, Hence, if the improved Jutla-Roy construction [153] is plugged into the high-level construction of [175], the signature length reduces to 5 group elements under the DLIN assumption and 3 elements under the SXDH assumption. The QA-NIZK proofs of [153] thus provide our construction with as short signatures as those of Blazy, Kiltz and Pan [36] with the benefit of shorter private keys. Finally, together with Marc Joye and Moti Yung [174], we used our LHSPS systems to design (albeit in a non-generic manner) fully distributed non-interactive adaptively secure threshold signatures with round-optimal key generation. We expect our LHSPS primitive to find other applications in the future. For example, Catalano, Marcedone and Puglisi [79] recently used them to devise linearly homomorphic signatures which can operate in online/offline mode, Constructions of Non-Malleable Primitives from Structure-Preserving Cryptography gument of linear subspace membership, vol.106

M. Abdalla, F. B. Hamouda, and D. Pointcheval, Disjunctions for hash proof systems: New constructions and applications. Cryptology ePrint Archive, vol.483, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01068420

M. Abe, M. Chase, B. David, M. Kohlweiss, R. Nishimaki et al., Constantsize structure-preserving signatures: Generic constructions and simple assumptions, Wang and Sako, vol.247, pp.4-24

M. Abe, B. David, M. Kohlweiss, R. Nishimaki, and M. Ohkubo, Tagged one-time signatures: Tight security and optimal tag size, Kurosawa and Hanaoka, vol.165, pp.312-331

M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo, Structurepreserving signatures and commitments to group elements, Advances in Cryptology -CRYPTO 2010, vol.6223, pp.209-236, 2010.

M. Abe, J. Groth, K. Haralambiev, and M. Ohkubo, Optimal structure-preserving signatures in asymmetric bilinear groups, Lecture Notes in Computer Science, vol.6841, pp.649-666, 2011.

M. Abe, K. Haralambiev, and M. Ohkubo, Signing on elements in bilinear groups for modular protocol design, IACR Cryptology ePrint Archive, p.133, 2010.

M. Abe, K. Haralambiev, and M. Ohkubo, Group to group commitments do not shrink, Pointcheval and Johansson, vol.220, pp.301-317

T. Acar and L. Nguyen, Revocation for delegatable anonymous credentials, Catalano, vol.80, pp.423-440

S. Agrawal, D. Boneh, and X. Boyen, Efficient lattice (H)IBE in the standard model, EUROCRYPT, pp.553-572, 2010.

S. Agrawal, D. Boneh, and X. Boyen, Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE, CRYPTO, 2010.

J. Ahn, D. Boneh, J. Camenisch, S. Hohenberger, A. Shelat et al., Computing on authenticated data, pp.1-20

J. An, Y. Dodis, and T. Rabin, On the security of join signature and encryption, pp.83-107

G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner et al., Provable data possession at untrusted stores, vol.212, pp.598-609

G. Ateniese, J. Camenisch, S. Hohenberger, and B. De-medeiros, Practical group signatures without random oracles, IACR Cryptology ePrint Archive, p.385, 2005.

G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, A practical and provably secure coalition-resistant group signature scheme, CRYPTO'00, pp.255-270, 2000.

G. Ateniese, S. Kamara, and J. Katz, Proofs of storage from homomorphic identification protocols, pp.319-333

G. Ateniese, D. Song, and G. Tsudik, Quasi-efficient revocation in group signatures, Financial Cryptography, pp.183-197, 2002.

, Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004.

N. Attrapadung, Dual system encryption via doubly selective security: Framework, fully secure functional encryption for regular languages, and more, pp.557-577

N. Attrapadung, K. Emura, G. Hanaoka, and Y. Sakai, A revocable group signature scheme from identity-based revocation techniques: Achieving constant-size revocation list, Applied Cryptography and Network Security (ACNS'14), pp.419-437, 2014.

N. Attrapadung, F. Laguillaumie, J. Herranz, B. Libert, E. De-panafieu et al., Attribute-based encryption schemes with constant-size ciphertexts, Theoretical Computer Science, issue.422, pp.15-38, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00763158

N. Attrapadung and B. Libert, Functional encryption for inner product: Achieving constant-size ciphertexts with adaptive security or support for negation, Public Key Cryptography, pp.384-402, 2010.

N. Attrapadung and B. Libert, Homomorphic network coding signatures in the standard model, vol.80, pp.17-34

N. Attrapadung, B. Libert, and E. De-panafieu, Expressive key policy attribute-based encryption with constant-size ciphertexts, Public Key Cryptography, pp.90-108, 2011.

N. Attrapadung, B. Libert, and T. Peters, Computing on authenticated data: New privacy definitions and constructions, Wang and Sako, vol.247, pp.367-385
URL : https://hal.archives-ouvertes.fr/hal-00730665

N. Attrapadung, B. Libert, and T. Peters, Efficient completely context-hiding quotable and linearly homomorphic signatures, Kurosawa and Hanaoka, vol.165, pp.386-404

P. Barreto, B. Libert, N. Mccullagh, and J. Quisquater, Efficient and provably secure identity-based signatures and signcryption from bilinear maps, ASIACRYPT, pp.515-532, 2005.

M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya et al., Randomizable proofs and delegatable anonymous credentials, pp.108-125

M. Belenkiy, M. Chase, M. Kohlweiss, and A. Lysyanskaya, P-signatures and noninteractive anonymous credentials, Lecture Notes in Computer Science, vol.4948, pp.356-374, 2008.

M. Bellare, A. Boldyreva, and S. Micali, Public-key encryption in a multi-user setting: Security proofs and improvements, EUROCRYPT, pp.259-274, 2000.

M. Bellare, D. Micciancio, and B. Warinschi, Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions, EUROCRYPT 2003, vol.2656, pp.614-629, 2003.

M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, ACM Conference on Computer and Communications Security, pp.62-73, 1993.

M. Bellare, H. Shi, and C. Zhang, Foundations of group signatures: The case of dynamic groups, CT-RSA 2005, vol.3376, pp.136-153, 2005.

J. Benaloh and M. De-mare, One-way accumulators: A decentralized alternative to digital sinatures, EUROCRYPT, pp.274-285, 1993.

M. Blaze, G. Bleumer, and M. Strauss, Divertible protocols and atomic proxy cryptography, EUROCRYPT, pp.127-144, 1998.

O. Blazy, E. Kiltz, and J. Pan, (hierarchical) identity-based encryption from affine message authentication, CRYPTO, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01239920

M. Blum, A. Santis, S. Micali, and G. Persiano, Noninteractive zero-knowledge, SIAM J. Comput, vol.20, issue.6, pp.1084-1118, 1991.

M. Blum, P. Feldman, and S. Micali, Non-interactive zero-knowledge and its applications (extended abstract), STOC, pp.103-112, 1988.

A. Boldyreva, M. Fischlin, A. Palacio, and B. Warinschi, A closer look at PKI: Security and efficiency, vol.80, pp.458-475

D. Boneh and X. Boyen, Efficient selective-ID secure identity-based encryption without random oracles, Cachin and Camenisch, vol.60, pp.223-238

D. Boneh and X. Boyen, Short signatures without random oracles, Cachin and Camenisch, vol.60, pp.56-73

D. Boneh and X. Boyen, Short signatures without random oracles and the SDH assumption in bilinear groups, J. Cryptology, vol.21, issue.2, pp.149-177, 2008.

D. Boneh, X. Boyen, and E. Goh, Hierarchical identity based encryption with constant size ciphertext, pp.440-456

D. Boneh, X. Boyen, and H. Shacham, Short group signatures, pp.41-55

D. Boneh and M. Franklin, Identity-based encryption from the weil pairing, pp.213-229

D. Boneh and D. Freeman, Homomorphic signatures for polynomial functions, pp.149-168

D. Boneh and D. Freeman, Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures, vol.80, pp.1-16

D. Boneh, D. Freeman, J. Katz, and B. Waters, Signing a linear subspace: Signature schemes for network coding, Jarecki and Tsudik, vol.147, pp.68-87

D. Boneh, C. Gentry, and B. Waters, Collusion resistant broadcast encryption with short ciphertexts and private keys, Lecture Notes in Computer Science, vol.3621, pp.258-275, 2005.

D. Boneh, A. Sahai, and B. Waters, Functional encryption: Definitions and challenges, TCC, pp.253-273, 2011.

D. Boneh, G. Segev, and B. Waters, Targeted malleability: homomorphic encryption for restricted computations, pp.350-366, 2012.

D. Boneh and H. Shacham, Group signatures with verifier-local revocation, vol.18, pp.168-177

, Advances in Cryptology -CRYPTO 2003, 23rd Annual International Cryptology Conference, vol.2729, 2003.

X. Boyen and C. Delerablée, Expressive subgroup signatures, SCN, pp.185-200, 2008.

X. Boyen and B. Waters, Compact group signatures without random oracles, pp.427-444

X. Boyen and B. Waters, Full-domain subgroup hiding and constant-size group signatures, PKC 2007, vol.4450, pp.1-15, 2007.

E. Bresson and J. Stern, Efficient revocation in group signatures, Public Key Cryptography, pp.190-206, 2001.

E. Brickell, An efficient protocol for anonymously providing assurance of the container of the private key, Submission to the Trusted Computing Group, 2003.

E. Brickell, J. Camenisch, and L. Chen, Direct anonymous attestation, vol.18, pp.132-145

C. Cachin and J. Camenisch, Advances in Cryptology -EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques, vol.3027, 2004.

J. Camenisch, R. Chaabouni, and A. Shelat, Efficient protocols for set membership and range proofs, pp.234-252

J. Camenisch, N. Chandran, and V. Shoup, A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks, pp.351-368

J. Camenisch, M. Dubovitskaya, and K. Haralambiev, Efficient structure-preserving signature scheme from standard assumptions, SCN, pp.76-94, 2012.

J. Camenisch, T. Groß, and T. Heydt-benjamin, Rethinking accountable privacy supporting services: extended abstract, Digital Identity Management, pp.1-8, 2008.

J. Camenisch, K. Haralambiev, M. Kohlweiss, J. Lapon, and V. Naessens, Structure preserving CCA secure encryption and applications, vol.168, pp.89-106

J. Camenisch, M. Kohlweiss, and C. Soriente, An accumulator based on bilinear maps and efficient revocation for anonymous credentials, Jarecki and Tsudik, vol.147, pp.481-500

J. Camenisch, M. Kohlweiss, and C. Soriente, Solving revocation with efficient update of anonymous credentials, SCN, pp.454-471, 2010.

J. Camenisch and A. Lysyanskaya, Dynamic accumulators and application to efficient revocation of anonymous credentials, pp.61-76

J. Camenisch, G. Neven, and M. Rückert, Fully anonymous attribute tokens from lattices, SCN, pp.57-75, 2012.

R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, FOCS, pp.136-145, 2001.

R. Canetti and M. Fischlin, Universally composable commitments, pp.19-40

R. Canetti, O. Goldreich, and S. Halevi, The random oracle methodology, revisited (preliminary version), pp.209-218

R. Canetti and J. A. Garay, Advances in Cryptology -CRYPTO 2013 -33rd Annual Cryptology Conference, vol.8043, 2013.

D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, Bonsai trees, or how to delegate a lattice basis

D. Catalano and D. Fiore, Vector commitments and their applications, Kurosawa and Hanaoka, vol.165, pp.55-72

D. Catalano, D. Fiore, and M. Messina, Zero-knowledge sets with short proofs, pp.433-450
URL : https://hal.archives-ouvertes.fr/hal-01110386

D. Catalano, D. Fiore, and B. Warinschi, Adaptive pseudo-free groups and applications, pp.207-223
URL : https://hal.archives-ouvertes.fr/hal-01110376

D. Catalano, D. Fiore, and B. Warinschi, Efficient network coding signatures in the standard model, vol.109, pp.680-696

D. Catalano, O. Marcedone, and . Puglisi, Authenticating computation on groups: New homomorphic primitives and applications, ASIACRYPT (2), pp.193-212, 2014.

D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi, Public Key Cryptography -PKC 2011 -14th International Conference on Practice and Theory in Public Key Cryptography, vol.6571, 2011.

J. Cathalo, B. Libert, and M. Yung, Group encryption: Non-interactive realization in the standard model, pp.179-196

M. Chase and M. Kohlweiss, A new hash-and-sign approach and structure-preserving signatures from dlin, SCN, pp.131-148, 2012.

M. Chase, M. Kohlweiss, A. Lysyanskaya, and S. Meiklejohn, Malleable proof systems and applications, Pointcheval and Johansson, vol.220, pp.281-300

M. Chase, M. Kohlweiss, A. Lysyanskaya, and S. Meiklejohn, Verifiable elections that scale for free, Pointcheval and Johansson, vol.220, pp.479-496

D. Chaum and E. Van-heyst, Group signatures, EUROCRYPT, pp.257-265, 1991.

J. Chen and H. Wee, Fully, (almost) tightly secure IBE from standard assumptions, Canetti and Garay, vol.73, pp.435-460

J. Chen and H. Wee, Dual system groups and its applications -compact HIBE and more. Cryptology ePrint Archive, vol.265, 2014.

R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Lecture Notes in Computer Science, vol.1462, pp.13-25, 1998.

R. Cramer and V. Shoup, Signature schemes based on the strong rsa assumption, ACM-CCS, pp.46-51, 1999.

R. Cramer and V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, pp.45-64

, Advances in Cryptology -EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.3494, 2005.

, Theory of Cryptography -9th Theory of Cryptography Conference, TCC 2012, vol.7194, 2012.

G. D. Crescenzo, Y. Ishai, and R. Ostrovsky, Non-interactive and non-malleable commitment, pp.141-150

I. Damgård and J. Groth, Non-interactive and reusable non-malleable commitment schemes, STOC, pp.426-437, 2003.

C. Delerablée and D. , Dynamic fully anonymous short group signatures, VIETCRYPT, pp.193-210, 2006.

Y. Desmedt, Society and group oriented cryptography: A new concept, Lecture Notes in Computer Science, vol.293, pp.120-127, 1987.

Y. Desmedt, Computer security by redefining what a computer is, NSPW, pp.160-166, 1993.

Y. Desmedt and Y. Frankel, Threshold cryptosystems, Lecture Notes in Computer Science, vol.435, pp.307-315, 1989.

Y. Dodis and N. Fazio, Public key broadcast encryption for stateless receivers, Digital Rights Management Workshop, vol.2696, pp.61-80, 2002.

Y. Dodis, V. Shoup, and S. Walfish, Efficient constructions of composable commitments and zero-knowledge proofs, pp.515-535

D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography (extended abstract), STOC, pp.542-552, 1991.

D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography, SIAM Journal on Computing, vol.30, issue.2, pp.391-437, 2000.

T. , A public-key cryptosystem and a signature scheme based on discrete logarithms, CRYPTO, pp.10-18, 1984.

K. Emura, G. Hanaoka, G. Ohtake, T. Matsuda, and S. Yamada, Chosen ciphertext secure keyed-homomorphic public-key encryption, Kurosawa and Hanaoka, vol.165, pp.32-50

A. Escala, G. Herold, E. Kiltz, C. Ràfols, and J. L. Villar, An algebraic framework for diffie-hellman assumptions, Canetti and Garay, vol.73, pp.129-147

S. Even, O. Goldreich, and S. Micali, On-line/off-line digital schemes, CRYPTO, pp.263-275, 1989.

A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Lecture Notes in Computer Science, vol.263, pp.186-194, 1986.

M. Fischlin, B. Libert, and M. Manulis, Non-interactive and re-usable universally composable string commitments with adaptive security, vol.168, pp.468-485

, Public Key Cryptography -PKC 2012 -15th International Conference on Practice and Theory in Public Key Cryptography, vol.7293, 2012.

, 24th Annual International CryptologyConference, vol.3152, 2004.

D. Freeman, Improved security for linearly homomorphic signatures: A generic framework, vol.109, pp.697-714

G. Fuchsbauer, Automorphic signatures in bilinear groups and an application to round-optimal blind signatures, IACR Cryptology ePrint Archive, p.320, 2009.

G. Fuchsbauer and D. , Encrypting proofs on pairings and its application to anonymity for signatures, Pairing, pp.132-149, 2009.

E. Fujisaki, New constructions of efficient simulation-sound commitments using encryption and their applications, Lecture Notes in Computer Science, vol.7178, pp.136-155, 2012.

S. D. Galbraith, K. G. Paterson, and N. P. Smart, Pairings for cryptographers, Discrete Appl. Math, vol.156, issue.16, 2008.

J. Garay, P. Mackenzie, and K. Yang, Strengthening zero-knowledge protocols using signatures, Lecture Notes in Computer Science, vol.2656, pp.177-194, 2003.

J. A. Garay, A. Miyaji, and A. Otsuka, Cryptology and Network Security, 8th International Conference, vol.5888, 2009.

R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, pp.220-236

R. Gennaro, C. Gentry, and B. Parno, Non-interactive verifiable computing: Outsourcing computation to untrusted workers, pp.465-482

R. Gennaro, J. Katz, H. Krawczyk, and T. Rabin, Secure network coding over the integers, Lecture Notes in Computer Science, vol.6056, pp.142-160, 2010.

R. Gennaro and S. Micali, Independent zero-knowledge sets, Lecture Notes in Computer Science, vol.4052, issue.2, pp.34-45, 2006.

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, STOC, pp.197-206, 2008.

C. Gentry and A. Silverberg, Hierarchical ID-based cryptography, Lecture Notes in Computer Science, vol.2501, pp.548-566, 2002.

C. Gentry and B. Waters, Adaptive security in broadcast encryption systems (with short ciphertexts), pp.171-188

, Advances in Cryptology -EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.6110, 2010.

O. Goldreich, S. Micali, and A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, FOCS, pp.174-187, 1986.

S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems, STOC, pp.291-304, 1985.

S. Goldwasser and Y. Tauman, On the (in)security of the Fiat-Shamir paradigm, FOCS, pp.102-113, 2003.

S. D. Gordon, J. Katz, and V. Vaikuntanathan, A group signature scheme from lattice assumptions, Lecture Notes in Computer Science, vol.6477, pp.395-412, 2010.

V. Goyal, Reducing trust in the PKG in identity-based cryptosystems, CRYPTO, pp.430-447, 2007.

V. Goyal, S. Lu, A. Sahai, and B. Waters, Black-box accountable authority identitybased encryption, vol.213, pp.427-436

V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for finegrained access control of encrypted data, ACM Conference on Computer and Communications Security, pp.195-203, 2006.

J. Groth, Simulation-sound NIZK proofs for a practical language and constant size group signatures, Lecture Notes in Computer Science, vol.4284, pp.444-459, 2006.

J. Groth, Fully anonymous group signatures without random oracles, pp.164-180

J. Groth, Homomorphic trapdoor commitments to group elements, IACR Cryptology ePrint Archive, 2009.

J. Groth, R. Ostrovsky, and A. Sahai, Non-interactive Zaps and new techniques for NIZK, pp.97-111

J. Groth, R. Ostrovsky, and A. Sahai, Perfect non-interactive zero knowledge for NP, pp.339-358

J. Groth and A. Sahai, Efficient non-interactive proof systems for bilinear groups, pp.415-432

, Proceedings, Advances in Cryptology -CRYPTO 2009, 29th Annual International Cryptology Conference, vol.5677, 2009.

D. Halevy and A. Shamir, The LSD broadcast encryption scheme, pp.47-60

F. Ben-hamouda, J. Camenisch, S. Krenn, V. Lyubashevsky, and G. Neven, Better zeroknowledge proofs for lattice encryption and their application to group signatures, ASIACRYPT (1), pp.551-572, 2014.

D. Hofheinz and T. Jager, Tightly secure signatures and public-key encryption, Safavi-Naini and Canetti, vol.230, pp.590-607

D. Hofheinz and E. Kiltz, Secure hybrid encryption from weakened key encapsulation, CRYPTO, pp.553-571, 2007.

J. Horwitz and B. Lynn, Toward hierarchical identity-based encryption, pp.466-481

M. Izabachène, B. Libert, and D. Vergnaud, Block-wise p-signatures and noninteractive anonymous credentials with efficient attributes, Lecture Notes in Computer Science, vol.7089, pp.431-450

. Springer, , 2011.

A. Jain, S. Krenn, K. Pietrzak, and A. Tentes, Commitments and efficient zeroknowledge proofs from learning parity with noise, ASIACRYPT, pp.663-680, 2012.

S. Jarecki and G. Tsudik, Public Key Cryptography -PKC, 12th International Conference on Practice and Theory in Public Key Cryptography, vol.5443, 2009.

R. Johnson, D. Molnar, D. Song, and D. Wagner, Homomorphic signature schemes, Lecture Notes in Computer Science, vol.2271, pp.244-262, 2002.

, Advances in Cryptology -EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.5479, 2009.

C. Jutla and A. Roy, Relatively-sound NIZKs and password-based key-exchange, vol.109, pp.485-503

C. Jutla and A. Roy, Shorter quasi-adaptive NIZK proofs for linear subspaces, Lecture Notes in Computer Science, vol.8269, issue.1, pp.1-20, 2013.

C. Jutla and A. Roy, Dual-system simulation-soundness with applications to UC-PAKE and more, 2014.

C. Jutla and A. Roy, Switching lemma for bilinear tests and constant-size NIZK proofs for linear subspaces, CRYPTO (2), pp.295-312, 2014.

J. Katz, A. Sahai, and B. Waters, Predicate encryption supporting disjunctions, polynomial equations, and inner products, pp.146-162

A. Kiayias, Y. Tsiounis, and M. Yung, Traceable signatures, Cachin and Camenisch, vol.60, pp.571-589

A. Kiayias, Y. Tsiounis, and M. Yung, Group encryption, pp.181-199

A. Kiayias and M. Yung, Group signatures with efficient concurrent join, pp.198-214

A. Kiayias and M. Yung, Secure scalable group signature with dynamic joins and separable authorities, vol.IJSN, pp.24-45, 2006.

, 21st Annual International Cryptology Conference, vol.2139, 2001.

E. Kiltz, Chosen-ciphertext security from tag-based encryption, TCC'06, vol.3876, pp.581-600, 2006.

, Advances in Cryptology -EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, vol.2332, 2002.

H. Krawczyk and T. Rabin, Chameleon signatures, NDSS, 2000.

S. Kunz-jacques and D. , About the security of MTI/C0 and MQV, Lecture Notes in Computer Science, vol.4116, pp.156-172, 2006.

, Advances in Cryptology -ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, vol.4833, 2007.

K. Kurosawa and G. Hanaoka, Public-Key Cryptography -PKC 2013 -16th International Conference on Practice and Theory in Public-Key Cryptography, vol.7778, 2013.

F. Laguillaumie, A. Langlois, B. Libert, and D. Stehlé, Lattice-based group signatures with logarithmic signature size, ASIACRYPT, pp.41-61, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00920420

F. Laguillaumie, P. Paillier, and D. Vergnaud, Universally convertible directed signatures, pp.682-701
URL : https://hal.archives-ouvertes.fr/inria-00001121

, Advances in Cryptology -ASIACRYPT 2011 -17th International Conference on the Theory and Application of Cryptology and Information Security, vol.7073, 2011.

A. Lewko, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, pp.62-91

A. Lewko, Tools for simulating features of composite order bilinear groups in the prime order setting, Pointcheval and Johansson, vol.220, pp.318-335

A. Lewko and B. Waters, New techniques for dual system encryption and fully secure HIBE with short ciphertexts, pp.455-479

A. Lewko and B. Waters, Unbounded HIBE and attribute-based encryption, Paterson, vol.217, pp.547-567

B. Libert and M. Joye, Group signatures with message-dependent opening in the standard model, CT-RSA, pp.286-306, 2014.

B. Libert, M. Joye, and M. Yung, Born and raised distributed: Fully distributed noninteractive adaptively secure threshold signatures with short shares, PODC, pp.303-312, 2014.
URL : https://hal.archives-ouvertes.fr/hal-00983149

B. Libert, M. Joye, M. Yung, and T. Peters, Concise multi-challenge CCA-secure encryption and signatures with almost tight security, ASIACRYPT (2), pp.1-21, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01088108

B. Libert, M. Joye, M. Yung, and T. Peters, Traceable group encryption, Canetti and Garay, vol.73, pp.592-610

B. Libert, T. Peters, M. Joye, and M. Yung, Linearly homomorphic structure-preserving signatures and their applications, Canetti and Garay, vol.73, pp.289-307

B. Libert, T. Peters, M. Joye, and M. Yung, Non-malleability from malleability: Simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures, vol.211
URL : https://hal.archives-ouvertes.fr/hal-00983147

B. Libert, T. Peters, and M. Yung, Group signatures with almost-for-free revocation, vol.230, pp.571-589

B. Libert, T. Peters, and M. Yung, Scalable group signatures with revocation, Pointcheval and Johansson, vol.220, pp.609-627

B. Libert, J. Quisquater, and M. Yung, Foward-secure signatures in untrusted update environments: Efficient and generic constructions, vol.212, pp.511-520

B. Libert, J. Quisquater, and M. Yung, Key evolution systems in untrusted update environments, ACM Transactions on Information and Systems Security, vol.13, issue.4, 2010.

B. Libert and D. Vergnaud, Multi-use unidirectional proxy re-signatures, vol.213, pp.511-520
URL : https://hal.archives-ouvertes.fr/inria-00357568

B. Libert and D. Vergnaud, Unidirectional chosen-ciphertext-secure proxy reencryption, Lecture Notes in Computer Science, vol.4939, pp.360-379, 2008.
URL : https://hal.archives-ouvertes.fr/inria-00339530

B. Libert and D. Vergnaud, Group signatures with verifier-local revocation and backward unlinkability in the standard model, vol.117, pp.498-517
URL : https://hal.archives-ouvertes.fr/inria-00577255

B. Libert and D. Vergnaud, Towards black-box accountable authority IBE with short ciphertexts and private keys, vol.117, pp.235-255
URL : https://hal.archives-ouvertes.fr/inria-00356999

B. Libert and M. Yung, Efficient traceable signatures in the standard model, Pairing, pp.187-205, 2009.

B. Libert and M. Yung, Concise mercurial vector commitments and independent zeroknowledge sets with short proofs, pp.499-517

B. Libert and M. Yung, Adaptively secure forward-secure non-interactive threshold cryptosystems, Lecture Notes in Computer Science, vol.7537, pp.1-21, 2011.

B. Libert and M. Yung, Efficient traceable signatures in the standard model, Theoretical Computer Science, vol.412, pp.1220-1242, 2011.

B. Libert and M. Yung, Non-interactive CCA-secure threshold cryptosystems with adaptive security: New framework and constructions, pp.75-93

Y. Lindell, A simple construction of CCA2-secure public-key encryption under general assumptions, pp.241-254

S. Ling, K. Nguyen, D. Stehlé, and H. Wang, Improved zero-knowledge proofs of knowledge for the isis problem, and applications, Public Key Cryptography, pp.107-124, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00767548

V. Lyubashevsky, Lattice-based identification schemes secure under active attacks, PKC, pp.162-179, 2014.

P. Mackenzie and K. Yang, On simulation-sound trapdoor commitments, Cachin and Camenisch, vol.60, pp.382-400

T. Malkin, I. Teranishi, Y. Vahlis, and M. Yung, Signatures resilient to continual leakage on memory and computation, Lecture Notes in Computer Science, vol.6597, pp.89-106, 2011.

, Advances in Cryptology -ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, vol.5912, 2009.

, Advances in Cryptology -CRYPTO 2007, 27th Annual International Cryptology Conference, vol.4622, 2007.

S. Micali, M. Rabin, and J. Kilian, Zero-knowledge sets, FOCS, pp.80-91, 2003.

D. Micciancio and S. Vadhan, Statistical zero-knowledge proofs with efficient provers: Lattice problems and more, CRYPTO, pp.282-298, 2003.

, Theory of Cryptography, 7th Theory of Cryptography Conference, TCC 2010, vol.5978, 2010.

T. Nakanishi, H. Fujii, Y. Hira, and N. Funabiki, Revocable group signature schemes with constant costs for signing and verifying, Jarecki and Tsudik, vol.147, pp.463-480

T. Nakanishi and N. Funabiki, Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps, pp.533-548

T. Nakanishi and N. Funabiki, Revocable group signatures with compact revocation list using accumulators, ICISC, pp.435-451, 2013.

D. Naor, M. Naor, and J. Lotspiech, Revocation and tracing schemes for stateless receivers, pp.41-62

M. Naor, On cryptographic assumptions and challenges, pp.96-109

M. Naor and M. Yung, Universal one-way hash functions and their cryptographic applications, STOC, pp.33-43, 1989.
DOI : 10.1145/73007.73011

M. Naor and M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, pp.427-437, 1990.
DOI : 10.1145/100216.100273

L. Nguyen, Accumulators from bilinear pairings and applications, Lecture Notes in Computer Science, vol.3376, pp.275-292
DOI : 10.1007/978-3-540-30574-3_19

. Springer, , 2005.

L. Nguyen and R. Safavi-naini, Efficient and provably secure trapdoor-free group signature schemes from bilinear pairings, Lecture Notes in Computer Science, vol.3329, pp.372-386, 2004.
DOI : 10.1007/978-3-540-30539-2_26
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-30539-2_26.pdf

, Advances in Cryptology -EURO-CRYPT 2014, 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2014.

, Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007.

, Proceedings of the 2008 ACM Conference on Computer and Communications Security, 2008.

R. Nishimaki, E. Fujisaki, and K. Tanaka, A multi-trapdoor commitment scheme from the RSA assumption, ACISP, pp.182-199, 2010.

T. Okamoto and K. Takashima, Fully secure functional encryption with general relations from the decisional linear assumption, pp.191-208

P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, EUROCRYPT'99, pp.223-238, 1999.

, Advances in Cryptology -EUROCRYPT 2011 -30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.6632, 2011.

C. Peikert and V. Vaikuntanathan, Noninteractive statistical zero-knowledge proofs for lattice problems, CRYPTO, pp.536-553, 2008.

, Advances in Cryptology -ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, vol.5350, 2008.

, Advances in Cryptology -EURO-CRYPT 2012 -31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.7237, 2012.

M. Prabhakaran and M. Rosulek, Rerandomizable RCCA encryption, pp.517-534
DOI : 10.1007/978-3-540-74143-5_29
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-74143-5_29.pdf

M. Prabhakaran and M. Rosulek, Homomorphic encryption with CCA security, Lecture Notes in Computer Science, vol.5126, issue.2, pp.667-678, 2008.

M. Prabhakaran and M. Rosulek, Towards robust computation on encrypted data, pp.216-233

B. Qin, Q. Wu, W. Susilo, Y. Mu, and Y. Wang, Publicly verifiable privacy-preserving group decryption, In Inscrypt, pp.72-83, 2008.

, Advances in Cryptology -CRYPTO 2010, 30th Annual Cryptology Conference, vol.6223, 2010.

C. Rackoff and D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, Lecture Notes in Computer Science, vol.576, pp.433-444, 1991.

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, STOC, pp.84-93, 2005.

Y. Rouselakis and B. Waters, Practical constructions and new proof methods for large universe attribute-based encryption, ACM Conference on Computer and Communications Security, pp.463-474, 2013.

, Advances in Cryptology -ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, vol.3788, 2005.

, Advances in Cryptology -CRYPTO 2012 -32nd Annual Cryptology Conference, vol.7417, 2012.

A. Sahai, Non-malleable non-interactive zero knowledge and adaptive chosenciphertext security, FOCS, pp.543-553, 1999.

A. Sahai and B. Waters, Fuzzy identity-based encryption, pp.457-473

Y. Sakai, K. Emura, G. Hanaoka, Y. Kawai, T. Matsuda et al., Group signatures with message-dependent opening, Pairing, pp.270-294, 2012.

M. Scott, Authenticated ID-based key exchange and remote log-in with simple token and pin number, Cryptology ePrint Archive, 2002.

H. Shacham, A cramer-shoup encryption scheme from the linear assumption and from progressively weaker linear variants. IACR Cryptology ePrint Archive, p.74, 2007.

A. Shamir, Identity-based cryptosystems and signature schemes, CRYPTO, pp.47-53, 1984.

V. Shoup, Lower bounds for discrete logarithms and related problems, EURO-CRYPT, pp.256-266, 1997.

V. Shoup, A proposal for an ISO standard for public key encryption (version 2.1). Manuscript, 2001.

, Advances in Cryptology -EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.4965, 2008.

D. Song, Practical forward secure group signature schemes, ACM Conference on Computer and Communications Security, pp.225-234, 2001.
DOI : 10.1145/502014.502015
URL : http://www.cs.berkeley.edu/~dawnsong/papers/grpsig.pdf

P. Tsang, M. Ho, A. Au, S. Kapadia, and . Smith, Blacklistable anonymous credentials: blocking misbehaving users without ttps, vol.212, pp.72-81

P. Tsang, M. Ho, A. Au, S. Kapadia, and . Smith, Perea: towards practical ttp-free revocation in anonymous authentication, vol.213, pp.333-344

G. Tsudik and S. Xu, Accumulating composites and improved group signing, Lecture Notes in Computer Science, vol.2894, pp.269-286, 2003.

, Advances in Cryptology -EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.4004, 2006.

, Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, 1998.

, Proceedings, Advances in Cryptology -CRYPTO 2008, 28th Annual International Cryptology Conference, vol.5157, 2008.

X. Wang and K. Sako, Advances in Cryptology -ASIACRYPT 2012 -18th International Conference on the Theory and Application of Cryptology and Information Security, vol.7658, 2012.

B. Waters, Efficient identity-based encryption without random oracles, pp.114-127

B. Waters, Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions, pp.619-636

, Advances in Cryptology -CRYPTO 2002, 22nd Annual International Cryptology Conference, vol.2442, 2002.

S. Zhou and D. Lin, Shorter verifier-local revocation group signatures from bilinear maps, CANS, pp.126-143, 2006.
DOI : 10.1007/11935070_8
URL : http://eprint.iacr.org/2006/286.pdf