[1] Michel Abdalla and Bogdan Warinschi. 2004. On the Minimal Assumptions of Group Signature Schemes. In ICICS 2004. 1-13. https://doi.org/10.1007/978-3- 540-30191-2_1 2005. Practical Group Signatures without Random Oracles. Cryptology ePrint dentials from Mercurial Signatures. In Topics in Cryptology - CT-RSA 2019 - The Archive, Report 2005/385. [3] Giuseppe Ateniese, Jan Camenisch, Marc Joye, and Gene Tsudik. 2000. A Practical 4-8, 2019, Proceedings (Lecture Notes in Computer Science), Mitsuru Matsui (Ed.), and Provably Secure Coalition-Resistant Group Signature Scheme. In CRYPTO 2000. 255-270. https://doi.org/10.1007/3-540-44598-6_16 [4] Giuseppe Ateniese and Breno de Medeiros. 2003. Efficient Group Signatures without Trapdoors. In ASIACRYPT 2003. 246-268. https://doi.org/10.1007/978-3- In Topics in Cryptology - CT-RSA 2015, The Cryptographer's Track at the RSA 540-40061-5_15 [5] Michael Backes, Lucjan Hanzlik, Kamil Kluczniak, and Jonas Schneider. [n.d.]. Notes in Computer Science), Kaisa Nyberg (Ed.), Vol. 9048. Springer, 127-144. Signatures with Flexible Public Key: Introducing Equivalence Classes for Public https://doi.org/10.1007/978-3-319-16715-2_7 Keys. In ASIACRYPT 2018. To appear. [6] Michael Backes, Lucjan Hanzlik, and Jonas Schneider. 2018. Membership Privacy Signatures Without Encryption. Cryptology ePrint Archive, Report 2016/154. for Fully Dynamic Group Signatures. IACR Cryptology ePrint Archive 2018 (2018), [29] David Derler and Daniel Slamanig. 2018. Highly-Efficient Fully-Anonymous 641. https://eprint.iacr.org/2018/641 [7] Foteini Baldimtsi, Jan Camenisch, Maria Dubovitskaya, Anna Lysyanskaya, Leonid Reyzin, Kai Samelin, and Sophia Yakoubov. 2017. Accumulators with Ap//doi.org/10.1145/3196494.3196507 plications to Anonymity-Preserving Revocation. In EuroS&P 2017. IEEE, 301-315. [30] Alex Escala and Jens Groth. 2014. Fine-Tuning Groth-Sahai Proofs. In PKC 2014. https://doi.org/10.1109/EuroSP.2017.13 [8] Mira Belenkiy, Jan Camenisch, Melissa Chase, Markulf Kohlweiss, Anna Lysyan[31] Georg Fuchsbauer and Romain Gay. [n.d.]. Weakly Secure Equivalence-Class skaya, and Hovav Shacham. 2009. Randomizable Proofs and Delegatable AnonySignatures from Standard Assumptions. In PKC 2018. mous Credentials. In Advances in Cryptology - CRYPTO 2009, 29th Annual In[32] Jun Furukawa and Shoko Yonezawa. 2004. Group Signatures with Separate and ternational Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Distributed Authorities. In SCN 2004. 77-90. https://doi.org/10.1007/978-3-540- Proceedings (Lecture Notes in Computer Science), Shai Halevi (Ed.), Vol. 5677. 30598-9_6 Springer, 108-125. https://doi.org/10.1007/978-3-642-03356-8_7 [9] Mihir Bellare, Alexandra Boldyreva, Anand Desai, and David Pointcheval. 2001. on Discrete Logarithms. In CRYPTO 1984. 10-18. https://doi.org/10.1007/3-540- Key-Privacy in Public-Key Encryption. In ASIACRYPT 2001. 566-582. https: //doi.org/10.1007/3-540-45682-1_33 [10] Mihir Bellare, Daniele Micciancio, and Bogdan Warinschi. 2003. Founda tions of Group Signatures: Formal Definitions, Simplified Requirements, and Science), Xuejia Lai and Kefei Chen (Eds.), Vol. 4284. Springer, 444-459. https: a Construction Based on General Assumptions. In EUROCRYPT 2003. 614-629. https://doi.org/10.1007/3-540-39200-9_38 [11] Mihir Bellare, Haixia Shi, and Chong Zhang. 2005. Foundations of Group Signatures: The Case of Dynamic Groups. In CT-RSA 2005. 136-153. https: //doi.org/10.1007/978-3-540-30574-3_11 [12] Patrik Bichsel, Jan Camenisch, Gregory Neven, Nigel P. Smart, and Bogdan Warinschi. 2010. Get Shorty via Group Signatures without Encryption. In SCN [37] Christian Hanser and Daniel Slamanig. [n.d.]. Structure-Preserving Signatures 2010. 381-398. https://doi.org/10.1007/978-3-642-15317-4_24 [13] Dan Boneh, Xavier Boyen, and Hovav Shacham. 2004. Short Group Signatures. In CRYPTO 2004. 41-55. https://doi.org/10.1007/978-3-540-28628-8_3 [14] Dan Boneh, Saba Eskandarian, and Ben Fisch. 2018. Post-Quantum EPID Group Signatures from Symmetric Primitives. Cryptology ePrint Archive, Report 2018/261. https://eprint.iacr.org/2018/261. [15] Dan Boneh and Matthew K. Franklin. 2001. Identity-Based Encryption from the Dynamic Joins and Keeping Anonymity Against Group Managers. In Mycrypt Weil Pairing. In CRYPTO 2001. 213-229. https://doi.org/10.1007/3-540-44647-8_13 2005. 151-170. https://doi.org/10.1007/11554868_11 [16] Dan Boneh and Matthew K. Franklin. 2003. Identity-Based Encryption from the [40] Aggelos Kiayias and Moti Yung. 2005. Group Signatures with Efficient Concurrent Weil Pairing. SIAM J. Comput. 32, 3 (2003), 586-615. https://doi.org/10.1137/ Join. In EUROCRYPT 2005. 198-214. https://doi.org/10.1007/11426639_12 S0097539701398521 [17] Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, and Jens Groth. dynamic joins and separable authorities. IJSN 1, 1/2 (2006), 24-45. https: 2016. Foundations of Fully Dynamic Group Signatures. In ACNS 2016. 117-136. //doi.org/10.1504/IJSN.2006.010821 https://doi.org/10.1007/978-3-319-39555-5_7 [18] Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, Jens Groth, and In Financial Cryptography and Data Security, 11th International Conference, FC Christophe Petit. [n.d.]. Short Accountable Ring Signatures Based on DDH. In 2007, and 1st International Workshop on Usable Security, USEC 2007, Scarborough, ESORICS 2015. [19] Xavier Boyen and Brent Waters. 2006. Compact Group Signatures Without RanComputer Science), Sven Dietrich and Rachna Dhamija (Eds.), Vol. 4886. Springer, dom Oracles. In EUROCRYPT 2006. 427-444. https://doi.org/10.1007/11761679_26 134-147. https://doi.org/10.1007/978-3-540-77366-5_14 [20] Xavier Boyen and Brent Waters. 2007. Full-Domain Subgroup Hiding and Constant-Size Group Signatures. In PKC 2007. 1-15. https://doi.org/10.1007/978- Almost-for-Free Revocation. In CRYPTO 2012. 571-589. https://doi.org/10.1007/ 3-540-71677-8_1 [21] Jan Camenisch and Jens Groth. 2004. Group Signatures: Better Efficiency and [44] Benoît Libert, Thomas Peters, and Moti Yung. 2012. Scalable Group Signatures New Theoretical Aspects. In SCN 2004. 120-133. https://doi.org/10.1007/978-3- with Revocation. In EUROCRYPT 2012. 609-627. https://doi.org/10.1007/978-3- 540-30598-9_9 [22] Jan Camenisch and Anna Lysyanskaya. 2004. Signature Schemes and Anonymous Credentials from Bilinear Maps. In CRYPTO 2004. 56-72. https://doi.org/10.1007/ Structure-Preserving Signatures: Standard Model Security from Simple Assump- 978-3-540-28628-8_4 [23] Melissa Chase and Anna Lysyanskaya. 2006. On Signatures of Knowledge. In Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Group Signatures from Lattices. In PKC 2018. Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceedings (Lec[47] Yusuke Sakai, Jacob C. N. Schuldt, Keita Emura, Goichiro Hanaoka, and Kazuo ture Notes in Computer Science), Cynthia Dwork (Ed.), Vol. 4117. Springer, 78-96. Ohta. 2012. On the Security of Dynamic Group Signatures: Preventing Signature https://doi.org/10.1007/11818175_5 [24] David Chaum and Eugène Van Heyst. 1991. Group Signatures. In EUROCRYPT'91 (LNCS), Donald W. Davies (Ed.), Vol. 547. Springer, Heidelberg, 257-265. [25] Sherman S. M. Chow, Haibin Zhang, and Tao Zhang. 2017. Real Hidden Identity40061-5_16 Based Signatures. In Financial Cryptography and Data Security - 21st International [49] Brent Waters. 2005. Efficient Identity-Based Encryption Without Random Oracles. Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers (Lecture In EUROCRYPT 2005. 114-127. https://doi.org/10.1007/11426639_7 Notes in Computer Science), Aggelos Kiayias (Ed.), Vol. 10322. Springer, 21-38. https://doi.org/10.1007/978-3-319-70972-7_2 Cryptographers' Track at the RSA Conference 2019, San Francisco, CA, USA, March Vol. 11405. Springer, 535-555. https://doi.org/10.1007/978-3-030-12612-4_27 [27] David Derler, Christian Hanser, and Daniel Slamanig. 2015. Revisiting Crypto graphic Accumulators, Additional Properties and Relations to Other Primitives. Conference 2015, San Francisco, CA, USA, April 20-24, 2015. Proceedings (Lecture [28] David Derler and Daniel Slamanig. 2016. Fully-Anonymous Short Dynamic Group Dynamic Group Signatures. In AsiaCCS 2018, Jong Kim, Gail-Joon Ahn, Seungjoo Kim, Yongdae Kim, Javier López, and Taesoo Kim (Eds.). ACM, 551-565. https: 630-649. https://doi.org/10.1007/978-3-642-54631-0_36 [33] Taher El Gamal. 1984. A Public Key Cryptosystem and a Signature Scheme Based 39568-7_2 [34] Jens Groth. 2006. Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures. In ASIACRYPT 2006 (Lecture Notes in Computer //doi.org/10.1007/11935230_29 [35] Jens Groth. 2007. Fully Anonymous Group Signatures Without Random Oracles. In ASIACRYPT 2007. 164-180. https://doi.org/10.1007/978-3-540-76900-2_10 [36] Jens Groth and Amit Sahai. 2008. Efficient Non-interactive Proof Systems for Bilinear Groups. In EUROCRYPT 2008. 415-432. https://doi.org/10.1007/978-3- 540-78967-3_24 on Equivalence Classes and Their Application to Anonymous Credentials. In ASIACRYPT 2014. [38] Dennis Hofheinz and Eike Kiltz. 2008. Programmable Hash Functions and Their Applications. In CRYPTO 2008. 21-38. https://doi.org/10.1007/978-3-540-85174- 5_2 [39] Aggelos Kiayias and Moti Yung. 2005. Efficient Secure Group Signatures with [41] Aggelos Kiayias and Moti Yung. 2006. Secure scalable group signature with [42] Aggelos Kiayias and Hong-Sheng Zhou. 2007. Hidden Identity-Based Signatures. Trinidad and Tobago, February 12-16, 2007. Revised Selected Papers (Lecture Notes in [43] Benoît Libert, Thomas Peters, and Moti Yung. 2012. Group Signatures with 978-3-642-32009-5_34 642-29011-4_36 [45] Benoît Libert, Thomas Peters, and Moti Yung. 2015. Short Group Signatures via tions. In CRYPTO 2015. 296-316. https://doi.org/10.1007/978-3-662-48000-7_15 [46] San Ling, Khoa Nguyen, Huaxiong Wang, and Yanhong Xu. [n.d.]. Constant-Size Hijacking. In PKC 2012. 715-732. https://doi.org/10.1007/978-3-642-30057-8_42 [48] Gene Tsudik and Shouhuai Xu. 2003. Accumulating Composites and Improved Group Signing. In ASIACRYPT 2003. 269-286. https://doi.org/10.1007/978-3-540-