. Abl-+-17]-divesh, . Aggarwal, K. Gavin, T. Brennen, M. Lee et al., Quantum attacks on bitcoin, and how to protect against them, 2017.

M. R. Albrecht, C. Cid, J. Faugère, and L. Perret, Algebraic algorithms for LWE. Cryptology ePrint Archive, 1018.
URL : https://hal.archives-ouvertes.fr/hal-01072721

B. Adida, Helios: Web-based open-audit voting, USENIX Association, pp.335-348, 2008.

M. R. Albrecht, R. Fitzpatrick, and F. Göpfert, On the efficacy of solving LWE by reduction to unique-SVP, LNCS, vol.13, pp.293-310, 2014.

S. Arora and R. Ge, New algorithms for learning in presence of errors, ICALP 2011, Part I, vol.6755, pp.403-415, 2011.

G. Asharov, A. Jain, A. López-alt, and E. Tromer, Multiparty computation with low communication, computation and interaction via threshold FHE, LNCS, vol.7237, pp.483-501, 2012.

G. Akr-+-13]-elli-androulaki, M. Karame, T. Roeschlin, S. Scherer, and . Capkun, Evaluating user privacy in Bitcoin, LNCS, vol.7859, pp.34-51, 2013.

M. R. Albrecht, On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL, Part, vol.II, pp.103-129, 2017.

. Alm-+-92]-sanjeev, C. Arora, R. Lund, M. Motwani, M. Sudan et al., Proof verification and hardness of approximation problems, 33rd FOCS, pp.14-23, 1992.

R. Martin-r-albrecht, S. Player, and . Scott, On the concrete hardness of learning with errors, Journal of Mathematical Cryptology, vol.9, issue.3, pp.169-203, 2015.

L. Babai, Trading group theory for randomness, 17th ACM STOC, pp.421-429, 1985.

A. Back, Bitcoins with homomorphic value (validatable but encrypted), 2013.

W. Banaszczyk, Inequalities for convex bodies and polar reciprocal lattices inr n. Discrete & Computational Geometry, vol.13, pp.217-231, 1995.

. Bbb-+-18]-benedikt, J. Bünz, D. Bootle, A. Boneh, P. Poelstra et al., Bulletproofs: Short proofs for confidential transactions and more, 2018 IEEE Symposium on Security and Privacy, pp.315-334, 2018.

D. Boneh, X. Boyen, and E. Goh, Hierarchical identity based encryption with constant size ciphertext, LNCS, vol.3494, pp.440-456, 2005.

D. Boneh, X. Boyen, and H. Shacham, Short group signatures, Heidelberg, vol.3152, pp.41-55, 2004.

S. Barber, X. Boyen, E. Shi, and E. Uzun, Bitter to better -how to make Bitcoin a better currency, LNCS, vol.7397, pp.399-414, 2012.

G. Brassard, D. Chaum, and C. Crépeau, Minimum disclosure proofs of knowledge, J. Comput. Syst. Sci, vol.37, issue.2, pp.156-189, 1988.

N. Bitansky, R. Canetti, A. Chiesa, S. Goldwasser, H. Lin et al., The hunting of the SNARK. Cryptology ePrint Archive, vol.580, 2014.

N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer, From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again, pp.326-349, 2012.

E. Ben-sasson, A. Chiesa, C. Garman, M. Green, I. Miers et al., Zerocash: Decentralized anonymous payments from bitcoin, 2014 IEEE Symposium on Security and Privacy, pp.459-474, 2014.

E. Boyle, G. Couteau, N. Gilboa, Y. Ishai, and M. Orrù, Homomorphic secret sharing: Optimizations and applications, ACM CCS 2017, pp.2105-2122, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01614451

E. Brier, T. Jean-sébastien-coron, D. Icart, H. Madore, M. Randriam et al., Efficient indifferentiable hashing into ordinary elliptic curves, CRYPTO 2010, vol.6223, pp.237-254, 2010.

N. Bitansky, A. Chiesa, Y. Ishai, R. Ostrovsky, and O. Paneth, Succinct non-interactive arguments via linear interactive proofs, LNCS, vol.7785, pp.315-333, 2013.

A. Bagherzandi, J. H. Cheon, and S. Jarecki, Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma, ACM CCS 2008, pp.449-458, 2008.

D. Beaver, Correlated pseudorandomness and the complexity of private computations, 28th ACM STOC, pp.479-488, 1996.

D. Boneh and M. K. Franklin, Identity-based encryption from the Weil pairing, LNCS, vol.2139, pp.213-229, 2001.

M. Blum, P. Feldman, and S. Micali, Non-interactive zero-knowledge and its applications (extended abstract), 20th ACM STOC, pp.103-112, 1988.

M. Bellare, G. Fuchsbauer, and A. Scafuro, NIZKs with an untrusted CRS: Security in the face of parameter subversion, ASIACRYPT 2016, Part II, vol.10032, pp.777-804, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01384384

M. Bellare and O. Goldreich, On defining proofs of knowledge

. Brickell, Heidelberg, vol.92, pp.390-420, 1993.

S. Bai and S. D. Galbraith, Lattice decoding attacks on binary LWE, LNCS, vol.14, pp.322-337, 2014.

E. Boyle, N. Gilboa, and Y. Ishai, Breaking the circuit size barrier for secure computation under DDH, CRYPTO 2016, Part I, vol.9814, pp.509-539, 2016.

E. Boyle, N. Gilboa, and Y. Ishai, Group-based secure computation: Optimizing rounds, communication, and computation, Part, vol.II, pp.163-193, 2017.

D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, LNCS, vol.2656, pp.416-432, 2003.

M. Bellare, D. Hofheinz, and S. Yilek, Possibility and impossibility results for encryption and commitment secure under selective opening, LNCS, vol.5479, pp.1-35, 2009.

D. Boneh, Y. Ishai, A. Sahai, and D. J. Wu, Lattice-based SNARGs and their application to more efficient obfuscation, Part III, vol.10212, pp.247-277, 2017.

D. Boneh, Y. Ishai, A. Sahai, and D. J. Wu, Quasi-optimal snargs via linear multi-prover interactive proofs, Cryptology ePrint Archive, vol.133, 2018.

G. Brassard, S. Laplante, C. Crépeau, and C. Léger, Computationally convincing proofs of knowledge, Annual Symposium on Theoretical Aspects of Computer Science, pp.251-262, 1991.

D. Boneh, B. Lynn, and H. Shacham, Short signatures from the Weil pairing, LNCS, vol.2248, pp.514-532, 2001.

. Springer, , 2001.

S. L. Paulo, B. Barreto, M. Lynn, and . Scott, Constructing elliptic curves with prescribed embedding degrees, LNCS, vol.2576, pp.257-267, 2003.

D. Boneh, B. Lynn, and H. Shacham, Short signatures from the Weil pairing, Journal of Cryptology, vol.17, issue.4, pp.297-319, 2004.

V. Boyko, P. D. Mackenzie, and S. Patel, Provably secure passwordauthenticated key exchange using Diffie-Hellman, LNCS, vol.1807, pp.156-171, 2000.

J. Bonneau, A. Narayanan, A. Miller, J. Clark, J. A. Kroll et al., Mixcoin: Anonymity for bitcoin with accountable mixes, LNCS, vol.8437, pp.486-504, 2014.

M. Bellare, C. Namprempre, and G. Neven, Unrestricted aggregate signatures, LNCS, vol.4596, pp.411-422, 2007.

B. Barak, J. Shien, S. P. Ong, and . Vadhan, Derandomization in cryptography, LNCS, vol.2729, pp.299-315, 2003.

N. Bitansky and O. Paneth, ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation, Yevgeniy Dodis and Jesper Buus Nielsen, vol.9015, pp.401-427, 2015.

A. Budroni and F. Pintore, Efficient hash maps to G 2 on BLS curves, Cryptology ePrint Archive, 2017.

A. Banerjee, C. Peikert, and A. Rosen, Pseudorandom functions and lattices, LNCS, vol.7237, pp.719-737, 2012.

D. Bernhard, O. Pereira, and B. Warinschi, How not to prove yourself: Pitfalls of the Fiat-Shamir heuristic and applications to Helios, Xiaoyun Wang and Kazue Sako, vol.7658, pp.626-643, 2012.

M. Bellare and P. Rogaway, The security of triple encryption and a framework for code-based game-playing proofs, LNCS, vol.4004, pp.409-426, 2006.

E. Ben-sasson, I. Bentov, Y. Horesh, and M. Riabzev, Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, 2018.

Z. Brakerski and V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, editor, 52nd FOCS, pp.97-106, 2011.

I. Chillotti, N. Gama, M. Georgieva, and M. Izabachène, Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds, ASIACRYPT 2016, Part I, vol.10031, pp.3-33, 2016.
URL : https://hal.archives-ouvertes.fr/cea-01832762

M. Chase, Efficient non-interactive zero-knowledge proofs for privacy applications, 2008.

I. Damgård, Towards practical public key systems secure against chosen ciphertext attacks, CRYPTO'91, vol.576, pp.445-456, 1992.

A. De-santis, G. D. Crescenzo, R. Ostrovsky, G. Persiano, and A. Sahai, Robust non-interactive zero knowledge, LNCS, vol.2139, pp.566-598, 2001.

G. Danezis, C. Fournet, J. Groth, and M. Kohlweiss, Square span programs with applications to succinct NIZK arguments, Palash Sarkar and Tetsu Iwata, vol.8873, pp.532-550

. Springer, , 2014.

A. Davidson, I. Goldberg, N. Sullivan, G. Tankersley, and F. Valsorda, Privacy pass: Bypassing internet challenges anonymously, PoPETs, issue.3, pp.164-180, 2018.

L. Ducas and D. Micciancio, FHEW: Bootstrapping homomorphic encryption in less than a second, EURO-CRYPT 2015, Part I, volume 9056 of LNCS, pp.617-640, 2015.

C. Dwork and M. Naor, Zaps and their applications, 41st FOCS, pp.283-293, 2000.

A. Davidson and N. Sullivan, , 2019.

A. Faz-hernandez, S. Scott, N. Sullivan, R. S. Wahby, and C. A. Wood, Hashing to Elliptic Curves, 2019.

L. Fuentes-castañeda, E. Knapp, and F. Rodríguez-henríquez, Faster hashing to G 2, LNCS, vol.7118, pp.412-430, 2011.

P. Fauzi, S. Meiklejohn, R. Mercer, and C. Orlandi, Quisquis: A new design for anonymous cryptocurrencies, Cryptology ePrint Archive, vol.990, 2018.

G. Fuchsbauer and M. Orrù, Non-interactive zaps of knowledge, LNCS, vol.18, pp.44-62, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01870005

G. Fuchsbauer, M. Orrù, and Y. Seurin, Aggregate cash systems: A cryptographic investigation of mimblewimble, EUROCRYPT 2019, Part I, volume 11476 of LNCS, pp.657-689, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02396305

U. Feige and A. Shamir, Witness indistinguishable and witness hiding protocols, 22nd ACM STOC, pp.416-426, 1990.

G. Fuchsbauer, Subversion-zero-knowledge SNARKs, PKC 2018, Part I, volume 10769 of LNCS, pp.315-347, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01869978

D. Steven and . Galbraith, Space-efficient variants of cryptosystems based on learning with errors. preprint, 2013.

A. Gervais, S. Capkun, G. O. Karame, and D. Gruber, On the privacy provisions of bloom filters in lightweight bitcoin clients, Annual Computer Security Applications Conference -ACSAC 2014, pp.326-335, 2014.

C. Gentry, Fully homomorphic encryption using ideal lattices, 41st ACM STOC, pp.169-178, 2009.

R. Gennaro, C. Gentry, B. Parno, and M. Raykova, Quadratic span programs and succinct NIZKs without PCPs, Thomas Johansson and Phong Q

. Nguyen, LNCS, vol.7881, pp.626-645, 2013.

Q. Guo, T. Johansson, and P. Stankovski, Coded-BKW: Solving LWE using lattice codes, CRYPTO 2015, Part I, vol.9215, pp.23-42, 2015.

J. Groth, M. Kohlweiss, M. Maller, S. Meiklejohn, and I. Miers, Updatable and universal common reference strings with applications to zk-SNARKs, CRYPTO 2018, Part III, vol.10993, pp.698-728, 2018.

R. Gennaro, M. Minelli, A. Nitulescu, and M. Orrù, Lattice-based zk-SNARKs from square span programs, ACM CCS 2018, pp.556-573, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01743360

S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof-systems (extended abstract), 17th ACM STOC, pp.291-304, 1985.

S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing, vol.18, issue.1, pp.186-208, 1989.

O. Goldreich and Y. Oren, Definitions and properties of zero-knowledge proof systems, Journal of Cryptology, vol.7, issue.1, pp.1-32, 1994.

O. Goldreich, A uniform-complexity treatment of encryption and zero-knowledge, Journal of Cryptology, vol.6, issue.1, pp.21-53, 1993.

J. Groth, R. Ostrovsky, and A. Sahai, Non-interactive zaps and new techniques for NIZK, LNCS, vol.4117, pp.97-111, 2006.

J. Groth, R. Ostrovsky, and A. Sahai, Perfect non-interactive zero knowledge for NP, LNCS, vol.4004, pp.339-358, 2006.

J. Groth, Simulation-sound NIZK proofs for a practical language and constant size group signatures, LNCS, vol.4284, pp.444-459, 2006.

J. Groth, Short pairing-based non-interactive zero-knowledge arguments, ASIACRYPT 2010, vol.6477, pp.321-340

. Springer, , 2010.

J. Groth, On the size of pairing-based non-interactive arguments, EUROCRYPT 2016, Part II, vol.9666, pp.305-326, 2016.

S. Goldwasser and M. Sipser, Private coins versus public coins in interactive proof systems, 18th ACM STOC, pp.59-68, 1986.

J. Groth and A. Sahai, Efficient non-interactive proof systems for bilinear groups, LNCS, vol.4965, pp.415-432, 2008.

T. Granlund, . Development-team, and . Gnu-mp, The GNU Multiple Precision Arithmetic Library, 2012.

C. Gentry and D. Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, 43rd ACM STOC, pp.99-108, 2011.

E. Heilman, L. Alshenibr, F. Baldimtsi, A. Scafuro, and S. Goldberg, TumbleBit: An untrusted bitcoin-compatible anonymous payment hub, NDSS 2017, 2017.

J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby, A pseudorandom generator from any one-way function, SIAM Journal on Computing, vol.28, issue.4, pp.1364-1396, 1999.

W. Hart, F. Johansson, and S. Pancratz, FLINT: Fast Library for Number Theory, 2013.

Y. Ishai, J. Kilian, K. Nissim, and E. Petrank, Extending oblivious transfers efficiently, LNCS, vol.2729, pp.145-161, 2003.

E. J. Tom and . Mimblewimble, , 2016.

J. Kilian, A note on efficient zero-knowledge proofs and arguments (extended abstract), 24th ACM STOC, pp.723-732, 1992.

V. Kolesnikov and R. Kumaresan, Improved OT extension for transferring short secrets, CRYPTO 2013, Part II, vol.8043, pp.54-70, 2013.

P. Koshy, D. Koshy, and P. Mcdaniel, An analysis of anonymity in bitcoin using P2P network traffic, LNCS, vol.8437, pp.469-485, 2014.

N. Koblitz and A. J. Menezes, Another look at "provable security, Journal of Cryptology, vol.20, issue.1, pp.3-37, 2007.

G. Kol and M. Naor, Cryptography and game theory: Designing protocols for exchanging information, LNCS, vol.4948, pp.320-339, 2008.

M. Karchmer and A. Wigderson, On span programs, Proc. of the 8th IEEE Structure in Complexity Theory, pp.102-111, 1993.

A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham, Sequential aggregate signatures from trapdoor permutations, LNCS, vol.3027, pp.74-90, 2004.

R. Lindner and C. Peikert, Better key sizes (and attacks) for LWE-based encryption, LNCS, vol.6558, pp.319-339, 2011.

G. Maxwell, CoinJoin: Bitcoin privacy for the real world, 2013.

G. Maxwell, Transaction cut-through, 2013.

G. Maxwell, Confidential Transactions, 2015.

I. Miers, C. Garman, M. Green, and A. D. Rubin, Zerocoin: Anonymous distributed E-cash from Bitcoin, 2013 IEEE Symposium on Security and Privacy, pp.397-411, 2013.

S. Micali, CS proofs (extended abstracts), 35th FOCS, pp.436-453, 1994.

S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. Mccoy et al., A fistful of bitcoins: characterizing payments among men with no names, Internet Measurement Conference, IMC 2013, pp.127-140, 2013.

S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2008.

M. Naor, On cryptographic assumptions and challenges (invited talk), Heidelberg, vol.2729, pp.96-109, 2003.

M. Orrù, E. Orsini, and P. Scholl, Actively secure 1-out-of-N OT extension with application to private set intersection, LNCS, vol.10159, pp.381-396, 2017.

P. Torben and . Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, CRYPTO'91, vol.576, pp.129-140, 1992.

B. Parno, J. Howell, C. Gentry, and M. Raykova, Pinocchio: Nearly practical verifiable computation, 2013 IEEE Symposium on Security and Privacy, pp.238-252, 2013.

A. Poelstra and . Mimblewimble, , 2016.

D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology, vol.13, issue.3, pp.361-396, 2000.

C. Peikert, V. Vaikuntanathan, and B. Waters, A framework for efficient and composable oblivious transfer, LNCS, vol.5157, pp.554-571, 2008.

C. Ràfols, Stretching groth-sahai: NIZK proofs of partial satisfiability, Yevgeniy Dodis and Jesper Buus Nielsen, vol.9015, pp.247-276, 2015.

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, 37th ACM STOC, pp.84-93, 2005.

T. Ruffing, P. Moreno-sanchez, and A. Kate, CoinShuffle: Practical decentralized coin mixing for bitcoin, ESORICS 2014, Part II, vol.8713, pp.345-364, 2014.

P. Rogaway, The moral character of cryptographic work, Cryptology ePrint Archive, 1162.

D. Ron and A. Shamir, Quantitative analysis of the full Bitcoin transaction graph, LNCS, vol.7859, pp.6-24, 2013.

T. Ruffing, V. Sri-aravinda-thyagarajan, D. Ronge, and . Schröder, Burning Zerocoins for Fun and for Profit: A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol. IACR Cryptology ePrint Archive, vol.612, 2018.

M. Scott, N. Benger, M. Charlemagne, L. J. Dominguez-perez, and E. J. Kachisa, Fast hashing to G 2 on pairing-friendly curves, LNCS, vol.5671, pp.102-113, 2009.

C. Schnorr, Efficient identification and signatures for smart cards, Heidelberg, vol.89, pp.239-252, 1990.

C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, vol.4, issue.3, pp.161-174, 1991.

A. Shamir and . Ip=pspace, 31st FOCS, pp.11-15, 1990.

V. Shoup, OAEP reconsidered, LNCS, vol.2139, pp.239-259, 2001.

A. Saxena, J. Misra, and A. Dhar, Increasing anonymity in bitcoin, FC 2014 Workshops, vol.8438, pp.122-139, 2014.

A. Saxena, J. Misra, and A. Dhar, Increasing Anonymity in Bitcoin, 1st Workshop on Bitcoin Research -Bitcoin, vol.8438, pp.122-139, 2014.

. Springer, , 2014.

J. Stern, Why provable security matters?, LNCS, vol.2656, pp.449-461, 2003.

Y. Sompolinsky and A. Zohar, Bitcoin's Security Model Revisited, 2016.

N. Van-saberhagen, CryptoNote v 2.0, 2013.

H. Wee, Lower bounds for non-interactive zero-knowledge, LNCS, vol.4392, pp.103-117, 2007.