This paper introduces Flamingo, a system for secure aggregation of data across a large set
of clients. In secure aggregation, a server sums up the private inputs of clients and obtains …

Zcash is an implementation of the Decentralized Anonymous Payment scheme Zerocash,
with security fixes and improvements to performance and functionality. It bridges the existing …

Multi-signatures are protocols that allow a group of signers to jointly produce a single
signature on the same message. In recent years, a number of practical multi-signature …

Censorship-circumvention tools are in an arms race against censors. The censors study all
traffic passing into and out of their controlled sphere, and try to disable censorship …

A public ledger is a tamperproof sequence of data that can be read and augmented by
everyone. Public ledgers have innumerable and compelling uses. They can secure, in plain …

MuSig is a multi-signature scheme for Schnorr signatures, which supports key aggregation
and is secure in the plain public key model. Standard derandomization techniques for …

Motivated by the subversion of “trusted” public parameters in mass-surveillance activities,
this paper studies the security of NIZKs in the presence of a maliciously chosen common …

Subversion zero knowledge for non-interactive proof systems demands that zero knowledge
(ZK) be maintained even when the common reference string (CRS) is chosen maliciously …

In Proof-of-Stake (PoS) and permissioned blockchains, a committee of verifiers agrees and
sign every new block of transactions. These blocks are validated, propagated, and stored by …

Pairing-friendly elliptic curves in the Barreto-Lynn-Scott family are seeing a resurgence in
popularity because of the recent result of Kim and Barbulescu that improves attacks against …