-
Notifications
You must be signed in to change notification settings - Fork 6
/
additional.bib
391 lines (336 loc) · 15 KB
/
additional.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
@book{shoup08,
author = {Victor Shoup},
title = {A Computational Introduction to Number Theory and Algebra},
publisher = {Cambridge University Press},
year = {2008},
note = {2nd edition},
isbn = {978-0-521-51644-0},
}
@article{range-proof-survey,
author = {Morais, Eduardo and Koens, Tommy and van Wijk, Cees and Koren, Aleksei},
year = {2019},
journal = {SN Applied Sciences},
title = {A survey on zero knowledge range proofs and applications},
volume = {1},
number = {8},
pages = {946}
}
@article{DBLP:journals/dcc/Maurer15,
author = {Ueli Maurer},
title = {Zero-knowledge proofs of knowledge for group homomorphisms},
journal = {Des. Codes Cryptogr.},
volume = {77},
number = {2-3},
pages = {663--676},
year = {2015},
}
@phdthesis{cramer97,
title = {{Modular Design of Secure yet Practical Cryptographic Protocols}},
author = {Ronald Cramer},
year = {1997},
school = {CWI Amsterdam, The Netherlands},
}
@phdthesis{bangerter05,
title = {{Efficient Zero-Knowledge Proofs of Knowledgefor Homomorphisms}},
author = {Endre Bangerter},
year = {2005},
school = {Ruhr-Universit\"at Bochum, Germany},
}
@phdthesis{fischlin01,
title = {{Trapdoor Commitment Schemes and Their Applications}},
author = {Marc Fischlin},
year = {2001},
school = {Johann Wolfgang Goethe-Universit\"at, Germany},
}
@phdthesis{krenn12,
title = {{Bringing Zero-Knolwedge Proofs of Knowledge to Practice}},
author = {Stephan Krenn},
year = {2012},
school = {University of Fribourg, Switzerland},
}
@techreport{zkproof-reference,
title = {{ZKProof Community Reference v0.2}},
author = {{ZKProof}},
year = {2019},
note = {accessed on February 8, 2021},
}
@misc{damgard04,
title = {{On $\Sigma$-Protocols}},
author = {Ivan Damg\r{a}rd},
year = {2004},
howpublished = {Lecture on Crptologic Protocol Theory; Faculty of Science, University of Aarhus},
}
@misc{becafi19,
title = {{Community Standards Proposal for Commit-and-Prove Zero-Knowledge Proof Systems}},
author = {Daniel Benarroch and Matteo Campanelli and Dario Fiore},
year = {2019},
howpublished = {{ZKProof Community Standard Proposal}, available at \url{https://github.com/zkpstandard/zkreference/tree/master/standards-proposals}},
note = {accessed on February 22, 2021}
}
@article{zksk,
title={zksk},
ISBN={9781450368308},
DOI={10.1145/3338498.3358653},
journal={Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society - WPES’19},
publisher={ACM Press},
author={Lueks, Wouter and Kulynych, Bogdan and Fasquelle, Jules and Le Bail-Collet, Simon and Troncoso, Carmela},
year={2019}
}
@techreport{cfrg-voprf,
number = {draft-sullivan-cfrg-voprf-03},
type = {Internet-Draft},
institution = {Internet Engineering Task Force},
publisher = {Internet Engineering Task Force},
note = {Work in Progress},
url = {https://datatracker.ietf.org/doc/html/draft-sullivan-cfrg-voprf-03},
author = {Alex Davidson and Nick Sullivan and Christopher A. Wood},
title = {{Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups}},
pagetotal = 27,
year = 2019,
month = mar,
day = 11,
abstract = {An Oblivious Pseudorandom Function (OPRF) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input. The 'obliviousness' property ensures that the server does not learn anything about the client's input during the evaluation. The client should also not learn anything about the server's secret PRF key. Optionally, OPRFs can also satisfy a notion 'verifiability' (VOPRF). In this setting, the client can verify that the server's output is indeed the result of evaluating the underlying PRF with just a public key. This document specifies OPRF and VOPRF constructions instantiated within prime-order groups, including elliptic curves.},
}
@article{claimchain,
title={ClaimChain},
ISBN={9781450359894},
DOI={10.1145/3267323.3268947},
journal={Proceedings of the 2018 Workshop on Privacy in the Electronic Society},
publisher={ACM},
author={Kulynych, Bogdan and Lueks, Wouter and Isaakidis, Marios and Danezis, George and Troncoso, Carmela},
year={2018},
month={Jan}
}
@article{monero,
title={Ring SIgnature Confidential Transactions for Monero.},
author={Noether, Shen},
journal={IACR Cryptology ePrint Archive},
volume={2015},
pages={1098},
year={2015}
}
@InProceedings{jpake,
author="Hao, Feng
and Ryan, Peter Y. A.",
editor="Christianson, Bruce
and Malcolm, James A.
and Matyas, Vashek
and Roe, Michael",
title="Password Authenticated Key Exchange by Juggling",
booktitle="Security Protocols XVI",
year="2011",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="159--171",
abstract="Password-Authenticated Key Exchange (PAKE) studies how to establish secure communication between two remote parties solely based on their shared password, without requiring a Public Key Infrastructure (PKI). Despite extensive research in the past decade, this problem remains unsolved. Patent has been one of the biggest brakes in deploying PAKE solutions in practice. Besides, even for the patented schemes like EKE and SPEKE, their security is only heuristic; researchers have reported some subtle but worrying security issues.",
isbn="978-3-642-22137-8"
}
@misc{borromeansig,
author = {Maxwell, Gregory and Poelstra, Andrew},
title = {{Borromean Signatures}},
year = {2015},
note = {Available at \url{https://raw.githubusercontent.com/Blockstream/borromean_paper/master/borromean_draft_0.01_34241bb.pdfx}}
}
@misc{rfc8032,
series = {Request for Comments},
number = 8032,
howpublished = {RFC 8032},
publisher = {RFC Editor},
doi = {10.17487/RFC8032},
url = {https://rfc-editor.org/rfc/rfc8032.txt},
author = {Simon Josefsson and Ilari Liusvaara},
title = {{Edwards-Curve Digital Signature Algorithm (EdDSA)}},
pagetotal = 60,
year = 2017,
month = jan,
abstract = {This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.},
}
@misc{rfc8235,
series = {Request for Comments},
number = 8235,
howpublished = {RFC 8235},
publisher = {RFC Editor},
doi = {10.17487/RFC8235},
url = {https://rfc-editor.org/rfc/rfc8235.txt},
author = {Feng Hao},
title = {{Schnorr Non-interactive Zero-Knowledge Proof}},
pagetotal = 13,
year = 2017,
month = sep,
abstract = {This document describes the Schnorr non-interactive zero-knowledge (NIZK) proof, a non-interactive variant of the three-pass Schnorr identification scheme. The Schnorr NIZK proof allows one to prove the knowledge of a discrete logarithm without leaking any information about its value. It can serve as a useful building block for many cryptographic protocols to ensure that participants follow the protocol specification honestly. This document specifies the Schnorr NIZK proof in both the finite field and the elliptic curve settings.},
}
@misc{sigma-proposal,
author = {Orrù, Michele and Krenn, Stephan},
title = {Proposal: $\Sigma$-protocols},
note = {Available at: \url{https://docs.zkproof.org/pages/standards/accepted-workshop4/proposal-sigma.pdf}},
year = {2021}
}
@misc{rfc2785,
series = {Request for Comments},
number ={2785},
howpublished = {RFC 2785},
publisher = {RFC Editor},
doi = {10.17487/RFC2785},
url = {https://rfc-editor.org/rfc/rfc2785.txt},
author = {Robert Zuccherato},
title = {{Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME}},
pagetotal = 11,
year = 2000,
month = mar,
abstract = {This document will describe the situations relevant to implementations of S/MIME version 3 in which protection is necessary and the methods that can be used to prevent these attacks. This memo provides information for the Internet community.},
}
@techreport{hash-to-curve,
number = {draft-irtf-cfrg-hash-to-curve-10},
type = {Internet-Draft},
institution = {Internet Engineering Task Force},
publisher = {Internet Engineering Task Force},
note = {Work in Progress},
url = {https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-10},
author = {Armando Faz-Hernández and Sam Scott and Nick Sullivan and Riad S. Wahby and Christopher A. Wood},
title = {{Hashing to Elliptic Curves}},
pagetotal = 163,
year = 2020,
month = oct,
day = 11,
abstract = {This document specifies a number of algorithms for encoding or hashing an arbitrary string to a point on an elliptic curve.},
}
@misc{scapi,
author = {Yael Ejgenberg and Moriya Farbstein and Meital Levy and Yehuda Lindell},
title = {SCAPI: The Secure Computation Application Programming Interface},
howpublished = {Cryptology ePrint Archive, Report 2012/629},
year = {2012},
note = {\url{https://eprint.iacr.org/2012/629}},
}
@inproceedings{cortier2020,
title={How to fake zero-knowledge proofs, again},
author={Cortier, V{\'e}ronique and Gaudry, Pierrick and Yang, Quentin},
booktitle={E-Vote-Id 2020-The International Conference for Electronic Voting},
year={2020}
}
@article{csproofs,
title={Proof systems for general statements about discrete logarithms},
author={Camenisch, Jan and Stadler, Markus},
journal={Technical Report/ETH Zurich, Department of Computer Science},
volume={260},
year={1997},
publisher={ETH Zurich}
}
@misc{jr1cs,
title={J-R1CS – a JSON Lines format for R1CS},
author={Guillaume Drevon},
howpublished = {zkproof Proposal},
year={2019},
note={Available at: \url{https://docs.zkproof.org/pages/standards/accepted-workshop2/proposal--zk-interop-jr1cs.pdf}}
}
@misc{fips2,
title={Digital Signature Standard},
author={NIST},
year={2000},
howpublished = {FIPS 186-2},
note={Available at: \url{https://csrc.nist.gov/csrc/media/publications/fips/186/2/archive/2000-01-27/documents/fips186-2.pdf}}
}
@techreport{cfrg-ristretto-decaf,
number = {draft-irtf-cfrg-ristretto255-decaf448-00},
type = {Internet-Draft},
institution = {Internet Engineering Task Force},
publisher = {Internet Engineering Task Force},
note = {Work in Progress},
url = {https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448-00},
author = {Henry de Valence and Jack Grigg and George Tankersley and Filippo Valsorda and isis lovecruft and Mike Hamburg},
title = {{The ristretto255 and decaf448 Groups}},
pagetotal = 26,
year = 2020,
month = oct,
day = 5,
abstract = {This memo specifies two prime-order groups, ristretto255 and decaf448, suitable for safely implementing higher-level and complex cryptographic protocols. The ristretto255 group can be implemented using Curve25519, allowing existing Curve25519 implementations to be reused and extended to provide a prime-order group. Likewise, the decaf448 group can be implemented using edwards448.}
}
@techreport{bernstein-netstrings-02,
number = {draft-bernstein-netstrings-02},
type = {Internet-Draft},
institution = {Internet Engineering Task Force},
publisher = {Internet Engineering Task Force},
note = {Work in Progress},
url = {https://datatracker.ietf.org/doc/html/draft-bernstein-netstrings-02},
author = {D. J. Bernstein},
title = {{Netstrings}},
pagetotal = 2,
year = 1998,
month = aug,
day = 14,
abstract = {A netstring is a self-delimiting encoding of a string. Netstrings are very easy to generate and to parse. Any string may be encoded as a netstring; there are no restrictions on length or on allowed bytes. Another virtue of a netstring is that it declares the string size up front. Thus an application can check in advance whether it has enough space to store the entire string. Netstrings may be used as a basic building block for reliable network protocols. Most high-level protocols, in effect, transmit a sequence of strings; those strings may be encoded as netstrings and then concatenated into a sequence of characters, which in turn may be transmitted over a reliable stream protocol such as TCP.},
}
@misc{zkp,
title={zkp: a toolkit for Schnorr proofs},
author={Henry de Valence},
year={2019},
note={Available at: \url{https://medium.com/@hdevalence/zkp-a-toolkit-for-schnorr-proofs-6e381b4f0a31}}
}
@misc{monero-fail,
title={Disclosure of a Major Bug in CryptoNote Based Currencies},
author={\texttt{luigi1111} and \texttt{fluffypony}},
year={2017},
note={Available at: \url{https://www.getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html}}
}
@misc{rfc6979,
series = {Request for Comments},
number = 6979,
howpublished = {RFC 6979},
publisher = {RFC Editor},
doi = {10.17487/RFC6979},
url = {https://rfc-editor.org/rfc/rfc6979.txt},
author = {Thomas Pornin},
title = {{Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)}},
pagetotal = 79,
year = 2013,
month = aug,
abstract = {This document defines a deterministic digital signature generation procedure. Such signatures are compatible with standard Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures and can be processed with unmodified verifiers, which need not be aware of the procedure described therein. Deterministic signatures retain the cryptographic security features associated with digital signatures but can be more easily implemented in various environments, since they do not need access to a source of high-quality randomness.},
}
@misc{bip-schnorr,
title={BIP 0340},
author={Wuille, Pieter and Nick, Jonasonas and Ruffing, Tim},
year={2018},
note={Available at: \url{https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016203.html}}
}
@misc{emmy,
title={[n.d.] emmy - Library for zero-knowledge proofs},
author={XLAB},
note={Available at: \url{https://github.com/xlab-si/emmy}. Last accessed: July 9, 2019.}
}
@misc{kyber,
title={[n.d.] Kyber - DEDIS Advanced Crypto Library for Go},
author={DEDIS},
note={Available at: \url{https://pkg.go.dev/go.dedis.ch/kyber}}
}
@misc{bls12,
title={BLS12-381: New zk-SNARK Elliptic Curve Construction},
author={Sean Bowe},
year={2017},
note={Available at: \url{https://electriccoin.co/blog/new-snark-curve/}}
}
@article{lattice-attack,
title={Lattice attacks on digital signature schemes},
author={Howgrave-Graham, Nick A and Smart, Nigel P.},
journal={Designs, Codes and Cryptography},
volume={23},
number={3},
pages={283--290},
year={2001},
publisher={Springer}
}
@inproceedings{bleichenbacher,
title={On the generation of one-time keys in DL signature schemes},
author={Bleichenbacher, Daniel},
booktitle={Presentation at IEEE P1363 working group meeting},
pages={81},
year={2000}
}
@article{pippenger,
title={On the evaluation of powers and monomials},
author={Pippenger, Nicholas},
journal={SIAM Journal on Computing},
volume={9},
number={2},
pages={230--250},
year={1980},
publisher={SIAM}
}