<<

. 27
( 29)



>>



Page 610 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1251. J.B. Plumstead, “Inferring a Sequence Generated by a Linear Congruence,”
Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 1982, pp.
153“159.
1252. R. Poet, “The Design of Special Purpose Hardware to Factor Large Integers,”
Computer Physics Communications, v. 37, 1985, pp. 337“341.
1253. S.C. Pohlig and M.E. Hellman, “An Improved Algorithm for Computing
Logarithms in GF(p) and Its Cryptographic Significance,” IEEE Transactions on Information
Theory, v. 24, n. 1, Jan 1978, pp. 106“111.
1254. J.M. Pollard, “A Monte Carlo Method for Factorization,” BIT, v. 15, 1975, pp. 331“
334.
1255. J.M. Pollard and C.P. Schnorr, “An Efficient Solution of the Congruence x2 + ky2 =
m (mod n),” IEEE Transactions on Information Theory, v. IT“33, n. 5, Sep 1987, pp. 702“709.
1256. C. Pomerance, “Recent Developments in Primality Testing,” The Mathematical
Intelligencer, v. 3, n. 3, 1981, pp. 97“105.
1257. C. Pomerance, “The Quadratic Sieve Factoring Algorithm,” Advances in
Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, 169“182.
1258. C. Pomerance, “Fast, Rigorous Factorization and Discrete Logarithm Algorithms,”
Discrete Algorithms and Complexity, New York: Academic Press, 1987, pp. 119“143.
1259. C. Pomerance, J.W. Smith, and R. Tuler, “A Pipe“Line Architecture for Factoring
Large Integers with the Quadratic Sieve Algorithm,” SIAM Journal on Computing, v. 17, n. 2,
Apr 1988, pp. 387“403.
1260. G.J. Popek and C.S. Kline, “Encryption and Secure Computer Networks,” ACM
Computing Surveys, v. 11, n. 4, Dec 1979, pp. 331“356.
1261. F. Pratt, Secret and Urgent, Blue Ribbon Books, 1942.
1262. B. Preneel, “Analysis and Design of Cryptographic Hash Functions,” Ph.D.
dissertation, Katholieke Universiteit Leuven, Jan 1993.
1263. B. Preneel, “Differential Cryptanalysis of Hash Functions Based on Block Ciphers,”
Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993, pp.
183“188.
1264. B. Preneel, “Cryptographic Hash Functions,” European Transactions on
Telecommunications, v 5, n. 4, Jul/Aug 1994, pp. 431“448.
1265. B. Preneel, personal communication, 1995.
1266. B. Preneel, A. Bosselaers, R. Govaerts, and J. Vandewalle, “Collision“Free Hash
Functions Based on Block Cipher Algorithms,” Proceedings of the 1989 Carnahan Conference
on Security Technology, 1989, pp. 203“210.
1267. B. Preneel, R. Govaerts, and J. Vandewalle, “An Attack on Two Hash Functions by
Zheng“Matsumoto“Imai,” Advances in Cryptology”ASIACRYPT ™92 Proceedings, Springer“
Verlag, 1993, pp. 535“538.
1268. B. Preneel, R. Govaerts, and J. Vandewalle, “Hash Functions Based on Block
Ciphers: A Synthetic Approach,” Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“
Verlag, 1994, pp. 368“378.
1269. B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, “Cryptanalysis of the CFB mode
of the DES with a Reduced Number of Rounds,” Advances in Cryptology”CRYPTO ™93
Proceedings, Springer“Verlag, 1994, pp. 212“223.
1270. B. Preneel and V. Rijmen, “On Using Maximum Likelihood to Optimize Recent
Cryptanalytic Techniques,” presented at the rump session of EUROCRYPT ™94, May 1994.
1271. B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle,
“Propagation Characteristics of Boolean Functions,” Advances in Cryptology” EUROCRYPT
™90 Proceedings, Springer“Verlag, 1991, pp. 161“173.
1272. W.H. Press, B.P. Flannery, S.A. Teukolsky, and W.T. Vetterling, Numerical Recipes
in C: The Art of Scientific Computing, Cambridge University Press, 1988.
1273. W. Price, “Key Management for Data Encipherment,” Security: Proceedings of
IFIP/SEC ™83, North Holland: Elsevier Science Publishers, 1983.



Page 611 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1274. G.P. Purdy, “A High“Security Log“in Procedure,” Communications of the ACM, v.
17, n. 8, Aug 1974, pp. 442“445.
1275. J.“J. Quisquater, “Announcing the Smart Card with RSA Capability,” Proceedings
of the Conference: IC Cards and Applications, Today and Tomorrow, Amsterdam, 1989.
1276. J.“J. Quisquater and C. Couvreur, “Fast Decipherment Algorithm for RSA Public“
Key Cryptosystem,” Electronic Letters, v. 18, 1982, pp. 155“168.
1277. J.“J. Quisquater and J.“P. Delescaille, “Other Cycling Tests for DES,” Advances in
Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 255“256.
1278. J.“J. Quisquater and Y.G. Desmedt, “Chinese Lotto as an Exhaustive Code“
Breaking Machine,” Computer, v. 24, n. 11, Nov 1991, pp. 14“22.
1279. J.“J. Quisquater and M. Girault, “2n“bit Hash Functions Using n“bit Symmetric
Block Cipher Algorithms, Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“
Verlag, 1990, pp. 102“109.
1280. J.“J. Quisquater and L.C. Guillou, “Des Proc©d©s d™Authentification Bas©s sur une
Publication de Probl mes Complexes et Personnalis©s dont les Solutions Maintenues Secr tes
Constituent autant d™Accr©ditations,” Proceedings of SECURICOM ™89: 7th Worldwide Congress
on Computer and Communications Security and Protection, Soci©t© d™Édition et d™Organisation
d™Expositions Professionnelles, 1989, pp. 149“158. (In French.)
1281. J.“J., Myriam, Muriel, and Micha˜l Quisquater; L., Marie Annick, Ga•d, Anna,
Gwenol©, and Soazig Guillou; and T. Berson, “How to Explain Zero“Knowledge Protocols to
Your Children,” Advances in Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp.
628“631.
1282. M.O. Rabin, “Digital Signatures,” Foundations of Secure Communication, New
York: Academic Press, 1978, pp. 155“168.
1283. M.O. Rabin, “Digital Signatures and Public“Key Functions as Intractable as
Factorization,” MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR“212,
Jan 1979.
1284. M.O. Rabin, “Probabilistic Algorithm for Testing Primality,” Journal of Number
Theory, v. 12, n. 1, Feb 1980, pp. 128“ 138.
1285. M.O. Rabin, “Probabilistic Algorithms in Finite Fields,” SIAM Journal on
Computing, v. 9, n. 2, May 1980, pp. 273“280.
1286. M.O. Rabin, “How to Exchange Secrets by Oblivious Transfer,” Technical Memo
TR“81, Aiken Computer Laboratory, Harvard University, 1981.
1287. M.O. Rabin, “Fingerprinting by Random Polynomials,” Technical Report TR“15“
81, Center for Research in Computing Technology, Harvard University, 1981.
1288. T. Rabin and M. Ben“Or, “Verifiable Secret Sharing and Multiparty Protocols with
Honest Majority,” Proceedings of the 21st ACM Symposium on the Theory of Computing, 1989,
pp. 73“85.
1289. RAND Corporation, A Million Random Digits with 100,000 Normal Deviates,
Glencoe, IL: Free Press Publishers, 1955.
1290. T.R.N. Rao, “Cryposystems Using Algebraic Codes,” International Conference on
Computer Systems and Signal Processing, Bangalore, India, Dec 1984.
1291. T.R.N. Rao, “On Struit“Tilburg Cryptanalysis of Rao“Nam Scheme,” Advances in
Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 458“460.
1292. T.R.N. Rao and K.H. Nam, “Private“Key Algebraic“Coded Cryptosystems,”
Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp. 35“48.
1293. T.R.N. Rao and K.H. Nam, “Private“Key Algebraic“Code Encryptions,” IEEE
Transactions on Information Theory, v. 35, n. 4, Jul 1989, pp. 829“833.
1294. J.A. Reeds, “Cracking Random Number Generator,” Cryptologia, v. 1, n. 1, Jan
1977, pp. 20“26.
1295. J.A. Reeds, “Cracking a Multiplicative Congruential Encryption Algorithm,” in
Information Linkage Between Applied Mathematics and Industry, P.C.C. Wang, ed., Academic
Press, 1979, pp. 467“472.



Page 612 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1296. J.A. Reeds, “Solution of Challenge Cipher,” Cryptologia, v. 3, n. 2, Apr 1979, pp.
83“95.
1297. J.A. Reeds and J.L. Manferdelli, “DES Has No Per Round Linear Factors,”
Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 377“389.
1298. J.A. Reeds and N.J.A. Sloane, “Shift Register Synthesis (Modulo m),” SIAM
Journal on Computing, v. 14, n. 3, Aug 1985, pp. 505“513.
1299. J.A. Reeds and P.J. Weinberger, “File Security and the UNIX Crypt Command,”
AT&T Technical Journal, v. 63, n. 8, Oct 1984, pp. 1673“1683.
1300. T. Renji, “On Finite Automaton One“Key Cryptosystems,” Fast Software
Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 135“148.
1301. T. Renji and C. Shihua, “A Finite Automaton Public Key Cryptosystems and
Digital Signature,” Chinese Journal of Computers, v. 8, 1985, pp. 401“409. (In Chinese.)
1302. T. Renji and C. Shihua, “Two Varieties of Finite Automaton Public Key
Cryptosystems and Digital Signature,” Journal of Computer Science and Tecnology, v. 1, 1986,
pp. 9“18. (In Chinese.)
1303. T. Renji and C. Shihua, “An Implementation of Identity“based Cryptosystems and
Signature Schemes by Finite Automaton Public Key Cryptosystems,” Advances in Cryptology”
CHINACRYPT ™92, Bejing: Science Press, 1992, pp. 87“104. (In Chinese.)
1304. T. Renji and C. Shihua, “Note on Finite Automaton Public Key Cryptosystems,”
CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 76“80.
1305. Research and Development in Advanced Communication Technologies in Europe,
RIPE Integrity Primitives: Final Report of RACE Integrity Primitives Evaluation (R1040), RACE,
June 1992.
1306. J.M. Reyneri and E.D. Karnin, “Coin Flipping by Telephone,” IEEE Transactions
on Information Theory, v. IT“30, n. 5, Sep 1984, pp. 775“776.
1307. P. Ribenboim, The Book of Prime Number Records, Springer“Verlag, 1988.
1308. P. Ribenboim, The Little Book of Big Primes, Springer“Verlag, 1991.
1309. M. Richter, “Ein Rauschgenerator zur Gewinnung won quasi“idealen
Zufallszahlen für die stochastische Simulation,” Ph.D. dissertation, Aachen University of
Technology, 1992. (In German.)
1310. R.F. Rieden, J.B. Snyder, R.J. Widman, and W.J. Barnard, “A Two“Chip
Implementation of the RSA Public Encryption Algorithm,” Proceedings of GOMAC
(Government Microcircuit Applications Conference), Nov 1982, pp. 24“27.
1311. H. Riesel, Prime Numbers and Computer Methods for Factorization, Boston:
Birkhaüser, 1985.
1312. K. Rihaczek, “Data Interchange and Legal Security”Signature Surrogates,”
Computers & Security, v. 13, n. 4, Sep 1994, pp. 287“293.
1313. V. Rijmen and B. Preneel, “Improved Characteristics for Differential Cryptanalysis
of Hash Functions Based on Block Ciphers,” K.U. Leuven Workshop on Cryptographic
Algorithms, Springer“Verlag, 1995, to appear.
1314. R.L. Rivest, “A Description of a Single“Chip Implementation of the RSA Cipher,”
LAMBDA Magazine, v. 1, n. 3, Fall 1980, pp. 14“18.
1315. R.L. Rivest, “Statistical Analysis of the Hagelin Cryptograph,” Cryptologia, v. 5, n.
1, Jan 1981, pp. 27“32.
1316. R.L. Rivest, “A Short Report on the RSA Chip,” Advances in Cryptology:
Proceedings of Crypto 82, Plenum Press, 1983, p. 327.
1317. R.L. Rivest, “RSA Chips (Past/Present/ Future),” Advances in Cryptology:
Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, pp. 159“168.
1318. R.L. Rivest, “The MD4 Message Digest Algorithm,” RFC 1186, Oct 1990.
1319. R.L. Rivest, “The MD4 Message Digest Algorithm,” Advances in Cryptology”
CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 303“311.
1320. R.L. Rivest, “The RC4 Encryption Algorithm,” RSA Data Security, Inc., Mar 1992.
1321. R.L. Rivest, “The MD4 Message Digest Algorithm,” RFC 1320, Apr 1992.



Page 613 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1322. R.L. Rivest, “The MD5 Message Digest Algorithm,” RFC 1321, Apr 1992.
1323. R.L. Rivest, “Dr. Ron Rivest on the Difficulty of Factoring,” Ciphertext: The RSA
Newsletter, v. 1, n. 1, Fall 1993, pp. 6, 8.
1324. R.L. Rivest, “The RC5 Encryption Algorithm,” Dr. Dobb™s Journal, v. 20, n. 1, Jan
95, pp. 146“148.
1325. R.L. Rivest, “The RC5 Encryption Algorithm,” K.U. Leuven Workshop on
Cryptographic Algorithms, Springer“Verlag, 1995, to appear.
1326. R.L. Rivest, M.E. Hellman, J.C. Anderson, and J.W. Lyons, “Responses to NIST™s
Proposal,” Communications of the ACM, v. 35, n. 7, Jul 1992, pp. 41“54.
1327. R.L. Rivest and A. Shamir, “How to Expose an Eavesdropper,” Communications of
the ACM, v. 27, n. 4, Apr 1984, pp. 393“395.
1328. R.L. Rivest, A. Shamir, and L.M. Adleman, “A Method for Obtaining Digital
Signatures and Public“Key Cryptosystems,” Communications of the ACM, v. 21, n. 2, Feb 1978,
pp. 120“126.
1329. R.L. Rivest, A. Shamir, and L.M. Adleman, “On Digital Signatures and Public Key
Cryptosystems,” MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR“212,
Jan 1979.
1330. R.L. Rivest, A. Shamir, and L.M. Adleman, “Cryptographic Communications
System and Method,” U.S. Patent #4,405,829, 20 Sep 1983.
1331. M.J.B. Robshaw, “Implementations of the Search for Pseudo“Collisions in MD5,”
Technical Report TR“103, Version 2.0, RSA Laboratories, Nov 1993.
1332. M.J.B. Robshaw, “The Final Report of RACE 1040: A Technical Summary,”
Technical Report TR“9001, Version 1.0, RSA Laboratories, Jul 1993.
1333. M.J.B. Robshaw, “On Evaluating the Linear Complexity of a Sequence of Least
Period 2n,” Designs, Codes and Cryptography, v. 4, n. 3, 1994, pp. 263“269.
1334. M.J.B. Robshaw, “Block Ciphers,” Technical Report TR“601, RSA Laboratories,
Jul 1994.
1335. M.J.B. Robshaw, “MD2, MD4, MD5, SHA, and Other Hash Functions,” Technical
Report TR“101, Version 3.0, RSA Laboratories, Jul 1994.
1336. M.J.B. Robshaw, “On Pseudo“Collisions in MD5,” Technical Report TR“102,
Version 1.1, RSA Laboratories, Jul 1994.
1337. M.J.B. Robshaw, “Security of RC4,” Technical Report TR“401, RSA Laboratories,
Jul 1994.
1338. M.J.B. Robshaw, personal communication, 1995.
1339. M. Roe, “Reverse Engineering of an EES Device,” K.U. Leuven Workshop on
Cryptographic Algorithms, Springer“Verlag, 1995, to appear.
1340. P. Rogaway and D. Coppersmith, “A Software“Oriented Encryption Algorithm,”
Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer“Verlag, 1994,
pp. 56“63.
1341. H.L. Rogers, “An Overview of the Candware Program,” Proceedings of the 3rd
Annual Symposium on Physical/Electronic Security, Armed Forces Communications and
Electronics Association, paper 31, Aug 1987.
1342. J. Rompel, “One“Way Functions Are Necessary and Sufficient for Secure
Signatures,” Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing,
1990, pp. 387“394.
1343. T. Rosati, “A High Speed Data Encryption Processor for Public Key
Cryptography,” Proceedings of the IEEE Custom Integrated Circuits Conference, 1989, pp.
12.3.1“12.3.5.
1344. O.S. Rothaus, “On ˜Bent™ Functions,” Journal of Combinational Theory, Series A, v.
20, n. 3, 1976, pp. 300“305.
1345. RSA Laboratories, “PKCS #1: RSA Encryption Standard,” version 1.5, Nov 1993.
1346. RSA Laboratories, “PKCS #3: Diffie“Hellman Key“Agreement Standard,” version
1.4, Nov 1993.



Page 614 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1347. RSA Laboratories, “PKCS #5: Password“Based Encryption Standard,” version 1.5,
Nov 1993.
1348. RSA Laboratories, “PKCS #6: Extended“Certificate Syntax Standard,” version 1.5,
Nov 1993.
1349. RSA Laboratories, “PKCS #7: Cryptographic Message Syntax Standard,” version
1.5, Nov 1993.
1350. RSA Laboratories, “PKCS #8: Private Key Information Syntax Standard,” version
1.2, Nov 1993.
1351. RSA Laboratories, “PKCS #9: Selected Attribute Types,” version 1.1, Nov 1993.
1352. RSA Laboratories, “PKCS #10: Certification Request Syntax Standard,” version 1.0, Nov
1993.
1353. RSA Laboratories, “PKCS #11: Cryptographic Token Interface Standard,” version
1.0, Apr 95.
1354. RSA Laboratories, “PKCS #12: Public Key User Information Syntax Standard,”
version 1.0, 1995.
1355. A.D. Rubin and P. Honeyman, “Formal Methods for the Analysis of Authentication
Protocols,” draft manuscript, 1994.
1356. F. Rubin, “Decrypting a Stream Cipher Based on J“K Flip“Flops,” IEEE
Transactions on Computing, v. C“28, n. 7, Jul 1979, pp. 483“487.
1357. R.A. Rueppel, Analysis and Design of Stream Ciphers, Springer“Verlag, 1986.
1358. R.A. Rueppel, “Correlation Immunity and the Summation Combiner,” Advances in
Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 260“272.
1359. R.A. Rueppel, “When Shift Registers Clock Themselves,” Advances in Cryptology”
EUROCRYPT ™87 Proceedings, Springer“Verlag, 1987, pp. 53“64.
1360. R.A. Rueppel, “Security Models and Notions for Stream Ciphers,” Cryptography
and Coding II, C. Mitchell, ed., Oxford: Clarendon Press, 1992, pp. 213“230.
1361. R.A. Rueppel, “On the Security of Schnorr™s Pseudo“Random Sequence
Generator,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990,
pp. 423“428.
1362. R.A. Rueppel, “Stream Ciphers,” Contemporary Cryptology: The Science of
Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 65“134.
1363. R.A. Rueppel and J.L. Massey, “The Knapsack as a Nonlinear Function,” IEEE
International Symposium on Information Theory, Brighton, UK, May 1985.
1364. R.A. Rueppel and O.J. Staffelbach, “Products of Linear Recurring Sequences with
Maximum Complexity,” IEEE Transactions on Information Theory, v. IT“33, n. 1, Jan 1987, pp.
124“131.
1365. D. Russell and G.T. Gangemi, Computer Security Basics, O™Reilly and Associates,
Inc., 1991.
1366. S. Russell and P. Craig, “Privacy Enhanced Mail Modules for ELM,” Proceedings
of the Internet Society 1994 Workshop on Network and Distributed System Security, The Internet
Society, 1994, pp. 21“34.
1367. D.F.H. Sadok and J. Kelner, “Privacy Enhanced Mail Design and Implementation
Perspectives,” Computer Communications Review, v. 24, n. 3, Jul 1994, pp. 38“46.
1368. K. Sakano, “Digital Signatures with User“Flexible Reliability,” Proceedings of the
1993 Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28“30
Jan 1993, pp. 5C.1“8.
1369. K. Sakano, C. Park, and K. Kurosawa, “(k,n) Threshold Undeniable Signature
Scheme,” Proceedings of the 1993 Korea“Japan Workshop on Information Security and
Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 184“193.
1370. K. Sako, “Electronic Voting Schemes Allowing Open Objection to the Tally,”
Transactions of the Institute of Electronics, Information, and Communication Engineers, v. E77“
A, n. 1, 1994, pp. 24“30.
1371. K. Sako and J. Kilian, “Secure Voting Using Partially Compatible



Page 615 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Homomorphisms,” Advances in Cryptology”CRYPTO ™94 Proceedings, Springer“Verlag, 1994,
p. 411“424.
1372. K. Sako and J. Kilian, “Receipt“Free Mix“Type Voting Scheme”A Practical
Solution to the Implementation of a Voting Booth,” Advances in Cryptology”EUROCRYPT ™95
Proceedings, Springer“Verlag, 1995, pp. 393“403.
1373. A. Salomaa, Public“Key Cryptography, Springer“Verlag, 1990.
1374. A. Salomaa and L. Santean, “Secret Selling of Secrets with Many Buyers,” ETACS
Bulletin, v. 42, 1990, pp. 178“186.
1375. M. Sántha and U.V. Vazirani, “Generating Quasi“Random Sequences from Slightly
Random Sources,” Proceedings of the 25th Annual Symposium on the Foundations of Computer
Science, 1984, pp. 434“440.
1376. M. Sántha and U.V. Vazirani, “Generating Quasi“Random Sequences from Slightly
Random Sources,” Journal of Computer and System Sciences, v. 33, 1986, pp. 75“87.
1377. S. Saryazdi, “An Extension to ElGamal Public Key Cryptosystem with a New
Signature Scheme,” Proceedings of the 1990 Bilkent International Conference on New Trends in
Communication, Control, and Signal Processing, North Holland: Elsevier Science Publishers,
1990, pp. 195“198.
1378. J.E. Savage, “Some Simple Self“Synchronizing Digital Data Scramblers,” Bell
System Technical Journal, v. 46, n. 2, Feb 1967, pp. 448“487.
1379. B.P. Schanning, “Applying Public Key Distribution to Local Area Networks,”
Computers & Security, v. 1, n. 3, Nov 1982, pp. 268“274.
1380. B.P. Schanning, S.A. Powers, and J. Kowalchuk, “MEMO: Privacy and
Authentication for the Automated Office,” Proceedings of the 5th Conference on Local Computer
Networks, IEEE Press, 1980, pp. 21“30.
1381. Schaumuller“Bichl, “Zur Analyse des Data Encryption Standard und Synthese
Verwandter Chiffriersysteme,” Ph.D. dissertation, Linz University, May 1981. (In German.)
1382. Schaumuller“Bichl, “On the Design and Analysis of New Cipher Systems Related to
the DES,” Technical Report, Linz University, 1983.
1383. A. Scherbius, “Ciphering Machine,” U.S. Patent #1,657,411, 24 Jan 1928.
1384. J.I. Schiller, “Secure Distributed Computing,” Scientific American, v. 271, n. 5, Nov
1994, pp. 72“76.
1385. R. Schlafly, “Complaint Against Exclusive Federal Patent License,” Civil Action
File No. C“93 20450, United States District Court for the Northern District of California.
1386. B. Schneier, “One“Way Hash Functions,” Dr. Dobb™s Journal, v. 16, n. 9, Sep 1991,
pp. 148“151.
1387. B. Schneier, “Data Guardians,” MacWorld, v. 10, n. 2, Feb 1993, pp. 145“151.
1388. B. Schneier, “Description of a New Variable“Length Key, 64“Bit Block Cipher
(Blowfish),” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer“
Verlag, 1994, pp. 191“204.
1389. B. Schneier, “The Blowfish Encryption Algorithm,” Dr. Dobb™s Journal, v. 19, n. 4,
Apr 1994, pp. 38“40.
1390. B. Schneier, Protect Your Macintosh, Peachpit Press, 1994.
1391. B. Schneier, “Designing Encryption Algorithms for Real People,” Proceedings of the
1994 ACM SIGSAC New Security Paradigms Workshop, IEEE Computer Society Press, 1994, pp.
63“71.
1392. B. Schneier, “A Primer on Authentication and Digital Signatures,” Computer
Security Journal, v. 10, n. 2, 1994, pp. 38“40.
1393. B. Schneier, “The GOST Encryption Algorithm,” Dr. Dobb™s Journal, v. 20, n. 1,
Jan 95, pp. 123“124.
1394. B. Schneier, E“Mail Security (with PGP and PEM) New York: John Wiley & Sons,
1995.
1395. C.P. Schnorr, “On the Construction of Random Number Generators and Random
Function Generators,” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“



Page 616 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Verlag, 1988, pp. 225“232.
1396. C.P. Schnorr, “Efficient Signature Generation for Smart Cards,” Advances in
Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 239“252.
1397. C.P. Schnorr, “Efficient Signature Generation for Smart Cards,” Journal of
Cryptology, v. 4, n. 3, 1991, pp. 161“174.
1398. C.P. Schnorr, “Method for Identifying Subscribers and for Generating and
Verifying Electronic Signatures in a Data Exchange System,” U.S. Patent #4,995,082, 19 Feb
1991.
1399. C.P. Schnorr, “An Efficient Cryptographic Hash Function,” presented at the rump
session of CRYPTO ™91, Aug 1991.
1400. C.P. Schnorr, “FFT“Hash II, Efficient Cryptographic Hashing,” Advances in
Cryptology”EUROCRYPT ™92 Proceedings, Springer“Verlag, 1993, pp. 45“54.
1401. C.P. Schnorr and W. Alexi, “RSA“bits are 0.5 + e Secure,” Advances in Cryptology:
Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, pp. 113“126.
1402. C.P. Schnorr and S. Vaudenay, “Parallel FFT“Hashing,” Fast Software Encryption,
Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 149“156.
1403. C.P. Schnorr and S. Vaudenay, “Black Box Cryptanalysis of Hash Networks Based
on Multipermutations,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“
Verlag, 1995, to appear.
1404. W. Schwartau, Information Warfare: Chaos on the Electronic Superhighway, New
York: Thunders Mouth Press, 1994.
1405. R. Scott, “Wide Open Encryption Design Offers Flexible Implementations,”
Cryptologia, v. 9, n. 1, Jan 1985, pp. 75“90.
1406. J. Seberry, “A Subliminal Channel in Codes for Authentication without Secrecy,”
Ars Combinatorica, v. 19A, 1985, pp. 337“342.
1407. J. Seberry and J. Pieprzyk, Cryptography: An Introduction to Computer Security,
Englewood Cliffs, N.J.: Prentice“Hall, 1989.
1408. J. Seberry, X.“M. Zhang, and Y. Zheng, “Nonlinearly Balanced Boolean Functions
and Their Propagation Characteristics,” Advances in Cryptology”EUROCRYPT ™91
Proceedings, Springer“Verlag, 1994, pp. 49“60.
1409. H. Sedlack, “The RSA Cryptography Processor: The First High Speed One“Chip
Solution,” Advances in Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp.
95“105.
1410. H. Sedlack and U. Golze, “An RSA Cryptography Processor,” Microprocessing and
Microprogramming, v. 18, 1986, pp. 583“590.
1411. E.S. Selmer, Linear Recurrence over Finite Field, University of Bergen, Norway,
1966.
1412. J.O. Shallit, “On the Worst Case of Three Algorithms for Computing the Jacobi
Symbol,” Journal of Symbolic Computation, v. 10, n. 6, Dec 1990, pp. 593“610.
1413. A. Shamir, “A Fast Signature Scheme,” MIT Laboratory for Computer Science,
Technical Memorandum, MIT/LCS/TM“107, Massachusetts Institute of Technology, Jul 1978.
1414. A. Shamir, “How to Share a Secret,” Communications of the ACM, v. 24, n. 11, Nov
1979, pp. 612“613.
1415. A. Shamir, “On the Cryptocomplexity of Knapsack Systems,” Proceedings of the
11th ACM Symposium on the Theory of Computing, 1979, pp. 118“129.
1416. A. Shamir, “The Cryptographic Security of Compact Knapsacks,” MIT Library for
Computer Science, Technical Memorandum, MIT/LCS/TM“164, Massachusetts Institute of
Technology, 1980.
1417. A. Shamir, “On the Generation of Cryptographically Strong Pseudo“Random
Sequences,” Lecture Notes in Computer Science 62: 8th International Colloquium on Automata,
Languages, and Programming, Springer“Verlag, 1981.
1418. A. Shamir, “A Polynomial Time Algorithm for Breaking the Basic Merkle“Hellman
Cryptosystem,” Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 279“



Page 617 of 666
Applied Cryptography: Second Edition - Bruce Schneier



288.
1419. A. Shamir, “A Polynomial Time Algorithm for Breaking the Basic Merkle“Hellman
Cryptosystem,” Proceedings of the 23rd IEEE Symposium on the Foundations of Computer
Science, 1982, pp. 145“152.
1420. A. Shamir, “On the Generation of Cryptographically Strong Pseudo“Random
Sequences,” ACM Transactions on Computer Systems, v. 1, n. 1, Feb 1983, pp. 38“44.
1421. A. Shamir, “A Polynomial Time Algorithm for Breaking the Basic Merkle“Hellman
Cryptosystem,” IEEE Transactions on Information Theory, v. IT“30, n. 5, Sep 1984, pp. 699“
704.
1422. A. Shamir, “Identity“Based Cryptosystems and Signature Schemes,” Advances in
Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp. 47“53.
1423. A. Shamir, “On the Security of DES,” Advances in Cryptology”CRYPTO ™85
Proceedings, Springer“Verlag, 1986, pp. 280“281.
1424. A. Shamir, lecture at SECURICOM ™89.
1425. A. Shamir, “Efficient Signature Schemes Based on Birational Permutations,”
Advances in Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 1“12.
1426. A. Shamir, personal communication, 1993.
1427. A. Shamir and A. Fiat, “Method, Apparatus and Article for Identification and
Signature,” U.S. Patent #4,748,668, 31 May 1988.
1428. A. Shamir and R. Zippel, “On the Security of the Merkle“Hellman Cryptographic
Scheme,” IEEE Transactions on Information Theory, v. 26, n. 3, May 1980, pp. 339“340.
1429. M. Shand, P. Bertin, and J. Vuillemin, “Hardware Speedups in Long Integer
Multiplication,” Proceedings of the 2nd Annual ACM Symposium on Parallel Algorithms and
Architectures, 1990, pp. 138“145.
1430. D. Shanks, Solved and Unsolved Problems in Number Theory, Washington D.C.:
Spartan, 1962.
1431. C.E. Shannon, “A Mathematical Theory of Communication,” Bell System Technical
Journal, v. 27, n. 4, 1948, pp. 379“423, 623“656.
1432. C.E. Shannon, “Communication Theory of Secrecy Systems,” Bell System Technical
Journal, v. 28, n. 4, 1949, pp. 656“715.
1433. C.E. Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and A.D.
Wyner, eds., New York: IEEE Press, 1993.
1434. C.E. Shannon, “Predication and Entropy in Printed English,” Bell System Technical
Journal, v. 30, n. 1, 1951, pp. 50“64.
1435. A. Shimizu and S. Miyaguchi, “Fast Data Encipherment Algorithm FEAL,”
Transactions of IEICE of Japan, v. J70“D, n. 7, Jul 87, pp. 1413“1423. (In Japanese.)
1436. A. Shimizu and S. Miyaguchi, “Fast Data Encipherment Algorithm FEAL,”
Advances in Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 267“278.
1437. A. Shimizu and S. Miyaguchi, “FEAL”Fast Data Encipherment Algorithm,”
Systems and Computers in Japan, v. 19, n. 7, 1988, pp. 20“34, 104“106.
1438. A. Shimizu and S. Miyaguchi, “Data Randomization Equipment,” U.S. Patent
#4,850,019, 18 Jul 1989.
1439. M. Shimada, “Another Practical Public“key Cryptosystem,” Electronics Letters, v.
28, n. 23, 5 Nov 1992, pp. 2146“2147.
1440. K. Shirriff, personal communication, 1993.
1441. H. Shizuya, T. Itoh, and K. Sakurai, “On the Complexity of Hyperelliptic Discrete
Logarithm Problem,” Advances in Cryptology”EUROCRYPT ™91 Proceedings, Springer“Verlag,
1991, pp. 337“351.
1442. Z. Shmuley, “Composite Diffie“Hellman Public“Key Generating Systems Are Hard
to Break,” Computer Science Department, Technion, Haifa, Israel, Technical Report 356, Feb
1985.
1443. P.W. Shor, “Algorithms for Quantum Computation: Discrete Log and Factoring,”
Proceedings of the 35th Symposium on Foundations of Computer Science, 1994, pp. 124“134.



Page 618 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1444. L. Shroyer, letter to NIST regarding DSS, 17 Feb 1992.
1445. C. Shu, T. Matsumoto, and H. Imai, “A Multi“Purpose Proof System, Transactions
of the Institute of Electronics, Information, and Communication Engineers, v. E75“A, n. 6, Jun
1992, pp. 735“743.
1446. E.H. Sibley, “Random Number Generators: Good Ones Are Hard to Find,”
Communications of the ACM, v. 31, n. 10, Oct 1988, pp. 1192“1201.
1447. V.M. Sidenikov and S.O. Shestakov, “On Encryption Based on Generalized Reed“
Solomon Codes,” Diskretnaya Math, v. 4, 1992, pp. 57“63. (In Russian.)
1448. V.M. Sidenikov and S.O. Shestakov, “On Insecurity of Cryptosystems Based on
Generalized Reed“Solomon Codes,” unpublished manuscript, 1992.
1449. D.P. Sidhu, “Authentication Protocols for Computer Networks,” Computer
Networks and ISDN Systems, v. 11, n. 4, Apr 1986, pp. 297“310.
1450. T. Siegenthaler, “Correlation“Immunity of Nonlinear Combining Functions for
Cryptographic Applications,” IEEE Transactions on Information Theory, v. IT“30, n. 5, Sep
1984, pp. 776“780.
1451. T. Siegenthaler, “Decrypting a Class of Stream Ciphers Using Ciphertext Only,”
IEEE Transactions on Computing, v. C“34, Jan 1985, pp. 81“85.
1452. T. Siegenthaler, “Cryptanalyst™s Representation of Nonlinearity Filtered ml“
sequences,” Advances in Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 103“110.
1453. R.D. Silverman, “The Multiple Polynomial Quadratic Sieve,” Mathematics of
Computation, v. 48, n. 177, Jan 1987, pp. 329“339.
1454. G.J. Simmons, “Authentication without Secrecy: A Secure Communication
Problem Uniquely Solvable by Asymmetric Encryption Techniques,” Proceedings of IEEE
EASCON ™79, 1979, pp. 661“662.
1455. G.J. Simmons, “Some Number Theoretic Questions Arising in Asymmetric
Encryption Techniques,” Annual Meeting of the American Mathematical Society, AMS Abstract
763.94.1, 1979, pp. 136“151.
1456. G.J. Simmons, “High Speed Arithmetic Using Redundant Number Systems,”
Proceedings of the National Telecommunications Conference, 1980, pp. 49.3.1“49.3.2.
1457. G.J. Simmons, “A ˜Weak™ Privacy Protocol Using the RSA Cryptosystem,”
Cryptologia, v. 7, n. 2, Apr 1983, pp. 180“182.
1458. G.J. Simmons, “The Prisoner™s Problem and the Subliminal Channel,” Advances in
Cryptology: Proceedings of CRYPTO ™83, Plenum Press, 1984, pp. 51“67.
1459. G.J. Simmons, “The Subliminal Channel and Digital Signatures,” Advances in
Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, pp. 364“378.
1460. G.J. Simmons, “A Secure Subliminal Channel (?),” Advances in Cryptology”
CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 33“41.
1461. G.J. Simmons, “Cryptology,” Encyclopedia Britannica, 16th edition, 1986, pp. 913“
924B.
1462. G.J. Simmons, “How to (Really) Share a Secret,” Advances in Cryptology”CRYPTO
™88 Proceedings, Springer“Verlag, 1990, pp. 390“448.
1463. G.J. Simmons, “Prepositioned Secret Sharing Schemes and/or Shared Control
Schemes,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990, pp.
436“467.
1464. G.J. Simmons, “Geometric Shares Secret and/or Shared Control Schemes,”
Advances in Cryptology”CRYPTO ™90 Proceedings, Springer“Verlag, 1991, pp. 216“241.
1465. G.J. Simmons, ed., Contemporary Cryptology: The Science of Information Integrity,
IEEE Press, 1992.
1466. G.J. Simmons, “An Introduction to Shared Secret and/or Shared Control Schemes
and Their Application,” in Contemporary Cryptology: The Science of Information Integrity, G.J.
Simmons, ed., IEEE Press, 1992, pp. 441“497.
1467. G.J. Simmons, “How to Insure that Data Acquired to Verify Treaty Compliance
Are Trustworthy,” in Contemporary Cryptology: The Science of Information Integrity, G.J.



Page 619 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Simmons, ed., IEEE Press, 1992, pp. 615“630.
1468. G.J. Simmons, “The Subliminal Channels of the U.S. Digital Signature Algorithm
(DSA),” Proceedings of the Third Symposium on: State and Progress of Research in Cryptography,
Rome: Fondazone Ugo Bordoni, 1993, pp. 35“54.
1469. G.J. Simmons, “Subliminal Communication is Easy Using the DSA,” Advances in
Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 218“232.
1470. G.J. Simmons, “An Introduction to the Mathematics of Trust in Security
Protocols,” Proceedings: Computer Security Foundations Workshop VI, IEEE Computer Society
Press, 1993, pp. 121“127.
1471. G.J. Simmons, “Protocols that Ensure Fairness,” Codes and Ciphers, Institute of
Mathematics and its Applications, 1995, pp. 383“394.
1472. G.J. Simmons, “Cryptanalysis and Protocol Failures,” Communications of the ACM,
v. 37, n. 11, Nov 1994, pp. 56“65.
1473. G.J. Simmons, “Subliminal Channels: Past and Present,” European Transactions on
Telecommuncations, v. 4, n. 4, Jul/Aug 1994, pp. 459“473.
1474. G.J. Simmons and M.J. Norris, How to Cipher Fast Using Redundant Number
Systems, SAND“80“1886, Sandia National Laboratories, Aug 1980.
1475. A. Sinkov, Elementary Cryptanalysis, Mathematical Association of America, 1966.
1476. R. Siromoney and L. Matthew, “A Public Key Cryptosystem Based on Lyndon
Words,” Information Processing Letters, v. 35, n. 1, 15 Jun 1990, pp. 33“36.
1477. B. Smeets, “A Note on Sequences Generated by Clock“Controlled Shift Registers,”
Advances in Cryptology”EUROCRYPT ™85, Springer“Verlag, 1986, pp. 40“42.
1478. M.E. Smid, “A Key Notarization System for Computer Networks,” NBS Special
Report 500“54, U.S. Department of Commerce, Oct 1979.
1479. M.E. Smid, “The DSS and the SHS,” Federal Digital Signature Applications
Symposium, Rockville, MD, 17“18 Feb 1993.
1480. M.E. Smid and D.K. Branstad, “The Data Encryption Standard: Past and Future,”
Proceedings of the IEEE, v. 76, n. 5., May 1988, pp. 550“559.
1481. M.E. Smid and D.K. Branstad, “The Data Encryption Standard: Past and Future,”
in Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE
Press, 1992, pp. 43“64.
1482. J.L. Smith, “The Design of Lucifer, A Cryptographic Device for Data
Communications,” IBM Research Report RC3326, 1971.
1483. J.L. Smith, “Recirculating Block Cipher Cryptographic System,” U.S. Patent
#3,796,830, 12 Mar 1974.
1484. J.L. Smith, W.A. Notz, and P.R. Osseck, “An Experimental Application of
Cryptography to a Remotely Accessed Data System,” Proceedings of the ACM Annual
Conference, Aug 1972, pp. 282“290.
1485. K. Smith, “Watch Out Hackers, Public Encryption Chips Are Coming,” Electronics
Week, 20 May 1985, pp. 30“31.
1486. P. Smith, “LUC Public“Key Encryption,” Dr. Dobb™s Journal, v. 18, n. 1, Jan 1993,
pp. 44“49.
1487. P. Smith and M. Lennon, “LUC: A New Public Key System,” Proceedings of the
Ninth International Conference on Information Security, IFIP/Sec 1993, North Holland: Elsevier
Science Publishers, 1993, pp. 91“111.
1488. E. Snekkenes, “Exploring the BAN Approach to Protocol Analysis,” Proceedings of
the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp. 171“
181.
1489. B. Snow, “Multiple Independent Binary Bit Stream Generator,” U.S. Patent
#5,237,615, 17 Aug 1993.
1490. R. Solovay and V. Strassen, “A Fast Monte“Carlo Test for Primality,” SIAM
Journal on Computing, v. 6, Mar 1977, pp. 84“85; erratum in ibid, v. 7, 1978, p. 118.
1491. T. Sorimachi, T. Tokita, and M. Matsui, “On a Cipher Evaluation Method Based



Page 620 of 666
Applied Cryptography: Second Edition - Bruce Schneier



on Differential Cryptanalysis,” Proceedings of the 1994 Symposium on Cryptography and
Information Security (SCIS 94), Lake Biwa, Japan, 27“29 Jan 1994, pp. 4C.1“9. (In Japanese.)
1492. A. Sorkin, “Lucifer, a Cryptographic Algorithm,” Cryptologia, v. 8, n. 1, Jan 1984,
pp. 22“41.
1493. W. Stallings, “Kerberos Keeps the Ethernet Secure,” Data Communications, Oct
1994, pp. 103“111.
1494. W. Stallings, Network and Internetwork Security, Englewood Cliffs, N.J.: Prentice“
Hall, 1995.
1495. W. Stallings, Protect Your Privacy: A Guide for PGP Users, Englewood Cliffs, N.J.:
Prentice“Hall, 1995.
1496. Standards Association of Australia, “Australian Standard 2805.4 1985: Electronic
Funds Transfer”Requirements for Interfaces: Part 4”Message Authentication,” SAA, North
Sydney, NSW, 1985.
1497. Standards Association of Australia, “Australian Standard 2805.5 1985: Electronic
Funds Transfer”Requirements for Interfaces: Part 5”Data Encipherment Algorithm,” SAA,
North Sydney, NSW, 1985.
1498. Standards Association of Australia, “Australian Standard 2805.5.3: Electronic Data
Transfer”Requirements for Interfaces: Part 5.3”Data Encipherment Algorithm 2,” SAA,
North Sydney, NSW, 1992.
1499. J.G. Steiner, B.C. Neuman, and J.I. Schiller, “Kerberos: An Authentication Service
for Open Network Systems,” USENIX Conference Proceedings, Feb 1988, pp. 191“202.
1500. J. Stern, “Secret Linear Congruential Generators Are Not Cryptographically
Secure,” Proceedings of the 28th Symposium on Foundations of Computer Science, 1987, pp. 421“
426.
1501. J. Stern, “A New Identification Scheme Based on Syndrome Decoding,” Advances in
Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 13“21.
1502. A. Stevens, “Hacks, Spooks, and Data Encryption,” Dr. Dobb™s Journal, v. 15, n. 9,
Sep 1990, pp. 127“134, 147“149.
1503. R. Struik, “On the Rao“Nam Private“Key Cryptosystem Using Non“Linear
Codes,” IEEE 1991 Symposium on Information Theory, Budapest, Hungary, 1991.
1504. R. Struik and J. van Tilburg, “The Rao“Nam Scheme Is Insecure against a Chosen“
Plaintext Attack,” Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988,
pp. 445“457.
1505. S.G. Stubblebine and V.G. Gligor, “Protecting the Integrity of Privacy“Enhanced
Mail with DES“Based Authentication Codes,” Proceedings of the Privacy and Security Research
Group 1993 Workshop on Network and Distributed System Security, The Internet Society, 1993,
pp. 75“80.
1506. R. Sugarman, “On Foiling Computer Crime,” IEEE Spectrum, v. 16, n. 7, Jul 79,
pp. 31“32.
1507. H.N. Sun and T. Hwang, “Public“key ID“Based Cryptosystem,” Proceedings of the
25th Annual 1991 IEEE International Carnahan Conference on Security Technology, Taipei,
Taiwan, 1“3 Oct 1991, pp. 142“144.
1508. P.F. Syverson, “Formal Semantics for Logics of Computer Protocols,” Proceedings
of the Computer Security Foundations Workshop III, IEEE Computer Society Press, 1990, pp.
32“41.
1509. P.F. Syverson, “The Use of Logic in the Analysis of Cryptographic Protocols,”
Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy,
1991, pp. 156“170.
1510. P.F. Syverson, “Knowledge, Belief, and Semantics in the Analysis of Cryptographic
Protocols,” Journal of Computer Security, v. 1, n. 3, 1992, pp. 317“334.
1511. P.F. Syverson, “Adding Time to a Logic Authentication,” 1st ACM Conference on
Computer and Communications Security, ACM Press, 1993, pp. 97“106.
1512. P.F. Syverson and C.A. Meadows, “A Logical Language for Specifying



Page 621 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Cryptographic Protocol Requirements,” Proceedings of the 1993 IEEE Computer Society
Symposium on Research in Security and Privacy, 1993, pp. 14“28.
1513. P.F. Syverson and C.A. Meadows, “Formal Requirements for Key Distribution
Protocols,” Advances in Cryptology”EUROCRYPT ™94 Proceedings, Springer“Verlag, 1995, to
appear.
1514. P.F. Syverson and P.C. van Oorschot, “On Unifying Some Cryptographic Protocol
Logics,” Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and
Privacy, 1994, pp. 165“177.
1515. H. Tanaka, “A Realization Scheme for the Identity“Based Cryptosystem,”
Advances in Cryptology”CRYPTO ™87 Proceedings, Springer“Verlag, 1988, pp. 340“349.
1516. H. Tanaka, “A Realization Scheme for the Identity“Based Cryptosystem,”
Electronics and Communications in Japan, Part 3 (Fundamental Electronic Science), v. 73, n. 5,
May 1990, pp. 1“7.
1517. H. Tanaka, “Identity“Based Noninteractive Common“Key Generation and Its
Application to Cryptosystems,” Transactions of the Institute of Electronics, Information, and
Communication Engineers, v. J75“A, n. 4, Apr 1992, pp. 796“800.
1518. J. Tardo and K. Alagappan, “SPX: Global Authentication Using Public Key
Certificates,” Proceedings of the 1991 IEEE Computer Society Symposium on Security and
Privacy, 1991, pp. 232“244.
1519. J. Tardo, K. Alagappan, and R. Pitkin, “Public Key Based Authentication Using
Internet Certificates,” USENIX Security II Workshop Proceedings, 1990, pp. 121“123.
1520. A. Tardy“Corfdir and H. Gilbert, “A Known Plaintext Attack of FEAL“4 and
FEAL“6,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 172“
182.
1521. M. Tatebayashi, N. Matsuzaki, and D.B. Newman, “Key Distribution Protocol for
Digital Mobile Communication System,” Advances in Cryptology”CRYPTO ™89 Proceedings,
Springer“Verlag, 1990, pp. 324“333.
1522. M. Taylor, “Implementing Privacy Enhanced Mail on VMS,” Proceedings of the
Privacy and Security Research Group 1993 Workshop on Network and Distributed System
Security, The Internet Society, 1993, pp. 63“68.
1523. R. Taylor, “An Integrity Check Value Algorithm for Stream Ciphers,” Advances in
Cryptology”CRYPTO ™93 Proceedings, Springer“Verlag, 1994, pp. 40“48.
1524. T. Tedrick, “Fair Exchange of Secrets,” Advances in Cryptology: Proceedings of
CRYPTO ™84, Springer“Verlag, 1985, pp. 434“438.
1525. R. Terada and P.G. Pinheiro, “How to Strengthen FEAL against Differential
Cryptanalysis,” Proceedings of the 1995 Japan“Korea Workshop on Information Security and
Cryptography, Inuyama, Japan, 24“27 Jan 1995, pp. 153“162.
1526. J.“P. Tillich and G. Z©mor, “Hashing with SI2,” Advances in Cryptology”CRYPTO
™94 Proceedings, Springer“Verlag, 1994, pp. 40“49.
1527. T. Tokita, T. Sorimachi, and M. Matsui, “An Efficient Search Algorithm for the
Best Expression on Linear Cryptanalysis,” IEICE Japan, Technical Report, ISEC93“97, 1994.
1528. M. Tompa and H. Woll, “Random Self“Reducibility and Zero“Knowledge
Interactive Proofs of Possession of Information,” Proceedings of the 28th IEEE Symposium on
the Foundations of Computer Science, 1987, pp. 472“482.
1529. M. Tompa and H. Woll, “How to Share a Secret with Cheaters,” Journal of
Cryptology, v. 1, n. 2, 1988, pp. 133“138.
1530. M.“J. Toussaint, “Verification of Cryptographic Protocols,” Ph.D. dissertation,
Universit© de Li ge, 1991.
1531. M.“J. Toussaint, “Deriving the Complete Knowledge of Participants in
Cryptographic Protocols,” Advances in Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag,
1992, pp. 24“43.
1532. M.“J. Toussaint, “Separating the Specification and Implementation Phases in
Cryptology,” ESORICS 92, Proceedings of the Second European Symposium on Research in




Page 622 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Computer Security, Springer“Verlag, 1992, pp. 77“101.
1533. P.D. Townsend, J.G. Rarity, and P.R. Tapster, “Enhanced Single Photon Fringe
Visibility in a 10 km“Long Prototype Quantum Cryptography Channel,” Electronics Letters, v.
28, n. 14, 8 Jul 1993, pp. 1291“1293.
1534. S.A. Tretter, “Properties of PN2 Sequences,” IEEE Transactions on Information
Theory, v. IT“20, n. 2, Mar 1974, pp. 295“297.
1535. H. Truman, “Memorandum for: The Secretary of State, The Secretary of Defense,”
A 20707 5/4/54/OSO, NSA TS CONTL. NO 73“00405, 24 Oct 1952.
1536. Y.W. Tsai and T. Hwang, “ID Based Public Key Cryptosystem Based on Okamoto
and Tanaka™s ID Based One“Way Communications Scheme,” Electronics Letters, v. 26, n. 10, 1
May 1990, pp. 666“668.
1537. G. Tsudik, “Message Authentication with One“Way Hash Functions,” ACM
Computer Communications Review, v. 22, n. 5, 1992, pp. 29“38.
1538. S. Tsujii and K. Araki, “A Rebuttal to Coppersmith™s Attacking Method,”
memorandum presented at Crypto ™94, Aug 1994. 1539. S. Tsujii, K. Araki, J. Chao, T. Sekine,
and Y. Matsuzaki, “ID“Based Key Sharing Scheme”Cancellation of Random Numbers by
Iterative Addition,” IEICE Japan, Technical Report, ISEC 92“47, Oct 1992.
1540. S. Tsujii, K. Araki, and T. Sekine, “A New Scheme of Noninteractive ID“Based Key
Sharing with Explosively High Degree of Separability,” Technical Report, Department of
Computer Science, Tokyo Institute of Technology, 93TR“0016, May 1993.
1541. S. Tsujii, K. Araki, and T. Sekine, “A New Scheme of Non Interactive ID“Based key
Sharing with Explosively High Degree of Separability (Second Version),” Technical Report,
Department of Computer Science, Tokyo Institute of Technology, 93TR“0020, Jul 1993.
1542. S. Tsujii, K. Araki, T. Sekine, and K. Tanada, “A New Scheme of Non Interactive
ID“Based Key Sharing with Explosively High Degree of Separability,” Proceedings of the 1993
Korea“Japan Workshop on Information Security and Cryptography, Seoul, Korea, 24“26 Oct
1993, pp. 49“58.
1543. S. Tsujii, K. Araki, H. Tanaki, J. Chao, T. Sekine, and Y. Matsuzaki, “ID“Based
Key Sharing Scheme”Reply to Tanaka™s Comment,” IEICE Japan, Technical Report, ISEC
92“60, Dec 1992.
1544. S. Tsujii and J. Chao, “A New ID“based Key Sharing System,” Advances in
Cryptology”CRYPTO ™91 Proceedings, Springer“Verlag, 1992, pp. 288“299.
1545. S. Tsujii, J. Chao, and K. Araki, “A Simple ID“Based Scheme for Key Sharing,”
IEICE Japan, Technical Report, ISEC 92“25, Aug 1992.
1546. S. Tsujii and T. Itoh, “An ID“Based Cryptosystem Based on the Discrete Logarithm
Problem,” IEEE Journal on Selected Areas in Communication, v. 7, n. 4, May 1989, pp. 467“
473.
1547. S. Tsujii and T. Itoh, “An ID“Based Cryptosystem Based on the Discrete Logarithm
Problem,” Electronics Letters, v. 23, n. 24, Nov 1989, pp. 1318“1320.
1548. S. Tsujii, K. Kurosawa, T. Itoh, A. Fujioka, and T. Matsumoto, “A Public“Key
Cryptosystem Based on the Difficulty of Solving a System of Non“Linear Equations,” TSUJII
Laboratory Technical Memorandum, n. 1, 1986.
1549. Y. Tsunoo, E. Okamoto, and H. Doi, “Analytical Known Plain“Text Attack for
FEAL“4 and Its Improvement,” Proceedings of the 1994 Symposium on Cryptography and
Information Security (SCIS 93), 1993.
1550. Y. Tsunoo, E. Okamoto, T. Uyematsu, and M. Mambo, “Analytical Known Plain“
Text Attack for FEAL“6” Proceedings of the 1993 Korea“Japan Workshop on Information
Security and Cryptography, Seoul, Korea, 24“26 Oct 1993, pp. 253“261.
1551. W. Tuchman, “Hellman Presents No Shortcut Solutions to DES,” IEEE Spectrum,
v. 16, n. 7, July 1979, pp. 40“41.
1552. U.S. Senate Select Committee on Intelligence, “Unclassified Summary: Involvement
of NSA in the Development of the Data Encryption Standard,” IEEE Communications
Magazine, v. 16, n. 6, Nov 1978, pp. 53“55.



Page 623 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1553. B. Vall©e, M. Girault, and P. Toffin, “How to Break Okamoto™s Cryptosystem by
Reducing Lattice Values,” Advances in Cryptology”EUROCRYPT ™88 Proceedings, Springer“
Verlag, 1988, p. 281“291.
1554. H. Van Antwerpen, “Electronic Cash,” Master™s thesis, CWI, Netherlands, 1990.
1555. K. Van Espen and J. Van Mieghem, “Evaluatie en Implementatie van
Authentiseringsalgoritmen,” graduate thesis, ESAT Laboratorium, Katholieke Universiteit
Leuven, 1989. (In Dutch.)
1556. P.C. van Oorschot, “Extending Cryptographic Logics of Belief to Key Agreement
Protocols,” Proceedings of the 1st Annual ACM Conference on Computer and Communications
Security, 1993, pp. 232“243.
1557. P.C. van Oorschot, “An Alternate Explanation for Two BAN“logic ˜Failures,™”
Advances in Cryptology”EUROCRYPT ™93 Proceedings, Springer“Verlag, 1994, pp. 443“447.
1558. P.C. van Oorschot and M.J. Wiener, “A Known“Plaintext Attack on Two“Key
Triple Encryption,” Advances in Cryptology”EUROCRYPT ™90 Proceedings, Springer“Verlag,
1991, pp. 318“325.
1559. J. van Tilburg, “On the McEliece Cryptosystem,” Advances in Cryptology”
CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 119“131.
1560. J. van Tilburg, “Cryptanalysis of the Xinmei Digital Signature Scheme,”
Electronics Letters, v. 28, n. 20, 24 Sep 1992, pp. 1935“1938.
1561. J. van Tilburg, “Two Chosen“Plaintext Attacks on the Li Wang Joing
Authentication and Encryption Scheme,” Applied Algebra, Algebraic Algorithms and Error
Correcting Codes 10, Springer“Verlag, 1993, pp. 332“343.
1562. J. van Tilburg, “Security“Analysis of a Class of Cryptosystems Based on Linear
Error“Correcting Codes,” Ph.D. dissertation, Technical University Eindhoven, 1994.
1563. A. Vandemeulebroecke, E. Vanzieleghem, T. Denayer, and P.G. Jespers, “A Single
Chip 1024 Bits RSA Processor,” Advances in Cryptology”EUROCRYPT ™89 Proceedings,
Springer“Verlag, 1990, pp. 219“236.
1564. J. Vanderwalle, D. Chaum, W. Fumy, C. Jansen, P. Landrock, and G. Roelofsen,
“A European Call for Cryptographic Algorithms: RIPE; RACE Integrity Primitives
Evaluation,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990,
pp. 267“271.
1565. V. Varadharajan, “Verification of Network Security Protocols,” Computers and
Security., v. 8, n. 8, Aug 1989, pp. 693“708.
1566. V. Varadharajan, “Use of a Formal Description Technique in the Specification of
Authentication Protocols,” Computer Standards and Interfaces, v. 9, 1990, pp. 203“215.
1567. S. Vaudenay, “FFT“Hash“II Is not Yet Collision“Free,” Advances in Cryptology”
CRYPTO ™92 Proceedings, Springer“Verlag, pp. 587“593.
1568. S. Vaudenay, “Differential Cryptanalysis of Blowfish,” unpublished manuscript,
1995.
1569. U.V. Vazirani and V.V. Vazirani, “Trapdoor Pseudo“Random Number Generators
with Applications to Protocol Design,” Proceedings of the 24th IEEE Symposium on the
Foundations of Computer Science, 1983, pp. 23“30.
1570. U.V. Vazirani and V.V. Vazirani, “Efficient and Secure Pseudo“Random Number
Generation,” Proceedings of the 25th IEEE Symposium on the Foundations of Computer Science,
1984, pp. 458“463.
1571. U.V. Vazirani and V.V. Vazirani, “Efficient and Secure Pseudo“Random Number
Generation,” Advances in Cryptology: Proceedings of CRYPTO ™84, Springer“Verlag, 1985, pp.
193“202.
1572. I. Verbauwhede, F. Hoornaert, J. Vanderwalle, and H. De Man, “ASIC
Cryptographical Processor Based on DES,” Euro ASIC ™91 Proceedings, 1991, pp. 292“295.
1573. I. Verbauwhede, F. Hoornaert, J. Vanderwalle, H. De Man, and R. Govaerts,
“Security Considerations in the Design and Implementation of a New DES Chip,” Advances in
Cryptology”EUROCRYPT ™87 Proceedings, Springer“Verlag, 1988, pp. 287“300.



Page 624 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1574. R. Vogel, “On the Linear Complexity of Cascaded Sequences,” Advances in
Cryptology: Proceedings of EUROCRYPT 84, Springer“Verlag, 1985, pp. 99“109.
1575. S. von Solms and D. Naccache, “On Blind Signatures and Perfect Crimes,”
Computers & Security, v. 11, 1992, pp. 581“583.
1576. V.L. Voydock and S.T. Kent, “Security Mechanisms in High“Level Networks,”
ACM Computing Surveys, v. 15, n. 2, Jun 1983, pp. 135“171.
1577. N.R. Wagner, P.S. Putter, and M.R. Cain, “Large“Scale Randomization
Techniques,” Advances in Cryptology”CRYPTO ™86 Proceedings, Springer“Verlag, 1987, pp.
393“404.
1578. M. Waidner and B. Pfitzmann, “The Dining Cryptographers in the Disco:
Unconditional Sender and Recipient Untraceability with Computationally Secure
Serviceability,” Advances in Cryptology”EUROCRYPT ™89 Proceedings, Springer“Verlag, 1990,
p. 690.
1579. S.T. Walker, “Software Key Escrow”A Better Solution for Law Enforcement™s
Needs?” TIS Report #533, Trusted Information Systems, Aug 1994.
1580. S.T. Walker, “Thoughts on Key Escrow Acceptability,” TIS Report #534D, Trusted
Information Systems, Nov 1994.
1581. S.T. Walker, S.B. Lipner, C.M. Ellison, D.K. Branstad, and D.M. Balenson,
“Commercial Key Escrow”Something for Everyone”Now and for the Future,” TIS Report
#541, Trusted Information Systems, Jan 1995.
1582. M.Z. Wang and J.L. Massey, “The Characteristics of All Binary Sequences with
Perfect Linear Complexity Profiles,” Abstracts of Papers, EUROCRYPT ™86, 20“22 May 1986.
1583. E.J. Watson, “Primitive Polynomials (Mod 2),” Mathematics of Computation, v. 16,
1962, p. 368.
1584. P. Wayner, “Mimic Functions,” Cryptologia, v. 16, n. 3, Jul 1992, pp. 193“214.
1585. P. Wayner, “Mimic Functions and Tractability,” draft manuscript, 1993.
1586. A.F. Webster and S.E. Tavares, “On the Design of S“Boxes,” Advances in
Cryptology”CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 523“534.
1587. G. Welchman, The Hut Six Story: Breaking the Enigma Codes, New York:
McGraw“Hill, 1982.
1588. A.L. Wells Jr., “A Polynomial Form for Logarithms Modulo a Prime,” IEEE
Transactions on Information Theory, Nov 1984, pp. 845“846.
1589. D.J. Wheeler, “A Bulk Data Encryption Algorithm,” Fast Software Encryption,
Cambridge Security Workshop Proceedings, Springer“Verlag, 1994, pp. 127“134.
1590. D.J. Wheeler, personal communication, 1994.
1591. D.J. Wheeler and R. Needham, “A Large Block DES“Like Algorithm,” Technical
Report 355, “Two Cryptographic Notes,” Computer Laboratory, University of Cambridge, Dec
1994, pp. 1“3.
1592. D.J. Wheeler and R. Needham, “TEA, A Tiny Encryption Algorithm,” Technical
Report 355, “Two Cryptographic Notes,” Computer Laboratory, University of Cambridge, Dec
1994, pp. 1“3.
1593. S.R. White, “Covert Distributed Processing with Computer Viruses,” Advances in
Cryptology”CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 616“619.
1594. White House, Office of the Press Secretary, “Statement by the Press Secretary,” 16
Apr 1993.
1595. B.A. Wichman and I.D. Hill, “An Efficient and Portable Pseudo“Random Number
Generator,” Applied Statistics, v. 31, 1982, pp. 188“190.
1596. M.J. Wiener, “Cryptanalysis of Short RSA Secret Exponents,” IEEE Transactions
on Information Theory, v. 36, n. 3, May 1990, pp. 553“558.
1597. M.J. Wiener, “Efficient DES Key Search,” presented at the rump session of
CRYPTO ™93, Aug 1993.
1598. M.J. Wiener, “Efficient DES Key Search,” TR“244, School of Computer Science,
Carleton University, May 1994.



Page 625 of 666
Applied Cryptography: Second Edition - Bruce Schneier



1599. M.V. Wilkes, Time“Sharing Computer Systems, New York: American Elsevier,
1968.
1600. E.A. Williams, An Invitation to Cryptograms, New York: Simon and Schuster, 1959.
1601. H.C. Williams, “A Modification of the RSA Public“Key Encryption Procedure,”
IEEE Transactions on Information Theory, v. IT“26, n. 6, Nov 1980, pp. 726“729.
1602. H.C. Williams, “An Overview of Factoring,” Advances in Cryptology: Proceedings of
Crypto 83, Plenum Press, 1984, pp. 71“80.
1603. H.C. Williams, “Some Public“Key Crypto“Functions as Intractable as
Factorization,” Advances in Cryptology: Proceedings of CRYPTO 84, Springer“Verlag, 1985, pp.
66“70.
1604. H.C. Williams, “Some Public“Key Crypto“Functions as Intractable as
Factorization,” Cryptologia, v. 9, n. 3, Jul 1985, pp. 223“237.
1605. H.C. Williams, “An M3 Public“Key Encryption Scheme,” Advances in Cryptology”
CRYPTO ™85, Springer“Verlag, 1986, pp. 358“368.
1606. R.S. Winternitz, “Producing One“Way Hash Functions from DES,” Advances in
Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203“207.
1607. R.S. Winternitz, “A Secure One“Way Hash Function Built from DES,” Proceedings
of the 1984 Symposium on Security and Privacy, 1984, pp. 88“90.
1608. S. Wolfram, “Random Sequence Generation by Cellular Automata,” Advances in
Applied Mathematics, v. 7, 1986, pp. 123“169.
1609. S. Wolfram, “Cryptography with Cellular Automata,” Advances in Cryptology”
CRYPTO ™85 Proceedings, Springer“Verlag, 1986, pp. 429“432.
1610. T.Y.C. Woo and S.S. Lam, “Authentication for Distributed Systems,” Computer, v.
25, n. 1, Jan 1992, pp. 39“52.
1611. T.Y.C. Woo and S.S. Lam, “˜Authentication™ Revisited,” Computer, v. 25, n. 3, Mar
1992, p. 10.
1612. T.Y.C. Woo and S.S. Lam, “A Semantic Model for Authentication Protocols,”
Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy,
1993, pp. 178“194.
1613. M.C. Wood, technical report, Cryptech, Inc., Jamestown, NY, Jul 1990.
1614. M.C. Wood, “Method of Cryptographically Transforming Electronic Digital Data
from One Form to Another,” U.S. Patent #5,003,596, 26 Mar 1991.
1615. M.C. Wood, personal communication, 1993.
1616. C.K. Wu and X.M. Wang, “Determination of the True Value of the Euler Totient
Function in the RSA Cryptosystem from a Set of Possibilities,” Electronics Letters, v. 29, n. 1, 7
Jan 1993, pp. 84“85.
1617. M.C. Wunderlich, “Recent Advances in the Design and Implementation of Large
Integer Factorization Algorithms,” Proceedings of 1983 Symposium on Security and Privacy,
IEEE Computer Society Press, 1983, pp. 67“71.
1618. Xerox Network System (XNS) Authentication Protocol, XSIS 098404, Xerox
Corporation, Apr 1984.
1619. Y.Y. Xian, “New Public Key Distribution System,” Electronics Letters, v. 23, n. 11,
1987, pp. 560“561.
1620. L.D. Xing and L.G. Sheng, “Cryptanalysis of New Modified Lu“Lee
Cryptosystems,” Electronics Letters, v. 26, n. 19, 13 Sep 1990, p. 1601“1602.
1621. W. Xinmei, “Digital Signature Scheme Based on Error“Correcting Codes,”
Electronics Letters, v. 26, n. 13, 21 Jun 1990, p. 898“899.
1622. S.B. Xu, D.K. He, and X.M. Wang, “An Implementation of the GSM General Data
Encryption Algorithm A5,” CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 287“291.
(In Chinese.)
1623. M. Yagisawa, “A New Method for Realizing Public“Key Cryptosystem,”
Cryptologia, v. 9, n. 4, Oct 1985, pp. 360“380.
1624. C.H. Yang, “Modular Arithmetic Algorithms for Smart Cards,” IEICE Japan,



Page 626 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Technical Report, ISEC92“16, 1992.
1625. C.H. Yang and H. Morita, “An Efficient Modular“Multiplication Algorithm for
Smart“Card Software Implementation,” IEICE Japan, Technical Report, ISEC91“58, 1991.
1626. J.H. Yang, K.C. Zeng, and Q.B. Di, “On the Construction of Large S“Boxes,”
CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 24“32. (In Chinese.)
1627. A.C.“C. Yao, “Protocols for Secure Computations,” Proceedings of the 23rd IEEE
Symposium on the Foundations of Computer Science, 1982, pp. 160“164.
1628. B. Yee, “Using Secure Coprocessors,” Ph.D. dissertation, School of Computer
Science, Carnegie Mellon University, May 1994.
1629. S.“M. Yen, “Design and Computation of Public Key Cryptosystems,” Ph.D.
dissertation, National Cheng Hung University, Apr 1994.
1630. S.“M. Yen and C.“S. Lai, “New Digital Signature Scheme Based on the Discrete
Logarithm,” Electronics Letters, v. 29, n. 12, 1993, pp. 1120“1121.
1631. K. Yiu and K. Peterson, “A Single“Chip VLSI Implementation of the Discrete
Exponential Public“Key Distribution System,” IBM Systems Journal, v. 15, n. 1, 1982, pp. 102“
116.
1632. K. Yiu and K. Peterson, “A Single“Chip VLSI Implementation of the Discrete
Exponential Public“Key Distribution System,” Proceedings of Government Microcircuit
Applications Conference, 1982, pp. 18“23.
1633. H.Y. Youm, S.L. Lee, and M.Y. Rhee, “Practical Protocols for Electronic Cash,”
Proceedings of the 1993 Korea“Japan Workshop on Information Security and Cryptography,
Seoul, Korea, 24“26 Oct 1993, pp. 10“22.
1634. M. Yung, “Cryptoprotocols: Subscriptions to a Public Key, the Secret Blocking,
and the Multi“Player Mental Poker Game,” Advances in Cryptology: Proceedings of CRYPTO
84, Springer“Verlag, 1985, 439“453.
1635. G. Yuval, “How to Swindle Rabin,” Cryptologia, v. 3, n. 3, Jul 1979, pp. 187“190.
1636. K.C. Zeng and M. Huang, “On the Linear Syndrome Method in Cryptanalysis,”
Advances in Cryptology”CRYPTO ™88 Proceedings, Springer“Verlag, 1990, pp. 469“478.
1637. K.C. Zeng, M. Huang, and T.R.N. Rao, “An Improved Linear Algorithm in
Cryptanalysis with Applications,” Advances in Cryptology”CRYPTO ™90 Proceedings,
Springer“Verlag, 1991, pp. 34“47.
1638. K.C. Zeng, C.“H. Yang, and T.R.N. Rao, “On the Linear Consistency Test (LCT) in
Cryptanalysis with Applications,” Advances in Cryptology”CRYPTO ™89 Proceedings,
Springer“Verlag, 1990, pp. 164“174.
1639. K.C. Zeng, C.“H. Yang, D.“Y. Wei, and T.R.N. Rao, “Pseudorandom Bit
Generators in Stream“Cipher Cryptography,” IEEE Computer, v. 24, n. 2, Feb 1991, pp. 8“17.
1640. M. Zhang, S.E. Tavares, and L.L. Campbell, “Information Leakage of Boolean
Functions and Its Relationship to Other Cryptographic Criteria,” Proceedings of the 2nd
Annual ACM Conference on Computer and Communications Security, ACM Press, 1994, pp.
156“165.
1641. M. Zhang and G. Xiao, “A Modified Design Criterion for Stream Ciphers,”
CHINACRYPT ™94, Xidian, China, 11“15 Nov 1994, pp. 201“209. (In Chinese.)
1642. Y. Zheng, T. Matsumoto, and H. Imai, “Duality between two Cryptographic
Primitives,” Papers of Technical Group for Information Security, IEICE of Japan, Mar 1989, pp.
47“57.
1643. Y. Zheng, T. Matsumoto, and H. Imai, “Impossibility and Optimality Results in
Constructing Pseudorandom Permutations,” Advances in Cryptology”EUROCRYPT ™89
Proceedings, Springer“Verlag, 1990, pp. 412“422.
1644. Y. Zheng, T. Matsumoto, and H. Imai, “On the Construction of Block Ciphers
Provably Secure and Not Relying on Any Unproved Hypotheses,” Advances in Cryptology”
CRYPTO ™89 Proceedings, Springer“Verlag, 1990, pp. 461“480.
1645. Y. Zheng, T. Matsumoto, and H. Imai, “Duality between two Cryptographic
Primitives,” Proceedings of the 8th International Conference on Applied Algebra, Algebraic



Page 627 of 666
Applied Cryptography: Second Edition - Bruce Schneier



Algorithms and Error“Correcting Codes, Springer“Verlag, 1991, pp. 379“390.
1646. Y. Zheng, J. Pieprzyk, and J. Seberry, “HAVAL”A One“Way Hashing Algorithm
with Variable Length of Output,” Advances in Crytology”AUSCRYPT ™92 Proceedings,
Springer“Verlag, 1993, pp. 83“104.
1647. N. Zierler, “Linear Recurring Sequences,” Journal Soc. Indust. Appl. Math., v. 7, n.
1, Mar 1959, pp. 31“48.
1648. N. Zierler, “Primitive Trinomials Whose Degree Is a Mersenne Exponent,”
Information and Control, v. 15, 1969, pp. 67“69.
1649. N. Zierler and J. Brillhart, “On Primitive Trinomials (mod 2),” Information and
Control, v. 13, n. 6, Dec 1968, pp. 541“544.
1650. N. Zierler and W.H. Mills, “Products of Linear Recurring Sequences,” Journal of
Algebra, v. 27, n. 1, Oct 1973, pp. 147“157.
1651. C. Zimmer, “Perfect Gibberish,” Discover, v. 13, n. 12, Dec 1992, pp. 92“99.
1652. P.R. Zimmermann, The Official PGP User™s Guide, Boston: MIT Press, 1995.
1653. P.R. Zimmermann, PGP Source Code and Internals, Boston: MIT Press, 1995.




Index
A5, 389, 662“667
Abadi, Martin, 66
Absolute rate, of language, 234
Accreditation, 103
Active attacks, 27
Active cheaters, 27
Adams, Carlisle, 334
Adaptive-chosen-plaintext attack, 6
Addition chaining, 244
Additive generators, 390“392
Adjudicated protocol, 26, 71
Adjudicator, 26
Adleman, Leonard M., 163“164, 467
Adler, Roy, 266
Agnew, G. B., 423
Algebraic structure, DES, 282“283
Algorithm M, 393“394
Algorithms, 2“4, 17
all-or-nothing disclosure of secrets, 543“546
Asmuth-Bloom, 529“530
Barrett™s, 244
Berlekamp-Massey algorithm, 380, 404
block
chain mode, 206“207
choosing, 354“355
replay, 191“193
breaking, 8
CAST, 334“335
choosing, 214“216
cipher block chaining mode, 193“197, 208“210
cipher block chaining of plaintext difference mode, 208
cipher block chaining with checksum, 207“208
cipher-feedback mode, 200“202, 208“210



Page 628 of 666
Applied Cryptography: Second Edition - Bruce Schneier



cipher mode
choosing, 208“210
summary, 209
classes, 217
coin flipping
using Blum integers, 543
using exponentiation modulo p, 542“543
using square roots, 541“542
complexity, 237“239
constant, 238
convertible undeniable signatures, 538“539
counter mode, 205“206, 209
cubic, 238
data compression, 226
designated confirmer signatures, 539“540
Diffie-Hellman, fair, 546“547
digital signatures, 39
exponential, 238
for export, 215“216
extended Euclidean, 246“248
factoring, 256
ISO/IEC 9979 registered, 607
Karnin-Greene-Hellman, 530
Khafre, 317“318
Khufu, 317
linear, 238
linear syndrome, 381
modes, DES, 277“278
multiple block
cascading, 367“368
combining, 368
multiple-key public-key cryptography, 527“528
oblivious transfer, 550
one-way accumulators, 543
output-feedback mode, 203“205, 208“210
output feedback with a nonlinear function, 208
plaintext block chaining mode, 208
plaintext feedback mode, 208
polynomial, 238
polynomial-time, 238
probabilistic encryption, 552“554
propagating cipher block chaining mode, 207
public-key, 4“5, 33
quadratic, 238
quantum cryptography, 554“557
restricted, 3
running times, 238“239
secret-sharing algorithms, 528“531
secure multiparty computation, 551“552
Algorithms (Cont.)
security, 8“9
self-synchronizing stream cipher, 198“199
stream ciphers, 197“198



Page 629 of 666
Applied Cryptography: Second Edition - Bruce Schneier



subliminal-channel signature, 79
superpolynomial, 238
symmetric, 4
synchronous stream cipher, 202“203
TEA, 346
types, 189
unconditionally secure, 8
undeniable digital signatures, 536“539
using, 213“229
vector scheme, 529
zero-knowledge proofs, 548“550
See also Block ciphers; Stream ciphers
All-or-nothing disclosure of secrets, 96, 543“546
voting with a single central facility, 128“130
Alternating stop-and-go generator, 383, 385, 410“411
American National Standards Institute, DES approval, 267“268
Anderson, Ross, 391
ANDOS, see All-or-nothing disclosure of secrets
Anonymous message broadcast, 137“139
ANSI X3.105, 267
ANSI X3.106, 267
ANSI X9.8, 267
ANSI X9.17, 268, 359
key generation, 175
ANSI X9.19, 267
ANSI X9.26, 268
Arbitrated protocol, 23“26
Arbitration, timestamping, 75“76
Arbitrator, 23
document signing with, 35“37
group signatures with, 84“85
AR hash function, 453
Arithmetic, modular, 242“245
Arms Export Control Act, 610
Asmuth-Bloom scheme, 529“530
Association for Computing Machinery, 608
Asymmetric algorithms, see Public-key algorithms
Atomic Energy Act, 610
Attack, 5
AT&T Model 3600 Telephone Security Device, 594“595
Authentication, 2, 52“56
DASS, 62
Denning-Sacco protocol, 63
dictionary attacks, 52
ISO framework, 574“577
Kerberos, 60
message, 56
Needham-Schroeder protocol, 58“59
Neuman-Stubblebine protocol, 60“62
Otway-Rees protocol, 59“60
protocols, formal analysis, 65“68
salt, 52“53
Schnorr, 511



Page 630 of 666
Applied Cryptography: Second Edition - Bruce Schneier



SESAME, 572
SKEY, 53
SKID, 55“56
using interlock protocol, 54“55
using one-way functions, 52
using public-key cryptography, 53“54
Wide-Mouth Frog protocol, 56“57
Woo-Lam protocol, 63“64
Yahalom, 57“58
Authenticators, 568
Avalanche effect, 273
Backup keys, 181“182
BAN logic, 66“67
Barrett™s algorithm, 244
BaseKing, 346
Basis, polarization measurement, 555
Battista, Leon, 11
BBS generator, 417
add to spelled out, 553“554
Beacons, 64
Bellovin, Steve, 518, 520“521, 571
Bennett, Charles, 555, 557
Berlekamp-Massey algorithm, 380, 404
Bernstein, Dan, 616
Berson, Tom, 441
Best affine approximation attack, 381
Beth-Piper stop-and-go generator, 383“384
Bias, 425
Bidirectional message authentication codes, 457
Biham, Eli, 284“285, 288, 296, 301, 303, 306, 308, 311“312, 314, 316, 319, 354, 361, 434
Bilateral stop-and-go generator, 384“385
Binary trees, 78
Biotechnology, as cryptanalysis tool, 156“157
Birthday attack, 165“166, 430
Bit commitment, 86“88
using one-way functions, 87“88
using pseudo-random-sequence generators, 88
using symmetric cryptography, 86“87
Blakley, George, 72, 529
Blaze, Matt, 346, 364
Blinding factor, 112
Blind signatures, 112“115, 549“550
patents, 115
voting with, 126“127
Blobs, 88
Block algorithms, 4
Block chain mode, 206“207
Block ciphers, 4, 189
Blowfish, 336“339
CA-1.1, 327“328
cascading algorithms, 367“368
CAST, 334“335
CDMF key shortening, 366



Page 631 of 666
Applied Cryptography: Second Edition - Bruce Schneier



choosing algorithms, 354“355
combining algorithms, 368
counter mode, 205“206, 209
Crab, 342“344
CRYPTO-MECCANO, 346
designing, 351
design theory, 346“351
Feistel networks, 347
group structure, 348
S-box, 349“351
simple relations, 347“348
strength against differential and linear cryptanalysis, 348“349
weak keys, 348
double encryption, 357“358
double OFB/counter, 363“364
doubling length, 363
electronic codebook mode, 189“191, 208“210
encryption speeds, 355
FEAL, 308“312
feedback, 193
GOST, 331“334
IDEA, 319“325
iterated, 347
Li-Wang algorithm, 346
LOKI, 314“316
Lucifer, 303“304
Madryga, 304“306
McEliece algorithm, 346
MMB, 325“327
multiple encryption, 357
NewDES, 306“308
Rao-Nam algorithm, 346
RC2, 318“319
RC5, 344“346
REDOC II, 311“313
REDOC III, 313
SAFER K-64, 339“341
security, based on one-way hash functions, 353“354
Skipjack, 328“329
versus stream ciphers, 210“211
SXAL8/MBAL, 344
triple encryption, 358“363
3“Way, 341“342
using one-way hash functions, 351“354
whitening, 366“367
xDES1, 365“366
Block length, doubling, 363
Block replay, 191“193
Blocks, 4
Blowfish, 336“339, 354, 647“654
Blum, Manuel, 89, 105, 108
Blum, Blum, and Shub generator, 417“418
Blum integers, 253



Page 632 of 666
Applied Cryptography: Second Edition - Bruce Schneier



coin flipping, 543
zero-knowledge proofs, 549
Blum-Micali generator, 416“417
Boolean functions, in S-boxes, 350
Bosselaers, Antoon, 436, 441
Boyar, Joan, 369
Brassard, Gilles, 555, 557
Broadcasting:
anonymous, 137“139
secret, 523“524
Brute-force attack, 8, 151“152
software-based, 154“155
time and cost estimates, 152“154
Bureau of Export Administration, 610“611
Burrows, Michael, 66
CA-1.1, 327“328
Cade algorithm, 500“501
Caesar Cipher, 11
CAFE, 606“607
CALC, 346
Cantwell Bill, 615“616
Capstone, 593“594
Cascade generators, 405
Cascades, Gollmann, 387“388
Cascading:
multiple block algorithms, 367“368
multiple stream ciphers, 419“420
Cash, digital, see Digital cash
Cassells, Ian, 381
CAST, 334“335
S-boxes, 349
CBC, see Cipher block chaining mode
CCEP, 269, 598“599
CDMF, 366, 574
Cellhash, 446
Cellular automata, 500
Cellular automaton generator, 414
Certificates:
Privacy-Enhanced Mail, 579
public-key, 185“187
X.509, 574“575
Certification authority, 186
Certification path, 576
Certified mail, digital, 122“123
Chaining variables, 436
Chambers, Bill, 385“386
Characteristics, 286“288
Chaum, David, 84, 115, 133, 137, 536, 549
Cheater, 27
sharing secrets with, 531

<<

. 27
( 29)



>>