Bruce Schneier | ||||
Crypto BibliographyG. Brassard and C. Crépeau and M. Sántha, Oblivious Transfers and Intersecting Codes; IEEE Transaction on Information Theory, special issue in coding and complexity, Volume 42, Number 6, pp. 1769-1780, November 1996. [.ps.gz] C. Crépeau and M. Sántha, Efficient reductions among oblivious transfer protocols based on new self-intersecting codes; In Sequences II, Methods in Communications, Security, and Computer Science, pages 360-368. Springer-Verlag, 1991. [.ps.gz] C. Crépeau and M. Sántha, On the reversibility of oblivious transfer; In Advances in Cryptology: Proceedings of Eurocrypt '91, volume 547 of Lecture Notes in Computer Science, pages 106-113. Springer-Verlag, 1991. [.ps.gz] G. Brassard, C. Crépeau, and M. Sántha, Oblivious Transfers and Intersecting Codes, IEEE Transaction on Information Theory, special issue on coding and complexity, v. 42, n. 6, November 1996, pp. 1769-1780. [.ps] S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, On Password-Based Authenticated Key Exchange using Collisionful Hash Functions. In Australian Conference on Information Security and Privacy (ACISP '96), Springer-Verlag, LNCS 1172, pp. 299-310, 1996. [.ps.Z] S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, A Message Authentication Code based on Latin Squares, Australian Conference on Information Security and Privacy (ACISP '97), Springer-Verlag, LNCS 1270, pp. 194-203, 1997. [.ps.Z] S. Bakhtiari, R. Safavi-Naini, and J. Piprzyk, On Selectable Collisionful Hash Functions, Australian Conference on Information Security and Privacy (ACISP '96), Springer-Verlag, LNCS 1172, pages 287-298, 1996. [.ps.Z] L. Brown, J. Pieprzyk, R. Safavi-Naini, and J. Seberry, A Generalised Testbed for Analysing Block and Stream Ciphers [.txt], Technical Report CS10/91, March 1991. [.ps.gz] [.txt] C. Burwick, D. Coppersmith, E. D'Avignon, R. Gennaro, S. Halevi, C. Jutla, S. Matyas Jr., L. O'Connor, M. Peyravian, D. Safford, and N. Zunic, MARS - a candidate cipher for AES, First AES conference, 1998. [.pdf] [.ps] O. Goldreich and S. Safra, A Combinatorial Consistency Lemma with application to the PCP Theorem; 1996. [.ps] M. Bellare and A. Sahai, Non-Malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization, Advances in Cryptology - Crypto 99 Proceedings, LNCS v. 1666, M. Wiener ed, Springer-Verlag, 1999. O. Goldreich, A. Sahai, and S. Vadhan, Honest-Verifier Statistical Zero-Knowledge Equals General Statistical Zero-Knowledge; 1998. [.ps] M. Bellare, S. Halevi, A. Sahai, and S. Vadhan, Many-to-one trapdoor functions and their relation to public-key cryptosystems, Extended abstract in Advances in Cryptology -- Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed, Springer-Verlag, 1998. L. Brown and D. Sahlin, Extending Erlang for Safe Mobile Code Execution, Information and Communication Security, Lecture Notes in Computer Science, Springer-Verlag, Nov 1999. [.ps] K. Kurosawa, K. Okada, H. Saido, and D. Stinson, New combinatorial bounds for authentication codes and key predistribution schemes, Designs, Codes and Cryptography. [.ps] K. Kurosawa, K. Okada, H. Saido, and D. Stinson, New combinatorial bounds for authentication codes and key predistribution schemes, Designs, Codes and Cryptography, v.15, no.1, 1998, pp. 87-100. [.ps] K. Kurosawa, K. Okada, H. Saido, and D. Stinson, New combinatorial bounds for authentication codes and key predistribution schemes, Designs, Codes and Cryptography, v. 15, no. 1, 1998, pp. 87--100. [.ps] K. Kurosawa, K. Okada, and K. Sakano, Security of the Center in Key Distribution Schemes, Advances in Cryptology - ASIACRYPT 94, LNCS 917 (1995), 333-341. [.ps] K. Kurosawa, K. Okada, K. Sakano, W. Ogata, and S. Tsujii, Nonperfect Secret Sharing Schemes and Matroids, Advances in Cryptology - EUROCRYPT '93, LNCS 765, 1993, 126-141. [.ps] K. Okada, W. Ogata, K. Sakano, and K. Kurosawa, Analysis on Secret Sharing Schemes with Non-graphical Access Structures, IEICE Trans., Vol.E80-A, No. 1, 1997, 85-89. [.ps] W. Ogata, K. Kurosawa, K. Sako, and K. Takatani, Fault Tolerant Anonymous Channel, Proceedings of ICICS '97, LNCS 1334, 1997, pp. 440-444. [.ps] K. Sakurai and Y. Zheng, On Non-Pseudorandomness from Block Ciphers with Provable Immunity against Linear Cryptanalysis; IEICE Transactions on Fundamentals of Electronics, Communications and Computer Science, Vol. E80-A, No.1, pp.19-24, 1997. [.pdf] [.ps] [.ps.Z] C. Salter, O.S. Saydjari, B. Schneier, and J. Wallner, Toward a Secure System Engineering Methodology, New Security Paradigms Workshop, September 1998, pp. 2-10. L. Gong, T. Lomas, R. Needham, and J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, IEEE Journal on Selected Areas in Communications, Vol.11, No.5, June, 1993, pp.648-656. [.ps.gz] G. Brassard, C. Crépeau, and D. Mayers and L. Salvail, Defeating classical Bit Commitment Schemes with a Quantum Computer; Submitted to Advances in Cryptology: Proceedings of Crypto '98, Springer-Verlag, 1998. [.ps.gz] C. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, Experimental quantum cryptography; Journal of Cryptology, vol. 5, no. 1, 1992, pp. 3 - 28. Preliminary version in Advances in Cryptology - Eurocrypt '90 Proceedings, May 1990, Springer - Verlag, pp. 253 - 265. [.ps.gz] C. Crépeau and L. Salvail, Quantum Oblivious Mutual Identification; Advances in Cryptology: Proceedings of Eurocrypt '95, Springer-Verlag, pages 133-147, 1995. [.ps.gz] G. Brassard and L. Salvail, Secret-key reconciliation by public discussion; Advances in Cryptology | Eurocrypt '93 Proceedings, May 1993. [.ps.gz] G. Brassard, C. Crépeau, D. Mayers, and L. Salvail, A brief review on the impossibility of quantum bit commitment; Posted as paper 9712023 on quant-ph archive, 11 pages, December 1997. C. Crépeau and L. Salvail, Oblivious Verification of Common String, CWI Quarterly, v. 8, n. 2, June 1995, pp. 97-109. [.ps] T. Lomas, L. Gong, J. Salzer, and R. Needham, Reducing Risks from Poorly Chosen Keys, Proceedings of the 12th ACM Symposium on Operating System Principles, Litchfield Park, Arizona, December, 1989. Published as ACM Operating Systems Review, Vol.23, No.5, pp.14-18. [.ps.gz] S. Jajodia, P. Samarati, V. Subrahmanian, and E. Bertino, A Unified Framework for Enforcing Multiple Access Control Policies, Proc. ACM SIGMOD Int'l. Conf. on Management of Data, May 1997, pp. 474-485. [.ps] E. Bertino, S. Jajodia, and P. Samarati, Supporting multiple access control policies in database systems, Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1996, pages 94-107. [.ps] E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia, Providing flexibility in information flow control for object-oriented systems, Proc. IEEE Symp. on Security and Privacy, Oakland, Calif., May 1997, pages 130-140. [.ps] S. Jajodia, P. Samarati, and V. S. Subrahmanian, A logical language for expressing authorizations,'' Proc. IEEE Symp. on Security and Privacy, Oakland, Calif., May 1997, pp. 31-42. [.ps]
N. Asokan,
D. Samfat, and
R. Molva,
Untraceability in Mobile Networks, Proceedings of the ACM International Conference on Mobile Computing and Networking, Berkeley, Nov. 1995.
[.ps.gz]
F. Sato and K. Kurosawa, On the randomness of aself-decimation stream key generator, International Conference on Sequences and their Applications -- SETA'98, 1998. [.ps] T. Sato, M. Haga, and K. Kurosawa, Towards secure and fast hash functions, IEICE, Trans. on Fundamentals. [.ps] K. Kurosawa and T. Satoh, Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria, Advances in Cryptology - EUROCRYPT '97, LNCS 1233, 1997, pp. 434-449. [.ps] K. Kurosawa and T. Satoh, Generalization of higher order SAC to vector output Boolean function, IEICE Trans. E81-A, pp. 41-47 (1998). (Preliminary version appeared in Advances in Cryptology - ASIACRYPT '96, LNCS 1163 (1996), 218-231.) [.ps] C. Salter, O.S. Saydjari, B. Schneier, and J. Wallner, Toward a Secure System Engineering Methodology, New Security Paradigms Workshop, September 1998, pp. 2-10. L. Gong and R. Schemers, Signing, Sealing, and Guarding Java Objects, Lecture Notes in Computer Science (LNCS), Vol.1419, Springer-Verlag, June 1998. [.ps.gz] L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers, Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2, Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997, pp. 103-112. [.ps.gz] J. Schiller, D. Atkins, Scaling the Web of Trust: Combining Kerberos and PGP to Provide Large Scale Authentication [.txt], Usenix 1995 Technical Conference Proceedings, Jan. 16-20, 1995. [.ps] [.txt] H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. Neumann, R. Rivest, J. Schiller, and B. Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption [PDF]. An earlier version appeared in World Wide Web Journal, v.2, n.3, 1997, pp. 241-257. Y. Amir, G. Ateniese, D. Hasse, Y. Kim, C. Nita-Rotaru, T. Schlossnagle, J. Schultz, J. Stanton, and G. Tsudik, Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments, 2000 International Conference on Distributed Computing Systems. [.pdf] B. Schneier and Mudge, Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP), Proceedings of the 5th ACM Conference on Communcations and Computer Security, ACM Press, November 1998, pp. 132-141. J. Kelsey and B. Schneier, Key-Schedule Cryptanalysis of DEAL, Sixth Annual Workshop on Selected Areas in Cryptography (SAC 99), Springer Verlag, 2000, pp. 118-134. J. Kelsey and B. Schneier, The Street Performer Protocol, The Third USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1998. C. Hall, J. Kelsey, B. Schneier, and D. Wagner, Cryptanalysis of SPEED (Extended Abstract), Financial Cryptography '98, Springer-Verlag, 1998, 309-310. B. Schneier and A. Shostack, Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards, First USENIX Symposium on Smart Cards, USENIX Press. N. Ferguson, J. Kelsey, B. Schneier, M. Stay, D. Wagner, and D. WHiting, Improved Cryptanalysis of Rijndael, Proceedings of the Seventh Fast Software Encryption Workshop, Springer-Verlag, 2001, pp. 213-230. B. Schneier, Inside Risks 112: Risks of Relying on Cryptography, Communications of the ACM, vol 42, n 10, Oct 1999. J. Kelsey, B. Schneier, and C. Hall, An Authenticated Camera, 12th Annual Computer Security Applications Conference, ACM Press, December 1996, pp. 24-30. E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, distributed at the first AES conference, August 20, 1998. [.ps.gz] B. Schneier and J. Kelsey, Automatic Event Stream Notarization Using Digital Signatures, Security Protocols, International Workshop April 1996 Proceedings, Springer-Verlag, 1997, pp. 155-169. H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. Neumann, R. Rivest, J. Schiller, and B. Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption [PDF]. An earlier version appeared in World Wide Web Journal, v.2, n.3, 1997, pp. 241-257. B. Schneier, Self-Study Course in Block Cipher Cryptanalysis, 1998. B. Schneier and J. Kelsey, Remote Auditing of Software Outputs Using a Trusted Coprocessor, Journal of Future Generation Computer Systems, v.13, n.1, 1997, pp. 9-18. C. Hall and B. Schneier, Remote Electronic Gambling, 13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 227-230. C. Ellison and B. Schneier, Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, Computer Security Journal, v 16, n 1, 2000, pp. 1-7. B. Schneier, J. Kelsey, and J. Walker, Distributed Proctoring, ESORICS 96 Proceedings, Springer-Verlag, September 1996, pp. 172-182. B. Schneier and Mudge, Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), CQRE, Dusseldorf, Oct 1999. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Performance Comparison of the AES Submissions, Proc. Second AES Candidate Conference, NIST, March 1999, pp. 15-34. B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204. J. Riordan and B. Schneier, Environmental Key Generation towards Clueless Agents, Mobile Agents and Security, G. Vigna, ed., Springer-Verlag, 1998, pp. 15-24. D. Wagner, B. Schneier, and J. Kelsey, Cryptanalysis of the Cellular Message Encryption Algorithm, Advances in Cryptology--CRYPTO '97 Proceedings, Springer-Verlag, August 1997, pp. 526-537. C. Ellison, C. Hall, R. Milbert, and B. Schneier, Protecting Secret Keys with Personal Entropy, Future Generation Computer Systems. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, and C. Hall, On the Twofish Key Schedule, Fifth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1998, pp. 27-42. J. Kelsey and B. Schneier, Authenticating Secure Tokens Using Slow Memory Access, First USENIX Symposium on Smart Cards, USENIX Press. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, Twofish: A 128-Bit Block Cipher, 15 June 1998. B. Schneier and D. Whiting, Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor, Fast Software Encryption, Fourth International Workshop Proceedings (January 1997), Springer-Verlag, 1997, pp. 242-259. N. Ferguson and B. Schneier, Cryptanalysis of Akelarre, Fourth Annual Workshop on Selected Areas in Cryptography, August 1997, pp. 201-212. M. Blaze and B. Schneier, The MacGuffin Block Cipher Algorithm, Fast Software Encryption, Second International Workshop Proceedings (December 1994), Springer-Verlag, 1995, pp. 97-110. D. Wagner, L. Simpson, E. Dawson, J. Kelsey, W. Millan and B. Schneier, Cryptanalysis of ORYX, Fifth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1998, pp. 296-305. D. Wagner, N. Ferguson, and B. Schneier, Cryptanalysis of FROG, Second AES Candidate Conference, April 1999. J. Kelsey, B. Schneier, and D. Wagner, Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA, ICICS '97 Proceedings, Springer-Verlag, November 1997, pp. 233-246. B. Schneier and D. Whiting, A Performance Comparison of the Five AES Finalists, Proceedings of the Third AES Candidate Conference, April 2000, pp. 123-135. B. Schneier and C. Hall, An Improved E-mail Security Protocol, 13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 232-238. E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, Second AES Candidate Conference, April 1999. J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and Triple-DES, Advances in Cryptology--CRYPTO '96 Proceedings, Springer-Verlag, August 1996, pp. 237-251. N. Ferguson, J. Kelsey, B. Schneier, and D. Whiting, A Twofish Retreat: Related-Key Attacks Against Reduced-Round Twofish, Twofish Technical Report #6, February 14, 2000. J. Kelsey, B. Schneier, and N. Ferguson, and Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator, Sixth Annual Workshop on Selected Areas in Cryptography (SAC 99), Springer Verlag, 2000, pp. 13-33. C. Hall, J. Kelsey, B. Schneier, and D. Wagner, Building Pseudo-Random Functions from Pseudo-Random Permutations, Advances in Cryptology--CRYPTO '98 Proceedings, Springer-Verlag, August 98, 370-389. B. Schneier, Cryptographic Design Vulnerabilities IEEE Computer, v. 31, n. 9, Sep 1998, pp. 29-33. [.pdf] B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, M. Stay, The Twofish Team's Final Comments on AES Selection, May 15, 2000. J. Kelsey, B. Schneier, and D. Wagner, Mod n Cryptanalysis, with Applications Against RC5P and M6, Fast Software Encryption, Sixth International Workshop Proceedings (March 1999), Springer-Verlag, 1999, pp. 139-155. J. Kelsey, B. Schneier, and Key Schedule Weakness in SAFER+, Second AES Candiate Conference, April 1999. C. Hall, J. Kelsey, V. Rijmen, B. Schneier, and D. Wagner, Cryptanalysis of SPEED, Fifth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1998, pp. 318-338. B. Schneier, Cryptography, Security, and the Future, Communications of the ACM, v. 40, n. 1, January 1997, p. 138. J. Riordan and B. Schneier, A Certified E-Mail Protocol with No Trusted Third Party, 13th Annual Computer Security Applications Conference, ACM Press, December 1998, pp. 347-351. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, New Results on the Twofish Encryption Algorithm, Second AES Candiate Conference, April 1999. D. Wagner and B. Schneier, Analysis of the SSL 3.0 Protocol, The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 29-40. J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, 1997 Information Security Workshop (ISW'97), Proceedings (September 1997), Springer-Verlag, 1998, pp. 121-134. D. Whiting, B. Schneier, and S. Bellovin, AES Key Agility Issues in High-Speed IPsec Implementations, May 15, 2000. B. Schneier, Why Cryptography is Harder than it Looks, Information Security Bulletin, v. 2, n. 2, March 1997, pp. 31-36. B. Schneier and J. Kelsey, Secure Audit Logs to Support Computer Forensics, ACM Transactions on Information and System Security, v. 2, n. 2, May 1999, pp. 159-176. J. Kelsey and B. Schneier, Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs, Second International Workshop on the Recent Advances in Intrusion Detection (RAID '99), September 1999. N. Ferguson and B. Schneier, A Cryptographic Evaluation of IPsec. B. Schneier, Inside Risks 111: The Trojan Horse Race, Communications of the ACM, vol 42, n 9, Sep 1999. M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Weiner, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996. B. Schneier, Security in the Real World: How to Evaluate Security, Computer Security Journal, v 15, n 4, 1999, pp. 1-14. C. Salter, O.S. Saydjari, B. Schneier, and J. Wallner, Toward a Secure System Engineering Methodology, New Security Paradigms Workshop, September 1998, pp. 2-10. R. Rivest, M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener, Minimal Key Lenths for Symmetric Ciphers to Provide Adequate Commercial Security [.ps] J. Kelsey and B. Schneier, MARS Attacks! Preliminary Cryptanalysis of Reduced-Round MARS Variants, Proceedings of the Third AES Candidate Conference, April 2000, pp. 169-185. J. Kelsey and B. Schneier, Authenticating Outputs of Computer Software Using a Cryptographic Coprocessor, Proceedings 1996 CARDIS, September 1996, pp. 11-24. J. Kelsey and B. Schneier, Conditional Purchase Orders, 4th ACM Conference on Computer and Communications Security, ACM Press, April 1997, pp. 117-124. B. Schneier and J. Kelsey, A Peer-to-Peer Software Metering System, The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 279-286. J. Katz and B. Schneier, A Chosen Ciphertext Attack against Several E-Mail Encryption Protocols, J. Katz and B. Schneier, 9th USENIX Security Symposium, 2000. B. Schneier, Attack Trees, Dr. Dobb's Journal, v. 24, n. 12, Dec 1999, pp. 21-29. D. Coppersmith, D. Wagner, B. Schneier, and J. Kelsey, Cryptanalysis of TwoPrime, Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, 32-48. B. Schneier and J. Kelsey, Cryptographic Support for Secure Logs on Untrusted Machines, The Seventh USENIX Security Symposium Proceedings, USENIX Press, January 1998, 53-62. N. Ferguson, D. Whiting, B. Schneier, J. Kelsey, S. Lucks, and T. Kohno, Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive, Proceedings of Fast Software Encryption 2003, to appear. J. Kelsey, T. Kohno, and B. Schneier, Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent, Proceedings of the Seventh Fast Software Encryption Workshop, Springer-Verlag, Springer-Verlag, 2001, pp. 7-93. T. Kohno, J. Kelsey, and B. Schneier, Preliminary Cryptanalysis of Reduced-Round Serpent, Proceedings of the Third AES Candidate Conference, April 2000, pp. 195-211. B. Schneier, Inside Risks 110: Biometrics: Uses and Abuses, Communications of the ACM, vol 42, n 8, August 1999. B. Schneier and J. Kelsey, Unbalanced Feistel Networks and Block Cipher Design, Fast Software Encryption, Third International Workshop Proceedings (February 1996), Springer-Verlag, 1996, pp. 121-144. N. Ferguson, B. Schneier, and D. Wagner, Security Weaknesses in Maurer-Like Randomized Stream Ciphers, Fifth Australasian Conference on Information Security and Privacy (ACISP 2000), Springer-Verlag, 2000, pp. 234-241. B. Schneier, Blowfish--One Year Later, Dr. Dobb's Journal, September 1995. J. Kelsey, B. Schneier, and D. Wagner, Protocol Interactions and the Chosen Protocol Attack, Security Protocols, 5th International Workshop April 1997 Proceedings, Springer-Verlag, 1998, pp. 91-104. C. Hall, I. Goldberg, and B. Schneier, Reaction Attacks Against Several Public-Key Cryptosystems, Counterpane Systems Report, 1998. J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, ESORICS '98 Proceedings, Springer-Verlag, September 1998, 97-110. D. Whiting, J. Kelsey, B. Schneier, D. Wagner, N. Ferguson, and C. Hall, Further Observations on the Key Schedule of Twofish, Twofish Technical Report #4, March 16, 1999. J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Cryptanalytic Attacks on Pseudorandom Number Generators, Fast Software Encryption, Fifth International Workshop Proceedings (March 1998), Springer-Verlag, 1998, pp. 168-188. C. Schnorr and H. Hörner, Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction, Advances in Cryptology - Eurocrypt '95, Lecture Notes in Computer Science, Vol. 921, Springer Verlag, pp.1-12, 1995. M. Coster, A. Joux, B. LaMacchia, A. Odlyzko, C. Schnorr, and J. Stern, Improved low-density subset sum algorithms, Computational Complexity 2 (1992), pp. 111-128. [.pdf] [.ps] C. Schnorr and S. Vaudenay, The Black-Box Model for Cryptographic Primitives, Journal of Cryptology, vol.11, pp. 125-140, 1998. H. Ong, C. Schnorr, Fast Signature Generation with a Fiat Shamir-Like Scheme, Advances in Cryptology - Eurocrypt '90, Lecture Notes in Computer Science, Vol.473, Springer Verlag, pp.432-440,1991. [.ps] [.ps.gz] M. Coster, B. LaMacchia, A. Odlyzko, and C. Schnorr, An improved low-density subset sum algorithm, Advances in Cryptology - EUROCRYPT '91, D. W. Davies (ed.), Springer Verlag, Lecture Notes in Computer Science #547 (1991), pp. 54-67. [.pdf] [.ps] C. Schnorr, S. Vaudenay, Parallel FFT-Hashing, Fast Software Encryption - Proceedings of the Cambridge Security Workshop Lecture Notes in Computer Science, Vol. 809, Springer Verlag, pp.149-156,1994. [.ps] [.ps.gz] C. Schnorr, Efficient Signature Generation by Smart Cards, Journal of Cryptology, Vol.4, pp.161-174, 1991. [.ps] [.ps.gz] R. Cramer, R. Gennaro, and B. Schoemakers, A Secure and Optimally Efficient Multi-Authority Election Scheme, Proceedings of EUROCRYPT '97, Springer-Verlag, LNCS 1233, pp.103-118. Also in European Transactions on Telecommunications. [.ps] J.-P. Boly, A. Bosselaers, R. Cramer, S. Mjølsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmaker, L. Vallée, and M. Waidner, Digital Payment Systems in the ESPRIT Project CAFE; Securicom 94, Paris 1.-3.6.1994, 35-45. [.ps.gz] B. Schoenmakers, A Tight Lower Bound for Top-Down Skew Heaps; Information Processing Letters 61 (1997) 279-284. Reference [10] of the paper is also available as Neil Sloane's On-Line Encyclopedia of Integer Sequences; through which I found out about Hofstadter's G-sequence. [.pdf] R. Cramer, B. Schoenmakers, and M. Yung, Multi-authority secret ballot elections with linear work, Advances in Cryptology -- Eurocrypt '96 Proceedings, 1996. Earlier version in CWI Research Report CS-R9571, January 1996. [.ps] R. Cramer, R. Gennaro, and B. Schoenmakers, A Secure and Optimally Efficient Multi-Authority Election Scheme; Appears in European Transactions of Telecommunications Vol.8, No.5. A preliminary version appears at EUROCRYPT'97. [.ps] J.P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjølsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallée, and M. Waidner, The ESPRIT project CAFE - High security digital payment systems, Proceedings ESORICS'94, LNCS 875, D. Gollmann, Ed., Springer-Verlag, 1994, pp. 217-230. [.pdf] B. Schoenmakers, A New Algorithm for the Recognition of Series Parallel Graphs; Report CS-R9504, Centrum voor Wiskunde en Informatica (CWI), January 1995. M. Franklin, R. Cramer, B. Schoenmakers, and M. Yung, Multi-authority secret ballot elections with linear work, Advances in Cryptology -- Eurocrypt '96 Proceedings. [.ps] B. Schoenmakers, Basic Security of the ecash Payment System, Bart Preneel et al. (eds.) Computer Security and Industrial Cryptography: State of the Art and Evolution, ESAT Course, Leuven, Belgium, June 3--6, 1997, Springer-Verlag's LNCS series. 16 pages. [.pdf] B. Schoenmakers, Inorder Traversal of a Binary Heap and its Inversion in Optimal Time and Space; In Mathematics of Program Construction-MPC'92, volume 669 of Lecture Notes in Computer Science, pages 291-301, Berlin, 1993. Springer-Verlag. [.ps.gz] A. Kaldewaij and B. Schoenmakers, Searching by Elimination; Science of Computer Programming 14 (1990) 243-254. [.ps.gz] A. Kaldewaij and B. Schoenmakers, The Derivation of a Tighter Bound for Top-Down Skew Heaps; Information Processing Letters 37 (1991) 265-271. [.ps.gz] R. Cramer, I. Damgård, and B. Schoenmakers, Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. [.ps.Z] J.-P. Katoen and B. Schoenmakers, Recognizing Perfect-Shuffles [.ps.gz] B. Schoenmakers, An Efficient Electronic Payment System Withstanding Parallel Attacks, Report CS-R9522, Centrum voor Wiskunde en Informatica (CWI), March 1995. J.-P. Katoen and B. Schoenmakers, Systolic Arrays for the Recognition of Permutation-Invariant Segments; Science of Computer Programming 27 (1996) 119-137. [.ps.gz] J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjolsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallee, and M. Waidner, The ESPRIT Project CAFE: High Security Digital Payment Systems; In ESORICS 94 (Third European Symposium on Research in Computer Security), volume 875 of Lecture Notes in Computer Science, pages 217-230, Berlin, 1994. Springer-Verlag. [.ps.gz] A. Buldas, H. Lipmaa, and B. Schoenmakers, Optimally Efficient Accountable Time-Stamping, In Yuliang Zheng and Hideki Imai, editors, Public Key Cryptography '2000, volume 1751 of Lecture Notes in Computer Science, pages 293-305, Melbourne, Australia, 18--20 January 2000. Springer Verlag. B. Schoenmakers, A Systematic Analysis of Splaying; Information Processing Letters 45 (1993) 41-50. [.pdf] [.ps.gz] C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram, and D. Zamboni, Analysis of a Denial of Service Attack on TCP, Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, California, May 5-7, 1997. [.ps.gz] Y. Amir, G. Ateniese, D. Hasse, Y. Kim, C. Nita-Rotaru, T. Schlossnagle, J. Schultz, J. Stanton, and G. Tsudik, Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments, 2000 International Conference on Distributed Computing Systems. [.pdf] J.P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjølsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallée, and M. Waidner, The ESPRIT project CAFE - High security digital payment systems, Proceedings ESORICS'94, LNCS 875, D. Gollmann, Ed., Springer-Verlag, 1994, pp. 217-230. [.pdf] J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjolsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallee, and M. Waidner, The ESPRIT Project CAFE: High Security Digital Payment Systems; In ESORICS 94 (Third European Symposium on Research in Computer Security), volume 875 of Lecture Notes in Computer Science, pages 217-230, Berlin, 1994. Springer-Verlag. [.ps.gz] B. Pfitzmann and M. Schunter, Asymmetric Fingerprinting; Eurocrypt '96, LNCS 1070, Springer-Verlag, Berlin 1996, 84-95. [.ps.gz] B. Pfitzmann, M. Schunter, and M. Waidner, Optimal Efficiency of Optimistic Contract Signing; 17th Symposium on Principles of Distributed Computing (PODC), ACM, New York 1998. [.pdf] [.ps.gz] G. Bleumer and M. Schunter, Privacy Oriented Clearing for the German Healthcare System; Personal Medical Information -- Security, Engineering, and Ethics, Springer-Verlag, Berlin 1997, 175-194. [.ps.gz] B. Pfitzmann, M. Schunter, and M. Waidner, How to Break Another "Provably Secure" Payment System; Eurocrypt '95, LNCS 921, Springer-Verlag, Berlin 1995, 121-132. [.ps.gz] A. Pfitzmann, B. Pfitzmann, M. Schunter, and M. Waidner, Mobile User Devices and Security Modules: Design for Trustworthiness; IBM Research Report RZ 2784 (#89262) 02/05/96, IBM Research Division, Zurich, Feb. 1996. [.ps.gz] A. Ben-Dor, S. Halevi, and A. Schuster, Potential Function Analysis of Greedy Hot-Potato Routing, Proceedings of 13th Annual ACM Symposium on Principles of Distributed Computing, ACM Press, 1994, pp. 225-234. [.ps.gz] R. Friedman, E. Biham, A. Itzkovitz, and A. Schuster, Symphony: Managing Virtual Servers in the Global Village Technical Reports of the Computer Science Department in the Technion, 0939. [.ps.gz] Y. Mu, J. Seberry, and Y. Zheng, Shared cryptographic bits via quantized quadrature phase amplitudes of light; Optics Communications, Vol. 123, pp. 344-352, 1996. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Improving the strict avalanche characteristics of cryptographic functions; Information Processing Letters, Vol.50, pp.37-41, 1994. [.ps] [.ps.Z] Y. Zheng and J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attacks; the Special Issue on Secure Communications, IEEE Journal on Selected Areas in Communications, Vol. 11, No. 5, pp. 715-724, June 1993. [.ps] [.ps.Z] Y. Zheng, T. Hardjono, and J. Seberry, Reusing shares in secret sharing schemes; The Computer Journal, Vol. 37, No. 3, pp. 199-205, 1994. [.ps] [.ps.Z] L. Brown, J. Piprzyk, and J. Seberry, LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications [.txt], in Advances in Cryptology - Auscrypt'90, Lecture Notes in Computer Science, vol 453, pp229-236, J Seberry, J Pieprzyk (eds), Springer-Verlag, 1990. [.ps.gz] [.txt] L. Brown and J. Seberry, On the Design of Permutation Boxes in DES Type Cryptosystems [.txt], Advances in Cryptology - Eurocrypt '89, Lecture Notes in Computer Science, vol 434, pp 696-705, J.J. Quisquater, J. Vanderwalle (eds), Springer-Verlag, Berlin, 1990. [.ps.gz] [.txt] J. Seberry, X. Zhang, and Y. Zheng, On constructions and nonlinearity of correlation immune functions; Advances in Cryptology -- EuroCrypt'93, Lecture Notes in Computer Science, Vol. 765, pp. 181-199, Springer-Verlag, Berlin, 1994. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, The Relationship Between Propagation Characteristics and Nonlinearity of Cryptographic Functions; Journal of Universal Computer Science, Vol. 1, No. 2, pp. 136-150, 1995. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Nonlinearly balanced Boolean functions and their propagation characteristics; Advances in Cryptology -- Crypto'93, Lecture Notes in Computer Science, Vol. 773, pp. 49-60, Springer-Verlag, Berlin, 1994. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Relationships Among Nonlinearity Criteria. Eurocrypt '95, Lecture Notes in Computer Science, vol. 950, pp. 376-388, Springer-Verlag, 1995. [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Structures of cryptographic functions with strong avalanche characteristics; Advances in Cryptology -- AsiaCrypt'94, Lecture Notes in Computer Science, Vol.917, pp.119-132, Springer-Verlag, 1995. [.ps] [.ps.Z] L. Brown and J. Seberry, Key Scheduling in DES Type Cryptosystems [.txt], Advances in Cryptology - Auscrypt'90, Lecture Notes in Computer Science, vol 453, pp221-228, J Seberry, J Pieprzyk (eds), Springer-Verlag, 1990. Also published as Technical Report CS25/89, Oct 1989. [.ps.gz] [.txt] Y. Zheng and J. Seberry, Practical approaches to attaining security against adaptively chosen ciphertext attacks; Advances in Cryptology -- Crypto'92, Lecture Notes in Computer Science, Vol. 740, pp.292-304, Springer-Verlag, 1993. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Relationships among nonlinearity criteria; Advances in Cryptology -- EuroCrypt'95, Lecture Notes in Computer Science, Vol. 950, pp. 376-388, Springer-Verlag, 1995 [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Nonlinearity and propagation characteristics of balanced Boolean functions; Information and Computation, Vol. 119, No. 1, pp. 1-13, 1995. [.ps] [.ps.Z] Y. Zheng, J. Pieprzyk, and J. Seberry, HAVAL -- a one-way hashing algorithm with variable length of output; Advances in Cryptology -- AusCrypt'92, Lecture Notes in Computer Science, Vol. 718, pp. 83-104, Springer-Verlag, Berlin, 1993. [.tar.Z] J. Seberry, X. Zhang, and Y. Zheng, Cryptographic Boolean functions via group Hadamard matrices; in the Special Issue: the Hadamard Centenary Conference, the Australasian Journal of Combinatorics, Vol.10, pp.131-145, 1994. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Relating Nonlinearity to Propagation Characteristics; Proceedings of 1995 Cryptography Policy and Algorithms Conference, pp.283-297, Brisbane, July 1995. [.ps] [.ps.Z] L. Brown, J. Pieprzyk, R. Safavi-Naini, and J. Seberry, A Generalised Testbed for Analysing Block and Stream Ciphers [.txt], Technical Report CS10/91, March 1991. [.ps.gz] [.txt] J. Seberry, X. Zhang, and Y. Zheng, Systematic generation of cryptographically robust S-boxes; Proceedings of the First ACM Conference on Computer and Communications Security, pp.171-182, The Association for Computing Machinery, New York, November 1993. [.ps] [.ps.Z] J. Seberry, X. Zhang, and Y. Zheng, Pitfalls in designing substitution boxes; Advances in Cryptology -- Crypto'94, Lecture Notes in Computer Science, Vol. 839, pp. 383-396, Springer-Verlag, Berlin, 1994. [.ps] [.ps.Z] O. Goldreich, A. Herzberg, and A. Segall, A Quantitative Approach to Dynamic Networks; 1992. [.ps] N. Courtois, M. Finiasz, and N. Sendrier, How to achieve a McEliece-based Digital Signature Scheme, Asiacrypt 2001. Preprint published as Inria rapport de recherche 4118, February 2001. L. Gong, N. Shacham, Multicast Security and Its Extension to a Mobile Environment, ACM-Baltzer Journal of Wireless Networks, 1(3):281--295, October 1995. [.ps.gz] L. Gong and N. Shacham, Elements of Trusted Multicasting, Proceedings of the IEEE International Conference on Network Protocols, Boston, Massachusetts, October, 1994, pp.23-30. E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, distributed at the first AES conference, August 20, 1998. [.ps.gz] A. Shamir and A. Kipnis, Cryptanalysis of the HFE public key cryptosystem, Crypto'99, Springer-Verlag. [.pdf] [.ps] E. Biham and A. Shamir, Differential Cryptanalysis of the Full 16-Round DES, CS 708, December 1991, Proceedings of Crypto'92, LNCS 740. [.ps.gz] M. Burmester, R. Rivest, and A. Shamir, Geometric Cryptography; [.ps] R. Anderson, R. Needham, and A. Shamir, The Steganographic File System. [.ps.gz] E. Biham and A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, Proceedings of Crypto '97. [.ps.gz] E. Biham and A. Shamir, Differential cryptanalysis of Feal and N-Hash, Technical report CS91-17, Weizmann Institute of Science, EUROCRYPT'91. [.ps.gz] R. Rivest and A. Shamir, PayWord and MicroMint--Two Simple Micropayment Schemes. [.ps] [.ppt] E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, Second AES Candidate Conference, April 1999. E. Biham and A. Shamir, Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, Technical report CS91-18, Weizmann Institute of Science CRYPTO'91. [.ps.gz] E. Biham and A. Shamir, Differential Cryptanalsys of DES-Like Cryptosystems, Technical report CS90-16, Weizmann Institute of Science. [.ps.gz] M. Naor and A. Shamir, Visual Cryptography; Eurocrypt 94. [.ps.gz] R. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Communications of the ACM 21,2 (Feb. 1978), 120--126. [.ps] M. Naor and A. Shamir, Visual Cryptography II; Cambrdige Workshop on Protocols, 1996. [.ps.gz] E. Biham, A. Biryukov, and A. Shamir, Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials, Technical Reports of the Computer Science Department in the Technion, 0947. [.ps.gz] E. Biham and A. Shamir, Power Analysis of the Key Scheduling of the AES Candidates, Second AES conference, 1999. [.ps.gz] E. Biham, A. Biryukov, O. Dunkelman, E. Richardson, and A. Shamir, Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR, Proceedings of SAC'98. [.ps.gz] M. Abdalla, Y. Shavitt, and A. Wool, Towards Making Broadcast Encryption Practical [.ps.gz], Financial Cryptography '99, Anguilla, BWI, February 1999. [.ps.gz] D. Boneh and J. Shaw, Collusion Secure Fingerprinting for Digital Data, IEEE Transactions on Information Theory, Vol 44, No. 5, 1998, pp. 1897-1905. R. Wright, D. Shifflett, and C. Irvine, Security Architecture for a Virtual Heterogeneous Machine, Proceedings of the Fourteenth Computer Security Applications Conference, 1998, pp. 167--177. [.ps.Z] R. Rivest, M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener, Minimal Key Lenths for Symmetric Ciphers to Provide Adequate Commercial Security [.ps] M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Weiner, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996. S. Kim, M. Mambo, H. Shizuya, and D. Won, On the security of the Okamoto-Tanaka ID-based key exchange scheme against active attacks, Proc. of JW-ISC'2000, Korea-Japan Joint Workshop on Information Security and Cryptology, January 2000. [.zip] H. Isa, W. Shockley, and C. Irvine, A Multi-threading Architecture for Multilevel Secure Transaction Processing, Proceedings of 1999 Symposium on Security and Privacy, 1999. [.pdf] A. Condon, J. Feigenbaum, C. Lund, and P. Shor, Probabilistically Checkable Debate Systems and Nonapproximability Results for PSPACE-Hard Functions, Chicago Journal of Theoretical Computer Science, volume 1995, number 4. A. Condon, J. Feigenbaum, C. Lund, and P. Shor, Random Debaters and the Hardness of Approximating Stochastic Functions; SIAM Journal on Computing, 26 (1997), pp. 369-400. Extended abstract appears in Proceedings of the 1994 IEEE Conference on Structure in Complexity Theory. [.ps] J. Feigenbaum, D. Koller, and P. Shor, A Game-Theoretic Classification of Interactive Complexity Classes; submitted for journal publication. Extended abstract appears in Proceedings of the 1995 IEEE Conference on Structure in Complexity Theory. B. Schneier and A. Shostack, Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards, First USENIX Symposium on Smart Cards, USENIX Press. V. Shoup, Factoring polynomials over finite fields: asymptotic complexity vs. reality; in Proc. IMACS Symposium, Lille, France, 1993. [.ps.Z] V. Shoup and A. Rubin, Session-key distrubution using smart cards; in Proc. Eurocrypt '96, pp. 321-31, 1996. [.ps.Z] V. Shoup, Fast construction of irreducible polynomials over finite fields; Journal of Symbolic Computation 17:371-391, 1994; extended abstract in Proc. 4th Annual Symposium on Discrete Algorithms, pp. 484-492, 1993. [.ps.Z] V. Shoup, New algorithms for finding irreducible polynomials over finite fields; Mathematics of Computation 54:435-447, 1990; extended abstract in Proc. 29th Annual Symposium on Foundations of Computer Science, pp. 283-290, 1988. [.ps.Z] V. Shoup and R. Gennaro, Securing Threshold Cryptosystems against Chosen Ciphertext Attack, Proceedings of EUROCRYPT'98, Springer-Verlag LNCS 1403, pp.1-16. [.ps] V. Shoup, Searching for primitive roots in finite fields; Mathematics of Computation 58:369-380, 1992; extended abstract in Proc. 22nd ACM Symposium on Theory of Computation, pp. 546-554, 1990. [.ps.Z] D. Beaver, J. Feigenbaum, R. Ostrovsky, and V. Shoup, Instance-Hiding Proof Systems; submitted for journal publication. Available as DIMACS Technical Report 93-65, Rutgers University, Piscataway, 1993. [.ps.Z] V. Shoup and R. Peralta, Primality testing with fewer random bits; Computational Complexity 3:355-367, 1993. [.ps.Z] V. Shoup, A fast deterministic algorithm for factoring polynomials over finite fields of small characteristic; in Proc. 1991 International Symposium on Symbolic and Algebraic Computation, pp. 14-21, 1991. [.ps.Z] V. Shoup, On fast and provably secure message authentication based on universal hashing; in Proc. Crypto '96, pp. 313-328, 1996. This contains some corrections to the conference version. [.ps.Z] V. Shoup and A. Rubin, Session Key Distribution Using Smart Cards; Proc. of Eurocrypt '96 (May, 1996). [.ps] V. Shoup, A new polynomial factorization algorithm and its implementation; Journal of Symbolic Computation 20:363-397, 1995. [.ps.Z] V. Shoup, On the deterministic complexity of factoring polynomials over finite fields; Information Processing Letters 33:261-267, 1990. [.ps.Z] V. Shoup and R. Cramer, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack; May 1998. [.ps.Z] V. Shoup and E. Kaltofen, Subquadratic-time factorization of polynomials over finite fields; in Proc. 27th ACM Symposium on Theory of Computation, 1995, Mathematics of Computation, 1998. [.ps.Z] V. Shoup and E. Bach, Factoring polynomials using fewer random bits; Journal of Symbolic Computation 9:229-239, 1990. [.ps.Z] N. Asokan, V. Shoup, and M. Waidner, Asynchronous Protocols for Optimistic Fair Exchange, Proceedings of the IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, pp. 86-99. Corrected version. [.ps.gz] V. Shoup, On the security of a practical identification scheme, in Proc. Eurocrypt '96, pp. 344-353, 1996. [.ps.Z] V. Shoup, A note on session-key distrubution using smart cards; manuscript, 1996. This contains some corrections and modifications to the previous paper. [.ps.Z] V. Shoup and R. Smolensky, Lower bounds for polynomial evaluation and interpolation problems; Computational Complexity, 6:301-311, 1997; preliminary version in Proc. 31st Annual Symposium on Foundations of Computer Science, pp. 378-383, 1991. [.ps.Z] N. Asokan, V. Shoup, and M. Waidner, Optimistic fair exchange of digital signatures, IBM Research Report RZ 2973, 1997. This is the full length version of the extended abstract in Proc. Eurocrypt '98. [.ps] V. Shoup, Smoothness and factoring polynomials over finite fields; Information Processing Letters 39:39-42, 1991. [.ps.Z] D. Beaver, J. Feigenbaum, and V. Shoup, Hiding Instances in Zero-Knowledge Proof Systems (extended abstract), in Advances in Cryptology - Crypto '90, Lecture Notes in Computer Science, vol. 537, Springer, Berlin, 1991, pp. 326-338. [.pdf] V. Shoup and J. Buchmann, Constructing nonresidues in finite fields and the Extended Riemann Hypothesis; Mathematics of Computation 65(215):1311-1326, 1996; extended abstract in Proc. 23rd ACM Symposium on Theory of Computation, pp. 72-79, 1991. [.ps.Z] V. Shoup and J. von zur Gathen, Computing Frobenius maps and factoring polynomials; Computational Complexity 2:187-224, 1992; extended abstract in Proc. 24th ACM Symposium on Theory of Computing, pp. 97-105, 1992. [.ps.Z] V. Shoup, F. Lehmann, M. Mauerer, and V. Mueller, Counting the number of points on elliptic curves of characteristic greater than three; in Proc. First Algorithmic Number Theory Symposium, pp. 60-70, 1994. [.ps.Z] V. Shoup, Lower bounds for discrete logarithms and related problems; in Proc. Eurocrypt '97, pp. 256-266, 1997. This is a revision of the conference version. [.ps.Z] V. Shoup, Why chosen ciphertext security matters, Preprint, 1998. [.ps.Z] V. Shoup, Removing Randomness from Computational Number Theory; Ph. D. Thesis, University of Wisconsin, 1989. [.ps.Z] V. Shoup and E. Kaltofen, Faster polynomial factorization over high algebraic extensions of finite fields; in Proc. 1997 International Symposium on Symbolic and Algebraic Computation. [.ps.Z] R. Cramer and V. Shoup, Signature schemes based on the Strong RSA Assumption, Preprint, 1998. [.ps.Z] M. Jakobsson, E. Shriver, B. Hillyer, and A. Juels, A Practical Secure Physical Random Bit Generator, ACM Security 1998. [.pdf] [.ps] R. Rivest, M.J.B. Robshaw, R. Sidney, and Y. Yin, The RC6 Block Cipher; a block cipher submitted for consideration as the new AES [.pdf] [.ps] Y. Matias, A. Mayer, and A. Silberschatz Lightweight Security Primitives for E-Commerce, Proc. USENIX Symposium On Internet Technologies and Systems (USITS), 1997. [.ps] G. Simmons and C. Meadows, The Role of Trust in Information Integrity Protocols, Journal of Computer Security, Vol. 3, No. 2, 1994. [.pdf] [.ps] J. Kim, D. Simon, and P. Tetali, Limits on the Efficiency of One-Way Permutation-Based Hash Functions, 1999. D. Wagner, L. Simpson, E. Dawson, J. Kelsey, W. Millan and B. Schneier, Cryptanalysis of ORYX, Fifth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1998, pp. 296-305. S. Simpson, PGP DH vs PGP RSA, 1999. M. Furer, O. Goldreich, Y. Mansour, M. Sipser, and S. Zachos, On Completeness and Soundness in Interactive Proof Systems, 1989. [.ps] M. Skala, A Limited-Diffusion Algorithm for Blind Substring Search, Proceedings of the 10th Annual Canadian Information Technology Security Symposium, 1-5 June 1998, Ottawa, Ontario, pp. 397-410. C. Bennett, G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer protocols; In Advances in Cryptology: Proceedings of Crypto '91, volume 576 of Lecture Notes in Computer Science, pages 351-366. Springer-Verlag, 1992. [.ps.gz] A. Smith and A. Stiglic, Multiparty computation unconditionally secure against Q^2 adversary structure, McGill Tech. Report, 1998. [.pdf] B. Chor, J. Freidmann, O. Goldreich, J. Hastad, S. Rudich, and R. Smolensky, The Bit Extraction Problem or t-Resilient Functions; 1985. [.ps] V. Shoup and R. Smolensky, Lower bounds for polynomial evaluation and interpolation problems; Computational Complexity, 6:301-311, 1997; preliminary version in Proc. 31st Annual Symposium on Foundations of Computer Science, pp. 378-383, 1991. [.ps.Z] C. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, Experimental quantum cryptography; Journal of Cryptology, vol. 5, no. 1, 1992, pp. 3 - 28. Preliminary version in Advances in Cryptology - Eurocrypt '90 Proceedings, May 1990, Springer - Verlag, pp. 253 - 265. [.ps.gz] D. Beaver and N. So, Global, Unpredictable Bit Generation Without Broadcast (extended abstract); Advances in Cryptology - Eurocrypt '93, Springer-Verlag, 1994, 424-434. [.pdf] M. Abadi, S. Glassman, M. Manasse, P. Gauthier, and P. Sobalvarro, The Millicent Protocol for Inexpensive Electronic Commerce, World Wide Web Journal -- Fourth International World Wide Web Conference Proceedings, O'Reilly & Associates, Inc. (December 1995), 603-618. J. Bull, L. Gong, and K. R. Sollins, Towards Security in an Open Systems Federation, Proceedings of the European Symposium on Research in Computer Security, Toulouse, France, November, 1992. Published as Lecture Notes in Computer Science, Vol.648, Springer-Verlag, 1992, pp. 3-20. [.ps.Z] C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram, and D. Zamboni, Analysis of a Denial of Service Attack on TCP, Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, California, May 5-7, 1997. [.ps.gz] J. Feigenbaum, L. Fortnow, C. Lund, and D. Spielman, The Power of Adaptiveness and Additional Queries in Random-Self-Reductions, Computational Complexity, 4 (1994), pp. 158-174. Extended Abstract in Proceedings of the 1992 IEEE Conference on Structure in Complexity Theory. M. Luby and J. Staddon, Combinatorial Bounds for Broadcast Encryption, Eurocrypt, June 1-4, 1998. [.ps] D. Bleichenbacher, B. Kaliski, and J. Staddon, Recent results on PKCS #1: RSA encryption standard [.pdf], RSA Laboratories' bulletin #7, June 1998. [.pdf] [.ps] C. Cachin, S. Micali, and M. Stadler, Computationally private information retrieval with polylogarithmic communication, Advances in Cryptology: EUROCRYPT '99, LNCS vol. 1592, Springer-Verlag, 1999, pp. 402-414. [.pdf] [.ps] [.ps.gz] J. Camenisch, J.-M. Piveteau, and M. Stadler, An Efficient Electronic Payment System Protecting Privacy, Computer Security -- ESORICS 94, Lecture Notes in Computer Science v. 875, pp. 207-215, Springer Verlag, 1994. [.txt - abstract] [.pdf] [.ps] J. Camenisch, J.-M. Piveteau, and M. Stadler, Fair Anonyme Zahlungssysteme, Proceedings of GISI 95 - Herausforderungen eine globalen Informationsverbundes für die Informatik, Informatik aktuell, Springer Verlag, 1995, pp. 254-265. [.ps] [.ps.Z] [.ps.gz] J. Camenisch, J.-M. Piveteau, and M. Stadler, An Efficient Fair Payment System, Proceedings of 3rd ACM Conference on Computer Communications Security, ACM press, March 1996, pp. 88-94. [.ps] J. Camenisch, U. Maurer, and M. Stadler, Digital Payment Systems with Passive Anonymity-Revoking Trustees, Journal of Computer Security, v. 5, n. 1, IOS Press, 1997. [.ps] [.ps.Z] [.ps.gz] J. Camenisch, J.-M. Piveteau, and M. Stadler, Blind Signatures Based on the Discrete Logarithm Problem, Advances in Cryptology - EUROCRYPT '94, Lecture Notes in Computer Science v. 950, Springer Verlag, 1995, pp. 428-432. [.txt - abstract] [.pdf] [.ps] J. Camenisch, U. Maurer, and M. Stadler, Digital Payment Systems with Passive Anonymity-Revoking Trustees, Journal of Computer Security, vol. 5, no. 1, pp. 69-89, 1997, (Preliminary version in Proc. ESORICS'96). [.txt - abstract] [.pdf] [.ps] M. Stadler, J.-M. Piveteau, and J. Camenisch, Fair Blind Signatures, Advances in Cryptology -- EUROCRYPT '95, Lecture Notes in Computer Science v. 921, pp. 209-219, Springer Verlag, 1995. [.txt - abstract] [.pdf] [.ps] J. Camenisch and M. Stadler, Efficient Group Signature Schemes for Large Groups, Advances in Cryptology -- CRYPTO '97, Lecture Notes in Computer Science v. 1294, Springer Verlag, 1997, pp. 410-424. [.ps] [.ps.Z] [.ps.gz] J. Camenisch and M. Stadler, Proof Systems for General Statements about Discrete Logarithms, Techreport TR 260, 13 pp. Institute for Theoretical Computer Science, ETH Zürich, March 1997. [.txt - abstract] [.ps] [.ps.gz] F. Stajano and R. Anderson, The Cocaine Auction Protocol: On the Power of Anonymous Broadcast, Third International Workshop on Information Hiding, Dresden, Germany, 1999. F. Stajano and R. Anderson, The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, 7th International Workshop on Security Protocols, Cambridge, UK, April 1999, Springer LNCS vol 1796, pp 172-182. F. Stajano and R. Anderson, The Grenade Timer: Fortifying the Watchdog Timer Against Malicious Mobile Code, 7th International Workshop on Mobile Multimedia Communications (MoMuC 2000), Waseda, Tokyo, Japan. [.pdf] F. Stajano, The Resurrecting Duckling -- What Next?, 8th International Workshop on Security Protocols, Cambridge, UK, April 2000, Springer LNCS. [.pdf] Y. Amir, G. Ateniese, D. Hasse, Y. Kim, C. Nita-Rotaru, T. Schlossnagle, J. Schultz, J. Stanton, and G. Tsudik, Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments, 2000 International Conference on Distributed Computing Systems. [.pdf] M. Abadi, A. Birrell, R. Stata, and E. Wobbe |