<<

. 26
( 29)



>>




Standard,” Technical Report SEL 76“042, Information Systems Lab, Department of Electrical
Engineering, Stanford University, 1976.
722. M.E. Hellman and S.C. Pohlig, “Exponentiation Cryptographic Apparatus and
Method,” U.S. Patent #4,424,414, 3 Jan 1984.
723. M.E. Hellman and J.M. Reyneri, “Distribution of Drainage in the DES,” Advances in
Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 129“131.
724. F. Hendessi and M.R. Aref, “A Successful Attack Against the DES,” Third Canadian
Workshop on Information Theory and Applications, Springer“Verlag, 1994, pp. 78“90.
725. T. Herlestam, “Critical Remarks on Some Public“Key Cryptosystems,” BIT, v. 18,
1978, pp. 493“496.
726. T. Herlestam, “On Functions of Linear Shift Register Sequences”, Advances in
Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 119“129.
727. T. Herlestam and R. Johannesson, “On Computing Logarithms over GF(2p),” BIT,
v. 21, 1981, pp. 326“334.
728. H.M. Heys and S.E. Tavares, “On the Security of the CAST Encryption Algorithm,”
Proceedings of the Canadian Conference on Electrical and Computer Engineering, Halifax, Nova
Scotia, Sep 1994, pp. 332“335.
729. H.M. Heys and S.E. Tavares, “The Design of Substitution“Permutation Networks
Resistant to Differential and Linear Cryptanalysis,” Proceedings of the 2nd Annual ACM
Conference on Computer and Communications Security, ACM Press, 1994, pp. 148“155.
730. E. Heyst and T.P. Pederson, “How to Make Fail“Stop Signatures,” Advances in
Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1993, pp. 366“377.
731. E. Heyst, T.P. Pederson, and B. Pfitzmann, “New Construction of Fail“Stop
Signatures and Lower Bounds,” Advances in Cryptology”CRYPTO ™92 Proceedings, Springer“
Verlag, 1993, pp. 15“30.
732. L.S. Hill, “Cryptography in an Algebraic Alphabet,” American Mathematical
Monthly, v. 36, Jun“Jul 1929, pp. 306“312.
733. P.J.M. Hin, “Channel“Error“Correcting Privacy Cryptosystems,” Ph.D.
dissertation, Delft University of Technology, 1986. (In Dutch.)
734. R. Hirschfeld, “Making Electronic Refunds Safer,” Advances in Cryptology”
CRYPTO ™92 Proceedings, Springer“Verlag, 1993, pp. 106“112.
735. A. Hodges, Alan Turing: The Enigma of Intelligence, Simon and Schuster, 1983.
736. W. Hohl, X. Lai, T. Meier, and C. Waldvogel, “Security of Iterated Hash Functions
Based on Block Ciphers,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag,
1994, pp. 379“390.
737. F. Hoornaert, M. Decroos, J. Vandewalle, and R. Govaerts, “Fast RSA“Hardware:
Dream or Reality?” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag,
1988, pp. 257“264.
738. F. Hoornaert, J. Goubert, and Y. Desmedt, “Efficient Hardware Implementation of
the DES,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 147“
173.
739. E. Horowitz and S. Sahni, Fundamentals of Computer Algorithms, Rockville, MD:
Computer Science Press, 1978.
740. P. Horster, H. Petersen, and M. Michels, “Meta“ElGamal Signature Schemes,”
Proceedings of the 2nd Annual ACM Conference on Computer and Communications Security,
ACM Press, 1994, pp. 96“107.
741. P. Horster, H. Petersen, and M. Michels, “Meta Message Recovery and Meta Blind
Signature Schemes Based on the Discrete Logarithm Problem and their Applications,” Advances
in Cryptology”ASIACRYPT ™94 Proceedings, Springer“Verlag, 1995, pp. 224“237.
742. L.K. Hua, Introduction to Number Theory, Springer“Verlag, 1982.
743. K. Huber, “Specialized Attack on Chor“Rivest Public Key Cryptosystem,”
Electronics Letters, v. 27, n. 23, 7 Nov 1991, pp. 2130“2131.
744. E. Hughes, “A Cypherpunk™s Manifesto,” 9 Mar 1993.



Page 588 of 666
Applied Cryptography: Second Edition - Bruce Schneier



745. E. Hughes, “An Encrypted Key Transmission Protocol,” presented at the rump
session of CRYPTO ™94, Aug 1994.
746. H. Hule and W.B. Müller, “On the RSA“Cryptosystem with Wrong Keys,”
Contributions to General Algebra 6, Vienna: Verlag Hölder“Pichler“Tempsky, 1988, pp. 103“
109.
747. H.A. Hussain, J.W.A. Sada, and S.M. Kalipha, “New Multistage Knapsack Public“
Key Cryptosystem,” International Journal of Systems Science, v. 22, n. 11, Nov 1991, pp. 2313“
2320.
748. T. Hwang, “Attacks on Okamoto and Tanaka™s One“Way ID“Based Key
Distribution System,” Information Processing Letters, v. 43, n. 2, Aug 1992, pp. 83“86.
749. T. Hwang and T.R.N. Rao, “Secret Error“Correcting Codes (SECC),” Advances in
Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 540“563.
750. C. I™Anson and C. Mitchell, “Security Defects in CCITT Recommendation X.509”
the Directory Authentication Framework,” Computer Communications Review, v. 20, n. 2, Apr
1990, pp. 30“34.
751. IBM, “Common Cryptographic Architecture: Cryptographic Application
Programming Interface Reference,” SC40“1675“1, IBM Corp., Nov 1990.
752. IBM, “Common Cryptographic Architecture: Cryptographic Application
Programming Interface Reference”Public Key Algorithm,” IBM Corp., Mar 1993.
753. R. Impagliazzo and M. Yung, “Direct Minimum“Knowledge Computations,”
Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 40“51.
754. I. Ingemarsson, “A New Algorithm for the Solution of the Knapsack Problem,”
Lecture Notes in Computer Science 149; Cryptography: Proceedings of the Workshop on
Cryptography, Springer“Verlag, 1983, pp. 309“315.
755. I. Ingemarsson, “Delay Estimation for Truly Random Binary Sequences or How to
Measure the Length of Rip van Winkle™s Sleep,” Communications and Cryptography: Two Sides
of One Tapestry, R.E. Blahut et al., eds., Kluwer Adademic Publishers, 1994, pp. 179“186.
756. I. Ingemarsson and G.J. Simmons, “A Protocol to Set Up Shared Secret Schemes
without the Assistance of a Mutually Trusted Party,” Advances in Cryptology”EUROCRYPT
™90 Proceedings, Springer“Verlag, 1991, pp. 266“282.
757. I. Ingemarsson, D.T. Tang, and C.K. Wong, “A Conference Key Distribution
System,” IEEE Transactions on Information Theory, v. IT“28, n. 5, Sep 1982, pp. 714“720.
758. ISO DIS 8730, “Banking”Requirements for Message Authentication (Wholesale),”
Association for Payment Clearing Services, London, Jul 1987.
759. ISO DIS 8731“1, “Banking”Approved Algorithms for Message Authentication”
Part 1: DEA,” Association for Payment Clearing Services, London, 1987.
760. ISO DIS 8731“2, “Banking”Approved Algorithms for Message Authentication”
Part 2: Message Authenticator Algorithm,” Association for Payment Clearing Services, London,
1987.
761. ISO DIS 8732, “Banking”Key Management (Wholesale),” Association for Payment
Clearing Services, London, Dec 1987.
762. ISO/IEC 9796, “Information Technology”Security Techniques”Digital Signature
Scheme Giving Message Recovery,” International Organization for Standardization, Jul 1991.
763. ISO/IEC 9797, “Data Cryptographic Techniques”Data Integrity Mechanism Using
a Cryptographic Check Function Employing a Block Cipher Algorithm,” International
Organization for Standardization, 1989.
764. ISO DIS 10118 DRAFT, “Information Technology”Security Techniques”Hash
Functions,” International Organization for Standardization, 1989.
765. ISO DIS 10118 DRAFT, “Information Technology”Security Techniques”Hash
Functions,” International Organization for Standardization, April 1991.
766. ISO N98, “Hash Functions Using a Pseudo Random Algorithm,” working document,
ISO“IEC/JTC1/SC27/WG2, International Organization for Standardization, 1992.
767. ISO N179, “AR Fingerprint Function,” working document, ISO“IEC/JTC1/SC27/




Page 589 of 666
Applied Cryptography: Second Edition - Bruce Schneier



WG2, International Organization for Standardization, 1992.
768. ISO/IEC 10118, “Information Technology”Security Techniques”Hash
Functions”Part 1: General and Part 2: Hash“Functions Using an n“Bit Block Cipher
Algorithm,” International Organization for Standardization, 1993.
769. K. Ito, S. Kondo, and Y. Mitsuoka, “SXAL8/MBAL Algorithm,” Technical Report,
ISEC93“68, IEICE Japan, 1993. (In Japanese.)
770. K.R. Iversen, “The Application of Cryptographic Zero“Knowledge Techniques in
Computerized Secret Ballot Election Schemes,” Ph.D. dissertation, IDT“report 1991:3,
Norwegian Institute of Technology, Feb 1991.
771. K.R. Iversen, “A Cryptographic Scheme for Computerized General Elections,”
Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 405“419.
772. K. Iwamura, T. Matsumoto, and H. Imai, “An Implementation Method for RSA
Cryptosystem with Parallel Processing,” Transactions of the Institute of Electronics, Information,
and Communication Engineers, v. J75“A, n. 8, Aug 1992, pp. 1301“1311.
773. W.J. Jaburek, “A Generalization of ElGamal™s Public Key Cryptosystem,” Advances
in Cryptology”EUROCRYPT ™89 Proceedings, 1990, Springer“Verlag, pp. 23“28.
774. N.S. James, R. Lidi, and H. Niederreiter, “Breaking the Cade Cipher,” Advances in
Cryptology”CRYPTO ™86 Proceedings, 1987, Springer“Verlag, pp. 60“63.
775. C.J.A. Jansen, “On the Key Storage Requirements for Secure Terminals,”
Computers and Security, v. 5, n. 2, Jun 1986, pp. 145“149.
776. C.J.A. Jansen, “Investigations on Nonlinear Streamcipher Systems: Construction
and Evaluation Methods,” Ph.D. dissertation, Technical University of Delft, 1989.
777. C.J.A. Jansen and D.E. Boekee, “Modes of Blockcipher Algorithms and their
Protection against Active Eavesdropping,” Advances in Cryptology”EUROCRYPT ™87
Proceedings, Springer“Verlag, 1988, pp. 281“286.
778. S.M. Jennings, “A Special Class of Binary Sequences,” Ph.D. dissertation, University
of London, 1980.
779. S.M. Jennings, “Multiplexed Sequences: Some Properties of the Minimum
Polynomial,” Lecture Notes in Computer Science 149; Cryptography: Proceedings of the
Workshop on Cryptography, Springer“Verlag, 1983, pp. 189“206.
780. S.M. Jennings, “Autocorrelation Function of the Multiplexed Sequence,” IEE
Proceedings, v. 131, n. 2, Apr 1984, pp. 169“172.
781. T. Jin, “Care and Feeding of Your Three“Headed Dog,” Document Number IAG“
90“011, Hewlett“Packard, May 1990.
782. T. Jin, “Living with Your Three“Headed Dog,” Document Number IAG“90“012,
Hewlett“Packard, May 1990.
783. A. Jiwa, J. Seberry, and Y. Zheng, “Beacon Based Authentication,” Computer
Security”ESORICS 94, Springer“Verlag, 1994, pp. 125“141.
784. D.B. Johnson, G.M. Dolan, M.J. Kelly, A.V. Le, and S.M. Matyas, “Common
Cryptographic Architecture Cryptographic Application Programming Interface,” IBM Systems
Journal, v. 30, n. 2, 1991, pp. 130“150.
785. D.B. Johnson, S.M. Matyas, A.V. Le, and J.D. Wilkins, “Design of the Commercial
Data Masking Facility Data Privacy Algorithm,” 1st ACM Conference on Computer and
Communications Security, ACM Press, 1993, pp. 93“96.
786. J.P. Jordan, “A Variant of a Public“Key Cryptosystem Based on Goppa Codes,”
Sigact News, v. 15, n. 1, 1983, pp. 61“66.
787. A. Joux and L. Granboulan, “A Practical Attack Against Knapsack Based Hash
Functions,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to
appear.
788. A. Joux and J. Stern, “Cryptanalysis of Another Knapsack Cryptosystem,” Advances
in Cryptology”ASIACRYPT ™91 Proceedings, Springer“Verlag, 1993, pp. 470“476.
789. R.R. Jueneman, “Analysis of Certain Aspects of Output“Feedback Mode,” Advances
in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 99“127.



Page 590 of 666
Applied Cryptography: Second Edition - Bruce Schneier



790. R.R. Jueneman, “Electronic Document Authentication,” IEEE Network Magazine, v.
1, n. 2, Apr 1978, pp. 17“23.
791. R.R. Jueneman, “A High Speed Manipulation Detection Code,” Advances in
Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 327“346.
792. R.R. Jueneman, S.M. Matyas, and C.H. Meyer, “Message Authentication with
Manipulation Detection Codes,” Proceedings of the 1983 IEEE Computer Society Symposium on
Research in Security and Privacy, 1983, pp. 733“54.
793. R.R. Jueneman, S.M. Matyas, and C.H. Meyer, “Message Authentication,” IEEE
Communications Magazine, v. 23, n. 9, Sep 1985, pp. 29“40.
794. D. Kahn, The Codebreakers: The Story of Secret Writing, New York: Macmillan
Publishing Co., 1967.
795. D. Kahn, Kahn on Codes, New York: Macmillan Publishing Co., 1983.
796. D. Kahn, Seizing the Enigma, Boston: Houghton Mifflin Co., 1991.
797. P. Kaijser, T. Parker, and D. Pinkas, “SESAME: The Solution to Security for Open
Distributed Systems,” Journal of Computer Communications, v. 17, n. 4, Jul 1994, pp. 501“518.
798. R. Kailar and V.D. Gilgor, “On Belief Evolution in Authentication Protocols,”
Proceedings of the Computer Security Foundations Workshop IV, IEEE Computer Society Press,
1991, pp. 102“116.
799. B.S. Kaliski, “A Pseudo Random Bit Generator Based on Elliptic Logarithms,”
Master™s thesis, Massachusetts Institute of Technology, 1987.
800. B.S. Kaliski, letter to NIST regarding DSS, 4 Nov 1991.
801. B.S. Kaliski, “The MD2 Message Digest Algorithm,” RFC 1319, Apr 1992.
802. B.S. Kaliski, “Privacy Enhancement for Internet Electronic Mail: Part IV: Key
Certificates and Related Services,” RFC 1424, Feb 1993.
803. B.S. Kaliski, “An Overview of the PKCS Standards,” RSA Laboratories, Nov 1993.
804. B.S. Kaliski, “A Survey of Encryption Standards, IEEE Micro, v. 13, n. 6, Dec 1993,
pp. 74“81.
805. B.S. Kaliski, personal communication, 1993.
806. B.S. Kaliski, “On the Security and Performance of Several Triple“DES Modes,”
RSA Laboratories, draft manuscript, Jan 1994.
807. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, “Is the Data Encryption Standard a
Group?”, Advances in Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 81“95.
808. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, “Is the Data Encryption Standard a
Pure Cipher? (Results of More Cycling Experiments in DES),” Advances in Cryptology”
CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 212“226.
809. B.S. Kaliski, R.L. Rivest, and A.T. Sherman, “Is the Data Encryption Standard a
Group? (Results of Cycling Experiments on DES),” Journal of Cryptology, v. 1, n. 1, 1988, pp. 3“
36.
810. B.S. Kaliski and M.J.B. Robshaw, “Fast Block Cipher Proposal,” Fast Software
Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 33“40.
811. B.S. Kaliski and M.J.B. Robshaw, “Linear Cryptanalysis Using Multiple
Approximations,” Advances in Cryptology”CRYPTO ™94 Proceedings, Springer“Verlag, 1994,
pp. 26“39.
812. B.S. Kaliski and M.J.B. Robshaw, “Linear Cryptanalysis Using Multiple
Approximations and FEAL,” K.U. Leuven Workshop on Cryptographic Algorithms, Springer“
Verlag, 1995, to appear.
813. R.G. Kammer, statement before the U.S. government Subcommittee on
Telecommunications and Finance, Committee on Energy and Commerce, 29 Apr 1993.
814. T. Kaneko, K. Koyama, and R. Terada, “Dynamic Swapping Schemes and
Differential Cryptanalysis, Proceedings of the 1993 Korea“Japan Workshop on Information
Security and Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 292“301.
815. T. Kaneko, K. Koyama, and R. Terada, “Dynamic Swapping Schemes and
Differential Cryptanalysis,” Transactions of the Institute of Electronics, Information, and



Page 591 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Communication Engineers, v. E77“A, n. 8, Aug 1994, pp. 1328“1336.
816. T. Kaneko and H. Miyano, “A Study on the Strength Evaluation of Randomized
DES“Like Cryptosystems against Chosen Plaintext Attacks,” Proceedings of the 1993
Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28“30 Jan
1993, pp. 15C.1“10.
817. J. Kari, “A Cryptosystem Based on Propositional Logic,” Machines, Languages, and
Complexity: 5th International Meeting of Young Computer Scientists, Selected Contributions,
Springer“Verlag, 1989, pp. 210“219.
818. E.D. Karnin, J.W. Greene, and M.E. Hellman, “On Sharing Secret Systems,” IEEE
Transactions on Information Theory, v. IT“29, 1983, pp. 35“41.
819. F.W. Kasiski, Die Geheimschriften und die Dechiffrir“kunst, E.S. Miller und Sohn,
1863. (In German.)
820. A. Kehne, J. Schonwalder, and H. Langendorfer, “A Nonce“Based Protocol for
Multiple Authentications,” Operating Systems Review, v. 26, n. 4, Oct 1992, pp. 84“89.
821. J. Kelsey, personal communication, 1994.
822. R. Kemmerer, “Analyzing Encryption Protocols Using Formal Verification
Techniques,” IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 448“
457.
823. R. Kemmerer, C.A. Meadows, and J. Millen, “Three Systems for Cryptographic
Protocol Analysis,” Journal of Cryptology, v. 7, n. 2, 1994, pp. 79“130.
824. S.T. Kent, “Encryption“Based Protection Protocols for Interactive User“Computer
Communications,” MIT/LCS/TR“162, MIT Laboratory for Computer Science, May 1976.
825. S.T. Kent, “Privacy Enhancement for Internet Electronic Mail: Part II: Certificate“
Based Key Management,” RFC 1422, Feb 1993.
826. S.T. Kent, “Understanding the Internet Certification System,” Proceedings of INET
™93, The Internet Society, 1993, pp. BAB1“BAB10.
827. S.T. Kent and J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part II:
Certificate“Based Key Management,” RFC 1114, Aug 1989.
828. V. Kessler and G. Wedel, “AUTOLOG”An Advanced Logic of Authentication,”
Proceedings of the Computer Security Foundations Workshop VII, IEEE Computer Society Press,
1994, pp. 90“99.
829. E.L. Key, “An Analysis of the Structure and Complexity of Nonlinear Binary
Sequence Generators,” IEEE Transactions on Information Theory, v. IT“22, n. 6, Nov 1976, pp.
732“736.
830. T. Kiesler and L. Harn, “RSA Blocking and Multisignature Schemes with No Bit
Expansion,” Electronics Letters, v. 26, n. 18, 30 Aug 1990, pp. 1490“1491.
831. J. Kilian, Uses of Randomness in Algorithms and Protocols, MIT Press, 1990.
832. J. Kilian, “Achieving Zero“Knowledge Robustly,” Advances in Cryptology”CRYPTO
™90 Proceedings, Springer“Verlag, 1991, pp. 313“325.
833. J. Kilian and T. Leighton, “Failsafe Key Escrow,” MIT/LCS/TR“636, MIT
Laboratory for Computer Science, Aug 1994.
834. K. Kim, “Construction of DES“Like S“Boxes Based on Boolean Functions Satisfying
the SAC,” Advances in Cryptology”ASIACRYPT ™91 Proceedings, Springer“Verlag, 1993, pp.
59“72.
835. K. Kim, S. Lee, and S. Park, “Necessary Conditions to Strengthen DES S“Boxes
Against Linear Cryptanalysis,” Proceedings of the 1994 Symposium on Cryptography and
Information Security (SCIS 94), Lake Biwa, Japan, 27“29 Jan 1994, pp. 15D.1“9.
836. K. Kim, S. Lee, and S. Park, “How to Strengthen DES against Differential Attack,”
unpublished manuscript, 1994.
837. K. Kim, S. Lee, S. Park, and D. Lee, “DES Can Be Immune to Differential
Cryptanalysis,” Workshop on Selected Areas in Cryptography”Workshop Record, Kingston,
Ontario, 5“6 May 1994, pp. 70“81.
838. K. Kim, S. Park, and S. Lee, “How to Strengthen DES against Two Robust Attacks,”



Page 592 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Proceedings of the 1995 Japan“Korea Workshop on Information Security and Cryptography,
Inuyama, Japan, 24“27 Jan 1995, 173“182.
839. K. Kim, S. Park, and S. Lee, “Reconstruction of s2DES S“Boxes and their Immunity
to Differential Cryptanalysis,” Proceedings of the 1993 Korea“Japan Workshop on Information
Security and Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 282“291.
840. S. Kim and B.S. Um, “A Multipurpose Membership Proof System Based on Discrete
Logarithm,” Proceedings of the 1993 Korea“Japan Workshop on Information Security and
Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 177“183.
841. P. Kinnucan, “Data Encryption Gurus: Tuchman and Meyer,” Cryptologia, v. 2, n. 4,
Oct 1978.
842. A. Klapper, “The Vulnerability of Geometric Sequences Based on Fields of Odd
Characteristic,” Journal of Cryptology, v. 7, n. 1, 1994, pp. 33“52.
843. A. Klapper, “Feedback with Carry Shift Registers over Finite Fields,” K.U. Leuven
Workshop on Cryptographic Algorithms, Springer“Verlag, 1995, to appear.
844. A. Klapper and M. Goresky, “2“adic Shift Registers,” Fast Software Encryption,
Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 174“178.
845. A. Klapper and M. Goresky, “2“adic Shift Registers,” Technical Report #239“93,
Department of Computer Science, University of Kentucky, 19 Apr 1994.
846. A. Klapper and M. Goresky, “Large Period Nearly de Bruijn FCSR Sequences,”
Advances in Cryptology”EUROCRYPT ™95 Proceedings, Springer“Verlag, 1995, pp. 263“273.
847. D.V. Klein, “˜Foiling the Cracker™: A Survey of, and Implications to, Password
Security,” Proceedings of the USENIX UNIX Security Workshop, Aug 1990, pp. 5“14.
848. D.V. Klein, personal communication, 1994.
849. C.S. Kline and G.J. Popek, “Public Key vs. Conventional Key Cryptosystems,”
Proceedings of AFIPS National Computer Conference, pp. 831“837.
850. H.“J. Knobloch, “A Smart Card Implementation of the Fiat“Shamir Identification
Scheme,” Advances in Cryptology”EUROCRPYT ™88 Proceedings, Springer“Verlag, 1988, pp.
87“95.
851. T. Knoph, J. Fröbl, W. Beller, and T. Giesler, “A Hardware Implementation of a
Modified DES Algorithm,” Microprocessing and Microprogramming, v. 30, 1990, pp. 59“66.
852. L.R. Knudsen, “Cryptanalysis of LOKI,” Advances in Cryptology”ASIACRYPT ™91
Proceedings, Springer“Verlag, 1993, pp. 22“35.
853. L.R. Knudsen, “Cryptanalysis of LOKI,” Cryptography and Coding III, M.J. Ganley,
ed., Oxford: Clarendon Press, 1993, pp. 223“236.
854. L.R. Knudsen, “Cryptanalysis of LOKI91,” Advances in Cryptology”AUSCRYPT
™92 Proceedings, Springer“Verlag, 1993, pp. 196“208.
855. L.R. Knudsen, “Iterative Characteristics of DES and s2DES,” Advances in
Cryptology”CRYPTO ™92, Springer“Verlag, 1993, pp. 497“511.
856. L.R. Knudsen, “An Analysis of Kim, Park, and Lee™s DES“Like S“Boxes,”
unpublished manuscript, 1993.
857. L.R. Knudsen, “Practically Secure Feistel Ciphers,” Fast Software Encryption,
Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 211“221.
858. L.R. Knudsen, “Block Ciphers”Analysis, Design, Applications,” Ph.D. dissertation,
Aarhus University, Nov 1994.
859. L.R. Knudsen, personal communication, 1994.
860. L.R. Knudsen, “Applications of Higher Order Differentials and Partial
Differentials,” K.U. Leuven Workshop on Cryptographic Algorithms, Springer“Verlag, 1995, to
appear.
861. L.R. Knudsen and X. Lai, “New Attacks on All Double Block Length Hash Functions
of Hash Rate 1, Including the Parallel“DM,” Advances in Cryptology”EUROCRYPT ™94
Proceedings, Springer“Verlag, 1995, to appear.
862. L.R. Knudsen, “A Weakness in SAFER K“64,” Advances in Cryptology“CRYPTO ˜95
Proceedings, Springer“Verlag, 1995, to appear.



Page 593 of 666
Applied Cryptography: Second Edition - Bruce Schneier



863. D. Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algorithms ,
2nd edition, Addison“Wesley, 1981.
864. D. Knuth, “Deciphering a Linear Congruential Encryption,” IEEE Transactions on
Information Theory, v. IT“31, n. 1, Jan 1985, pp. 49“52.
865. K. Kobayashi and L. Aoki, “On Linear Cryptanalysis of MBAL,” Proceedings of the
1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24“27
Jan 1995, pp. A4.2.1“9.
866. K. Kobayashi, K. Tamura, and Y. Nemoto, “Two“dimensional Modified Rabin
Cryptosystem,” Transactions of the Institute of Electronics, Information, and Communication
Engineers, v. J72“D, n. 5, May 1989, pp. 850“851. (In Japanese.)
867. N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, v. 48, n.
177, 1987, pp. 203“209.
868. N. Koblitz, “A Family of Jacobians Suitable for Discrete Log Cryptosystems,”
Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 94“99.
869. N. Koblitz, “Constructing Elliptic Curve Cryptosystems in Characteristic 2,”
Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 156“167.
870. N. Koblitz, “Hyperelliptic Cryptosystems,” Journal of Cryptology, v. 1, n. 3, 1989, pp.
129“150.
871. N. Koblitz, “CM“Curves with Good Cryptographic Properties,” Advances in
Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 279“287.
872. Ç.K. Ko§, “High“Speed RSA Implementation,” Version 2.0, RSA Laboratories, Nov
1994.
873. M.J. Kochanski, “Remarks on Lu and Lee™s Proposals,” Cryptologia, v. 4, n. 4, 1980,
pp. 204“207.
874. M.J. Kochanski, “Developing an RSA Chip,” Advances in Cryptology”CRYPTO ™85
Proceedings, Springer“Verlag, 1986, pp. 350“357.
875. J.T. Kohl, “The Use of Encryption in Kerberos for Network Authentication,”
Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 35“43.
876. J.T. Kohl, “The Evolution of the Kerberos Authentication Service,” EurOpen
Conference Proceedings, May 1991, pp. 295“313.
877. J.T. Kohl and B.C. Neuman, “The Kerberos Network Authentication Service,” RFC
1510, Sep 1993.
878. J.T. Kohl, B.C. Neuman, and T. Ts™o, “The Evolution of the Kerberos
Authentication System,” Distributed Open Systems, IEEE Computer Society Press, 1994, pp. 78“
94.
879. Kohnfelder, “Toward a Practical Public Key Cryptosystem,” Bachelor™s thesis, MIT
Department of Electrical Engineering, May 1978.
880. A.G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.
881. A.G. Konheim, M.H. Mack, R.K. McNeill, B. Tuckerman, and G. Waldbaum, “The
IPS Cryptographic Programs,” IBM Systems Journal, v. 19, n. 2, 1980, pp. 253“283.
882. V.I. Korzhik and A.I. Turkin, “Cryptanalysis of McEliece™s Public“Key
Cryptosystem,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991,
pp. 68“70.
883. S.C. Kothari, “Generalized Linear Threshold Scheme,” Advances in Cryptology:
Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 231“241.
884. J. Kowalchuk, B.P. Schanning, and S. Powers, “Communication Privacy: Integration
of Public and Secret Key Cryptography,” Proceedings of the National Telecommunication
Conference, IEEE Press, 1980, pp. 49.1.1“49.1.5.
885. K. Koyama, “A Master Key for the RSA Public“Key Cryptosystem,” Transactions of
the Institute of Electronics, Information, and Communication Engineers, v. J65“D, n. 2, Feb 1982,
pp. 163“170.
886. K. Koyama, “A Cryptosystem Using the Master Key for Multi“Address
Communications,” Transactions of the Institute of Electronics, Information, and Communication



Page 594 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Engineers, v. J65“D, n. 9, Sep 1982, pp. 1151“1158.
887. K. Koyama, “Demonstrating Membership of a Group Using the Shizuya“Koyama“
Itoh (SKI) Protocol,” Proceedings of the 1989 Symposium on Cryptography and Information
Security (SCIS 89), Gotenba, Japan, 1989.
888. K. Koyama, “Direct Demonstration of the Power to Break Public“Key
Cryptosystems,” Advances in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990,
pp. 14“21.
889. K. Koyama, “Security and Unique Decipherability of Two“dimensional Public Key
Cryptosystems,” Transactions of the Institute of Electronics, Information, and Communication
Engineers, v. E73, n. 7, Jul 1990, pp. 1057“1067.
890. K. Koyama, U.M. Maurer, T. Okamoto, and S.A. Vanstone, “New Public“Key
Schemes Based on Elliptic Curves over the Ring Zn,” Advances in Cryptology”CRYPTO ™91
Proceedings, Springer“Verlag, 1992, pp. 252“266.
891. K. Koyama and K. Ohta, “Identity“based Conference Key Distribution System,”
Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 175“184.
892. K. Koyama and T. Okamoto, “Elliptic Curve Cryptosystems and Their
Applications,” IEICE Transactions on Information and Systems, v. E75“D, n. 1, Jan 1992, pp.
50“57.
893. K. Koyama and R. Terada, “How to Strengthen DES“Like Cryptosystems against
Differential Cryptanalysis,” Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. E76“A, n. 1, Jan 1993, pp. 63“69.
894. K. Koyama and R. Terada, “Probabilistic Swapping Schemes to Strengthen DES
against Differential Cryptanalysis,” Proceedings of the 1993 Symposium on Cryptography and
Information Security (SCIS 93), Shuzenji, Japan, 28“30 Jan 1993, pp. 15D.1“12.
895. K. Koyama and Y. Tsuruoka, “Speeding up Elliptic Cryptosystems Using a Singled
Binary Window Method,” Advances in Cryptology”CRYPTO ™92 Proceedings, Springer“Verlag,
1993, pp. 345“357.
896. E. Kranakis, Primality and Cryptography, Wiler“Teubner Series in Computer
Science, 1986.
897. D. Kravitz, “Digital Signature Algorithm,” U.S. Patent #5,231,668, 27 Jul 1993.
898. D. Kravitz and I. Reed, “Extension of RSA Cryptostructure: A Galois Approach,”
Electronics Letters, v. 18, n. 6, 18 Mar 1982, pp. 255“256.
899. H. Krawczyk, “How to Predict Congruential Generators,” Advances in Cryptology”
CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 138“153.
900. H. Krawczyk, “How to Predict Congruential Generators,” Journal of Algorithms, v.
13, n. 4, Dec 1992, pp. 527“545.
901. H. Krawczyk, “The Shrinking Generator: Some Practical Considerations,” Fast
Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 45“
46.
902. G.J. Kühn, “Algorithms for Self“Synchronizing Ciphers,” Proceedings of COMSIG
88, 1988.
903. G.J. Kühn, F. Bruwer, and W. Smit, “™n Vinnige Veeldoelige Enkripsievlokkie,”
Proceedings of Infosec 90, 1990. (In Afrikaans.)
904. S. Kullback, Statistical Methods in Cryptanalysis, U.S. Government Printing Office,
1935. Reprinted by Aegean Park Press, 1976.
905. P.V. Kumar, R.A. Scholtz, and L.R. Welch, “Generalized Bent Functions and their
Properties,” Journal of Combinational Theory, Series A, v. 40, n. 1, Sep 1985, pp. 90“107.
906. M. Kurosaki, T. Matsumoto, and H. Imai, “Simple Methods for Multipurpose
Certification,” Proceedings of the 1989 Symposium on Cryptography and Information Security
(SCIS 89), Gotenba, Japan, 1989.
907. M. Kurosaki, T. Matsumoto, and H. Imai, “Proving that You Belong to at Least One
of the Specified Groups,” Proceedings of the 1990 Symposium on Cryptography and Information
Security (SCIS 90), Hihondaira, Japan, 1990.



Page 595 of 666
Applied Cryptography: Second Edition - Bruce Schneier



908. K. Kurosawa, “Key Changeable ID“Based Cryptosystem,” Electronics Letters, v. 25,
n. 9, 27 Apr 1989, pp. 577“578.
909. K. Kurosawa, T. Ito, and M. Takeuchi, “Public Key Cryptosystem Using a
Reciprocal Number with the Same Intractability as Factoring a Large Number,” Cryptologia, v.
12, n. 4, Oct 1988, pp. 225“233.
910. K. Kurosawa, C. Park, and K. Sakano, “Group Signer/Verifier Separation Scheme,”
Proceedings of the 1995 Japan“Korea Workshop on Information Security and Cryptography,
Inuyama, Japan, 24“27 Jan 1995, 134“143.
911. G.C. Kurtz, D. Shanks, and H.C. Williams, “Fast Primality Tests for Numbers Less
than 50*109,” Mathematics of Computation, v. 46, n. 174, Apr 1986, pp. 691“701.
912. K. Kusuda and T. Matsumoto, “Optimization of the Time“Memory Trade“Off
Cryptanalysis and Its Application to Block Ciphers,” Proceedings of the 1995 Symposium on
Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24“27 Jan 1995, pp. A3.2.1“
11. (In Japanese.)
913. H. Kuwakado and K. Koyama, “Security of RSA“Type Cryptosystems Over Elliptic
Curves against Hastad Attack,” Electronics Letters, v. 30, n. 22, 27 Oct 1994, pp. 1843“1844.
914. H. Kuwakado and K. Koyama, “A New RSA“Type Cryptosystem over Singular
Elliptic Curves,” IMA Conference on Applications of Finite Fields, Oxford University Press, to
appear.
915. H. Kuwakado and K. Koyama, “A New RSA“Type Scheme Based on Singular Cubic
Curves,” Proceedings of the 1995 Japan“Korea Workshop on Information Security and
Cryptography, Inuyama, Japan, 24“27 Jan 1995, pp. 144“151.
916. M. Kwan, “An Eight Bit Weakness in the LOKI Cryptosystem,” technical report,
Australian Defense Force Academy, Apr 1991.
917. M. Kwan and J. Pieprzyk, “A General Purpose Technique for Locating Key
Scheduling Weakness in DES“Like Cryptosystems,” Advances in Cryptology”ASIACRYPT ™91
Proceedings, Springer“Verlag, 1991, pp. 237“246.
918. J.B. Lacy, D.P. Mitchell, and W.M. Schell, “CryptoLib: Cryptography in Software,”
UNIX Security Symposium IV Proceedings, USENIX Association, 1993, pp. 1“17.
919. J.C. Lagarias, “Knapsack Public Key Cryptosystems and Diophantine
Approximations,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 3“
23.
920. J.C. Lagarias, “Performance Analysis of Shamir™s Attack on the Basic Merkle“
Hellman Knapsack Cryptosystem,” Lecture Notes in Computer Science 172; Proceedings of the
11th International Colloquium on Automata, Languages, and Programming (ICALP), Springer“
Verlag, 1984, pp. 312“323.
921. J.C. Lagarias and A.M. Odlyzko, “Solving Low“Density Subset Sum Problems,”
Proceedings of the 24th IEEE Symposium on Foundations of Computer Science, 1983, pp. 1“10.
922. J.C. Lagarias and A.M. Odlyzko, “Solving Low“Density Subset Sum Problems,”
Journal of the ACM, v. 32, n. 1, Jan 1985, pp. 229“246.
923. J.C. Lagarias and J. Reeds, “Unique Extrapolation of Polynomial Recurrences,”
SIAM Journal on Computing, v. 17, n. 2, Apr 1988, pp. 342“362.
924. X. Lai, Detailed Description and a Software Implementation of the IPES Cipher,
unpublished manuscript, 8 Nov 1991.
925. X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information
Processing, v. 1, Konstanz: Hartung“Gorre Verlag, 1992.
926. X. Lai, personal communication, 1993.
927. X. Lai, “Higher Order Derivatives and Differential Cryptanalysis,” Communications
and Cryptography: Two Sides of One Tapestry, R.E. Blahut et al., eds., Kluwer Adademic
Publishers, 1994, pp. 227“233.
928. X. Lai and L. Knudsen, “Attacks on Double Block Length Hash Functions,” Fast
Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp.
157“165.



Page 596 of 666
Applied Cryptography: Second Edition - Bruce Schneier



929. X. Lai and J. Massey, “A Proposal for a New Block Encryption Standard,” Advances
in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp. 389“404.
930. X. Lai and J. Massey, “Hash Functions Based on Block Ciphers,” Advances in
Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1992, pp. 55“70.
931. X. Lai, J. Massey, and S. Murphy, “Markov Ciphers and Differential
Cryptanalysis,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991,
pp. 17“38.
932. X. Lai, R.A. Rueppel, and J. Woollven, “A Fast Cryptographic Checksum Algorithm
Based on Stream Ciphers,” Advances in Cryptology”AUSCRYPT ™92 Proceedings, Springer“
Verlag, 1993, pp. 339“348.
933. C.S. Laih, J.Y. Lee, C.H. Chen, and L. Harn, “A New Scheme for ID“based
Cryptosystems and Signatures,” Journal of the Chinese Institute of Engineers, v. 15, n. 2, Sep
1992, pp. 605“610.
934. B.A. LaMacchia and A.M. Odlyzko, “Computation of Discrete Logarithms in Prime
Fields,” Designs, Codes, and Cryptography, v. 1, 1991, pp. 46“62.
935. L. Lamport, “Password Identification with Insecure Communications,”
Communications of the ACM, v. 24, n. 11, Nov 1981, pp. 770“772.
936. S. Landau, “Zero“Knowledge and the Department of Defense,” Notices of the
American Mathematical Society, v. 35, n. 1, Jan 1988, pp. 5“12.
937. S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D.
Mikker, P. Neumann, and D. Sobel, “Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy,”
Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Association for
Computing Machinery, Jun 1994.
938. S.K. Langford and M.E. Hellman, “Cryptanalysis of DES,” presented at 1994 RSA
Data Security conference, Redwood Shores, CA, 12“14 Jan 1994.
939. D. Lapidot and A. Shamir, “Publicly Verifiable Non“Interactive Zero“Knowledge
Proofs,” Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 353“
365.
940. A.V. Le, S.M. Matyas, D.B. Johnson, and J.D. Wilkins, “A Public“Key Extension to
the Common Cryptographic Architecture,” IBM Systems Journal, v. 32, n. 3, 1993, pp. 461“485.
941. P. L™Ecuyer, “Efficient and Portable Combined Random Number Generators,”
Communications of the ACM, v. 31, n. 6, Jun 1988, pp. 742“749, 774.
942. P. L™Ecuyer, “Random Numbers for Simulation,” Communications of the ACM, v.
33, n. 10, Oct 1990, pp. 85“97.
943. P.J. Lee and E.F. Brickell, “An Observation on the Security of McEliece™s Public“
Key Cryptosystem,” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“Verlag,
1988, pp. 275“280.
944. S. Lee, S. Sung, and K. Kim, “An Efficient Method to Find the Linear Expressions
for Linear Cryptanalysis,” Proceedings of the 1995 Korea“Japan Workshop on Information
Security and Cryptography, Inuyama, Japan, 24“26 Jan 1995, pp. 183“ 190.
945. D.J. Lehmann, “On Primality Tests,” SIAM Journal on Computing, v. 11, n. 2, May
1982, pp. 374“375.
946. T. Leighton, “Failsafe Key Escrow Systems,” Technical Memo 483, MIT Laboratory
for Computer Science, Aug 1994.
947. A. Lempel and M. Cohn, “Maximal Families of Bent Sequences,” IEEE Transactions
on Information Theory, v. IT“28, n. 6, Nov 1982, pp. 865“868.
948. A.K. Lenstra, “Factoring Multivariate Polynomials Over Finite Fields,” Journal of
Computer System Science, v. 30, n. 2, Apr 1985, pp. 235“248.
949. A.K. Lenstra, personal communication, 1995.
950. A.K. Lenstra and S. Haber, letter to NIST Regarding DSS, 26 Nov 1991.
951. A.K. Lenstra, H.W. Lenstra Jr., and L. Lovácz, “Factoring Polynomials with
Rational Coefficients,” Mathematische Annalen, v. 261, n. 4, 1982, pp. 515“534.
952. A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard, “The Number



Page 597 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Field Sieve,” Proceedings of the 22nd ACM Symposium on the Theory of Computing, 1990, pp.
574“572.
953. A.K. Lenstra and H.W. Lenstra, Jr., eds., Lecture Notes in Mathematics 1554: The
Development of the Number Field Sieve, Springer“Verlag, 1993.
954. A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard, “The
Factorization of the Ninth Fermat Number,” Mathematics of Computation, v. 61, n. 203, 1993,
pp. 319“349.
955. A.K. Lenstra and M.S. Manasse, “Factoring by Electronic Mail,” Advances in
Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp. 355“371.
956. A.K. Lenstra and M.S. Manasse, “Factoring with Two Large Primes,” Advances in
Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp. 72“82.
957. H.W. Lenstra Jr. “Elliptic Curves and Number“Theoretic Algorithms,” Report 86“
19, Mathematisch Instituut, Universiteit van Amsterdam, 1986.
958. H.W. Lenstra Jr. “On the Chor“Rivest Knapsack Cryptosystem,” Journal of
Cryptology, v. 3, n. 3, 1991, pp. 149“155.
959. W.J. LeVeque, Fundamentals of Number Theory, Addison“Wesley, 1977.
960. L.A. Levin, “One“Way Functions and Pseudo“Random Generators,” Proceedings of
the 17th ACM Symposium on Theory of Computing, 1985, pp. 363“365.
961. Lexar Corporation, “An Evaluation of the DES,” Sep 1976.
962. D.“X. Li, “Cryptanalysis of Public“Key Distribution Systems Based on Dickson
Polynomials,” Electronics Letters, v. 27, n. 3, 1991, pp. 228“229.
963. F.“X. Li, “How to Break Okamoto™s Cryptosystems by Continued Fraction
Algorithm,” ASIACRYPT ™91 Abstracts, 1991, pp. 285“289.
964. Y.X. Li and X.M. Wang, “A Joint Authentication and Encryption Scheme Based on
Algebraic Coding Theory,” Applied Algebra, Algebraic Algorithms and Error Correcting Codes 9,
Springer“Verlag, 1991, pp. 241“245.
965. R. Lidl, G.L. Mullen, and G. Turwald, Pitman Monographs and Surveys in Pure and
Applied Mathematics 65: Dickson Polynomials, London: Longman Scientific and Technical,
1993.
966. R. Lidl and W.B. Müller, “Permutation Polynomials in RSA“Cryptosystems,”
Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 293“301.
967. R. Lidl and W.B. Müller, “Generalizations of the Fibonacci Pseudoprimes Test,”
Discrete Mathematics, v. 92, 1991, pp. 211“220.
968. R. Lidl and W.B. Müller, “Primality Testing with Lucas Functions,” Advances in
Cryptology”AUSCRYPT ™92 Proceedings, Springer“Verlag, 1993, pp. 539“542.
969. R. Lidl, W.B. Müller, and A. Oswald, “Some Remarks on Strong Fibonacci
Pseudoprimes,” Applicable Algebra in Engineering, Communication and Computing, v. 1, n. 1,
1990, pp. 59“65.
970. R. Lidl and H. Niederreiter, “Finite Fields,” Encyclopedia of Mathematics and its
Applications, v. 20, Addison“Wesley, 1983.
971. R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Applications,
London: Cambridge University Press, 1986.
972. K. Lieberherr, “Uniform Complexity and Digital Signatures,” Theoretical Computer
Science, v. 16, n. 1, Oct 1981, pp. 99“110.
973. C.H. Lim and P.J. Lee, “A Practical Electronic Cash System for Smart Cards,”
Proceedings of the 1993 Korea“Japan Workshop on Information Security and Cryptography,
Seoul, Korea, 24“26 Oct 1993, pp. 34“47.
974. C.H. Lim and P.J. Lee, “Security of Interactive DSA Batch Verification,” Electronics
Letters, v. 30, n. 19, 15 Sep 1994, pp. 1592“1593.
975. H.“Y. Lin and L. Harn, “A Generalized Secret Sharing Scheme with Cheater
Detection,” Advances in Cryptology”ASIACRYPT ™91 Proceedings, Springer“Verlag, 1993, pp.
149“158.
976. M.“C. Lin, T.“C. Chang, and H.“L. Fu, “Information Rate of McEliece™s Public“key



Page 598 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Cryptosystem,” Electronics Letters, v. 26, n. 1, 4 Jan 1990, pp. 16“18.
977. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I”Message
Encipherment and Authentication Procedures,” RFC 989, Feb 1987.
978. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I”Message
Encipherment and Authentication Procedures,” RFC 1040, Jan 1988.
979. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I”Message
Encipherment and Authentication Procedures,” RFC 1113, Aug 1989.
980. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part III”Algorithms,
Modes, and Identifiers,” RFC 1115, Aug 1989.
981. J. Linn, “Privacy Enhancement for Internet Electronic Mail: Part I”Message
Encipherment and Authentication Procedures,” RFC 1421, Feb 1993.
982. S. Lloyd, “Counting Binary Functions with Certain Cryptographic Properties,”
Journal of Cryptology, v. 5, n. 2, 1992, pp. 107“131.
983. T.M.A. Lomas, “Collision“Freedom, Considered Harmful, or How to Boot a
Computer,” Proceedings of the 1995 Korea“Japan Workshop on Information Security and
Cryptography, Inuyama, Japan, 24“26 Jan 1995, pp. 35“42.
984. T.M.A. Lomas and M. Roe, “Forging a Clipper Message,” Communications of the
ACM, v. 37, n. 12, 1994, p. 12.
985. D.L. Long, “The Security of Bits in the Discrete Logarithm,” Ph.D. dissertation,
Princeton University, Jan 1984.
986. D.L. Long and A. Wigderson, “How Discrete Is the Discrete Log,” Proceedings of the
15th Annual ACM Syposium on the Theory of Computing, Apr 1983.
987. D. Longley and S. Rigby, “An Automatic Search for Security Flaws in Key
Management Schemes,” Computers and Security, v. 11, n. 1, Jan 1992. pp. 75“89.
988. S.H. Low, N.F. Maxemchuk, and S. Paul, “Anonymous Credit Cards,” Proceedings
of the 2nd Annual ACM Conference on Computer and Communications Security, ACM Press,
1994, pp. 108“117.
989. J.H. Loxton, D.S.P. Khoo, G.J. Bird, and J. Seberry, “A Cubic RSA Code Equivalent
to Factorization,” Journal of Cryptology, v. 5, n. 2, 1992, pp. 139“150.
990. S.C. Lu and L.N. Lee, “A Simple and Effective Public“Key Cryptosystem,”
COMSAT Technical Review, 1979, pp. 15“24.
991. M. Luby, S. Micali, and C. Rackoff, “How to Simultaneously Exchange a Secret Bit
by Flipping a Symmetrically“Biased Coin,” Proceedings of the 24nd Annual Symposium on the
Foundations of Computer Science, 1983, pp. 11“22.
992. M. Luby and C. Rackoff, “How to Construct Pseudo“Random Permutations from
Pseudorandom Functions,” SIAM Journal on Computing, Apr 1988, pp. 373“386.
993. F. Luccio and S. Mazzone, “A Cryptosystem for Multiple Communications,”
Information Processing Letters, v. 10, 1980, pp. 180“183.
994. V. Luchangco and K. Koyama, “An Attack on an ID“Based Key Sharing System,
Proceedings of the 1993 Korea“Japan Workshop on Information Security and Cryptography,
Seoul, Korea, 24“26 Oct 1993, pp. 262“271.
995. D.J.C. MacKay, “A Free Energy Minimization Framework for Inferring the State of
a Shift Register Given the Noisy Output Sequence,” K.U. Leuven Workshop on Cryptographic
Algorithms, Springer“Verlag, 1995, to appear.
996. M.D. MacLaren and G. Marsaglia, “Uniform Random Number Generators,”
Journal of the ACM v. 12, n. 1, Jan 1965, pp. 83“89.
997. D. MacMillan, “Single Chip Encrypts Data at 14Mb/s,” Electronics, v. 54, n. 12, 16
June 1981, pp. 161“165.
998. R. Madhavan and L.E. Peppard, “A Multiprocessor GaAs RSA Cryptosystem,”
Proceedings CCVLSI“89: Canadian Conference on Very Large Scale Integration, Vancouver, BC,
Canada, 22“24 Oct 1989, pp. 115“122.
999. W.E. Madryga, “A High Performance Encryption Algorithm,” Computer Security: A
Global Challenge, Elsevier Science Publishers, 1984, pp. 557“570.



Page 599 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1000. M. Mambo, A. Nishikawa, S. Tsujii, and E. Okamoto, “Efficient Secure Broadcast
Communication System,” Proceedings of the 1993 Korea“Japan Workshop on Information
Security and Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 23“33.
1001. M. Mambo, K. Usuda, and E. Okamoto, “Proxy Signatures,” Proceedings of the
1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24“27
Jan 1995, pp. B1.1.1“17.
1002. W. Mao and C. Boyd, “Towards Formal Analysis of Security Protocols,”
Proceedings of the Computer Security Foundations Workshop VI, IEEE Computer Society Press,
1993, pp. 147“158.
1003. G. Marsaglia and T.A. Bray, “On“Line Random Number Generators and their Use
in Combinations,” Communications of the ACM, v. 11, n. 11, Nov 1968, p. 757“759.
1004. K.M. Martin, “Untrustworthy Participants in Perfect Secret Sharing Schemes,”
Cryptography and Coding III, M.J. Ganley, ed., Oxford: Clarendon Press, 1993, pp. 255“264.
1005. J.L. Massey, “Shift“Register Synthesis and BCH Decoding,” IEEE Transactions on
Information Theory, v. IT“15, n. 1, Jan 1969, pp. 122“127.
1006. J.L. Massey, “Cryptography and System Theory,” Proceedings of the 24th Allerton
Conference on Communication, Control, and Computers, 1“3 Oct 1986, pp. 1“8.
1007. J.L. Massey, “An Introduction to Contemporary Cryptology,” Proceedings of the
IEEE, v. 76, n. 5., May 1988, pp. 533“549.
1008. J.L. Massey, “Contemporary Cryptology: An Introduction,” in Contemporary
Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 1“39.
1009. J.L. Massey, “SAFER K“64: A Byte“Oriented Block“Ciphering Algorithm,” Fast
Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 1“
17.
1010. J.L. Massey, “SAFER K“64: One Year Later,” K.U. Leuven Workshop on
Cryptographic Algorithms, Springer“Verlag, 1995, to appear.
1011. J.L. Massey and I. Ingemarsson, “The Rip Van Winkle Cipher”A Simple and
Provably Computationally Secure Cipher with a Finite Key,” IEEE International Symposium on
Information Theory, Brighton, UK, May 1985.
1012. J.L. Massey and X. Lai, “Device for Converting a Digital Block and the Use
Thereof,” International Patent PCT/ CH91/00117, 28 Nov 1991.
1013. J.L. Massey and X. Lai, “Device for the Conversion of a Digital Block and Use of
Same,” U.S. Patent #5,214,703, 25 May 1993.
1014. J.L. Massey and R.A. Rueppel, “Linear Ciphers and Random Sequence Generators
with Multiple Clocks,” Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer“
Verlag, 1985, pp. 74“87.
1015. M. Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 386“397.
1016. M. Matsui, “Linear Cryptanalysis of DES Cipher (I),” Proceedings of the 1993
Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28“30 Jan
1993, pp. 3C.1“14. (In Japanese.)
1017. M. Matsui, “Linear Cryptanalysis Method for DES Cipher (III),” Proceedings of
the 1994 Symposium on Cryptography and Information Security (SCIS 94), Lake Biwa, Japan,
27“29 Jan 1994, pp. 4A.1“11. (In Japanese.)
1018. M. Matsui, “On Correlation Between the Order of the S“Boxes and the Strength of
DES,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to
appear.
1019. M. Matsui, “The First Experimental Cryptanalysis of the Data Encryption
Standard,” Advances in Cryptology”CRYPTO ™94 Proceedings, Springer“Verlag, 1994, pp. 1“
11.
1020. M. Matsui and A. Yamagishi, “A New Method for Known Plaintext Attack of
FEAL Cipher,” Advances in Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1993,
pp. 81“91.



Page 600 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1021. T. Matsumoto and H. Imai, “A Class of Asymmetric Crypto“Systems Based on
Polynomials Over Finite Rings,” IEEE International Symposium on Information Theory, 1983,
pp. 131“132.
1022. T. Matsumoto and H. Imai, “On the Key Production System: A Practical Solution
to the Key Distribution Problem,” Advances in Cryptology”CRYPTO ™87 Proceedings,
Springer“Verlag, 1988, pp. 185“193.
1023. T. Matsumoto and H. Imai, “On the Security of Some Key Sharing Schemes (Part
2),” IEICE Japan, Technical Report, ISEC90“28, 1990.
1024. S.M. Matyas, “Digital Signatures”An Overview,” Computer Networks, v. 3, n. 2,
Apr 1979, pp. 87“94.
1025. S.M. Matyas, “Key Handling with Control Vectors,” IBM Systems Journal, v. 30, n.
2, 1991, pp. 151“174.
1026. S.M. Matyas, A.V. Le, and D.G. Abraham, “A Key Management Scheme Based on
Control Vectors,” IBM Systems Journal, v. 30, n. 2, 1991, pp. 175“191.
1027. S.M. Matyas and C.H. Meyer, “Generation, Distribution, and Installation of
Cryptographic Keys,” IBM Systems Journal, v. 17, n. 2, 1978, pp. 126“137.
1028. S.M. Matyas, C.H. Meyer, and J. Oseas, “Generating Strong One“Way Functions
with Cryptographic Algorithm,” IBM Technical Disclosure Bulletin, v. 27, n. 10A, Mar 1985, pp.
5658“5659.
1029. U.M. Maurer, “Provable Security in Cryptography,” Ph.D. dissertation, ETH No.
9260, Swiss Federal Institute of Technology, Zürich, 1990.
1030. U.M. Maurer, “A Provable“Secure Strongly“Randomized Cipher,” Advances in
Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp. 361“373.
1031. U.M. Maurer, “A Universal Statistical Test for Random Bit Generators,” Advances
in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 409“420.
1032. U.M. Maurer, “A Universal Statistical Test for Random Bit Generators,” Journal of
Cryptology, v. 5, n. 2, 1992, pp. 89“106.
1033. U.M. Maurer and J.L. Massey, “Cascade Ciphers: The Importance of Being First,”
Journal of Cryptology, v. 6, n. 1, 1993, pp. 55“61.
1034. U.M. Maurer and J.L. Massey, “Perfect Local Randomness in Pseudo“Random
Sequences,” Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp.
110“112.
1035. U.M. Maurer and Y. Yacobi, “Non“interactive Public Key Cryptography,”
Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 498“507.
1036. G. Mayhew, “A Low Cost, High Speed Encryption System and Method,”
Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy,
1994, pp. 147“154.
1037. G. Mayhew, R. Frazee, and M. Bianco, “The Kinetic Protection Device,”
Proceedings of the 15th National Computer Security Conference, NIST, 1994, pp. 147“154.
1038. K.S. McCurley, “A Key Distribution System Equivalent to Factoring,” Journal of
Cryptology, v. 1, n. 2, 1988, pp. 95“106.
1039. K.S. McCurley, “The Discrete Logarithm Problem,” Cryptography and
Computational Number Theory (Proceedings of the Symposium on Applied Mathematics),
American Mathematics Society, 1990, pp. 49“74.
1040. K.S. McCurley, open letter from the Sandia National Laboratories on the DSA of
the NIST, 7 Nov 1991.
1041. R.J. McEliece, “A Public“Key Cryptosystem Based on Algebraic Coding Theory,”
Deep Space Network Progress Report 42“44, Jet Propulsion Laboratory, California Institute of
Technology, 1978, pp. 114“116.
1042. R.J. McEliece, Finite Fields for Computer Scientists and Engineers, Boston: Kluwer
Academic Publishers, 1987.
1043. P. McMahon, “SESAME V2 Public Key and Authorization Extensions to
Kerberos,” Proceedings of the Internet Society 1995 Symposium on Network and Distributed



Page 601 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Systems Security, IEEE Computer Society Press, 1995, pp. 114“131.
1044. C.A. Meadows, “A System for the Specification and Analysis of Key Management
Protocols,” Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security
and Privacy, 1991, pp. 182“195.
1045. C.A. Meadows, “Applying Formal Methods to the Analysis of a Key Management
Protocol,” Journal of Computer Security, v. 1, n. 1, 1992, pp. 5“35.
1046. C.A. Meadows, “A Model of Computation for the NRL Protocol Analyzer,”
Proceedings of the Computer Security Foundations Workshop VII, IEEE Computer Society Press,
1994, pp. 84“89.
1047. C.A. Meadows, “Formal Verification of Cryptographic Protocols: A Survey,”
Advances in Cryptology”ASIACRYPT ™94 Proceedings, Springer“Verlag, 1995, pp. 133“150.
1048. G. Medvinsky and B.C. Neuman, “NetCash: A Design for Practical Electronic
Currency on the Internet,” Proceedings of the 1st Annual ACM Conference on Computer and
Communications Security, ACM Press, 1993, pp. 102“106.
1049. G. Medvinsky and B.C. Neuman, “Electronic Currency for the Internet,” Electronic
Markets, v. 3, n. 9/10, Oct 1993, pp. 23“24.
1050. W. Meier, “On the Security of the IDEA Block Cipher,” Advances in Cryptology”
EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 371“385.
1051. W. Meier and O. Staffelbach, “Fast Correlation Attacks on Stream Ciphers,”
Journal of Cryptology, v. 1, n. 3, 1989, pp. 159“176.
1052. W. Meier and O. Staffelbach, “Analysis of Pseudo Random Sequences Generated
by Cellular Automata,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“
Verlag, 1991, pp. 186“199.
1053. W. Meier and O. Staffelbach, “Correlation Properties of Combiners with Memory
in Stream Ciphers,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag,
1991, pp. 204“213.
1054. W. Meier and O. Staffelbach, “Correlation Properties of Combiners with Memory
in Stream Ciphers,” Journal of Cryptology, v. 5, n. 1, 1992, pp. 67“86.
1055. W. Meier and O. Staffelbach, “The Self“Shrinking Generator,” Communications
and Cryptography: Two Sides of One Tapestry, R.E. Blahut et al., eds., Kluwer Adademic
Publishers, 1994, pp. 287“295.
1056. J. Meijers, “Algebraic“Coded Cryptosystems,” Master™s thesis, Technical
University Eindhoven, 1990.
1057. J. Meijers and J. van Tilburg, “On the Rao“Nam Private“Key Cryptosystem Using
Linear Codes,” International Symposium on Information Theory, Budapest, Hungary, 1991.
1058. J. Meijers and J. van Tilburg, “An Improved ST“Attack on the Rao“Nam Private“
Key Cryptosystem,” International Conference on Finite Fields, Coding Theory, and Advances in
Communications and Computing, Las Vegas, NV, 1991.
1059. A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers,
1993.
1060. A. Menezes, ed., Applications of Finite Fields, Kluwer Academic Publishers, 1993.
1061. A. Menezes and S.A. Vanstone, “Elliptic Curve Cryptosystems and Their
Implementations,” Journal of Cryptology, v. 6, n. 4, 1993, pp. 209“224.
1062. A. Menezes and S.A. Vanstone, “The Implementation of Elliptic Curve
Cryptosystems,” Advances in Cryptology”AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990,
pp. 2“13.
1063. R. Menicocci, “Short Gollmann Cascade Generators May Be Insecure,” Codes and
Ciphers, Institute of Mathematics and its Applications, 1995, pp. 281“297.
1064. R.C. Merkle, “Secure Communication Over Insecure Channels,” Communications
of the ACM, v. 21, n. 4, 1978, pp. 294“299.
1065. R.C. Merkle, “Secrecy, Authentication, and Public Key Systems,” Ph.D.
dissertation, Stanford University, 1979.
1066. R.C. Merkle, “Method of Providing Digital Signatures,” U.S. Patent #4,309,569, 5



Page 602 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Jan 1982.
1067. R.C. Merkle, “A Digital Signature Based on a Conventional Encryption Function,”
Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 369“378.
1068. R.C. Merkle, “A Certified Digital Signature,” Advances in Cryptology”CRYPTO
™89 Proceedings, Springer“Verlag, 1990, pp. 218“238.
1069. R.C. Merkle, “One Way Hash Functions and DES,” Advances in Cryptology”
CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 428“446.
1070. R.C. Merkle, “A Fast Software One“Way Hash Function,” Journal of Cryptology, v.
3, n. 1, 1990, pp. 43“58.
1071. R.C. Merkle, “Fast Software Encryption Functions,” Advances in Cryptology”
CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 476“501.
1072. R.C. Merkle, “Method and Apparatus for Data Encryption,” U.S. Patent
#5,003,597, 26 Mar 1991.
1073. R.C. Merkle, personal communication, 1993.
1074. R.C. Merkle and M. Hellman, “Hiding Information and Signatures in Trapdoor
Knapsacks,” IEEE Transactions on Information Theory, v. 24, n. 5, Sep 1978, pp. 525“530.
1075. R.C. Merkle and M. Hellman, “On the Security of Multiple Encryption,”
Communications of the ACM, v. 24, n. 7, 1981, pp. 465“467.
1076. M. Merritt, “Cryptographic Protocols,” Ph.D. dissertation, Georgia Institute of
Technology, GIT“ICS“83/6, Feb 1983.
1077. M. Merritt, “Towards a Theory of Cryptographic Systems: A Critique of Crypto“
Complexity,” Distributed Computing and Cryptography, J. Feigenbaum and M. Merritt, eds.,
American Mathematical Society, 1991, pp. 203“212.
1078. C.H. Meyer, “Ciphertext/Plaintext and Ciphertext/Key Dependencies vs. Number of
Rounds for Data Encryption Standard,” AFIPS Conference Proceedings, 47, 1978, pp. 1119“
1126.
1079. C.H. Meyer, “Cryptography”A State of the Art Review,” Proceedings of Compeuro
™89, VLSI and Computer Peripherals, 3rd Annual European Computer Conference, IEEE
Press, 1989, pp. 150“154.
1080. C.H. Meyer and S.M. Matyas, Cryptography: A New Dimension in Computer Data
Security, New York: John Wiley & Sons, 1982.
1081. C.H. Meyer and M. Schilling, “Secure Program Load with Manipulation Detection
Code,” Proceedings of Securicom ™88, 1988, pp. 111“130.
1082. C.H. Meyer and W.L. Tuchman, “Pseudo“Random Codes Can Be Cracked,”
Electronic Design, v. 23, Nov 1972.
1083. C.H. Meyer and W.L. Tuchman, “Design Considerations for Cryptography,”
Proceedings of the NCC, v. 42, Montvale, NJ: AFIPS Press, Nov 1979, pp. 594“597.
1084. S. Micali, “Fair Public“Key Cryptosystems,” Advances in Cryptology”CRYPTO ™92
Proceedings, Springer“Verlag, 1993, pp. 113“138.
1085. S. Micali, “Fair Cryptosystems,” MIT/ LCS/TR“579.b, MIT Laboratory for
Computer Science, Nov 1993.
1086. S. Micali, “Fair Cryptosystems and Methods for Use,” U.S. Patent #5,276,737, 4 Jan
1994.
1087. S. Micali, “Fair Cryptosystems and Methods for Use,” U.S. Patent #5,315,658, 24
May 1994.
1088. S. Micali and A. Shamir, “An Improvement on the Fiat“Shamir Identification and
Signature Scheme,” Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990,
pp. 244“247.
1089. M.J. Mihajlevic, “A Correlation Attack on the Binary Sequence Generators with
Time“Varying Output Function,” Advances in Cryptology”ASIACRYPT ™94 Proceedings,
Springer“Verlag, 1995, pp. 67“79.
1090. M.J. Mihajlevic and J.D. Golic, “A Fast Iterative Algorithm for a Shift Register
Internal State Reconstruction Given the Noisy Output Sequence,” Advances in Cryptology”



Page 603 of 666
Applied Cryptography: Second Edition - Bruce Schneier



AUSCRYPT ™90 Proceedings, Springer“Verlag, 1990, pp. 165“175.
1091. M.J. Mihajlevic and J.D. Golic, “Convergence of a Bayesian Iterative Error“
Correction Procedure to a Noisy Shift Register Sequence,” Advances in Cryptology ”
EUROCRYPT ™92 Proceedings, Springer“Verlag, 1993, pp. 124“137.
1092. J.K. Millen, S.C. Clark, and S.B. Freedman, “The Interrogator: Protocol Security
Analysis,” IEEE Transactions on Software Engineering, v. SE“13, n. 2, Feb 1987, pp. 274“288.
1093. G.L. Miller, “Riemann™s Hypothesis and Tests for Primality,” Journal of Computer
Systems Science, v. 13, n. 3, Dec 1976, pp. 300“317.
1094. S.P. Miller, B.C. Neuman, J.I. Schiller, and J.H. Saltzer, “Section E.2.1: Kerberos
Authentication and Authorization System,” MIT Project Athena, Dec 1987.
1095. V.S. Miller, “Use of Elliptic Curves in Cryptography,” Advances in Cryptology”
CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 417“426.
1096. M. Minsky, Computation: Finite and Infinite Machines, Englewood Cliffs, NJ:
Prentice“Hall, 1967.
1097. C.J. Mitchell, “Authenticating Multi“Cast Internet Electronic Mail Messages Using
a Bidirectional MAC Is Insecure,” draft manuscript, 1990.
1098. C.J. Mitchell, “Enumerating Boolean Functions of Cryptographic Significance,”
Journal of Cryptology, v. 2, n. 3, 1990, pp. 155“170.
1099. C.J. Mitchell, F. Piper, and P. Wild, “Digital Signatures,” Contemporary Cryptology:
The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1991, pp. 325“378.
1100. C.J. Mitchell, M. Walker, and D. Rush, “CCITT/ISO Standards for Secure
Message Handling,” IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989,
pp. 517“524.
1101. S. Miyaguchi, “Fast Encryption Algorithm for the RSA Cryptographic System,”
Proceedings of Compcon 82, IEEE Press, pp. 672“678.
1102. S. Miyaguchi, “The FEAL“8 Cryptosystem and Call for Attack,” Advances in
Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 624“627.
1103. S. Miyaguchi, “Expansion of the FEAL Cipher,” NTT Review, v. 2, n. 6, Nov 1990.
1104. S. Miyaguchi, “The FEAL Cipher Family,” Advances in Cryptology”CRYPTO ™90
Proceedings, Springer“Verlag, 1991, pp. 627“638.
1105. S. Miyaguchi, K. Ohta, and M. Iwata, “128“bit Hash Function (N“Hash),”
Proceedings of SECURICOM ™90, 1990, pp. 127“137.
1106. S. Miyaguchi, K. Ohta, and M. Iwata, “128“bit Hash Function (N“Hash),” NTT
Review, v. 2, n. 6, Nov 1990, pp. 128“132.
1107. S. Miyaguchi, K. Ohta, and M. Iwata, “Confirmation that Some Hash Functions
Are Not Collision Free,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“
Verlag, 1991, pp. 326“343.
1108. S. Miyaguchi, A. Shiraishi, and A. Shimizu, “Fast Data Encipherment Algorithm
FEAL“8,” Review of the Electrical Communication Laboratories, v. 36, n. 4, 1988.
1109. H. Miyano, “Differential Cryptanalysis on CALC and Its Evaluation,” Proceedings
of the 1992 Symposium on Cryptography and Information Security (SCIS 92), Tateshina, Japan,
2“4 Apr 1992, pp. 7B.1“8.
1110. R. Molva, G. Tsudik, E. van Herreweghen, and S. Zatti, “KryptoKnight
Authentication and Key Distribution System,” Proceedings of European Symposium on Research
in Computer Security, Toulouse, France, Nov 1992.
1111. P.L. Montgomery, “Modular Multiplication without Trial Division,” Mathematics
of Computation, v. 44, n. 170, 1985, pp. 519“521.
1112. P.L. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of
Factorization,” Mathematics of Computation, v. 48, n. 177, Jan 1987, pp. 243“264.
1113. P.L. Montgomery and R. Silverman, “An FFT Extension to the p“1 Factoring
Algorithm,” Mathematics of Computation, v. 54, n. 190, 1990, pp. 839“854.
1114. J.H. Moore, “Protocol Failures in Cryptosystems,” Proceedings of the IEEE, v. 76,
n. 5, May 1988.



Page 604 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1115. J.H. Moore, “Protocol Failures in Cryptosystems,” in Contemporary Cryptology:
The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 541“558.
1116. J.H. Moore and G.J. Simmons, “Cycle Structure of the DES with Weak and Semi“
Weak Keys,” Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 3“
32.
1117. T. Moriyasu, M. Morii, and M. Kasahara, “Nonlinear Pseudorandom Number
Generator with Dynamic Structure and Its Properties,” Proceedings of the 1994 Symposium on
Cryptography and Information Security (SCIS 94), Biwako, Japan, 27“29 Jan 1994, pp. 8A.1“11.
1118. R. Morris, “The Data Encryption Standard”Retrospective and Prospects,” IEEE
Communications Magazine, v. 16, n. 6, Nov 1978, pp. 11“14.
1119. R. Morris, remarks at the 1993 Cambridge Protocols Workshop, 1993.
1120. R. Morris, N.J.A. Sloane, and A.D. Wyner, “Assessment of the NBS Proposed Data
Encryption Standard,” Cryptologia, v. 1, n. 3, Jul 1977, pp. 281“291.
1121. R. Morris and K. Thompson, “Password Security: A Case History,”
Communications of the ACM, v. 22, n. 11, Nov 1979, pp. 594“597.
1122. S.B. Morris, “Escrow Encryption,” lecture at MIT Laboratory for Computer
Science, 2 Jun 1994.
1123. M.N. Morrison and J. Brillhart, “A Method of Factoring and the Factorization of
F7,” Mathematics of Computation, v. 29, n. 129, Jan 1975, pp. 183“205.
1124. L.E. Moser, “A Logic of Knowledge and Belief for Reasoning About Computer
Security,” Proceedings of the Computer Security Foundations Workshop II, IEEE Computer
Society Press, 1989, pp. 57“63.
1125. Motorola Government Electronics Division, Advanced Techniques in Network
Security, Scottsdale, AZ, 1977.
1126. W.B. Müller, “Polynomial Functions in Modern Cryptology,” Contributions to
General Algebra 3: Proceedings of the Vienna Conference, Vienna: Verlag Hölder“Pichler“
Tempsky, 1985, pp. 7“32.
1127. W.B. Müller and W. Nöbauer, “Some Remarks on Public“Key Cryptography,”
Studia Scientiarum Mathematicarum Hungarica, v. 16, 1981, pp. 71“76.
1128. W.B. Müller and W. Nöbauer, “Cryptanalysis of the Dickson Scheme,” Advances in
Cryptology”EUROCRYPT ™85 Proceedings, Springer“Verlag, 1986, pp. 50“61.
1129. C. Muller“Scholer, “A Microprocessor“Based Cryptoprocessor,” IEEE Micro, Oct
1983, pp. 5“15.
1130. R.C. Mullin, E. Nemeth, and N. Weidenhofer, “Will Public Key Cryptosystems Live
Up to Their Expectations?”HEP Implementation of the Discrete Log Codebreaker,” ICPP 85,
pp. 193“196.
1131. Y. Murakami and S. Kasahara, “An ID“Based Key Distribution Scheme,” IEICE
Japan, Technical Report, ISEC90“26, 1990.
1132. S. Murphy, “The Cryptanalysis of FEAL“4 with 20 Chosen Plaintexts,” Journal of
Cryptology, v. 2, n. 3, 1990, pp. 145“154.
1133. E.D. Myers, “STU“III”Multilevel Secure Computer Interface,” Proceedings of the
Tenth Annual Computer Security Applications Conference, IEEE Computer Society Press, 1994,
pp. 170“179.
1134. D. Naccache, “Can O.S.S. be Repaired? Proposal for a New Practical Signature
Scheme,” Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp.
233“239.
1135. D. Naccache, D. M™Ra•hi, D. Raphaeli, and S. Vaudenay, “Can D.S.A. be
Improved? Complexity Trade“Offs with the Digital Signature Standard,” Advances in
Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to appear.
1136. Y. Nakao, T. Kaneko, K. Koyama, and R. Terada, “A Study on the Security of
RDES“1 Cryptosystem against Linear Cryptanalysis,” Proceedings of the 1995 Japan“Korea
Workshop on Information Security and Cryptography, Inuyama, Japan, 24“27 Jan 1995, pp. 163“
172.



Page 605 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1137. M. Naor, “Bit Commitment Using Pseudo“Randomness,” Advances in Cryptology”
CRYPTO ™89 Proceedings., Springer“Verlag, 1990, pp. 128“136.
1138. M. Naor and M. Yung, “Universal One“Way Hash Functions and Their
Cryptographic Application,” Proceedings of the 21st Annual ACM Symposium on the Theory of
Computing, 1989, pp. 33“43.
1139. National Bureau of Standards, “Report of the Workshop on Estimation of
Significant Advances in Computer Technology,” NBSIR76“1189, National Bureau of Standards,
U.S. Department of Commerce, 21“22 Sep 1976, Dec 1977.
1140. National Bureau of Standards, NBS FIPS PUB 46, “Data Encryption Standard,”
National Bureau of Standards, U.S. Department of Commerce, Jan 1977.
1141. National Bureau of Standards, NBS FIPS PUB 46“1, “Data Encryption Standard,”
U.S. Department of Commerce, Jan 1988.
1142. National Bureau of Standards, NBS FIPS PUB 74, “Guidelines for Implementing
and Using the NBS Data Encryption Standard,” U.S. Department of Commerce, Apr 1981.
1143. National Bureau of Standards, NBS FIPS PUB 81, “DES Modes of Operation,” U.S.
Department of Commerce, Dec 1980.
1144. National Bureau of Standards, NBS FIPS PUB 112, “Password Usage,” U.S.
Department of Commerce, May 1985.
1145. National Bureau of Standards, NBS FIPS PUB 113, “Computer Data
Authentication,” U.S. Department of Commerce, May 1985.
1146. National Computer Security Center, “Trusted Network Interpretation of the
Trusted Computer System Evaluation Criteria,” NCSC“TG“005 Version 1, Jul 1987.
1147. National Computer Security Center, “Trusted Database Management System
Interpretation of the Trusted Computer System Evaluation Criteria,” NCSC“TG“021 Version
1, Apr 1991.
1148. National Computer Security Center, “A Guide to Understanding Data
Rememberance in Automated Information Systems,” NCSC“TG“025 Version 2, Sep 1991.
1149. National Institute of Standards and Technology, NIST FIPS PUB XX, “Digital
Signature Standard,” U.S. Department of Commerce, DRAFT, 19 Aug 1991.
1150. National Institute of Standards and Technology, NIST FIPS PUB 46“2, “Data
Encryption Standard,” U.S. Department of Commerce, Dec 93.
1151. National Institute of Standards and Technology, NIST FIPS PUB 171, “Key
Management Using X9.17,” U.S. Department of Commerce, Apr 92.
1152. National Institute of Standards and Technology, NIST FIPS PUB 180, “Secure
Hash Standard,” U.S. Department of Commerce, May 93.
1153. National Institute of Standards and Technology, NIST FIPS PUB 185, “Escrowed
Encryption Standard,” U.S. Department of Commerce, Feb 94.
1154. National Institute of Standards and Technology, NIST FIPS PUB 186, “Digital
Signature Standard,” U.S. Department of Commerce, May 1994.
1155. National Institute of Standards and Technology, “Clipper Chip Technology,” 30
Apr 1993.
1156. National Institute of Standards and Technology, “Capstone Chip Technology,” 30
Apr 1993.
1157. J. Nechvatal, “Public Key Cryptography,” NIST Special Publication 800“2,
National Institute of Standards and Technology, U.S. Department of Commerce, Apr 1991.
1158. J. Nechvatal, “Public Key Cryptography,” Contemporary Cryptology: The Science of
Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 177“288.
1159. R.M. Needham and M.D. Schroeder, “Using Encryption for Authentication in
Large Networks of Computers,” Communications of the ACM, v. 21, n. 12, Dec 1978, pp. 993“
999.
1160. R.M. Needham and M.D. Schroeder, “Authentication Revisited,” Operating Systems
Review, v. 21, n. 1, 1987, p. 7.
1161. D.M. Nessett, “A Critique of the Burrows, Abadi, and Needham Logic,” Operating



Page 606 of 666
Applied Cryptography: Second Edition - Bruce Schneier



System Review, v. 20, n. 2, Apr 1990, pp. 35“38.
1162. B.C. Neuman and S. Stubblebine, “A Note on the Use of Timestamps as Nonces,”
Operating Systems Review, v. 27, n. 2, Apr 1993, pp. 10“14.
1163. B.C. Neuman and T. Ts™o, “Kerberos: An Authentication Service for Computer
Networks,” IEEE Communications Magazine, v. 32, n. 9, Sep 1994, pp. 33“38.
1164. L. Neuwirth, “Statement of Lee Neuwirth of Cylink on HR145,” submitted to
congressional committees considering HR145, Feb 1987.
1165. D.B. Newman, Jr. and R.L. Pickholtz, “Cryptography in the Private Sector,” IEEE
Communications Magazine, v. 24, n. 8, Aug 1986, pp. 7“10.
1166. H. Niederreiter, “A Public“Key Cryptosystem Based on Shift Register Sequences,”
Advances in Cryptology”EUROCRYPT ™85 Proceedings, Springer“Verlag, 1986, pp. 35“39.
1167. H. Niederreiter, “Knapsack“Type Cryptosystems and Algebraic Coding Theory,”
Problems of Control and Information Theory, v. 15, n. 2, 1986, pp. 159“166. 1168. H.
Niederreiter, “The Linear Complexity Profile and the Jump Complexity of Keystream
Sequences,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp.
174“188.
1169. V. Niemi, “A New Trapdoor in Knapsacks,” Advances in Cryptology”EUROCRYPT
™90 Proceedings, Springer“Verlag, 1991, pp. 405“411.
1170. V. Niemi and A. Renvall, “How to Prevent Buying of Voters in Computer
Elections,” Advances in Cryptology”ASIACRYPT ™94 Proceedings, Springer“Verlag, 1995, pp.
164“170.
1171. I. Niven and H.A. Zuckerman, An Introduction to the Theory of Numbers, New
York: John Wiley & Sons, 1972.
1172. R. Nöbauer, “Cryptanalysis of the R©dei Scheme,” Contributions to General Algebra
3: Proceedings of the Vienna Conference, Verlag Hölder“Pichler“Tempsky, Vienna, 1985, pp.
255“264.
1173. R. Nöbauer, “Cryptanalysis of a Public“Key Cryptosystem Based on Dickson“
Polynomials,” Mathematica Slovaca, v. 38, n. 4, 1988, pp. 309“323.
1174. K. Noguchi, H. Ashiya, Y. Sano, and T. Kaneko, “A Study on Differential Attack of
MBAL Cryptosystem,” Proceedings of the 1994 Symposium on Cryptography and Information
Security (SCIS 94), Lake Biwa, Japan, 27“29 Jan 1994, pp. 14B.1“7. (In Japanese.)
1175. H. Nurmi, A. Salomaa, and L. Santean, “Secret Ballot Elections in Computer
Networks,” Computers & Security, v. 10, 1991, pp. 553“560.
1176. K. Nyberg, “Construction of Bent Functions and Difference Sets,” Advances in
Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 151“160.
1177. K. Nyberg, “Perfect Nonlinear S“Boxes,” Advances in Cryptology”EUROCRYPT
™91 Proceedings, Springer“Verlag, 1991, pp. 378“386.
1178. K. Nyberg, “On the Construction of Highly Nonlinear Permutations,” Advances in
Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1991, pp. 92“98.
1179. K. Nyberg, “Differentially Uniform Mappings for Cryptography,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 55“64.
1180. K. Nyberg, “Provable Security against Differential Cryptanalysis,” presented at the
rump session of Eurocrypt ™94, May 1994.
1181. K. Nyberg and L.R. Knudsen, “Provable Security against Differential
Cryptanalysis,” Advances in Cryptology”CRYPTO ™92 Proceedings, Springer“Verlag, 1993, pp.
566“574.
1182. K. Nyberg and L.R. Knudsen, “Provable Security against Differential
Cryptanalysis,” Journal of Cryptology, v. 8, n. 1, 1995, pp. 27“37.
1183. K. Nyberg and R.A. Rueppel, “A New Signature Scheme Based on the DSA Giving
Message Recovery,” 1st ACM Conference on Computer and Communications Security, ACM
Press, 1993, pp. 58“61.
1184. K. Nyberg and R.A. Rueppel, “Message Recovery for Signature Schemes Based on
the Discrete Logarithm Problem,” Advances in Cryptology”EUROCRYPT ™94 Proceedings,



Page 607 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Springer“Verlag, 1995, to appear.
1185. L. O™Connor, “Enumerating Nondegenerate Permutations,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 368“377.
1186. L. O™Connor, “On the Distribution of Characteristics in Bijective Mappings,”
Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 360“370.
1187. L. O™Connor, “On the Distribution of Characteristics in Composite Permutations,”
Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 403“412.
1188. L. O™Connor and A. Klapper, “Algebraic Nonlinearity and Its Application to
Cryptography,” Journal of Cryptology, v. 7, n. 3, 1994, pp. 133“151.
1189. A. Odlyzko, “Discrete Logarithms in Finite Fields and Their Cryptographic
Significance,” Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag, 1985,
pp. 224“314.
1190. A. Odlyzko, “Progress in Integer Factorization and Discrete Logarithms,”
unpublished manuscript, Feb 1995.
1191. Office of Technology Assessment, U.S. Congress, “Defending Secrets, Sharing Data:
New Locks and Keys for Electronic Communication,” OTA“CIT“310, Washington, D.C.: U.S.
Government Printing Office, Oct 1987.
1192. B. O™Higgins, W. Diffie, L. Strawczynski, and R. de Hoog, “Encryption and
ISDN”a Natural Fit,” Proceedings of the 1987 International Switching Symposium, 1987, pp.
863“869.
1193. Y. Ohnishi, “A Study on Data Security,” Master™s thesis, Tohuku University,
Japan, 1988. (In Japanese.)
1194. K. Ohta, “A Secure and Efficient Encrypted Broadcast Communication System
Using a Public Master Key,” Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. J70“D, n. 8, Aug 1987, pp. 1616“1624.
1195. K. Ohta, “An Electrical Voting Scheme Using a Single Administrator,” IEICE
Spring National Convention, A“294, 1988, v. 1, p. 296. (In Japanese.)
1196. K. Ohta, “Identity“based Authentication Schemes Using the RSA Cryptosystem,”
Transactions of the Institute of Electronics, Information, and Communication Engineers, v. J72D“
II, n. 8, Aug 1989, pp. 612“620.
1197. K. Ohta and M. Matsui, “Differential Attack on Message Authentication Codes,”
Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 200“223.
1198. K. Ohta and T. Okamoto, “Practical Extension of Fiat“Shamir Scheme,”
Electronics Letters, v. 24, n. 15, 1988, pp. 955“956.
1199. K. Ohta and T. Okamoto, “A Modification of the Fiat“Shamir Scheme,” Advances
in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 232“243.
1200. K. Ohta and T. Okamoto, “A Digital Multisignature Scheme Based on the Fiat“
Shamir Scheme,” Advances in Cryptology”ASIACRYPT ™91 Proceedings, Springer“Verlag,
1993, pp. 139“148.
1201. K. Ohta, T. Okamoto and K. Koyama, “Membership Authentication for Hierarchy
Multigroups Using the Extended Fiat“Shamir Scheme,” Advances in Cryptology”EUROCRYPT
™90 Proceedings, Springer“Verlag, 1991, pp. 446“457.
1202. E. Okamoto and K. Tanaka, “Key Distribution Based on Identification
Information,” IEEE Journal on Selected Areas in Communication, v. 7, n. 4, May 1989, pp. 481“
485.
1203. T. Okamoto, “Fast Public“Key Cryptosystems Using Congruent Polynomial
Equations,” Electronics Letters, v. 22, n. 11, 1986, pp. 581“582.
1204. T. Okamoto, “Modification of a Public“Key Cryptosystem,” Electronics Letters, v.
23, n. 16, 1987, pp. 814“815.
1205. T. Okamoto, “A Fast Signature Scheme Based on Congruential Polynomial
Operations,” IEEE Transactions on Information Theory, v. 36, n. 1, 1990, pp. 47“53.
1206. T. Okamoto, “Provably Secure and Practical Identification Schemes and
Corresponding Signature Schemes,” Advances in Cryptology”CRYPTO ™92 Proceedings,



Page 608 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Springer“Verlag, 1993, pp. 31“53.
1207. T. Okamoto, A. Fujioka, and E. Fujisaki, “An Efficient Digital Signature Scheme
Based on Elliptic Curve over the Ring Zn,” Advances in Cryptology”CRYPTO ™92 Proceedings,
Springer“Verlag, 1993, pp. 54“65.
1208. T. Okamoto, S. Miyaguchi, A. Shiraishi, and T. Kawoaka, “Signed Document
Transmission System,” U.S. Patent #4,625,076, 25 Nov 1986.
1209. T. Okamoto and K. Ohta, “Disposable Zero“Knowledge Authentication and Their
Applications to Untraceable Electronic Cash,” Advances in Cryptology”CRYPTO ™89
Proceedings, Springer“Verlag, 1990, pp. 134“149.
1210. T. Okamoto and K. Ohta, “How to Utilize the Randomness of Zero“Knowledge
Proofs,” Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 456“
475.
1211. T. Okamoto and K. Ohta, “Universal Electronic Cash,” Advances in Cryptology”
CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 324“337.
1212. T. Okamoto and K. Ohta, “Survey of Digital Signature Schemes,” Proceedings of
the Third Symposium on State and Progress of Research in Cryptography, Fondazone Ugo
Bordoni, Rome, 1993, pp. 17“29.
1213. T. Okamoto and K. Ohta, “Designated Confirmer Signatures Using Trapdoor
Functions,” Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS
94), Lake Biwa, Japan, 27“29 Jan 1994, pp. 16B.1“11.
1214. T. Okamoto and K. Sakurai, “Efficient Algorithms for the Construction of
Hyperelliptic Cryptosystems,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“
Verlag, 1992, pp. 267“278.
1215. T. Okamoto and A. Shiraishi, “A Fast Signature Scheme Based on Quadratic
Inequalities,” Proceedings of the 1985 Symposium on Security and Privacy, IEEE, Apr 1985,
pp. 123“132.
1216. J.D. Olsen, R.A. Scholtz, and L.R. Welch, “Bent Function Sequences,” IEEE
Transactions on Information Theory, v. IT“28, n. 6, Nov 1982, pp. 858“864.
1217. H. Ong and C.P. Schnorr, “Signatures through Approximate Representations by
Quadratic Forms,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984.
1218. H. Ong and C.P. Schnorr, “Fast Signature Generation with a Fiat Shamir“Like
Scheme,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag, 1991, pp.
432“440.
1219. H. Ong, C.P. Schnorr, and A. Shamir, “An Efficient Signature Scheme Based on
Polynomial Equations,” Proceedings of the 16th Annual Symposium on the Theory of Computing,
1984, pp. 208“216.
1220. H. Ong, C.P. Schnorr, and A. Shamir, “Efficient Signature Schemes Based on
Polynomial Equations,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag,
1985, pp. 37“46.
1221. Open Shop Information Services, OSIS Security Aspects, OSIS European Working
Group, WG1, final report, Oct 1985.
1222. G.A. Orton, M.P. Roy, P.A. Scott, L.E. Peppard, and S.E. Tavares, “VLSI
Implementation of Public“Key Encryption Algorithms,” Advances in Cryptology” CRYPTO ™86
Proceedings, Springer“Verlag, 1987, pp. 277“301.
1223. H. Orup, E. Svendsen, and E. Andreasen, “VICTOR”An Efficient RSA Hardware
Implementation,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag,
1991, pp. 245“252.
1224. D. Otway and O. Rees, “Efficient and Timely Mutual Authentication,” Operating
Systems Review, v. 21, n. 1, 1987, pp. 8“10.
1225. G. Pagels“Fick, “Implementation Issues for Master Key Distribution and Protected
Keyload Procedures,” Computers and Security: A Global Challenge, Proceedings of IFIP/SEC
™83, North Holland: Elsevier Science Publishers, 1984, pp. 381“390.
1226. C.M. Papadimitriou, Computational Complexity, Addison“Wesley, 1994.



Page 609 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1227. C.S. Park, “Improving Code Rate of McEliece™s Public“key Cryptosystem,”
Electronics Letters, v. 25, n. 21, 12 Oct 1989, pp. 1466“1467.
1228. S. Park, Y. Kim, S. Lee, and K. Kim, “Attacks on Tanaka™s Non“interactive Key
Sharing Scheme,” Proceedings of the 1995 Symposium on Cryptography and Information Security
(SCIS 95), Inuyama, Japan, 24“27 Jan 1995, pp. B3.4.1“4.
1229. S.J. Park, K.H. Lee, and D.H. Won, “An Entrusted Undeniable Signature,”
Proceedings of the 1995 Japan“Korea Workshop on Information Security and Cryptography,
Inuyama, Japan, 24“27 Jan 1995, pp. 120“126.
1230. S.J. Park, K.H. Lee, and D.H. Won, “A Practical Group Signature,” Proceedings of
the 1995 Japan“Korea Workshop on Information Security and Cryptography, Inuyama, Japan,
24“27 Jan 1995, pp. 127“133.
1231. S.K. Park and K.W. Miller, “Random Number Generators: Good Ones Are Hard to
Find,” Communications of the ACM, v. 31, n. 10, Oct 1988, pp. 1192“1201.
1232. J. Patarin, “How to Find and Avoid Collisions for the Knapsack Hash Function,”
Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 305“317.
1233. W. Patterson, Mathematical Cryptology for Computer Scientists and Mathematicians,
Totowa, N.J.: Rowman & Littlefield, 1987.
1234. W.H. Payne, “Public Key Cryptography Is Easy to Break,” William H. Payne,
unpublished manuscript, 16 Oct 90.
1235. T.P. Pederson, “Distributed Provers with Applications to Undeniable Signatures,”
Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag, 1991, pp. 221“242.
1236. S. Peleg and A. Rosenfield, “Breaking Substitution Ciphers Using a Relaxation
Algorithm,” Communications of the ACM, v. 22, n. 11, Nov 1979, pp. 598“605.
1237. R. Peralta, “Simultaneous Security of Bits in the Discrete Log,” Advances in
Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 62“72.
1238. I. Peterson, “Monte Carlo Physics: A Cautionary Lesson,” Science News, v. 142, n.
25, 19 Dec 1992, p. 422.
1239. B. Pfitzmann, “Fail“Stop Signatures: Principles and Applications,” Proceedings of
COMPUSEC ™91, Eighth World Conference on Computer Security, Audit, and Control, Elsevier
Science Publishers, 1991, pp. 125“134.
1240. B. Pfitzmann and M. Waidner, “Formal Aspects of Fail“Stop Signatures,” Fakult¤t
für Informatik, University Karlsruhe, Report 22/90, 1990.
1241. B. Pfitzmann and M. Waidner, “Fail“Stop Signatures and Their Application,”
Securicom ™91, 1991, pp. 145“160.
1242. B. Pfitzmann and M. Waidner, “Unconditional Concealment with Cryptographic
Ruggedness,” VIS ™91 Verlassliche Informationsysteme Proceedings, Darmstadt, Germany, 13“15
March 1991, pp. 3“2“320. (In German.)
1243. B. Pfitzmann and M. Waidner, “How to Break and Repair a ˜Provably Secure™
Untraceable Payment System,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“
Verlag, 1992, pp. 338“350.
1244. C.P. Pfleeger, Security in Computing, Englewood Cliffs, N.J.: Prentice“Hall, 1989.
1245. S.J.D. Phoenix and P.D. Townsend, “Quantum Cryptography and Secure Optical
Communication,” BT Technology Journal, v. 11, n. 2, Apr 1993, pp. 65“75.
1246. J. Pieprzyk, “On Public“Key Cryptosystems Built Using Polynomial Rings,”
Advances in Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 73“80.
1247. J. Pieprzyk, “Error Propagation Property and Applications in Cryptography,” IEE
Proceedings“E, Computers and Digital Techniques, v. 136, n. 4, Jul 1989, pp. 262“270.
1248. D. Pinkas, T. Parker, and P. Kaijser, “SESAME: An Introduction,” Issue 1.2, Bull,
ICL, and SNI, Sep 1993.
1249. F. Piper, “Stream Ciphers,” Elektrotechnic und Maschinenbau, v. 104, n. 12, 1987,
pp. 564“568.
1250. V.S. Pless, “Encryption Schemes for Computer Confidentiality,” IEEE Transactions
on Computing, v. C“26, n. 11, Nov 1977, pp. 1133“1136.

<<

. 26
( 29)



>>