References

[ABR01] Michel Abdalla, Mihir Bellare, and Phillip Rogaway. DHIES: An encryption scheme based on the Diffie-Hellman Problem. Manuscript, 2001 (preliminary version in the proceedings of CT-RSA 2001).

[ADR02] Jee Hea An, Yevgeniy Dodis, and Tal Rabin. On the Security of Joint Signature and Encryption. In proceedings of EUROCRYPT 2002.

[AHG23] Diego F. Aranha, Youssef El Housni, and Aurore Guillevic. A survey of elliptic curves for proof systems. In Designs, Codes and Cryptography, 2023.

[ANT+20] Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi, and Yuval Yarom. LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage. In proceedings of ACM CCS 2020.

[BB04] Dan Boneh and Xavier Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles. In proceedings of EUROCRYPT 2004.

[BB08] Dan Boneh and Xavier Boyen. Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups. In Journal of Cryptology, 2008.

[BCCT13] Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data. In proceedings of STOC 2013.

[BCG+14] Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized Anonymous Payments from Bitcoin. In proceedings of IEEE SP 2014.

[BCI+10] Eric Brier, Jean-Sébastien Coron, Thomas Icart, David Madore, Hugues Randriam, and Mehdi Tibouchi. Efficient Indifferentiable Hashing into Ordinary Elliptic Curves. In proceedings of CRYPTO 2010.

[BCM+15] Paulo S. L. M. Barreto, Craig Costello, Rafael Misoczki, Michael Naehrig, Geovandro C. C. F. Pereira, and Gustavo Zanon. Subgroup Security in Pairing-Based Cryptography. In proceedings of Latincrypt 2015.

[BCTV14] Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. Scalable Zero Knowledge via Cycles of Elliptic Curves. In proceedings of CRYPTO 2014.

[BDFG20] Dan Boneh, Justin Drake, Ben Fisch, and Ariel Gabizon. Efficient polynomial commitment schemes for multiple points and polynomials. IACR ePrint report 2020/081, 2020.

[BDN18] Dan Boneh, Manu Drijvers, and Gregory Neven. Compact Multi-signatures for Smaller Blockchains. In proceedings of ASIACRYPT 2018.

[BF03] Dan Boneh and Matthew K. Franklin. Identity-Based Encryption from the Weil Pairing. In SIAM Journal on Computing, 2003.

[BGLS03] Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In proceedings of EUROCRYPT 2003.

[BH19] Joachim Breitner and Nadia Heninger. Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies. In proceedings of FC 2019.

[BL22] Renas Bacho and Julian Loss. On the Adaptive Security of the Threshold BLS Signature Scheme. In proceedings of ACM CCS 2022.

[BLS01] Dan Boneh, Ben Lynn, and Hovav Shacham. Short Signatures from the Weil Pairing. In proceedings of ASIACRYPT 2001.

[BLS04] Dan Boneh, Ben Lynn, and Hovav Shacham. Short Signatures from the Weil Pairing. In Journal of Cryptology, 2004.

[BN05] Paulo S. L. M. Barreto and Michael Naehrig. Pairing-Friendly Elliptic Curves of Prime Order. In proceedings of SAC 2005.

[BN19] Eli Biham and Lior Neumann. Breaking the Bluetooth Pairing - The Fixed Coordinate Invalid Curve Attack. In proceedings of SAC 2019.

[BNN07] Mihir Bellare, Chanathip Namprempre, and Gregory Neven. Unrestricted Aggregate Signatures. In proceedings of ICALP 2007.

[BPW12] David Bernhard, Olivier Pereira, and Bogdan Warinschi. How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios. In proceedings of ASIACRYPT 2012.

[BT04] Jean-Paul Berrut and Lloyd N. Trefethen. Barycentric Lagrange Interpolation. In SIAM Review, 2004.

[CA89] David Chaum and Hans Van Antwerpen. Undeniable Signatures. In proceedings of CRYPTO 1989.

[CF13] Dario Catalano and Dario Fiore. Vector Commitments and Their Applications. In proceedings of PKC 2013.

[CGGM00] Ran Canetti, Oded Goldreich, Shafi Goldwasser, and Silvio Micali. Resettable Zero-Knowledge. In proceedings of STOC 2000.

[Che10] Jung Hee Cheon. Discrete Logarithm Problems with Auxiliary Inputs. In Journal of Cryptology, 2010.

[CHKM10] Sanjit Chatterjee, Darrel Hankerson, Edward Knapp, and Alfred Menezes. Comparing two pairing-based aggregate signature schemes. In Designs, Codes and Cryptography, 2010.

[CJ19] Cas Cremers and Dennis Jackson. Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman. In proceedings of IEEE CSF 2019.

[CM09] Sanjit Chatterjee and Alfred Menezes. On Cryptographic Protocols Employing Asymmetric Pairings - The Role of $\Psi$ Revisited. IACR ePrint report 2009/480, 2009.

[DMWG23] Quang Dao, Jim Miller, Opal Wright, and Paul Grubbs. Weak Fiat-Shamir Attacks on Modern Proof Systems. In proceedings of IEEE SP 2023.

[FKL18] Georg Fuchsbauer, Eike Kiltz, and Julian Loss. The Algebraic Group Model and its Applications. In proceedings of CRYPTO 2018.

[GKR+21] Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In proceedings of USENIX Security 2021.

[GPS08] Steven D. Galbraith, Kenneth G. Paterson, and Nigel P. Smart. Pairings for cryptographers. In Discrete Applied Mathematics, 2008.

[Gro16] Jens Groth. On the Size of Pairing-Based Non-interactive Arguments. In proceedings of EUROCRYPT 2016.

[GWC19] Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru. PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge. IACR ePrint report 2019/953, 2019.

[Ham15] Mike Hamburg. Decaf: Eliminating Cofactors Through Point Compression. In proceedings of CRYPTO 2015.

[HGP22] Youssef El Housni, Aurore Guillevic, and Thomas Piellard. Co-factor Clearing and Subgroup Membership Testing on Pairing-Friendly Curves. In proceedings of AFRICACRYPT 2022.

[HLPT20] Thomas Haines, and Sarah Jamie Lewis, and Olivier Pereira, and Vanessa Teague. How not to prove your election outcome. In proceedings of IEEE SP 2020.

[Jou00] Antoine Joux. A One Round Protocol for Tripartite Diffie-Hellman. In proceedings of ANTS 2000.

[JSS15] Tibor Jager, Jörg Schwenk, and Juraj Somorovsky. Practical Invalid Curve Attacks on TLS-ECDH. In proceedings of ESORICS 2015.

[KZG10a] Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. Constant-Size Commitments to Polynomials and Their Applications. In proceedings of ASIACRYPT 2010.

[KZG10b] Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. Polynomial Commitments. Full version of [KZG10a].

[Lip10] Helger Lipmaa. Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments. In proceedings of TCC 2012.

[LL97] Chae Hoon Lim and Pil Joong Lee. A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup. In proceedings of CRYPTO 1997.

[LQ04] Benoît Libert and Jean-Jacques Quisquater. Efficient Signcryption with Key Privacy from Gap Diffie-Hellman Groups. In proceedings of PKC 2004.

[MOV91] Alfred Menezes, Tatsuaki Okamoto, and Scott A. Vanstone. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. In proceedings of STOC 1991.

[NRBB22] Valeria Nikolaenko, Sam Ragsdale, Joseph Bonneau, and Dan Boneh. Powers-of-Tau to the People: Decentralizing Setup Ceremonies. IACR ePrint report 2022/1592, 2022.

[Ped91] Torben P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In proceedings of CRYPTO 1991.

[PST13] Charalampos Papamanthou, Elaine Shi, and Roberto Tamassia. Signatures of Correct Computation. In proceedings of TCC 2013.

[Qua21] Nguyen Thoi Minh Quan. 0. IACR ePrint report 2021/323, 2021.

[Rot22] Lior Rotem . Revisiting the Uber Assumption in the Algebraic Group Model: Fine-Grained Bounds in Hidden-Order Groups and Improved Reductions in Bilinear Groups. In proceedings of ITC 2022.

[RY07] Thomas Ristenpart and Scott Yilek. The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks. In proceedings of EUROCRYPT 2007.

[SV07] Nigel P. Smart and Frederik Vercauteren. On computable isomorphisms in efficient asymmetric pairing-based systems. In Discrete Applied Mathematics, 2007.

[VAS+17] Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, and Nadia Heninger. Measuring small subgroup attacks against Diffie-Hellman. In proceedings of NDSS 2017.

[WB19] Riad S. Wahby and Dan Boneh. Fast and simple constant-time hashing to the BLS12-381 elliptic curve. IACR ePrint report 2019/403, 2019.