<<

. 7
( 8)



>>

Press, 1992, pp. 65-134. of Secrets with Many Buyers,” ETACS Bul-
1363. R.A. Rueppel and J.L. Massey, “The Knap- letin, v. 42, 1990, pp. 178-186.
sack as a Nonlinear Function,” IEEE Inter- 1375. M. Santha and U.V. Vazirani, “Generating
national Symposium on Information The- Quasi-Random Sequences from Slightly
ory, Brighton, UK, May 1985. Random Sources,” Proceedings of the 25th
1364. R.A. Rueppel and O.J. Staffelbach, “Prod- Annual Symposium on the Foundations of
ucts of Linear Recurring Sequences with Computer Science, 1984, pp. 434-440.
Maximum Complexity,” IEEE Transac- 1376. M. Santha and U.V. Vazirani, “Generating
tions on Information Theory, v. IT-33, n. 1, Quasi-Random Sequences from Slightly
Jan 1987, pp. 124-131. Random Sources,” fournal of Computer
1365. D. Russell and G.T. Gangemi, Computer and System Sciences, v. 33, 1986, pp. 75-87.
Security Basics, O™Reilly and Associates, 1377. S. Saryazdi, “An Extension to ElGamal
Inc., 1991. Public Key Cryptosystem with a New Sig-
1366. S. Russell and P. Craig, “Privacy nature Scheme,” Proceedings of the 1990
Enhanced Mail Modules for ELM,” Pro- Bilkent International Conference on New
ceedings of the Internet Society I994 Trends in Communication, Control, and
Workshop on Network and Distributed Signal Processing, North Holland: Else-
System Security, The Internet Society, vier Science Publishers, 1990, pp.
1994, pp. 21-34. 195-198.
1367. D.F.H. Sadok and J. Kelner, “Privacy 1378. J.E. Savage, “Some Simple Self-
Enhanced Mail Design and Implementation Synchronizing Digital Data Scramblers,”
Perspectives,” Computer Communications Bell System Technical fournal, v. 46, n. 2,
Review, v. 24, n. 3, Jul 1994, pp. 38-46. Feb 1967, pp. 448-487.
1368. K. Sakano, “Digital Signatures with User- 1379. B.P. Schanning, “Applying Public Key Dis-
Flexible Reliability,” Proceedings of the tribution to Local Area Networks,” Com-
1993 Symposium on Cryptography and puters e3 Security, v. 1, n. 3, Nov 1982, pp.
Information Security (SCIS 93), Shuzenji, 268-274.
Japan, 2830 Jan 1993, pp. X.1-8. 1380. B.P. Schanning, S.A. Powers, and J.
1369. K. Sakano, C. Park, and K. Kurosawa, “MEMO:
Kowalchuk, Privacy and
“(k,n) Threshold Undeniable Signature Authentication for the Automated
Scheme,” Proceedings of the 1993 Korea- Office,” Proceedings of the 5th Conference
fapan Workshop on Information Security on Local Computer Networks, IEEE Press,
and Cryptography, Seoul, Korea, 24-26 1980, pp. 2130.
Ott 1993, pp. 184-193. 1381. Schaumuller-Bichl, “Zur Analyse des Data
1370. K. Sako, “Electronic Voting Schemes Encryption Standard und Synthese Ver-
Allowing Open Objection to the Tally,” wandter Chiffriersysteme,” Ph.D. disserta-
Transactions of the Institute of Electron- tion, Linz University, May 198 1. (In Ger-
ics, Information, and Communication man.)
Engineers, v. E77-A, n. 1, 1994, pp. 2430. 1382. Schaumuller-Bichl, “On the Design and
1371. K. Sako and J. Kilian, “Secure Voting Using Analysis of New Cipher Systems Related
Partially Compatible Homomorphisms,” to the DES,” Technical Report, Linz Uni-
Advances in Cryptology-CRYPTO ˜94 versity, 1983.




Page 728
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


System,” U.S. Patent #4,995,082, 19 Feb
1383. A. Scherbius, “Ciphering Machine,” U.S.
1991.
Patent #1,657,411, 24 Jan 1928.
1399. C.P. Schnorr, “An Efficient Cryptographic
1384. J.I. Schiller, “Secure Distributed Comput-
Hash Function,” presented at the rump
ing,” Scientific American, v. 271, n. 5, Nov
session of CRYPTO ˜91, Aug 1991.
1994, pp. 72-76.
1385. R. Schlafly, “Complaint Against Exclusive 1400. C.P. Schnorr, “FFT-Hash II, Efficient Cryp-
Federal Patent License,” Civil Action File tographic Hashing,” Advances in Cryp-
tology-EUROCRYPT ˜92 Proceedings,
No. C-93 20450, United States District
Court for the Northern District of Califor- Springer-Verlag 1993, pp. 45-54.
1401. C.P. Schnorr and W. AIexi, “RSA-bits are
nia.
1386. B. Schneier, “One-Way Hash Functions,” 0.5 + E Secure,” Advances in Cryptology:
Proceedings of EUROCRYPT 84, Springer-
Dr. Dobbs fournal, v. 16, n. 9, Sep 1991,
Verlag, 1985, pp. 113-126.
pp. 148-151.
1402. C.P. Schnorr and S. Vaudenay, “Parallel
1387. B. Schneier, “Data Guardians,” MacWorld,
FFT-Hashing,” Fast Software Encryption,
v. 10, n. 2, Feb 1993, pp. 145-151.
1388. B. Schneier, “Description of a New Vari- Cambridge Security Workshop Proceed-
able-Length Key, 64-Bit Block Cipher ings, Springer-Verlag, 1994, pp. 149-156.
1403. C.P. Schnorr and S. Vaudenay, “Black Box
(Blowfish),” Fast Software Encryption,
Cambridge Security Workshop Proceed- Cryptanalysis of Hash Networks Based on
ings, Springer-Verlag, 1994, pp. 191-204. Muhipermutations,” Advances in Cryp-
1389. B. Schneier, “The Blowfish Encryption tology-EUROCRYPT ˜94 Proceedings,
Algorithm,” Dr. Dobbs fournal, v. 19, n. 4, Springer-Verlag, 1995, to appear.
Apr 1994, pp. 38-40. 1404. W. Schwartau, Information Warfare:
1390. B. Schneier, Protect Your Macintosh, Chaos on the Electronic Superhighway,
New York: Thunders Mouth Press, 1994.
Peachpit Press, 1994.
1391. B. Schneier, “Designing Encryption AIgo- 1405. R. Scott, “Wide Open Encryption Design
rithms for Real People,” Proceedings of the Offers Flexible Implementations,” Cryp-
1994 ACM SIGSAC New Security tologia, v. 9, n. 1, Jan 1985, pp. 75-90.
Paradigms Workshop, IEEE Computer 1406. J. Seberry, “A Subliminal Channel in
Authentication without
Society Press, 1994, pp. 63-71. Codes for
1392. B. Schneier, “A Primer on Authentication Secrecy,” Ars Combinatorics, v. 19A,
and Digital Signatures,” Computer Secu- 1985, pp. 337-342.
rity fournal, v. 10, n. 2, 1994, pp. 38-40. 1407. J. Seberry and J. Pieprzyk, Cryptography:
1393. B. Schneier, “The GOST Encryption AIgo- An Introduction to Computer Security,
rithm,” Dr. Dobb™s fournal, v. 20, n. 1, Jan Englewood Cliffs, NJ.: Prentice-Hall,
95, pp. 123-124. 1989.
1394. B. Schneier, E-Mail Security (with PGP and 1408. J. Seberry, X.-M. Zhang, and Y. Zheng,
PEM) New York: John Wiley & Sons, 1995. “Nonlinearly Balanced Boolean Functions
1395. C.P. Schnorr, “On the Construction of and Their Propagation Characteristics,”
Random Number Generators and Random Advances in Cryptology-EUROCRYPT
Function Generators,” Advances in Cryp- ˜91 Proceedings, Springer-Verlag, 1994, pp.
tology-EUROCRYPT ˜88 Proceedings, 49-60.
Springer-Verlag, 1988, pp. 225-232. 1409. H. Sedlack, “The RSA Cryptography Pro-
1396. C.P. Schnorr, “Efficient Signature Genera- cessor: The First High Speed One-Chip
tion for Smart Cards,” Advances in Cryp- Solution, ” Advances in Cryptology-
tology-CRYPTO ˜89 Proceedings, EUROCRYPT ˜87 Proceedings, Springer-
Springer-Verlag, 1990, pp. 239-252. Verlag, 1988, pp. 95-105.
1397. C.P. Schnorr, “Efficient Signature Genera- 1410. H. Sedlack and U. Golze, “An RSA Cryp-
tion for Smart Cards,” fournal of Cryptol- tography Processor,” Microprocessing and
ogy, v. 4, n. 3, 1991, pp. 161-174. Microprogramming, v. 18, 1986, pp.
1398. C.P. Schnorr, “Method for Identifying Sub- 583-590.
scribers and for Generating and Verifying 1411. E.S. Selmer, Linear Recurrence over Finite
Electronic Signatures in a Data Exchange Field, University of Bergen, Norway, 1966.




Page 729
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page

References


1412. J.O. Shallit, “On the Worst Case of Three 1424. A. Shamir, lecture at SECURICOM ˜89.
Algorithms for Computing the Jacobi Sym- 1425. A. Shamir, “Efficient Signature Schemes
bol,” fournal of Symbolic Computation, v. Based on Birational Permutations,” Ad-
10, n. 6, Dee 1990, pp. 5933610. vances in Cryptology-CRYPTO ˜93 Pro-
1413. A. Shamir, “A Fast Signature Scheme,” ceedings, Springer-Verlag, 1994, pp. 1-12.
MIT Laboratory for Computer Science, 1426. A. Shamir, personal communication, 1993.
Technical Memorandum, MIT/LCS/TM- 1427. A. Shamir and A. Fiat, “Method, Apparatus
107, Massachusetts Institute of Technol- and Article for Identification and Signa-
ogy, Jul 1978. ture,” U.S. Patent #4,748,668, 31 May
1414. A. Shamir, “How to Share a Secret,” Com- 1988.
munications of the ACM, v. 24, n. 11, Nov 1428. A. Shamir and R. Zippel, “On the Security
1979, pp. 612613. of the Merkle-Hellman Cryptographic
1415. A. Shamir, “On the Cryptocomplexity of Scheme,” IEEE Transactions on Informa-
Knapsack Systems,” Proceedings of the tion Theory, v. 26, n. 3, May 1980, pp.
11th ACM Symposium on the Theory of 339340.
Computing, 1979, pp. 118-129. 1429. M. Shand, P. Bertin, and J. Vuillemin,
1416. A. Shamir, “The Cryptographic Security of “Hardware Speedups in Long Integer Mul-
Compact Knapsacks,” MIT Library for tiplication,” Proceedings of the 2nd
Computer Science, Technical Memoran- Annual ACM Symposium on Parallel
dum, MIT/LCS/TM-164, Massachusetts Algorithms and Architectures, 1990, pp.
Institute of Technology, 1980. 138-145.
1417. A. Shamir, “On the Generation of Cryp- 1430. D. Shanks, Solved and Unsolved Problems
tographically Strong Pseudo-Random in Number Theory, Washington D.C.:
Sequences,” Lecture Notes in Computer Spartan, 1962.
Science 62: 8th International Colloquium 1431. C.E. Shannon, “A Mathematical Theory of
on Automata, Languages, and Program- Communication,” Bell System Technical
ming, Springer-Verlag, 198 1. fournal, v. 27, n. 4, 1948, pp. 379-423,
1418. A. Shamir, “A Polynomial Time Algo- 623-656.
rithm for Breaking the Basic Merkle- 1432. C.E. Shannon, “Communication Theory of
Hellman Cryptosystem,” Advances in Secrecy Systems,” Bell System Technical
Cryptology: Proceedings of Crypto 82, fournal, v. 28, n. 4, 1949, pp. 656-715.
Plenum Press, 1983, pp. 279-288. 1433. C.E. Shannon, Collected Papers: Claude
1419. A. Shamir, “A Polynomial Time Algorithm Elmwood Shannon, N.J.A. Sloane and
for Breaking the Basic Merkle-Hellman A.D. Wyner, eds., New York: IEEE Press,
Cryptosystem,” Proceedings of the 23rd 1993.
IEEE Symposium on the Foundations of 1434. C.E. Shannon, “Predication and Entropy in
Computer Science, 1982, pp. 145-152. Printed English,” Bell System Technical
1420. A. Shamir, “On the Generation of Crypto- fournal, v. 30, n. 1, 1951, pp. 50-64.
graphically Strong Pseudo-Random 1435. A. Shimizu and S. Miyaguchi, “Fast Data
Sequences,” ACM Transactions on Com- Encipherment Algorithm FEAL,” Transac-
puter Systems, v. 1, n. 1, Feb 1983, pp. 384. tions of IEICE of Japan, v. J70-D, n. 7, Jul
1421. A. Shamir, “A Polynomial Time AIgo- 87, pp. 1413-1423. (In Japanese.)
rithm for Breaking the Basic Merkle- 1436. A. Shimizu and S. Miyaguchi, “Fast Data
Hellman Cryptosystem,” IEEE Transac- Encipherment Algorithm FEAL,” Ad-
tions on Information Theory, v. IT-30, n. 5, vances in Cryptology-EUROCRYPT ˜87
Sep 1984, pp. 699-704. Proceedings, Springer-Verlag, 1988, pp.
1422. A. Shamir, “Identity-Based Cryptosystems 267-278.
and Signature Schemes,” Advances in 1437. A. Shimizu and S. Miyaguchi, “FEAL-
Cryptology: Proceedings of CRYPTO 84, Fast Data Encipherment Algorithm,” Sys-
Springer-Verlag. 1985, pp. 47-53. tems and Computers in fapan, v. 19, n. 7,
1423. A. Shamir, “On the Security of DES,” 1988, pp. 2%34, 104-106.
Advances in Cryptology-CRYPTO ˜85 1438. A. Shimizu and S. Miyaguchi, “Data Ran-
Proceedings, Springer-Verlag, 1986, pp. domization Equipment,” U.S. Patent
280-28 1. #4,850,019, 18 Jul 1989.




Page 730
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


1439. M. Shimada, “Another Practical Public- EUROCRYPT ˜85, Springer-VerIag, 1986,
pp. 103-110.
key Cryptosystem,” Electronics Letters, v.
1453. R.D. Silverman, “The Multiple Polynomial
28, n. 23.5 Nov 1992, pp. 2146-2147.
1440. K. Shirriff, personal communication, 1993. Quadratic Sieve,” Mathematics of Compu-
1441. H. Shizuya, T. Itoh, and K. Sakurai, “On tation, v. 48, n. 177, Jan 1987, pp. 329339.
the Complexity of Hyperelliptic Discrete 1454. G.J. Simmons, “Authentication without
Logarithm Problem,” Advances in Cryp- Secrecy: A Secure Communication Prob-
tology-EUROCRYPT ˜91 Proceedings, lem Uniquely Solvable by Asymmetric
Springer-Verlag, 1991, pp. 337351. Encryption Techniques,” Proceedings of
1442. Z. Shmuley, “Composite Diffie-Hellman IEEE EASCON ˜79, 1979, pp. 661-662.
Public-Key Generating Systems Are Hard 1455. G.J. Simmons, “Some Number Theoretic
to Break,” Computer Science Department, Questions Arising in Asymmetric Encryp-
Technion, Haifa, Israel, Technical Report tion Techniques,” Annual Meeting of the
356, Feb 1985. American Mathematical Society, AhJS
1443. P.W. Shor, “Algorithms for Quantum Abstract 763.94.1, 1979, pp. 136-151.
Computation: Discrete and 1456. G.J. Simmons, “High Speed Arithmetic
Log
Factoring,” Proceedings of the 35th Sym- Using Redundant Number Systems,” Pro-
posium on Foundations of Computer Sci- ceedings of the National Telecommunica-
ence, 1994, pp. 124-134. tions Conference, 1980, pp. 49.3.1-49.3.2.
1444. L. Shroyer, letter to NIST regarding DSS, 1457. G.J. Simmons, “A ˜Weak™ Privacy Protocol
17 Feb 1992. Using the RSA Cryptosystem,” Cryptolo-
1445. C. Shu, T. Matsumoto, and H. Imai, “A gia, v. 7, n. 2, Apr 1983, pp. 180-182.
Multi-Purpose Proof System, Transactions 1458. G.J. Simmons, “The Prisoner™s Problem
of the Institute of Electronics, Informa- and the Subliminal Channel,” Advances
tion, and Communication Engineers, v. in Cryptology: Proceedings of CRYPTO
E75-A, n. 6, Jun 1992, pp. 735-743. ˜83, Plenum Press, 1984, pp. 51-67.
1446. E.H. Sibley, “Random Number Genera- 1459. G.J. Simmons, “The Subliminal Channel
tors: Good Ones Are Hard to Find,” Com- and Digital Signatures,” Advances in
munications of the ACM, v. 31, n. 10, Ott Cryptology: Proceedings of EUROCRYPT
1988, pp. 1192-1201. 84, Springer-Verlag, 1985, pp. 364-378.
1447. V.M. Sidenikov and S.O. Shestakov, “On 1460. G.J. Simmons, “A Secure Subliminal
Encryption Based on Generalized Reed- Channel (?I,” Advances in Cryptology-
Solomon Codes,” Diskretnoya Math, v. 4, CRYPTO ˜85 Proceedings, Springer-Verlag,
1992, pp. 57-63. (In Russian.) 1986, pp. 33-41.
1448. V.M. Sidenikov and S.O. Shestakov, “On 1461. G.J. Simmons, “Cryptology,” Encyclope-
Insecurity of Cryptosystems Based on dia Britannica, 16th edition, 1986, pp.
Generalized Reed-Solomon Codes,” un- 913-924B.
published manuscript, 1992. 1462. G.J. Simmons, “How to (Really) Share a
1449. D.P. Sidhu, “Authentication Protocols for Secret,” Advances in Cryptology-
Computer Networks,” Computer Net- CRYPTO ˜88 Proceedings, Springer-Verlag,
works and ISDN Systems, v. 11, n. 4, Apr 1990, pp. 390-448.
1986, pp. 297310. 1463. G.J. Simmons, “Prepositioned Secret Shar-
1450. T. Siegenthaler, “Correlation-Immunity of ing Schemes and/or Shared Control
Nonlinear Combining Functions for Cryp- Schemes,” Advances in Cryptology-
tographic Applications,” IEEE Transac- EUROCRYPT ˜89 Proceedings, Springer-
tions on Information Theory, v. IT-30, n. 5, Verlag, 1990, pp. 436-467.
Sep 1984, pp. 776-780. 1464. G.J. Simmons, “Geometric Shares Secret
145 1. T. Siegenthaler, “Decrypting a Class of and/or Shared Control Schemes,”
Stream Ciphers Using Ciphertext Only,” Advances in Cryptology-CRYPTO ˜90
IEEE Transactions on Computing, v. C-34, Proceedings, Springer-Verlag, 1991, pp.
Jan 1985, pp. 81-85. 216-241.
1452. T. Siegenthaler, “Cryptanalyst™s Represen- 1465. G.J. Simmons, ed., Contemporary Cryptol-
tation of Nonlinearity Filtered ml- ogy: The Science of Information Integrity,
sequences,” Advances in Cryptology- IEEE Press, 1992.




Page 731
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


Report 50054, U.S. Department of Com-
1466. G.J. Simmons, “An Introduction to Shared
merce, Ott 1979.
Secret and/or Shared Control Schemes and
Their Application,” in Contemporary 1479. M.E. Smid, “The DSS and the SHS,” Fed-
Cryptology: The Science of Information eral Digital Signature Applications Sym-
Integrity, G.J. Simmons, ed., IEEE Press, posium, Rockville, MD, 17-18 Feb 1993.
1992, pp. 441-497. 1480. M.E. Smid and D.K. Branstad, “The Data
1467. G.J. Simmons, “How to Insure that Data Encryption Standard: Past and Future,”
Acquired to Verify Treaty Compliance Are Proceedings of the IEEE, v. 76, n. 5., May
Trustworthy,” in Contemporary Cryptol- 1988, pp. 550-559.
ogy: The Science of Information Integrity, 1481. M.E. Smid and D.K. Branstad, “The Data
G.J. Simmons, ed., IEEE Press, 1992, pp. Encryption Standard: Past and Future,” in
615-630. Contemporary Cryptology: The Science of
1468. GJ. Simmons, “The Subliminal Channels Information Integrity, G.J. Simmons, ed.,
of the U.S. Digital Signature Algorithm IEEE Press, 1992, pp. 43-64.
1482. J.L. Smith, “The Design of Lucifer, A Cryp-
(DSA),” Proceedings of the Third Sympo-
sium on: State and Progress of Research in tographic Device for Data Communica-
Cryptography, Rome: Fondazone Ugo Bor- tions,” IBM Research Report RC3326,
doni, 1993, pp. 35-54. 1971.
1483. J.L. Smith, “Recirculating Block Cipher
1469. G.J. Simmons, “Subliminal Communica-
tion is Easy Using the DSA,” Advances in Cryptographic System,” U.S. Patent
Cryptology-EUROCRYPT ˜93 Proceed- #3,796,830, 12 Mar 1974.
ings, Springer-Verlag, 1994, pp. 218-232. 1484. J.L. Smith, W.A. Notz, and P.R. Osseck,
1470. G.J. Simmons, “An Introduction to the “An Experimental Application of Cryptog-
Mathematics of Trust in Security Proto- raphy to a Remotely Accessed Data Sys-
cols,” Proceedings: Computer Security tem,” Proceedings of the ACM Annual
Foundations Workshop VI, IEEE Com- Conference, Aug 1972, pp. 282-290.
puter Society Press, 1993, pp. 121-127. 1485. K. Smith, “Watch Out Hackers, Public
1471. G.J. Simmons, “Protocols that Ensure Fair- Encryption Chips Are Coming,” Electron-
ness,” Codes and Ciphers, Institute of ics Week, 20 May 1985, pp. 3031.
Mathematics and its Applications, 1995, 1486. P. Smith, “LUC Public-Key Encryption,”
pp. 383394. Dr. Dobb™sfournal, v. 18, n. 1, Jan 1993, pp.
1472. G.J. Simmons, “Cryptanalysis and Proto- 44-49.
col Failures,” Communications of the 1487. P. Smith and M. Lennon, “LUC: A New
ACM, v. 37, n. 11, Nov 1994, pp. 56-65. Public Key System,” Proceedings of the
1473. G.J. Simmons, “Subliminal Channels: Past Ninth International Conference on Infor-
and Present,” European Transactions on mation Security, IPIPISec 1993, North
Telecommuncations, v. 4, n. 4, Jul/Aug Holland: Elsevier Science Publishers,
1994, pp. 459-473. 1993, pp. 91-111.
1474. G.J. Simmons and M.J. Norris, How to 1488. E. Snekkenes, “Exploring the BAN
Cipher Past Using Redundant Number Approach to Protocol Analysis,” Proceed-
Systems, SAND-80-1886, Sandia National ings of the 1991 IEEE Computer Society
Laboratories, Aug 1980. Symposium on Research in Security and
1475. A. Sinkov, Elementary Cryptanalysis, Privacy, 1991, pp. 171-181.
Mathematical Association of America, 1966. 1489. B. Snow, “Multiple Independent Binary
1476. R. Siromoney and L. Matthew, “A Public Bit Stream Generator,” U.S. Patent
Key Cryptosystem Based on Lyndon #5,237,615, 17 Aug 1993.
Words,” Information Processing Letters, v. 1490. R. Solovay and V. Strassen, “A Fast Monte-
35, n. 1, 15 Jun 1990, pp. 3336. Carlo Test for Primality,” SIAM lournal on
1477. B. Smeets, “A Note on Sequences Gener- Computing, v. 6, Mar 1977, pp. 84-85;
ated by Clock-Controlled Shift Registers,” erratum in ibid, v. 7, 1978, p. 118.
Advances in Cryptology-EUROCRYPT 1491. T. Sorimachi, T. Tokita, and M. Matsui,
˜85, Springer-Verlag, 1986, pp. 40-42. “On a Cipher Evaluation Method Based on
1478. M.E. Smid, “A Key Notarization System Differential Cryptanalysis,” Proceedings
for Computer Networks,” NBS Special of the 1994 Symposium on Cryptography




Page 732
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page




tology-CRYPTO ˜87 Proceedings,
and Information Security (SCIS 94), Lake
Springer-Verlag, 1988, pp. 445-457.
Biwa, Japan, 27-29 Jan 1994, pp. 4C.l-9.
1505. S.G. Stubblebine and V.G. Gligor, “Pro-
(In Japanese.)
1492. A. Sorkin, “Lucifer, a Cryptographic Algo- tecting the Integrity of Privacy-Enhanced
Mail with DES-Based Authentication
rithm,” Cryptologia, v. 8, n. 1, Jan 1984,
pp. 22-41. Codes,” Proceedings of the Privacy and
Security Research Group 1993 Workshop
1493. W. Stallings, “Kerberos Keeps the Ethernet
Secure,” Data Communications, Ott on Network and Distributed System Secu-
1994, pp. 103-111. rity, The Internet Society, 1993, pp. 75-80.
1494. W. Stallings, Network and Internetwork 1506. R. Sugarman, “On Foiling Computer
Security, Englewood Cliffs, N. J.: Prentice- Crime,” IEEE Spectrum, v. 16, n. 7, Jul 79,
pp. 3132.
Hall, 1995.
1495. W. Stallings, Protect Your Privacy: A 1507. H.N. Sun and T. Hwang, “Public-key ID-
Guide for PGP Users, Englewood Cliffs, Based Cryptosystem,” Proceedings of the
N.J.: Prentice-Hall, 1995. 25th Annual 1991 IEEE International Car-
1496. Standards Association of Australia, “Aus- nahan Conference on Security Technol-
tralian Standard 2805.4 1985: Electronic ogy, Taipei, Taiwan, l-3 Ott 1991, pp.
Funds Transfer-Requirements for Inter- 142-144.
faces: Part 4-Message Authentication,” 1508. PF. Syverson, “Formal Semantics for Log
SAA, North Sydney, NSW, 1985. its of Computer Protocols,” Proceedings of
1497. Standards Association of Australia, “Aus- the Computer Security Foundations
tralian Standard 2805.5 1985: Electronic Workshop III, IEEE Computer Society
Funds Transfer-Requirements for Inter- Press, 1990, pp. 32-41.
faces: Part 5-Data Encipherment AIgo- 1509. PF. Syverson, “The Use of Logic in the
rithm,” SAA, North Sydney, NSW, 1985. Analysis of Cryptographic Protocols,” Pro-
1498. Standards Association of Australia, “Aus- ceedings of the 1991 IEEE Computer Soci-
tralian Standard 2805.5.3: Electronic Data ety Symposium on Research in Security
Transfer-Requirements for Interfaces: and Privacy, 1991, pp. 156-170.
Part 5.3-Data Encipherment Algorithm 1510. PF. Syverson, “Knowledge, Belief, and
2,” SAA, North Sydney, NSW, 1992. Semantics in the Analysis of Crypto-
1499. J.G. Steiner, B.C. Neuman, and J.I. Schiller, graphic Protocols,” fournal of Computer
“Kerberos: An Authentication Service for Security, v. 1, n. 3, 1992, pp. 317-334.
Open Network Systems,” VSENZX Con- 1511. P.F. Syverson, “Adding Time to a Logic
ference Proceedings, Feb 1988, pp. Authentication,” 1st ACM Conference on
191-202. Computer and Communications Security,
1500. J. Stern, “Secret Linear Congruential Gen- ACM Press, 1993, pp. 97-106.
erators Are Not Cryptographically 1512. P.F.Syverson and C.A. Meadows, “A Logi-
Secure,” Proceedings of the 28th Sympo- cal Language for Specifying Cryptographic
sium on Foundations of Computer Sci- Protocol Requirements,” Proceedings of
ence, 1987, pp. 421-426. the 1993 IEEE Computer Society Sympo-
1501. J. Stern, “A New Identification Scheme sium on Research in Security and Privacy,
Based on Syndrome Decoding,” Advances 1993, pp. 14-28.
in Cryptology-CRYPTO ˜93 Proceedings, 1513. P.F. Syverson and CA. Meadows, “Formal
Springer-Verlag 1994, pp. 13-21. Requirements for Key Distribution Proto-
1502. A. Stevens, “Hacks, Spooks, and Data cols, N Advances in Cryptology-E VRO-
Encryption,” Dr. Dobbs fournal, v. 15, n. CRYPT ˜94 Proceedings, Springer-Verlag,
9, Sep 1990, pp. 127-134, 147-149. 1995, to appear.
1503. R. Struik, “On the Rao-Nam Private-Key 1514. PF. Syverson and P.C. van Oorschot, “On
Cryptosystem Using Non-Linear Codes,” Unifying Some Cryptographic Protocol
IEEE 1991 Symposium on Information Logics, ” Proceedings of the 1994 IEEE
Theory, Budapest, Hungary, 1991. Computer Society Symposium on Research
1504. R. Struik and J. van Tilburg, “The Rao- in Security and Privacy, 1994, pp. 165-177.
Nam Scheme Is Insecure against a Chosen- 1515. H. Tanaka, “A Realization Scheme for the
Plaintext Attack,” Advances in Cryp- Identity-Based Cryptosystem,” Advances




Page 733
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


1526. J.-P. Tillich and G. ZCmor, “Hashing with
in Cryptology-CRYPTO ˜87 Proceedings,
SZz,” Advances in Cryptology-CRYPTO
Springer-Verlag, 1988, pp. 340349.
1516. H. Tanaka, “A Realization Scheme for the ˜94 Proceedings, Springer-Verlag, 1994, pp.
Identity-Based Cryptosystem,” Electronics 40-49.
1527. T. Tokita, T. Sorimachi, and M. Matsui,
and Communications in lapan, Part 3
“An Efficient Search Algorithm for the
(Fundamental Electronic Science), v. 73, n.
5, May 1990, pp. l-7. Best Expression on Linear Cryptanalysis,”
1517. H. Tanaka, “Identity-Based Noninterac- IEICE Japan, Technical Report, ISEC93-97,
tive Common-Key Generation and Its 1994.
Application to Cryptosystems,” Transac- 1528. M. Tompa and H. Woll, “Random Self-
Reducibility and Zero-Knowledge Interac-
tions of the Institute of Electronics, Znfor-
mation, and Communication Engineers, v. tive Proofs of Possession of Information,”
J75-A, n. 4, Apr 1992, pp. 796-800. Proceedings of the 28th IEEE Symposium
on the Foundations of Computer Science,
1518. J. Tardo and K. Alagappan, “SPX: Global
1987, pp. 472-482.
Authentication Using Public Key Certifi-
1529. M. Tompa and H. Woll, “How to Share a
cates,” Proceedings of the 1991 IEEE Com-
Secret with Cheaters,” Iournal of Cryptol-
puter Society Symposium on Security and
Privacy, 1991, pp. 232-244. ogy, v. 1, n. 2, 1988, pp. 133-138.
1530. M.-J. Toussaint, “Verification of Crypto-
1519. J. Tardo, K. Alagappan, and R. Pitkin,
“Public Key Based Authentication Using graphic Protocols,” Ph.D. dissertation,
Internet Certificates,” VSENZX Security II Universite de Liege, 199 1.
1531. M.-J. Toussaint, “Deriving the Complete
Workshop Proceedings, 1990, pp. 121-123.
1520. A. Tardy-Corfdir and H. Gilbert, “A Knowledge of Participants in Crypto-
Known Plaintext Attack of FEAL-4 and graphic Protocols,” Advances in Cryptol-
FEAL-6,” Advances in Cryptology- ogy-CRYPTO ˜91 Proceedings, Springer-
CRYPTO ˜91 Proceedings, Springer-Verlag, Verlag, 1992, pp. 24-43.
1992, pp. 172-182. 1532. M.-J. Toussaint, “Separating the Specifica-
tion and Implementation Phases in Cryp-
1521. M. Tatebayashi, N. Matsuzaki, and D.B.
Newman, “Key Distribution Protocol for tology,” ESORZCS 92, Proceedings of the
Digital Mobile Communication System,” Second European Symposium on Research
Advances in Cryptology-CRYPTO ˜89 in Computer Security, Springer-Verlag,
Proceedings, Springer-Verlag, 1990, pp. 1992, pp. 77-101.
324-333. 1533. P.D. Townsend, J.G. Rarity, and P.R. Tap-
1522. M. Taylor, “Implementing Privacy ster, “Enhanced Single Photon Fringe Visi-
Enhanced Mail on VMS,” Proceedings of bility in a 10 km-Long Prototype Quantum
the Privacy and Security Research Group Cryptography Channel,” Electronics Let-
1993 Workshop on Network and Dis- ters, v. 28, n. 14, 8 Jul 1993, pp. 1291-1293.
tributed System Security, The Internet 1534. S.A. Tretter, “Properties of PM Sequences,”
Society, 1993, pp. 63-68. IEEE Transactions on Information Theory,
1523. R. Taylor, “An Integrity Check Value v. IT-20, n. 2, Mar 1974, pp. 295-297.
Algorithm for Stream Ciphers,” Advances 1535. H. Truman, “Memorandum for: The Secre-
in Cryptology-CRYPTO ˜93 Proceedings, tary of State, The Secretary of Defense,” A
Springer-Verlag, 1994, pp. 40-48. 20707 5/4/54/OSO, NSA TS CONTL. NO
1524. T. Tedrick, “Fair Exchange of Secrets,” 73-00405,24 Ott 1952.
Advances in Cryptology: Proceedings of 1536. Y.W. Tsai and T. Hwang, “ID Based Public
CRYPTO ˜84, Springer-Verlag, 1985, pp. Key Cryptosystem Based on Okamoto and
434-438. Tanaka™s ID Based One-Way Communica-
1525. R. Terada and P.G. Pinheiro, “How to tions Scheme,” Electronics Letters, v. 26,
Strengthen FEAL against Differential n. 10, 1 May 1990, pp. 666-668.
Cryptanalysis,” Proceedings of the 1995 1537. G. Tsudik, “Message Authentication with
lapan-Korea Workshop on Information One-Way Hash Functions,” ACM Com-
Security and Cryptography, Inuyama, puter Communications Review, v. 22, n. 5,
Japan, 24-27 Jan 1995, pp. 153-162. 1992, pp. 2938.




Page 734
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


tosystem Based on the Difficulty of Solv-
1538. S. Tsujii and K. Araki, “A Rebuttal to Cop-
ing a System of Non-Linear Equations,”
persmith™s Attacking Method,” memoran-
dum presented at Crypto ˜94, Aug 1994. TSUJII Laboratory Technical Memoran-
1539. S. Tsujii, K. Araki, J. Chao, T. Sekine, and dum, n. 1, 1986.
Y. Matsuzaki, “ID-Based Key Sharing 1549. Y. Tsunoo, E. Okamoto, and H. Doi, “Ana-
Scheme-Cancellation of Random Num- lytical Known Plain-Text Attack for FEAL-
bers by Iterative Addition,” IEICE Japan, 4 and Its Improvement,” Proceedings of
Technical Report, ISEC 92-47, Ott 1992. the 1994 Symposium on Cryptography
1540. S. Tsujii, K. Araki, and T. Sekine, “A New and Information Security (SCIS 93) 1993.
Scheme of Noninteractive ID-Based Key 1550. Y. Tsunoo, E. Okamoto, T. Uyematsu, and
M. Mambo, “Analytical Known Plain-Text
Sharing with Explosively High Degree of
Separability,” Technical Report, Depart- Attack for FEAL-6” Proceedings of the
ment of Computer Science, Tokyo Insti- 1993 Korea-Iapan Workshop on Informa-
tute of Technology, 93TR-0016, May 1993. tion Security and Cryptography, Seoul,
1541. S. Tsujii, K. Araki, and T. Sekine, “A New Korea, 24-26 Ott 1993, pp. 253-261.
Scheme of Non Interactive ID-Based key 1551. W. Tuchman, “Hellman Presents No
Shortcut Solutions to DES,” IEEE Spec-
Sharing with Explosively High Degree of
Separability (Second Version), ” Technical trum, v. 16, n. 7, July 1979, pp. 40-41.
Report, Department of Computer Science, 1552. U.S. Senate Select Committee on Intelli-
Tokyo Institute of Technology, 93TR- gence, “Unclassified Summary: Involve-
0020, Jul 1993. ment of NSA in the Development of the
1542. S. Tsujii, K. Araki, T. Sekine, and K. Data Encryption Standard,” IEEE Commu-
Tanada, “A New Scheme of Non Interac- nications Magazine, v. 16, n. 6, Nov 1978,
tive ID-Based Key Sharing with Explo- pp. 53-55.
sively High Degree of Separability,” Pro- 1553. B. Vallee, M. Girault, and P. Toffin, “How
ceedings of the 1993 Korea-Iapan to Break Okamoto™s Cryptosystem by
Workshop on Information Security and Reducing Lattice Values,” Advances in
Cryptography, Seoul, Korea, 24-26 Ott Cryptology-EUROCRYPT ˜88 Proceed-
1993, pp. 49-58. ings, Springer-Verlag, 1988, p. 281-291.
1543. S. Tsujii, K. Araki, H. Tanaki, J. Chao, T. 1554. H. Van Antwerpen, “Electronic Cash,”
Sekine, and Y. Matsuzaki, “ID-Based Key Master™s thesis, CWI, Netherlands, 1990.
Sharing Scheme-Reply to Tanaka™s Com- K. Van Espen and J. Van Mieghem, “Evalu-
1555.
ment,” IEICE Japan, Technical Report, atie en Implementatie van Authentiser-
ISEC 92-60, Dee 1992. ingsalgoritmen,” graduate thesis, ESAT
1544. S. Tsujii and J. Chao, “A New ID-based Key Laboratorium, Katholieke Universiteit
Sharing System,” Advances in Cryptol- Leuven, 1989. (In Dutch.)
ogy-CRYPTO ˜91 Proceedings, Springer- 1556. PC. van Oorschot, “Extending Crypto-
Verlag, 1992, pp. 288-299. graphic Logics of Belief to Key Agreement
1545. S. Tsujii, J. Chao, and K. Araki, “A Simple Protocols,” Proceedings of the 1st Annual
ID-Based Scheme for Key Sharing,” IEICE ACM Conference on Computer and Com-
Japan, Technical Report, ISEC 92-25, Aug munications Security, 1993, pp. 232-243.
1992. P.C. van Oorschot, “An Alternate Explana-
1557.
1546. S. Tsujii and T. Itoh, “An ID-Based Cryp- tion for Two BAN-logic ˜Failures,™ ”
tosystem Based on the Discrete Logarithm Advances in Cryptology-EUROCRYPT
Problem,” IEEE Iournal on Selected Areas ˜93 Proceedings, Springer-Verlag, 1994, pp.
in Communication, v. 7, n. 4, May 1989, 443447.
pp. 467473. 1558. P.C. van Oorschot and M.J. Wiener, “A
1547. S. Tsujii and T. Itoh, “An ID-Based Cryp- Known-Plaintext Attack on Two-Key
tosystem Based on the Discrete Logarithm Triple Encryption, ” Advances in Cryp-
Problem,” Electronics Letters, v. 23, n. 24, tology-EUROCRYPT ˜90 Proceedings,
Nov 1989, pp. 1318-1320. Springer-Verlag, 1991, pp. 318325.
1548. S. Tsujii, K. Kurosawa, T. Itoh, A. Fujioka, 1559. J. van Tilburg, “On the McEliece Cryp-
and T. Matsumoto, “A Public-Key Cryp- tosystem,” Advances in Cryptology-




Page 735
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


1571. U.V. Vazirani and V.V. Vazirani, “Efficient
CRYPTO ˜88 Proceedings, Springer-Verlag,
and Secure Pseudo-Random Number Gen-
1990, pp. 119-131.
eration,” Advances in Cryptology: Pro-
1560. J. van Tilburg, “Cryptanalysis of the Xin-
ceedings of CRYPTO ˜84, Springer-Verlag,
mei Digital Signature Scheme,” Electron-
1985, pp. 193-202.
ics Letters, v. 28, n. 20, 24 Sep 1992, pp.
1572. I. Verbauwhede, F. Hoornaert, J. Vander-
1935-1938.
walle, and H. De Man, “ASIC Crypto-
1561. J. van Tilburg, “Two Chosen-Plaintext
Attacks on the Li Wang Joing Authentica- graphical Processor Based on DES,” Euro
tion and Encryption Scheme,” Applied ASIC ˜91 Proceedings, 1991, pp. 292-295.
Algebra, Algebraic Algorithms and Error 1573. I. Verbauwhede, F. Hoornaert, J. Vander-
waIIe, H. De Man, and R. Govaerts, “Secu-
Correcting Codes IO, Springer-Verlag,
rity Considerations in the Design and
1993, pp. 332343.
1562. J. van Tilburg, “Security-Analysis of a Class Implementation of a New DES Chip,”
Advances in Cryptology-EUROCRYPT
of Cryptosystems Based on Linear Error-
Correcting Codes,” Ph.D. dissertation, ˜87 Proceedings, Springer-Verlag, 1988, pp.
Technical University Eindhoven, 1994. 287300.
1563. A. Vandemeulebroecke, E. Vanzieleghem, 1574. R. Vogel, “On the Linear Complexity of
T. Denayer, and P.G. Jespers, “A Single Cascaded Sequences,” Advances in Cryp-
Chip 1024 Bits RSA Processor,” Advances tology: Proceedings of EUROCRYPT 84,
Springer-Verlag, 1985, pp. 99-109.
in Cryptology-EUROCRYPT ˜89 Proceed-
1575. S. von Solms and D. Naccache, “On Blind
ings, Springer-Verlag, 1990, pp. 219-236.
1564. J. Vanderwalle, D. Chaum, W. Fumy, C. Signatures and Perfect Crimes,” Comput-
Jansen, P. Landrock, and G. Roelofsen, “A ers d Security, v. 11, 1992, pp. 581-583.
European Call for Cryptographic Algo- 1576. V.L. Voydock and S.T. Kent, “Security
rithms: RIPE; RACE Integrity Primitives Mechanisms in High-Level Networks,”
Evaluation,” Advances in Cryptology- ACM Computing Surveys, v. 15, n. 2, Jun
EUROCRYPT ˜89 Proceedings, Springer- 1983, pp. 135-171.
1577. N.R. Wagner, P.S. Putter, and M.R. Cain,
Verlag, 1990, pp. 267-271.
1565. V. Varadharajan, “Verification of Network “Large-Scale Randomization Techniques, ”
Security Protocols,” Computers and Secu- Advances in Cryptology-CRYPTO ˜86
rity, v. 8, n. 8, Aug 1989, pp. 693-708. Proceedings, Springer-Verlag. 1987, pp.
1566. V. Varadharajan, “Use of a Formal Descrip- 393404.
tion Technique in the Specification of 1578. M. Waidner and B. Pfitzmann, “The Din-
Authentication Protocols,” Computer ing Cryptographers in the Disco: Uncondi-
Standards and Interfaces, v. 9, 1990, pp. tional Sender and Recipient Untraceability
203-215. with Computationally Secure Serviceabil-
1567. S. Vaudenay, “FFT-Hash-II Is not Yet ity, ” Advances in Cryptology-EURO-
Collision-Free,” Advances in Cryptol- CRYPT ˜89 Proceedings, Springer-Verlag,
ogy-CRYPTO ˜92 Proceedings, Springer- 1990, p. 690.
Verlag, pp. 587-593. 1579. S.T. Walker, “Software Key Escrow-A
1568. S. Vaudenay, “Differential Cryptanalysis Better Solution for Law Enforcement™s
of Blowfish,” unpublished manuscript, Needs?” TIS Report #533, Trusted Infor-
1995. mation Systems, Aug 1994.
1569. U.V. Vazirani and V.V. Vazirani, “Trapdoor 1580. S.T. Walker, “Thoughts on Key Escrow
Pseudo-Random Number Generators with Acceptability,” TIS Report #534D, Trusted
Applications to Protocol Design,” Pro- Information Systems, Nov 1994.
ceedings of the 24th IEEE Symposium on 1581. ST. Walker, S.B. Lipner, C.M. Ellison, D.K.
the Foundations of Computer Science, Branstad, and D.M. Balenson, “Commercial
1983, pp. 2330. Key Escrow--Something for Everyone-
1570. U.V. Vazirani and V.V. Vazirani, “Efficient Now and for the Future,” TIS Report #541,
and Secure Pseudo-Random Number Gen- Trusted Information Systems, Jan 1995.
eration,” Proceedings of the 25th IEEE 1582. M.Z. Wang and J.L. Massey, “The Charac-
Symposium on the Foundations of Com- teristics of All Binary Sequences with
puter Science, 1984, pp. 458-463. Perfect Linear Complexity Profiles,”




Page 736
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


1598. M.J. Wiener, “Efficient DES Key Search,”
Abstracts of Papers, EUROCRYPT ˜86,
TR-244, School of Computer Science, Car-
20-22 May 1986.
1583. E.J. Watson, “Primitive Polynomials (Mod leton University, May 1994.
1599. M.V. Wilkes, Time-Sharing Computer Sys-
2),” Mathematics of Computation, v. 16,
1962, p. 368. tems, New York: American Elsevier, 1968.
1584. P. Wayner, “Mimic Functions,” Cryptolo- 1600. E.A. Williams, An Invitation to Cryp-
gia, v. 16, n. 3, Jul 1992, pp. 193-214. tograms, New York: Simon and Schuster,
1585. P. Wayner, “Mimic Functions and 1959.
Tractability,” draft manuscript, 1993. 1601. H.C. Williams, “A Modification of the
1586. RSA Public-Key Encryption Procedure,”
A.F. Webster and S.E. Tavares, “On the
Design of S-Boxes,” Advances in Cryptol- IEEE Transactions on Information Theory,
ogy-CRYPTO ˜85 Proceedings, Springer- v. IT-26, n. 6, Nov 1980, pp. 726-729.
Verlag, 1986, pp. 523-534. 1602. H.C. Williams, “An Overview of Factor-
1587. G. Welchman, The Hut Six Story: Break- ing,” Advances in Cryptology: Proceed-
ing the Enigma Codes, New York: ings of Crypto 83, Plenum Press, 1984, pp.
McGraw-Hill, 1982. 71-80.
1588. A.L. Wells Jr., “A Polynomial Form for 1603. H.C. Williams, “Some Public-Key Crypto-
Logarithms Modulo a Prime,” IEEE Trans- Functions as Intractable as Factorization,”
actions on Information Theory, Nov 1984, Advances in Cryptology: Proceedings of
pp. 845-846. CRYPTO 84, Springer-Verlag, 1985, pp.
1589. 66-70.
D.J. Wheeler, “A Bulk Data Encryption
Algorithm,” Fast Software Encryption, 1604. H.C. Williams, “Some Public-Key Crypto-
Cambridge Security Workshop Proceed- Functions as Intractable as Factorization,”
ings, Springer-Verlag, 1994, pp. 127-134. Cryptologia, v. 9, n. 3, Jul 1985, pp.
1590. 223-237.
D. J. Wheeler, personal communication,
1994. 1605. H.C. Williams, “An Ma Public-Key Encryp-
1591. D.J. Wheeler and R. Needham, “A Large tion Scheme,” Advances in Cryptology-
Block DES-Like Algorithm,” Technical CRYPTO ˜85, Springer-Verlag, 1986, pp.
Report 355, “Two Cryptographic Notes,” 358368.
Computer Laboratory, University of Cam- 1606. R.S. Winternitz, “Producing One-Way
bridge, Dee 1994, pp. l-3. Hash Functions from DES,” Advances in
1592. D.J. Wheeler and R. Needham, “TEA, A Cryptology: Proceedings of Crypto 83,
Tiny Encryption Algorithm,” Technical Plenum Press, 1984, pp. 203-207.
Report 355, “Two Cryptographic Notes,” 1607. R.S. Winternitz, “A Secure One-Way Hash
Computer Laboratory, University of Cam- Function Built from DES,” Proceedings of
bridge, Dee 1994, pp. 13. the 1984 Symposium on Security and Pri-
1593. S.R. White, “Covert Distributed Process- vacy, 1984, pp. 88-90.
ing with Computer Viruses,” Advances in 1608. S. Wolfram, “Random Sequence Genera-
Cryptology-CRYPTO ˜89 Proceedings, tion by Cellular Automata,” Advances in
Springer-Verlag, 1990, pp. 616-619. Applied Mathematics, v. 7, 1986, pp.
1594. White House, Office of the Press Secretary, 123-169.
“Statement by the Press Secretary,” 16 Apr 1609. S. Wolfram, “Cryptography with Cellular
1993. Automata,” Advances in Cryptology-
1595. B.A. Wichman and I.D. Hill, “An Efficient CRYPTO ˜85 Proceedings, Springer-Verlag,
and Portable Pseudo-Random Number 1986, pp. 429432.
Generator,” Applied Statistics, v. 31, 1982, 1610. T.Y.C. Woo and S.S. Lam, “Authentication
pp. 188-190. for Distributed Systems,” Computer, v. 25,
1596. M.J. Wiener, “Cryptanalysis of Short RSA n. 1, Jan 1992, pp. 39-52.
Secret Exponents,” IEEE Transactions on 1611. T.Y.C. Woo and S.S. Lam, ” ˜Authentica-
Information Theory, v. 36, n. 3, May 1990, tion™ Revisited,” Computer, v. 25, n. 3, Mar
pp. 553-558. 1992, p. 10.
1597. M.J. Wiener, “Efficient DES Key Search,” 1612. T.Y.C. Woo and S.S. Lam, “A Semantic
presented at the rump session of CRYPTO Model for Authentication Protocols,” Pro-
˜93. Aue 1993. ceedings of the 1993 IEEE Computer Soci-




Page 737
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
References


1627. A.C.-C. Yao, “Protocols for Secure Compu-
ety Symposium on Research in Security
tations,” Proceedings of the 23rd IEEE
and Privacy, 1993, pp. 178-194.
1613. M.C. Wood, technical report, Cryptech, Symposium on the Foundations of Com-
puter Science, 1982, pp. 160-164.
Inc., Jamestown, NY, Jul 1990.
1628. B. Yee, “Using Secure Coprocessors,”
1614. M.C. Wood, “Method of Cryptographically
Transforming Electronic Digital Data from Ph.D. dissertation, School of Computer
One Form to Another,” U.S. Patent Science, Carnegie Mellon University, May
1994.
#5,003,596, 26 Mar 1991.
1629. S.-M. Yen, “Design and Computation of
1615. M.C. Wood, personal communication, 1993.
1616. C.K. Wu and X.M. Wang, “Determination Public Key Cryptosystems,” Ph.D. disser-
of the True Value of the Euler Totient tation, National Cheng Hung University,
Function in the RSA Cryptosystem from a Apr 1994.
1630. S.-M. Yen and C.-S. Lai, “New Digital Sig-
Set of Possibilities,” Electronics Letters, v.
nature Scheme Based on the Discrete Log-
29, n. 1, 7 Jan 1993, pp. 84-85.
arithm,” Electronics Letters, v. 29, n. 12,
1617. MC. Wunderlich, “Recent Advances in
1993, pp. 1120-1121.
the Design and Implementation of Large
Integer Factorization Algorithms,” Pro- 1631. K. Yiu and K. Peterson, “A Single-Chip
VLSI Implementation of the Discrete
ceedings of 1983 Symposium on Security
and Privacy, IEEE Computer Society Press, Exponential Public-Key Distribution Sys-
tem,” IBM Systems fournal, v. 15, n. 1,
1983, pp. 67-71.
1618. Xerox Network System (XNS) Authentica- 1982, pp. 102-l 16.
tion Protocol, XSIS 098404, Xerox Corpo- 1632. K. Yiu and K. Peterson, “A Single-Chip
ration, Apr 1984. VLSI Implementation of the Discrete Expo-
nential Public-Key Distribution System,”
1619. Y.Y. Xian, “New Public Key Distribution
System,” Electronics Letters, v. 23, n. 11, Proceedings of Government Microcircuit
Applications Conference, 1982, pp. 18-23.
1987, pp. 560-561.
1633. H.Y. Youm, S.L. Lee, and M.Y. Rhee,
1620. L.D. Xing and L.G. Sheng, “Cryptanalysis
of New Modified Lu-Lee Cryptosystems,” “Practical Protocols for Electronic Cash,”
Electronics Letters, v. 26, n. 19, 13 Sep Proceedings of the 1993 Korea-Iapan
Workshop on Information Security and
1990, p. 1601-1602.
1621. W. Xinmei, “Digital Signature Scheme Cryptography, Seoul, Korea, 24-26 Ott
Based on Error-Correcting Codes,” Elec- 1993, pp. 10-22.
tronics Letters, v. 26, n. 13, 21 Jun 1990, p. 1634. M. Yung, “Cryptoprotocols: Subscriptions
898-899. to a Public Key, the Secret Blocking, and
1622. S.B. Xu, D.K. He, and X.M. Wang, “An the Multi-Player Mental Poker Game,”
Implementation of the GSM General Advances in Cryptology: Proceedings of
Data Encryption Algorithm A5,” CHI- CRYPTO 84, Springer-Verlag, 1985,
NACRYPT ˜94, Xidian, China, 11-15 Nov 439-453.
1994, pp. 287-291. (In Chinese.) 1635. G. Yuval, “How to Swindle Rabin,” Cryp-
1623. M. Yagisawa, “A New Method for Realiz- tologia, v. 3, n. 3, Jul 1979, pp. 187-190.
ing Public-Key Cryptosystem,” Cryptolo- 1636. K.C. Zeng and M. Huang, “On the Linear
gia, v. 9, n. 4, Ott 1985, pp. 360380. Syndrome Method in Cryptanalysis,”
1624. C.H. Yang, “Modular Arithmetic Algo- Advances in Cryptology-CRYPTO ˜88
rithms for Smart Cards,” IEICE Japan, Proceedings, Springer-Verlag, 1990, pp.
Technical Report, ISEC92-16, 1992. 469478.
1625. C.H. Yang and H. Morita, “An Efficient 1637. K.C. Zeng, M. Huang, and T.R.N. Rao, “An
Modular-Multiplication Algorithm for Improved Linear Algorithm in Cryptanaly-
Smart-Card Software Implementation,” sis with Applications,” Advances in
IEICE Japan, Technical Report, ISEC91-58, Cryptology-CRYPTO ˜90 Proceedings,
1991. Springer-Verlag, 199 1, pp. 34-47.
1626. J.H. Yang, K.C. Zeng, and Q.B. Di, “On the 1638. KC. Zeng, C.-H. Yang, and T.R.N. Rao,
Construction of Large S-Boxes,” CHI- “On the Linear Consistency Test (LCT)
NACRYPT ˜94, Xidian, China, 11-15 Nov in Cryptanalysis with Applications,”
1994, pp. 2432. (In Chinese.) Advances in Cryptology-CRYPTO ˜89




Page 738
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page




Proceedings, Springer-Verlag, 1990, pp. Cryptology-CRYPTO ˜89 Proceedings,
164-174. Springer-Verlag, 1990, pp. 461480.
1639. K.C. Zeng, C.-H. Yang, D.-Y. Wei, and 1645. Y. Zheng, T. Matsumoto, and H. Imai,
T.R.N. Rao, “Pseudorandom Bit Genera- “Duality between two Cryptographic
tors in Stream-Cipher Cryptography,” Primitives,” Proceedings of the 8th Inter-
IEEE Computer, v. 24, n. 2, Feb 1991, pp. national Conference on Applied Algebra,
8-17. Algebraic Algorithms and Error-Correcting
1640. M. Zhang, S.E. Tavares, and L.L. Campbell, Codes, Springer-Verlag, 1991, pp. 379390.
“Information Leakage of Boolean Func- 1646. Y. Zheng, J. Pieprzyk, and J. Seberry,
tions and Its Relationship to Other Crypto- “HAVAL-A One-Way Hashing Algorithm
graphic Criteria,” Proceedings of the 2nd with Variable Length of Output,”
Annual ACM Conference on Computer Advances in Crytology-AUSCRYPT ˜92
and Communications Security, ACM Proceedings, Springer-Verlag, 1993, pp.
Press, 1994, pp. 156-165. 83-104.
1641. M. Zhang and G. Xiao, “A Modified 1647. N. Zierler, “Linear Recurring Sequences,”
Design Criterion for Stream Ciphers,” fournal Sot. Indust. Appl. Math., v. 7, n. 1,
CHINACRYPT ˜94, Xidian, China, 11-15 Mar 1959, pp. 31-48.
Nov 1994, pp. 201-209. (In Chinese.] 1648. N. Zierler, “Primitive Trinomials Whose
1642. Y. Zheng, T. Matsumoto, and H. Imai, Degree Is a Mersenne Exponent,” Infor-
“Duality between two Cryptographic mation and Control, v. 15, 1969, pp.
Primitives,” Papers of Technical Group for 67-69.
Information Security, IEICE of Japan, Mar 1649. N. Zierler and J. Brillhart, “On Primitive
1989, pp. 47-57. Trinomials (mod 2)” Information and
1643. Y. Zheng, T. Matsumoto, and H. Imai, Control, v. 13, n. 6, Dee 1968, pp. 541-544.
“Impossibility and Optimality Results in 1650. N. Zierler and W.H. Mills, “Products of
Constructing Pseudorandom Permuta- Linear Recurring Sequences,” fournal of
tions,” Advances in Cryptology-EURO- Algebra, v. 27, n. 1, Ott 1973, pp. 147-157.
CRYPT ˜89 Proceedings, Springer-Verlag, 1651. C. Zimmer, “Perfect Gibberish,” Discover,
1990, pp. 412-422. v. 13, n. 12, Dee 1992, pp. 92-99.
1644. Y. Zheng, T. Matsumoto, and H. Imai, “On 1652. P.R. Zimmermann, The Official PGP
the Construction of Block Ciphers Prov- User™s Guide, Boston: MIT Press, 1995.
ably Secure and Not Relying on Any 1653. P.R. Zimmermann, PGP Source Code and
Unproved Hypotheses,” Advances in Internals, Boston: MIT Press, 1995.




Page 739
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page




Index


A5,389, 662667 Khafre, 3 173 18
cipher block chaining mode,
193-197,208-210 Khufu, 317
Abadi, Martin, 66
linear, 238
Absolute rate, of language, cipher block chaining of
234 plaintext difference linear syndrome, 38 1
mode, 208 modes, DES, 277-278
Accreditation, 103
Active attacks, 27 multiple block
cipher block chaining with
Active cheaters, 27 checksum, 207-208 cascading, 367-368
Adams, Carlisle, 334 combining, 368
cipher-feedback mode,
200-202,208-2 10
Adaptive-chosen-plaintext multiple-key public-key cryp-
attack, 6 tography, 527-528
cipher mode
Addition chaining, 244 choosing, 208-210 oblivious transfer, 550
Additive generators, 390392 summary, 209 one-way accumulators, 543
classes, 217 output-feedback mode,
Adjudicated protocol, 26, 71
Adjudicator, 26 coin flipping 203-205208-210
Adleman, Leonard M., 163-164, output feedback with a non-
using Blum integers, 543
467 using exponentiation mod- linear function, 208
ulo p, 542-543
Adler, Roy, 266 plaintext block chaining
Agnew, G. B., 423 mode, 208
using square roots, 541-542
Algebraic structure, DES, complexity, 237-239 plaintext feedback mode, 208
282-283 constant, 238 polynomial, 238
Algorithm M, 393394 polynomial-time, 238
convertible undeniable signa-
tures, 538-539
Algorithms, 2-4, 17 probabilistic encryption,
all-or-nothing disclosure of 552-554
counter mode, 205-206,209
secrets, 543-546 cubic, 238 propagating cipher block
Asmuth-Bloom, 529-530 chaining mode, 207
data compression, 226
Barrett™s, 244 public-key, 4-5,33
designated confirmer signa-
Berlekamp-Massey algorithm, tures, 539-540 quadratic, 238
380,404 Diffie-Hellman, fair, 546547 quantum cryptography,
block 554-557
digital signatures, 39
chain mode, 206-207 exponential, 238 restricted, 3
choosing, 354-355 for export, 215-216 running times, 238-239
replay, 191-193 secret-sharing algorithms,
extended Euclidean, 246-248
breaking, 8 factoring, 256 528-53 1
CAST, 334-335 secure multiparty computa-
ISO/IEC 9979 registered, 607
choosing, 214216 tion, 551-552
Karnin-Greene-Hellman, 530




Page 740
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


Algorithms (Cont.) Asymmetric algorithms, see Beth-Piper stop-and-go genera-
Public-key algorithms tor, 383-384
security, 8-9
self-synchronizing stream Atomic Energy Act, 610 Bias, 425
Attack, 5 Bidirectional message authenti-
cipher, 198-199
stream ciphers, 197-198 AT&T Model 3600 Telephone cation codes, 457
subliminal-channel signature, Security Device, 594- Biham, Eli, 284-285,288,296,
79 595 301, 303, 306, 308,
superpolynomial, 238 Authentication, 2, 52-56 311-312,314,316,319,
symmetric, 4 DASS, 62 354,361,434
synchronous stream cipher, Denning-Sacco protocol, 63 Bilateral stop-and-go generator,
202-203 dictionary attacks, 52 384-385
TEA, 346 IS0 framework, 574-577 Binary trees, 78
types, 189 Kerberos, 60 Biotechnology, as cryptanalysis
unconditionally secure, 8 message, 56 tool, 156-157
undeniable digital signatures, Needham-Schroeder protocol, Birthday attack, 165-166, 430
536-539 58-59 Bit commitment, 86-88
using, 213-229 Neuman-Stubblebine proto- using one-way functions,
vector scheme, 529 col, 60-62 87-88
zero-knowledge proofs, Otway-Rees protocol, 59-60 using pseudo-random-
548-550 protocols, formal analysis, sequence generators, 88
See also Block ciphers; 65-68 using symmetric cryptogra-
Stream ciphers salt, 52-53 phy, 86-87
All-or-nothing disclosure of Schnorr, 5 11 Blakley, George, 72, 529
secrets, 96, 543-546 SESAME, 572 Blaze, Matt, 346,364
voting with a single central SKEY, 53 Blinding factor, 112
facility, 128-130 SKID, 55-56 Blind signatures, 112-l 15,
Alternating stop-and-go genera- using interlock protocol, 549-550
tor, 383,385,410-411 54-55 patents, 115
American National Standards using one-way functions, 52 voting with, 126-127
Institute, DES approval, using public-key cryptogra- Blobs, 88
267-268 phy, 53-54 Block algorithms, 4
Anderson, Ross, 391 Wide-Mouth Frog protocol, Block chain mode, 206-207
ANDOS, see All-or-nothing dis- 56-57 Block ciphers, 4, 189
closure of secrets Woo-Lam protocol, 63-64 Blowfish, 336-339
Anonymous message broadcast, Yahalom, 57-58 CA-1.1,327328
137-139 Authenticators, 568 cascading algorithms,
ANSI X3.105,267 Avalanche effect, 273 367368
ANSI X3.106, 267 CAST, 334335
ANSI X9.8, 267 Backup keys, 181-182 CDMF key shortening, 366
ANSI X9.17,268,359 BAN logic, 66-67 choosing algorithms, 354-355
key generation, 17.5 Barrett™s algorithm, 244 combining algorithms, 368
ANSI X9.19, 267 BaseKing, 346 counter mode, 205-206,209
ANSI X9.26, 268 Basis, polarization measure- Crab, 342344
Arbitrated protocol, 23-26 ment, 555 CRYPTO-MECCANO, 346
Arbitration, timestamping, Battista, Leon, 11 designing, 35 1
75-76 BBS generator, 417 design theory, 34635 1
Arbitrator, 23 add to spelled out, 553-554 Feistel networks, 347
document signing with, Beacons, 64 group structure, 348
3537 Bellovin, Steve, 518, 520-521, S-box, 34935 1
group signatures with, 84-85 571 simple relations, 347348
AR hash function, 453 Bennett, Charles, 555, 557 strength against differential
Arithmetic, modular, 242-245 Berlekamp-Massey algorithm, and linear cryptanalysis,
Arms Export Control Act, 610 380,404 348-349
Asmuth-Bloom scheme, Bernstein, Dan, 616 weak keys, 348
529630 Berson, Tom, 441 double encryption, 357358
Association for Computing Best affine approximation double OFB/counter, 363364
Machinery, 608 attack, 381 doubling length, 363




Page 741
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


Bureau of Export Administra-
electronic codebook mode, Cipher:
tion, 610-611 substitution, 10-12
189-191,208-210
transposition, 12
encryption speeds, 355 Burrows, Michael, 66
FEAL, 3083 12 Cipher block chaining mode,
feedback, 193 CA-1.1,327328 193-197,208-210
GOST, 33 l-334 Cade algorithm, 500-501 DES, 277-278
IDEA, 3 19325 Caesar Cipher, 11 error extension, 196
iterated, 347 CAFE, 606-607 error propagation, 195-196
Li-Wang algorithm, 346 CALC, 346 initialization vector, 194
LOKI, 314-316 message authentication
Cantwell Bill, 615-616
Lucifer, 303304 Capstone, 593-594 codes, 456
Madryga, 304-306 padding, 195
Cascade generators, 405
McEliece algorithm, 346 Cascades, Gollmann, 387388 security, 196-197
MMB, 325327 Cascading: self-recovering, 196
multiple encryption, 357 triple encryption, 360-361
multiple block algorithms,
NewDES, 306308 367368 Cipher block chaining of plain-
Rao-Nam algorithm, 346 multiple stream ciphers, text difference mode, 208
419-420
RC2,318319 Cipher block chaining with
RC5,344346 Cash, digital, see Digital cash checksum,207-208
REDOC II, 311313 Cassells, Ian, 38 1 Cipher-feedback mode,
REDOC III, 313 CAST, 334335 200-202,208-210
SAFER K-64,339341 DES, 277
S-boxes, 349
security, based on one-way CBC, see Cipher block chaining error propagation, 201-202
mode
hash functions, 353354 initialization vector, 201
Skipjack, 328329 CCEP, 269,598-599 Cipher mode:
versus stream ciphers, 210-211 CDMF, 366,574 choosing, 208-2 10
SKAL8/MBAL, 344 Cellhash, 446 summary, 208-2 10
triple encryption, 358363 Cellular automata, 500 Ciphertext, l-2
3-Way, 341342 Cellular automaton generator, auto key, 198
414
using one-way hash func- hiding in ciphertext, 227-228
tions, 351354 Certificates: pairs, differential cryptanaly-
whitening, 366367 sis, 285
Privacy-Enhanced Mail, 579
xDES™, 365366 stealing, 191
public-key, 185-187
Block length, doubling, 363 x.509,574-575 Ciphertext-only attack, 5-6
Block replay, 191-193 Certification authority, 186 Cleartext, see Plaintext
Blocks, 4 Certification path, 576 Clipper chip, 591-593
Blowfish, 336339,354, Certified mail, digital, 122- Clipper key-escrow, 328
647-654 123 Clipper phone, 594
Blum, Manuel, 89, 105, 108 Chaining variables, 436 Clock-controlled generators,
Blum, Blum, and Shub genera- 381
Chambers, Bill, 385386
tor, 417-418 Characteristics, 286-288 Clocking, 38 1
Blum integers, 253 Chaum, David, 84, 115, 133, CoCom, 610
coin flipping, 543 137,536,549 Code, 9
zero-knowledge proofs, 549 Cheater, 27 Coefficients, solving for, 248
Blum-Micali generator, 416-417 sharing secrets with, 531 Coin flipping, 89-92
Boolean functions, in S-boxes, Chess Grandmaster Problem, fair, 541-543
350 109 into a well, 92
Bosselaers, Antoon, 436, 441 Chinese Lottery, 156-157 key generation, 92
Boyar, Joan, 369 Chinese remainder theorem, using Blum integers, 543
Brassard, Gilles, 555, 557 249-250,470 using one-way functions, 90
Broadcasting: Chor-Rivest knapsack, 466 using public-key cryptogra-
anonymous, 137-139 Chosen-ciphertext attack, 6-7, phy, 90-91
secret, 523-524 471-472 using square roots, 541-542
Brute-force attack, 8, 151-152 Chosen-key attack, 7 Collision, 166
software-based, 154-155 Chosen-plaintext attack, 6-7, Collision-free, 30
time and cost estimates, 359 Collision-resistance, 429
152-154 Chosen-text attack, 7 Combination generator, 381




Page 742
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


Continued fraction algorithm, Cryptosystems, 4
Combining function, 381
fair, 97
Commercial COMSEC Endorse- 256
ment Program, 269, Contract signing, simultaneous: finite automaton public-key,
598-599 with an arbitrator, 118 482
Commercial Data Masking without an arbitrator hybrid, 3234
Facility, 366, 574 face-to-face, 118-l 19 security, 234235
Common Cryptographic Archi- not face-to-face, 119-120 weak, 97
tecture, 573-574 using cryptography, Cusick, Thomas, 3 12
Common modulus, dangers of, 120-122 Cut and choose, 103
493 Control Vector, 180 Cypherpunks, 609
Common modulus attack, RSA, Convertible undeniable signa-
472 tures, 538-539 Daemen, Joan, 325,341,349,
Communications: 414
Coppersmith, Don, 94, 266,
using public-key cryptogra- 280,283,293,398,457 Damgard, Ivan, 446
phy, 3 134 Coppersmith™s algorithm, 263 Damm, Arvid Gerhard, 13
using symmetric cryptogra- Correlation attack, 380 Data, encrypted:
Correlation immunity, stream
phy, 28-29 computing with, 85-86,
Communications channels, ciphers, 380 540-541
encryption, 216-220 Correlations, random-sequence discrete logarithm problem,
Communications Setup, generators, 425 540-541
517-518 Counter mode, 205-206,209 for storage, 220-222
Complementation property, 28 1 Counting coincidences, 14 Databases, cryptographic pro-
Complement keys, DES, Crab, 342-344 tection, 73-74
281-282 Credit cards, anonymous, 147 Data complexity, 9
Completely blind signatures, Crepeau, Claude, 555 Data Encryption Algorithm, see
112-113 Crypt(l), 414 Data Encryption Stan-
Complete set of residues, 242 CRYPT(3), 296 dard
Complexity-theoretic approach, Cryptanalysis, 1, 5-8 Data Encryption Standard, 17,
stream ciphers, 415-418 differential, see Differential 265301
Complexity theory, 237-242 cryptanalysis adoption, 267-268
algorithms, 237-239 FEAL, 311312 algorithm, brute-force attack
complexity of problems, GOST, 333334 efficiency, 152-153
239-24 1 IDEA, 323 characteristics, 286-288
Compression, 226 linear, 290-293 commercial chips, 279
Compression function, 43 1 LOXI91,316 compared to GOST, 333334
Compression permutation, Madryga, 306 compression permutation,
273-274 N-Hash, 434435 273-274
Compromise, 5 related-key, 290 CRYPT(3], 296
Compromised keys, 182-183 Snefru, 432 decryption, 277
Computational complexity, 237 types, 5-7 description, 270
Computationally secure, 8 Cryptanalysts, 1 DESX, 295
Computer algorithms, 17 Crypt Breakers Workbench, development, 265-267
Computer clock, as random- 414 differential cryptanalysis,
sequence generator, 424 Cryptographers, 1 284-290
Computer Security Act of 1987, Cryptographic algorithm, see DES variants, 298
600-601 Cipher expansion permutation,
Computing, with encrypted Cryptographically secure 273-275
data, 85-86,540-541 pseudo-random, 45 final permutation, 277
COMSET, 5 17-5 18 Cryptographic facility, 562 generalized, 296-297
Conditional Access for Europe, Cryptographic mode, 189 hardware and software imple-
606607 Cryptographic protection, mentation, 278-279
Conference key distribution, 524 databases, 73-74 with independent subkeys,
Confusion, 237,346-347 Cryptographic protocol, 22 295
Congruent, 242 Cryptography, 1 initial permutation, 271
Connection integer, 403 CRYPTO-LEGGO, 414 iterated block cipher, 347
feedback with carry shift reg- Cryptologists, 1 key transformation, 272-273
isters, maximal-period, Cryptology, 1 linear cryptanalysis, 290-293
406-407 CRYPTO-MECCANO, 346 modes, 277-278




Page 743
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


dangers of common modulus,
multiple, 294-295 Desmedt, Yvo, 8 1
493
1987 review, 268-269 DES, see Data Encryption Stan-
dard description, 486-488
1993 review, 269-270
ElGamal encryption with,
outline of algorithm, 270-272 Destruction:
490-49 1
P-boxes information, 228-229
patents, 493494
design criteria, 294 of keys, 184185
prime generation, 488-490
permutation, 275, 277 DESX, 295
RDES, 297-298 proposal for NIST standard,
Dictionary attack, 52, 171-173
related-key cryptanalysis, 290 483486
Differential cryptanalysis,
RIPE-MAC, 457-458 284-290 RSA encryption with, 491
S-boxes, 349 security, 49 l-492
attacks against
alternate, 296-298 speed precomputations,
DES, 288-290
design criteria, 294 487488
DES variants, 298
subliminal channel, 493,
key-dependent, 298,300, Lucifer, 303
354 534-536
extending to higher-order dif-
ferentials, 293 foiling, 536
substitution, 274-276
security, 278,280-285 variants, 494-495
strength against, block cipher
algebraic structure, design theory, 348-349 Digital signatures, 3441
282-283 Differential-linear cryptanaly- algorithms, 39
complement keys, 281-282 sis, 293 applications, 41
blind, 112-l 15,549-550
current, 300301 Diffie, Whitfield, 31, 37, 122,
key length, 283-284 216, 283, 419,461, 501, convertible undeniable signa-
565 tures, 538-539
number of rounds, 284
possibly weak keys, Diffie-Hellman: converting identification
281-282 schemes to, 5 12
EKE implementation,
definition, 39
S-box design, 284-285 519-520
semiweak keys, 280-28 1 extended, 5 15 designated confirmer signa-
weak keys, 280-281 failsafe, 547-548 tures, 82-83,539-540
s”DES, 298-299 ElGamal, 476-478
fair, 546-547
source code, 623632 Hughes variant, 5 15 with encryption, 41-44
speeds on microprocessors entrusted undeniable, 82
key exchange without
fail-stop, 85
and computers, 279 exchanging keys, 5 15
validation and certification of patents, 516 Fiat-Shamir signature
equipment, 268 with three or more parties, 514 scheme, 507-508
Data Exchange Key, 581 Diffie™s randomized stream group signatures, 84-85
Data Keys, 176 cipher, 419 Guillou-Quisquater signature
Davies, Donald, 562 Diffusion, 237, 346347 scheme, 509-5 10
Davies-Meyer, 448 Digital card, properties, 146 improved arbitrated solution,
abreast, 452 Digital cash, 139-147 76
modified, 449450 key exchange with, 50
anonymous, 139
parallel, 45 1 credit cards, 147 multiple, 39-40
tandem, 451-452 money orders, 140 Guillou-Quisquater, 5 10
Davies-Price, 358 double spending problem, nonrepudiation, 40
Decoherence, 165 140-141 oblivious, 117
Decryption, 1 protocol, 40
off-line systems, 146
DES, 277 on-line systems, 145-146 prow, 83
other protocols, 145-147 public-key algorithms,
key, 3
key-error detection, 179 perfect crime, 145 483-502
knapsack algorithms, 465 practical, 145 Cade algorithm, 500-501
with a public key, 39 secret splitting, 142-145 cellular automata, 500
with symmetric algorithm, 4 Digital certified mail, 122-123 Digital Signature Algo-
den Boer, Bert, 434, 436,441 Digital Notary System, 78 rithm, see Digital Signa-
Denning-Sacco protocol, 63 ture Algorithm
Digital Signature Algorithm,
Dense, 378 17,483-494 discrete logarithm signa-
Dereferencing keys, 221-222 ture schemes, 496498
attacks against k, 492
Derived sequence attack, 381 computation time compari- ESIGN, 499-500
Designated confirmer signa- son with RSA, 489 GOST digital signature
tures, 82-83, 539-540 criticisms, 484-486 algorithm, 495-496




Page 744
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


with symmetric algorithm, 4
Digital signatures (Cont.) DES, 277-278
public-key algorithms (Cont. ) padding, 190-191 using public key, 5
Matsumoto-Imai algo- triple encryption, 362363 End-to-end encryption, 217-220
rithm, 500 Electronic coins, 146 combined with link-by-link,
Ong-Schnorr-Shamir, Electronic Frontier Foundation, 219-221
498-499 608 Enigma, 13,414
public-key cryptography, Electronic-funds transfer, DES Entropy, 233-234
3738 adoption, 268 Entrusted undeniable signature,
attacks against, 43-44 Electronic Privacy Information 82
one-way hash functions Center, 608 Error detection:
and, 38-39 ElGamal, 532-533 during decryption, 179
resend attack, foiling, 43 EKE implementation, 5 19 during transmission, 178
RSA, 473-474 encryption, 478 Error extension, cipher block
Schnorr signature scheme, with DSA, 490-491 chaining mode, 196
511-512 patents, 479 Error propagation:
subliminal-free, 80 signatures, 476-478 cipher block chaining mode,
with symmetric cryptosys- speed, 478-479 195-196
terns and arbitrator, ElGamal, Taher, 263 cipher-feedback mode,
3537 Elliptic curve cryptosystems, 201-202
terminology, 39 480-481 output-feedback mode, 204
timestamps, 38 Elliptic curve method, 256 Escrow agencies, 592
trees, 37 Ellison, Carl, 362 Escrowed Encryption Standard,
undeniable, 81-82,536-539 Encoding, 226 97,593
Dining Cryptographers Prob- Encrypt-decrypt-encrypt mode, ESIGN, 499˜500,533-534
lem, 137 359 Euclid™s algorithm, 245
Discrete logarithm, 245 Encrypted Key Exchange: Euler totient function, 248-249
in finite field, 261-263 applications, 521-522 Expansion permutation,
zero-knowledge proofs, 548 augmented, 520-521 273-275,315
Discrete Logarithm Problem, basic protocol, 5 18-519 Export:
501,540-541 implementation with of algorithms, 2 15-2 16,
Discrete logarithm signature Diffie-Hellman, 5 19-520 610-616
schemes, 496-498 ElGamal, 519 foreign, 617
Distributed Authentication RSA, 519 Exportable Protection Device,
Security Service, 62 strengthening, 520 389
Distributed convertible undeni- Encryption, 1 Export Administration Act, 610
able signatures, 539 communication channels, EXPTIME, 241
Distributed key management, 216-220 Extended Euclidean algorithm,
187 combining link-by-link and 246-248
DNA computing, 163-164 end-to-end, 219-221
DNRSG, 387 with compression and error Factoring, 255-258
DOD key generation, 175 control, 226 general number field sieve,
Double encryption, 357358 data, for storage, 220-222 159-160
Double OFB/counter, 363-364 detection, 226-227 long-range predictions, 162
Double spending problem, digital signatures with, 41-44 public-key encryption algo-
140-141 driver-level versus file-level, rithms, 158-159
Driver-level encryption, 222-223 222-223 special number field sieve,
DSA, see Digital Signature ElGamal, 478 160-161
Algorithm with DSA, 490-491 using quadratic sieve, 159
Dynamic random-sequence gen- end-to-end, 217-220 Factoring Problem, 501
erator, 387 with interleaving, 210-211 Failsafe:
Diffie-Hellman, 547-548
key, 3
E-box, 273 knapsack algorithms, 464 key escrowing, 98
ECB, see Electronic codebook link-by-link, 216-218 Fail-stop digital signatures, 85
mode multiple, 357 Fair cryptosystems, 97
Electronic checks, 146 with a private key, 39 Fait-Shamir, 508
Electronic codebook mode, probabilistic, 552-554 FAPKCO, 482
189-191,208-210 RSA, 468 FAPKCl, 482
combined with OFB, 364 with DSA, 491 FAPKCL, 482




Page 745
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


Galois field, computing in, Hash value, 30
FEAL, 3083 12
HAVAL, 445-446
cryptanalysis, 311312 254-255
description, 308-10 Garey, Michael, 241 Hellman, Martin, 3132,37,
patents, 311 Gatekeeper, 278 262,283,293,358359,
Feedback: Geffe generator, 382-383 461-462
cipher block chaining mode, Hiding information from an
General number field sieve,
193,195 159-160,256 oracle, 86
internal, output-feedback General Services Administra- Historical terms, 9
mode, 203 tion, DES adoption, 268 Homophonic substitution
Feedback function, 373 Generators, 253-254 cipher, 10-l 1
Feedback shift register, 373 Gifford, 392-393 Hughes, 5 15
Feedback with carry shift regis- Gifford, David, 392 Hughes, Eric, 609
ters, 402404 Gill, J., 501 Hughes XPD/KPD, 389390
combining generators, 405, Global deduction, 8 Hybrid cryptosystems, 3234,
410 Goldwasser, Shafi, 94, 552 461
maximal-length, tap Gollmann, Dieter, 386
sequences, 408-409 Gollmann cascade, 387388 IBC-Hash, 458
maximal-period, connection Goodman-McAuley cryptosys- IBM Common Cryptographic
integers, 406-407 tern, 466 Architecture, 573-574
Feedforward, cipher block Goresky, Mark, 404 IBM secret-key management
chaining mode, 195 GOST, 331334,354 protocol, 561-562
Feige, Uriel, 503-504 source code, 643-647 IDEA, 3 19325,354
Feige-Fiat-Shamir, 503-508 GOST digital signature algo- cryptanalysis, 323
enhancements, 506-507 rithm, 495496 description, 320322
identification scheme, GOST hash function, 454 modes of operation, 323-
504-505 GOST R 34.10-94,495 325
simplified, 503-504 Gosudarstvennyi Standard overview, 320321
Feistel, Horst, 266,303 Soyuza SSR, 331334 patents, 325
Feistel network, 347 Graham-Shamir knapsacks, 465 S-boxes, 349
Blowfish, 337 Graph isomorphism, 104-105 source code, 637-643
practically secure, 349 Greatest common divisor, speed, 322323
Fermat™s little theorem, 248 245-246 strength against differential
Euler™s generalization, 248 Grossman, Edna, 266 cryptanalysis, 348
FFT-Hash, 446 Group signatures, 84-85 variants, 325
Fiat, Amos, 503-504 Group Special Mobile, 389 Ideal secrecy, 236
Fiat-Shamir signature scheme, Group structure, block ciphers Identification schemes:
507-508 design theory, 348 converting to signature
Fibonacci configuration, 373, GSM, 389 schemes, 5 12
379 Guillou, Louis, 102, 508 Feige-Fiat-Shamir, 503-508
Fibonacci shrinking generator, Guillou-Quisquater: Guillou-Quisquater, 508-
391 identification scheme, 510
File-level encryption, 222-223 508-510 Ohta-Okamoto, 508
Filter generator, 381 signature scheme, 509-510 Schnorr authentication and
Finite field, 254 Gutmann, Peter, 353 signature scheme,
discrete logarithms, 261-263 Guy, Richard, 159 510-512
FIPS PUB 46,267 Identity-based cryptosystems,
FIPS PUB 74,267 Haber, Stuart, 75, 485,488 115
FIPS PUB 8 1,267 Hamiltonian cycles, 105-106 Ignition key, 564
FIPS PUB 112,267 Hard drive, encrypted, provid- Import, foreign, 6 17
Fish, 391 ing random access to, Index of coincidence, 14
Fixed bit index, 543 222 Information:
Flat keyspace, 176 Hardware: amount, information theory
Flipping coins, see Coin flipping DES implementation, definition, 233
Fortified key negotiation, 522 278-279 deduction, 8
encryption, 223-225 destruction, 228-229
Galois configuration, linear RSA, 469 Information-theoretic approach,
feedback shift registers, Hash functions, see One-way 418
378-379 hash functions stream ciphers, 415




Page 746
Prev. Chapter Home Previous Page
Next Page
Prev. page
Next Page
Index


Information theory, 233-237 Johnson, David, 241 Key and message transmission,
cryptosystem security, Jueneman™s methods, 457 51
234235 Key Auto-Key, 202
entropy and uncertainty, Kaliski, Burt, 342 Keyboard latency, as random-
233-234 Karn, 351352 sequence generator,
in practice, 236-237 Karn, Phil, 351 424-425
rate of the language, 234 Karnin-Greene-Hellman, 530 Key Certification Authority, 43
unicity distance, 235-236 Kerberos, 60,566-571 Key control vectors, 562
Ingemarsson, Ingemar, 4 18 abbreviations, 567 Key distribution:
Initialization vector: authentication steps, 567 anonymous, 94-95
cipher block chaining mode, credentials, 568 conference, 524
194 getting initial ticket, 569 Key Distribution Center, 43-44
cipher-feedback mode, 201 getting server tickets, Key-Encryption Keys, 176,184
output-feedback mode, 204 Key escrow, 97-100, 181-182,
569-570
Inner-CBC, 360,363 licenses, 571 591
Insertion attack, synchronous model, 566 politics, 98-100
stream ciphers, 203 requesting services, 570 Key exchange, 47-52

<<

. 7
( 8)



>>