S. Agrawal, D. Boneh, and X. Boyen, Efficient Lattice (H)IBE in the Standard Model, EUROCRYPT 2010, pp.553-572, 2010.
DOI : 10.1007/978-3-642-13190-5_28

C. Aguilar-melchor, S. Bettaieb, X. Boyen, L. Fousse, and P. Gaborit, Adapting Lyubashevsky???s Signature Schemes to the Ring Signature Setting, AFRICACRYPT 2013, pp.1-25, 2013.
DOI : 10.1007/978-3-642-38553-7_1

L. E. Aimani and M. Joye, Toward Practical Group Encryption, ACNS 2013, pp.237-252, 2013.
DOI : 10.1007/978-3-642-38980-1_15

M. Ajtai, Generating Hard Instances of the Short Basis Problem, LNCS, vol.1644, pp.1-9, 1999.
DOI : 10.1007/3-540-48523-6_1

J. Alwen and C. Peikert, Generating Shorter Bases for Hard Random Lattices, STACS 2009 of LIPIcs Schloss Dagstuhl -Leibniz-Zentrum fuer Informatik, pp.75-86, 2009.
DOI : 10.1007/s00224-010-9278-3

URL : https://hal.archives-ouvertes.fr/inria-00359718

W. Banaszczyk, New bounds in some transference theorems in the geometry of numbers, Mathematische Annalen, vol.68, issue.1, pp.625-635, 1993.
DOI : 10.1007/BF01445125

M. Bellare, A. Boldyreva, A. Desai, and D. Pointcheval, Key-Privacy in Public-Key Encryption, ASIACRYPT 2001, pp.566-582, 2001.
DOI : 10.1007/3-540-45682-1_33

M. Bellare and P. Rogaway, Random oracles are practical, Proceedings of the 1st ACM conference on Computer and communications security , CCS '93, pp.62-73, 1993.
DOI : 10.1145/168588.168596

F. Benhamouda, J. Camenisch, S. Krenn, V. Lyubashevsky, and G. Neven, Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures, ASIACRYPT 2014, number 8873 in LNCS, pp.551-572, 2014.
DOI : 10.1007/978-3-662-45611-8_29

URL : https://hal.archives-ouvertes.fr/hal-01084737

F. Benhamouda, S. Krenn, V. Lyubashevsky, and K. Pietrzak, Efficient zeroknowledge proofs for commitments from learning with errors over rings, ES- ORICS 2015, pp.305-325, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01214722

F. Böhl, D. Hofheinz, T. Jager, J. Koch, and C. Striecks, Confined Guessing: New Signatures From Standard Assumptions, Journal of Cryptology, vol.28, issue.1, pp.176-208, 2015.
DOI : 10.1007/s00145-014-9183-z

D. Boneh and X. Boyen, Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles, EUROCRYPT 2004, pp.223-238, 2004.
DOI : 10.1007/978-3-540-24676-3_14

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.5446

X. Boyen, Lattice Mixing and Vanishing Trapdoors: A Framework for Fully Secure Short Signatures and More, PKC 2010, pp.499-517, 2010.
DOI : 10.1007/978-3-642-13013-7_29

Z. Brakerski, A. Langlois, C. Peikert, O. Regev, and D. Stehlé, Classical hardness of learning with errors, Proceedings of the 45th annual ACM symposium on Symposium on theory of computing, STOC '13, pp.575-584, 2013.
DOI : 10.1145/2488608.2488680

URL : https://hal.archives-ouvertes.fr/hal-00922194

J. Camenisch and A. Lysyanskaya, A Signature Scheme with Efficient Protocols, SCN 2002, number 2576 in LNCS, pp.268-289, 2002.
DOI : 10.1007/3-540-36413-7_20

R. Canetti, S. Halevi, and J. Katz, Chosen-ciphertext security from identitybased encryption, EUROCRYPT 2004, pp.207-222, 2004.

D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, Bonsai trees, or how to delegate a lattice basis, EUROCRYPT 2010, pp.523-552, 2010.

J. Cathalo, B. Libert, and M. Yung, Group Encryption: Non-interactive Realization in the Standard Model, ASIACRYPT 2009, pp.179-196, 2009.
DOI : 10.1007/978-3-642-10366-7_11

D. Chaum and E. Van-heyst, Group Signatures, EUROCRYPT 1991, pp.257-265, 1991.
DOI : 10.1007/3-540-46416-6_22

I. Damgård, Efficient Concurrent Zero-Knowledge in the Auxiliary String Model, EUROCRYPT, pp.418-430, 2000.
DOI : 10.1007/3-540-45539-6_30

M. F. Ezerman, H. T. Lee, S. Ling, K. Nguyen, and H. Wang, A Provably Secure Group Signature Scheme from Code-Based Assumptions, ASIACRYPT 2015, pp.260-285, 2015.
DOI : 10.1007/978-3-662-48797-6_12

A. Fiat and A. Shamir, How To Prove Yourself: Practical Solutions to Identification and Signature Problems, CRYPTO 1986, pp.186-194, 1987.
DOI : 10.1007/3-540-47721-7_12

C. Gentry, Fully homomorphic encryption using ideal lattices, Proceedings of the 41st annual ACM symposium on Symposium on theory of computing, STOC '09, pp.169-178, 2009.
DOI : 10.1145/1536414.1536440

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.362.7592

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, Proceedings of the fourtieth annual ACM symposium on Theory of computing, STOC 08, pp.197-206, 2008.
DOI : 10.1145/1374376.1374407

O. Goldreich, S. Goldwasser, and S. Halevi, Collision-Free Hashing from Lattice Problems, ECCC, vol.9, issue.4, 1996.
DOI : 10.1016/0196-6774(88)90004-1

S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof-systems, STOC 1985, pp.291-304, 1985.

S. Gorbunov, V. Vaikuntanathan, and H. Wee, Predicate Encryption for Circuits from LWE, CRYPTO 2015, number 9216 in LNCS, pp.503-523, 2015.
DOI : 10.1007/978-3-662-48000-7_25

URL : https://hal.archives-ouvertes.fr/hal-01220191

S. D. Gordon, J. Katz, and V. Vaikuntanathan, A Group Signature Scheme from Lattice Assumptions, ASIACRYPT 2010, pp.395-412, 2010.
DOI : 10.1007/978-3-642-17373-8_23

J. Groth and A. Sahai, Efficient Non-interactive Proof Systems for Bilinear Groups, EUROCRYPT, pp.415-432, 2008.
DOI : 10.1007/978-3-540-78967-3_24

M. Izabachène, D. Pointcheval, and D. Vergnaud, Mediated Traceable Anonymous Encryption, LATINCRYPT 2010, pp.40-60, 2010.
DOI : 10.1007/978-3-642-14712-8_3

A. Jain, S. Krenn, K. Pietrzak, and A. Tentes, Commitments and efficient zeroknowledge proofs from learning parity with noise, ASIACRYPT 2012, pp.663-680, 2012.

A. Kawachi, K. Tanaka, and K. Xagawa, Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems, ASIACRYPT 2008, pp.372-389, 2008.
DOI : 10.1007/978-3-540-30144-8_28

A. Kiayias, Y. Tsiounis, and M. Yung, Traceable Signatures, EUROCRYPT 2004, pp.571-589, 2004.
DOI : 10.1007/978-3-540-24676-3_34

A. Kiayias, Y. Tsiounis, and M. Yung, Group Encryption, ASIACRYPT 2007, number 4833 in LNCS, pp.181-199, 2007.
DOI : 10.1007/978-3-540-76900-2_11

A. Kiayias and M. Yung, Group Signatures with Efficient Concurrent Join, EUROCRYPT 2005, number 3494 in LNCS, pp.198-214, 2005.
DOI : 10.1007/11426639_12

F. Laguillaumie, A. Langlois, B. Libert, and D. Stehlé, Lattice-Based Group Signatures with Logarithmic Signature Size, ASIACRYPT 2013, pp.41-61, 2013.
DOI : 10.1007/978-3-642-42045-0_3

URL : https://hal.archives-ouvertes.fr/hal-00920420

A. Langlois, S. Ling, K. Nguyen, and H. Wang, Lattice-Based Group Signature Scheme with Verifier-Local Revocation, PKC 2014, pp.345-361, 2014.
DOI : 10.1007/978-3-642-54631-0_20

URL : https://hal.archives-ouvertes.fr/hal-00983084

B. Libert, S. Ling, F. Mouhartem, K. Nguyen, and H. Wang, Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions, ASIACRYPT 2016, 2016.
DOI : 10.1007/978-3-319-02937-5_4

URL : https://hal.archives-ouvertes.fr/hal-01267123

B. Libert, S. Ling, K. Nguyen, and H. Wang, Zero-knowledge arguments for latticebased accumulators: Logarithmic-size ring signatures and group signatures without trapdoors, EUROCRYPT 2016, pp.1-31, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01314642

B. Libert, M. Yung, M. Joye, and T. Peters, Traceable Group Encryption, PKC 2014, pp.592-610, 2014.
DOI : 10.1007/978-3-642-54631-0_34

S. Ling, K. Nguyen, D. Stehlé, and H. Wang, Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications, PKC 2013, pp.107-124, 2013.
DOI : 10.1007/978-3-642-36362-7_8

URL : https://hal.archives-ouvertes.fr/hal-00767548

S. Ling, K. Nguyen, and H. Wang, Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based, PKC 2015, pp.427-449, 2015.
DOI : 10.1007/978-3-662-46447-2_19

V. Lyubashevsky, Lattice-Based Identification Schemes Secure Under Active Attacks, PKC, pp.162-179, 2008.
DOI : 10.1007/978-3-540-78440-1_10

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.128.3518

D. Micciancio and C. Peikert, Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, EUROCRYPT 2012, pp.700-718, 2012.
DOI : 10.1007/978-3-642-29011-4_41

D. Micciancio and S. Vadhan, Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More, CRYPTO 2003, pp.282-298, 2003.
DOI : 10.1007/978-3-540-45146-4_17

P. Q. Nguyen, J. Zhang, and Z. Zhang, Simpler Efficient Group Signatures from Lattices, PKC 2015, pp.401-426, 2015.
DOI : 10.1007/978-3-662-46447-2_18

URL : https://hal.archives-ouvertes.fr/hal-01256013

P. Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999, number 1592 in LNCS, pp.223-238, 1999.
DOI : 10.1007/3-540-48910-X_16

C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem, Proceedings of the 41st annual ACM symposium on Symposium on theory of computing, STOC '09, pp.333-342, 2009.
DOI : 10.1145/1536414.1536461

C. Peikert and V. Vaikuntanathan, Non-interactive statistical zero-knowledge proofs for lattice problems, CRYPTO 2008, pp.536-553, 2008.

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, STOC 2005, pp.84-93, 2005.

M. Rückert, Lattice-Based Blind Signatures, ASIACRYPT 2010, pp.413-430, 2010.
DOI : 10.1007/978-3-642-17373-8_24

C. Schnorr, Efficient Identification and Signatures for Smart Cards, CRYPTO 1989, pp.239-252, 1989.

J. Stern, A new paradigm for public key identification. Information Theory, IEEE Transactions on, vol.42, issue.6, pp.1757-1768, 1996.

M. Trolin and D. Wikström, Hierarchical Group Signatures, ICALP 2005, pp.446-458, 2005.
DOI : 10.1007/11523468_37

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.58.8038

X. Xie, R. Xue, and M. Wang, Zero Knowledge Proofs from Ring-LWE, CANS 2013, p.5773, 2013.
DOI : 10.1007/978-3-319-02937-5_4

A. Building-blocks and A. , 1 Signatures Supporting Zero-Knowledge Proofs We use a signature scheme proposed by Libert, Ling, Mouhartem, Nguyen and Wang [38] who extended the Böhl et al. signature [11] (which is itself built upon Boyen's signature [13]) into a signature scheme compatible with zero-knowledge proofs. While the scheme was designed to sign messages comprised of multiple blocks