats:p>With the threat posed by quantum computers on the horizon, systems like Ethereum must transition to cryptographic primitives resistant to quantum attacks. One of the most critical of these primitives is the non-interactive multi-signature scheme used in Ethereum's proof-of-stake consensus, currently implemented with BLS signatures. This primitive enables validators to independently sign blocks, with their signatures then publicly aggregated into a compact aggregate signature.<\/jats:p>\n          <jats:p>In this work, we introduce a family of hash-based signature schemes as post-quantum alternatives to BLS. We consider the folklore method of aggregating signatures via (hash-based) succinct arguments, and our work is focused on instantiating the underlying signature scheme. The proposed schemes are variants of the XMSS signature scheme, analyzed within a novel and unified framework. While being generic, this framework is designed to minimize security loss, facilitating efficient parameter selection. A key feature of our work is the avoidance of random oracles in the security proof. Instead, we define explicit standard model requirements for the underlying hash functions. This eliminates the paradox of simultaneously treating hash functions as random oracles and as explicit circuits for aggregation. Furthermore, this provides cryptanalysts with clearly defined targets for evaluating the security of hash functions. Finally, we provide recommendations for practical instantiations of hash functions and concrete parameter settings, supported by known and novel heuristic bounds on the standard model properties. <\/jats:p>","DOI":"10.62056\/aey7qjp10","type":"journal-article","created":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:23:17Z","timestamp":1744147397000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":8,"title":["Hash-Based Multi-Signatures for Post-Quantum Ethereum"],"prefix":"10.62056","volume":"2","author":[{"given":"Justin","family":"Drake","sequence":"first","affiliation":[{"name":"Ethereum Foundation","place":["Switzerland"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0347-3378","authenticated-orcid":false,"given":"Dmitry","family":"Khovratovich","sequence":"additional","affiliation":[{"name":"Ethereum Foundation","place":["Switzerland"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8555-4891","authenticated-orcid":false,"given":"Mikhail","family":"Kudinov","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02c2kyt77","id-type":"ROR","asserted-by":"publisher"}],"name":"Eindhoven University of Technology","place":["Netherlands"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4620-7264","authenticated-orcid":false,"given":"Benedikt","family":"Wagner","sequence":"additional","affiliation":[{"name":"Ethereum Foundation","place":["Switzerland"]}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"48349","published-online":{"date-parts":[[2025,4,8]]},"reference":[{"key":"ref1:EPRINT:DLLSSS17","volume-title":"CRYSTALS \u2013 Dilithium: Digital Signatures from Module\n  Lattices","author":"L\u00e9o Ducas","year":"2017"},{"key":"ref2:NISTPQC-R3:CRYSTALS-DILITHIUM20","volume-title":"CRYSTALS-DILITHIUM","author":"Vadim Lyubashevsky","year":"2020"},{"key":"ref3:NISTPQC-R3:FALCON20","volume-title":"FALCON","author":"Thomas Prest","year":"2020"},{"key":"ref4:C:Stern93","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/3-540-48329-2_2","article-title":"A New Identification Scheme Based on Syndrome Decoding","volume":"773","author":"Jacques Stern","year":"1994"},{"key":"ref5:AC:CouFinSen01","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/3-540-45682-1_10","article-title":"How to Achieve a McEliece-Based Digital Signature Scheme","volume":"2248","author":"Nicolas Courtois","year":"2001"},{"key":"ref6:AC:DKLPW20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-030-64837-4_3","article-title":"SQISign: Compact Post-quantum Signatures from Quaternions\n  and Isogenies","volume":"12491","author":"Luca De Feo","year":"2020"},{"key":"ref7:EC:DLRW24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-58716-0_1","article-title":"SQIsignHD: New Dimensions in Cryptography","volume":"14651","author":"Pierrick Dartois","year":"2024"},{"key":"ref8:EC:SEMR24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-031-58716-0_3","article-title":"Apr\u00e8sSQI: Extra Fast Verification for SQIsign Using\n  Extension-Field Signing","volume":"14651","author":"Maria Corte-Real Santos","year":"2024"},{"key":"ref9:SAC:Beullens21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-030-99277-4_17","article-title":"MAYO: Practical Post-quantum Signatures from\n  Oil-and-Vinegar Maps","volume":"13203","author":"Ward Beullens","year":"2022"},{"key":"ref10:PQCRYPTO:BucDahHul11","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-642-25405-5_8","article-title":"XMSS - A Practical Forward Secure Signature Scheme Based\n  on Minimal Security Assumptions","author":"Johannes A. Buchmann","year":"2011"},{"key":"ref11:EC:BHHLNP15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-662-46800-5_15","article-title":"SPHINCS: Practical Stateless Hash-Based Signatures","volume":"9056","author":"Daniel J. Bernstein","year":"2015"},{"key":"ref12:CCS:BHKNRS19","doi-asserted-by":"publisher","first-page":"2129","DOI":"10.1145\/3319535.3363229","article-title":"The SPHINCS$^+$ Signature Framework","author":"Daniel J. Bernstein","year":"2019"},{"key":"ref13:TCC:ChiManSpo19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-030-36033-7_1","article-title":"Succinct Arguments in the Quantum Random Oracle Model","volume":"11892","author":"Alessandro Chiesa","year":"2019"},{"key":"ref14:EPRINT:HabLevPap24","volume-title":"Circle STARKs","author":"Ulrich Hab\u00f6ck","year":"2024"},{"key":"ref15:C:ZeiCheFis24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-031-68403-6_5","article-title":"BaseFold: Efficient Field-Agnostic Polynomial Commitment\n  Schemes from Foldable Codes","volume":"14929","author":"Hadas Zeilberger","year":"2024"},{"key":"ref16:C:ACFY24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1007\/978-3-031-68403-6_12","article-title":"STIR: Reed-Solomon Proximity Testing with Fewer Queries","volume":"14929","author":"Gal Arnon","year":"2024"},{"key":"ref17:merkle1979secrecy","volume-title":"Secrecy, authentication, and public key systems.","author":"Ralph Charles Merkle","year":"1979"},{"key":"ref18:PKC:GenRam06","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/11745853_17","article-title":"Identity-Based Aggregate Signatures","volume":"3958","author":"Craig Gentry","year":"2006"},{"key":"ref19:CCS:FleSimZha22","doi-asserted-by":"publisher","first-page":"1109","DOI":"10.1145\/3548606.3560655","article-title":"Squirrel: Efficient Synchronized Multi-Signatures from\n  Lattices","author":"Nils Fleischhacker","year":"2022"},{"key":"ref20:CCS:FHSZ23","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1145\/3576915.3623219","article-title":"Chipmunk: Better Synchronized Multi-Signatures from\n  Lattices","author":"Nils Fleischhacker","year":"2023"},{"key":"ref21:boneh2020graduate","volume-title":"A graduate course in applied cryptography","author":"Dan Boneh","year":"2020","journal-title":"Draft 0.5"},{"key":"ref22:zcypap","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1007\/978-3-031-38554-4_15","article-title":"Revisiting the Constant-Sum Winternitz One-Time Signature\n  with Applications to SPHINCS+ and XMSS","volume":"14085","author":"Kaiyi Zhang","year":"2023"},{"key":"ref23:AC:HulKud22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-22972-5_1","article-title":"Recovering the Tight Security Proof of\n  SPHINCS$^\\textrm{+}$","volume":"13794","author":"Andreas H\u00fclsing","year":"2022"},{"key":"ref24:SP:HKRY23","doi-asserted-by":"publisher","first-page":"1435","DOI":"10.1109\/SP46215.2023.10179381","article-title":"SPHINCS+C: Compressing SPHINCS+ With (Almost) No\n  Cost","author":"Andreas H\u00fclsing","year":"2023"},{"key":"ref25:C:ACLMT22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-031-15979-4_4","article-title":"Lattice-Based SNARKs: Publicly Verifiable, Preprocessing,\n  and Recursively Composable - (Extended Abstract)","volume":"13508","author":"Martin R. Albrecht","year":"2022"},{"key":"ref26:STOC:GenPeiVai08","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1145\/1374376.1374407","article-title":"Trapdoors for hard lattices and new cryptographic\n  constructions","author":"Craig Gentry","year":"2008"},{"key":"ref27:STOC:GenWic11","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1145\/1993636.1993651","article-title":"Separating succinct non-interactive arguments from all\n  falsifiable assumptions","author":"Craig Gentry","year":"2011"},{"key":"ref28:watwu","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-031-15979-4_15","article-title":"Batch Arguments for NP and More from Standard Bilinear\n  Group Assumptions","volume":"13508","author":"Brent Waters","year":"2022"},{"key":"ref29:FOCS:DGKV22","doi-asserted-by":"publisher","first-page":"1057","DOI":"10.1109\/FOCS54457.2022.00103","article-title":"Rate-1 Non-Interactive Arguments for Batch-NP and\n  Applications","author":"Lalita Devadas","year":"2022"},{"key":"ref30:C:BBKLP23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/978-3-031-38545-2_9","article-title":"SNARGs for Monotone Policy Batch NP","volume":"14082","author":"Zvika Brakerski","year":"2023"},{"key":"ref31:EC:BCJP24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-3-031-58737-5_7","article-title":"Monotone-Policy Aggregate Signatures","volume":"14654","author":"Maya Farber Brodsky","year":"2024"},{"key":"ref32:ASIACCS:KCLM22","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1145\/3488932.3524128","article-title":"Aggregating and Thresholdizing Hash-based Signatures using\n  STARKs","author":"Irakliy Khaburzaniya","year":"2022"},{"key":"ref33:nistspx","volume-title":"SPHINCS+","author":"Andreas H\u00fclsing","year":"2022"},{"key":"ref34:rfc8391","series-title":"Request for Comments","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8391","volume-title":"XMSS: eXtended Merkle Signature Scheme","author":"Andreas Huelsing","year":"2018"},{"key":"ref35:TCHES:BHRV21","doi-asserted-by":"publisher","first-page":"137","DOI":"10.46586\/tches.v2021.i1.137-168","article-title":"Rapidly Verifiable XMSS Signatures","volume":"2021","author":"Joppe W. Bos","year":"2021","journal-title":"IACR TCHES","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref36:AFRICACRYPT:Hulsing13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-642-38553-7_10","article-title":"W-OTS+ - Shorter Signatures for Hash-Based Signature\n  Schemes","volume":"7918","author":"Andreas H\u00fclsing","year":"2013"},{"key":"ref37:Kudinov2021","doi-asserted-by":"publisher","first-page":"129","DOI":"10.4213\/mvk362","article-title":"Security analysis of the W-OTS$^+$ signature scheme:\n  Updating security bounds","volume":"12","author":"Mikhail Aleksandrovich Kudinov","year":"2021","journal-title":"Matematicheskie Voprosy Kriptografii [Mathematical Aspects\n  of Cryptography]","ISSN":"https:\/\/id.crossref.org\/issn\/2222-3193","issn-type":"electronic"},{"key":"ref38:AFRICACRYPT:BDEHR11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1007\/978-3-642-21969-6_23","article-title":"On the Security of the Winternitz One-Time Signature\n  Scheme","volume":"6737","author":"Johannes Buchmann","year":"2011"},{"key":"ref39:cryptoeprint:2024\/1553","volume-title":"STARK-based Signatures from the RPO Permutation","author":"Shahla Atapoor","year":"2024"},{"key":"ref40:C:FiaSha86","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","article-title":"How to Prove Yourself: Practical Solutions to\n  Identification and Signature Problems","volume":"263","author":"Amos Fiat","year":"1987"},{"key":"ref41:NISTPQC-ADD-R1:FAEST23","volume-title":"FAEST","author":"Carsten Baum","year":"2023"},{"key":"ref42:NISTPQC-ADD-R1:Biscuit23","volume-title":"Biscuit","author":"Luk Bettale","year":"2023"},{"key":"ref43:boneh2020one","volume-title":"One-time and interactive aggregate signatures from\n  lattices","volume":"4","author":"Dan Boneh","year":"2020","journal-title":"preprint"},{"key":"ref44:TCC:LyuMic08","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-540-78524-8_3","article-title":"Asymptotically Efficient Lattice-Based Digital Signatures","volume":"4948","author":"Vadim Lyubashevsky","year":"2008"},{"key":"ref45:EPRINT:DHSS20","volume-title":"MMSAT: A Scheme for Multimessage Multiuser Signature\n  Aggregation","author":"Yark\u0131n Dor\u00f6z","year":"2020"},{"key":"ref46:C:BeuSei23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-031-38554-4_17","article-title":"LaBRADOR: Compact Proofs for R1CS from Module-SIS","volume":"14085","author":"Ward Beullens","year":"2023"},{"key":"ref47:EPRINT:TomShi23","volume-title":"Compact Aggregate Signature from Module-Lattices","author":"Toi Tomita","year":"2023"},{"key":"ref48:C:AABKT24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-031-68376-3_3","article-title":"Aggregating Falcon Signatures with LaBRADOR","volume":"14920","author":"Marius A. Aardal","year":"2024"},{"key":"ref49:TCC:LMQW22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-22318-1_1","article-title":"Post-quantum Insecurity from LWE","volume":"13747","author":"Alex Lombardi","year":"2022"},{"key":"ref50:cryptoeprint:2024\/257","volume-title":"LatticeFold: A Lattice-based Folding Scheme and its\n  Applications to Succinct Proof Systems","author":"Dan Boneh","year":"2024"},{"key":"ref51:cryptoeprint:2024\/1964","volume-title":"Lova: Lattice-Based Folding Scheme from Unstructured\n  Lattices","author":"Giacomo Fenzi","year":"2024"},{"key":"ref52:PKC:DOTT21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-030-75245-3_5","article-title":"Two-Round n-out-of-n and Multi-signatures and Trapdoor\n  Commitment from Lattices","volume":"12710","author":"Ivan Damg\u00e5rd","year":"2021"},{"key":"ref53:C:Chen23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"716","DOI":"10.1007\/978-3-031-38554-4_23","article-title":"DualMS: Efficient Lattice-Based Two-Round Multi-signature\n  with Trapdoor-Free Simulation","volume":"14085","author":"Yanbo Chen","year":"2023"},{"key":"ref54:cryptoeprint:2024\/1574","volume-title":"Scalable Two-Round $n$-out-of-$n$ and Multi-Signatures from\n  Lattices in the Quantum Random Oracle Model","author":"Qiqi Lai","year":"2024"},{"key":"ref55:ACNS:AlkDotPu24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1007\/978-3-031-54770-6_15","article-title":"Practical Lattice-Based Distributed Signatures for a Small\n  Number of Signers","volume":"14583","author":"Nabil Alkeilani Alkadri","year":"2024"},{"key":"ref56:cryptoeprint:2024\/1691","volume-title":"A Framework for Group Action-Based Multi-Signatures and\n  Applications to LESS, MEDS, and ALTEQ","author":"Giuseppe D'Alconzo","year":"2024"},{"key":"ref57:C:BosTakTib22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-031-15979-4_10","article-title":"MuSig-L: Lattice-Based Multi-signature with Single-Round\n  Online Phase","volume":"13508","author":"Cecilia Boschini","year":"2022"},{"key":"ref58:AC:GHHM21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1007\/978-3-030-92062-3_22","article-title":"Tight Adaptive Reprogramming in the QROM","volume":"13090","author":"Alex B. Grilo","year":"2021"},{"key":"ref59:AC:BDFLSZ11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","article-title":"Random Oracles in a Quantum World","volume":"7073","author":"Dan Boneh","year":"2011"},{"key":"ref60:AC:BerHul19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-34618-8_2","article-title":"Decisional Second-Preimage Resistance: When Does SPR Imply\n  PRE?","volume":"11923","author":"Daniel J. Bernstein","year":"2019"},{"key":"ref61:PKC:HulRijSon16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-662-49384-7_15","article-title":"Mitigating Multi-target Attacks in Hash-Based Signatures","volume":"9614","author":"Andreas H\u00fclsing","year":"2016"},{"key":"ref62:IMA:DodSmaSta05","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1007\/11586821_8","article-title":"Hash Based Digital Signature Schemes","volume":"3796","author":"C. Dods","year":"2005"},{"key":"ref63:CCS:AhnGreHoh10","doi-asserted-by":"publisher","first-page":"473","DOI":"10.1145\/1866307.1866360","article-title":"Synchronized aggregate signatures: new definitions,\n  constructions and applications","author":"Jae Hyun Ahn","year":"2010"},{"key":"ref64:EC:HohWat18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-319-78375-8_7","article-title":"Synchronized Aggregate Signatures from the RSA\n  Assumption","volume":"10821","author":"Susan Hohenberger","year":"2018"},{"key":"ref65:USENIX:DGNW20","first-page":"2093","article-title":"Pixel: Multi-signatures for Consensus","author":"Manu Drijvers","year":"2020"},{"key":"ref66:DBLP:conf\/asiacrypt\/KhovratovichBM23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1007\/978-981-99-8742-9_10","article-title":"Generic Security of the SAFE API and Its Applications","volume":"14445","author":"Dmitry Khovratovich","year":"2023"},{"key":"ref67:shake:FIPS15","article-title":"SHA-3 Standard: Permutation-Based Hash and\n  Extendable-Output Functions","author":"National Institute of Standards","year":"2015","journal-title":"Federal Information Processing Standards Publication\n  (FIPS)"},{"key":"ref68:AFRICACRYPT:GraKhoSch23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-031-37679-5_8","article-title":"Poseidon2: A Faster Version of the Poseidon Hash\n  Function","volume":"14064","author":"Lorenzo Grassi","year":"2023"},{"key":"ref69:cryptoeprint:2021\/062","volume-title":"Compressed Permutation Oracles (And the Collision-Resistance\n  of Sponge\/SHA3)","author":"Dominique Unruh","year":"2021"},{"key":"ref70:USENIX:GKRRS21","first-page":"519","article-title":"Poseidon: A New Hash Function for Zero-Knowledge Proof\n  Systems","author":"Lorenzo Grassi","year":"2021"},{"key":"ref71:nistcall","article-title":"Submission Requirements and Evaluation Criteria for the\n  Post-Quantum Cryptography Standardization Process","author":"National Institute of Standards","year":"2016","journal-title":"National Institute of Standards and Technology Reports"},{"key":"ref72:STOC:Grover96","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1145\/237814.237866","article-title":"A Fast Quantum Mechanical Algorithm for Database Search","author":"Lov K. Grover","year":"1996"},{"key":"ref73:zalka1999grover","doi-asserted-by":"publisher","first-page":"2746","DOI":"10.1103\/PhysRevA.60.2746","article-title":"Grover's quantum searching algorithm is optimal","volume":"60","author":"Christof Zalka","year":"1999","journal-title":"Phys. Rev. A"},{"key":"ref74:EPRINT:Fluhrer17b","volume-title":"Reassessing Grover's Algorithm","author":"Scott Fluhrer","year":"2017"},{"key":"ref75:DBLP:conf\/IEEEares\/HulsingRB13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-642-40588-4_14","article-title":"Optimal Parameters for XMSS MT","volume":"8128","author":"Andreas H\u00fclsing","year":"2013"},{"key":"ref76:ICALP:BBHR18","series-title":"LIPIcs","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ICALP.2018.14","article-title":"Fast Reed-Solomon Interactive Oracle Proofs of Proximity","volume":"107","author":"Eli Ben-Sasson","year":"2018"},{"key":"ref77:cryptoeprint:2024\/1586","volume-title":"WHIR: Reed\u2013Solomon Proximity Testing with Super-Fast\n  Verification","author":"Gal Arnon","year":"2024"},{"key":"ref78:AC:Unruh17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-319-70694-8_3","article-title":"Post-quantum Security of Fiat-Shamir","volume":"10624","author":"Dominique Unruh","year":"2017"},{"key":"ref79:TCC:ChiFen24","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-031-78011-0_3","article-title":"zkSNARKs in the ROM with Unconditional UC-Security","author":"Alessandro Chiesa","year":"2024"},{"key":"ref80:FOCS:Zhandry12","doi-asserted-by":"publisher","first-page":"679","DOI":"10.1109\/FOCS.2012.37","article-title":"How to Construct Quantum Random Functions","author":"Mark Zhandry","year":"2012"},{"key":"ref81:Kaye2006","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198570004.001.0001","volume-title":"An Introduction to Quantum Computing","author":"Phillip Kaye","year":"2006"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:24:05Z","timestamp":1744147445000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/1\/13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,8]]},"references-count":81,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,4,8]]}},"URL":"https:\/\/doi.org\/10.62056\/aey7qjp10","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,8]]},"assertion":[{"value":"2025-01-14","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-11","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-1-17"}}