<<

. 25
( 29)



>>

207. H. Bonnenberg, Secure Testing of VSLI Cryptographic Equipment, Series in
Microelectronics, Vol. 25, Konstanz: Hartung Gorre Verlag, 1993.
208. H. Bonnenberg, A. Curiger, N. Felber, H. Kaeslin, and X. Lai, “VLSI
Implementation of a New Block Cipher,” Proceedings of the IEEE International Conference on
Computer Design: VLSI in Computers and Processors (ICCD 91), Oct 1991, pp. 510“513.
209. K.S. Booth, “Authentication of Signatures Using Public Key Encryption,”
Communications of the ACM, v. 24, n. 11, Nov 1981, pp. 772“774.
210. A. Bosselaers, R. Govaerts, and J. Vanderwalle, Advances in Cryptology”CRYPTO
™93 Proceedings, Springer“Verlag, 1994, pp. 175“186.
211. D.P. Bovet and P. Crescenzi, Introduction to the Theory of Complexity, Englewood
Cliffs, N.J.: Prentice“Hall, 1994.
212. J. Boyar, “Inferring Sequences Produced by a Linear Congruential Generator
Missing Low“Order Bits,” Journal of Cryptology, v. 1, n. 3, 1989, pp. 177“184.
213. J. Boyar, D. Chaum, and I. Damgård, “Convertible Undeniable Signatures,”
Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 189“205.
214. J. Boyar, K. Friedl, and C. Lund, “Practical Zero“Knowledge Proofs: Giving Hints
and Using Deficiencies,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“
Verlag, 1990, pp. 155“172.
215. J. Boyar, C. Lund, and R. Peralta, “On the Communication Complexity of Zero“
Knowledge Proofs,” Journal of Cryptology, v. 6, n. 2, 1993, pp. 65“85.
216. J. Boyar and R. Peralta, “On the Concrete Complexity of Zero“Knowledge Proofs,”
Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 507“525.
217. C. Boyd, “Some Applications of Multiple Key Ciphers,” Advances in Cryptology”
EUROCRYPT ™88 Proceedings, Springer“Verlag, 1988, pp. 455“467.
218. C. Boyd, “Digital Multisignatures,” Cryptography and Coding, H.J. Beker and F.C.
Piper, eds., Oxford: Clarendon Press, 1989, pp. 241“246.
219. C. Boyd, “A New Multiple Key Cipher and an Improved Voting Scheme,” Advances
in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp. 617“625.
220. C. Boyd, “Multisignatures Revisited,” Cryptography and Coding III, M.J. Ganley,
ed., Oxford: Clarendon Press, 1993, pp. 21“30.
221. C. Boyd and W. Mao, “On the Limitation of BAN Logic,” Advances in Cryptology”
EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 240“247.
222. C. Boyd and W. Mao, “Designing Secure Key Exchange Protocols,” Computer
Security”ESORICS 94, Springer“Verlag, 1994, pp. 217“230.
223. B.O. Brachtl, D. Coppersmith, M.M. Hyden, S.M. Matyas, C.H. Meyer, J. Oseas, S.
Pilpel, and M. Schilling, “Data Authentication Using Modification Detection Codes Based on a
Public One Way Function,” U.S. Patent #4,908,861, 13 Mar 1990.
224. J. Brandt, I.B. Damgård, P. Landrock, and T. Pederson, “Zero“Knowledge
Authentication Scheme with Secret Key Exchange,” Advances in Cryptology”CRYPTO ™88,
Springer“Verlag, 1990, pp. 583“588.
225. S.A. Brands, “An Efficient Off“Line Electronic Cash System Based on the
Representation Problem,” Report CS“R9323, Computer Science/Department of Algorithms and
Architecture, CWI, Mar 1993.
226. S.A. Brands, “Untraceable Off“line Cash in Wallet with Observers,” Advances in
Cryptology”CRYPTO ™93, Springer“Verlag, 1994, pp. 302“318.
227. S.A. Brands, “Electronic Cash on the Internet,” Proceedings of the Internet Society
1995 Symposium on Network and Distributed Systems Security, IEEE Computer Society Press
1995, pp 64“84.
228. D.K. Branstad, “Hellman™s Data Does Not Support His Conclusion,” IEEE
Spectrum, v. 16, n. 7, Jul 1979, p. 39.
229. D.K. Branstad, J. Gait, and S. Katzke, “Report on the Workshop on Cryptography
in Support of Computer Security,” NBSIR 77“1291, National Bureau of Standards, Sep 21“22,



Page 565 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1976, September 1977.
230. G. Brassard, “A Note on the Complexity of Cryptography,” IEEE Transactions on
Information Theory, v. IT“25, n. 2, Mar 1979, pp. 232“233.
231. G. Brassard, “Relativized Cryptography,” Proceedings of the IEEE 20th Annual
Symposium on the Foundations of Computer Science, 1979, pp. 383“391.
232. G. Brassard, “A Time“Luck Tradeoff in Relativized Cryptography,” Proceedings of
the IEEE 21st Annual Symposium on the Foundations of Computer Science, 1980, pp. 380“386.
233. G. Brassard, “A Time“Luck Tradeoff in Relativized Cryptography,” Journal of
Computer and System Sciences, v. 22, n. 3, Jun 1981, pp. 280“311.
234. G. Brassard, “An Optimally Secure Relativized Cryptosystem,” SIGACT News, v. 15,
n. 1, 1983, pp. 28“33.
235. G. Brassard, “Relativized Cryptography,” IEEE Transactions on Information
Theory, v. IT“29, n. 6, Nov 1983, pp. 877“894.
236. G. Brassard, Modern Cryptology: A Tutorial, Springer“Verlag, 1988.
237. G. Brassard, “Quantum Cryptography: A Bibliography,” SIGACT News, v. 24, n. 3,
Oct 1993, pp. 16“20.
238. G. Brassard, D. Chaum, and C. Cr©peau, “An Introduction to Minimum
Disclosure,” CWI Quarterly, v. 1, 1988, pp. 3“17.
239. G. Brassard, D. Chaum, and C. Cr©peau, “Minimum Disclosure Proofs of
Knowledge,” Journal of Computer and System Sciences, v. 37, n. 2, Oct 1988, pp. 156“189.
240. G. Brassard and C. Cr©peau, “Non“Transitive Transfer of Confidence: A Perfect
Zero“Knowledge Interactive Protocol for SAT and Beyond,” Proceedings of the 27th IEEE
Symposium on Foundations of Computer Science, 1986, pp. 188“195.
241. G. Brassard and C. Cr©peau, “Zero“Knowledge Simulation of Boolean Circuits,”
Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 223“233.
242. G. Brassard and C. Cr©peau, “Sorting Out Zero“Knowledge,” Advances in
Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp. 181“191.
243. G. Brassard and C. Cr©peau, “Quantum Bit Commitment and Coin Tossing
Protocols,” Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 49“
61.
244. G. Brassard, C. Cr©peau, R. Jozsa, and D. Langlois, “A Quantum Bit Commitment
Scheme Provably Unbreakable by Both Parties,” Proceedings of the 34th IEEE Symposium on
Foundations of Computer Science, 1993, pp. 362“371.
245. G. Brassard, C. Cr©peau, and J.“M. Robert, “Information Theoretic Reductions
Among Disclosure Problems,” Proceedings of the 27th IEEE Symposium on Foundations of
Computer Science, 1986, pp. 168“173.
246. G. Brassard, C. Cr©peau, and J.“M. Robert, “All“or“Nothing Disclosure of Secrets,”
Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 234“238.
247. G. Brassard, C. Cr©peau, and M. Yung, “Everything in NP Can Be Argued in
Perfect Zero“Knowledge in a Bounded Number of Rounds,” Proceedings on the 16th
International Colloquium on Automata, Languages, and Programming , Springer“Verlag, 1989,
pp. 123“136.
248. R.P. Brent, “An Improved Monte“Carlo Factorization Algorithm,” BIT, v. 20, n. 2,
1980, pp. 176“184.
249. R.P. Brent, “On the Periods of Generalized Fibonacci Recurrences, Mathematics of
Computation, v. 63, n. 207, Jul 1994, pp. 389“401.
250. R.P. Brent, “Parallel Algorithms for Integer Factorization,” Research Report CMA“
R49“89, Computer Science Laboratory, The Australian National University, Oct 1989.
251. D.M. Bressoud, Factorization and Primality Testing, Springer“Verlag, 1989.
252. E.F. Brickell, “A Fast Modular Multiplication Algorithm with Applications to Two
Key Cryptography,” Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1982, pp.
51“60.
253. E.F. Brickell, “Are Most Low Density Polynomial Knapsacks Solvable in Polynomial



Page 566 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Time?” Proceedings of the 14th Southeastern Conference on Combinatorics, Graph Theory, and
Computing, 1983.
254. E.F. Brickell, “Solving Low Density Knapsacks,” Advances in Cryptology:
Proceedings of Crypto 83, Plenum Press, 1984, pp. 25“37.
255. E.F. Brickell, “Breaking Iterated Knapsacks,” Advances in Cryptology: Proceedings
of Crypto 84, Springer“Verlag, 1985, pp. 342“358.
256. E.F. Brickell, “Cryptanalysis of the Uagisawa Public Key Cryptosystem,” Abstracts
of Papers, EUROCRYPT ™86, 20“22 May 1986.
257. E.F. Brickell, “The Cryptanalysis of Knapsack Cryptosystems,” Applications of
Discrete Mathematics, R.D. Ringeisen and F.S. Roberts, eds., Society for Industrial and Applied
Mathematics, Philadelphia, 1988, pp. 3“23.
258. E.F. Brickell, “Survey of Hardware Implementations of RSA,” Advances in
Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 368“370.
259. E.F. Brickell, D. Chaum, I.B. Damgård, and J. van de Graff, “Gradual and
Verifiable Release of a Secret,” Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“
Verlag, 1988, pp. 156“166.
260. E.F. Brickell, J.A. Davis, and G.J. Simmons, “A Preliminary Report on the
Cryptanalysis of Merkle“Hellman Knapsack,” Advances in Cryptology: Proceedings of Crypto
82, Plenum Press, 1983, pp. 289“303.
261. E.F. Brickell and J. DeLaurentis, “An Attack on a Signature Scheme Proposed by
Okamoto and Shiraishi,” Advances in Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag,
1986, pp. 28“32.
262. E.F. Brickell, D.E. Denning, S.T. Kent, D.P. Maher, and W. Tuchman, “SKIPJACK
Review”Interim Report,” unpublished manuscript, 28 Jul 1993.
263. E.F. Brickell, J.C. Lagarias, and A.M. Odlyzko, “Evaluation of the Adleman Attack
of Multiple Iterated Knapsack Cryptosystems,” Advances in Cryptology: Proceedings of Crypto
83, Plenum Press, 1984, pp. 39“42.
264. E.F. Brickell, P.J. Lee, and Y. Yacobi, “Secure Audio Teleconference,” Advances in
Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 418“426.
265. E.F. Brickell and K.S. McCurley, “An Interactive Identification Scheme Based on
Discrete Logarithms and Factoring,” Advances in Cryptology”EUROCRYPT ™90 Proceedings,
Springer“Verlag, 1991, pp. 63“71.
266. E.F. Brickell, J.H. Moore, and M.R. Purtill, “Structure in the S“Boxes of the DES,”
Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 3“8.
267. E.F. Brickell and A.M. Odlyzko, “Cryptanalysis: A Survey of Recent Results,”
Proceedings of the IEEE, v. 76, n. 5, May 1988, pp. 578“593.
268. E.F. Brickell and A.M. Odlyzko, “Cryptanalysis: A Survey of Recent Results,”
Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press,
1991, pp. 501“540.
269. E.F. Brickell and G.J. Simmons, “A Status Report on Knapsack Based Public Key
Cryptosystems,” Congressus Numerantium, v. 7, 1983, pp. 3“72.
270. E.F. Brickell and D.R. Stinson, “The Detection of Cheaters in Threshold Schemes,”
Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 564“577.
271. A.G. Broscius and J.M. Smith, “Exploiting Parallelism in Hardware Implementation
of the DES,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp.
367“376.
272. L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry, “Improving Resistance to
Differential Cryptanalysis and the Redesign of LOKI,” Advances in Cryptology”ASIACRYPT
™91 Proceedings, Springer“Verlag, 1993, pp. 36“50.
273. L. Brown, J. Pieprzyk, and J. Seberry, “LOKI: A Cryptographic Primitive for
Authentication and Secrecy Applications,” Advances in Cryptology”AUSCRYPT ™90
Proceedings, Springer“Verlag, 1990, pp. 229“236.
274. L. Brown, J. Pieprzyk, and J. Seberry, “Key Scheduling in DES Type



Page 567 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Cryptosystems,” Advances in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990,
pp. 221“228.
275. L. Brown and J. Seberry, “On the Design of Permutation P in DES Type
Cryptosystems,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag,
1990, pp. 696“705. 276. W. Brown, “A Quantum Leap in Secret Communications,” New
Scientist, n. 1585, 30 Jan 1993, p. 21.
277. J.O. Brüer, “On Pseudo Random Sequences as Crypto Generators,” Proceedings of
the International Zurich Seminar on Digital Communication, Switzerland, 1984.
278. L. Brynielsson “On the Linear Complexity of Combined Shift Register Sequences,”
Advances in Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 156“166.
279. J. Buchmann, J. Loho, and J. Zayer, “An Implementation of the General Number
Field Sieve,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp.
159“165.
280. M. Burmester and Y. Desmedt, “Broadcast Interactive Proofs,” Advances in
Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 81“95.
281. M. Burmester and Y. Desmedt, “A Secure and Efficient Conference Key Distribution
System,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to
appear.
282. D. Burnham, “NSA Seeking 500,000 ˜Secure™ Telephones,” The New York Times, 6
Oct 1994.
283. M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” Research
Report 39, Digital Equipment Corp. Systems Research Center, Feb 1989.
284. M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” ACM
Transactions on Computer Systems, v. 8, n. 1, Feb 1990, pp. 18“36.
285. M. Burrows, M. Abadi, and R. Needham, “Rejoinder to Nessett,” Operating System
Review, v. 20, n. 2, Apr 1990, pp. 39“40.
286. J.J. Cade, “A Modification of a Broken Public“Key Cipher,” Advances in
Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 64“83.
287. T.R. Cain and A.T. Sherman, “How to Break Gifford™s Cipher,” Proceedings of the
2nd Annual ACM Conference on Computer and Communications Security, ACM Press, 1994, pp.
198“209.
288. C. Calvelli and V. Varadharajan, “An Analysis of Some Delegation Protocols for
Distributed Systems,” Proceedings of the Computer Security Foundations Workshop V, IEEE
Computer Society Press, 1992, pp. 92“110.
289. J.L. Camenisch, J.“M. Piveteau, and M.A. Stadler, “An Efficient Electronic Payment
System Protecting Privacy,” Computer Security”ESORICS 94, Springer“Verlag, 1994, pp. 207“
215.
290. P. Camion and J. Patarin, “The Knapsack Hash Function Proposed at Crypto ™89
Can Be Broken,” Advances in Cryptology”EUROCRYPT ™91, Springer“Verlag, 1991, pp. 39“53.
291. C.M. Campbell, “Design and Specification of Cryptographic Capabilities,” IEEE
Computer Society Magazine, v. 16, n. 6, Nov 1978, pp. 15“19.
292. E.A. Campbell, R. Safavi“Naini, and P.A. Pleasants, “Partial Belief and Probabilistic
Reasoning in the Analysis of Secure Protocols,” Proceedings of the Computer Security
Foundations Workshop V, IEEE Computer Society Press, 1992, pp. 92“110.
293. K.W. Campbell and M.J. Wiener, “DES Is Not a Group,” Advances in Cryptology”
CRYPTO ™92 Proceedings, Springer“Verlag, pp. 512“520.
294. Z.F. Cao and G. Zhao, “Some New MC Knapsack Cryptosystems,” CHINACRYPT
™94, Xidian, China, 11“15 Nov 1994, pp. 70“75. (In Chinese).
295. C. Carlet, “Partially“Bent Functions,” Advances in Cryptology”CRYPTO ™92
Proceedings, Springer“Verlag, 1993, pp. 280“291.
296. C. Carlet, “Partially Bent Functions,” Designs, Codes and Cryptography, v. 3, 1993,
pp. 135“145.
297. C. Carlet, “Two New Classes of Bent Functions” Advances in Cryptology”



Page 568 of 666
Applied Cryptography: Second Edition - Bruce Schneier



EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 77“101.
298. C. Carlet, J. Seberry, and X.M. Zhang, “Comments on ˜Generating and Counting
Binary Bent Sequences,™” IEEE Transactions on Information Theory, v. IT“40, n. 2, Mar 1994,
p. 600.
299. J.M. Carroll, Computer Security, 2nd edition, Butterworths, 1987.
300. J.M. Carroll, “The Three Faces of Information Security,” Advances in Cryptology”
AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp. 433“450.
301. J.M. Carroll, “˜Do“it“yourself™ Cryptography,” Computers & Security, v. 9, n. 7, Nov
1990, pp. 613“619.
302. T.R. Caron and R.D. Silverman, “Parallel Implementation of the Quadratic
Scheme,” Journal of Supercomputing, v. 1, n. 3, 1988, pp. 273“290.
303. CCITT, Draft Recommendation X.509, “The Directory”Authentication
Framework,” Consultation Committee, International Telephone and Telegraph, International
Telecommunications Union, Geneva, 1987.
304. CCITT, Recommendation X.509, “The Directory”Authentication Framework,”
Consultation Committee, International Telephone and Telegraph, International
Telecommunications Union, Geneva, 1989.
305. CCITT, Recommendation X.800, “Security Architecture for Open Systems
Interconnection for CCITT Applications,” International Telephone and Telegraph,
International Telecommunications Union, Geneva, 1991.
306. F. Chabaud, “On the Security of Some Cryptosystems Based on Error“Correcting
Codes,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to
appear.
307. F. Chabaud and S. Vaudenay, “Links Between Differential and Linear
Cryptanalysis,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995,
to appear.
308. W.G. Chambers and D. Gollmann, “Generators for Sequences with Near“Maximal
Linear Equivalence,” IEE Proceedings, V. 135, Pt. E, n. 1, Jan 1988, pp. 67“69.
309. W.G. Chambers and D. Gollmann, “Lock“In Effect in Cascades of Clock“Controlled
Shirt Registers,” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag,
1988, pp. 331“343.
310. A. Chan and R. Games, “On the Linear Span of Binary Sequences from Finite
Geometries,” Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp.
405“417.
311. J.P. Chandler, D.C. Arrington, D.R. Berkelhammer, and W.L. Gill, “Identification
and Analysis of Foreign Laws and Regulations Pertaining to the Use of Commercial Encryption
Products for Voice and Data Communications,” National Intellectual Property Law Institute,
George Washington University, Washington, D.C., Jan 1994.
312. C.C. Chang and S.J. Hwang, “Cryptographic Authentication of Passwords,”
Proceedings of the 25th Annual 1991 IEEE International Carnahan Conference on Security
Technology, Taipei, Taiwan, 1“3 Oct 1991, pp. 126“130.
313. C.C. Chang and S.J. Hwang, “A Strategy for Transforming Public“Key
Cryptosystems into Identity“Based Cryptosystems,” Proceedings of the 25th Annual 1991 IEEE
International Carnahan Conference on Security Technology, Taipei, Taiwan, 1“3 Oct 1991, pp.
68“72.
314. C.C. Chang and C.H. Lin, “An ID“Based Signature Scheme Based upon Rabin™s
Public Key Cryptosystem,” Proceedings of the 25th Annual 1991 IEEE International Carnahan
Conference on Security Technology, Taipei, Taiwan, 1“3 Oct 1991, pp. 139“141.
315. C. Charnes and J. Pieprzyk, “Attacking the SL2 Hashing Scheme,” Advances in
Cryptology”ASIACRYPT ™94 Proceedings, Springer“Verlag, 1995, pp. 322“330.
316. D. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital
Pseudonyms,” Communications of the ACM, v. 24, n. 2, Feb 1981, pp. 84“88.
317. D. Chaum, “Blind Signatures for Untraceable Payments,” Advances in Cryptology:



Page 569 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Proceedings of Crypto 82, Plenum Press, 1983, pp. 199“203.
318. D. Chaum, “Security Without Identification: Transaction Systems to Make Big
Brother Obsolete,” Communications of the ACM, v. 28, n. 10, Oct 1985, pp. 1030“1044. 319. D.
Chaum, “Demonstrating that a Public Predicate Can Be Satisfied without Revealing Any
Information about How,” Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag,
1987, pp. 159“199.
320. D. Chaum, “Blinding for Unanticipated Signatures,” Advances in Cryptology”
EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 227“233.
321. D. Chaum, “The Dining Cryptographers Problem: Unconditional Sender and
Receiver Untraceability,” Journal of Cryptology, v. 1, n. 1, 1988, pp. 65“75.
322. D. Chaum, “Elections with Unconditionally Secret Ballots and Disruptions
Equivalent to Breaking RSA,” Advances in Cryptology”EUROCRYPT ™88 Proceedings,
Springer“Verlag, 1988, pp. 177“181.
323. D. Chaum, “Blind Signature Systems,” U.S. Patent #4,759,063, 19 Jul 1988.
324. D. Chaum, “Blind Unanticipated Signature Systems,” U.S. Patent #4,759,064, 19 Jul
1988.
325. D. Chaum, “Online Cash Checks,” Advances in Cryptology”EUROCRYPT ™89
Proceedings, Springer“Verlag, 1990, pp. 288“293.
326. D. Chaum, “One“Show Blind Signature Systems,” U.S. Patent #4,914,698, 3 Apr
1990.
327. D. Chaum, “Undeniable Signature Systems,” U.S. Patent #4,947,430, 7 Aug 1990.
328. D. Chaum, “Returned“Value Blind Signature Systems,” U.S. Patent #4,949,380, 14
Aug 1990.
329. D. Chaum, “Zero“Knowledge Undeniable Signatures,” Advances in Cryptology”
EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp. 458“464.
330. D. Chaum, “Group Signatures,” Advances in Cryptology”EUROCRYPT ™91
Proceedings, Springer“Verlag, 1991, pp. 257“265. 331. D. Chaum, “Unpredictable Blind
Signature Systems,” U.S. Patent #4,991,210, 5 Feb 1991.
332. D. Chaum, “Achieving Electronic Privacy,” Scientific American, v. 267, n. 2, Aug
1992, pp. 96“101.
333. D. Chaum, “Designated Confirmer Signatures,” Advances in Cryptology”
EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to appear.
334. D. Chaum, C. Cr©peau, and I.B. Damgård, “Multiparty Unconditionally Secure
Protocols,” Proceedings of the 20th ACM Symposium on the Theory of Computing, 1988, pp.
11“19.
335. D. Chaum, B. den Boer, E. van Heyst, S. Mjølsnes, and A. Steenbeek, “Efficient
Offline Electronic Checks,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“
Verlag, 1990, pp. 294“301.
336. D. Chaum and J.“H. Evertse, “Cryptanalysis of DES with a Reduced Number of
Rounds; Sequences of Linear Factors in Block Ciphers,” Advances in Cryptology”CRYPTO ™85
Proceedings, Springer“Verlag, 1986, pp. 192“211.
337. D. Chaum, J.“H. Evertse, and J. van de Graff, “An Improved Protocol for
Demonstrating Possession of Discrete Logarithms and Some Generalizations,” Advances in
Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 127“141.
338. D. Chaum, J.“H. Evertse, J. van de Graff, and R. Peralta, “Demonstrating
Possession of a Discrete Logarithm without Revealing It,” Advances in Cryptology”CRYPTO
™86 Proceedings, Springer“Verlag, 1987, pp. 200“212.
339. D. Chaum, A. Fiat, and M. Naor, “Untraceable Electronic Cash,” Advances in
Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 319“327.
340. D. Chaum and T. Pedersen, “Transferred Cash Grows in Size,” Advances in
Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1993, pp. 391“407.
341. D. Chaum and T. Pedersen, “Wallet Databases with Observers,” Advances in
Cryptology”CRYPTO ™92 Proceedings, Springer“Verlag, 1993, pp. 89“105.



Page 570 of 666
Applied Cryptography: Second Edition - Bruce Schneier



342. D. Chaum and I. Schaumuller“Bichel, eds., Smart Card 2000, North Holland:
Elsevier Science Publishers, 1989.
343. D. Chaum and H. van Antwerpen, “Undeniable Signatures,” Advances in
Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 212“216.
344. D. Chaum, E. van Heijst, and B. Pfitzmann, “Cryptographically Strong Undeniable
Signatures, Unconditionally Secure for the Signer,” Advances in Cryptology”CRYPTO ™91
Proceedings, Springer“Verlag, 1992, pp. 470“484.
345. T.M. Chee, “The Cryptanalysis of a New Public“Key Cryptosystem Based on
Modular Knapsacks,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag,
1992, pp. 204“212.
346. L. Chen, “Oblivious Signatures,” Computer Security”ESORICS 94, Springer“
Verlag, 1994, pp. 161“172.
347. L. Chen and M. Burminster, “A Practical Secret Voting Scheme which Allows
Voters to Abstain,” CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 100“107.
348. L. Chen and T.P. Pedersen “New Group Signature Schemes,” Advances in
Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to appear.
349. J. Chenhui, “Spectral Characteristics of Partially“Bent Functions,” CHINACRYPT
™94, Xidian, China, 11“15 Nov 1994, pp. 48“51.
350. V. Chepyzhov and B. Smeets, “On a Fast Correlation Attack on Certain Stream
Ciphers,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp.
176“185.
351. T.C. Cheung, “Management of PEM Public Key Certificates Using X.500 Directory
Service: Some Problems and Solutions,” Proceedings of the Internet Society 1994 Workshop on
Network and Distributed System Security, The Internet Society, 1994, pp. 35“42.
352. G.C. Chiou and W.C. Chen, “Secure Broadcasting Using the Secure Lock,” IEEE
Transactions on Software Engineering, v. SE“15, n. 8, Aug 1989, pp. 929“934.
353. Y.J. Choie and H.S. Hwoang, “On the Cryptosystem Using Elliptic Curves,”
Proceedings of the 1993 Korea“Japan Workshop on Information Security and Cryptography,
Seoul, Korea, 24“26 Oct 1993, pp. 105“113.
354. B. Chor and O. Goldreich, “RSA/Rabin Least Significant Bits are 1/2+1/poly(log N)
Secure,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 303“
313.
355. B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, “Verifiable Secret Sharing and
Achieving Simultaneity in the Presence of Faults,” Proceedings of the 26th Annual IEEE
Symposium on the Foundations of Computer Science, 1985, pp. 383“395.
356. B. Chor and R.L. Rivest, “A Knapsack Type Public Key Cryptosystem Based on
Arithmetic in Finite Fields,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“
Verlag, 1985, pp. 54“65.
357. P. Christoffersson, S.“A. Ekahll, V. Fåk, S. Herda, P. Mattila, W. Price, and H.“O.
Widman, Crypto Users™ Handbook: A Guide for Implementors of Cryptographic Protection in
Computer Systems, North Holland: Elsevier Science Publishers, 1988.
358. R. Cleve, “Controlled Gradual Disclosure Schemes for Random Bits and Their
Applications,” Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp.
572“588.
359. J.D. Cohen, “Improving Privacy in Cryptographic Elections,” Yale University
Computer Science Department Technical Report YALEU/DCS/TR“454, Feb 1986.
360. J.D. Cohen and M.H. Fischer, “A Robust and Verifiable Cryptographically Secure
Election Scheme,” Proceedings of the 26th Annual IEEE Symposium on the Foundations of
Computer Science, 1985, pp. 372“382.
361. R. Cole, “A Model for Security in Distributed Systems,” Computers and Security, v.
9, n. 4, Apr 1990, pp. 319“330.
362. Comptroller General of the United States, “Matter of National Institute of Standards
and Technology”Use of Electronic Data Interchange Technology to Create Valid Obligations,”



Page 571 of 666
Applied Cryptography: Second Edition - Bruce Schneier



File B“245714, 13 Dec 1991.
363. M.S. Conn, letter to Joe Abernathy, National Security Agency, Ser: Q43“111“92, 10
Jun 1992.
364. C. Connell, “An Analysis of NewDES: A Modified Version of DES,” Cryptologia, v.
14, n. 3, Jul 1990, pp. 217“223.
365. S.A. Cook, “The Complexity of Theorem“Proving Procedures,” Proceedings of the
3rd Annual ACM Symposium on the Theory of Computing, 1971, pp. 151“158.
366. R.H. Cooper and W. Patterson, “A Generalization of the Knapsack Method Using
Galois Fields,” Cryptologia, v. 8, n. 4, Oct 1984, pp. 343“347.
367. R.H. Cooper and W. Patterson, “RSA as a Benchmark for Multiprocessor
Machines,” Advances in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp.
356“359.
368. D. Coppersmith, “Fast Evaluation of Logarithms in Fields of Characteristic Two,”
IEEE Transactions on Information Theory, v. 30, n. 4, Jul 1984, pp. 587“594.
369. D. Coppersmith, “Another Birthday Attack,” Advances in Cryptology”CRYPTO ™85
Proceedings, Springer“Verlag, 1986, pp. 14“17.
370. D. Coppersmith, “Cheating at Mental Poker,” Advances in Cryptology”CRYPTO ™85
Proceedings, Springer“Verlag, 1986, pp. 104“107.
371. D. Coppersmith, “The Real Reason for Rivest™s Phenomenon,” Advances in
Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 535“536.
372. D. Coppersmith, “Two Broken Hash Functions,” Research Report RD 18397, IBM
T.J. Watson Center, Oct 1992.
373. D. Coppersmith, “The Data Encryption Standard (DES) and Its Strength against
Attacks,” Technical Report RC 18613, IBM T.J. Watson Center, Dec 1992.
374. D. Coppersmith, “The Data Encryption Standard (DES) and its Strength against
Attacks,” IBM Journal of Research and Development, v. 38, n. 3, May 1994, pp. 243“250.
375. D. Coppersmith, “Attack on the Cryptographic Scheme NIKS“TAS,” Advances in
Cryptology”CRYPTO ™94 Proceedings, Springer“Verlag, 1994, pp. 294“307.
376. D. Coppersmith, personal communication, 1994.
377. D. Coppersmith and E. Grossman, “Generators for Certain Alternating Groups with
Applications to Cryptography,” SIAM Journal on Applied Mathematics, v. 29, n. 4, Dec 1975, pp.
624“627.
378. D. Coppersmith, H. Krawczyk, and Y. Mansour, “The Shrinking Generator,”
Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 22“39.
379. D. Coppersmith, A. Odlykzo, and R. Schroeppel, “Discrete Logarithms in GF(p),”
Algorithmica, v. 1, n. 1, 1986, pp. 1“16.
380. D. Coppersmith and P. Rogaway, “Software Efficient Pseudo Random Function and
the Use Thereof for Encryption,” U.S. Patent pending, 1995.
381. D. Coppersmith, J. Stern, and S. Vaudenay, “Attacks on the Birational Signature
Schemes,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 435“
443.
382. V. Cordonnier and J.“J. Quisquater, eds., CARDIS ™94”Proceedings of the First
Smart Card Research and Advanced Application Conference, Lille, France, 24“26 Oct 1994.
383. C. Couvreur and J.“J. Quisquater, “An Introduction to Fast Generation of Large
Prime Numbers,” Philips Journal Research, v. 37, n. 5“6, 1982, pp. 231“264.
384. C. Couvreur and J.“J. Quisquater, “An Introduction to Fast Generation of Large
Prime Numbers,” Philips Journal Research, v. 38, 1983, p. 77.
385. C. Coveyou and R.D. MacPherson, “Fourier Analysis of Uniform Random Number
Generators,” Journal of the ACM, v. 14, n. 1, 1967, pp. 100“119.
386. T.M. Cover and R.C. King, “A Convergent Gambling Estimate of the Entropy of
English,” IEEE Transactions on Information Theory, v. IT“24, n. 4, Jul 1978, pp. 413“421.
387. R.J.F. Cramer and T.P. Pedersen, “Improved Privacy in Wallets with Observers,”
Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 329“343.



Page 572 of 666
Applied Cryptography: Second Edition - Bruce Schneier



388. R.E. Crandell, “Method and Apparatus for Public Key Exchange in a Cryptographic
System,” U.S. Patent #5,159,632, 27 Oct 1992.
389. C. Cr©peau, “A Secure Poker Protocol That Minimizes the Effect of Player
Coalitions,” Advances in Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 73“
86.
390. C. Cr©peau, “A Zero“Knowledge Poker Protocol that Achieves Confidentiality of the
Players™ Strategy, or How to Achieve an Electronic Poker Face,” Advances in Cryptology”
CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 239“247.
391. C. Cr©peau, “Equivalence Between Two Flavours of Oblivious Transfer,” Advances
in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 350“354.
392. C. Cr©peau, “Correct and Private Reductions among Oblivious Transfers,” Ph.D.
dissertation, Department of Electrical Engineering and Computer Science, Massachusetts
Institute of Technology, 1990.
393. C. Cr©peau, “Quantum Oblivious Transfer,” Journal of Modern Optics, v. 41, n. 12,
Dec 1994, pp. 2445“2454.
394. C. Cr©peau and J. Kilian, “Achieving Oblivious Transfer Using Weakened Security
Assumptions,” Proceedings of the 29th Annual Symposium on the Foundations of Computer
Science, 1988, pp. 42“52.
395. C. Cr©peau and J. Kilian, “Weakening Security Assumptions and Oblivious
Transfer,” Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 2“7.
396. C. Cr©peau and L. Salvail, “Quantum Oblivious Mutual Identification,” Advances in
Cryptology”EUROCRYPT ™95 Proceedings, Springer“Verlag, 1995, pp. 133“146.
397. A. Curiger, H. Bonnenberg, R. Zimmermann, N. Felber, H. Kaeslin and W. Fichtner,
“VINCI: VLSI Implementation of the New Block Cipher IDEA,” Proceedings of IEEE CICC
™93, San Diego, CA, May 1993, pp. 15.5.1“15.5.4.
398. A. Curiger and B. Stuber, “Specification for the IDEA Chip,” Technical Report No.
92/03, Institut für Integrierte Systeme, ETH Zurich, Feb 1992.
399. T. Cusick, “Boolean Functions Satisfying a Higher Order Strict Avalanche
Criterion,” Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp.
102“117.
400. T.W. Cusick and M.C. Wood, “The REDOC“II Cryptosystem,” Advances in
Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 545“563.
401. Cylink Corporation, Cylink Corporation vs. RSA Data Security, Inc., Civil Action
No. C94“02332“CW, United States District Court for the Northern District of California, 30 Jun
1994.
402. J. Daeman, “Cipher and Hash Function Design,” Ph.D. Thesis, Katholieke
Universiteit Leuven, Mar 95.
403. J. Daeman, A. Bosselaers, R. Govaerts, and J. Vandewalle, “Collisions for Schnorr™s
Hash Function FFT“Hash Presented at Crypto ™91,” Advances in Cryptology”ASIACRYPT ™91
Proceedings, Springer“Verlag, 1993, pp. 477“480.
404. J. Daeman, R. Govaerts, and J. Vandewalle, “A Framework for the Design of One“
Way Hash Functions Including Cryptanalysis of Damgård™s One“Way Function Based on
Cellular Automata,” Advances in Cryptology”ASIACRYPT ™91 Proceedings, Springer“Verlag,
1993, pp. 82“96.
405. J. Daeman, R. Govaerts, and J. Vandewalle, “A Hardware Design Model for
Cryptographic Algorithms,” ESORICS 92, Proceedings of the Second European Symposium on
Research in Computer Security, Springer“Verlag, 1992, pp. 419“434.
406. J. Daemen, R. Govaerts, and J. Vandewalle, “Block Ciphers Based on Modular
Arithmetic,” Proceedings of the 3rd Symposium on State and Progress of Research in
Cryptography, Rome, Italy, 15“16 Feb 1993, pp. 80“89.
407. J. Daemen, R. Govaerts, and J. Vandewalle, “Fast Hashing Both in Hardware and
Software,” presented at the rump session of CRYPTO ™93, Aug 1993.
408. J. Daeman, R. Govaerts, and J. Vandewalle, “Resynchronization Weaknesses in



Page 573 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Synchronous Stream Ciphers,” Advances in Cryptology”EUROCRYPT ™93 Proceedings,
Springer“Verlag, 1994, pp. 159“167.
409. J. Daeman, R. Govaerts, and J. Vandewalle, “Weak Keys for IDEA,” Advances in
Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 224“230.
410. J. Daemen, R. Govaerts, and J. Vandewalle, “A New Approach to Block Cipher
Design,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag,
1994, pp. 18“32.
411. Z.“D. Dai, “Proof of Rueppel™s Linear Complexity Conjecture,” IEEE Transactions
on Information Theory, v. IT“32, n. 3, May 1986, pp. 440“443.
412. I.B. Damgård, “Collision Free Hash Functions and Public Key Signature Schemes,”
Advances in Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 203“216.
413. I.B. Damgård, “Payment Systems and Credential Mechanisms with Provable
Security Against Abuse by Individuals,” Advances in Cryptology”CRYPTO ™88 Proceedings,
Springer“Verlag, 1990, pp. 328“335.
414. I.B. Damgård, “A Design Principle for Hash Functions,” Advances in Cryptology”
CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 416“427.
415. I.B. Damgård, “Practical and Provably Secure Release of a Secret and Exchange of
Signatures,” Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994,
pp. 200“217.
416. I.B. Damgård and L.R. Knudsen, “The Breaking of the AR Hash Function,”
Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 286“292.
417. I.B. Damgård and P. Landrock, “Improved Bounds for the Rabin Primality Test,”
Cryptography and Coding III, M.J. Ganley, ed., Oxford: Clarendon Press, 1993, pp. 117“128.
418. I.B. Damgård, P. Landrock and C. Pomerance, “Average Case Error Estimates for
the Strong Probable Prime Test,” Mathematics of Computation, v. 61, n. 203, Jul 1993, pp. 177“
194.
419. H.E. Daniels, Jr., letter to Datapro Research Corporation regarding CCEP, 23 Dec
1985.
420. H. Davenport, The Higher Arithmetic, Dover Books, 1983.
421. G.I. Davida, “Inverse of Elements of a Galois Field,” Electronics Letters, v. 8, n. 21,
19 Oct 1972, pp. 518“520.
422. G.I. Davida, “Hellman™s Scheme Breaks DES in Its Basic Form,” IEEE Spectrum, v.
16, n. 7, Jul 1979, p. 39.
423. G.I. Davida, “Chosen Signature Cryptanalysis of the RSA (MIT) Public Key
Cryptosystem,” Technical Report TR“CS“82“2, Department of EECS, University of Wisconsin,
1982.
424. G.I. Davida and G.G. Walter, “A Public Key Analog Cryptosystem,” Advances in
Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 143“147.
425. G.I. Davida, D. Wells, and J. Kam, “A Database Encryption System with Subkeys,”
ACM Transactions on Database Systems, v. 6, n. 2, Jun 1981, pp. 312“328.
426. D.W. Davies, “Applying the RSA Digital Signature to Electronic Mail,” Computer, v.
16, n. 2, Feb 1983, pp. 55“62.
427. D.W. Davies, “Some Regular Properties of the DES,” Advances in Cryptology:
Proceedings of Crypto 82, Plenum Press, 1983, pp. 89“96.
428. D.W. Davies, “A Message Authentication Algorithm Suitable for a Mainframe
Computer,” Advances in Cryptology: Proceedings of Crypto 82, Springer“Verlag, 1985, pp. 393“
400.
429. D.W. Davies and S. Murphy, “Pairs and Triplets of DES S“boxes,” Cryptologia, v. 8,
n. 1, 1995, pp. 1“25.
430. D.W. Davies and G.I.P. Parkin, “The Average Size of the Key Stream in Output
Feedback Encipherment,” Cryptography, Proceedings of the Workshop on Cryptography, Burg
Feuerstein, Germany, March 29“April 2, 1982, Springer“Verlag, 1983, pp. 263“279.
431. D.W. Davies and G.I.P. Parkin, “The Average Size of the Key Stream in Output



Page 574 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Feedback Mode,” Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 97“
98.
432. D.W. Davies and W.L. Price, “The Application of Digital Signatures Based on
Public“Key Cryptosystems,” Proceedings of the Fifth International Computer Communications
Conference, Oct 1980, pp. 525“530.
433. D.W. Davies and W.L. Price, “The Application of Digital Signatures Based on
Public“Key Cryptosystems,” National Physical Laboratory Report DNACS 39/80, Dec 1980.
434. D.W. Davies and W.L. Price, “Digital Signature”An Update,” Proceedings of
International Conference on Computer Communications, Sydney, Oct 1984, North Holland:
Elsevier, 1985, pp. 843“847.
435. D.W. Davies and W.L. Price, Security for Computer Networks, second edition, John
Wiley & Sons, 1989.
436. M. Davio, Y. Desmedt, M. Fosseprez, R. Govaerts, J. Hulsbrosch, P. Neutjens, P.
Piret, J.“J. Quisquater, J. Vandewalle, and S. Wouters, “Analytical Characteristics of the Data
Encryption Standard,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984,
pp. 171“202.
437. M. Davio, Y. Desmedt, J. Goubert, F. Hoornaert, and J.“J. Quisquater, “Efficient
Hardware and Software Implementation of the DES,” Advances in Cryptology: Proceedings of
CRYPTO 84, Springer“Verlag, 1985, pp. 144“146.
438. M. Davio, Y. Desmedt, and J.“J. Quisquater, “Propagation Characteristics of the
DES,” Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, 62“73.
439. D. Davis, R. Ihaka, and P. Fenstermacher, “Cryptographic Randomness from Air
Turbulence in Disk Drives,” Advances in Cryptology”CRYPTO ™94 Proceedings, Springer“
Verlag, 1994, pp. 114“120.
440. J.A. Davis, D.B. Holdbridge, and G.J. Simmons, “Status Report on Factoring (at the
Sandia National Laboratories),” Advances in Cryptology: Proceedings of Crypto 84, Springer“
Verlag, 1985, pp. 183“215.
441. R.M. Davis, “The Data Encryption Standard in Perspective,” Computer Security and
the Data Encryption Standard, National Bureau of Standards Special Publication 500“27, Feb
1978.
442. E. Dawson and A. Clark, “Cryptanalysis of Universal Logic Sequences,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, to appear.
443. M.H. Dawson and S.E. Tavares, “An Expanded Set of Design Criteria for
Substitution Boxes and Their Use in Strengthening DES“Like Cryptosystems,” IEEE Pacific
Rim Conference on Communications, Computers, and Signal Processing, Victoria, BC, Canada,
9“10 May 1991, pp. 191“195.
444. M.H. Dawson and S.E. Tavares, “An Expanded Set of S“Box Design Criteria Based
on Information Theory and Its Relation to Differential“like Attacks,” Advances in Cryptology”
EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 352“367.
445. C.A. Deavours, “Unicity Points in Cryptanalysis,” Cryptologia, v. 1, n. 1, 1977, pp.
46“68.
446. C.A. Deavours, “The Black Chamber: A Column; How the British Broke Enigma,”
Cryptologia, v. 4, n. 3, Jul 1980, pp. 129“ 132.
447. C.A. Deavours, “The Black Chamber: A Column; La M©thode des Bâtons,”
Cryptologia, v. 4, n. 4, Oct 1980, pp. 240“247.
448. C.A. Deavours and L. Kruh, Machine Cryptography and Modern Cryptanalysis,
Norwood MA: Artech House, 1985.
449. J.M. DeLaurentis, “A Further Weakness in the Common Modulus Protocol for the
RSA Cryptosystem,” Cryptologia, v. 8, n. 3, Jul 1984, pp. 253“259.
450. P. Delsarte, Y. Desmedt, A. Odlyzko, and P. Piret, “Fast Cryptanalysis of the
Matsumoto“Imai Public“Key Scheme,” Advances in Cryptology: Proceedings of EUROCRYPT
84, Springer“Verlag, 1985, pp. 142“149.
451. P. Delsarte and P. Piret, “Comment on ˜Extension of RSA Cryptostructure: A Galois



Page 575 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Approach™,” Electronics Letters, v. 18, n. 13, 24 Jun 1982, pp. 582“583.
452. R. DeMillo, N. Lynch, and M. Merritt, “Cryptographic Protocols,” Proceedings of
the 14th Annual Symposium on the Theory of Computing, 1982, pp. 383“400.
453. R. DeMillo and M. Merritt, “Protocols for Data Security,” Computer, v. 16, n. 2, Feb
1983, pp. 39“50.
454. N. Demytko, “A New Elliptic Curve Based Analogue of RSA,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 40“49.
455. D.E. Denning, “Secure Personal Computing in an Insecure Network,”
Communications of the ACM, v. 22, n. 8, Aug 1979, pp. 476“482.
456. D.E. Denning, Cryptography and Data Security, Addison“Wesley, 1982.
457. D.E. Denning, “Protecting Public Keys and Signature Keys,” Computer, v. 16, n. 2,
Feb 1983, pp. 27“35.
458. D.E. Denning, “Digital Signatures with RSA and Other Public“Key Cryptosystems,”
Communications of the ACM, v. 27, n. 4, Apr 1984, pp. 388“392.
459. D.E. Denning, “The Data Encryption Standard: Fifteen Years of Public Scrutiny,”
Proceedings of the Sixth Annual Computer Security Applications Conference, IEEE Computer
Society Press, 1990.
460. D.E. Denning, “The Clipper Chip: A Technical Summary,” unpublished manuscript,
21 Apr 1993.
461. D.E. Denning and G.M. Sacco, “Timestamps in Key Distribution Protocols,”
Communications of the ACM, v. 24, n. 8, Aug 1981, pp. 533“536.
462. D.E. Denning and M. Smid, “Key Escrowing Today,” IEEE Communications
Magazine, v. 32, n. 9, Sep 1994, pp. 58“68.
463. T. Denny, B. Dodson, A.K. Lenstra, and M.S. Manasse, “On the Factorization of
RSA“120,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 166“
174.
464. W.F. Denny, “Encryptions Using Linear and Non“Linear Codes: Implementations
and Security Considerations,” Ph.D. dissertation, The Center for Advanced Computer Studies,
University of Southern Louisiana, Spring 1988.
465. Department of Defense, “Department of Defense Trusted Computer System
Evaluation Criteria,” DOD 5200.28“STD, Dec 1985.
466. Department of State, “International Traffic in Arms Regulations (ITAR),” 22 CFR
120“130, Office of Munitions Control, Nov 1989.
467. Department of State, “Defense Trade Regulations,” 22 CFR 120“130, Office of
Defense Trade Controls, May 1992.
468. Department of the Treasury, “Electronic Funds and Securities Transfer Policy,”
Department of the Treasury Directives Manual, Chapter TD 81, Section 80, Department of the
Treasury, 16 Aug 1984.
469. Department of the Treasury, “Criteria and Procedures for Testing, Evaluating, and
Certifying Message Authentication Decisions for Federal E.F.T. Use,” Department of the
Treasury, 1 May 1985.
470. Department of the Treasury, “Electronic Funds and Securities Transfer Policy”
Message Authentication and Enhanced Security,” Order No. 106“09, Department of the
Treasury, 2 Oct 1986.
471. H. Dobbertin, “A Survey on the Construction of Bent Functions,” K.U. Leuven
Workshop on Cryptographic Algorithms, Springer“Verlag, 1995, to appear.
472. B. Dodson and A.K. Lenstra, “NFS with Four Large Primes: An Explosive
Experiment,” draft manuscript.
473. D. Dolev and A. Yao, “On the Security of Public“Key Protocols,” Communications of
the ACM, v. 29, n. 8, Aug 1983, pp. 198“208.
474. J. Domingo“Ferrer, “Probabilistic Authentication Analysis,” CARDIS 94”
Proceedings of the First Smart Card Research and Applications Conference, Lille, France, 24“26
Oct 1994, pp. 49“60.



Page 576 of 666
Applied Cryptography: Second Edition - Bruce Schneier



475. P. de Rooij, “On the Security of the Schnorr Scheme Using Preprocessing,” Advances
in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 71“80.
476. A. De Santis, G. Di Crescenzo, and G. Persiano, “Secret Sharing and Perfect Zero
Knowledge,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp.
73“84.
477. A. De Santis, S. Micali, and G. Persiano, “Non“Interactive Zero“Knowledge Proof
Systems,” Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 52“72.
478. A. De Santis, S. Micali, and G. Persiano, “Non“Interactive Zero“Knowledge with
Preprocessing,” Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp.
269“282.
479. Y. Desmedt, “What Happened with Knapsack Cryptographic Schemes” Performance
Limits in Communication, Theory and Practice, NATO ASI Series E: Applied Sciences, v. 142,
Kluwer Academic Publishers, 1988, pp. 113“134.
480. Y. Desmedt, “Subliminal“Free Authentication and Signature,” Advances in
Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag, 1988, pp. 23“33.
481. Y. Desmedt, “Abuses in Cryptography and How to Fight Them,” Advances in
Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 375“389.
482. Y. Desmedt and M. Burmester, “An Efficient Zero“Knowledge Scheme for the
Discrete Logarithm Based on Smooth Numbers,” Advances in Cryptology” ASIACRYPT ™91
Proceedings, Springer“Verlag, 1993, pp. 360“367.
483. Y. Desmedt and Y. Frankel, “Threshold Cryptosystems,” Advances in Cryptology”
CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 307“315.
484. Y. Desmedt and Y. Frankel, “Shared Generation of Authentication and Signatures,”
Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 457“469.
485. Y. Desmedt, C. Goutier, and S. Bengio, “Special Uses and Abuses of the Fiat“Shamir
Passport Protocol,” Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988,
pp. 21“39.
486. Y. Desmedt and A.M. Odlykzo, “A Chosen Text Attack on the RSA Cryptosystem
and Some Discrete Logarithm Problems,” Advances in Cryptology”CRYPTO ™85 Proceedings,
Springer“Verlag, 1986, pp. 516“522.
487. Y. Desmedt, J.“J. Quisquater, and M. Davio, “Dependence of Output on Input in
DES: Small Avalanche Characteristics,” Advances in Cryptology: Proceedings of CRYPTO 84,
Springer“Verlag, 1985, pp. 359“376.
488. Y. Desmedt, J. Vandewalle, and R. Govaerts, “Critical Analysis of the Security of
Knapsack Public Key Algorithms,” IEEE Transactions on Information Theory, v. IT“30, n. 4,
Jul 1984, pp. 601“611.
489. Y. Desmedt and M. Yung, “Weaknesses of Undeniable Signature Schemes,”
Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 205“220.
490. W. Diffie, lecture at IEEE Information Theory Workshop, Ithaca, N.Y., 1977.
491. W. Diffie, “Cryptographic Technology: Fifteen Year Forecast,” BNR Inc., Jan 1981.
492. W. Diffie, “The First Ten Years of Public“Key Cryptography,” Proceedings of the
IEEE, v. 76, n. 5, May 1988, pp. 560“577.
493. W. Diffie, “Authenticated Key Exchange and Secure Interactive Communication,”
Proceedings of SECURICOM ™90, 1990.
494. W. Diffie, “The First Ten Years of Public“Key Cryptography,” in Contemporary
Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 135“
175.
495. W. Diffie and M.E. Hellman, “Multiuser Cryptographic Techniques,” Proceedings of
AFIPS National Computer Conference, 1976, pp. 109“112.
496. W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Transactions
on Information Theory, v. IT“22, n. 6, Nov 1976, pp. 644“654.
497. W. Diffie and M.E. Hellman, “Exhaustive Cryptanalysis of the NBS Data Encryption
Standard,” Computer, v. 10, n. 6, Jun 1977, pp. 74“84.



Page 577 of 666
Applied Cryptography: Second Edition - Bruce Schneier



498. W. Diffie and M.E. Hellman, “Privacy and Authentication: An Introduction to
Cryptography,” Proceedings of the IEEE, v. 67, n. 3, Mar 1979, pp. 397“427.
499. W. Diffie, L. Strawczynski, B. O™Higgins, and D. Steer, “An ISDN Secure Telephone
Unit,” Proceedings of the National Telecommunications Forum, v. 41, n. 1, 1987, pp. 473“477.
500. W. Diffie, P.C. van Oorschot, and M.J. Wiener, “Authentication and Authenticated
Key Exchanges,” Designs, Codes and Cryptography, v. 2, 1992, 107“125.
501. C. Ding, “The Differential Cryptanalysis and Design of Natural Stream Ciphers,”
Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994,
pp. 101“115.
502. C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers, Springer“
Verlag, 1991.
503. A. Di Porto and W. Wolfowicz, “VINO: A Block Cipher Including Variable
Permutations,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer“
Verlag, 1994, pp. 205“210.
504. B. Dixon and A.K. Lenstra, “Factoring Integers Using SIMD Sieves,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 28“39.
505. J.D. Dixon, “Factorization and Primality Tests,” American Mathematical Monthly, v.
91, n. 6, 1984, pp. 333“352.
506. D. Dolev and A. Yao, “On the Security of Public Key Protocols,” Proceedings of the
22nd Annual Symposium on the Foundations of Computer Science, 1981, pp. 350“ 357.
507. L.X. Duan and C.C. Nian, “Modified Lu“Lee Cryptosystems,” Electronics Letters, v.
25, n. 13, 22 Jun 1989, p. 826.
508. R. Durstenfeld, “Algorithm 235: Random Permutation,” Communications of the
ACM, v. 7, n. 7, Jul 1964, p. 420.
509. S. Duss© and B. Kaliski, Jr., “A Cryptographic Library for the Motorola DSP56000,”
Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp. 230“244.
510. C. Dwork and L. Stockmeyer, “Zero“Knowledge with Finite State Verifiers,”
Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 71“75.
511. D.E. Eastlake, S.D. Crocker, and J.I. Schiller, “Randomness Requirements for
Security,” RFC 1750, Dec 1994.
512. H. Eberle, “A High“Speed DES Implementation for Network Applications,”
Advances in Cryptology”CRYPTO ™92 Proceedings, Springer“Verlag, pp. 521“539.
513. J. Edwards, “Implementing Electronic Poker: A Practical Exercise in Zero“
Knowledge Interactive Proofs,” Master™s thesis, Department of Computer Science, University of
Kentucky, May 1994.
514. W.F. Ehrsam, C.H.W. Meyer, R.L. Powers, J.L. Smith, and W.L. Tuchman,
“Product Block Cipher for Data Security,” U.S. Patent #3,962,539, 8 Jun 1976.
515. W.F. Ehrsam, C.H.W. Meyer, and W.L. Tuchman, “A Cryptographic Key
Management Scheme for Implementing the Data Encryption Standard,” IBM Systems Journal,
v. 17, n. 2, 1978, pp. 106“125.
516. R. Eier and H. Lagger, “Trapdoors in Knapsack Cryptosystems,” Lecture Notes in
Computer Science 149; Cryptography”Proceedings, Burg Feuerstein 1982, Springer“Verlag,
1983, pp. 316“322.
517. A.K. Ekert, “Quantum Cryptography Based on Bell™s Theorem,” Physical Review
Letters, v. 67, n. 6, Aug 1991, pp. 661“663.
518. T. ElGamal, “A Public“Key Cryptosystem and a Signature Scheme Based on
Discrete Logarithms,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag,
1985, pp. 10“18.
519. T. ElGamal, “A Public“Key Cryptosystem and a Signature Scheme Based on
Discrete Logarithms,” IEEE Transactions on Information Theory, v. IT“31, n. 4, 1985, pp. 469“
472.
520. T. ElGamal, “On Computing Logarithms Over Finite Fields,” Advances in
Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 396“402.



Page 578 of 666
Applied Cryptography: Second Edition - Bruce Schneier



521. T. ElGamal and B. Kaliski, letter to the editor regarding LUC, Dr. Dobb™s Journal, v.
18, n. 5, May 1993, p. 10.
522. T. Eng and T. Okamoto, “Single“Term Divisible Electronic Coins,” Advances in
Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to appear.
523. M.H. Er, D.J. Wong, A.A. Sethu, and K.S. Ngeow, “Design and Implementation of
RSA Cryptosystem Using Multiple DSP Chips,” 1991 IEEE International Symposium on Circuits
and Systems, v. 1, Singapore, 11“14 Jun 1991, pp. 49“52.
524. D. Estes, L.M. Adleman, K. Konpella, K.S. McCurley, and G.L. Miller, “Breaking
the Ong“Schnorr“Shamir Signature Schemes for Quadratic Number Fields,” Advances in
Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 3“13.
525. ETEBAC, “Échanges T©l©matiques Entre Les Banques et Leurs Clients,” Standard
ETEBAC 5, Comit© Fran§ais d™Organisation et de Normalisation Bancaires, Apr 1989. (In
French.)
526. A. Evans, W. Kantrowitz, and E. Weiss, “A User Identification Scheme Not
Requiring Secrecy in the Computer,” Communications of the ACM, v. 17, n. 8, Aug 1974, pp.
437“472.
527. S. Even and O. Goldreich, “DES“Like Functions Can Generate the Alternating
Group,” IEEE Transactions on Information Theory, v. IT“29, n. 6, Nov 1983, pp. 863“865.
528. S. Even and O. Goldreich, “On the Power of Cascade Ciphers,” ACM Transactions
on Computer Systems, v. 3, n. 2, May 1985, pp. 108“116.
529. S. Even, O. Goldreich, and A. Lempel, “A Randomizing Protocol for Signing
Contracts,” Communications of the ACM, v. 28, n. 6, Jun 1985, pp. 637“647.
530. S. Even and Y. Yacobi, “Cryptography and NP“Completeness,” Proceedings of the
7th International Colloquium on Automata, Languages, and Programming , Springer“Verlag,
1980, pp. 195“207.
531. H.“H. Evertse, “Linear Structures in Block Ciphers,” Advances in Cryptology”
EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 249“266.
532. P. Fahn and M.J.B. Robshaw, “Results from the RSA Factoring Challenge,”
Technical Report TR“501, Version 1.3, RSA Laboratories, Jan 1995.
533. R.C. Fairfield, A. Matusevich, and J. Plany, “An LSI Digital Encryption Processor
(DEP),” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 115“
143.
534. R.C. Fairfield, A. Matusevich, and J. Plany, “An LSI Digital Encryption Processor
(DEP),” IEEE Communications, v. 23, n. 7, Jul 1985, pp. 30“41.
535. R.C. Fairfield, R.L. Mortenson, and K.B. Koulthart, “An LSI Random Number
Generator (RNG),” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985,
pp. 203“230.
536. “International Business Machines Corp. License Under Patents,” Federal Register, v.
40, n. 52, 17 Mar 1975, p. 12067.
537. “Solicitation for Public Key Cryptographic Algorithms,” Federal Register, v. 47, n.
126, 30 Jun 1982, p. 28445.
538. “Proposed Federal Information Processing Standard for Digital Signature Standard
(DSS),” Federal Register, v. 56, n. 169, 30 Aug 1991, pp. 42980“42982.
539. “Proposed Federal Information Processing Standard for Secure Hash Standard,”
Federal Register, v. 57, n. 21, 31 Jan 1992, pp. 3747“3749.
540. “Proposed Reaffirmation of Federal Information Processing Standard (FIPS) 46“1,
Data Encryption Standard (DES),” Federal Register, v. 57, n. 177, 11 Sep 1992, p. 41727.
541. “Notice of Proposal for Grant of Exclusive Patent License,” Federal Register, v. 58, n.
108, 8 Jun 1993, pp. 23105“23106.
542. “Approval of Federal Information Processing Standards Publication 186, Digital
Signature Standard (DSS),” Federal Register, v. 58, n. 96, 19 May 1994, pp. 26208“26211.
543. “Proposed Revision of Federal Information Processing Standard (FIPS) 180, Secure
Hash Standard,” Federal Register, v. 59, n. 131, 11 Jul 1994, pp. 35317“35318.



Page 579 of 666
Applied Cryptography: Second Edition - Bruce Schneier



544. U. Feige, A. Fiat, and A. Shamir, “Zero Knowledge Proofs of Identity,” Proceedings
of the 19th Annual ACM Symposium on the Theory of Computing, 1987, pp. 210“217.
545. U. Feige, A. Fiat, and A. Shamir, “Zero Knowledge Proofs of Identity,” Journal of
Cryptology, v. 1, n. 2, 1988, pp. 77“94.
546. U. Feige and A. Shamir, “Zero Knowledge Proofs of Knowledge in Two Rounds,”
Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 526“544.
547. J. Feigenbaum, “Encrypting Problem Instances, or,..., Can You Take Advantage of
Someone Without Having to Trust Him,” Advances in Cryptology”CRYPTO ™85 Proceedings,
Springer“Verlag, 1986, pp. 477“488.
548. J. Feigenbaum, “Overview of Interactive Proof Systems and Zero“Knowledge,” in
Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press,
1992, pp. 423“439.
549. J. Feigenbaum, M.Y. Liberman, E. Grosse, and J.A. Reeds, “Cryptographic
Protection of Membership Lists,” Newsletter of the International Association of Cryptologic
Research, v. 9, 1992, pp. 16“20.
550. J. Feigenbaum, M.Y. Liverman, and R.N. Wright, “Cryptographic Protection of
Databases and Software,” Distributed Computing and Cryptography, J. Feigenbaum and M.
Merritt, eds., American Mathematical Society, 1991, pp. 161“172.
551. H. Feistel, “Cryptographic Coding for Data“Bank Privacy,” RC 2827, Yorktown
Heights, NY: IBM Research, Mar 1970.
552. H. Feistel, “Cryptography and Computer Privacy,” Scientific American, v. 228, n. 5,
May 1973, pp. 15“23.
553. H. Feistel, “Block Cipher Cryptographic System,” U.S. Patent #3,798,359, 19 Mar
1974.
554. H. Feistel, “Step Code Ciphering System,” U.S. Patent #3,798,360, 19 Mar 1974.
555. H. Feistel, “Centralized Verification System,” U.S. Patent #3,798,605, 19 Mar 1974.
556. H. Feistel, W.A. Notz, and J.L. Smith, “Cryptographic Techniques for Machine to
Machine Data Communications,” RC 3663, Yorktown Heights, N.Y.: IBM Research, Dec 1971.
557. H. Feistel, W.A. Notz, and J.L. Smith, “Some Cryptographic Techniques for
Machine to Machine Data Communications,” Proceedings of the IEEE, v. 63, n. 11, Nov 1975,
pp. 1545“1554.
558. P. Feldman, “A Practical Scheme for Non“interactive Verifiable Secret Sharing,”
Proceedings of the 28th Annual Symposium on the Foundations of Computer Science, 1987, pp.
427“437.
559. R.A. Feldman, “Fast Spectral Test for Measuring Nonrandomness and the DES,”
Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 243“254.
560. R.A. Feldman, “A New Spectral Test for Nonrandomness and the DES,” IEEE
Transactions on Software Engineering, v. 16, n. 3, Mar 1990, pp. 261“267.
561. D.C. Feldmeier and P.R. Karn, “UNIX Password Security”Ten Years Later,”
Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 44“63.
562. H. Fell and W. Diffie, “Analysis of a Public Key Approach Based on Polynomial
Substitution,” Advances in Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp.
427“437.
563. N.T. Ferguson, “Single Term Off“Line Coins,” Report CS“R9318, Computer
Science/Department of Algorithms and Architecture, CWI, Mar 1993.
564. N.T. Ferguson, “Single Term Off“Line Coins,” Advances in Cryptology”
EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 318“328.
565. N.T. Ferguson, “Extensions of Single“term Coins,” Advances in Cryptology”
CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 292“301.
566. A. Fiat and A. Shamir, “How to Prove Yourself: Practical Solutions to Identification
and Signature Problems,” Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag,
1987, pp. 186“194.
567. A. Fiat and A. Shamir, “Unforgeable Proofs of Identity,” Proceedings of Securicom



Page 580 of 666
Applied Cryptography: Second Edition - Bruce Schneier



87, Paris, 1987, pp. 147“153.
568. P. Finch, “A Study of the Blowfish Encryption Algorithm,” Ph.D. dissertation,
Department of Computer Science, City University of New York Graduate School and University
Center, Feb 1995.
569. R. Flynn and A.S. Campasano, “Data Dependent Keys for Selective Encryption
Terminal,” Proceedings of NCC, vol. 47, AFIPS Press, 1978, pp. 1127“1129.
570. R.H. Follett, letter to NIST regarding DSS, 25 Nov 1991.
571. R. Forr©, “The Strict Avalanche Criterion: Spectral Properties and an Extended
Definition,” Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp.
450“468.
572. R. Forr©, “A Fast Correlation Attack on Nonlinearity Feedforward Filtered Shift
Register Sequences,” Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag,
1990, pp. 568“595.
573. S. Fortune and M. Merritt, “Poker Protocols,” Advances in Cryptology: Proceedings
of CRYPTO 84, Springer“Verlag, 1985, pp. 454“464.
574. R.B. Fougner, “Public Key Standards and Licenses,” RFC 1170, Jan 1991.
575. Y. Frankel and M. Yung, “Escrowed Encryption Systems Visited: Threats, Attacks,
Analysis and Designs,” Advances in Cryptology”CRYPTO ™95 Proceedings, Springer“Verlag,
1995, to appear.
576. W.F. Friedman, Methods for the Solution of Running“Key Ciphers, Riverbank
Publication No. 16, Riverbank Labs, 1918.
577. W.F. Friedman, The Index of Coincidence and Its Applications in Cryptography,
Riverbank Publication No. 22, Riverbank Labs, 1920. Reprinted by Aegean Park Press, 1987.
578. W.F. Friedman, Elements of Cryptanalysis, Laguna Hills, CA: Aegean Park Press,
1976.
579. W.F. Friedman, “Cryptology,” Encyclopedia Britannica, v. 6, pp. 844“851, 1967.
580. A.M. Frieze, J. Hastad, R. Kannan, J.C. Lagarias, and A. Shamir, “Reconstructing
Truncated Integer Variables Satisfying Linear Congruences,” SIAM Journal on Computing, v.
17, n. 2, Apr 1988, pp. 262“280.
581. A.M. Frieze, R. Kannan, and J.C. Lagarias, “Linear Congruential Generators Do
not Produce Random Sequences,” Proceedings of the 25th IEEE Symposium on Foundations of
Computer Science, 1984, pp. 480“484.
582. E. Fujiaski and T. Okamoto, “On Comparison of Practical Digitial Signature
Schemes,” Proceedings of the 1992 Symposium on Cryptography and Information Security (SCIS
92), Tateshina, Japan, 2“4 Apr 1994, pp. 1A.1“12.
583. A. Fujioka, T. Okamoto, and S. Miyaguchi, “ESIGN: An Efficient Digital Signature
Implementation for Smart Cards,” Advances in Cryptology”EUROCRYPT ™91 Proceedings,
Springer“Verlag, 1991, pp. 446“457.
584. A. Fujioka, T. Okamoto, and K. Ohta, “Interactive Bi“Proof Systems and
Undeniable Signature Schemes,” Advances in Cryptology”EUROCRYPT ™91 Proceedings,
Springer“Verlag, 1991, pp. 243“256.
585. A. Fujioka, T. Okamoto, and K. Ohta, “A Practical Secret Voting Scheme for Large
Scale Elections,” Advances in Cryptology”AUSCRYPT ™92 Proceedings, Springer“Verlag, 1993,
pp. 244“251.
586. K. Gaardner and E. Snekkenes, “Applying a Formal Analysis Technique to the
CCITT X.509 Strong Two“Way Authentication Protocol,” Journal of Cryptology, v. 3, n. 2,
1991, pp. 81“98.
587. H.F. Gaines, Cryptanalysis, American Photographic Press, 1937. (Reprinted by Dover
Publications, 1956.)
588. J. Gait, “A New Nonlinear Pseudorandom Number Generator,” IEEE Transactions
on Software Engineering, v. SE“3, n. 5, Sep 1977, pp. 359“363.
589. J. Gait, “Short Cycling in the Kravitz“Reed Public Key Encryption System,”
Electronics Letters, v. 18, n. 16, 5 Aug 1982, pp. 706“707.



Page 581 of 666
Applied Cryptography: Second Edition - Bruce Schneier



590. Z. Galil, S. Haber, and M. Yung, “A Private Interactive Test of a Boolean Predicate
and Minimum“Knowledge Public“Key Cryptosystems,” Proceedings of the 26th IEEE
Symposium on Foundations of Computer Science, 1985, pp. 360“371.
591. Z. Galil, S. Haber, and M. Yung, “Cryptographic Computation: Secure Fault“
Tolerant Protocols and the Public“Key Model,” Advances in Cryptology”CRYPTO ™87
Proceedings, Springer“Verlag, 1988, pp. 135“155.
592. Z. Galil, S. Haber, and M. Yung, “Minimum“Knowledge Interactive Proofs for
Decision Problems,” SIAM Journal on Computing, v. 18, n. 4, 1989, pp. 711“739.
593. R.G. Gallager, Information Theory and Reliable Communications, New York: John
Wiley & Sons, 1968.
594. P. Gallay and E. Depret, “A Cryptography Microprocessor,” 1988 IEEE
International Solid“State Circuits Conference Digest of Technical Papers, 1988, pp. 148“149.
595. R.A. Games, “There are no de Bruijn Sequences of Span n with Complexity 2n“1 + n
+ 1,” Journal of Combinatorical Theory, Series A, v. 34, n. 2, Mar 1983, pp. 248“251.
596. R.A. Games and A.H. Chan, “A Fast Algorithm for Determining the Complexity of a
Binary Sequence with 2n,” IEEE Transactions on Information Theory, v. IT“29, n. 1, Jan 1983,
pp. 144“146.
597. R.A. Games, A.H. Chan, and E.L. Key, “On the Complexity of de Bruijn Sequences,”
Journal of Combinatorical Theory, Series A, v. 33, n. 1, Nov 1982, pp. 233“246.
598. S.H. Gao and G.L. Mullen, “Dickson Polynomials and Irreducible Polynomials over
Finite Fields,” Journal of Number Theory, v. 49, n. 1, Oct 1994, pp. 18“132.
599. M. Gardner, “A New Kind of Cipher That Would Take Millions of Years to Break,”
Scientific American, v. 237, n. 8, Aug 1977, pp. 120“124.
600. M.R. Garey and D.S. Johnson, Computers and Intractability: A Guide to the Theory of
NP“Completeness, W.H. Freeman and Co., 1979.
601. S.L. Garfinkel, PGP: Pretty Good Privacy, Sebastopol, CA: O™Reilly and Associates,
1995.
602. C.W. Gardiner, “Distributed Public Key Certificate Management,” Proceedings of
the Privacy and Security Research Group 1993 Workshop on Network and Distributed System
Security, The Internet Society, 1993, pp. 69“73.
603. G. Garon and R. Outerbridge, “DES Watch: An Examination of the Sufficiency of
the Data Encryption Standard for Financial Institution Information Security in the 1990™s,”
Cryptologia, v. 15, n. 3, Jul 1991, pp. 177“193.
604. M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson, “The Digital Distributed
Systems Security Architecture,” Proceedings of the 12th National Computer Security Conference,
NIST, 1989, pp. 305“319.
605. J. von zur Gathen, D. Kozen, and S. Landau, “Functional Decomposition of
Polynomials,” Proceedings of the 28th IEEE Symposium on the Foundations of Computer
Science, IEEE Press, 1987, pp. 127“ 131.
606. P.R. Geffe, “How to Protect Data With Ciphers That are Really Hard to Break,”
Electronics, v. 46, n. 1, Jan 1973, pp. 99“101.
607. D.K. Gifford, D. Heitmann, D.A. Segal, R.G. Cote, K. Tanacea, and D.E. Burmaster,
“Boston Community Information System 1986 Experimental Test Results,” MIT/LCS/TR“397,
MIT Laboratory for Computer Science, Aug 1987.
608. D.K. Gifford, J.M. Lucassen, and S.T. Berlin, “The Application of Digital Broadcast
Communication to Large Scale Information Systems,” IEEE Journal on Selected Areas in
Communications, v. 3, n. 3, May 1985, pp. 457“467.
609. D.K. Gifford and D.A. Segal, “Boston Community Information System 1987“1988
Experimental Test Results,” MIT/LCS/TR“422, MIT Laboratory for Computer Science, May
1989.
610. H. Gilbert and G. Chase, “A Statistical Attack on the Feal“8 Cryptosystem,”
Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 22“33.
611. H. Gilbert and P. Chauvaud, “A Chosen Plaintext Attack of the 16“Round Khufu



Page 582 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Cryptosystem,” Advances in Cryptology”CRYPTO ™94 Proceedings, Springer“Verlag, 1994, pp.
259“268.
612. M. Girault, “Hash“Functions Using Modulo“N Operations,” Advances in
Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 217“226.
613. J. Gleick, “A New Approach to Protecting Secrets is Discovered,” The New York
Times, 18 Feb 1987, pp. C1 and C3.
614. J.“M. Goethals and C. Couvreur, “A Cryptanalytic Attack on the Lu“Lee Public“
Key Cryptosystem,” Philips Journal of Research, v. 35, 1980, pp. 301“306.
615. O. Goldreich, “A Uniform“Complexity Treatment of Encryption and Zero“
Knowledge, Journal of Cryptology, v. 6, n. 1, 1993, pp. 21“53.
616. O. Goldreich and H. Krawczyk, “On the Composition of Zero Knowledge Proof
Systems,” Proceedings on the 17th International Colloquium on Automata, Languages, and
Programming, Springer“Verlag, 1990, pp. 268“282.
617. O. Goldreich and E. Kushilevitz, “A Perfect Zero“Knowledge Proof for a Problem
Equivalent to Discrete Logarithm,” Advances in Cryptology”CRYPTO ™88 Proceedings,
Springer“Verlag, 1990, pp. 58“70.
618. O. Goldreich and E. Kushilevitz, “A Perfect Zero“Knowledge Proof for a Problem
Equivalent to Discrete Logarithm,” Journal of Cryptology, v. 6, n. 2, 1993, pp. 97“116.
619. O. Goldreich, S. Micali, and A. Wigderson, “Proofs That Yield Nothing but Their
Validity and a Methodology of Cryptographic Protocol Design,” Proceedings of the 27th IEEE
Symposium on the Foundations of Computer Science, 1986, pp. 174“187.
620. O. Goldreich, S. Micali, and A. Wigderson, “How to Prove All NP Statements in
Zero Knowledge and a Methodology of Cryptographic Protocol Design,” Advances in
Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 171“185.
621. O. Goldreich, S. Micali, and A. Wigderson, “How to Play Any Mental Game,”
Proceedings of the 19th ACM Symposium on the Theory of Computing, 1987, pp. 218“229.
622. O. Goldreich, S. Micali, and A. Wigderson, “Proofs That Yield Nothing but Their
Validity and a Methodology of Cryptographic Protocol Design,” Journal of the ACM, v. 38, n. 1,
Jul 1991, pp. 691“729.
623. S. Goldwasser and J. Kilian, “Almost All Primes Can Be Quickly Certified,”
Proceedings of the 18th ACM Symposium on the Theory of Computing, 1986, pp. 316“ 329.
624. S. Goldwasser and S. Micali, “Probabilistic Encryption and How to Play Mental
Poker Keeping Secret All Partial Information,” Proceedings of the 14th ACM Symposium on the
Theory of Computing, 1982, pp. 270“299.
625. S. Goldwasser and S. Micali, “Probabilistic Encryption,” Journal of Computer and
System Sciences, v. 28, n. 2, Apr 1984, pp. 270“299.
626. S. Goldwasser, S. Micali, and C. Rackoff, “The Knowledge Complexity of Interactive
Proof Systems,” Proceedings of the 17th ACM Symposium on Theory of Computing, 1985, pp.
291“304.
627. S. Goldwasser, S. Micali, and C. Rackoff, “The Knowledge Complexity of Interactive
Proof Systems,” SIAM Journal on Computing, v. 18, n. 1, Feb 1989, pp. 186“ 208.
628. S. Goldwasser, S. Micali, and R.L. Rivest, “A Digital Signature Scheme Secure
Against Adaptive Chosen“Message Attacks,” SIAM Journal on Computing, v. 17, n. 2, Apr 1988,
pp. 281“308.
629. S. Goldwasser, S. Micali, and A.C. Yao, “On Signatures and Authentication,”
Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 211“215.
630. J.D. Golic, “On the Linear Complexity of Functions of Periodic GF(q) Sequences,”
IEEE Transactions on Information Theory, v. IT“35, n. 1, Jan 1989, pp. 69“75.
631. J.D. Golic, “Linear Cryptanalysis of Stream Ciphers,” K.U. Leuven Workshop on
Cryptographic Algorithms, Springer“Verlag, 1995, pp. 262“282.
632. J.D. Golic, “Towards Fast Correlation Attacks on Irregularly Clocked Shift
Registers,” Advances in Cryptology”EUROCRYPT ™95 Proceedings, Springer“Verlag, 1995, to
appear.



Page 583 of 666
Applied Cryptography: Second Edition - Bruce Schneier



633. J.D. Golic and M.J. Mihajlevic, “A Generalized Correlation Attack on a Class of
Stream Ciphers Based on the Levenshtein Distance,” Journal of Cryptology, v. 3, n. 3, 1991, pp.
201“212.
634. J.D. Golic and L. O™Connor, “Embedding and Probabilistic Correlation Attacks on
Clock“Controlled Shift Registers,” Advances in Cryptology”EUROCRYPT ™94 Proceedings,
Springer“Verlag, 1995, to appear.
635. R. Golliver, A.K. Lenstra, K.S. McCurley, “Lattice Sieving and Trial Division,”
Proceedings of the Algorithmic Number Theory Symposium, Cornell, 1994, to appear.
636. D. Gollmann, “Kaskadenschaltungen taktgesteuerter Schieberegister als
Pseudozufallszahlengeneratoren,” Ph.D. dissertation, Universit¤t Linz, 1983. (In German.)
637. D. Gollmann, “Pseudo Random Properties of Cascade Connections of Clock
Controlled Shift Registers,” Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer“
Verlag, 1985, pp. 93“98.
638. D. Gollmann, “Correlation Analysis of Cascaded Sequences,” Cryptography and
Coding, H.J. Beker and F.C. Piper, eds., Oxford: Clarendon Press, 1989, pp. 289“297.
639. D. Gollmann, “Transformation Matrices of Clock“Controlled Shift Registers,”
Cryptography and Coding III, M.J. Ganley, ed., Oxford: Clarendon Press, 1993, pp. 197“210.
640. D. Gollmann and W.G. Chambers, “Lock“In Effect in Cascades of Clock“Controlled
Shift“Registers,” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag,
1988, pp. 331“343.
641. D. Gollmann and W.G. Chambers, “Clock“Controlled Shift Registers: A Review,”
IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 525“533.
642. D. Gollmann and W.G. Chambers, “A Cryptanalysis of Stepk,m“cascades,” Advances
in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp. 680“687.
643. S.W. Golomb, Shift Register Sequences, San Francisco: Holden“Day, 1967.
(Reprinted by Aegean Park Press, 1982.)
644. L. Gong, “A Security Risk of Depending on Synchronized Clocks,” Operating
Systems Review, v. 26, n. 1, Jan 1992, pp. 49“53.
645. L. Gong, R. Needham, and R. Yahalom, “Reasoning About Belief in Cryptographic
Protocols,” Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security
and Privacy, 1991, pp. 234“248.
646. R.M. Goodman and A.J. McAuley, “A New Trapdoor Knapsack Public Key
Cryptosystem,” Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag,
1985, pp. 150“158.
647. R.M. Goodman and A.J. McAuley, “A New Trapdoor Knapsack Public Key
Cryptosystem,” IEE Proceedings, v. 132, pt. E, n. 6, Nov 1985, pp. 289“292.
648. D.M. Gordon, “Discrete Logarithms Using the Number Field Sieve,” Preprint, 28
Mar 1991.
649. D.M. Gordon and K.S. McCurley, “Computation of Discrete Logarithms in Fields of
Characteristic Two,” presented at the rump session of CRYPTO ™91, Aug 1991.
650. D.M. Gordon and K.S. McCurley, “Massively Parallel Computation of Discrete
Logarithms,” Advances in Cryptology”CRYPTO ™92 Proceedings, Springer“Verlag, 1993, pp.
312“323.
651. J.A. Gordon, “Strong Primes are Easy to Find,” Advances in Cryptology: Proceedings
of EUROCRYPT 84, Springer“Verlag, 1985, pp. 216“223.
652. J.A. Gordon, “Very Simple Method to Find the Minimal Polynomial of an Arbitrary
Non“Zero Element of a Finite Field,” Electronics Letters, v. 12, n. 25, 9 Dec 1976, pp. 663“664.
653. J.A. Gordon and R. Retkin, “Are Big S“Boxes Best?” Cryptography, Proceedings of
the Workshop on Cryptography, Burg Feuerstein, Germany, March 29“April 2, 1982, Springer“
Verlag, 1983, pp. 257“262.
654. M. Goresky and A. Klapper, “Feedback Registers Based on Ramified Extension of
the 2“adic Numbers,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“
Verlag, 1995, to appear.



Page 584 of 666
Applied Cryptography: Second Edition - Bruce Schneier



655. GOST, Gosudarstvennyi Standard 28147“89, “Cryptographic Protection for Data
Processing Systems,” Government Committee of the USSR for Standards, 1989. (In Russian.)
656. GOST R 34.10“94, Gosudarstvennyi Standard of Russian Federation, “Information
technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital
Signature based on Asymmetric Cryptographic Algorithm.” Government Committee of the
Russia for Standards, 1994. (In Russian.)
657. GOST R 34.11“94, Gosudarstvennyi Standard of Russian Federation, “Information
technology. Cryptographic Data Security. Hashing function.” Government Committee of the
Russia for Standards, 1994. (In Russian.)
658. R. Göttfert and H. Niederreiter, “On the Linear Complexity of Products of Shift“
Register Sequences,” Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag,
1994, pp. 151“158.
659. R. Göttfert and H. Niederreiter, “A General Lower Bound for the Linear
Complexity of the Product of Shift“Register Sequences,” Advances in Cryptology”
EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to appear.
660. J. van de Graaf and R. Peralta, “A Simple and Secure Way to Show the Validity of
Your Public Key,” Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988,
pp. 128“134.
661. J. Grollman and A.L. Selman, “Complexity Measures for Public“Key
Cryptosystems,” Proceedings of the 25th IEEE Symposium on the Foundations of Computer
Science, 1984, pp. 495“503.
662. GSA Federal Standard 1026, “Telecommunications: General Security Requirements
for Equipment Using the Data Encryption Standard,” General Services Administration, Apr
1982.
663. GSA Federal Standard 1027, “Telecommunications: Interoperability and Security
Requirements for Use of the Data Encryption Standard in the Physical and Data Link Layers of
Data Communications,” General Services Administration, Jan 1983.
664. GSA Federal Standard 1028, “Interoperability and Security Requirements for Use of
the Data Encryption Standard with CCITT Group 3 Facsimile Equipment,” General Services
Administration, Apr 1985.
665. P. Guam, “Cellular Automaton Public Key Cryptosystems,” Complex Systems, v. 1,
1987, pp. 51“56.
666. H. Guan, “An Analysis of the Finite Automata Public Key Algorithm,”
CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 120“126. (In Chinese.)
667. G. Guanella, “Means for and Method for Secret Signalling,” U.S. Patent #2,405,500,
6 Aug 1946.
668. M. Gude, “Concept for a High“Performance Random Number Generator Based on
Physical Random Phenomena,” Frequenz, v. 39, 1985, pp. 187“190.
669. M. Gude, “Ein quasi“idealer Gleichverteilungsgenerator basierend auf
physikalischen Zufallsph¤nomenen,” Ph.D. dissertation, Aachen University of Technology,
1987. (In German.)
670. L.C. Guillou and J.“J. Quisquater, “A Practical Zero“Knowledge Protocol Fitted to
Security Microprocessor Minimizing Both Transmission and Memory,” Advances in
Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag, 1988, pp. 123“128.
671. L.C. Guillou and J.“J. Quisquater, “A ˜Paradoxical™ Identity“Based Signature
Scheme Resulting from Zero“Knowledge,” Advances in Cryptology”CRYPTO ™88 Proceedings,
Springer“Verlag, 1990, pp. 216“ 231.
672. L.C. Guillou, M. Ugon, and J.“J. Quisquater, “The Smart Card: A Standardized
Security Device Dedicated to Public Cryptology,” Contemporary Cryptology: The Science of
Information Integrity, G. Simmons, ed., IEEE Press, 1992, pp. 561“613.
673. C.G. Günther, “Alternating Step Generators Controlled by de Bruijn Sequences,”
Advances in Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 5“14.
674. C.G. Günther, “An Identity“based Key“exchange Protocol,” Advances in



Page 585 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp. 29“37.
675. H. Gustafson, E. Dawson, and B. Caelli, “Comparison of Block Ciphers,” Advances
in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp. 208“220.
676. P. Gutmann, personal communication, 1993.
677. H. Gutowitz, “A Cellular Automaton Cryptosystem: Specification and Call for
Attack,” unpublished manuscript, Aug 1992.
678. H. Gutowitz, “Method and Apparatus for Encryption, Decryption, and
Authentication Using Dynamical Systems,” U.S. Patent #5,365,589, 15 Nov 1994.
679. H. Gutowitz, “Cryptography with Dynamical Systems,” Cellular Automata and
Cooperative Phenomenon, Kluwer Academic Press, 1993.
680. R.K. Guy, “How to Factor a Number,” Fifth Manitoba Conference on Numeral
Mathematics Congressus Numerantium, v. 16, 1976, pp. 49“89.
681. R.K. Guy, Unsolved Problems in Number Theory, Springer“Verlag, 1981.
682. S. Haber and W.S. Stornetta, “How to Time“Stamp a Digital Document,” Advances
in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 437“455.
683. S. Haber and W.S. Stornetta, “How to Time“Stamp a Digital Document,” Journal of
Cryptology, v. 3, n. 2, 1991, pp. 99“112.
684. S. Haber and W.S. Stornetta, “Digital Document Time“Stamping with Catenate
Certificate,” U.S. Patent #5,136,646, 4 Aug 1992.
685. S. Haber and W.S. Stornetta, “Method for Secure Time“Stamping of Digital
Documents,” U.S. Patent #5,136,647, 4 Aug 1992.
686. S. Haber and W.S. Stornetta, “Method of Extending the Validity of a Cryptographic
Certificate,” U.S. Patent #5,373,561, 13 Dec 1994.
687. T. Habutsu, Y. Nishio, I. Sasase, and S. Mori, “A Secret Key Cryptosystem by
Iterating a Chaotic Map,” Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E73, n. 7, Jul 1990, pp. 1041“1044.
688. T. Habutsu, Y. Nishio, I. Sasase, and S. Mori, “A Secret Key Cryptosystem by
Iterating a Chaotic Map,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“
Verlag, 1991, pp. 127“140.
689. S. Hada and H. Tanaka, “An Improvement Scheme of DES against Differential
Cryptanalysis,” Proceedings of the 1994 Symposium on Cryptography and Information Security
(SCIS 94), Lake Biwa, Japan, 27“29 Jan 1994, pp 14A.1“11. (In Japanese.)
690. B.C.W. Hagelin, “The Story of the Hagelin Cryptos,” Cryptologia, v. 18, n. 3, Jul
1994, pp. 204“242.
691. T. Hansen and G.L. Mullen, “Primitive Polynomials over Finite Fields,” Mathematics
of Computation, v. 59, n. 200, Oct 1992, pp. 639“643.
692. S. Harada and S. Kasahara, “An ID“Based Key Sharing Scheme Without
Preliminary Communication,” IEICE Japan, Technical Report, ISEC89“38, 1989. (In
Japanese.)
693. S. Harari, “A Correlation Cryptographic Scheme,” EUROCODE ™90”International
Symposium on Coding Theory, Springer“Verlag, 1991, pp. 180“192.
694. T. Hardjono and J. Seberry, “Authentication via Multi“Service Tickets in the
Kuperee Server,” Computer Security”ESORICS 94, Springer“Verlag, 1994, pp. 144“160.
695. L. Harn and T. Kiesler, “New Scheme for Digital Multisignatures,” Electronics
Letters, v. 25, n. 15, 20 Jul 1989, pp. 1002“ 1003.
696. L. Harn and T. Kiesler, “Improved Rabin™s Scheme with High Efficiency,”
Electronics Letters, v. 25, n. 15, 20 Jul 1989, p. 1016.
697. L. Harn and T. Kiesler, “Two New Efficient Cryptosystems Based on Rabin™s
Scheme,” Fifth Annual Computer Security Applications Conference, IEEE Computer Society
Press, 1990, pp. 263“270.
698. L. Harn and D.“C. Wang, “Cryptanalysis and Modification of Digital Signature
Scheme Based on Error“Correcting Codes,” Electronics Letters, v. 28, n. 2, 10 Jan 1992, p. 157“
159.



Page 586 of 666
Applied Cryptography: Second Edition - Bruce Schneier



699. L. Harn and Y. Xu, “Design of Generalized ElGamal Type Digital Signature
Schemes Based on Discrete Logarithm,” Electronics Letters, v. 30, n. 24, 24 Nov 1994, p. 2025“
2026.
700. L. Harn and S. Yang, “Group“Oriented Undeniable Signature Schemes without the
Assistance of a Mutually Trusted Party,” Advances in Cryptology”AUSCRYPT ™92 Proceedings,
Springer“Verlag, 1993, pp. 133“142.
701. G. Harper, A. Menezes, and S. Vanstone, “Public“Key Cryptosystems with Very
Small Key Lengths,” Advances in Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag,
1993, pp. 163“173.
702. C. Harpes, “Notes on High Order Differential Cryptanalysis of DES,” internal
report, Signal and Information Processing Laboratory, Swiss Federal Institute of Technology,
Aug 1993.
703. G.W. Hart, “To Decode Short Cryptograms,” Communications of the ACM, v. 37, n.
9, Sep 1994, pp. 102“108.
704. J. Hastad, “On Using RSA with Low Exponent in a Public Key Network,” Advances
in Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 403“408.
705. J. Hastad and A. Shamir, “The Cryptographic Security of Truncated Linearly
Related Variables,” Proceedings of the 17th Annual ACM Symposium on the Theory of
Computing, 1985, pp. 356“362.
706. R.C. Hauser and E.S. Lee, “Verification and Modelling of Authentication Protocols,”
ESORICS 92, Proceedings of the Second European Symposium on Research in Computer
Security, Springer“Verlag, 1992, pp. 131“154.
707. B. Hayes, “Anonymous One“Time Signatures and Flexible Untraceable Electronic
Cash,” Advances in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp. 294“
305.
708. D.K. He, “LUC Public Key Cryptosystem and its Properties,” CHINACRYPT ™94,
Xidian, China, 11“15 Nov 1994, pp. 60“69. (In Chinese.)
709. J. He and T. Kiesler, “Enhancing the Security of ElGamal™s Signature Scheme,” IEE
Proceedings on Computers and Digital Techniques, v. 141, n. 3, 1994, pp. 193“195.
710. E.H. Hebern, “Electronic Coding Machine,” U.S. Patent #1,510,441, 30 Sep 1924.
711. N. Heintze and J.D. Tygar, “A Model for Secure Protocols and their Compositions,”
Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy,
1994, pp. 2“13.
712. M.E. Hellman, “An Extension of the Shannon Theory Approach to Cryptography,”
IEEE Transactions on Information Theory, v. IT“23, n. 3, May 1977, pp. 289“294.
713. M.E. Hellman, “The Mathematics of Public“Key Cryptography,” Scientific
American, v. 241, n. 8, Aug 1979, pp. 146“157.
714. M.E. Hellman, “DES Will Be Totally Insecure within Ten Years,” IEEE Spectrum, v.
16, n. 7, Jul 1979, pp. 32“39.
715. M.E. Hellman, “On DES“Based Synchronous Encryption,” Dept. of Electrical
Engineering, Stanford University, 1980.
716. M.E. Hellman, “A Cryptanalytic Time“Memory Trade Off,” IEEE Transactions on
Information Theory, v. 26, n. 4, Jul 1980, pp. 401“406.
717. M.E. Hellman, “Another Cryptanalytic Attack on ˜A Cryptosystem for Multiple
Communications™,” Information Processing Letters, v. 12, 1981, pp. 182“183.
718. M.E. Hellman, W. Diffie, and R.C. Merkle, “Cryptographic Apparatus and
Method,” U.S. Patent #4,200,770, 29 Apr 1980.
719. M.E. Hellman, W. Diffie, and R.C. Merkle, “Cryptographic Apparatus and
Method,” Canada Patent #1,121,480, 6 Apr 1982.
720. M.E. Hellman and R.C. Merkle, “Public Key Cryptographic Apparatus and
Method,” U.S. Patent #4,218,582, 19 Aug 1980.
721. M.E. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, and P.
Schweitzer, “Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption




Page 587 of 666
Applied Cryptography: Second Edition - Bruce Schneier

<<

. 25
( 29)



>>