references.bib

@book{mastering-eth,
    title = {Mastering Ethereum},
    author = {Antonopoulos, Andreas M. and Wood Gavin},
    year = {2018},
    publisher = "O'Reilly Media"
}

@techreport{rfc2119,
    author = "S. Bradner",
    title = {Key words for use in RFCs to Indicate Requirement Levels},
    howpublished = {Internet Requests for Comments},
    type = {RFC},
    number = 2119,
    year = {1997},
    month = {March},
    publisher = {RFC Editor},
    institution = {RFC Editor},
    url = {https://tools.ietf.org/html/rfc2119}
}

@misc{patricia-tree,
    title = {Patricia Tree},
    author = {Ethereum wiki contributors},
    howpublished = "\url{https://github.com/ethereum/wiki/wiki/Patricia-Tree}"
}

@misc{abi-function-selector,
    title = {Contract ABI Specification, Section "Function Selector"},
    howpublished = "\url{https://solidity.readthedocs.io/en/develop/abi-spec.html#function-selector}"
}

@inproceedings{black2002black,
    title={Black-box analysis of the block-cipher-based hash-function constructions from PGV},
    author={Black, John and Rogaway, Phillip and Shrimpton, Thomas},
    booktitle={Annual International Cryptology Conference},
    pages={320--335},
    year={2002},
    organization={Springer},
    note={\url{https://link.springer.com/content/pdf/10.1007/3-540-45708-9_21.pdf}}
}

@misc{ethrlp,
    author = {Ethereum wiki contributors},
    title = {{RLP}},
    howpublished = "\url{https://github.com/ethereum/wiki/wiki/RLP}",
    year = {2019},
    note = "[Online; accessed December-2019]"
}

@misc{blake-eip,
    author = {Tjaden Hess, Matt Luongo, Piotr Dyraga and James Hancock},
    title = {{EIP 152: Add BLAKE2 compression function `F`}},
    howpublished = "\url{https://eips.ethereum.org/EIPS/eip-152}",
    year = {2015},
    note = "[Online; accessed November-2019]"
}

@misc{blakecompietf,
    author = {M-J. Saarinen, Ed.},
    title = {{Blake Compression Function F}},
    howpublished = "\url{https://tools.ietf.org/html/rfc7693#section-3.2}",
    year = {2015},
    note = "[Online; accessed November-2019]"
}

@misc{zethsproken,
    author = {Clearmatics},
    title = {{Zeth Sproken release}},
    howpublished = "\url{https://github.com/clearmatics/zeth/releases/tag/v0.2}",
    year = {2019},
    note = "[Online; released 04-April-2019]"
}

@misc{secp256k1,
    author = {Bitcoin wiki},
    title = {{Secp256k1}},
    howpublished = "\url{https://en.bitcoin.it/wiki/Secp256k1}",
    note = "[Online; last accessed 04-January--2020]"
}

@misc{rfc6979,
    author = {Pornin, Thomas},
    year = {2013},
    title = {{Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)}},
    howpublished = "\url{https://tools.ietf.org/html/rfc6979}"
}

@misc{fips1804,
    author = {National Institute of Standards and Technology},
    year = {2015},
    title = {{Secure Hash Standard (SHS)}},
    howpublished = "\url{https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf}"
}

@masterthesis{md5-collision,
    author = {{Stevens, Marc}},
    title = {On Collisions for MD5},
    howpublished = {\url{https://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf}},
    year = {2015}
}

@misc{eth-bloom-filters,
    author = {Nick Johnson},
    title = {Response to "How does Ethereum make use of bloom filters?"},
    howpublished = "\url{https://ethereum.stackexchange.com/questions/3418/how-does-ethereum-make-use-of-bloom-filters}",
    year = {2016},
    note = "[Online; last accessed 10-January-2020]"
}

@article{DBLP:journals/cacm/Bloom70,
    author    = {Burton H. Bloom},
    title     = {Space/Time Trade-offs in Hash Coding with Allowable Errors},
    journal   = {Commun. {ACM}},
    volume    = {13},
    number    = {7},
    pages     = {422--426},
    year      = {1970},
    url       = {https://doi.org/10.1145/362686.362692},
    doi       = {10.1145/362686.362692},
    timestamp = {Wed, 14 Nov 2018 10:22:32 +0100},
    biburl    = {https://dblp.org/rec/bib/journals/cacm/Bloom70},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{DBLP:conf/pet/KohlweissMOTV13,
    author    = {Markulf Kohlweiss and
        Ueli Maurer and
            Cristina Onete and
            Bj{\"{o}}rn Tackmann and
            Daniele Venturi},
    title     = {Anonymity-Preserving Public-Key Encryption: {A} Constructive Approach},
    booktitle = {Privacy Enhancing Technologies - 13th International Symposium, {PETS}
        2013, Bloomington, IN, USA, July 10-12, 2013. Proceedings},
    pages     = {19--39},
    year      = {2013},
    crossref  = {DBLP:conf/pet/2013},
    url       = {https://doi.org/10.1007/978-3-642-39077-7\_2},
    doi       = {10.1007/978-3-642-39077-7\_2},
    timestamp = {Tue, 14 May 2019 10:00:38 +0200},
    biburl    = {https://dblp.org/rec/bib/conf/pet/KohlweissMOTV13},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}
@proceedings{DBLP:conf/pet/2013,
    editor    = {Emiliano De Cristofaro and
        Matthew K. Wright},
    title     = {Privacy Enhancing Technologies - 13th International Symposium, {PETS} 2013, Bloomington, IN, USA, July 10-12, 2013. Proceedings},
    series    = {Lecture Notes in Computer Science},
    volume    = {7981},
    publisher = {Springer},
    year      = {2013},
    url       = {https://doi.org/10.1007/978-3-642-39077-7},
    doi       = {10.1007/978-3-642-39077-7},
    isbn      = {978-3-642-39076-0},
    timestamp = {Tue, 14 May 2019 10:00:38 +0200},
    biburl    = {https://dblp.org/rec/bib/conf/pet/2013},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}

@unpublished{zethpaper,
    author = {Rondelet, Antoine and Zajac, Michal},
    title = {{ZETH: On Integrating Zerocash on Ethereum}},
    howpublished = "\url{https://arxiv.org/pdf/1904.00905.pdf}",
    year = {2019},
    organization = {Arxiv},
    note = "[Online; released April-2019]"
}

@misc{bn-prime,
    author = {Rondelet, Antoine and @karalabe},
    title = {{Go-ethereum BN256 package}},
    howpublished = "\url{https://github.com/ethereum/go-ethereum/blob/master/crypto/bn256/cloudflare/constants.go}",
    year = {2019},
    note = "[Online; released 28-May-2019]"
}

@misc{zcashprotocol,
    author = {ZCash},
    title = {{ZCash protocol specification}},
    howpublished = "\url{https://github.com/zcash/zips/blob/master/protocol/protocol.pdf}",
    year = {2019},
    note = "[Online; initially released 14-December-2015]"
}

@inproceedings{bellare2007two,
    title={Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles},
    author={Bellare, Mihir and Shoup, Sarah},
    booktitle={International Workshop on Public Key Cryptography},
    pages={201--216},
    year={2007},
    organization={Springer}
}

@inproceedings{groth2016size,
    title={On the size of pairing-based non-interactive arguments},
    author={Groth, Jens},
    booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques},
    pages={305--326},
    year={2016},
    organization={Springer}
}

@inproceedings{sasson2014zerocash,
    title={Zerocash: Decentralized anonymous payments from bitcoin},
    author={Ben Sasson, Eli and Chiesa, Alessandro and Garman, Christina and Green, Matthew and Miers, Ian and Tromer, Eran and Virza, Madars},
    booktitle={2014 IEEE Symposium on Security and Privacy},
    pages={459--474},
    year={2014},
    organization={IEEE}
}

@inproceedings{paillier2005discrete,
    title={Discrete-log-based signatures may not be equivalent to discrete log},
    author={Paillier, Pascal and Vergnaud, Damien},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={1--20},
    year={2005},
    organization={Springer}
}

@misc{ethyellowpaper,
    author = {Dr Gavin Wood},
    title = {{ETHEREUM:  A Secure Decentralised Generalised Transaction Ledger Byzantium}},
    howpublished = "\url{https://ethereum.github.io/yellowpaper/paper.pdf}",
    year = {2019},
    note = "[VERSION 7e819ec - 2019-10-20]"
}

@article{qu1999sec,
    title={SEC 2: Recommended elliptic curve domain parameters},
    author={Qu, Minghua},
    journal={Certicom Res., Mississauga, ON, Canada, Tech. Rep. SEC2-Ver-0.6},
    year={1999},
    publisher={Citeseer}
}

@article{johnson2001elliptic,
    title={The elliptic curve digital signature algorithm (ECDSA)},
    author={Johnson, Don and Menezes, Alfred and Vanstone, Scott},
    journal={International journal of information security},
    volume={1},
    number={1},
    pages={36--63},
    year={2001},
    publisher={Springer}
}

@misc{zcash-randomseed-hsig,
    title = {Daira's comment on: "Ensure Spec retains distinctness assumption in hSig"},
    author = {Hopwood, Daira},
    url = {https://github.com/zcash/zcash/issues/663#issuecomment-189161324},
    year = {2016}
}

@misc{tramerremote,
    author = {Florian Tramèr and Dan Boneh and Kenneth G. Paterson},
    title = {Remote Side-Channel Attacks on Anonymous Transactions},
    howpublished = {Cryptology ePrint Archive, Report 2020/220},
    year = {2020},
    note = {\url{https://eprint.iacr.org/2020/220}}
}

@misc{mp-security-ethsnarks,
    author = {HarryR},
    title = {{Conversation about Miyaguchi-Preneel security}},
    howpublished = {\url{https://github.com/HarryR/ethsnarks/issues/119}},
    year = {2019},
    note = {Online; accessed June-2019}
}

@inproceedings{holenstein2011equivalence,
    title={The equivalence of the random oracle model and the ideal cipher model, revisited},
    author={Holenstein, Thomas and K{\"u}nzler, Robin and Tessaro, Stefano},
    booktitle={Proceedings of the forty-third annual ACM symposium on Theory of computing},
    pages={89--98},
    year={2011},
    organization={ACM}
}

@inproceedings{albrecht2016mimc,
    title={MiMC: Efficient encryption and cryptographic hashing with minimal multiplicative complexity},
    author={Albrecht, Martin and Grassi, Lorenzo and Rechberger, Christian and Roy, Arnab and Tiessen, Tyge},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={191--219},
    year={2016},
    organization={Springer}
}

@inproceedings{grassi2016mpc,
    title={MPC-friendly symmetric key primitives},
    author={Grassi, Lorenzo and Rechberger, Christian and Rotaru, Dragos and Scholl, Peter and Smart, Nigel P},
    booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
    pages={430--443},
    year={2016},
    organization={ACM},
    note = {\url{https://eprint.iacr.org/2016/542}}
}

@article{keccak-submission,
    title={The Keccak SHA-3 submission},
    author={Guido, B and Joan, D and Micha{\"e}l, P and Gilles, VA},
    year={2011},
    howpublished = {\url{https://keccak.team/files/Keccak-submission-3.pdf}}
}

@misc{menezes1996handbook,
    title={Handbook of applied cryptography},
    author={Menezes, Alfred J and Van Oorschot, Paul C and Vanstone, Scott A},
    year={1996},
    publisher={CRC press},
    howpublished = {\url{http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.2838&rep=rep1&type=pdf}}
}

@inproceedings{bootle2015short,
    title={Short accountable ring signatures based on DDH},
    author={Bootle, Jonathan and Cerulli, Andrea and Chaidos, Pyrros and Ghadafi, Essam and Groth, Jens and Petit, Christophe},
    booktitle={European Symposium on Research in Computer Security},
    pages={243--265},
    year={2015},
    organization={Springer}
}

@article{wood2014ethereum,
    title={Ethereum: A secure decentralised generalised transaction ledger},
    author={Wood, Gavin and others},
    howpublished = {\url{https://ethereum.github.io/yellowpaper/paper.pdf}}
}

@inproceedings{bertoni2007sponge,
    title={Sponge functions},
    author={Bertoni, Guido and Daemen, Joan and Peeters, Micha{\"e}l and Van Assche, Gilles},
    booktitle={ECRYPT hash workshop},
    volume={2007},
    number={9},
    year={2007},
    organization={Citeseer}
}

@inproceedings{gazzoni2006maelstrom,
    title={The Maelstrom-0 hash function},
    author={Gazzoni Filho, Decio and Barreto, Paulo SLM and Rijmen, Vincent},
    booktitle={Brazilian Symposium on Information and Computer System Security},
    year={2006},
    organization={.}
}

@inproceedings{albrecht2019algebraic,
    title={Algebraic cryptanalysis of STARK-friendly designs: application to MARVELlous and MiMC},
    author={Albrecht, Martin R and Cid, Carlos and Grassi, Lorenzo and Khovratovich, Dmitry and L{\"u}ftenegger, Reinhard and Rechberger, Christian and Schofnegger, Markus},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={371--397},
    year={2019},
    organization={Springer}
}

@inproceedings{DBLP:conf/asiacrypt/Eichlseder0LORS20,
  author    = {Maria Eichlseder and
               Lorenzo Grassi and
               Reinhard L{\"{u}}ftenegger and
               Morten {\O}ygarden and
               Christian Rechberger and
               Markus Schofnegger and
               Qingju Wang},
  editor    = {Shiho Moriai and
               Huaxiong Wang},
  title     = {An Algebraic Attack on Ciphers with Low-Degree Round Functions: Application
               to Full MiMC},
  booktitle = {Advances in Cryptology - {ASIACRYPT} 2020 - 26th International Conference
               on the Theory and Application of Cryptology and Information Security,
               Daejeon, South Korea, December 7-11, 2020, Proceedings, Part {I}},
  series    = {Lecture Notes in Computer Science},
  volume    = {12491},
  pages     = {477--506},
  publisher = {Springer},
  year      = {2020},
  url       = {https://doi.org/10.1007/978-3-030-64837-4\_16},
  doi       = {10.1007/978-3-030-64837-4\_16},
  timestamp = {Thu, 10 Dec 2020 10:02:14 +0100},
  biburl    = {https://dblp.org/rec/conf/asiacrypt/Eichlseder0LORS20.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@article{bonnetain2019collisions,
    title={Collisions on Feistel-MiMC and univariate GMiMC},
    author={Bonnetain, Xavier},
    year={2019}
}

@misc{merkle-shrubs,
    title = {Merkle Shrubs},
    author = {Matter Labs},
    year = {2019},
    howpublished = "\url{https://github.com/matter-labs/MerkleShrubs}"
}

@inproceedings{GGPR13,
    author    = {Rosario Gennaro and
        Craig Gentry and
            Bryan Parno and
            Mariana Raykova},
    title     = {Quadratic Span Programs and Succinct NIZKs without PCPs},
    booktitle = {Advances in Cryptology - {EUROCRYPT} 2013, 32nd Annual International
        Conference on the Theory and Applications of Cryptographic Techniques,
        Athens, Greece, May 26-30, 2013. Proceedings},
    pages     = {626--645},
    year      = {2013},
    crossref  = {Eurocrypt2013},
    url       = {https://doi.org/10.1007/978-3-642-38348-9\_37},
    doi       = {10.1007/978-3-642-38348-9\_37},
    timestamp = {Tue, 14 May 2019 10:00:53 +0200},
    biburl    = {https://dblp.org/rec/conf/eurocrypt/GennaroGP013.bib},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}

@proceedings{Eurocrypt2013,
    editor    = {Thomas Johansson and
        Phong Q. Nguyen},
    title     = {Advances in Cryptology - {EUROCRYPT} 2013, 32nd Annual International
        Conference on the Theory and Applications of Cryptographic Techniques,
        Athens, Greece, May 26-30, 2013. Proceedings},
    series    = {Lecture Notes in Computer Science},
    volume    = {7881},
    publisher = {Springer},
    year      = {2013},
    url       = {https://doi.org/10.1007/978-3-642-38348-9},
    doi       = {10.1007/978-3-642-38348-9},
    isbn      = {978-3-642-38347-2},
    timestamp = {Tue, 14 May 2019 10:00:53 +0200},
    biburl    = {https://dblp.org/rec/conf/eurocrypt/2013.bib},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{li2019improved,
    title={Improved Interpolation Attacks on Cryptographic Primitives of Low Algebraic Degree},
    author={Li, Chaoyun and Preneel, Bart},
    booktitle={International Conference on Selected Areas in Cryptography},
    pages={171--193},
    year={2019},
    organization={Springer}
}

@misc{cryptoeprint:2020:188,
    author = {Tim Beyne and Anne Canteaut and Itai Dinur and Maria Eichlseder and Gregor Leander and Gaëtan Leurent and María Naya-Plasencia and Léo Perrin and Yu Sasaki and Yosuke Todo and Friedrich Wiemer},
    title = {Out of Oddity -- New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems},
    howpublished = {Cryptology ePrint Archive, Report 2020/188},
    year = {2020},
    note = {\url{https://eprint.iacr.org/2020/188}}
}

@book{katz2014introduction,
    title={Introduction to modern cryptography},
    author={Katz, Jonathan and Lindell, Yehuda},
    year={2014},
    note = "\url{https://repo.zenk-security.com/Cryptographie%20.%20Algorithmes%20.%20Steganographie/Introduction%20to%20Modern%20Cryptography.pdf}",
    publisher={Chapman and Hall/CRC}
}

@inproceedings{aumasson2013blake2,
    title={BLAKE2: simpler, smaller, fast as MD5},
    author={Aumasson, Jean-Philippe and Neves, Samuel and Wilcox-O’Hearn, Zooko and Winnerlein, Christian},
    booktitle={International Conference on Applied Cryptography and Network Security},
    pages={119--135},
    year={2013},
    note = "\url{https://eprint.iacr.org/2013/322.pdf}",
    organization={Springer}
}

@inproceedings{bernstein2008chacha,
    title={ChaCha, a variant of Salsa20},
    author={Bernstein, Daniel J},
    booktitle={Workshop Record of SASC},
    volume={8},
    pages={3--5},
    note = "\url{https://cr.yp.to/chacha/chacha-20080120.pdf}",
    year={2008}
}

@techreport{biham2007framework,
    title={A Framework for Iterative Hash Functions---HAIFA},
    author={Biham, Eli and Dunkelman, Orr},
    year={2007},
    note = "\url{https://eprint.iacr.org/2007/278.pdf}",
    institution={Computer Science Department, Technion}
}

@article{aumasson2008sha,
    title={Sha-3 proposal blake},
    author={Aumasson, Jean-Philippe and Henzen, Luca and Meier, Willi and Phan, Raphael C-W},
    journal={Submission to NIST},
    volume={229},
    pages={230},
    year={2008}
}

@article{vidali2010collisions,
    title={Collisions for variants of the BLAKE hash function},
    author={Vidali, Jano{\v{s}} and Nose, Peter and Pa{\v{s}}ali{\'c}, Enes},
    journal={Information processing letters},
    volume={110},
    number={14-15},
    pages={585--590},
    year={2010},
    publisher={Elsevier}
}

@inproceedings{ming2010security,
    title={Security analysis of BLAKE-32 based on differential properties},
    author={Ming, Mao and Qiang, He and Zeng, Shaokun},
    booktitle={2010 International Conference on Computational and Information Sciences},
    pages={783--786},
    year={2010},
    organization={IEEE}
}

@inproceedings{andreeva2010security,
    title={Security reductions of the second round SHA-3 candidates},
    author={Andreeva, Elena and Mennink, Bart and Preneel, Bart},
    booktitle={International Conference on Information Security},
    pages={39--53},
    year={2010},
    organization={Springer}
}

@inproceedings{alshaikhli2012comparison,
    title={Comparison and analysis study of SHA-3 finalists},
    author={Alshaikhli, Imad Fakhri and Alahmad, Mohammad A and Munthir, Khanssaa},
    booktitle={2012 International Conference on Advanced Computer Science Applications and Technologies (ACSAT)},
    pages={366--371},
    year={2012},
    organization={IEEE}
}

@inproceedings{andreeva2012security,
    title={Security analysis and comparison of the SHA-3 finalists BLAKE, Gr{\o}stl, JH, Keccak, and Skein},
    author={Andreeva, Elena and Mennink, Bart and Preneel, Bart and {\v{S}}krobot, Marjan},
    booktitle={International Conference on Cryptology in Africa},
    pages={287--305},
    year={2012},
    organization={Springer}
}

@inproceedings{andreeva2012provable,
    title={Provable security of BLAKE with non-ideal compression function},
    author={Andreeva, Elena and Luykx, Atul and Mennink, Bart},
    booktitle={International Conference on Selected Areas in Cryptography},
    pages={321--338},
    year={2012},
    organization={Springer}
}

@inproceedings{homsirikamol2012security,
    title={Security margin evaluation of SHA-3 contest finalists through SAT-based attacks},
    author={Homsirikamol, Ekawat and Morawiecki, Pawe{\l} and Rogawski, Marcin and Srebrny, Marian},
    booktitle={IFIP International Conference on Computer Information Systems and Industrial Management},
    pages={56--67},
    year={2012},
    organization={Springer}
}

@inproceedings{guo2014analysis,
    title={Analysis of BLAKE2},
    author={Guo, Jian and Karpman, Pierre and Nikoli{\'c}, Ivica and Wang, Lei and Wu, Shuang},
    booktitle={Cryptographers’ Track at the RSA Conference},
    pages={402--423},
    year={2014},
    note = "\url{https://eprint.iacr.org/2013/467.pdf}",
    organization={Springer}
}

@inproceedings{hao2014boomerang,
    title={The boomerang attacks on BLAKE and BLAKE2},
    author={Hao, Yonglin},
    booktitle={International Conference on Information Security and Cryptology},
    pages={286--310},
    year={2014},
    note = "\url{https://eprint.iacr.org/2014/1012.pdf}",
    organization={Springer}
}

@inproceedings{espitau2015higher,
    title={Higher-order differential meet-in-the-middle preimage attacks on SHA-1 and BLAKE},
    author={Espitau, Thomas and Fouque, Pierre-Alain and Karpman, Pierre},
    booktitle={Annual Cryptology Conference},
    pages={683--701},
    year={2015},
    note = "\url{https://eprint.iacr.org/2015/515}",
    organization={Springer}
}

@article{neves2019observation,
    title={An observation on NORX, BLAKE2, and ChaCha},
    author={Neves, Samuel and Araujo, Filipe},
    journal={Information Processing Letters},
    volume={149},
    pages={1--5},
    year={2019},
    publisher={Elsevier}
}

@article{luykx2016security,
    title={Security analysis of BLAKE2’s modes of operation},
    author={Luykx, Atul and Mennink, Bart and Neves, Samuel},
    journal={IACR Transactions on Symmetric Cryptology},
    pages={158--176},
    note = "\url{https://www.esat.kuleuven.be/cosic/publications/article-2705.pdf}",
    year={2016}
}

@misc{sha256libsnark,
    author = {SCIPR-LAB},
    title = {{SHA256 gadget fin Libsnark}},
    howpublished = "\url{https://github.com/scipr-lab/libsnark/blob/master/libsnark/gadgetlib1/gadgets/hashes/sha256/sha256_components.tcc}",
    year = {2019},
    note = "[VERSION 477c9df - 2019-06-18]"
}

@inproceedings{mennink2015impact,
    title={On the impact of known-key attacks on hash functions},
    author={Mennink, Bart and Preneel, Bart},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={59--84},
    year={2015},
    note = "\url{https://eprint.iacr.org/2015/909.pdf}",
    organization={Springer}
}

@misc{bowe2017mpc,
    author = {Sean Bowe and Ariel Gabizon and Ian Miers},
    title = {Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model},
    howpublished = {Cryptology ePrint Archive, Report 2017/1050},
    year = {2017},
    note = {\url{https://eprint.iacr.org/2017/1050}}
}

@inproceedings{aoki2009preimages,
    title={Preimages for step-reduced SHA-2},
    author={Aoki, Kazumaro and Guo, Jian and Matusiewicz, Krystian and Sasaki, Yu and Wang, Lei},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={578--597},
    year={2009},
    organization={Springer},
    note = {\url{https://link.springer.com/content/pdf/10.1007/978-3-642-10366-7_34.pdf}}
}

@inproceedings{sanadhya2008new,
    title={New collision attacks against up to 24-step SHA-2},
    author={Sanadhya, Somitra Kumar and Sarkar, Palash},
    booktitle={International conference on cryptology in India},
    pages={91--103},
    year={2008},
    organization={Springer},
    note = {\url{https://eprint.iacr.org/2008/270.pdf}}
}

@inproceedings{li2012converting,
    title={Converting meet-in-the-middle preimage attack into pseudo collision attack: Application to SHA-2},
    author={Li, Ji and Isobe, Takanori and Shibutani, Kyoji},
    booktitle={International Workshop on Fast Software Encryption},
    pages={264--286},
    year={2012},
    organization={Springer},
    note = {\url{https://link.springer.com/content/pdf/10.1007/978-3-642-34047-5_16.pdf}}
}

@inproceedings{isobe2009preimage,
    title={Preimage attacks on reduced Tiger and SHA-2},
    author={Isobe, Takanori and Shibutani, Kyoji},
    booktitle={International Workshop on Fast Software Encryption},
    pages={139--155},
    year={2009},
    organization={Springer},
    note={\url{https://link.springer.com/content/pdf/10.1007/978-3-642-03317-9_9.pdf}}
}

@inproceedings{khovratovich2012bicliques,
    title={Bicliques for preimages: attacks on Skein-512 and the SHA-2 family},
    author={Khovratovich, Dmitry and Rechberger, Christian and Savelieva, Alexandra},
    booktitle={International Workshop on Fast Software Encryption},
    pages={244--263},
    year={2012},
    organization={Springer},
    note={\url{https://link.springer.com/content/pdf/10.1007/978-3-642-34047-5_15.pdf}}
}

@inproceedings{mendel2011finding,
    title={Finding SHA-2 characteristics: searching through a minefield of contradictions},
    author={Mendel, Florian and Nad, Tomislav and Schl{\"a}ffer, Martin},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={288--307},
    year={2011},
    organization={Springer},
    note = {\url{https://link.springer.com/content/pdf/10.1007/978-3-642-25385-0_16.pdf}}
}

@inproceedings{guo2010advanced,
    title={Advanced meet-in-the-middle preimage attacks: First results on full Tiger, and improved results on MD4 and SHA-2},
    author={Guo, Jian and Ling, San and Rechberger, Christian and Wang, Huaxiong},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={56--75},
    year={2010},
    organization={Springer},
    note = {\url{https://eprint.iacr.org/2010/016.pdf}}
}

@article{lamberger2011higher,
    title={Higher-Order Differential Attack on Reduced SHA-256.},
    author={Lamberger, Mario and Mendel, Florian},
    journal={IACR Cryptology ePrint Archive},
    volume={2011},
    pages={37},
    year={2011},
    note={\url{https://eprint.iacr.org/2011/037.pdf}}
}

@inproceedings{aoki2009meet,
    title={Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1},
    author={Aoki, Kazumaro and Sasaki, Yu},
    booktitle={Annual International Cryptology Conference},
    pages={70--89},
    year={2009},
    organization={Springer}
}

@book{bourbaki2003elements,
    title={Elements of mathematics: Algebra},
    author={Bourbaki, Nicolas},
    year={2003},
    publisher={Springer}
}

@article{abdalla1999dhaes,
    title={DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem.},
    author={Abdalla, Michel and Bellare, Mihir and Rogaway, Phillipi},
    year = {1999},
    note = {\url{https://pdfs.semanticscholar.org/95f4/63d097086fba325086a4cf88706648dafd09.pdf}}
}

@inproceedings{bellare2001key,
    title={Key-privacy in public-key encryption},
    author={Bellare, Mihir and Boldyreva, Alexandra and Desai, Anand and Pointcheval, David},
    booktitle={International Conference on the Theory and Application of Cryptology and Information Security},
    pages={566--582},
    year={2001},
    organization={Springer},
    note = {\url{https://iacr.org/archive/asiacrypt2001/22480568.pdf}}
}

@inproceedings{abdalla2010robust,
    title={Robust encryption},
    author={Abdalla, Michel and Bellare, Mihir and Neven, Gregory},
    booktitle={Theory of Cryptography Conference},
    pages={480--497},
    year={2010},
    organization={Springer},
    note = {\url{https://eprint.iacr.org/2008/440.pdf}}
}

@misc{abdalla2001dhies,
    title={DHIES: An Encryption Scheme Based on the Diffie-Hellman Problem.},
    author={Abdalla, Michel and Bellare, Mihir and Rogaway, Phillip},
    year = {2001},
    note = {\url{https://web.cs.ucdavis.edu/~rogaway/papers/dhies.pdf}}
}

@inproceedings{asiacrypt-2010-23840,
    title={A Closer Look at Anonymity and Robustness in Encryption Schemes},
    booktitle={Advances in Cryptology - ASIACRYPT 2010 - 16th International Conference on the Theory and Application of Cryptology and Information Security},
    series={Lecture Notes in Computer Science},
    publisher={Springer},
    volume={6477},
    pages={501-518},
    url={https://www.iacr.org/archive/asiacrypt2010/6477505/6477505.pdf},
    doi={10.1007/978-3-642-17373-8_29},
    author={Payman Mohassel},
    year=2010
}

@inproceedings{bernstein2006curve25519,
    title={Curve25519: new Diffie-Hellman speed records},
    author={Bernstein, Daniel J},
    booktitle={International Workshop on Public Key Cryptography},
    pages={207--228},
    year={2006},
    organization={Springer},
    note = {\url{https://cr.yp.to/ecdh/curve25519-20060209.pdf}}
}

@inproceedings{bernstein2005state,
    title={The Poly1305-AES message-authentication code},
    author={Bernstein, Daniel J},
    booktitle={International Workshop on Fast Software Encryption},
    pages={32--49},
    year={2005},
    organization={Springer},
    note = {\url{https://cr.yp.to/mac/poly1305-20050329.pdf}}
}

@misc{rfc7748,
    series =  {Request for Comments},
    number =  {7748},
    howpublished =  {RFC 7748, \url{https://tools.ietf.org/pdf/rfc7748.pdf}},
    publisher = {RFC Editor},
    doi =   {10.17487/RFC7748},
    author =  {Adam Langley and Mike Hamburg and Sean Turner},
    title =   {Elliptic Curves for Security},
    pagetotal = {22},
    year =    {2016}
}

@misc{trevorzerocheckcritique,
    author= {Perrin, Trevor},
    title = {X25519 and zero outputs},
    year = {2017},
    howpublished = {\url{https://moderncrypto.org/mail-archive/curves/2017/000896.html}},
    note = "[Online; last accessed 08-January-2020]"
}

@misc{stateoftheartdh,
    author= {Bernstein, Daniel J.},
    title = {A state-of-the-art Diffie-Hellman function},
    howpublished = {\url{https://cr.yp.to/ecdh.html}},
    note = "[Online; last accessed 08-January-2020]"
}

@misc{estreamchallenge,
    title = {ESTREAM project},
    howpublished = {\url{https://en.wikipedia.org/wiki/ESTREAM}}
}

@article{langley2018chacha20,
    title={ChaCha20 and Poly1305 for IETF Protocols},
    author={Langley, Adam and Nir, Yoav},
    year={2018},
    journal={RFC 8439},
    note = {\url{https://tools.ietf.org/html/rfc8439}}
}

@misc{zcashforum2019encsec,
    title = {On the security of Sprout/Sapling in-band encryption},
    howpublished = {\url{https://forum.zcashcommunity.com/t/on-the-security-of-sprout-sapling-in-band-encryption/34986}}
}

@misc{safecurves2017,
    author= {Bernstein, Daniel J. and Lange, Tanja},
    title = {SafeCurves: choosing safe curves for elliptic-curve cryptography},
    howpublished = {\url{https://safecurves.cr.yp.to}},
    note = "[Online; last accessed 09-December-2019]"
}

@techreport{barker2018recommendation,
    title={Recommendation for pair-wise key-establishment schemes using discrete logarithm cryptography},
    author={Barker, Elaine and Chen, Lily and Keller, Sharon and Roginsky, Allen and Vassilev, Apostol and Davis, Richard},
    year={2018},
    institution={National Institute of Standards and Technology},
    howpublished = {\url{https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf}},
    note = "[Online; last accessed 10-January-2020]"
}

@incollection{Bernstein:2008:SFS:1423346.1423354,
    author = {Bernstein, Daniel J.},
    chapter = {The Salsa20 Family of Stream Ciphers},
    title = {New Stream Cipher Designs},
    editor = {Robshaw, Matthew and Billet, Olivier},
    year = {2008},
    isbn = {978-3-540-68350-6},
    pages = {84--97},
    numpages = {14},
    url = {\url{https://cr.yp.to/snuffle/salsafamily-20071225.pdf}},
    doi = {10.1007/978-3-540-68351-3_8},
    acmid = {1423354},
    publisher = {Springer-Verlag},
    address = {Berlin, Heidelberg},
}

@article{choudhuri2016differential,
    title={Differential Cryptanalysis of Salsa and ChaCha-An Evaluation with a Hybrid Model.},
    author={Choudhuri, Arka Rai and Maitra, Subhamoy},
    journal={IACR Cryptology ePrint Archive},
    volume={2016},
    pages={377},
    year={2016},
    note={\url{https://eprint.iacr.org/2016/377.pdf}}
}

@inproceedings{antipa2003validation,
    title={Validation of elliptic curve public keys},
    author={Antipa, Adrian and Brown, Daniel and Menezes, Alfred and Struik, Ren{\'e} and Vanstone, Scott},
    booktitle={International Workshop on Public Key Cryptography},
    pages={211--223},
    year={2003},
    organization={Springer}
}

@inproceedings{aumasson2008new,
    title={New features of Latin dances: analysis of Salsa, ChaCha, and Rumba},
    author={Aumasson, Jean-Philippe and Fischer, Simon and Khazaei, Shahram and Meier, Willi and Rechberger, Christian},
    booktitle={International Workshop on Fast Software Encryption},
    pages={470--488},
    year={2008},
    organization={Springer}
}

@article{ishiguro2012modified,
    title={Modified version of" Latin Dances Revisited: New Analytic Results of Salsa20 and ChaCha".},
    author={Ishiguro, Tsukasa},
    howpublished = {Cryptology ePrint Archive, Report 2012/065},
    year={2012},
    note={\url{https://eprint.iacr.org/2012/065.pdf}}
}

@inproceedings{shi2012improved,
    title={Improved key recovery attacks on reduced-round salsa20 and chacha},
    author={Shi, Zhenqing and Zhang, Bin and Feng, Dengguo and Wu, Wenling},
    booktitle={International Conference on Information Security and Cryptology},
    pages={337--351},
    year={2012},
    organization={Springer}
}

@article{maitra2016chosen,
    title={Chosen IV cryptanalysis on reduced round ChaCha and Salsa},
    author={Maitra, Subhamoy},
    journal={Discrete Applied Mathematics},
    volume={208},
    pages={88--97},
    year={2016},
    publisher={Elsevier}
}

@article{choudhuri2017maitra,
    title={Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha},
    volume={2016},
    url={https://tosc.iacr.org/index.php/ToSC/article/view/574},
    DOI={10.13154/tosc.v2016.i2.261-287},
    number={2},
    journal={IACR Transactions on Symmetric Cryptology},
    author={Choudhuri, Arka Rai and Maitra, Subhamoy},
    year={2017},
    month={Feb.},
    pages={261-287}
}

@article {montgomery1987speeding,
    AUTHOR = {Montgomery, Peter L.},
    TITLE = {Speeding the {P}ollard and elliptic curve methods of factorization},
    JOURNAL = {Math. Comp.},
    FJOURNAL = {Mathematics of Computation},
    VOLUME = {48},
    YEAR = {1987},
    NUMBER = {177},
    PAGES = {243--264},
    ISSN = {0025-5718},
    MRCLASS = {11Y05 (11A51 68Q40)},
    MRNUMBER = {866113},
    MRREVIEWER = {Kevin S. McCurley},
    DOI = {10.2307/2007888},
    URL = {https://doi.org/10.2307/2007888}
}

@inproceedings{mouha2015multi,
    title={Multi-key security: The Even-Mansour construction revisited},
    author={Mouha, Nicky and Luykx, Atul},
    booktitle={Annual Cryptology Conference},
    pages={209--223},
    year={2015},
    organization={Springer},
    note={\url{https://hal.inria.fr/hal-01240988/document}}
}

@article{procter2014security,
  title={A Security Analysis of the Composition of ChaCha20 and Poly1305},
  journal={IACR Cryptology ePrint Archive},
  volume={2014},
  pages={613},
  url={https://eprint.iacr.org/2014/613},
  author={Gordon Procter},
  year=2014
}

@misc{zcash-remote-sca-fix-announcement,
    title = {"Zcash Alerts - Security Announcement 2019-09-24"},
    howpublished = "\url{https://z.cash/support/security/announcements/security-announcement-2019-09-24/a}"
}

@Misc{gabizon2019auroralight,
  author =       "Ariel Gabizon",
  title =        "{AuroraLight}: Improved prover efficiency and {SRS} size in a Sonic-like system",
  year =         2019,
  howpublished = "Cryptology ePrint Archive, Report 2019/601",
  note =         "\url{https://eprint.iacr.org/2019/601}",
}

@InProceedings{maller2019sonic,
  author =       "Mary Maller and
                  Sean Bowe and
                  Markulf Kohlweiss and
                  Sarah Meiklejohn",
  title =        "Sonic: Zero-Knowledge {SNARKs} from Linear-Size Universal and Updatable Structured Reference Strings",
  pages =        "2111--2128",
  editor =       ccs19ed,
  booktitle =    ccs19name,
  address =      ccs19addr,
  month =        ccs19month,
  publisher =    ccspub,
  year =         2019,
  doi =          "10.1145/3319535.3339817",
}

@Misc{gabizon2019plonk,
  author =       "Ariel Gabizon and
                  Zachary J. Williamson and
                  Oana Ciobotaru",
  title =        "{PLONK}: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge",
  year =         2019,
  howpublished = "Cryptology ePrint Archive, Report 2019/953",
  note =         "\url{https://eprint.iacr.org/2019/953}",
}

@InProceedings{chiesa2020marlin,
  author =       "Alessandro Chiesa and
                  Yuncong Hu and
                  Mary Maller and
                  Pratyush Mishra and
                  Noah Vesely and
                  Nicholas P. Ward",
  title =        "Marlin: Preprocessing {zkSNARKs} with Universal and Updatable {SRS}",
  pages =        "738--768",
  editor =       eurocrypt20ed,
  booktitle =    eurocrypt20name1,
  volume =       eurocrypt20vol1,
  address =      eurocrypt20addr,
  month =        eurocrypt20month,
  publisher =    eurocryptpub,
  series =       mylncs,
  year =         2020,
  doi =          "10.1007/978-3-030-45721-1_26",
}

@Book{goldreich2001book,
  author =       "Oded Goldreich",
  title =        "Foundations of Cryptography: Basic Tools",
  publisher =    "Cambridge University Press",
  address =      "Cambridge, UK",
  volume =        1,
  pages =        "xix + 372",
  year =         2001,
  ISBN =         "0-521-79172-3 (hardback)",
  LCCN =         "QA268.G5745 2001",
  bibdate =      "Wed Jan 16 10:57:08 2002",
}

@InProceedings{groth2006simulation,
  author =       "Jens Groth",
  title =        "Simulation-Sound {NIZK} Proofs for a Practical Language and Constant Size Group Signatures",
  pages =        "444--459",
  editor =       asiacrypt06ed,
  booktitle =    asiacrypt06name,
  volume =       asiacrypt06vol,
  address =      asiacrypt06addr,
  month =        asiacrypt06month,
  publisher =    asiacryptpub,
  series =       mylncs,
  year =         2006,
  doi =          "10.1007/11935230_29",
}

@inproceedings{groth2017simulation,
  author    = {Jens Groth and
               Mary Maller},
  editor    = {Jonathan Katz and
               Hovav Shacham},
  title     = {Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable
               SNARKs},
  booktitle = {Advances in Cryptology - {CRYPTO} 2017 - 37th Annual International
               Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017,
               Proceedings, Part {II}},
  series    = {Lecture Notes in Computer Science},
  volume    = {10402},
  pages     = {581--612},
  publisher = {Springer},
  year      = {2017},
  url       = {https://doi.org/10.1007/978-3-319-63715-0\_20},
  doi       = {10.1007/978-3-319-63715-0\_20},
  timestamp = {Tue, 14 May 2019 10:00:48 +0200},
  biburl    = {https://dblp.org/rec/conf/crypto/GrothM17.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{DBLP:conf/uss/PiotrowskaHEMD17,
  author    = {Ania M. Piotrowska and
               Jamie Hayes and
               Tariq Elahi and
               Sebastian Meiser and
               George Danezis},
  editor    = {Engin Kirda and
               Thomas Ristenpart},
  title     = {The Loopix Anonymity System},
  booktitle = {26th {USENIX} Security Symposium, {USENIX} Security 2017, Vancouver,
               BC, Canada, August 16-18, 2017},
  pages     = {1199--1216},
  publisher = {{USENIX} Association},
  year      = {2017},
  url       = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/piotrowska},
  timestamp = {Thu, 19 Oct 2017 15:11:30 +0200},
  biburl    = {https://dblp.org/rec/conf/uss/PiotrowskaHEMD17.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{DBLP:conf/sp/DanezisG09,
  author    = {George Danezis and
               Ian Goldberg},
  title     = {Sphinx: {A} Compact and Provably Secure Mix Format},
  booktitle = {30th {IEEE} Symposium on Security and Privacy (S{\&}P 2009), 17-20
               May 2009, Oakland, California, {USA}},
  pages     = {269--282},
  publisher = {{IEEE} Computer Society},
  year      = {2009},
  url       = {https://doi.org/10.1109/SP.2009.15},
  doi       = {10.1109/SP.2009.15},
  timestamp = {Wed, 16 Oct 2019 14:14:51 +0200},
  biburl    = {https://dblp.org/rec/conf/sp/DanezisG09.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{bowe18zexe,
  author    = {Sean Bowe and
               Alessandro Chiesa and
               Matthew Green and
               Ian Miers and
               Pratyush Mishra and
               Howard Wu},
  title     = {{ZEXE:} Enabling Decentralized Private Computation},
  booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
               CA, USA, May 18-21, 2020},
  pages     = {947--964},
  publisher = {{IEEE}},
  year      = {2020},
  url       = {https://doi.org/10.1109/SP40000.2020.00050},
  doi       = {10.1109/SP40000.2020.00050},
  timestamp = {Thu, 20 Aug 2020 17:04:50 +0200},
  biburl    = {https://dblp.org/rec/conf/sp/BoweC0MMW20.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@misc{housni2020onelayer,
    author = {Youssef El Housni and Aurore Guillevic},
    title = {Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition},
    howpublished = {Cryptology ePrint Archive, Report 2020/351},
    year = {2020},
    note = {\url{https://eprint.iacr.org/2020/351}},
}

@misc{rondelet2020zecale,
      title={Zecale: Reconciling Privacy and Scalability on Ethereum},
      author={Antoine Rondelet},
      year={2020},
      eprint={2008.05958},
      archivePrefix={arXiv},
      primaryClass={cs.CR}
}

@article{DBLP:journals/iacr/BeckLMG21,
    author    = {Gabrielle Beck and
        Julia Len and
        Ian Miers and
        Matthew Green},
    title     = {Fuzzy Message Detection},
    journal   = {{IACR} Cryptol. ePrint Arch.},
    volume    = {2021},
    pages     = {89},
    year      = {2021},
    url       = {https://eprint.iacr.org/2021/089},
    timestamp = {Tue, 02 Feb 2021 17:40:34 +0100},
    biburl    = {https://dblp.org/rec/journals/iacr/BeckLMG21.bib},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}

@article{DBLP:journals/tit/HellesethRS99,
  author    = {Tor Helleseth and
               Chunming Rong and
               Daniel Sandberg},
  title     = {New Families of Almost Perfect Nonlinear Power Mappings},
  journal   = {{IEEE} Trans. Inf. Theory},
  volume    = {45},
  number    = {2},
  pages     = {475--485},
  year      = {1999},
  url       = {https://doi.org/10.1109/18.748997},
  doi       = {10.1109/18.748997},
  timestamp = {Tue, 10 Mar 2020 10:46:21 +0100},
  biburl    = {https://dblp.org/rec/journals/tit/HellesethRS99.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@inproceedings{DBLP:conf/eurocrypt/Nyberg93,
  author    = {Kaisa Nyberg},
  editor    = {Tor Helleseth},
  title     = {Differentially Uniform Mappings for Cryptography},
  booktitle = {Advances in Cryptology - {EUROCRYPT} '93, Workshop on the Theory and
               Application of of Cryptographic Techniques, Lofthus, Norway, May 23-27,
               1993, Proceedings},
  series    = {Lecture Notes in Computer Science},
  volume    = {765},
  pages     = {55--64},
  publisher = {Springer},
  year      = {1993},
  url       = {https://doi.org/10.1007/3-540-48285-7\_6},
  doi       = {10.1007/3-540-48285-7\_6},
  timestamp = {Tue, 14 May 2019 10:00:53 +0200},
  biburl    = {https://dblp.org/rec/conf/eurocrypt/Nyberg93.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@article{mimc-security-communications,
  author    = {Lorenzo Grassi and Antoine Rondelet},
  title     = {Private Communications},
  year      = {2021}
}

@inproceedings{DBLP:conf/fse/JakobsenK97,
  author    = {Thomas Jakobsen and
               Lars R. Knudsen},
  editor    = {Eli Biham},
  title     = {The Interpolation Attack on Block Ciphers},
  booktitle = {Fast Software Encryption, 4th International Workshop, {FSE} '97, Haifa,
               Israel, January 20-22, 1997, Proceedings},
  series    = {Lecture Notes in Computer Science},
  volume    = {1267},
  pages     = {28--40},
  publisher = {Springer},
  year      = {1997},
  url       = {https://doi.org/10.1007/BFb0052332},
  doi       = {10.1007/BFb0052332},
  timestamp = {Tue, 14 May 2019 10:00:54 +0200},
  biburl    = {https://dblp.org/rec/conf/fse/JakobsenK97.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}

@article{DBLP:journals/siamdm/Gordon93,
    author    = {Daniel M. Gordon},
    title     = {Discrete Logarithms in \emph{GF(P)} Using the Number Field Sieve},
    journal   = {{SIAM} J. Discret. Math.},
    volume    = {6},
    number    = {1},
    pages     = {124--138},
    year      = {1993},
    url       = {https://doi.org/10.1137/0406010},
    doi       = {10.1137/0406010},
    timestamp = {Sat, 30 May 2020 19:53:40 +0200},
    biburl    = {https://dblp.org/rec/journals/siamdm/Gordon93.bib},
    bibsource = {dblp computer science bibliography, https://dblp.org}
}