{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T03:58:42Z","timestamp":1771473522525,"version":"3.50.1"},"reference-count":81,"publisher":"International Association for Cryptologic Research","issue":"3","license":[{"start":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T00:00:00Z","timestamp":1744070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,9,2]]},"abstract":"<jats:p>In this paper, we show for the first time it is practical to privately delegate proof generation of zkSNARKs to a single server for computations of up to 2^20 R1CS constraints. We achieve this by computing zkSNARK proof generation over homomorphic ciphertexts, an approach we call blind zkSNARKs. We formalize the concept of blind proofs, analyze their cryptographic properties and show that the resulting blind zkSNARKs remain sound when compiled using BCS compilation. Our work follows the framework proposed by Garg et al. (Crypto'24) and improves the instantiation presented by Aranha et al. (Asiacrypt'24), which implements only the FRI subprotocol. By delegating proof generation, we are able to reduce client computation time from 10 minutes to mere seconds, while server computation time remains limited to 20 minutes.  We also propose a practical construction for vCOED supporting constraint sizes four orders of magnitude larger than the current state-of-the-art verifiable FHE-based approaches. These results are achieved by optimizing Fractal for the GBFV homomorphic encryption scheme, including a novel method for making homomorphic NTT evaluation packing-friendly by computing it in two dimensions. Furthermore, we make the proofs publicly verifiable by appending a zero-knowledge Proof of Decryption (PoD). We propose a new construction for PoDs optimized for low proof generation time, exploiting modulus and ring switching in GBFV and using the Schwartz-Zippel lemma for proof batching; these techniques might be of independent interest. Finally, we implement the latter protocol in C and report on execution time and proof sizes. <\/jats:p>","DOI":"10.62056\/akgyl8n4e","type":"journal-article","created":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T18:49:52Z","timestamp":1759776592000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":3,"title":["Blind zkSNARKs"],"prefix":"10.62056","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2759-043X","authenticated-orcid":false,"given":"Mariana","family":"Gama","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05f950310","id-type":"ROR","asserted-by":"publisher"}],"name":"COSIC, KU Leuven","place":["Kasteelpark Arenberg 10, box 2452, Leuven, Vlaams-Brabant, 3001, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3352-6968","authenticated-orcid":false,"given":"Emad","family":"Beni","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05f950310","id-type":"ROR","asserted-by":"publisher"}],"name":"COSIC, KU Leuven","place":["Kasteelpark Arenberg 10, box 2452, Leuven, Vlaams-Brabant, 3001, Belgium"]},{"id":[{"id":"https:\/\/ror.org\/04wffgt70","id-type":"ROR","asserted-by":"publisher"}],"name":"Nokia Bell Labs","place":["Antwerp, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1093-7978","authenticated-orcid":false,"given":"Jiayi","family":"Kang","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05f950310","id-type":"ROR","asserted-by":"publisher"}],"name":"COSIC, KU Leuven","place":["Kasteelpark Arenberg 10, box 2452, Leuven, Vlaams-Brabant, 3001, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4738-5758","authenticated-orcid":false,"given":"Jannik","family":"Spiessens","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05f950310","id-type":"ROR","asserted-by":"publisher"}],"name":"COSIC, KU Leuven","place":["Kasteelpark Arenberg 10, box 2452, Leuven, Vlaams-Brabant, 3001, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7208-9599","authenticated-orcid":false,"given":"Frederik","family":"Vercauteren","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05f950310","id-type":"ROR","asserted-by":"publisher"}],"name":"COSIC, KU Leuven","place":["Kasteelpark Arenberg 10, box 2452, Leuven, Vlaams-Brabant, 3001, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2025,10,6]]},"reference":[{"key":"ref1:SP:RWGM23","doi-asserted-by":"publisher","first-page":"790","DOI":"10.1109\/SP46215.2023.10179430","article-title":"zk-creds: Flexible Anonymous Credentials from zkSNARKs and\n  Existing Identity Infrastructure","author":"Michael Rosenberg","year":"2023"},{"key":"ref2:SP:BCGGMT14","doi-asserted-by":"publisher","first-page":"459","DOI":"10.1109\/SP.2014.36","article-title":"Zerocash: Decentralized Anonymous Payments from Bitcoin","author":"Eli Ben-Sasson","year":"2014"},{"key":"ref3:fUSENIX:OzdBon22","isbn-type":"print","first-page":"4291","article-title":"Experimenting with Collaborative zk-SNARKs:\n  Zero-Knowledge Proofs for Distributed Secrets","author":"Alex Ozdemir","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133311"},{"key":"ref4:fUSENIX:CLMZ23","isbn-type":"print","first-page":"6453","article-title":"Eos: Efficient Private Delegation of zkSNARK Provers","author":"Alessandro Chiesa","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133373"},{"key":"ref5:fUSENIX:GGJPS23","isbn-type":"print","first-page":"4427","article-title":"zkSaaS: Zero-Knowledge SNARKs as a Service","author":"Sanjam Garg","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133373"},{"key":"ref6:EPRINT:DokBul23","volume-title":"Zero Knowledge Virtual Machine step by step","author":"Tim Dokchitser","year":"2023"},{"key":"ref7:zkml","series-title":"EuroSys '24","isbn-type":"print","doi-asserted-by":"publisher","first-page":"560","DOI":"10.1145\/3627703.3650088","article-title":"ZKML: An Optimizing System for ML Inference in\n  Zero-Knowledge Proofs","author":"Bing-Jyue Chen","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400704376"},{"key":"ref8:C:GenGenPar10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-642-14623-7_25","article-title":"Non-interactive Verifiable Computing: Outsourcing\n  Computation to Untrusted Workers","volume":"6223","author":"Rosario Gennaro","year":"2010"},{"key":"ref9:CiC:ABPS24a","doi-asserted-by":"publisher","first-page":"24","DOI":"10.62056\/a6ksdkp10","article-title":"Verifiable FHE via Lattice-based SNARKs","volume":"1","author":"Shahla Atapoor","year":"2024","journal-title":"CiC"},{"key":"ref10:C:GarGoeWan24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1007\/978-3-031-68403-6_14","article-title":"How to Prove Statements Obliviously?","volume":"14929","author":"Sanjam Garg","year":"2024"},{"key":"ref11:AC:ACGS24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-981-96-0935-2_10","article-title":"HELIOPOLIS: Verifiable Computation over Homomorphically\n  Encrypted Data from Interactive Oracle Proofs is Practical","volume":"15488","author":"Diego F. Aranha","year":"2024"},{"key":"ref12:TCC:BenChiSpo16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-662-53644-5_2","article-title":"Interactive Oracle Proofs","volume":"9986","author":"Eli Ben-Sasson","year":"2016"},{"key":"ref13:EC:ChiOjhSpo20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"769","DOI":"10.1007\/978-3-030-45721-1_27","article-title":"Fractal: Post-quantum and Transparent Recursive Proofs from\n  Holography","volume":"12105","author":"Alessandro Chiesa","year":"2020"},{"key":"ref14:GV24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1007\/978-3-031-91131-6_13","article-title":"Fully Homomorphic Encryption for Cyclotomic Prime Moduli","volume":"15603","author":"Robin Geelen","year":"2025"},{"key":"ref15:blindsigs","isbn-type":"print","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-1-4757-0602-4_18","article-title":"Blind Signatures for Untraceable Payments","author":"David Chaum","year":"1983","ISBN":"https:\/\/id.crossref.org\/isbn\/9781475706024"},{"key":"ref16:ICALP:BBHR18","series-title":"LIPIcs","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ICALP.2018.14","article-title":"Fast Reed-Solomon Interactive Oracle Proofs of Proximity","volume":"107","author":"Eli Ben-Sasson","year":"2018"},{"key":"ref17:chu1999inside","doi-asserted-by":"publisher","DOI":"10.1201\/9780367802332","volume-title":"Inside the FFT black box: serial and parallel fast Fourier\n  transform algorithms","author":"Eleanor Chu","year":"1999"},{"key":"ref18:C:Brakerski12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"868","DOI":"10.1007\/978-3-642-32009-5_50","article-title":"Fully Homomorphic Encryption without Modulus Switching from\n  Classical GapSVP","volume":"7417","author":"Zvika Brakerski","year":"2012"},{"key":"ref19:EPRINT:FanVer12","volume-title":"Somewhat Practical Fully Homomorphic Encryption","author":"Junfeng Fan","year":"2012"},{"key":"ref20:ITCS:BraGenVai12","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1145\/2090236.2090262","article-title":"(Leveled) fully homomorphic encryption without\n  bootstrapping","author":"Zvika Brakerski","year":"2012"},{"key":"ref21:RSA:CLPX18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-319-76953-0_7","article-title":"High-Precision Arithmetic in Homomorphic Encryption","volume":"10808","author":"Hao Chen","year":"2018"},{"key":"ref22:SCN:BloTiw24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/978-3-031-71070-4_13","article-title":"On the Concrete Security of Non-interactive FRI","volume":"14973","author":"Alexander R. Block","year":"2024"},{"key":"ref23:EPRINT:Holmgren19","volume-title":"On Round-By-Round Soundness and State Restoration Attacks","author":"Justin Holmgren","year":"2019"},{"key":"ref24:AC:BGKTTZ23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-981-99-8724-5_1","article-title":"Fiat-Shamir Security of FRI and Related SNARKs","volume":"14439","author":"Alexander R. Block","year":"2023"},{"key":"ref25:C:NasRot22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1007\/978-3-031-15802-5_18","article-title":"Succinct Interactive Oracle Proofs: Applications and\n  Limitations","volume":"13507","author":"Shafik Nassar","year":"2022"},{"key":"ref26:C:LyuNguPla22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-031-15979-4_3","article-title":"Lattice-Based Zero-Knowledge Proofs and Applications:\n  Shorter, Simpler, and More General","volume":"13508","author":"Vadim Lyubashevsky","year":"2022"},{"key":"ref27:switch","doi-asserted-by":"publisher","first-page":"663","DOI":"10.3233\/JCS-130480","article-title":"Field switching in BGV-style homomorphic encryption","volume":"21","author":"Craig Gentry","year":"2013","journal-title":"J. Comput. Secur."},{"key":"ref28:DBLP:conf\/snc\/Sze11","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1145\/2331684.2331693","article-title":"Sch\u00f6nhage-Strassen algorithm with MapReduce for\n  multiplying terabit integers","author":"Tsz-Wo Sze","year":"2011"},{"key":"ref29:EC:LyuPeiReg13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-38348-9_3","article-title":"A Toolkit for Ring-LWE Cryptography","volume":"7881","author":"Vadim Lyubashevsky","year":"2013"},{"key":"ref30:fUSENIX:WZCPS18","isbn-type":"print","first-page":"675","article-title":"DIZK: A Distributed Zero Knowledge Proof System","author":"Howard Wu","year":"2018","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133045"},{"key":"ref31:AMK23","doi-asserted-by":"publisher","first-page":"163","DOI":"10.46586\/tches.v2025.i2.163-208","article-title":"REED: Chiplet-based Accelerator for Fully Homomorphic\n  Encryption","volume":"2025","author":"Aikata Aikata","year":"2025","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref32:BPV25","doi-asserted-by":"publisher","first-page":"293","DOI":"10.46586\/tches.v2025.i3.293-316","article-title":"FINAL bootstrap acceleration on FPGA using DSP-free\n  constant-multiplier NTTs","volume":"2025","author":"Jonas Bertels","year":"2025","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref33:JC:CGGI20","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00145-019-09319-x","article-title":"TFHE: Fast Fully Homomorphic Encryption Over the Torus","volume":"33","author":"Ilaria Chillotti","year":"2020","journal-title":"Journal of Cryptology"},{"key":"ref34:AC:CLOT21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"670","DOI":"10.1007\/978-3-030-92078-4_23","article-title":"Improved Programmable Bootstrapping with Larger Precision\n  and Efficient Arithmetic Circuits for TFHE","volume":"13092","author":"Ilaria Chillotti","year":"2021"},{"key":"ref35:C:CamSho03","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-540-45146-4_8","article-title":"Practical Verifiable Encryption and Decryption of Discrete\n  Logarithms","volume":"2729","author":"Jan Camenisch","year":"2003"},{"key":"ref36:ISC:LuoWan18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1007\/978-3-319-99136-8_19","article-title":"Verifiable Decryption for Fully Homomorphic Encryption","volume":"11060","author":"Fucai Luo","year":"2018"},{"key":"ref37:ACISP:GHMRS22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-031-22301-3_18","article-title":"Verifiable Decryption in the Head","volume":"13494","author":"Kristian Gj\u00f8steen","year":"2022"},{"key":"ref38:CCS:ABGS23","doi-asserted-by":"publisher","first-page":"1467","DOI":"10.1145\/3576915.3616683","article-title":"Verifiable Mix-Nets and Distributed Decryption for Voting\n  from Lattice-Based Assumptions","author":"Diego F. Aranha","year":"2023"},{"key":"ref39:CCS:CMSPTH23","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1145\/3576915.3623139","article-title":"PELTA - Shielding Multiparty-FHE against Malicious\n  Adversaries","author":"Sylvain Chatel","year":"2023"},{"key":"ref40:cryptoeprint:2024\/1879","volume-title":"Practical Zero-Knowledge PIOP for Public Key and\n  Ciphertext Generation in (Multi-Group) Homomorphic Encryption","author":"Intak Hwang","year":"2024"},{"key":"ref41:DBLP:conf\/eurosp\/BosDKLLSSSS18","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1109\/EuroSP.2018.00032","article-title":"CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based\n  KEM","author":"Joppe W. Bos","year":"2018"},{"key":"ref42:PKC:LyuNguSei21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-030-75245-3_9","article-title":"Shorter Lattice-Based Zero-Knowledge Proofs via One-Time\n  Commitments","volume":"12710","author":"Vadim Lyubashevsky","year":"2021"},{"key":"ref43:DBLP:conf\/wahc\/KnabenhansVMH24","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/3689945.3694806","article-title":"vFHE: Verifiable Fully Homomorphic Encryption","author":"Christian Knabenhans","year":"2024"},{"key":"ref44:JC:GanNitSor23","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/s00145-023-09481-3","article-title":"Rinocchio: SNARKs for Ring Arithmetic","volume":"36","author":"Chaya Ganesh","year":"2023","journal-title":"Journal of Cryptology"},{"key":"ref45:EPRINT:ThiWal24","volume-title":"Towards Verifiable FHE in Practice: Proving Correct\n  Execution of TFHE's Bootstrapping using plonky2","author":"Louis Tremblay Thibault","year":"2024"},{"key":"ref46:C:HalSho14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"554","DOI":"10.1007\/978-3-662-44371-2_31","article-title":"Algorithms in HElib","volume":"8616","author":"Shai Halevi","year":"2014"},{"key":"ref47:C:HalSho18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-319-96884-1_4","article-title":"Faster Homomorphic Linear Transformations in HElib","volume":"10991","author":"Shai Halevi","year":"2018"},{"key":"ref48:EC:BMTH21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"587","DOI":"10.1007\/978-3-030-77870-5_21","article-title":"Efficient Bootstrapping for Approximate Homomorphic\n  Encryption with Non-sparse Keys","volume":"12696","author":"Jean-Philippe Bossuat","year":"2021"},{"key":"ref49:DBLP:journals\/ipl\/PalviaM84","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1016\/0020-0190(84)90101-7","article-title":"Approximating Block Accesses in Database Organizations","volume":"19","author":"Prashant Palvia","year":"1984","journal-title":"Inf. Process. Lett."},{"key":"ref50:AC:CKKS17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","article-title":"Homomorphic Encryption for Arithmetic of Approximate\n  Numbers","volume":"10624","author":"Jung Hee Cheon","year":"2017"},{"key":"ref51:Albrecht","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1515\/jmc-2015-0016","article-title":"On the concrete hardness of Learning with Errors","volume":"9","author":"Martin R. Albrecht","year":"2015","journal-title":"Journal of Mathematical Cryptology"},{"key":"ref52:TCC:BenDam10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-11799-2_13","article-title":"Threshold Decryption and Zero-Knowledge Proofs for\n  Lattice-Based Cryptosystems","volume":"5978","author":"Rikke Bendlin","year":"2010"},{"key":"ref53:DBLP:conf\/wahc\/DahlDKMORSTW23","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1145\/3605759.3625259","article-title":"Noah's Ark: Efficient Threshold-FHE Using Noise Flooding","author":"Morten Dahl","year":"2023"},{"key":"ref54:AC:BouSch23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-981-99-8721-4_12","article-title":"Simple Threshold (Fully Homomorphic) Encryption from LWE\n  with Polynomial Modulus","volume":"14438","author":"Katharina Boudgoust","year":"2023"},{"key":"ref55:lazer","series-title":"CCS '24","isbn-type":"print","doi-asserted-by":"publisher","first-page":"3125","DOI":"10.1145\/3658644.3690330","article-title":"The LaZer Library: Lattice-Based Zero Knowledge and Succinct\n  Proofs for Quantum-Safe Privacy","author":"Vadim Lyubashevsky","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400706363"},{"key":"ref56:C:ESLL19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-030-26948-7_5","article-title":"Lattice-Based Zero-Knowledge Proofs: New Techniques for\n  Shorter and Faster Constructions and Applications","volume":"11692","author":"Muhammed F. Esgin","year":"2019"},{"key":"ref57:gentry2009fully","isbn-type":"print","volume-title":"A fully homomorphic encryption scheme","author":"Craig Gentry","year":"2009","ISBN":"https:\/\/id.crossref.org\/isbn\/9781109444506"},{"key":"ref58:EPRINT:BraVai11","volume-title":"Efficient Fully Homomorphic Encryption from (Standard)\n  LWE","author":"Zvika Brakerski","year":"2011"},{"key":"ref59:DBLP:books\/sp\/17\/Halevi17","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-319-57048-8_5","article-title":"Homomorphic Encryption","author":"Shai Halevi","year":"2017"},{"key":"ref60:CCP24","series-title":"CCS '24","isbn-type":"print","doi-asserted-by":"publisher","first-page":"2505","DOI":"10.1145\/3658644.3690341","article-title":"Attacks Against the IND-CPAD Security of Exact FHE Schemes","author":"Jung Hee Cheon","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400706363"},{"key":"ref61:PKC:BCFK21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"528","DOI":"10.1007\/978-3-030-75248-4_19","article-title":"Flexible and Efficient Verifiable Computation on Encrypted\n  Data","volume":"12711","author":"Alexandre Bois","year":"2021"},{"key":"ref62:CCS:IshSuWu21","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1145\/3460120.3484572","article-title":"Shorter and Faster Post-Quantum Designated-Verifier\n  zkSNARKs from Lattices","author":"Yuval Ishai","year":"2021"},{"key":"ref63:TCC:BCIOP13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-36594-2_18","article-title":"Succinct Non-interactive Arguments via Linear Interactive\n  Proofs","volume":"7785","author":"Nir Bitansky","year":"2013"},{"key":"ref64:TCC:ChiManSpo19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-030-36033-7_1","article-title":"Succinct Arguments in the Quantum Random Oracle Model","volume":"11892","author":"Alessandro Chiesa","year":"2019"},{"key":"ref65:STOC:CCHLRR19","doi-asserted-by":"publisher","first-page":"1082","DOI":"10.1145\/3313276.3316380","article-title":"Fiat-Shamir: from practice to theory","author":"Ran Canetti","year":"2019"},{"key":"ref66:cryptoeprint:2024\/724","volume-title":"zkSNARKs in the ROM with Unconditional UC-Security","author":"Alessandro Chiesa","year":"2024"},{"key":"ref67:EC:Lyubashevsky12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","article-title":"Lattice Signatures without Trapdoors","volume":"7237","author":"Vadim Lyubashevsky","year":"2012"},{"key":"ref68:C:BBCPGL18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1007\/978-3-319-96881-0_23","article-title":"Sub-linear Lattice-Based Zero-Knowledge Arguments for\n  Arithmetic Circuits","volume":"10992","author":"Carsten Baum","year":"2018"},{"key":"ref69:fhe-snark","volume-title":"FHE-SNARK vs. SNARK-FHE: From Analysis to Practical\n  Verifiable Computation","author":"Xinxuan Zhang","year":"2025"},{"key":"ref70:EC:BCRSVW19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-030-17653-2_4","article-title":"Aurora: Transparent Succinct Arguments for R1CS","volume":"11476","author":"Eli Ben-Sasson","year":"2019"},{"key":"ref71:EC:LyuPeiReg10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","article-title":"On Ideal Lattices and Learning with Errors over Rings","volume":"6110","author":"Vadim Lyubashevsky","year":"2010"},{"key":"ref72:C:GenHalSma12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1007\/978-3-642-32009-5_49","article-title":"Homomorphic Evaluation of the AES Circuit","volume":"7417","author":"Craig Gentry","year":"2012"},{"key":"ref73:C:DPSZ12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1007\/978-3-642-32009-5_38","article-title":"Multiparty Computation from Somewhat Homomorphic\n  Encryption","volume":"7417","author":"Ivan Damg\u00e5rd","year":"2012"},{"key":"ref74:RSA:CosSma16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/978-3-319-29485-8_19","article-title":"Which Ring Based Somewhat Homomorphic Encryption Scheme is\n  Best?","volume":"9610","author":"Ana Costache","year":"2016"},{"key":"ref75:C:HwaSeoSon24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"414","DOI":"10.1007\/978-3-031-68403-6_13","article-title":"Concretely Efficient Lattice-Based Polynomial Commitment\n  from Standard Assumptions","volume":"14929","author":"Intak Hwang","year":"2024"},{"key":"ref76:DCC:LanSte15","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","article-title":"Worst-case to average-case reductions for module lattices","volume":"75","author":"Adeline Langlois","year":"2015","journal-title":"DCC"},{"key":"ref77:SCN:BDLOP18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-319-98113-0_20","article-title":"More Efficient Commitments from Structured Lattice\n  Assumptions","volume":"11035","author":"Carsten Baum","year":"2018"},{"key":"ref78:STOC:Ajtai96","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1145\/237814.237838","article-title":"Generating Hard Instances of Lattice Problems (Extended\n  Abstract)","author":"Mikl\u00f3s Ajtai","year":"1996"},{"key":"ref79:C:BLNS23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/978-3-031-38545-2_13","article-title":"A Framework for Practical Anonymous Credentials from\n  Lattices","volume":"14082","author":"Jonathan Bootle","year":"2023"},{"key":"ref80:EC:GenHalLyu22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1007\/978-3-031-06944-4_16","article-title":"Practical Non-interactive Publicly Verifiable Secret Sharing\n  with Thousands of Parties","volume":"13275","author":"Craig Gentry","year":"2022"},{"key":"ref81:DBLP:phd\/basesearch\/Nguyen22","doi-asserted-by":"publisher","DOI":"10.3929\/ETHZ-B-000574844","volume-title":"Lattice-Based Zero-Knowledge Proofs Under a Few Dozen\n  Kilobytes","author":"Ngoc Khanh Nguyen","year":"2022"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T20:22:42Z","timestamp":1759782162000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/3\/10"}},"subtitle":["for Private Proof Delegation and Verifiable Computation over Encrypted Data"],"short-title":[],"issued":{"date-parts":[[2025,10,6]]},"references-count":81,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,10,6]]}},"URL":"https:\/\/doi.org\/10.62056\/akgyl8n4e","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,6]]},"assertion":[{"value":"2025-04-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-2-73"}}