Skip to main content
Springer Nature Link
Log in

Concurrently Secure Blind Schnorr Signatures

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2024 (EUROCRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14652))

Abstract

Many applications of blind signatures, e.g. in blockchains, require compatibility of the resulting signatures with the existing system. This makes blind issuing of Schnorr signatures (now being standardized and supported by major cryptocurrencies) desirable. Concurrent security of the signing protocol is required to thwart denial-of-service attacks.

We present a concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. Our protocol is the first to be compatible with standard Schnorr implementations over 256-bit elliptic curves. We cast our scheme as a generalization of blind and partially blind signatures: we introduce the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy.

We provide implementations and benchmarks for various choices of primitives and scenarios, such as blindly signing Bitcoin transactions only when they meet certain conditions specified by the signer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf.

  2. 2.

    The AGM assumes the adversary against a cryptosystem defined over a group \((\mathbb {G},+)\) to be algebraic, which means that if, after having received group elements \(X_1,\dots ,X_n\), the adversary returns a group element Z, one can extract a representation \((\zeta _1,\dots ,\zeta _n)\) so that \(Z=\sum \zeta _i X_i\).

  3. 3.

    The authors propose to generalize their scheme to \(t>2\) parallel runs (of which the signer finishes one). But even assuming the best attack on mROS is guessing which sessions will be finished, for 128-bit security we would require \(t> 2^{14}\) parallel sessions, resulting in huge communication complexity.

  4. 4.

    Blind signing is a 7-move protocol and, due to a loose security proof, 12 000-bit groups would be needed [CAHL+22]. The communication cost per signing session, which is linear in the number of preceding sessions, was then reduced to logarithmic [CAHL+22] (but no Schnorr-based variants are mentioned).

  5. 5.

    A signature in [HLW23] consists of a BLS signature [BLS01], as well as \(K-1\) keys and commitment openings. For 128-bit security the authors suggest \(K=33\), which yields 5.71 kB per signature, compared to 128 bytes for [TZ22].

  6. 6.

    Assuming 128-bit security for DL on the curve and n-bit security for Schnorr signatures and NIZK soundness, Theorem 1 yields n-bit security as long as \(\log q\le 126-n\), where q is the number of signing session an attacker closes successfully. In contrast, for 256-bit curves, clause blind Schnorr [FPS20] only achieves 70-bit security due to attacks on mROS (cf. [TZ22]).

  7. 7.

    Having the user commit to her randomness upfront and later prove that her protocol messages are consistent with it has been used in previous blind signature constructions via cut-and-choose [Poi98, KLR21, CAHL+22, HLW23]. However, if the user revealed all of her secrets (in the “chosen” sessions), this would break blindness; in these protocols the signer therefore signs a (hiding) commitment to the actual message (and hence the resulting signatures need to contain the commitment opening).

  8. 8.

    This enables “straight-line” extraction of the committed values during the signing queries in our proof of unforgeability. We cannot use commitments that assume non-blackbox extraction: the reduction would have to run extractors that run other extractors, which would lead to an exponential blow-up of its running time. Moreover, the efficiency gains in our implementation would be small. (See the full version [FW22] for a detailed discussion.) Note that replacing the NIZK by a proof of knowledge would not help since we need to extract before the proven statement is known.

  9. 9.

    This is also why we do not use the random oracle model for extractable commitments (but rely on \(\textsf{PKE}\) instead), in contrast to other work [KLR21]. Assuming unforgeability of (Schnorr) signatures when proving the security of a protocol built on top has also been done in the context of multi- and threshold signatures [CKM21, BCK+22].

  10. 10.

    We analyze the computational complexity of this check in the full version [FW22].

  11. 11.

    Another potential application (not supported by partially blind signatures) is to rate-limiting in Privacy Pass [DGS+18]: when obtaining the signed tokens, PBS could enforce that they are “linked” among them (but unlinkable to the signing session), so that applications can enforce rate limits on linked tokens. (E.g., a (long-enough) prefix of the signed string must be the preimage of a one-way-function evaluation that specifies the predicate used during blind signing.).

  12. 12.

    We implement both (G) and (P) over the \(\textsf{BN254}\) curve [BN06], whose order is incompatible with the base field of \(\textsf{secp256k1}\).

  13. 13.

    We expect implementations for Schnorr instantiated over \(\textsf{ed25519}\) (Circom 2.0 implementation of [Ele]), i.e., blind signing of EdDSA [BDL+12] to yield similar benchmarks using \(\textsf{BN254}\), since the base field of \(\textsf{ed25519}\) is also incompatible with the \(\textsf{BN254}\) scalar field.

  14. 14.

    https://electriccoin.co/blog/software-usability-and-hardware-requirements/.

  15. 15.

    https://download.z.cash/zcashfinalmpc/sprout-proving.key.

  16. 16.

    Checking if no such injective function exists is efficiently computable using e.g. the Hopcroft-Karp or Karzanov’s matching algorithm [HK73, Kar73].

  17. 17.

    Moreover, the user would have to prove knowledge of the corresponding secret key, so that the unforgeability reduction can extract it.

  18. 18.

    There are attacks against Groth16 in which proofs constructed under a malformed CRS leak information on the witness [CGGN17, Fuc19].

  19. 19.

    One invocation of the \(\mathsf {SHA\text {-}256}\) compression function requires around 26 000 R1CS (see Footnote 22) constraints [CGGN17, KPS18, ide].

  20. 20.

    Fluidex builds on the [ide] code base and does not consider PlonK-specific optimization techniques such as [PFM+22].

  21. 21.

    [TS] builds on the reference implementation of Spartan [Set] where the curve has been replaced by \(\textsf{secq256k1}\) and combines this with a modified version of [Bha] which compiles Circom projects into the format required by Spartan.

  22. 22.

    Arithmetization is given as a R1CS relation, which consists of instance-witness pairs \(((A, B, C, \theta ), w)\), where ABC are matrices and \(\theta , w\) are vectors over a finite field \(\mathbb {F}\), such that \(Az\circ Bz = Cz\) for \(z := (1, \theta , w)\), where “\(\circ \)” denotes the entry-wise product [BCR+19]. We refer to each such product as a “constraint” or “gate”.

  23. 23.

    Note that the first line in the return statement of (7) checks a congruence modulo q, whereas the third line requires modulo p. We stress the importance of type checks when inputs are not \(\mathbb {F}_p\) elements; for elements of the statement \(\theta \) these can be directly performed when verifying a NIZK proof, which saves on CRS size and prover time.

  24. 24.

    Since elliptic-curve scalar multiplication in the \(\textsf{BJB}\) group for fixed base requires roughly 770 R1CS constraints as opposed to about 2 530 constraints for variable base (incl. bit-decomposition; in the current [ide] implementation), the bulk of constraints saved from (A2) to (A1) comes from this hardwiring aspect, rather than the smaller message size.

  25. 25.

    The drawback of using Cocks-Pinch is that the bit length of the base filed is up to twice as long [FST10], and, more importantly, it only yields the curve parameters, but no security guarantees, let alone efficient implementations.

References

  1. 0xPARC. Big integer arithmetic and secp256k1 ECC operations in circom. https://github.com/0xPARC/circom-ecdsa

  2. Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. IACR Trans. Symm. Cryptol. 2020(3), 1–45 (2020)

    Google Scholar 

  3. Abdalla, M., Bellare, M., Rogaway, P.: DHIES: an encryption scheme based on the Diffie-Hellman problem. Contributions to IEEE P1363a, September 1998

    Google Scholar 

  4. Albrecht, M.R., et al.: Algebraic cryptanalysis of STARK-friendly designs: application to MARVELlous and MiMC. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 371–397. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_13

    Chapter  Google Scholar 

  5. Abe, M., Fujisaki, E.: How to date blind signatures. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 244–251. Springer, Heidelberg (1996). https://doi.org/10.1007/BFb0034851

    Chapter  Google Scholar 

  6. Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_12

    Chapter  Google Scholar 

  7. Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191–219. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_7

    Chapter  Google Scholar 

  8. Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_17

    Chapter  Google Scholar 

  9. Apple. iCloud private relay. https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF

  10. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: Short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press, May 2018

    Google Scholar 

  11. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast Reed-Solomon interactive oracle proofs of proximity. In: Chatzigiannakis, I., Kaklamanis, C., Marx, D., Sannella, D. (eds.) ICALP 2018, LIPIcs vol. 107, pp. 14:1–14:17. Schloss Dagstuhl, July 2018

    Google Scholar 

  12. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046 (2018). https://ia.cr/2018/046

  13. Bünz, B., Chen, B.: Protostar: generic efficient accumulation/folding for special-sound protocols. In: Guo, J., Steinfeld, R. (eds) ASIACRYPT 2023. LNCS, vol. 14439, pp. 77–110. Springer, Singapore. https://doi.org/10.1007/978-981-99-8724-5_3

  14. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    Article  MathSciNet  Google Scholar 

  15. Brier, E., Coron, J.-S., Icart, T., Madore, D., Randriam, H., Tibouchi, M.: Efficient indifferentiable hashing into ordinary elliptic curves. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 237–254. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_13

    Chapter  Google Scholar 

  16. Bellare, M., Crites, E., Komlo, C., Maller, M., Tessaro, S., Zhu, C.: Better than Advertised Security for Non-interactive Threshold Signatures. In: Dodis, Y., Shrimpton, T. (eds) CRYPTO 2022. LNCS, vol. 13510, pp. 517–550. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15985-5_18

  17. Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-cash and simulatable VRFs revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03298-1_9

    Chapter  Google Scholar 

  18. Ben-Sasson, E., Carmon, D., Kopparty, S., Levit, D.: Elliptic curve Fast Fourier Transform (ECFFT) part I: Fast polynomial algorithms over all finite fields. Electron. Colloquium Comput. Complex. 28, 103 (2021)

    Google Scholar 

  19. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 103–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_4

    Chapter  Google Scholar 

  20. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)

    Article  Google Scholar 

  21. Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435–464. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_15

    Chapter  Google Scholar 

  22. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  23. Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: 20th ACM STOC, pp. 103–112. ACM Press, May 1988

    Google Scholar 

  24. Bauer, B., Fuchsbauer, G., Plouviez, A.: The one-more discrete logarithm assumption in the generic group model. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 587–617. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_20

    Chapter  Google Scholar 

  25. Bauer, B., Fuchsbauer, G., Qian, C.: Transferable E-cash: a cleaner model and the first practical instantiation. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 559–590. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_20

    Chapter  Google Scholar 

  26. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an Untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  Google Scholar 

  27. Bünz, B., Fisch, B., Szepieniec, A.: Transparent SNARKs from DARK compilers. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 677–706. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_24

    Chapter  Google Scholar 

  28. Bowe, S., Grigg, J., Hopwood, D.: Halo: Recursive proof composition without a trusted setup. Cryptology ePrint Archive, Report 2019/1021 (2019). https://ia.cr/2019/1021

  29. Ben-Sasson, E., Goldberg, L., Levit, D.: STARK friendly hash – survey and recommendation. Cryptology ePrint Archive, Report 2020/948 (2020). https://ia.cr/2020/948

  30. Bowe, S., Gabizon, A., Miers, I.: Scalable multi-party computation for zk-SNARK parameters in the random beacon model. Cryptology ePrint Archive, Report 2017/1050 (2017). https://ia.cr/2017/1050

  31. Bhardwaj, N.: Middleware to compile circom circuits to nova prover. https://github.com/nalinbhardwaj/Nova-Scotia

  32. Barry, W., Jordi, B., Bellés, M.: Baby Jubjub elliptic curve. Ethereum Improvement Proposal, EIP-2494, 29 (2020)

    Google Scholar 

  33. Boneh, D., Komlo, C.: Threshold signatures with private accountability. In: Dodis, Y., Shrimpton, T., (eds.) CRYPTO 2022, Part IV, vol. 13510. LNCS, pp. 551–581. Springer, Cham (2022)

    Google Scholar 

  34. Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: Sadeghi, A.-R., Gligor, V.D., Yung, M., (eds.) ACM CCS 2013, pp. 1087–1098. ACM Press, November 2013

    Google Scholar 

  35. Benhamouda, F., Lepoint, T., Loss, J., Orrù, M., Raykova, M.: On the (in)security of ROS. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 33–53. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_2

    Chapter  Google Scholar 

  36. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30

    Chapter  Google Scholar 

  37. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22

    Chapter  Google Scholar 

  38. Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003)

    Article  MathSciNet  Google Scholar 

  39. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3

    Chapter  Google Scholar 

  40. Botrel, G.: gnark: high-performance, open-source library that enables effective zkSNARK applications. https://consensys.net/blog/research-development/gnark-your-guide-to-write-zksnarks-in-go/

  41. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93, pp. 62–73. ACM Press, November 1993

    Google Scholar 

  42. Brands, S.: Untraceable off-line cash in wallet with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_26

    Chapter  Google Scholar 

  43. Brack, S., Reichert, L., Scheuermann, B.: CAUDHT: decentralized contact tracing using a DHT and blind signatures. In: Tan, H.-P., Khoukhi, L., Oteafy, S., (eds.) Local Computer Networks LCN 2020, pp. 337–340. IEEE (2020)

    Google Scholar 

  44. Bröker, R., Stevenhagen, P.: Constructing elliptic curves of prime order. Contemp. Math. 463, 17–28 (2008)

    Article  MathSciNet  Google Scholar 

  45. Barreto, P.L., Zanon, G.H.M.: Blind signatures from zero-knowledge arguments. Cryptology ePrint Archive, Paper 2023/067 (2023). https://ia.cr/2023/067

  46. Chairattana-Apirom, R., Hanzlik, L., Loss, J., Lysyanskaya, A., Wagner, B.: PI-cut-choo and friends: compact blind signatures via parallel instance cut-and-choose and more. In: Dodis, Y., Shrimpton, T., (eds.) CRYPTO 2022, Part III, vol. 13509 LNCS, pp. 3–31. Springer, August 2022

    Google Scholar 

  47. Chen, B., Bünz, B., Boneh, D., Zhang, Z.: HyperPlonk: plonk with linear-time prover and high-degree custom gates. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part II, vol. 14005. LNCS, pp. 499–530. Springer, Cham (2023)

    Google Scholar 

  48. Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_25

    Chapter  Google Scholar 

  49. Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008, pp. 345–356. ACM Press, October 2008

    Google Scholar 

  50. Campanelli, M., Gennaro, R., Goldfeder, S., Nizzardo, L.: Zero-knowledge contingent payments revisited: attacks and payments for services. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 229–243. ACM Press, October / November 2017

    Google Scholar 

  51. Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO’82, pp. 199–203. Plenum Press, New York, USA (1982)

    Google Scholar 

  52. Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Barstow, D., Brauer, W., Brinch Hansen, P., Gries, D., Luckham, D., Moler, C., Pnueli, A., Seegmüller, G., Stoer, J., Wirth, N., Günther, C.G. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_15

    Chapter  Google Scholar 

  53. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: Preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  54. Crites, E., Komlo, C., Maller, M.: How to prove Schnorr assuming Schnorr: Security of multi- and threshold signatures. Cryptology ePrint Archive, Paper 2021/1375 (2021). https://ia.cr/2021/1375

  55. Crites, E.C., Komlo, C., Maller, M., Tessaro, S., Zhu, C.: Snowblind: a threshold blind signature in pairing-free groups. In: Handschuh, H., Lysyanskaya, A., (eds.) CRYPTO 2023, Part I, vol. 14081. LNCS, pp. 710–742. Springer, August 2023

    Google Scholar 

  56. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_7

    Chapter  Google Scholar 

  57. Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_4

    Chapter  Google Scholar 

  58. The Electric Coin Company. The halo2 book (2021). https://zcash.github.io/halo2/index.html

  59. Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_14

    Chapter  Google Scholar 

  60. Chiesa, A., Ojha, D., Spooner, N.: Fractal: post-quantum and transparent recursive proofs from holography. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 769–793. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_27

    Chapter  Google Scholar 

  61. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7

    Chapter  Google Scholar 

  62. Davidson, A., Goldberg, I., Sullivan, N., Tankersley, G., Valsorda, F.: Privacy pass: bypassing internet challenges anonymously. Proc. Priv. Enhancing Technol. 2018(3), 164–180 (2018)

    Article  Google Scholar 

  63. Denis, F., Jacobs, F., Wood, C.A.: RSA blind signatures [work in progress] (2022). https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/

  64. Dar, A.B., Lone, A.H., Zahoor, S., Khan, A.A., Naaz, R.: Applicability of mobile contact tracing in fighting pandemic (COVID-19): Issues, challenges and solutions. Cryptology ePrint Archive, Report 2020/484 (2020). https://ia.cr/2020/484

  65. Dwork, C., Naor, M.: Zaps and their applications. SIAM J. Comput. 36(6), 1513–1543 (2007)

    Article  MathSciNet  Google Scholar 

  66. Electron-Labs. Ed25519 implementation in circom. https://github.com/Electron-Labs/ed25519-circom

  67. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  68. Fuchsbauer, G., Hanser, C., Kamath, C., Slamanig, D.: Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 391–408. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44618-9_21

    Chapter  Google Scholar 

  69. Fuchsbauer, G., Hanser, C., Slamanig, D.: Practical round-optimal blind signatures in the standard model. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 233–253. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_12

    Chapter  Google Scholar 

  70. Fischlin, M.: Round-optimal composable blind signatures in the common reference string model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60–77. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_4

    Chapter  Google Scholar 

  71. Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2

    Chapter  Google Scholar 

  72. Fersch, M., Kiltz, E., Poettering, B.: On the provable security of (EC)DSA signatures. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1651–1662. ACM Press, October 2016

    Google Scholar 

  73. Fersch, M., Kiltz, E., Poettering, B.: On the one-per-message unforgeability of (EC)DSA and its variants. In: Kalai, Y., Reyzin, L., (eds.) TCC 2017, Part II, vol. 10678. LNCS, pp. 519–534. Springer, November 2017

    Google Scholar 

  74. Fuchsbauer, G., Orrù, M.: Non-interactive zaps of knowledge. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 44–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_3

    Chapter  Google Scholar 

  75. Fuchsbauer, G., Orrù, M.: Non-interactive mimblewimble transactions, revisited. In: Agrawal, S., Lin, D. (eds) ASIACRYPT 2022. LNCS, vol. 13791, pp. 713–744. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22963-3_24

  76. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57220-1_66

    Chapter  Google Scholar 

  77. Fuchsbauer, G., Orrù, M., Seurin, Y.: Aggregate cash systems: a cryptographic investigation of mimblewimble. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 657–689. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_22

    Chapter  Google Scholar 

  78. Fuchsbauer, G., Plouviez, A., Seurin, Y.: Blind schnorr signatures and signed ElGamal encryption in the algebraic group model. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 63–95. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_3

    Chapter  Google Scholar 

  79. Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)

    Article  MathSciNet  Google Scholar 

  80. Fuchsbauer, G.: Subversion-zero-knowledge SNARKs. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 315–347. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_11

    Chapter  Google Scholar 

  81. Fuchsbauer, G.: WI is not enough: Zero-knowledge contingent (service) payments revisited. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J., (eds.) ACM CCS 2019, pp. 49–62. ACM Press, November 2019

    Google Scholar 

  82. Fuchsbauer, G., Wolf, M.: Concurrently secure blind Schnorr signatures (full version). Cryptology ePrint Archive, Paper 2022/1676 (2022). https://ia.cr/2022/1676

  83. Garg, S., Gupta, D.: Efficient round optimal blind signatures. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 477–495. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_27

    Chapter  Google Scholar 

  84. Ghadafi, E.: Efficient round-optimal blind signatures in the standard model. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 455–473. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_26

    Chapter  Google Scholar 

  85. Groth, J., Kohlweiss, M., Maller, M., Meiklejohn, S., Miers, I.: Updatable and universal common reference strings with applications to zk-SNARKs. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 698–728. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_24

    Chapter  Google Scholar 

  86. Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: Bailey, M., Greenstadt, R., (eds.) USENIX Security 2021, pp. 519–535. USENIX Association, August 2021

    Google Scholar 

  87. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)

    Article  MathSciNet  Google Scholar 

  88. Google. VPN by Google One. https://one.google.com/about/vpn/howitworks

  89. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  90. Garg, S., Rao, V., Sahai, A., Schröder, D., Unruh, D.: Round optimal blind signatures. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 630–648. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_36

    Chapter  Google Scholar 

  91. Gabizon, A., Williamson, Z.J., Ciobotaru, O.: Plonk: Permutations over Lagrange-bases for oecumenical noninteractive arguments of knowledge. IACR Cryptol. ePrint Arch., 2019:953 (2019)

    Google Scholar 

  92. Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted bitcoin-compatible anonymous payment hub. In: NDSS 2017. The Internet Society, February / March 2017

    Google Scholar 

  93. Heilman, E., Baldimtsi, F., Goldberg, S.: Blindly signed contracts: anonymous on-blockchain and off-blockchain bitcoin transactions. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 43–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_4

    Chapter  Google Scholar 

  94. Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS 2012. The Internet Society, February 2012

    Google Scholar 

  95. Herschberg, M.A.: Secure electronic voting over the world wide web. Ph.D. thesis, Massachusetts Institute of Technology (1997)

    Google Scholar 

  96. Hendrickson, S., Iyengar, J., Pauly, T., Valdez, S., Wood, C.A.: Private Access Tokens. Internet-Draft draft-private-access-tokens-00, Internet Engineering Task Force. Work in Progress

    Google Scholar 

  97. Hopcroft, J.E., Karp, R.M.: An n\(\hat{\,}\)5/2 algorithm for maximum matchings in bipartite graphs. SIAM J. Comput. 2(4):225–231 (1973)

    Google Scholar 

  98. Hanzlik, L., Kluczniak, K.: A short paper on blind signatures from knowledge assumptions. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 535–543. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_31

    Chapter  Google Scholar 

  99. Hartmann, D., Kiltz, E.: Limits in the provable security of ECDSA signatures. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023, Part IV. LNCS, vol. 14372, pp. 279–309. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-48624-1_11

  100. Hazay, C., Katz, J., Koo, C.-Y., Lindell, Y.: Concurrently-secure blind signatures without random oracles or setup assumptions. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 323–341. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_18

    Chapter  Google Scholar 

  101. Hauck, E., Kiltz, E., Loss, J., Nguyen, N.K.: Lattice-based blind signatures, revisited. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 500–529. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_18

    Chapter  Google Scholar 

  102. Hanzlik, L., Loss, J., Wagner, B.: Rai-choo! Evolving blind signatures to the next level. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part V, vol. 14008. LNCS, pp. 753–783. Springer, April (2023). https://doi.org/10.1007/978-3-031-30589-4_26

  103. iden3. Circom 2.0. https://iden3.io/circom

  104. Jayaraman, B., Li, H., Evans, D.: Decentralized certificate authorities. CoRR, abs/1706.03370 (2017)

    Google Scholar 

  105. Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052233

    Chapter  Google Scholar 

  106. Karzanov, A.V. An exact estimate of an algorithm for finding a maximum .: flow, applied to the problem on representatives. Problems in Cybernetics 5, 66–70 (1973)

    Google Scholar 

  107. Katz, J., Loss, J., Rosenberg, M.: Boosting the security of blind signature schemes. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 468–492. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_16

    Chapter  Google Scholar 

  108. Kastner, J., Loss, J., Xu, J.: On pairing-free blind signature schemes in the algebraic group model. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 468–497. Springer, Cham (2022)

    Google Scholar 

  109. Kohlweiss, M., Maller, M., Siim, J., Volkhov, M.: Snarky ceremonies. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 98–127. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_4

    Chapter  Google Scholar 

  110. Kosba, A.E., Papamanthou, C., Shi, E.: xJsnark: a framework for efficient verifiable computation. In: 2018 IEEE Symposium on Security and Privacy, pp. 944–961. IEEE Computer Society Press, May 2018

    Google Scholar 

  111. Kattis, A.A., Panarin, K., Vlasov, A.: RedShift: transparent SNARKs from list polynomial commitments. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, pp. 1725–1737. ACM Press, November 2022

    Google Scholar 

  112. Kiayias, A., Zhou, H.-S.: Concurrent blind signatures without random oracles. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 49–62. Springer, Heidelberg (2006). https://doi.org/10.1007/11832072_4

    Chapter  Google Scholar 

  113. Liu, Y., Liu, Z., Long, Yu., Liu, Z., Gu, D., Huan, F., Jia, Y.: TumbleBit++: a comprehensive privacy protocol providing anonymity and amount-invisibility. In: Steinfeld, R., Yuen, T.H. (eds.) ProvSec 2019. LNCS, vol. 11821, pp. 339–346. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31919-9_21

    Chapter  Google Scholar 

  114. mottla. (Concurrently secure) blind Schnorr signature reference circuits. https://github.com/mottla/Blind-Schnorr-Signatures

  115. Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple Schnorr multi-signatures with applications to Bitcoin. Des. Codes Cryptogr. 87(9), 2139–2164 (2019)

    Article  MathSciNet  Google Scholar 

  116. Morita, H., Schuldt, J.C.N., Matsuda, T., Hanaoka, G., Iwata, T.: On the security of the schnorr signature scheme and DSA against related-key attacks. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 20–35. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30840-1_2

    Chapter  Google Scholar 

  117. Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165–172 (1994)

    Article  MathSciNet  Google Scholar 

  118. Nick, J.: Blind signatures in scriptless scripts. Presentation given at Building on Bitcoin, 2019. Slides and video available at https://jonasnick.github.io/blog/2018/07/31/blind-signatures-in-scriptless-scripts/

  119. Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_5

    Chapter  Google Scholar 

  120. Okamoto, T., Ohta, K.: Universal electronic cash. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 324–337. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_27

    Chapter  Google Scholar 

  121. Pearson, L., Fitzgerald, J., Masip, H., Bellés-Muñoz, M., Muñoz-Tapia, J.L.: PlonKup: Reconciling PlonK with plookup. Cryptology ePrint Archive, Report 2022/086 (2022). https://ia.cr/2022/086

  122. Plonkit. A zksnark toolkit to work with circom zkp DSL in plonk proof system. https://github.com/fluidex/plonkit

  123. Poelstra, A.: Mimblewimble (2016). https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.pdf

  124. Pointcheval, D.: Strengthened security for blind signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 391–405. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054141

    Chapter  Google Scholar 

  125. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33

    Chapter  Google Scholar 

  126. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000)

    Article  Google Scholar 

  127. Rodríguez-Henríquez, F., Ortiz-Arroyo, D., García-Zamora, C.: Yet another improvement over the Mu-Varadharajan e-voting protocol. Comput. Stand. Interfaces 29(4), 471–480 (2007)

    Article  Google Scholar 

  128. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22

    Chapter  Google Scholar 

  129. Schnorr, C.P.: Security of blind discrete log signatures against interactive attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1–12. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45600-7_1

    Chapter  Google Scholar 

  130. Setty, S.: Spartan: High-speed zkSNARKs without trusted setup. https://github.com/microsoft/Spartan

  131. Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 704–737. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_25

    Chapter  Google Scholar 

  132. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  133. Setty, S., Lee, J.: Quarks: Quadruple-efficient transparent zkSNARKs. Cryptology ePrint Archive, Report 2020/1275 (2020). https://ia.cr/2020/1275

  134. Silverman, J.H., Stange, K.E.: Amicable pairs and aliquot cycles for elliptic curves. Exp. Math. 20(3), 329–357 (2011)

    Google Scholar 

  135. Sun, H., et al.: The inspection model for zero-knowledge proofs and efficient Zerocash with secp256k1 keys. Cryptology ePrint Archive, Report 022/1079 (2022). https://ia.cr/2022/1079

  136. Tehrani, D., Sankar, L.: The fastest in-browser verification of ECDSA signatures in ZK, using Spartan on the secq256k1 curve. https://github.com/personaelabs/spartan-ecdsa

  137. Tessaro, S., Zhu, C.: Short pairing-free blind signatures with exponential security. In: Dunkelman, O., Dziembowski, S., (eds.) EUROCRYPT 2022, Part II, vol. 13276. LNCS, pp. 782–811. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07085-3_27

  138. Wagner, D.: A Generalized Birthday Problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_19

    Chapter  Google Scholar 

  139. Wahby, R.S., Boneh, D.: Fast and simple constant-time hashing to the BLS12-381 elliptic curve. IACR TCHES 2019(4), 154–179 (2019). https://tches.iacr.org/index.php/TCHES/article/view/8348

  140. Wiki, B.: The op_checksig script opcode. https://en.bitcoin.it/wiki/OP_CHECKSIG

  141. Wuille, P., Nick, J., Ruffing, T.: Schnorr signatures for secp256k1. Bitcoin Improvement Proposal (2020). See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki

  142. Chi-Chih Yao, A.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, November 1982

    Google Scholar 

  143. Zero, P.: Plonky2: Fast recursive arguments with PLONK and FRI. https://github.com/mir-protocol/plonky2

Download references

Acknowledgements

This work has been funded by the Vienna Science and Technology Fund (WWTF) [10.47379/VRG18002]. We would like to thank Tim Ruffing for preliminary discussions and the anonymous reviewers for their helpful comments.

Author information

Authors and Affiliations

  1. TU Wien, Vienna, Austria

    Georg Fuchsbauer & Mathias Wolf

Authors
  1. Georg Fuchsbauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mathias Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georg Fuchsbauer .

Editor information

Editors and Affiliations

  1. Zama, Paris, France

    Marc Joye

  2. Ruhr University Bochum, Bochum, Germany

    Gregor Leander

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fuchsbauer, G., Wolf, M. (2024). Concurrently Secure Blind Schnorr Signatures. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14652. Springer, Cham. https://doi.org/10.1007/978-3-031-58723-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58723-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58722-1

  • Online ISBN: 978-3-031-58723-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships