F. Ver, Parse mvk = (mvk 0 , crs) and set y = (M L , x, t) where x = (mvk 0 , m * ) and t = |x| e L

B. , M. Backes, M. Barbosa, D. Fiore, and R. M. Reischuk, ADSNARK: Nearly practical and privacy-preserving proofs on authenticated data Minimum disclosure proofs of knowledge, 2015 IEEE Symposium on Security and Privacy, pp.271-286156, 1988.

B. Bitansky, R. Canetti, A. Chiesa, S. Goldwasser, H. Lin et al., The Hunting of the SNARK, Journal of Cryptology, vol.39, issue.4, 2014.
DOI : 10.1007/s00145-016-9241-9

B. N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer, From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again, Proceedings of the 3rd Innovations in Theoretical Computer Science Conference on, ITCS '12, pp.326-349, 2012.
DOI : 10.1145/2090236.2090263

B. N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer, Recursive composition and bootstrapping for SNARKS and proof-carrying data, Proceedings of the 45th annual ACM symposium on Symposium on theory of computing, STOC '13, pp.111-120, 2013.
DOI : 10.1145/2488608.2488623

B. Bitansky, A. Chiesa, Y. Ishai, R. Ostrovsky, and O. Paneth, Succinct noninteractive arguments via linear interactive proofs, TCC 2013, pp.315-333, 2013.

B. N. Bitansky, R. Canetti, O. Paneth, and A. Rosen, On the existence of extractable one-way functions, 46th ACM STOC, pp.505-514, 2014.

E. Ben-sasson, A. Chiesa, E. Tromer, and M. Virza, Scalable zero knowledge via cycles of elliptic curves, CRYPTO 2014, pp.276-294, 2014.

D. Boneh and D. Freeman, Homomorphic Signatures for Polynomial Functions, BG08. Boaz Barak and Oded Goldreich. Universal arguments and their applications, pp.149-1681661, 2008.
DOI : 10.1007/978-3-642-20465-4_10

E. Boyle, S. Goldwasser, and I. Ivan, Functional Signatures and Pseudorandom Functions, PKC 2014, pp.501-519, 2014.
DOI : 10.1007/978-3-642-54631-0_29

R. B. Boppana, J. Hastad, and S. Zachos, Does co-NP have short interactive proofs?, Information Processing Letters, vol.25, issue.2, pp.127-132, 1987.
DOI : 10.1016/0020-0190(87)90232-8

E. Boyle and R. Pass, Limits of Extractability Assumptions with Distributional Auxiliary Input, 2015.
DOI : 10.1007/978-3-662-48800-3_10

B. Ben-sasson, A. Chiesa, D. Genkin, E. Tromer, and M. Virza, SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge, CRYPTO 2013, Part II, pp.90-108, 2013.
DOI : 10.1007/978-3-642-40084-1_6

D. Catalano and D. Fiore, Practical Homomorphic MACs for Arithmetic Circuits, EUROCRYPT 2013, pp.336-352, 2013.
DOI : 10.1007/978-3-642-38348-9_21

D. Catalano, D. Fiore, and B. Warinschi, Homomorphic Signatures with Efficient Verification for Polynomial Functions, CRYPTO 2014, pp.371-389, 2014.
DOI : 10.1007/978-3-662-44371-2_21

G. Di, C. , and H. Lipmaa, Succinct NP proofs from an extractability assumption, Logic and Theory of Algorithms, 4th Conference on Computability in Europe Proceedings, pp.175-185, 2008.

A. Delignat-lavaud, C. Fournet, M. Kohlweiss, and B. Parno, Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation, 2016 IEEE Symposium on Security and Privacy (SP), 2016.
DOI : 10.1109/SP.2016.22

G. , R. Gennaro, C. Gentry, B. Parno, and M. Raykova, Quadratic span programs and succinct NIZKs without PCPs, EUROCRYPT 2013, pp.626-645, 2013.

O. Goldreich and J. Håstad, On the complexity of interactive proofs with bounded communication, Information Processing Letters, vol.67, issue.4, pp.205-214, 1998.
DOI : 10.1016/S0020-0190(98)00116-1

S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof Systems, SIAM Journal on Computing, vol.18, issue.1, pp.186-208, 1989.
DOI : 10.1137/0218012

J. Groth, Short Pairing-Based Non-interactive Zero-Knowledge Arguments, ASIACRYPT 2010, pp.321-340, 2010.
DOI : 10.1007/978-3-642-17373-8_19

O. Goldreich, S. Vadhan, and A. Wigderson, On interactive proofs with a laconic prover. computational complexity, pp.1-53, 2002.

S. Gorbunov, V. Vaikuntanathan, and D. Wichs, Leveled Fully Homomorphic Signatures from Standard Lattices, Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC '15, pp.469-477, 2015.
DOI : 10.1145/2746539.2746576

C. Gentry and D. Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, Proceedings of the 43rd annual ACM symposium on Theory of computing, STOC '11, pp.99-108, 2011.
DOI : 10.1145/1993636.1993651

R. Gennaro and D. Wichs, Fully Homomorphic Message Authenticators, ASIACRYPT 2013, Part II, pp.301-320, 2013.
DOI : 10.1007/978-3-642-42045-0_16

S. Hada and T. Tanaka, On the existence of 3-round zero-knowledge protocols, CRYPTO'98, pp.408-423, 1998.
DOI : 10.1007/BFb0055744

J. Kilian, A note on efficient zero-knowledge proofs and arguments (extended abstract), Proceedings of the twenty-fourth annual ACM symposium on Theory of computing , STOC '92, pp.723-732, 1992.
DOI : 10.1145/129712.129782

L. Lamport, Constructing digital signatures from a one-way function, 1979.

H. Lipmaa, Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments, TCC 2012, pp.169-189, 2012.
DOI : 10.1007/978-3-642-28914-9_10

S. Micali, CS proofs (extended abstracts), 35th FOCS, pp.436-453, 1994.

S. Micali, Computationally Sound Proofs, SIAM Journal on Computing, vol.30, issue.4, pp.1253-1298343, 2000.
DOI : 10.1137/S0097539795284959

M. Naor, On cryptographic assumptions and challenges (invited talk), LNCS, vol.2729, pp.96-109, 2003.

A. Naveh and E. Tromer, PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations, 2016 IEEE Symposium on Security and Privacy (SP), pp.2016-89
DOI : 10.1109/SP.2016.23

M. Naor and M. Yung, Universal one-way hash functions and their cryptographic applications, Proceedings of the twenty-first annual ACM symposium on Theory of computing , STOC '89, pp.33-43, 1989.
DOI : 10.1145/73007.73011

B. Parno, J. Howell, C. Gentry, and M. Raykova, Pinocchio, 2013 IEEE Symposium on Security and Privacy, pp.238-252, 2013.
DOI : 10.1145/2856449

J. Rompel, One-way functions are necessary and sufficient for secure signatures, Proceedings of the twenty-second annual ACM symposium on Theory of computing , STOC '90, pp.387-394, 1990.
DOI : 10.1145/100216.100269

P. Valiant, Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency, LNCS, vol.4948, pp.1-18, 2008.
DOI : 10.1007/978-3-540-78524-8_1

H. Wee, On Round-Efficient Argument Systems, LNCS, vol.3580, pp.140-152, 2005.
DOI : 10.1007/11523468_12