. Bpi-france, This work was also supported in part by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, vol.780701

L. Adleman and K. Mander, Diophantine complexity, SFCS, pp.81-88, 1976.

M. Ajtai, Generating hard instances of lattice problems (extended abstract), STOC 1996, 1996.

M. Ajtai, Generating hard instances of the short basis problem, ICALP, 1999.

N. Baric and B. Pfitzmann, Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees, 1997.

C. Baum, I. Damgård, S. Oechsner, and C. Peikert, Efficient commitments and zero-knowledge protocols from ring-sis with applications to lattice-based threshold cryptosystems, IACR Cryptology ePrint Archive, p.997, 2016.

S. Bayer and J. Groth, Zero-knowledge argument for polynomial evaluation with application to blacklists, 2013.
DOI : 10.1007/978-3-642-38348-9_38
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-38348-9_38.pdf

M. Bellare and S. Goldwasser, Verifiable partial key escrow, ACM-CCS, 1997.
DOI : 10.1145/266420.266439
URL : http://www-cse.ucsd.edu/users/mihir/papers/vpke.pdf

F. Benhamouda, S. Krenn, V. Lyubashevsky, and K. Pietrzak, Efficient ZeroKnowledge Proofs for Commitments from Learning With Errors over Rings, ESORICS, 2015.
DOI : 10.1007/978-3-319-24174-6_16
URL : https://hal.archives-ouvertes.fr/hal-01214722

F. Boudot, Efficient proofs that a committed number lies in an interval, Eurocrypt, 2000.
DOI : 10.1007/3-540-45539-6_31
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-45539-6_31.pdf

E. Brickell, D. Chaum, I. Damgård, and J. Van-de-graaf, Gradual and verifiable release of a secret, 1988.

P. Camacho, A. Hevia, M. A. Kiwi, and R. Opazo, Strong accumulators from collision-resistant hashing, Int. J. Inf. Sec, vol.11, issue.5, pp.349-363, 2012.
DOI : 10.1007/978-3-540-85886-7_32

J. Camenisch and R. Chaabouni, Efficient protocols for set membership and range proofs, 2008.

J. Camenisch, S. Hohenberger, and A. Lysyanskaya, Compact e-cash, Eurocrypt, 2005.
DOI : 10.1007/11426639_18
URL : https://link.springer.com/content/pdf/10.1007%2F11426639_18.pdf

J. Camenisch and A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, 2001.
DOI : 10.1007/3-540-44987-6_7
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-44987-6_7.pdf

J. Camenisch and A. Lysyanskaya, Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials, 2002.

J. Camenisch and A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, Crypto, 2004.
DOI : 10.1007/978-3-540-28628-8_4
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-28628-8_4.pdf

R. Chaabouni, Enhancing privacy protection: Set membership, range proofs, and the extended access control, EPFL, 2017.

R. Chaabouni, H. Lipmaa, and B. Zhang, A non-interactive range proof with constant communication, Financial Cryptography, 2012.
DOI : 10.1007/978-3-642-32946-3_14
URL : http://infoscience.epfl.ch/record/187349/files/ChaabouniLZ12.pdf

A. Chan, Y. Frankel, and Y. Tsiounis, Easy come-easy go divisible cash, Eurocrypt, 1998.
DOI : 10.1007/bfb0054154
URL : https://link.springer.com/content/pdf/10.1007%2FBFb0054154.pdf

M. Chase, D. Derler, S. Goldfeder, C. Orlandi, S. Ramacher et al., Post-quantum zero-knowledge and signatures from symmetric-key primitives, ACM-CCS, 2017.

G. Couteau, T. Peters, and D. Pointcheval, Removing the strong RSA assumption from arguments over the integers, Eurocrypt, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01471901

I. Damgård and E. Fujisaki, A statistically-hiding integer commitment scheme based on groups with hidden order, 2002.

I. Damgård and M. Jurik, A generalisation, a simplification and some applications of Paillier's probabilistic public-key system, PKC, 2001.

M. Davis, H. Putnam, and J. Robinson, The decision problem for exponential diophantine equations, Annals of Mathematics, pp.425-436, 1961.

S. Eskandarian, E. Messeri, J. Bonneau, and D. Boneh, Certificate transparency with privacy, Privacy Enhancing Technologies, 2017.

E. Fujisaki and T. Okamoto, Statistical zero knowledge protocols to prove modular polynomial relations, Crypto, 1997.

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, STOC, 2008.

E. Ghosh, O. Ohrimenko, and R. Tamassia, Zero-knowledge authenticated order queries and order statistics on a list, ACNS, 2015.

I. Giacomelli, J. Madsen, and C. Orlandi, ZKBoo: faster zero-knowledge for boolean circuits, USENIX Security Symposium, 2016.

S. Goldwasser, Y. T. Kalai, C. Peikert, and V. Vaikuntanathan, Robustness of the learning with errors assumption, ICS 2010, pp.230-240, 2010.

S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof-systems, STOC, 1985.

A. Gonzalez and C. , New techniques for non-interactive shuffle and range arguments, ACNS, 2017.

J. Groth, Evaluating security of voting schemes in the universal composability framework, ACNS, 2004.

J. Groth, Cryptography in subgroups of Z n, TCC, 2005.

J. Groth, Non-interactive zero-knowledge arguments for voting, ACNS, 2005.

J. Groth, Efficient zero-knowledge arguments from two-tiered homomorphic commitments, Asiacrypt, 2011.

Y. Ishai, E. Kushilevitz, R. Ostrovksy, and A. Sahai, Zero-knowledge from secure multiparty computation, STOC, 2007.

A. Jain, S. Krenn, K. Pietrzak, and A. Tentes, Commitments and efficient zeroknowledge proofs from learning parity with noise, 2012.

A. Karatsuba and Y. Ofman, Multiplication of many-digital numbers by automatic computers, Physics-Doklady, vol.7, pp.595-596, 1963.

A. Kawachi, K. Tanaka, and K. Xagawa, Concurrently secure identification schemes based on the worst-case hardness of lattice problems, 2008.

D. E. Knuth, The art of computer programming, Seminumerical Algorithms, vol.II, 1998.

J. Li, N. Li, and R. Xue, Universal accumulators with efficient nonmembership proofs, ACNS, 2007.
DOI : 10.1007/978-3-540-72738-5_17
URL : http://www.cerias.purdue.edu/ssl/techreports-ssl/2007-47.pdf

B. Libert, S. Ling, F. Mouhartem, K. Nguyen, and H. Wang, Zero-knowledge arguments for matrix-vector relations and lattice-based group encryption, 2016.
DOI : 10.1007/978-3-662-53890-6_4
URL : https://hal.archives-ouvertes.fr/hal-01394087

B. Libert, S. Ling, F. Mouhartem, K. Nguyen, and H. Wang, Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions, 2016.
DOI : 10.1007/978-3-662-53890-6_13
URL : https://hal.archives-ouvertes.fr/hal-01267123

B. Libert, S. Ling, K. Nguyen, and H. Wang, Zero-knowledge arguments for latticebased accumulators: Logarithmic-size ring signatures and group signatures without trapdoors, 2016.
DOI : 10.1007/978-3-662-49896-5_1
URL : https://hal.archives-ouvertes.fr/hal-01314642

B. Libert, S. Ling, K. Nguyen, and H. Wang, Zero-knowledge arguments for lattice-based PRFs and applications to e-cash, Asiacrypt, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01621027

B. Libert, T. Peters, and M. Yung, Scalable group signatures with revocation, Eurocrypt, 2012.
DOI : 10.1007/978-3-642-29011-4_36
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-29011-4_36.pdf

S. Ling, K. Nguyen, D. Stehlé, and H. Wang, Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications, PKC 2013, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00767548

H. Lipmaa, On Diophantine complexity and statistical zero-knowledge arguments, Asiacrypt, 2003.
DOI : 10.1007/978-3-540-40061-5_26
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-40061-5_26.pdf

H. Lipmaa, N. Asokan, and V. Niemi, Secure vickrey auctions without threshold trust, Financial Cryptography, 2002.
DOI : 10.1007/3-540-36504-4_7

V. Lyubashevsky, Lattice-Based Identification Schemes Secure Under Active Attacks, PKC, 2008.
DOI : 10.1007/978-3-540-78440-1_10
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-78440-1_10.pdf

V. Lyubashevsky, C. Peikert, and O. Regev, On ideal lattices and learning with errors over rings, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00921792

R. C. Merkle, A Certified Digital Signature, Crypto, 1989.
DOI : 10.1007/0-387-34805-0_21
URL : https://link.springer.com/content/pdf/10.1007%2F0-387-34805-0_21.pdf

D. Micciancio and C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller, Eurocrypt, 2012.
DOI : 10.1007/978-3-642-29011-4_41
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-29011-4_41.pdf

D. Micciancio and C. Peikert, Hardness of SIS and LWE with small parameters, 2013.

D. Micciancio and S. Vadhan, Statistical zero-knowledge proofs with efficient provers: Lattice problems and more, 2003.
DOI : 10.1007/978-3-540-45146-4_17
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-45146-4_17.pdf

T. Nakanishi, H. Fujii, Y. Hira, and N. Funabiki, Revocable group signature schemes with constant costs for signing and verifying, PKC, 2009.

T. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, Crypto, vol.576, pp.129-140, 1991.
DOI : 10.1007/3-540-46766-1_9
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-46766-1_9.pdf

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, STOC, 2005.

J. Stern, A new paradigm for public key identification. Information Theory, IEEE Transactions on, vol.42, issue.6, 1996.

X. Xie, R. Xue, and M. Wang, Zero knowledge proofs from ring-LWE, CANS, 2013.