{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2021,5,12]],"date-time":"2021-05-12T02:54:35Z","timestamp":1620788075406},"reference-count":67,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2011,4,29]],"date-time":"2011-04-29T00:00:00Z","timestamp":1304035200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2012,7]]},"DOI":"10.1007\/s00145-011-9102-5","type":"journal-article","created":{"date-parts":[[2011,4,28]],"date-time":"2011-04-28T10:21:59Z","timestamp":1303986119000},"page":"484-527","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["Programmable Hash Functions and Their Applications"],"prefix":"10.1007","volume":"25","author":[{"given":"Dennis","family":"Hofheinz","sequence":"first","affiliation":[]},{"given":"Eike","family":"Kiltz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,4,29]]},"reference":[{"key":"9102_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1007\/11787006_26","volume-title":"ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part\u00a0II","author":"M. Abdalla","year":"2006","unstructured":"M. Abdalla, D. Catalano, A. Dent, J. Malone-Lee, G. Neven, N. Smart, Identity-based encryption gone wild, in ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part\u00a0II, ed. by M. Bugliesi, B. Preneel, V. Sassone, I. Wegener, Venice, Italy, July 10\u201314, 2006. Lecture Notes in Computer Science, vol. 4052 (Springer, Berlin, 2006), pp. 300\u2013311"},{"key":"9102_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1007\/978-3-642-13190-5_28","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2010","author":"S. Agrawal","year":"2010","unstructured":"S. Agrawal, D. Boneh, X. Boyen, Efficient lattice (H)IBE in the standard model, in Advances in Cryptology\u2014EUROCRYPT 2010, ed. by H. Gilbert, French Riviera, May 30\u2013June 3, 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 553\u2013572"},{"key":"9102_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"480","DOI":"10.1007\/3-540-69053-0_33","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201997","author":"N. Bari","year":"1997","unstructured":"N. Bari, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees, in Advances in Cryptology\u2014EUROCRYPT\u201997, ed. by W. Fumy, Konstanz, Germany, May 11\u201315, 1997. Lecture Notes in Computer Science, vol. 1233 (Springer, Berlin, 1997), pp. 480\u2013494"},{"key":"9102_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1007\/978-3-642-01001-9_24","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2009","author":"M. Bellare","year":"2009","unstructured":"M. Bellare, T. Ristenpart, Simulation without the artificial abort: Simplified proof and improved concrete security for Waters\u2019 IBE scheme, in Advances in Cryptology\u2014EUROCRYPT 2009, ed. by A. Joux, Cologne, Germany, April 26\u201330, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 407\u2013424"},{"key":"9102_CR5","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/168588.168596","volume-title":"ACM CCS 93: 1st Conference on Computer and Communications Security","author":"M. Bellare","year":"1993","unstructured":"M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in ACM CCS 93: 1st Conference on Computer and Communications Security, ed. by V. Ashby, Fairfax, Virginia, USA, November 3\u20135, 1993 (ACM, New York, 1993), pp. 62\u201373"},{"key":"9102_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201996","author":"M. Bellare","year":"1996","unstructured":"M. Bellare, P. Rogaway, The exact security of digital signatures: How to sign with RSA and Rabin, in Advances in Cryptology\u2014EUROCRYPT\u201996, ed. by U.M. Maurer, Saragossa, Spain, May 12\u201316, 1996. Lecture Notes in Computer Science, vol. 1070 (Springer, Berlin, 1996), pp. 399\u2013416"},{"key":"9102_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/3-540-48658-5_22","volume-title":"Advances in Cryptology\u2014CRYPTO\u201994","author":"M. Bellare","year":"1994","unstructured":"M. Bellare, O. Goldreich, S. Goldwasser, Incremental cryptography: the case of hashing and signing, in Advances in Cryptology\u2014CRYPTO\u201994, ed. by Y. Desmedt, Santa Barbara, CA, USA, August 21\u201325, 1994. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994), pp. 216\u2013233"},{"key":"9102_CR8","volume-title":"Public Key Cryptography","author":"O. Blazy","year":"2011","unstructured":"O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Signatures on randomizable ciphertexts, in Public Key Cryptography (2011)"},{"key":"9102_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-3-540-24676-3_14","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in Advances in Cryptology\u2014EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch, Interlaken, Switzerland, May 2\u20136, 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 223\u2013238"},{"key":"9102_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-540-28628-8_27","volume-title":"Advances in Cryptology\u2014CRYPTO 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, Secure identity based encryption without random oracles, in Advances in Cryptology\u2014CRYPTO 2004, ed. by M. Franklin, Santa Barbara, CA, USA, August 15\u201319, 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 443\u2013459"},{"issue":"2","key":"9102_CR11","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s00145-007-9005-7","volume":"21","author":"D. Boneh","year":"2008","unstructured":"D. Boneh, X. Boyen, Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol.\n 21(2), 149\u2013177 (2008)","journal-title":"J. Cryptol."},{"key":"9102_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-44647-8_13","volume-title":"Advances in Cryptology\u2014CRYPTO 2001","author":"D. Boneh","year":"2001","unstructured":"D. Boneh, M.K. Franklin, Identity-based encryption from the Weil pairing, in Advances in Cryptology\u2014CRYPTO 2001, ed. by J. Kilian, Santa Barbara, CA, USA, August 19\u201323, 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 213\u2013229"},{"issue":"3","key":"9102_CR13","doi-asserted-by":"publisher","first-page":"586","DOI":"10.1137\/S0097539701398521","volume":"32","author":"D. Boneh","year":"2003","unstructured":"D. Boneh, M.K. Franklin, Identity based encryption from the Weil pairing. SIAM J. Comput.\n 32(3), 586\u2013615 (2003)","journal-title":"SIAM J. Comput."},{"key":"9102_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"514","DOI":"10.1007\/3-540-45682-1_30","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2001","author":"D. Boneh","year":"2001","unstructured":"D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology\u2014ASIACRYPT 2001, ed. by C. Boyd, Gold Coast, Australia, December 9\u201313, 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 514\u2013532"},{"issue":"4","key":"9102_CR15","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol.\n 17(4), 297\u2013319 (2004)","journal-title":"J. Cryptol."},{"key":"9102_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"394","DOI":"10.1007\/978-3-540-72540-4_23","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2007","author":"X. Boyen","year":"2007","unstructured":"X. Boyen, General ad hoc encryption from exponent inversion IBE, in Advances in Cryptology\u2014EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515 (Springer, Berlin, 2007), pp. 394\u2013411"},{"key":"9102_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-642-13013-7_29","volume-title":"PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography","author":"X. Boyen","year":"2010","unstructured":"X. Boyen, Lattice mixing and vanishing trapdoors: A framework for fully secure short signatures and more, in PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, ed. by P.Q. Nguyen, D. Pointcheval, Paris, France, May 26\u201328, 2010. Lecture Notes in Computer Science, vol. 6056 (Springer, Berlin, 2010), pp. 499\u2013517"},{"key":"9102_CR18","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1145\/1102120.1102162","volume-title":"ACM CCS 05: 12th Conference on Computer and Communications Security","author":"X. Boyen","year":"2005","unstructured":"X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM CCS 05: 12th Conference on Computer and Communications Security, ed. by V. Atluri, C. Meadows, A. Juels, Alexandria, Virginia, USA, November 7\u201311, 2005 (ACM, New York, 2005), pp.\u00a0320\u2013329"},{"key":"9102_CR19","unstructured":"S. Brands, An efficient off-line electronic cash system based on the representation problem. Report CS-R9323, Centrum voor Wiskunde en Informatica, March 1993"},{"key":"9102_CR20","series-title":"Lecture Notes in Computer Science","first-page":"268","volume-title":"SCN 02: 3rd International Conference on Security in Communication Networks","author":"J. Camenisch","year":"2002","unstructured":"J. Camenisch, A. Lysyanskaya, A signature scheme with efficient protocols, in SCN 02: 3rd International Conference on Security in Communication Networks, ed. by S. Cimato, C. Galdi, G. Persiano, Amalfi, Italy, September 12\u201313, 2002. Lecture Notes in Computer Science, vol. 2576 (Springer, Berlin, 2002), pp. 268\u2013289"},{"key":"9102_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-28628-8_4","volume-title":"Advances in Cryptology\u2014CRYPTO 2004","author":"J. Camenisch","year":"2004","unstructured":"J. Camenisch, A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in Advances in Cryptology\u2014CRYPTO 2004, ed. by M. Franklin, Santa Barbara, CA, USA, August 15\u201319, 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 56\u201372"},{"key":"9102_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-642-13190-5_27","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2010","author":"D. Cash","year":"2010","unstructured":"D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in Advances in Cryptology\u2014EUROCRYPT 2010, ed. by H. Gilbert, French Riviera, May 30\u2013June 3, 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 523\u2013552"},{"key":"9102_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1007\/3-540-39118-5_13","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201987","author":"D. Chaum","year":"1988","unstructured":"D. Chaum, J.-H. Evertse, J. van\u00a0de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, in Advances in Cryptology\u2014EUROCRYPT\u201987, ed. by D. Chaum, W.L. Price, Amsterdam, The Netherlands, April 13\u201315, 1988. Lecture Notes in Computer Science, vol.\u00a0304 (Springer, Berlin, 1988), pp. 127\u2013141"},{"key":"9102_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1007\/3-540-46766-1_38","volume-title":"Advances in Cryptology\u2014CRYPTO\u201991","author":"D. Chaum","year":"1992","unstructured":"D. Chaum, E. van Heijst, B. Pfitzmann, Cryptographically strong undeniable signatures, unconditionally secure for the signer, in Advances in Cryptology\u2014CRYPTO\u201991, ed. by J. Feigenbaum, Santa Barbara, CA, USA, August 11\u201315, 1992. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 470\u2013484"},{"key":"9102_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11761679_1","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2006","author":"J.H. Cheon","year":"2006","unstructured":"J.H. Cheon, Security analysis of the strong Diffie-Hellman problem, in Advances in Cryptology\u2014EUROCRYPT 2006, ed. by S. Vaudenay, St. Petersburg, Russia, May 28\u2013June 1, 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 1\u201311"},{"key":"9102_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/11967668_22","volume-title":"Topics in Cryptology\u2014CT-RSA 2007","author":"B. Chevallier-Mames","year":"2007","unstructured":"B. Chevallier-Mames, M. Joye, A practical and tightly secure signature scheme without hash function, in Topics in Cryptology\u2014CT-RSA 2007, ed. by M. Abe, San Francisco, CA, USA, February 5\u20139, 2007. Lecture Notes in Computer Science, vol. 4377 (Springer, Berlin, 2007), pp. 339\u2013356"},{"key":"9102_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/3-540-44598-6_14","volume-title":"Advances in Cryptology\u2014CRYPTO 2000","author":"J.-S. Coron","year":"2000","unstructured":"J.-S. Coron, On the exact security of full domain hash, in Advances in Cryptology\u2014CRYPTO 2000, ed. by M. Bellare, Santa Barbara, CA, USA, August 20\u201324, 2000. Lecture Notes in Computer Science, vol.\u00a01880 (Springer, Berlin, 2000), pp. 229\u2013235"},{"issue":"3","key":"9102_CR28","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1145\/357830.357847","volume":"3","author":"R. Cramer","year":"2000","unstructured":"R. Cramer, V. Shoup, Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur.\n 3(3), 161\u2013185 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"9102_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/3-540-46035-7_17","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2002","author":"I. Damg\u00e5rd","year":"2002","unstructured":"I. Damg\u00e5rd, M. Koprowski, Generic lower bounds for root extraction and signature schemes in general groups, in Advances in Cryptology\u2014EUROCRYPT 2002, ed. by L.R. Knudsen, Amsterdam, The Netherlands, April 28\u2013May 2, 2002. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 256\u2013271"},{"key":"9102_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1007\/11535218_27","volume-title":"Advances in Cryptology\u2014CRYPTO 2005","author":"Y. Dodis","year":"2005","unstructured":"Y. Dodis, R. Oliveira, K. Pietrzak, On the generic insecurity of the full domain hash, in Advances in Cryptology\u2014CRYPTO 2005, ed. by V. Shoup, Santa Barbara, CA, USA, August 14\u201318, 2005. Lecture Notes in Computer Science, vol. 3621 (Springer, Berlin, 2005), pp. 449\u2013466"},{"issue":"2","key":"9102_CR31","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/BF02351717","volume":"1","author":"U. Feige","year":"1988","unstructured":"U. Feige, A. Fiat, A. Shamir, Zero-knowledge proofs of identity. J. Cryptol.\n 1(2), 77\u201394 (1988)","journal-title":"J. Cryptol."},{"key":"9102_CR32","volume-title":"An Introduction to Probability Theory and Its Applications","author":"W. Feller","year":"1968","unstructured":"W. Feller, An Introduction to Probability Theory and Its Applications, vol. 1, 3rd edn. (Wiley, New York, 1968)","edition":"3"},{"key":"9102_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/3-540-36288-6_9","volume-title":"PKC 2003: 6th International Workshop on Theory and Practice in Public Key Cryptography","author":"M. Fischlin","year":"2003","unstructured":"M. Fischlin, The Cramer\u2013Shoup strong-RSA signature scheme revisited, in PKC 2003: 6th International Workshop on Theory and Practice in Public Key Cryptography, ed. by Y. Desmedt, Miami, USA, January 6\u20138, 2003. Lecture Notes in Computer Science, vol. 2567 (Springer, Berlin, 2003), pp. 116\u2013129"},{"key":"9102_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1007\/BFb0052225","volume-title":"Advances in Cryptology\u2014CRYPTO\u201997","author":"E. Fujisaki","year":"1997","unstructured":"E. Fujisaki, T. Okamoto, Statistical zero knowledge protocols to prove modular polynomial relations, in Advances in Cryptology\u2014CRYPTO\u201997, ed. by B.S. Kaliski Jr., Santa Barbara, CA, USA, August 17\u201321, 1997. Lecture Notes in Computer Science, vol. 1294 (Springer, Berlin, 1997), pp. 16\u201330"},{"key":"9102_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1007\/11506157_38","volume-title":"ACISP 05: 10th Australasian Conference on Information Security and Privacy","author":"J. Furukawa","year":"2005","unstructured":"J. Furukawa, H. Imai, An efficient group signature scheme from bilinear maps, in ACISP 05: 10th Australasian Conference on Information Security and Privacy, ed. by C. Boyd, J.M. Gonz\u00e1lez Nieto, Brisbane, Queensland, Australia, July 4\u20136, 2005. Lecture Notes in Computer Science, vol. 3574 (Springer, Berlin, 2005), pp. 455\u2013467"},{"key":"9102_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/3-540-48910-X_9","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201999","author":"R. Gennaro","year":"1999","unstructured":"R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, in Advances in Cryptology\u2014EUROCRYPT\u201999, ed. by J. Stern, Prague, Czech Republic, May 2\u20136, 1999. Lecture Notes in Computer Science, vol. 1592 (Springer, Berlin, 1999), pp. 123\u2013139"},{"key":"9102_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1007\/11761679_27","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2006","author":"C. Gentry","year":"2006","unstructured":"C. Gentry, Practical identity-based encryption without random oracles, in Advances in Cryptology\u2014EUROCRYPT 2006, ed. by S. Vaudenay, St. Petersburg, Russia, May 28\u2013June 1, 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 445\u2013464"},{"key":"9102_CR38","first-page":"197","volume-title":"40th Annual ACM Symposium on Theory of Computing","author":"C. Gentry","year":"2008","unstructured":"C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork, Victoria, British Columbia, Canada, May 17\u201320, 2008 (ACM, New York, 2008), pp. 197\u2013206"},{"issue":"2","key":"9102_CR39","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.\n 17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"key":"9102_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1007\/978-3-540-30576-7_4","volume-title":"TCC 2005: 2nd Theory of Cryptography Conference","author":"J. Groth","year":"2005","unstructured":"J. Groth, Cryptography in subgroups of \u2124\n n\n , in TCC 2005: 2nd Theory of Cryptography Conference, ed. by J. Kilian, Cambridge, MA, USA, February 10\u201312, 2005. Lecture Notes in Computer Science, vol.\u00a03378 (Springer, Berlin, 2005), pp. 50\u201365"},{"key":"9102_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/3-540-45961-8_11","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201988","author":"L.C. Guillou","year":"1988","unstructured":"L.C. Guillou, J.-J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, in Advances in Cryptology\u2014EUROCRYPT\u201988, ed. by C.G. G\u00fcnther, Davos, Switzerland, May 25\u201327, 1988. Lecture Notes in Computer Science, vol. 330 (Springer, Berlin, 1988), pp. 123\u2013128"},{"issue":"4","key":"9102_CR42","doi-asserted-by":"publisher","first-page":"1364","DOI":"10.1137\/S0097539793244708","volume":"28","author":"J. H\u00e5stad","year":"1999","unstructured":"J. H\u00e5stad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput.\n 28(4), 1364\u20131396 (1999)","journal-title":"SIAM J. Comput."},{"key":"9102_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1007\/978-3-540-74143-5_31","volume-title":"Advances in Cryptology\u2014CRYPTO 2007","author":"D. Hofheinz","year":"2007","unstructured":"D. Hofheinz, E. Kiltz, Secure hybrid encryption from weakened key encapsulation, in Advances in Cryptology\u2014CRYPTO 2007, ed. by A. Menezes, Santa Barbara, CA, USA, August 19\u201323, 2007. Lecture Notes in Computer Science, vol. 4622 (Springer, Berlin, 2007), pp. 553\u2013571"},{"key":"9102_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-01001-9_18","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2009","author":"D. Hofheinz","year":"2009","unstructured":"D. Hofheinz, E. Kiltz, Practical chosen ciphertext secure encryption from factoring, in Advances in Cryptology\u2014EUROCRYPT 2009, ed. by A. Joux, Cologne, Germany, April 26\u201330, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 313\u2013332"},{"key":"9102_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"654","DOI":"10.1007\/978-3-642-03356-8_38","volume-title":"Advances in Cryptology\u2014CRYPTO 2009","author":"S. Hohenberger","year":"2009","unstructured":"S. Hohenberger, B. Waters, Short and stateless signatures from the RSA assumption, in Advances in Cryptology\u2014CRYPTO 2009, ed. by S. Halevi, Santa Barbara, CA, USA, August 16\u201320, 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 654\u2013670"},{"key":"9102_CR46","unstructured":"Q. Huang, D.S. Wong, New constructions of convertible undeniable signature schemes without random oracles. Cryptology ePrint Archive, Report 2009\/517 (2009). \n http:\/\/eprint.iacr.org\/"},{"key":"9102_CR47","volume-title":"Random Walks and Random Environments: Vol. 1: Random Walks","author":"B.D. Hughes","year":"1995","unstructured":"B.D. Hughes, Random Walks and Random Environments: Vol. 1: Random Walks (Oxford University Press, London, 1995)"},{"key":"9102_CR48","doi-asserted-by":"crossref","unstructured":"M. Joye, How (not) to design strong-RSA signatures. Des. Codes Cryptogr. (2011)","DOI":"10.1007\/s10623-010-9453-1"},{"key":"9102_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"581","DOI":"10.1007\/11681878_30","volume-title":"TCC 2006: 3rd Theory of Cryptography Conference","author":"E. Kiltz","year":"2006","unstructured":"E. Kiltz, Chosen-ciphertext security from tag-based encryption, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin, New York, NY, USA, March 4\u20137, 2006. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 581\u2013600"},{"key":"9102_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1007\/11780656_28","volume-title":"ACISP 2006","author":"E. Kiltz","year":"2006","unstructured":"E. Kiltz, D. Galindo, Direct chosen-ciphertext secure identity-based key encapsulation without random oracles, in ACISP 2006. Lecture Notes in Computer Science, vol. 4058 (Springer, Berlin, 2006), pp. 336\u2013347"},{"issue":"47\u201349","key":"9102_CR51","doi-asserted-by":"publisher","first-page":"5093","DOI":"10.1016\/j.tcs.2009.08.007","volume":"410","author":"E. Kiltz","year":"2009","unstructured":"E. Kiltz, D. Galindo, Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. Theor. Comput. Sci.\n 410(47\u201349), 5093\u20135111 (2009)","journal-title":"Theor. Comput. Sci."},{"key":"9102_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-540-79263-5_14","volume-title":"Topics in Cryptology\u2014CT-RSA 2008","author":"E. Kiltz","year":"2008","unstructured":"E. Kiltz, Y. Vahlis, CCA2 secure IBE: Standard model efficiency through authenticated symmetric encryption, in Topics in Cryptology\u2014CT-RSA 2008, ed. by T. Malkin, San Francisco, CA, USA, April 7\u201311, 2008. Lecture Notes in Computer Science, vol. 4964 (Springer, Berlin, 2008), pp. 221\u2013238"},{"key":"9102_CR53","volume-title":"EUROCRYPT","author":"E. Kiltz","year":"2011","unstructured":"E. Kiltz, K. Pietrzak, D. Cash, A. Jain, D. Venturi, Efficient authentication from hard learning problems, in EUROCRYPT (2011)"},{"key":"9102_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/978-3-540-78524-8_3","volume-title":"TCC 2008: 5th Theory of Cryptography Conference","author":"V. Lyubashevsky","year":"2008","unstructured":"V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in TCC 2008: 5th Theory of Cryptography Conference, ed. by R. Canetti, San Francisco, CA, USA, March 19\u201321, 2008. Lecture Notes in Computer Science, vol. 4948 (Springer, Berlin, 2008), pp. 37\u201354"},{"issue":"5","key":"9102_CR55","first-page":"1234","volume":"E84-A","author":"A. Miyaji","year":"2001","unstructured":"A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam.\n E84-A(5), 1234\u20131243 (2001)","journal-title":"IEICE Trans. Fundam."},{"key":"9102_CR56","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1145\/501983.501987","volume-title":"ACM CCS 01: 8th Conference on Computer and Communications Security","author":"D. Naccache","year":"2001","unstructured":"D. Naccache, D. Pointcheval, J. Stern, Twin signatures: An alternative to the hash-and-sign paradigm, in ACM CCS 01: 8th Conference on Computer and Communications Security, Philadelphia, PA, USA, November 5\u20138, 2001 (ACM, New York, 2001), pp. 20\u201327"},{"key":"9102_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1007\/11681878_5","volume-title":"TCC 2006: 3rd Theory of Cryptography Conference","author":"T. Okamoto","year":"2006","unstructured":"T. Okamoto, Efficient blind and partially blind signatures without random oracles, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin, New York, NY, USA, March 4\u20137, 2006. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 80\u201399"},{"key":"9102_CR58","first-page":"187","volume-title":"40th Annual ACM Symposium on Theory of Computing","author":"C. Peikert","year":"2008","unstructured":"C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork, Victoria, British Columbia, Canada, May 17\u201320, 2008 (ACM, New York, 2008), pp. 187\u2013196"},{"key":"9102_CR59","volume-title":"SCIS 2000","author":"R. Sakai","year":"2000","unstructured":"R. Sakai, K. Ohgishi, M. Kasahara, Cryptosystems based on pairing, in SCIS 2000, Okinawa, Japan, January 2000"},{"key":"9102_CR60","volume-title":"EUROCRYPT","author":"S. Sch\u00e4ge","year":"2011","unstructured":"S. Sch\u00e4ge, Tight proofs for signature schemes without random oracles, in EUROCRYPT (2011)"},{"key":"9102_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/978-3-642-14577-3_12","volume-title":"FC 2010: 14th International Conference on Financial Cryptography and Data Security","author":"S. Sch\u00e4ge","year":"2010","unstructured":"S. Sch\u00e4ge, J. Schwenk, A CDH-based ring signature scheme with short signatures and public keys, in FC 2010: 14th International Conference on Financial Cryptography and Data Security, ed. by R. Sion, Tenerife, Canary Islands, Spain, January 25\u201328, 2010. Lecture Notes in Computer Science, vol. 6052 (Springer, Berlin, 2010), pp. 129\u2013142"},{"key":"9102_CR62","unstructured":"Secure hash standard. National Institute of Standards and Technology, NIST FIPS PUB 180-1, U.S. Department of Commerce, April 1995"},{"key":"9102_CR63","doi-asserted-by":"crossref","volume-title":"A Computational Introduction to Number Theory and Algebra","author":"V. Shoup","year":"2005","unstructured":"V. Shoup, A Computational Introduction to Number Theory and Algebra (Cambridge University Press, Cambridge, 2005)","DOI":"10.1017\/CBO9781139165464"},{"key":"9102_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-642-03356-8_36","volume-title":"Advances in Cryptology\u2014CRYPTO 2009","author":"B. Waters","year":"2009","unstructured":"B. Waters, Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions, in Advances in Cryptology\u2014CRYPTO 2009, ed. by S. Halevi, Santa Barbara, CA, USA, August 16\u201320, 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 619\u2013636"},{"key":"9102_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/11426639_7","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2005","author":"B.R. Waters","year":"2005","unstructured":"B.R. Waters, Efficient identity-based encryption without random oracles, in Advances in Cryptology\u2014EUROCRYPT 2005, ed. by R. Cramer, Aarhus, Denmark, May 22\u201326, 2005. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 114\u2013127"},{"issue":"4","key":"9102_CR66","first-page":"484","volume":"10","author":"H. Zhu","year":"2001","unstructured":"H. Zhu, New digital signature scheme attaining immunity to adaptive chosen-message attack. Chin. J. Electron.\n 10(4), 484\u2013486 (2001)","journal-title":"Chin. J. Electron."},{"key":"9102_CR67","unstructured":"H. Zhu, A formal proof of zhu\u2019s signature scheme. Cryptology ePrint Archive, Report 2003\/155 (2003). \n http:\/\/eprint.iacr.org\/"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-011-9102-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-011-9102-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-011-9102-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-011-9102-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:05:38Z","timestamp":1586333138000},"score":1,"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,4,29]]},"references-count":67,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2012,7]]}},"alternative-id":["9102"],"URL":"http:\/\/dx.doi.org\/10.1007\/s00145-011-9102-5","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":["Applied Mathematics","Computer Science Applications","Software"],"published":{"date-parts":[[2011,4,29]]},"assertion":[{"value":"13 February 2010","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 April 2011","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}