Indentification protocols are two-party interactive protocols between a *prover* and a *verifier* that allow the verifier to identify the prover as the legitimate owner of a public key. Identification protocols can be obtained from zero-knowledge proof systems for hard computational problems, and can be used to build digital signatures using the Fiat-Shamir heuristics.

**Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More**

(*Micciancio & Vadhan*- Crypto 2003)**Tightly-Secure Signatures From Lossy Identification Schemes**

(*Abdalla, Fouque, Lyubashevsky & Tibouchi*- Eurocrypt 2012)**Lattice-Based Identification Schemes Secure Under Active Attacks**

(*Lyubashevsky*- PKC 2008)**Zero-Knowledge Protocols for NTRU: Application to Identification and Proof of Plaintext Knowledge**

(*Xagawa & Tanaka*- ProvSec 2009)**Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems**

(*Kawachi, Tanaka & Xagawa*- AsiaCrypt 2008)**Improved Zero-Knowledge Identification with Lattices**

(*Cayrel, Lindner, Ruckert & Silva*- ProvSec 2010)**Adaptively Secure Identity-Based Identification from Lattices without Random Oracles**

(*Ruckert*- SCN 2010)**A lattice-based batch identification scheme**

(*Silva, Cayrel & Lindner*- ITW 2011)**LWE-based identification schemes**

(*Silva, Campello & Dahab*- ITW 2011**Improved Zero-knowledge Proofs of Knowledge for the ISIS Problem, and Applications**

(*Ling, Nguyen, Stehle & Wang*- PKC 2013)**Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings**

(*Benhamouda, Krenn, Lyubashevsky & Pietrzak*- ESORICS 2015)**Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures**

(*Benhamouda, Camenisch, Krenn, Lyubashevsky & Neven*- AsiaCrypt 2014)