[1] Satoshi N. Bitcoin:A peertopeer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf, Mar. 2018.
[2] Möser M. Anonymity of bitcoin transactions. In Proc. Münster Bitcoin Conf., July 2013, pp.1718.
[3] Ron D, Shamir A. Quantitative analysis of the full bitcoin transaction graph. In Proc. the 17th Int. Conf. Financial Cryptography and Data Security, April 2013, pp.624.
[4] Androulaki E, Karame G O, Roeschlin M, Scherer T, Capkun S. Evaluating user privacy in bitcoin. In Proc. the 17th Int. Conf. Financial Cryptography and Data Security, April 2013, pp.3451.
[5] Rivest R L, Shamir A, Tauman Y. How to leak a secret:Theory and applications of ring signatures. In Theoretical Computer Science, Goldreich O, Rosenberg A L, Selman A L (eds.), Springer, 2006, pp.164186.
[6] Chaum D, van Heyst E. Group signatures. In Proc. Workshop on the Theory and Appl. Cryptographic Techniques, April 1991, pp.257265.
[7] van Saberhagen N. Cryptonote v 2.0, 2013. https://cryptonote.org/whitepaper.pdf, March. 2018.
[8] Noether S, Mackenzie A, The Monero Research Lab. Ring confidential transactions. Ledger, 2016, 1:118.
[9] Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 1996, pp.143154.
[10] Chow S S M, Liu J K, Wong D S. Robust receiptfree election system with ballot secrecy and verifiability. In Proc. Network and Distributed System Security Symp., Feb. 2008.
[11] Dodis Y, Kiayias A, Nicolosi A, Shoup V. Anonymous identification in ad hoc groups. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 2004, pp.609626.
[12] Naor M. Deniable ring authentication. In Proc. the 22nd Annu. Int. Cryptology Conf., August 2002, pp.481498.
[13] Abe M, Ohkubo M, Suzuki K. 1outofn signatures from a variety of keys. In Proc. the 8th Int. Conf. Theory and Appl. Cryptology and Information Security, December 2002, pp.415432.
[14] Liu J K, Wei V K, Wong D S. Linkable spontaneous anonymous group signature for ad hoc groups. In Proc. the 9th Australasian Conf. Information Security and Privacy, July 2004, pp.325335.
[15] Boneh D, Gentry C, Lynn B, Shacham H. Aggregate and verifiably encrypted signatures from bilinear maps. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 2003, pp.416432.
[16] Bender A, Katz J, Morselli R. Ring signatures:Stronger definitions, and constructions without random oracles. In Proc. the 3rd Theory of Cryptography Conf., March 2006, pp.6079.
[17] Chandran N, Groth J, Sahai A. Ring signatures of sublinear size without random oracles. In Proc. the 34th Int. Colloquium on Automata Languages and Programming, July 2007, pp.423434.
[18] Yuen T H, Liu J K, Au M H, Susilo W, Zhou J Y. Efficient linkable and/or threshold ring signature without random oracles. The Computer Journal, 2013, 56(4):407421.
[19] Ghadafi E M. Sublinear blind ring signatures without random oracles. In Proc. the 14th IMA Int. Conf. Cryptography and Coding, December 2013, pp.304323.
[20] Fuchsbauer G. Automorphic signatures in bilinear groups and an application to roundoptimal blind signatures. IACR Cryptology ePrint Archive Report 2009/320, 2009. https://eprint.iacr.org/2009/320.pdf, Mar. 2018.
[21] Bose P, Das D, Rangan C P. Constant size ring signature without random oracle. In Proc. the 20th Australasian Conf. Information Security and Privacy, July 2015, pp.230247.
[22] Galbraith S D, Paterson K G, Smart N P. Pairings for cryptographers. Discrete Applied Mathematics, 2008, 156(16):31133121.
[23] Nguyen L. Accumulators from bilinear pairings and applications. In Proc. Cryptographers' Track at the RSA Conference, February 2005, pp.275292.
[24] BenSasson E, Chiesa A, Garman C, Green M, Miers I, Tromer E, Virza M. Zerocash:Decentralized anonymous payments from bitcoin. In Proc. IEEE Symp. Security and Privacy (SP), May 2014, pp.459474.
[25] Bellare M, Neven G. Multisignatures in the plain publickey model and a general forking lemma. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30November 3, 2006, pp.390399.
[26] Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 1989, 18(1):186208.
[27] Bleichenbacher D, Maurer U. On the efficiency of onetime digital signatures. In Proc. Int. Conf. Theory and Appl. Cryptology and Information Security, November 1996, pp.145158.
[28] Perrig A. The BiBa onetime signature and broadcast authentication protocol. In Proc. the 8th ACM Conf. Computer and Communications Security, November 2001, pp.2837.
