,
,
, The same string x is used in all steps while enabling dichotomic searches; (ii) At each step, the prover indeed uses some coordinate of x (without revealing which one), the choice of which is dictated by a path in the tree determined by var(?). public, both parties can deterministically compute the root u tree of the Merkle tree. For each ? ? [L], we consider the binary representation d ?,1 ,. .. , d ?,?? of var(?), which is part of the encoding of BP deened in (9.11), The Merkle tree will actually serve as a "bridge" ensuring that: (i)
, Now, our task can be divided into 3 steps: (i) Proving that the searches on Merkle tree yield y 1
, The Peikert-VaikuntanathanWaters [PVW08] construction, based on dual-mode encryption, achieves 1-out-of-2 composable oblivious transfer (which can be generalized to 1-out-of-2 t OT), without relying on zero-knowledge proofs, but it does not imply OT with adaptive queries (i.e., where each index ? i may depend on messages received in previous transfers). Actually, the use of ZK proofs is not ruled out in this setting
, However, this protocol uses the trapdoor extractability of
, Groth-Sahai proofs [GS08] to achieve straight-line extraction
, As explained in the introduction, it is the digital equivalent of real-life money. A body of research followed its introduction [CFN88, OO91, CP92, FY93, Oka95, Tsi97], and the rst compact realization was given by Camenisch, Hohenberger and Lysyanskaya, Question 3. Can we obtain a more eecient compact e-cash system from lattice assumptions? Another privacy-preserving primitive is compact e-cash [Cha82, Cha83, CHL05b
, A recent line of work makes steps forward in this direction
, The Stern-like proof systems we studied in this thesis, despite being exible enough to prove a large variety of statements, suuer from the stiiness of being combinatorial. The choice of permutations used to ensure the zero-knowledge property (and thus witnessindistinguishability) is quite strict, and forces the challenge space to be ternary
, Computational Complexity: A Modern Approach, p.13, 2009.
, EEcient lattice (H)IBE in the standard model, Citations: § xviii, vol.6110, p.154, 2010.
, Universally composable adaptive oblivious transfer (with access control) from standard assumptions, ACM Workshop on Digital Identity Management, vol.7, p.187, 2013.
, A practical and provably secure coalition-resistant group signature scheme, Crypto, volume 1880 of LNCS, p.43, 2000.
, Solving the Shortest Vector Problem in 2 n Time Using Discrete Gaussian Sampling, STOC, p.22, 2015.
, Solving the Closest Vector Problem in 2 n Time-The Discrete Gaussian Strikes Again! In FOCS, p.22, 2015.
, Structurepreserving signatures and commitments to group elements, Crypto, vol.6223, p.96, 2010.
, On the EEcacy of Solving LWE by Reduction to Unique-SVP, ICISC 2013, p.22, 2014.
, RELIC is an EEcient LIbrary for Cryptography
, Priced oblivious transfer: How to sell digital goods, Eurocrypt, vol.146, p.147, 2001.
, Multiparty computation with low communication, computation and interaction via threshold FHE, Eurocrypt, vol.7237, p.158, 2012.
, Generating Hard Instances of Lattice Problems, ACM, editor, STOC, p.23, 1996.
, Adapting Lyubashevsky's Signature Schemes to the Ring Signature Setting, Africacrypt, vol.7918, p.118, 2013.
, Generating shorter bases for hard random lattices, STACS, vol.3, p.184, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00359718
, New bounds in some transference theorems in the geometry of number, vol.296, p.23, 1993.
, Bounded-width polynomial-size branching programs recognize exactly those languages in nc1, STOC'86, p.146, 1986.
, EEcient selective-ID secure identity-based encryption without random oracles, Eurocrypt, vol.3027, p.53, 2004.
, Key-Privacy in Public-Key Encryption, PKC, p.131, 2001.
, Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacriicing Security, IEEE Trans. on Information Theory, vol.53, issue.11, p.66, 2007.
, Short group signatures, Crypto, vol.3152, p.74, 2004.
, Randomizable Proofs and Delegatable Anonymous Credentials, Crypto, vol.5677, pp.108-125, 2009.
, Foundations of Fully Dynamic Group Signatures, ACNS, p.44, 2016.
, Better zeroknowledge proofs for lattice encryption and their application to group signatures, Asiacrypt, number 8873 in LNCS, p.118, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01084737
, P-signatures and Noninteractive Anonymous Credentials, TCC, number 4948 in LNCS, pp.356-374
, Citations: § xviii, 4, and 54, 2008.
, Compact E-Cash and Simulatable VRFs Revisited, Pairing, vol.5671, pp.114-131, 2009.
, Get Shorty via Group Signatures without Encryption, SCN, p.75, 2010.
, Updating Key Size Estimations for Pairings, Citations: § xix, 4, and 21, pp.1-39, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01534101
, FHE Circuit Privacy Almost for Free, Crypto, number 9815 in LNCS, vol.158, p.190, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01360110
, Identity-based encryption from the weil pairing, vol.21, p.192, 2001.
, On Deening Proofs of Knowledge, Crypto, vol.740, p.28, 1992.
, Correlation-resistant storage via keyword-searchable encryption, Cryptology ePrint Archive, 2005.
, Connned guessing: New signatures from standard assumptions, Citations: § xviii, vol.28, p.153, 2015.
, EEcient zero-knowledge proofs for commitments from learning with errors over rings, ESORICS, vol.9326, pp.305-325, 2015.
, Improved security proofs in lattice-based cryptography: Using the Rényi divergence rather than the statistical distance, Citations: § 18, vol.9452, p.91, 2015.
, On the classical hardness of learning with errors, STOC, p.25, 2013.
, Short signatures from the Weil pairing, In Asiacrypt, p.192, 2001.
, Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions. In Eurocrypt, p.192, 2018.
, Coin Flipping by Telephone, Crypto, p.29, 1981.
, Foundations of group signatures: Formal deenitions, simpliied requirements, and a construction based on general assumptions, Eurocrypt, vol.3376, p.44, 2003.
, Pairing-friendly elliptic curves of prime order, Selected Areas in Cryptography, pp.319-331
, Citations: § xviii, 4, 21, 71, 72, p.75, 2006.
, Lattice mixing and vanishing trapdoors: A framework for fully secure short signatures and more, Citations: § xviii, xix, vol.6056, p.154, 2010.
, Design validations for discrete logarithm based signature schemes, PKC, vol.1751, pp.276-292
, Citations: § 103, vol.106, p.185, 2000.
, Random Oracles Are Practical: A Paradigm for Designing EEcient Protocols, CCS. ACM, 1993. Citations: § 16, p.51
, Advances in elliptic curve cryptography, vol.317, p.53, 2005.
, Foundations of group signatures: The case of dynamic groups, CT-RSA, volume 2656 of LNCS, vol.44, p.99, 2005.
, EEcient fully homomorphic encryption from (standard) LWE, Citations: § xviii, p.4, 2011.
, Universally composable security: A new paradigm for cryptographic protocols, Citations: § 11, vol.19, p.148, 2001.
, Oblivious transfer with hidden access control from attribute-based encryption, SCN, vol.7485, p.187, 2012.
, EEcient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions, PKC, p.67, 2000.
, Oblivious transfer with access control, Citations: § xxii, p.187, 2009.
, Oblivious transfer with hidden access control policies, Citations: § xxii, vol.6571, p.187, 2011.
, Universally composable commitments, Crypto, p.20, 2001.
, Untraceable electronic cash, Crypto, vol.403, p.190, 1988.
, The random oracle methodology, revisited, STOC, vol.45, p.16, 1998.
, Controlling access to an oblivious database using stateful anonymous credentials, PKC, number 5443 in LNCS, p.147, 2009.
, Private information retrieval, FOCS, p.146, 1995.
, Blind signatures for untraceable payments, Citations: § xvi, vol.2, p.190, 1982.
, Blind signature system, In Crypto, p.190, 1983.
, Security without Identiication: Transactions System to Make Big Brother Obsolete, Citations: § xvi, vol.28, p.51, 1985.
, Security analysis of the strong diie-hellman problem, Eurocrypt, vol.4004, p.22, 2006.
, Chosen-Ciphertext Security from Identity-Based Encryption, Eurocrypt, vol.77, p.192, 2004.
, Bonsai trees, or how to delegate a lattice basis, Citations: § xix, vol.6110, p.80, 2010.
, Balancing Accountability and Privacy Using E-Cash, SCN, number 4116 in LNCS, p.53, 2005.
, Compact e-cash, Eurocrypt, number 3494 in LNCS, vol.27, p.190, 2005.
, Cryptanalysis of the Multilinear Map over the Integers, Eurocrypt, 2015. Citations: § xvii and
URL : https://hal.archives-ouvertes.fr/hal-01240445
, On the limitations of universally composable two-party computation without set-up assumptions, Journal of Cryptology, vol.19, issue.2, p.11, 2006.
, Formal treatment of privacy-enhancing credential systems, SAC, vol.87, p.90, 2015.
, An eecient system for non-transferable anonymous credentials with optional anonymity revocation, Eurocrypt, number 2045 in LNCS, vol.2, p.51, 2001.
, A signature scheme with eecient protocols, Security and Cryptography for Networks (SCN'02), vol.53, p.79, 2002.
, A signature scheme with eecient protocols, SCN, number 2576 in LNCS, vol.78, p.118, 2002.
, A Signature Scheme with EEcient Protocols, SCN, p.51, 2004.
, Signature Schemes and Anonymous Credentials from Bilinear Maps, Crypto, number 3152 in LNCS, vol.51, p.52, 2004.
, Group Encryption: Non-Interactive Realization in the Standard Model, Asiacrypt, number 5912 in LNCS, vol.119, p.121, 2009.
, Fully anonymous attribute tokens from lattices, SCN, vol.7485, p.78, 2012.
, Simulatable adaptive oblivious transfer, Citations: § 145, vol.4515, p.186, 2007.
, The complexity of theorem-proving procedures, Proceedings of the Third Annual ACM Symposium on Theory of Computing, STOC '71, pp.151-158
, Transferred Cash Grows in Size, Eurocrypt, vol.658, pp.390-407
, Modular Design of Secure, yet Practical Cryptographic Protocols, p.29, 1996.
, A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack, Crypto, p.66, 1998.
, Group signatures, Eurocrypt, vol.547, p.117, 1991.
, A Design Principle for Hash Functions, Crypto, p.30, 1989.
, EEcient concurrent zero-knowledge in the auxiliary string model, Eurocrypt, volume 1807 of LNCS, vol.89, p.141, 2000.
, Conditional oblivious transfer and timed-release encryption, Eurocrypt'99, number 1592 in LNCS, p.147, 1999.
, Two-message, oblivious evaluation of cryptographic functionalities, Crypto, number 9816 in LNCS, p.147, 2016.
, From Selective IBE to Full IBE and Selective HIBE, TCC, p.192, 2017.
, Identity-Based Encryption from the Diie-Hellman Assumption, Crypto, vol.10401, p.4, 2017.
, Public-key encryption with non-interactive opening, CT-RSA, vol.4964, p.99, 2008.
, Improved Short Lattice Signatures in the Standard Model, Crypto, p.191, 2014.
, Universally composable eecient multiparty computation from threshold homomorphic encryption, Crypto, number 2729 in LNCS, p.146, 2003.
, Dynamic fully anonymous short group signatures, VietCrypt, vol.4341, p.75, 2006.
, Practical Quantum-Safe Voting from Lattices, CCS, 2017. Citations: § xviii, p.35
, Sanitization of FHE ciphertexts, Eurocrypt, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01394216
, Toward Practical Group Encryption, ACNS 2013, vol.7954, p.119, 2013.
, A randomized protocol for signing contracts, Citations: § xxi, vol.28, issue.6, p.145, 1985.
, A provably secure group signature scheme from code-based assumptions, Asiacrypt'15, vol.9452, p.128, 2015.
, Keyword search and oblivious pseudorandom functions, TCC, vol.3378, p.147, 2005.
, Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups, In Eurocrypt, p.52, 2010.
, How to prove yourself: Practical solutions to identiication and signature problems, Citations: § 16, vol.27, p.160, 1986.
, Witness Indistinguishable and Witness Hiding Protocols, ACM, editor, STOC, vol.28, p.34, 1990.
, Secure and eecient oo-line digital money, ICALP, vol.700, p.190, 1993.
, Fully homomorphic encryption using ideal lattices, Citations: § xix, 4, p.22, 2009.
, Blind identity-based encryption and simulatable oblivious transfer, Citations: § 145, vol.4833, p.180, 2007.
, Universally Composable Adaptive Oblivious Transfer, Asiacrypt, number 5350 in LNCS, vol.147, p.190, 2008.
, Practical adaptive oblivious transfer from simple assumptions, TCC, vol.6597, p.186, 2011.
, Computational Complexity of Probabilistic Turing Machines, SIAM J. on Computing, vol.6, issue.4, p.13, 1977.
, A group signature scheme from lattice assumptions, Asiacrypt, volume 2647 of LNCS, vol.78, p.184, 2010.
, Dual Form Signatures: An Approach for Proving Security from Static Assumptions, Asiacrypt, p.52, 2012.
, Probabilistic encryption & how to play mental poker keeping secret all partial information, Citations: § xvi, vol.2, p.19, 1982.
, The knowledge complexity of interactive proof-systems, ACM, 1985. Citations: § 27, vol.28, p.118
, How to play any mental game or a completeness theorem for protocols with honest majority, STOC, p.145, 1987.
, Strengthening Zero-Knowledge Protocols Using Signatures, Eurocrypt, p.28, 2003.
, Basic Applications, Foundations of Cryptography, vol.2, p.19, 2004.
, Perfect Non-interactive Zero Knowledge for NP, Eurocrypt, 2006. Citations: § xvii, p.190
, Identiication Protocols and Signature Schemes Based on Supersingular Isogeny Problems, Asiacrypt, p.191, 2017.
, Trapdoors for hard lattices and new cryptographic constructions, Citations: § xviii, xix, vol.87, p.132, 2008.
, Fully anonymous group signatures without random oracles, Citations: § xviii and 4, vol.4833, pp.164-180, 2007.
, EEcient non-interactive proof systems for bilinear groups, Eurocrypt, vol.4965, pp.415-432, 2008.
, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, Crypto, number 8042 in LNCS, pp.75-92, 2013.
, Packing messages and optimizing bootstrapping in GSW-FHE, PKC, number 9020 in LNCS, p.158, 2015.
, Restricted adaptive oblivious transfer, Theoretical Computer Science, vol.412, issue.46, p.147, 2011.
, Improved algorithms for the approximate k-list problem in Euclidean norm, PKC'17, p.22, 2017.
, Short and stateless signatures from the RSA assumption, Crypto, vol.5677, p.154, 2009.
, Zero-knowledge from Secure Multiparty Computation, STOC, p.191, 2007.
, Mediated traceable anonymous encryption, LATINCRYPT 2010, vol.6212, p.119, 2010.
, Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies, PQCrypto, p.191, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00652846
, Commitments and eecient zeroknowledge proofs from learning parity with noise, Asiacrypt, vol.7658, p.118, 2012.
, EEcient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection, Citations: § 147, vol.5444, p.186, 2009.
, A one round protocol for tripartite diie-hellman, Algorithmic Number Theory, pp.385-393, 2000.
, Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces, Asiacrypt, vol.32, p.54, 2013.
, Switching Lemma for Bilinear Tests and Constant-Size NIZK Proofs for Linear Subspaces, Crypto, vol.8617, p.53, 2014.
, Extended tower number eld sieve: A new complexity for the medium prime case, pp.543-571
, Citations: § xix, 4, and 21, 2016.
, Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series), vol.15, p.16, 2007.
, EEciency-improved fully simulatable adaptive OT under the DDH assumption, SCN, vol.6280, p.186, 2010.
, Generic fully simulatable adaptive oblivious transfer, ACNS, vol.6715, p.186, 2011.
, Constructing brezing-weng pairing-friendly elliptic curves using elements in the cyclotomic eld, Pairing-Based Cryptography-Pairing, pp.126-135, 2008.
, Concurrently secure identiication schemes based on the worst-case hardness of lattice problems, Citations: § xvii, xviii, vol.5350, p.185, 2008.
, Traceable signatures, LNCS, vol.3027, p.119, 2004.
, Group encryption, Asiacrypt, number 4833 in LNCS, vol.6, p.132, 2007.
, EEciency improvements for signature schemes with tight security reductions, CCS, pp.155-164, 2003.
, Quasi-Adaptive NIZK for Linear Subspaces Revisited, Eurocrypt, 2015. Citations: § 32, vol.52, p.69
URL : https://hal.archives-ouvertes.fr/hal-01220192
, Multi-Theorem Preprocessing NIZKs from Lattices, Crypto
, Group signatures with eecient concurrent join, Eurocrypt, number 3494 in LNCS, vol.96, p.119, 2005.
, Secure scalable group signature with dynamic joins and separable authorities, Citations: § 43, vol.1, p.99, 2006.
, EEcient fully-simulatable oblivious transfer, CT-RSA, p.146, 2008.
, Lattice-based group signatures with logarithmic signature size, Asiacrypt, vol.8270, pp.41-61
URL : https://hal.archives-ouvertes.fr/hal-00920420
, Citations: § 77, vol.78, p.118, 2013.
, Signature schemes with eecient protocols and dynamic group signatures from lattice assumptions, Asiacrypt, 2016. Citations: § xx, vol.5, p.169
, Zero-knowledge arguments for matrix-vector relations and lattice-based group encryption, Asiacrypt, 2016. Citations: § xx, xxi, vol.5, p.174
URL : https://hal.archives-ouvertes.fr/hal-01394087
, Adaptive oblivious transfer with access control from lattice assumptions, Asiacrypt, p.168, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01622197
, Lattice-Based Group Signature Scheme with Veriier-Local Revocation, PKC, vol.8383, p.118, 2014.
, Zero-Knowledge Arguments for LatticeBased Accumulators: Logarithmic-size Ring Signatures and Group Signatures Without Trapdoors, Citations: § xix, vol.9666, p.174, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01314642
, Zero-Knowledge Arguments for LatticeBased PRFs and Applications to E-Cash, In Asiacrypt, vol.35, p.190, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01621027
, Asymptotically EEcient Lattice-Based Digital Signatures, TCC, p.191, 2008.
, Practical "signatures with eecient protocols" from simple assumptions, AsiaCCS, vol.5, p.16, 2016.
, Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications, Citations: § 35, vol.7778, p.169, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00767548
, Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based, Citations: § 43, vol.9020, p.169, 2015.
, Lattice-Based Group Signatures: Achieving Full Dynamicity (and Deniability) with Ease. In ACNS, p.44, 2017.
, Constant-Size Group Signatures from Lattices. In PKC, p.191, 2018.
, An eecient protocol for secure two-party computation in the presence of malicious adversaries, Eurocrypt, p.11, 2007.
, Linearly Homomorphic StructurePreserving Signatures and Their Applications. In Crypto, p.57, 2013.
, Non-malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures, Eurocrypt, vol.53, p.54, 2014.
URL : https://hal.archives-ouvertes.fr/hal-00983147
, Compactly Hiding Linear Spans: Tightly Secure Constant-Size Simulation-Sound QA-NIZK Proofs and Applications, Asiacrypt, p.32, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01225363
, Structure-Preserving Chosen-Ciphertext Security with Shorter Veriiable Ciphertexts, PKC, vol.10174, pp.247-276
, Citations: § xviii and 4, 2017.
, Short group signatures via structure-preserving signatures: Standard model security from simple assumptions, Citations: § xviii, vol.9216, p.69, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01225353
, Pseudonym Systems, SAC, vol.51, p.75, 1999.
, Worst-case to average-case reductions for module lattices. Designs, Codes and Cryptography, p.191, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01091291
, GGHLite: More eecient multilinear maps from ideal lattices, Eurocrypt, vol.8441, p.91, 2014.
, Traceable group encryption, PKC 2014, vol.8383, p.119, 2014.
, Lattice-based identiication schemes secure under active attacks, PKC, vol.4939, p.118, 2008.
, Fiat-Shamir with Aborts: Applications to Lattice and FactoringBased Signatures, Asiacrypt, vol.3, p.34, 2009.
, Lattice signatures without trapdoors, Citations: § xix and 5, vol.7237, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00864308
, Secrecy, Authentication, and Public Key Systems, 1979.
, A Certiied Digital Signature, Crypto, p.30, 1989.
, One-Time Signatures and Chameleon Hash Functions, SAC, LCNS, p.191, 2011.
, Trapdoors for lattices: Simpler, tighter, faster, smaller, Citations: § xix, vol.7237, p.158, 2012.
, Challenges with Assessing the Impact of NFS Advances on the Security of Pairing-Based Cryptography, Paradigms in Cryptology-Mycrypt. Malicious and Exploratory Cryptology, pp.83-108, 2017.
, Statistical zero-knowledge proofs with eecient provers: Lattice problems and more, Crypto, volume 2729 of LNCS, p.118, 2003.
, On cryptographic assumptions and challenges, Springer, editor, Crypto, p.15, 2003.
, Revocable Group Signature Schemes with Constant Costs for Signing and Verifying, PKC, p.27, 2009.
, NIST post-quantum competition
, Cryptography/Round-1-Submissions. Citations: § xv, 1, and, p.22
, Oblivious transfer with adaptive queries, Crypto, volume 1666 of LNCS, p.186, 1999.
, EEcient oblivious transfer protocols, SODA, p.146, 2001.
, Computationally secure oblivious transfer, vol.18, p.146, 2005.
, Number-theoretic constructions of eecient pseudo-random functions, FOCS, p.53, 1997.
, Attribute-based encryption with partially hidden encryptor-speciied access structures, ACNS'08, number 5037 in LNCS, p.147, 2008.
, Simpler eecient group signatures from lattices, Citations: § 77, vol.9020, p.118, 2015.
, An eecient divisible electronic cash scheme, Crypto, vol.963, p.190, 1995.
, EEcient Blind and Partially Blind Signatures Without Random Oracles, TCC, p.51, 2006.
, Universal electronic cash, Crypto, vol.576, p.190, 1991.
, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999, number 1592 in LNCS, p.118, 1999.
, Non-Interactive and Information-Theoretic Secure Veriiable Secret Sharing, Crypto, p.34, 1991.
, Public-key cryptosystems from the worst-case shortest vector problem, STOC, p.25, 2009.
, Sharper Bounds in Lattice-Based Cryptography Using the Rényi Divergence, In Asiacrypt, vol.18, p.90, 2017.
, Security Proofs for Signature Schemes, Eurocrypt, p.31, 1996.
, Security Arguments for Digital Signatures and Blind Signatures, Journal of Cryptology, vol.13, issue.3, p.71, 2000.
, Short Randomizable Signatures, CT-RSA, p.75, 2016.
, Reassessing Security of Randomizable Signatures, CT-RSA, p.51, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01903717
, Streaming authenticated data structures, Eurocrypt, vol.7881, p.80, 2013.
, Non-interactive statistical zero-knowledge proofs for lattice problems, Citations: § 118, vol.5157, p.190, 2008.
, A framework for eecient and composable oblivious transfer, Citations: § 146, vol.5157, p.190, 2008.
, Lossy Trapdoor Functions and Their Applications, STOC, p.192, 2008.
, Degree of diiculty of computing a function and a partial ordering of recursive sets, p.12, 1960.
, How to exchange secrets by oblivious transfer, Citations: § xvi, p.145, 1981.
, On lattices, learning with errors, random linear codes, and cryptography, ACM, 2005. Citations: § xviii, vol.4, p.181
, Towards Non-Interactive ZeroKnowledge for NP from LWE, 2018.
, Lattice-Based Blind Signatures, Asiacrypt, vol.6477, pp.413-430, 2010.
, Security of 2 t-Root Identiication and Signatures, Crypto, vol.3, p.33, 1996.
, Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number, 2002.
, Securing Threshold Cryptosystems against Chosen Ciphertext Attack, Eurocrypt, p.66, 1998.
, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, Citations: § xv and 1, vol.41, pp.303-332, 1999.
, Sequences of Games: A Tool for Taming Complexity in Security Proofs. Tutorial, p.17, 2006.
, Cryptosystems Based on Pairings, Symposium on Cryptography and Information Security, pp.26-28, 2000.
, On the security of dynamic group signatures: Preventing signature hijacking, PKC, vol.7293, p.99, 2012.
, A new paradigm for public key identiication, Citations: § xvii, vol.42, issue.6, p.88, 1996.
, Fuzzy identity-based encryption, Eurocrypt, number 3494 in LNCS, p.147, 2005.
, Smooth projective hashing and two-message oblivious transfer, Eurocrypt'05, number 3494 in LNCS, p.146, 2005.
, EEcient Electronic Cash: New Notions and Techniques, p.190, 1997.
, Hierarchical Group Signatures, ICALP 2005, vol.3580, p.118, 2005.
, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, Citations: § xvii and, pp.1313-1328, 2017.
, EEcient identity-based encryption without random oracles, Eurocrypt, pp.114-127, 2005.
, Zero knowledge proofs from Ring-LWE, CANS, vol.8257, p.118, 2013.
, How to generate and exchange secrets, FOCS, p.11, 1986.
, Oblivious transfer with access control: Realizing disjunction without duplication, Pairing, number 6847 in LNCS, pp.96-115, 2010.
, Some security games examples
, A lattice ? with two diierent basis
,
, Abstract description of a ?-protocol
, Security experiments for commitment schemes
, The Schnorr ?-protocol for discrete logarithm
,
,
, Stern-like ZKAoK for the relation R abstract
, Relations between the protagonists in a dynamic group signature scheme, p.45
, Experiment for security against misidentiication attacks, p.48
, Experiment for security against framing attacks
, Security experiments for
, Security experiment for the pseudo-random-ciphertext property for an IBE. . 124 List of Tables
, Comparison between diierent group signature schemes, p.74
, Experimental results for the Pairing-Base group signature scheme, p.75
, Comparison between recent lattice-based group signatures, p.78
, Basic notations and extending/permuting techniques used in our protocols, p.170
, Comparison of the diierent adaptive OT protocols secure in the standard model 186
, Comparison of the diierent adaptive OT-AC schemes secure in the standard model