Bruce Schneier

 

Home

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

Computer Security Articles

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography and Computer Security Resources

Contact Information

 

Crypto Bibliography

All citations, arranged by author

M. Abadi, Protection in Programming-Language Translations, Automata, Languages and Programming: 25th International Colloquium, ICALP'98 (July 1998), 868-883. Also appeared as SRC Research Report 154 (April 1998).

M. Abadi, C. Fournet, and G. Gonthier, Secure Implementation of Channel Abstractions, Proceedings of the Thirteenth Annual IEEE Symposium on Logic in Computer Science (June 1998), 105-116. [.ps]

M. Abadi, M. Burrows, and R. Needham A Logic of Authentication, Proceedings of the Royal Society, Series A, 426, 1871 (December 1989), 233-271. Also appeared as SRC Research Report 39 and, in a shortened form, in ACM Transactions on Computer Systems 8, 1 (February 1990), 18-36. [.ps]

M. Abadi, L. van Doorn, M. Burrows, and E. Wobber, Secure Network Objects, Proceedings of the 1996 IEEE Symposium on Security and Privacy (May 1996), 211-221. [.ps]

M. Abadi, T. Mark, A. Lomas, and R. Needham, Strengthening Passwords; SRC Technical Note 1997-033 (September/December 1997). [.ps]

M. Abadi, C. Fournet, and G. Gonthier, Secure Communications Processing for Distributed Languages, Proceedings of the 1999 IEEE Symposium on Security and Privacy (May 1999), 74-88. [.ps]

M. Abadi and A. Gordon, A Calculus for Cryptographic Protocols: The Spi Calculus, SRC Research Report 149 (January 1998). [.ps]

M. Abadi and A. Gordon, A Bisimulation Method for Cryptographic Protocols, Nordic Journal of Computing 5, 4 (Winter 1998), 267-303. [.ps]

M. Abadi, Secrecy by Typing in Security Protocols. Journal of the ACM. [.ps]

M. Abadi, E. Allender, A. Broder, J. Feigenbaum, and L. Hemachandra, On Generating Solved Instances of Computational Problems, Advances in Cryptology -- CRYPTO '88, Springer-Verlag (August 1988), 297-310. [.ps]

M. Abadi, J. Feigenbaum, and J. Kilian, On Hiding Information from an Oracle Journal of Computer and System Sciences 39, 1 (August 1989), 21-50. [.ps]

M. Abadi and M. Tuttle, A Semantics for a Logic of Authentication, Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing (August 1991), 201-216. [.ps]

M. Abadi, M. Burrows, C. Kaufman, and B. Lampson, Authentication and Delegation with Smart-Cards, Science of Computer Programming 21, 2 (October 1993), 93-113. [.ps]

M. Abadi, E. Wobber, M. Burrows, and B. Lampson, Authentication in the Taos Operating System, ACM Transactions on Computer Systems 12, 1 (February 1994), 3-32. (Also appeared as SRC Research Report 117.) [.ps]

M. Abadi, On SDSI's Linked Local Name Spaces, Journal of Computer Security 6, 1-2 (1998), 3-21. [.ps]

M. Abadi, A. Birrell, R. Stata, and E. Wobber, Secure Web Tunneling, Proceedings of the Seventh International World Wide Web Conference. Computer Networks and ISDN Systems 30, 1-7 (April 1998), 531-539.

M. Abadi, S. Glassman, M. Manasse, P. Gauthier, and P. Sobalvarro, The Millicent Protocol for Inexpensive Electronic Commerce, World Wide Web Journal -- Fourth International World Wide Web Conference Proceedings, O'Reilly & Associates, Inc. (December 1995), 603-618.

M. Abadi, Security Protocols and Specifications, Foundations of Software Science and Computation Structures: Second International Conference, FOSSACS '99 (March 1999), 1-13. [.ps]

M. Abadi, M. Burrows, and R. Needham, The Scope of a Logic of Authentication, Distributed Computing and Cryptography: Proceedings of a DIMACS Workshop (October 1989), 119-126. Also appeared as appendix to SRC Research Report 39. [.ps]

M. Abadi, On SDSI's Linked Local Name Spaces, Proceedings of the 10th IEEE Computer Security Foundations Workshop (June 1997), 98-108. [.ps]

M. Abadi and J. Feigenbaum, Secure Circuit Evaluation: A Protocol Based on Hiding Information from an Oracle Journal of Cryptology 2, 1 (May 1990), 1-12. [.ps]

M. Abadi and A. Gordon, A Bisimulation Method for Cryptographic Protocols, Programming Languages and Systems: 7th European Symposium on Programming, ESOP '98 (April 1998), 12-26. [.ps]

M. Abadi and R. Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering 22, 1 (January 1996), 6-15. [.ps]

M. Abadi, B. Lampson, M. Burrows, and E. Wobber, Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems 10, 4 (November 1992), 265-310. (Also appeared as SRC Research Report 83.) [.pdf]

M. Abadi, Two Facets of Authentication, Proceedings of the 11th IEEE Computer Security Foundations Workshop (June 1998), 25-32. Also appeared as SRC Technical Note 1998-007 (March 1998).

M. Abadi, Secrecy by Typing in Security Protocols, Theoretical Aspects of Computer Software, Springer-Verlag (September 1997), 611-638. [.ps]

M. Abadi, Explicit Communication Revisited: Two New Attacks on Authentication Protocols, IEEE Transactions on Software Engineering 23, 3 (March 1997), 185-186. [.ps]

M. Abadi, M. Burrows, B. Lampson, and G. Plotkin, A Calculus for Access Control in Distributed Systems, ACM Transactions on Programming Languages and Systems 15, 4 (September 1993), 706-734. (Also appeared as SRC Research Report 70.) [.ps]

M. Abdalla and O. Duarte, Analysis of CAC Mechanisms for ATM Networks [.ps.gz], in Proc. of the 15th Brazilian Telecommunications Symposium, Recife, PE, September 1997. Portuguese. [.pdf] [.ps.gz]

M. Abdalla, M. Bellare, and P. Rogaway, DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem [.ps.gz] [.ps] [.pdf], Contributions to P1363, September 1998. [.ps]

M. Abdalla, W. Cirne, L. Franklin, A. Sterrett, and K. Marzullo, Chimichanga: A Fault-tolerant Asynchronous Communication Infrastructure for Mobile Agents, March 1998. [.pdf] [.ps.gz]

M. Abdalla, Y. Shavitt, and A. Wool, Towards Making Broadcast Encryption Practical [.ps.gz], Financial Cryptography '99, Anguilla, BWI, February 1999. [.ps.gz]

M. Abdalla, W. Cirne, L. Franklin, and A. Tabbara, Security Issues in Agent Based Computing, in Proc. of the 15th Brazilian Symposium on Computer Networks, Campinas, SP, May 1997. [.pdf]

H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, P. Neumann, R. Rivest, J. Schiller, and B. Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption [PDF]. An earlier version appeared in World Wide Web Journal, v.2, n.3, 1997, pp. 241-257.

C. Adams, H. Heys, S. Tavares, and M. Wiener, An Analysis of the CAST-256 Cipher, Proceedings of IEEE Canadian Conference on Electrical and Computer Engineering, 1999. [.ps]

I. Agi and L. Gong, An Empirical Study of Secure MPEG Video Transmissions, Proceedings of the Internet Society Symposium on Network and Distributed System Security, pp.137--144, San Diego, California, February, 1996.

W. Aiello, M. Bellare, G. Di Crescenzo, and R. Venkatesan, Security amplification by composition: The case of doubly-iterated, ideal ciphers, Extended abstract in Advances in Cryptology -- Crypto 98 Proceedings, Lecture Notes in Computer Science v. 1462, H. Krawczyk ed, Springer-Verlag, 1998. Full version available.

N. Alon, O. Goldreich, J. Hastad, and R. Peralta, Simple Constructions of Almost $k$-wise Independent Random Variables; June 1992. [.ps] Addendum: [.ps]

Y. Amir, G. Ateniese, D. Hasse, Y. Kim, C. Nita-Rotaru, T. Schlossnagle, J. Schultz, J. Stanton, and G. Tsudik, Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments, 2000 International Conference on Distributed Computing Systems. [.pdf]

P. Ammann, S. Jajodia, and I. Ray, P. Ammann, S. Jajodia, and I. Ray, ``Ensuring atomicity of multilevel transactions, Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1996, pp. 74-84. [.ps]

P. Ammann, S. Jajodia, D. McCollum, and b. Blaustein, Surviving information warfare attacks on databases, Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1997, pages 31-42. [.ps]

J. An and M. Bellare, Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions, Advances in Cryptology - Crypto 99 Proceedings, LNCS v. 1666, M. Wiener ed., Springer-Verlag, 1999. Full version available.

R. Anderson, Crypto in Europe - Markets, Law and Policy, Cryptography: Policy and Algorithms, Springer LNCS v 1029 pp 75-89. [.ps.Z]

R. Anderson, F. Bergadano, B. Crispo, J. Lee, C. Manifavas, and R. Needham, A New Family of Authentication Protocols, Operating Systems Review, vol. 32, n. 4, pp. 9-20, October 1998, ACM Press. [.ps.gz]

R. Anderson, C. Manifavas, and C. Sutherland, NetCard - A Practical Electronic Cash Scheme, 1996 Cambridge Workshop on Security Protocols. [.ps.gz]

R. Anderson, The Eternity Service, Pragocrypt '96.

R. Anderson and R. Needham, Programming Satan's Computer, Computer Science Today, LNCS 1000, Springer-Verlag, 1995, pp 426-441. [.ps.gz]

R. Anderson and M. Roe, The GCHQ Protocol and its Problems, Eurocrypt 97. [.ps.Z] [.ps.gz]

R. Anderson, V. Matyas, F. Petitcolas, I. Buchan, and R. Hanka, On the Importance of Trusted Distribution and Authentic Channels for the Distribution of Medical Knowledge,

R. Anderson, R. Needham, and A. Shamir, The Steganographic File System. [.ps.gz]

R. Anderson, Security of clinical information systems

R. Anderson, E. Biham, and L. Knudsen, Serpent and Smartcards, CARDIS '98.

R. Anderson, V. Matyas, and F. Petitcolas, Secure Books: Protecting the Secure Distribution of Knowledge, Security Protocols Workshop, 1997.

R. Anderson and E. Biham, Two Practical and Provably Secure Block Ciphers: BEAR and LION, CS 875, December 1995; Fast Software Encryption 3, 1996, LNCS 1039. [.ps.gz]

R. Anderson, Editing `Computer and Communications Security Reviews'

R. Anderson and R. Needham, Robustness Principles for Public Key Protocols, in Advances in Cryptology - CRYPTO 95, Springer LNCS v. 963, pp. 236-247. [.ps.gz]

R. Anderson and M. Kuhn, Tamper Resistance - a Cautionary Note, The Second USENIX Workshop on Electronic Commerce Proceedings, Oakland, California, November 18-21, 1996, pp. 1-11, ISBN 1-880446-83-9. [.pdf]

R. Anderson, Reliability of security systems.

R. Anderson and S. Bezuidenhoudt, On the Reliability of Electronic Payment Systems, IEEE Transactions on Software Engineering v. 22 no. 5 (May 96) pp 294-301. [.ps.gz]

R. Anderson and F. Peticolas, On the Limits of Steganography, IEEE Journal on Selected Areas in Communications (J-SAC), Special Issue on Copyright & Privacy Protection, vol. 16 no. 4, pp. 474-481, May 1998.

R. Anderson, Robustness of cryptographic protocols

R. Anderson, V. Matyas, and F. Petitcolas, The Eternal Resource Locator: An Alternative Means of Establishing Trust on the World Wide Web, 3rd USENIX workshop on electronic commerce, ISBN 1-880-446-97-9, pp. 141-153. [.pdf]

R. Anderson, Why Cryptosystems Fail, Communications of the ACM v. 37 no. 11 (Nov 94) pp. 32-40. [.ps.gz]

R. Anderson, Analysis and design of cryptographic algorithms

R. Anderson, How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering),

R. Anderson, Stretching the Limits of Steganography, Info Hiding 96, pp. 39-48. [.ps.gz]

R. Anderson, Privacy and freedom issues

R. Anderson, S. Vaudenay, B. Preneel, and K. Nyberg, The Newton Channel, Info Hiding 96, pp. 39-48. [.ps.Z] [.ps.gz]

R. Anderson and E. Biham, Tiger: A Fast New Hash Function, Fast Software Encryption 3, 1996, LNCS 1039 [.ps.gz]

R. Anderson, B. Crispo, C. Manifavas, V. Matyas, and F. Petitcolas, The Global Trust Register, Datasem '98, pp 219-241, Brno, Czech Republic, October 1998.

R. Anderson and M. Kuhn, Low Cost Attacks on Tamper Resistant Devices, Security Protocols, 5th International Workshop, Paris, France, April 7-9, 1997, Proceedings, Springer-Verlag, LNCS 1361, pp. 125-136. [.pdf]

R. Anderson, Tempest and other recent work.

V. Anupam, A. Mayer, K. Nissim, B. Pinkas, and M. Reiter On the Security of Pay-per-Click and Other Web Advertising Schemes, Proc. 8th World Wide Web Conference, 1999.

V. Anupam and A. Mayer, Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies, Proc. 7th USENIX Security Symposium, 1998. [.pdf]

K. Aoki and H. Lipmaa, Fast Implementations of AES Candidates, AES3 conference, New York City, USA, 13--14 April 2000.

P. Ashley, M. Vandenwauver, and J. Claessens, Using SESAME to Secure Web Based Applications on an Intranet, Secure Information Networks, Proceedings of the IFIP TC6/TC11 Joint Working Conference on Communications and Multimedia Security (CMS'99). Leuven, Belgium, September 20-21, 1999. pp 303-317. [.ps.gz]

P. Ashley, M. Vandenwauver, and J. Claessens, A Comparison of SESAME and SSL for Intranet and Internet Security, IFIP WG 11.1 & 11.2 Information Security Management and Small Systems Security, 1998, pp 60-69. [.ps.gz]

N. Asokan, Anonymity in a Mobile Computing Environment, Proceedings of the Workshop on Mobile Computing Systems and Applications, Santa Cruz, Dec. 1994. [.ps.gz]

N. Asokan, G. Tsudik, and M. Waidner, Server-Supported Signatures, Journal of Computer Security, 5(1), pp 91-108, 1997. [.ps.gz]

N. Asokan, V. Shoup, and M. Waidner, Optimistic fair exchange of digital signatures, IBM Research Report RZ 2973, 1997. This is the full length version of the extended abstract in Proc. Eurocrypt '98. [.ps]

N. Asokan, D. Samfat, and R. Molva, Untraceability in Mobile Networks, Proceedings of the ACM International Conference on Mobile Computing and Networking, Berkeley, Nov. 1995. [.ps.gz]
An improved version is also available. [.ps.gz]

N. Asokan, V. Shoup, and M. Waidner, Asynchronous Protocols for Optimistic Fair Exchange, Proceedings of the IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, pp. 86-99. Corrected version. [.ps.gz]

G. Ateniese, C. Blundo, A. De Santis, and D. Stinson, Extended capabilities for visual cryptography; Submitted to Theoretical Computer Science. [.ps]

G. Ateniese, C. Blundo, A. De Santis, and D. Stinson, Visual cryptography for general access structures; Information and Computation 129 (1996), 86-106. [.ps]

G. Ateniese, D. Hasse, O. Chevassut, Y. Kim, and G. Tsudik, The Design of a Group Key Agreement API, IBM Research Report. Also in DARPA Information Survivability Conference And Exposition (DISCEX) 2000.

G. Ateniese, M. Steiner, and G. Tsudik, Authenticated Group Key Agreement and Related Issues, in Fifth ACM Conference on Computer and Communications Security, San Francisco, CA, November 1998. [.ps.gz]

M. Atici, S. Magliveras, D. Stinson, and W.-D. Wei, Some recursive constructions for perfect hash families; Journal of Combinatorial Designs 4 (1996), 353-363. [.ps]

M. Atici, D. Stinson, and R. Wei, A new practical algorithm for the construction of a perfect hash function; Submitted to Algorithmica. [.ps]

M. Atici and D. Stinson, Universal hashing and multiple authentication; Lecture Notes in Computer Science 1109 (1996), 16-30 (Advances in Cryptology - CRYPTO '96). [.ps]

D. Atkins, M. Graff, A. Lenstra, and P. Leyland, The Magic Words are Squeamish Ossifrage (extended abstract), Asiacrypt 1994. [.ps]

T. Aura, Modelling the Needham-Schröder authentication protocol with high level Petri nets, Digital Systems Laboratory Report B14, September 1995.

T. Aura, Practical invisibility in digital communication, Proceedings of the Workshop on Information Hiding, Cambridge, England, May 1996, pp. 265-278, Lecture Notes in Computer Science 1174, Springer Verlag 1996.

T. Aura, Strategies against replay attacks, Proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport MA, June 1997, pp. 59-68.

T. Aura, P. Koponen, and J. Räsänen, Delegation-based access control for intelligent network services, Proceedings of ECOOP Workshop on Distributed Object Security, Brussels, Belgium, July 1998. [.ps]

B. Awerbuch, O. Goldreich, D. Peleg, and R. Vainish, A Trade-off between Information and Communication in Broadcast Protocols; June 1989. [.ps]

A. Back, U. Möller, and A. Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems, Proceedings of the 4th Information Hiding Workshop (IHW2001), Springer-Verlag, LNCS v. 2137, pp. 243-254. [.pdf]

S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, A Message Authentication Code based on Latin Squares, Australian Conference on Information Security and Privacy (ACISP '97), Springer-Verlag, LNCS 1270, pp. 194-203, 1997. [.ps.Z]

S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk, On Password-Based Authenticated Key Exchange using Collisionful Hash Functions. In Australian Conference on Information Security and Privacy (ACISP '96), Springer-Verlag, LNCS 1172, pp. 299-310, 1996. [.ps.Z]

S. Bakhtiari, R. Safavi-Naini, and J. Piprzyk, On Selectable Collisionful Hash Functions, Australian Conference on Information Security and Privacy (ACISP '96), Springer-Verlag, LNCS 1172, pages 287-298, 1996. [.ps.Z]

T. Baldin, G. Bleumer, and R. Kanne, CryptoManager - Eine intuitive Programmierschnittstelle für kryptographische Systeme; Sicherheitsschnittstellen - Konzepte, Anwendungen und Einsatzbeispiele, Proc. Workshop Security Application Programming Interfaces 94, Deutscher Universitäts Verlag, München 1994, 79-94. [.ps.gz]

T. Baldin and G. Bleumer, CryptoManager++ -- An object oriented software library for cryptographic mechanisms; 12th IFIP International Conference on Information Security (IFIP/Sec '96), Chapman & Hall, London 1996, 489-491. [.ps.gz]

D. Balfanz and L. Gong, Experience with Secure Multi-Processing in Java, Proceedings of the 18th IEEE International Conference on Distributed Computing Systems (ICDCS), Amsterdam, Netherlands, May 1998. [.ps.gz]

J. Bar-Ilan and D. Beaver, Non-Cryptographic Fault-Tolerant Computing in a Constant Expected Number of Rounds of Interaction (extended abstract); Proceedings of PODC, ACM, 1989, 201-209. [.pdf]

R. Bar-Yehuda, B. Chor, E. Kushilevitz, and A. Orlitsky, Privacy, Additional Information, and Communication, IEEE IT 39(6), 1993, pp. 1930-1943. [.ps.Z]

N. Baric and B. Pfitzmann, Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees; Eurocrypt '97, LNCS 1233, Springer-Verlag, Berlin 1997, 480-494. [.ps.gz]

E. Basturk, M. Bellare, C. S. Chow, and R. Guerin, Secure transport protocols for high-speed networks, IBM Research Report 19981, March, 1994.

O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, and S. Vaudenay, Report on the AES Candidates, Proceedings of the Second AES Candidate Conference, Rome, Italy, 1999. [.pdf]

B. Baum-Waidner, B. Pfitzmann, and M. Waidner, Unconditional Byzantine Agreement with Good Majority; STACS'91, LNCS 480, Springer-Verlag, Heidelberg 1991, 285-295. [.ps.gz]

D. Bayer, S. Haber, and W. Stornetta, Improving the Efficiency and Reliability of Digital Time-Stamping, Sequences II: Methods in Communication, Security, and Computer Science, eds. R. Capocelli, A. DeSantis, and U. Vaccaro, Springer-Verlag, 1993, pp. 329-334. [.pdf]

P. Beauchemin, G. Brassard, C. Crépeau, C. Goutier, and C. Pomerance, Two observations on probabilistic primality testing; In Advances in Cryptology: Proceedings of Crypto '86, volume 263 of Lecture Notes in Computer Science, pages 443-450. Springer-Verlag, 1987. [.ps.gz]

P. Beauchemin, G. Brassard, C. Crépeau, C. Goutier, and C. Pomerance, The generation of random numbers that are probably prime, Journal of Cryptology, 1(1):53-64, 1988. [.ps]

D. Beaver, S. Micali, and P. Rogaway, The Round Complexity of Secure Protocols (extended abstract); Proceedings of the 22nd STOC, ACM, 1990, 503-513. [.ps] [.ps.gz]

D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway, Security with Low Communication Overhead (extended abstract), Advances in Cryptology - Crypto '90 Proceedings, Springer-Verlag, 1991, 62-76. [.pdf]

D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway, Locally Random Reductions: Improvements and Applications, Journal of Cryptology, 10 (1997), pp. 17-36. [.pdf] [.ps]

D. Beaver, Commodity-Based Cryptography (extended abstract); Proceedings of the 29th STOC, ACM, 1997, 446-455. [.pdf]

D. Beaver and S. Haber, Cryptographic Protocols Provably Secure Against Dynamic Adversaries (extended abstract); Advances in Cryptology - Eurocrypt '92, Springer-Verlag, 1993, 307-323. [.pdf]

D. Beaver, J. Feigenbaum, and V. Shoup, Hiding Instances in Zero-Knowledge Proof Systems (extended abstract), in Advances in Cryptology - Crypto '90, Lecture Notes in Computer Science, vol. 537, Springer, Berlin, 1991, pp. 326-338. [.pdf]

D. Beaver, S. Micali, and P. Rogaway, The round complexity of secure protocols; Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, (STOC 90), 1990, 503-513. [.ps] [.ps.gz]

D. Beaver, Foundations of Secure Interactive Computing (extended abstract); Advances in Cryptology - Crypto '91 Proceedings, Springer-Verlag, 1992, 377-391. [.pdf]

D. Beaver and S. Goldwasser, Multiparty Computation with Faulty Majority, Advances in Cryptology: Crypto '89, ed. Gilles Brassard. [.pdf]

D. Beaver and N. So, Global, Unpredictable Bit Generation Without Broadcast (extended abstract); Advances in Cryptology - Eurocrypt '93, Springer-Verlag, 1994, 424-434. [.pdf]

D. Beaver, Efficient Multiparty Protocols Using Circuit Randomization (extended abstract); Advances in Cryptology - Crypto '91 Proceedings, Springer-Verlag, 1992, 420-432. [.pdf]

D. Beaver, How to Break a "Secure" Oblivious Transfer Protocol (extended abstract); Advances in Cryptology - Eurocrypt '92, Springer-Verlag, 1993, 285-296. [.pdf]

D. Beaver, J. Feigenbaum, R. Ostrovsky, and V. Shoup, Instance-Hiding Proof Systems; submitted for journal publication. Available as DIMACS Technical Report 93-65, Rutgers University, Piscataway, 1993. [.ps.Z]

R. Beigel and J. Feigenbaum, On Being Incoherent Without Being Very Hard, Computational Complexity, 2 (1992), pp. 1-17.

A. Beimel, Y. Isahi, T. Malkin, and E. Kushilevitz, One-way functions are essential for single-server private information retrieval, Proc. of the 31st Annu. ACM Symp. on the Theory of Computing (STOC), pp. 89-98, 1999. [.ps]

A. Beimel and B. Chor, Secret Sharing with Public Reconstruction, IEEE Trans. on Info. Theory, 44(5):1887-1896, 1998. Extended abstract in Crypto '95. [.ps]

A. Beimel and M. Franklin, Reliable communication over partially authenticated networks, Theoretical Computer Science, (220)1:185--210, 1999. Preliminary version in WDAG '97, volume 1320 of LNCS, pages 245-259, Springer, 1997. [.ps]

A. Beimel, Secure Schemes for Secret Sharing and Key Distribution, Ph.D. Thesis, Dept. of Computer Science, Technion, 1996. [.ps]

A. Beimel, T. Malkin, and S. Micali, The All-or-Nothing Nature of Two-Party Secure Computation, CRYPTO '99., vol. 1666 of LNCS, pages 80 - 97, 1999. [.ps]

A. Beimel and B. Chor, Universally ideal secret sharing schemes. IEEE Trans. on Info. Theory, 40(3):786-794, 1994. Extended abstract in Crypto '92. [.ps]

A. Beimel and B. Chor, Communication in key distribution schemes, IEEE Trans. on Info. Theory, 42(1):19-28, 1996. Extended abstract in CRYPTO '93, vol. 773 of LNCS, pp. 444-455. 1994. [.ps]

M. Bellare and O. Goldreich, On defining proofs of knowledge. Extended abstract in Advances in Cryptology - Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, E. Brickell ed, Springer-Verlag, 1993. Full version available.

M. Bellare, M. Jakobsson, and M. Yung, Round-optimal zero-knowledge arguments based on any one-way function, Extended abstract in Advances in Cryptology- Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed, Springer-Verlag, 1997.

M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes; Advances in Cryptology - CRYPTO '98, Lecture Notes in Computer Science, Vol. 1462, H. Krawczyk, ed., Springer-Verlag.

M. Bellare and P. Rogaway, Collision-Resistant Hashing: Towards Making UOWHFs Practical; Extended abstract in Advances in Cryptology- Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed, Springer-Verlag, 1997.

M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation, Extended abstract in Proceedings of 38th Annual Symposium on Foundations of Computer Science, IEEE, 1997.

M. Bellare and P. Rogaway, On the construction of variable-input-length ciphers, Proceedings of the 6th Workshop on Fast Software Encryption, LNCS v. 1636, Springer-Verlag, 1999.

M. Bellare, O. Goldreich, and S. Goldwasser, Incremental cryptography: the case of hashing and signing, Advances in Cryptology - Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed, Springer-Verlag, 1994.

M. Bellare and S. Goldwasser, Encapsulated key escrow; Early version was MIT Laboratory for Computer Science Technical Report 688, April 1996.

M. Bellare, R. Canetti, and H. Krawczyk, Pseudorandom functions revisited: The cascade construction and its concrete security, Extended abstract in Proc. 37th Annual Symposium on the Foundations of Computer Science, IEEE, 1996.

M. Bellare, C. Canetti, and H. Krawczyk, Message authentication using hash functions: The HMAC construction, RSA Laboratories' CryptoBytes v. 2, no. 1, Spring 1996.

M. Bellare, A Note on Negligible Functions, Technical Report CS97-529, Department of Computer Science and Engineering, UCSD, March 1997.

M. Bellare and P. Rogaway, Entity Authentication and key distribution. Extended abstract in Advances in Cryptology - Crypto 93 Proceedings, Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994.

M. Bellare, S. Goldwasser, and D. Micciancio, "Pseudo-Random" Number Generation within Cryptographic Algorithms: the DSS Case, Advances in Cryptology -- Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed, Springer-Verlag, 1997.

M. Bellare and A. Sahai, Non-Malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization, Advances in Cryptology - Crypto 99 Proceedings, LNCS v. 1666, M. Wiener ed, Springer-Verlag, 1999.

M. Bellare, G. Di Crescenzo, and P. Rogaway, On the construction of variable-input-length ciphers, Proc. Fast Software Encryption '99. [.ps]

M. Bellare and M. Yung, Certifying permutations: Non-interactive zero-knowledge based on any trapdoor permutation, Journal of Cryptology Vol. 9, No. 1, pp. 149-166, 1996.

M. Bellare, O. Goldreich, and H. Krawczyk, Stateless evaluation of pseudorandom functions: Security beyond the birthday barrier, Advances in Cryptology - Crypto 99 Proceedings, LNCS v. 1666, Springer-Verlag, 1999.

M. Bellare and P. Rogaway, The exact security of digital signatures: How to sign with RSA and Rabin. Extended abstract in Advances in Cryptology - Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed, Springer-Verlag, 1996.

M. Bellare, M. Jakobsson, and M. Yung, Round-optimal zero-knowledge arguments based on any one-way function, extended abstract in Advances in Cryptology- Eurocrypt 97 Proceedings, LNCS v. 1233, Springer-Verlag, 1997.

M. Bellare, R. Guerin, and P. Rogaway, XOR MACs: New methods for message authentication using finite pseudorandom functions. Extended abstract in Advances in Cryptology - Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed, Springer-Verlag,1995.

M. Bellare, O. Goldreich, and M. Sudan, Free Bits, PCPs and Non-Approximability; 1995.

M. Bellare and R. Rivest, Translucent cryptography -- An alternative to key escrow, and its implementation via fractional oblivious transfer. Earlier version was MIT Laboratory for Computer Science Technical Memo No. 683, February 1996.

M. Bellare, J. Garay, and T. Rabin, Distributed Pseudo-Random Bit Generators - A New Way to Speed Up Shared Coin Tossing, Proc. 15th Annual Symp. on Principles of Distributed Computing pp. 191-200, Philadelphia, May 1996. [.ps]

M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols. Extended abstract in Proc. First Annual Conference on Computer and Communications Security, ACM, 1993. Full version available.

M. Bellare and S. Goldwasser, Verifiable partial key escrow, Proc. 4th ACM Conference on Computer and Communications Security, April 1997. Earlier version was Technical Report CS95-447, Department of Computer Science and Engineering, UCSD, October 1995.

M. Bellare and P. Rogaway, Collision-Resistant Hashing: Towards Making UOWHFs Practical, Extended abstract in Advances in Cryptology- Crypto 97 Proceedings, Lecture Notes in Computer Science Vol. 1294, B. Kaliski ed, Springer-Verlag, 1997.

M. Bellare, O. Goldreich, and S. Goldwasser, Randomness in Interactive Proofs; August 1991. [.ps] Addendum, May 1997. [.ps]

M. Bellare, O. Goldreich, and S. Goldwasser, Incremental Cryptography; 1995.

M. Bellare, S. Halevi, A. Sahai, and S. Vadhan, Many-to-one trapdoor functions and their relation to public-key cryptosystems, Extended abstract in Advances in Cryptology -- Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed, Springer-Verlag, 1998.

M. Bellare and S. Miner, A forward-secure digital signature scheme, Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes in Computer Science Vol. 1666, Springer-Verlag, 1999.

M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation; Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97), IEEE, 1997.

M. Bellare and D. Micciancio, A New Paradigm for collision-free hashing: Incrementality at reduced cost, Extended abstract in Advances in Cryptology- Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed, Springer-Verlag, 1997.

M. Bellare, R. Impagliazzo, and M. Naor, Does Parallel Repetition Lower the Error in Computationally Sound Protocols?, Extended abstract in Proceedings of 38th Annual Symposium on Foundations of Computer Science, IEEE, 1997.

M. Bellare and O. Goldreich, Proving computational ability. Manuscript, August 1992.

M. Bellare, J. Garay, C. Jutla, and M. Yung, VarietyCash: A Multi-purpose Electronic Payment System, Proceedings of the 3rd Usenix Workshop on Electronic Commerce, Usenix, 1998.

M. Bellare, T. Krovetz, and P. Rogaway, Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible, Extended abstract in Advances in Cryptology -- Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed, Springer-Verlag, 1998.

M. Bellare and P. Rogaway, Optimal asymmetric encryption -- How to encrypt with RSA, Advances in Cryptology - Eurocrypt 94 Proceedings, Lecture Notes in Computer Science Vol. 950, A. De Santis ed, Springer-Verlag, 1995.

M. Bellare and S. Goldwasser, Encapsulated key escrow. Early version was MIT Laboratory for Computer Science Technical Report 688, April 1996.

M. Bellare, J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, iKP - A Family of Secure Electronic Payment Protocols, Proc. First USENIX Workshop on Electronic Commerce, New York City, July 1995.

M. Bellare, R. Canetti, and H. Krawczyk, Keying hash functions for message authentication. Extended abstract in Advances in Cryptology - Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed, Springer-Verlag, 1996.

M. Bellare, J. Kilian, and P. Rogaway, The security of the cipher block chaining message authentication code; Advances in Cryptology - CRYPTO '94, Lecture Notes in Computer Science, Vol. 839. Y. Desmedt, ed., Springer-Verlag, 1994. Extended abstract in Advances in Cryptology -- Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed, Springer-Verlag, 1994.

M. Bellare and P. Rogaway, Provably secure session key distribution: the three party case. Proc. 27th Annual Symposium on the Theory of Computing, ACM, 1995.

M. Bellare and S. Micali, How to sign given any trapdoor permutation. Journal of the ACM, Vol. 39, No. 1, January 1992, pp. 214-233.

M. Bellare, O. Goldreich, and S. Goldwasser, Incremental cryptography with application to virus protection. Proc. 27th Annual Symposium on the Theory of Computing, ACM, 1995.

M. Bellare, A Note on Negligible Functions; Technical Report CS97-529, Department of Computer Science and Engineering, UCSD, March 1997.

M. Bellare and D. Micciancio, A New Paradigm for collision-free hashing: Incrementality at reduced cost; Extended abstract in Advances in Cryptology- Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed, Springer-Verlag, 1997.

M. Bellare, Practice-Oriented Provable-Security, Proceedings of First International Workshop on Information Security (ISW 97), Lecture Notes in Computer Science Vol. 1396, E. Okamoto, G. Davida and M. Mambo eds., Springer Verlag, 1998.

M. Bellare and P. Rogaway, The complexity of approximating a nonlinear program; Journal of Mathematical Programming B, Vol. 69, No. 3, pp. 429-441, September 1995. [.ps] [.ps.gz]

M. Bellare, R. Canetti, and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, Extended abstract in Proceedings of 30th Annual Symposium on the Theory of Computing, ACM, 1998.

M. Bellare, J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E. Van Herreweghen, and M. Waidner, Design, Implementation and Deployment of the iKP Secure Electronic Payment System, IEEE Journal of Selected Areas in Communications. [.ps]

M. Bellare, J. Garay, and T. Rabin, Fast batch verification for modular exponentiation and digital signatures; Extended abstract in Advances in Cryptology- Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. ??, K. Nyberg ed, Springer-Verlag, 1998.

S. Bellovin, Security Concerns for IPng; RFC 1675, August 1994.

S. Bellovin and M. Merritt, An Attack on the Interlock Protocol When Used for Authentication, IEEE Transactions on Information Theory 40:1, pp. 273-275, January 1994. [.pdf] [.ps]

S. Bellovin, Defending Against Sequence Number Attacks; RFC 1948, May 1996.

S. Bellovin, Packets Found on an Internet; in Computer Communications Review 23:3, pp. 26-31, July 1993. [.pdf] [.ps]

S. Bellovin and M. Merritt, Augmented Encrypted Key Exchange; in Proceedings of the First ACM Conference on Computer and Communications Security, pp. 244-250, November 1993. [.pdf] [.ps]

S. Bellovin, Problem Areas for the IP Security Protocols, Proceedings of the Sixth Usenix Unix Security Symposium, pp. 1-16, San Jose, CA, July 1996. [.pdf] [.ps]

S. Bellovin, A Best-Case Network Performance Model; February 1992. [.pdf] [.ps]

S. Bellovin, Security Problems in the TCP/IP Protocol Suite; in Computer Communications Review 2:19, pp. 32-48, April 1989. [.pdf] [.ps]

S. Bellovin, On Many Addresses per Host; RFC 1681, August 1994.

S. Bellovin and M. Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, Proceedings of the I.E.E.E. Symposium on Research in Security and Privacy, Oakland, May 1992. [.ps]

S. Bellovin, Probable Plaintext Cryptanalysis of the IP Security Protocols, Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, pp. 155-160, February 1997. [.pdf] [.ps]

S. Bellovin, Cryptography and the Internet, Proceedings of CRYPTO '98, August 1998, pp. 46-55. [.pdf] [.ps]

S. Bellovin, There Be Dragons; in Proceedings of the Third Usenix UNIX Security Symposium, pp. 1-16, 1992. [.pdf] [.ps]

S. Bellovin, Using the Domain Name System for System Break-Ins; in Proceedings of the Fifth Usenix UNIX Security Symposium, Salt Lake City, UT, June, 1995. [.pdf] [.ps]

S. Bellovin and M. Merritt, Limitations of the Kerberos Authentication System; in USENIX Conference Proceedings, pp. 253--267, Winter 1991. [.pdf] [.ps]

S. Bellovin, Firewall-Friendly FTP; RFC 1579, February 1994.

I. Ben-Aroya and E. Biham, Differential Cryptanalysis of Lucifer, CS 782, October 1993, Proceedings of Crypto'93, LNCS 773, Journal of Cryptology, Vol. 9, No. 1, pp. 21-34, 1996. [.ps.gz]

S. Ben-David, B. Chor, O. Goldreich, and M. Luby, On the Theory of Average Case Complexity; 1989. [.ps]

A. Ben-Dor, S. Halevi, and A. Schuster, Potential Function Analysis of Greedy Hot-Potato Routing, Proceedings of 13th Annual ACM Symposium on Principles of Distributed Computing, ACM Press, 1994, pp. 225-234. [.ps.gz]

A. Ben-Dor and S. Halevi, 0-1 Permanent is #P-Complete, a Simpler Proof, Proceedings of the 2nd Israeli Symposium on Theory and Computing Systems, IEEE, 1993, pp. 108-117. [.ps.gz]

J. Benaloh and D. Tuinstra, Receipt-Free Secret-Ballot Elections, Proceedings of the 26th ACM Symposium on Theory of Computing, Montreal, PQ, May 1994, pp. 544-553.

J. Benaloh and D. Tuinstra, Uncoercible Communication, Clarkson University Department of Mathematics and Computer Science Technical Report number TR-MCS-94-1, February 1994. [.ps]

J. Benaloh and M. deMare, Efficient Broadcast Time-Stamping, Clarkson University Department of Mathematics and Computer Science Technical Report number TR-MCS-91-1, April 1991. [.ps]

J. Benaloh, Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret, Advances in Cryptology, Proceedings of CRYPTO '86, August 1986. Lecture Notes in Computer Science, ed. G. Goos and J. Hartmanis, v. 263, pp. 251--260, Springer-Verlag, New York, 1987.

J. Benaloh, Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols, Advances in Cryptology, Proceedings of CRYPTO `86. Santa Barbara, CA. August 1986. Lecture Notes in Computer Science, ed. G. Goos and J. Hartmanis, vol. 263, pp. 213--222. Springer-Verlag. New York. 1987.

J. Benaloh, Verifiable Secret-Ballot Elections, Yale University Department of Computer Science Technical Report number 561, September 1987. [.ps]

J. Benaloh and M. deMare, One-way Accumulators: A Decentralized Alternative to Digital Signatures, Advances in Cryptology, Proceedings of EuroCrypt `93, Lofthus, Norway, May 1993. Lecture Notes in Computer Science, ed. G. Goos and J. Hartmanis, v. 765, pp. 274--285, Springer-Verlag, New York, 1994.

J. Benaloh and J. Leichter, Generalized Secret Sharing and Monotone Functions, Advances in Cryptology (Proceedings of CRYPTO `88. Santa Barbara, CA. August 1988. ed. by S. Goldwasser), Lecture Notes in Computer Science, ed. by G. Goos and J. Hartmanis, v. 403, pp. 27--35, Springer-Verlag, New York, 1990.

Benaloh, J. and Yung, M., Distributing the Power of a Government to Enhance the Privacy of Voters, Proceedings of the 5th Symposium on Principles of Distributed Computing, Calgary, AB. August 1986. (New York, USA: ACM 1986), pp. 52-62.

C. Bennett, G. Brassard, C. Crépeau, R. Jozsa, A. Peres, and W. Wootters, Teleporting an unknown quantum state via dual classical and Einstein-Podolsky-Rosen channels; Physical Review Letters, vol. 70, 29 March 1993, pp. 1895 - 1899. [.ps.gz]

C. Bennett, G. Brassard, C. Crépeau, and M.-H. Skubiszewska, Practical quantum oblivious transfer protocols; In Advances in Cryptology: Proceedings of Crypto '91, volume 576 of Lecture Notes in Computer Science, pages 351-366. Springer-Verlag, 1992. [.ps.gz]

C. Bennett, G. Brassard, C. Crépeau, R. Jozsa, A. Peres, and W. Wootters, Teleporting an unkown quantum state by dual classical and EPR channels; Physical Review Letter, 70:1895-1898, 1993. [.ps.gz]

C. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, Experimental quantum cryptography; Journal of Cryptology, vol. 5, no. 1, 1992, pp. 3 - 28. Preliminary version in Advances in Cryptology - Eurocrypt '90 Proceedings, May 1990, Springer - Verlag, pp. 253 - 265. [.ps.gz]

C. Bennett, G. Brassard, and N. Mermin, Quantum cryptography with-out Bell's theorem; Physical Review Letters, vol. 68, no. 5, 3 February 1992, pp. 557 - 559. [.ps.gz]

C.H. Bennett, G. Brassard, C. Crépeau, and U. Maurer, Generalized Privacy Amplification, IEEE Transaction on Information Theory, v. 41, n. 6, November 1995, pp. 1915-1923. [.ps]

F. Bergadano, B. Crispo, and M. Lomas, Strong Authentication and Privacy with Standard Browsers, submitted for publication.

F. Bergadano, B. Crispo, and G. Ruffo, Proactive Password Checking with Decision Trees, Proc. 4th ACM Conference on Computer and Communications Security, Zurich, April 1997.

E. Bertino, S. Jajodia, and P. Samarati, Supporting multiple access control policies in database systems, Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1996, pages 94-107. [.ps]

I. Biehl, J. Buchmann, and Thiel, Cryptographic Protocols Based on Discrete Logarithms in Real-quadratic orders; (CRYPTO94) [.ps.gz]

I. Biehl and J. Buchmann, An analysis of the reduction algorithms for binary quadratic forms; Technical Report No. TI-26/97, 07.11.1997 [.ps.gz]

J. Bierbrauer, K. Gopalakrishnan, and D. Stinson, A note on the duality of linear programming bounds for orthogonal arrays and codes; Bulletin of the ICA 22 (1998), 17-24. [.ps]

J. Bierbrauer, K. Gopalakrishnan, and D. Stinson, Orthogonal arrays, resilient functions, error-correcting codes and linear programming bounds; SIAM J. Discrete Math 9 (1996), 424-452. [.ps]

E. Biham and A. Shamir, Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, Technical report CS91-18, Weizmann Institute of Science CRYPTO'91. [.ps.gz]

E. Biham and A. Shamir, Differential Cryptanalysis of the Full 16-Round DES, CS 708, December 1991, Proceedings of Crypto'92, LNCS 740. [.ps.gz]

E. Biham and A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, Proceedings of Crypto '97. [.ps.gz]

E. Biham and A. Shamir, Power Analysis of the Key Scheduling of the AES Candidates, Second AES conference, 1999. [.ps.gz]

E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, Second AES Candidate Conference, April 1999.

E. Biham, Cryptanalysis of Multiple Modes of Operation, CS 833, October 1994, Proceedings of Asiacrypt '94, LNCS 917, Journal of Cryptology, Vol. 11, No. 1, pp. 45-58, 1998 [.ps.gz]

E. Biham, Cryptanalysis of Ladder-DES, CS 0890, Fast Software Encryption 4, 1997. [.ps.gz]

E. Biham and A. Shamir, Differential Cryptanalsys of DES-Like Cryptosystems, Technical report CS90-16, Weizmann Institute of Science. [.ps.gz]

E. Biham, A. Biryukov, O. Dunkelman, E. Richardson, and A. Shamir, Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR, Proceedings of SAC'98. [.ps.gz]

E. Biham and A. Shamir, Differential cryptanalysis of Feal and N-Hash, Technical report CS91-17, Weizmann Institute of Science, EUROCRYPT'91. [.ps.gz]

E. Biham and A. Biryukov, An Improvement of Davies' Attack on DES, CS 817, May 1994, Proceedings of Eurocrypt'94, LNCS 950, Journal of Cryptology, Vol. 10, No. 3, pp. 195-206, 1997 [.ps.gz]

E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, and A. Shamir, Cryptanalysis of Magenta, distributed at the first AES conference, August 20, 1998. [.ps.gz]

E. Biham and T. Mor, On the Security of Quantum Cryptography Against Collective Attacks, Physical Review Letters, Vol. 78, No. 11, pp. 2256-2259, March 1997 [.ps.gz]

E. Biham, On Modes of Operation, Proceedings of Fast Software Encryption 1, Cambridge Security Workshop, 1993, LNCS 809. [.ps.gz]

E. Biham, New Types of Cryptanalytic Attacks Using Related Keys, CS 753, September 1992, Proceedings of Eurocrypt'93, LNCS 765 Journal of Cryptology, Vol. 7, No. 4, pp. 229-246, 1994. [.ps.gz]

E. Biham, A Note on Comparing the AES Candidates, Second AES conference, 1999.. [.ps.gz] [.ps.gz]

E. Biham, On Matsui's Linear Cryptanalysis, CS 813, April 1994, Proceedings of Eurocrypt'94, LNCS 950. [.ps.gz]

E. Biham, How to Forge DES-Encrypted Messages in 228 Steps, August 1996 . [.ps.gz]

E. Biham, D. Boneh, and O. Reingold, Generalized Diffie-Hellman modulo a composite is not weaker than factoring, Information Processing Letters (IPL).

E. Biham and P. Kocher, A Known Plaintext Attack on the PKZIP Stream Cipher, CS 842, December 1994 Fast Software Encryption 2, Proceedings of the Leuven Workshop, LNCS 1008. [.ps.gz]

E. Biham, B. Huttner, and T. Mor, Quantum Cryptographic Network based on Quantum Memories, Physical Review A, Vol. 54, No. 4, pp. 2651-2658, October 1996 [.ps.gz]

E. Biham, A Fast New DES Implementation in Software, CS 0891, Fast Software Encryption 4, 1997. [.ps.gz]

E. Biham and A. Biryukov, How to Strengthen DES Using Existing Hardware, CS 816, May 1994 Proceedings of Asiacrypt'94, LNCS 917. [.ps.gz] revised version [.ps.gz]

E. Biham, How to Break the Chaotic-Map Cryptosystem Presented at EUROCRYPT'91, EUROCRYPT'91. [.ps.gz]

E. Biham, Cryptanalysis of Triple-Modes of Operation, CS 885, August 1996. [.ps.gz]

E. Biham, A. Biryukov, and A. Shamir, Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials, Technical Reports of the Computer Science Department in the Technion, 0947. [.ps.gz]

A. Biryukov and E. Kushilevitz, Improved Cryptanalysis of RC5, EuroCrypt 98. [.ps.Z]

A. Biryukov and D. Wagner, Slide Attacks, FSE '99. [.ps]

A. Biryukov and S. Even, Cryptanalysis of the Portz Interconnection Network Block Cipher [.ps.gz], CS0887, Technion (reported at DIMACS'97 "Cryptography and Network Security"). [.ps] [.ps.gz]

A. Biryukov and E. Kushilevitz, From Differential Cryptanalysis to Ciphertext-Only Attacks [.ps.gz], proceedings of CRYPTO'98, LNCS 1462. [.ps.Z]

J. Biskup and G. Bleumer, Reflections on Security of Database and Datatransfer Systems in Health Care; Proc. IFIP 13th World Computer Congress, Volume II: Applications and Impacts; North-Holland 1994, 549-556. Also published as Hildesheimer Informatik-Berichte 10/94 (April 1994). [.ps.gz]

J. Biskup and G. Bleumer, Cryptographic Protection of Health Information: Cost and Benefit; IMIA, International Medical Information Association (WG4), Data Protection and Security Working Conference, Helsinki, 30.9.-3.10.1995, Preproceedings, 60-67. [.ps.gz]

J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, UMAC: Fast and Secure Message Authentication, J. Black, S. Halevi, H. Krawczyk, T. Krovetz, P. Rogaway, Proceedings of Crypto 99, 1999. [.pdf] [.ps]

S. Blackburn, S. Blake-Wilson, M. Burmeister, and S. Galbraith, Shared generation of shared RSA Keys, Tech. Report CORR 98-19, University of Waterloo. [.ps]

S. Blake-Wilson and A. Menezes, Entity Authentication and Authenticated Key Transport Protocols Employing Asymmetric Techniques, Security Protocols Workshop '97, Springer Verlag, 1997. Revised version. [.ps]

S. Blake-Wilson, D. Johnson, and A. Menezes, Key Agreement Protocols and their Security Analysis, Technical Report CORR 97-17, University of Waterloo. Revised version. An extended abstract of this paper appears in Cryptography and Coding: 6th IMA Conference, Springer Verlag, 1997. [.ps]

M. Blaze, High-Bandwidth Encryption with Low-Bandwidth Smartcards, January 18, 1995. Presented at Cambridge workshop on Fast Software Encryption, February 1996. [.ps]

M. Blaze and B. Schneier, The MacGuffin Block Cipher Algorithm, Fast Software Encryption, Second International Workshop Proceedings (December 1994), Springer-Verlag, 1995, pp. 97-110.

M. Blaze and S. Bellovin, Session-Layer Encryption. Proceedings of the USENIX Security Workshop, June 1995. [.ps]

M. Blaze, J. Feigenbaum, and J. Lacy, Managing Trust in Medical Information Systems, AT&T Technical Report 96.14. [.ps]

M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, The Role of Trust Management in Distributed Systems Security, Secure Internet Programming: Security Issues for Mobile and Distributed Objects, ed. Vitek and Jensen, Springer-Verlag, 1999. [.pdf] [.ps]

M. Blaze, J. Feigenbaum, and M. Naor, A Formal Treatment of Remotely-Keyed Encryption; Eurocrypt 98.

M. Blaze, Oblivious Key Escrow. Revised paper originally presented at Cambridge Workshop on Information Hiding, May 1996. [.ps]

M. Blaze, Key Management in an Encrypting File System. USENIX Summer 1994 Technical Conference, Boston, MA, June 1994. [.ps]

M. Blaze and M. Strauss, Atomic Proxy Cryptography, Eurocrypt '98. [.pdf] [.ps]

M. Blaze, J. Feigenbaum, and M. Strauss, Compliance Checking in the PolicyMaker Trust-Management System, in Proceedings of the 2nd Financial Crypto Conference, Lecture Notes in Computer Science, vol. 1465, Springer, Berlin, 1998. [.pdf] [.ps]

M. Blaze, J. Feigenbaum, and M. Naor, A Formal Treatment of Remotely Keyed Encryption (Extended Abstract), in Advances in Cryptology - Eurocrypt '98, Lecture Notes in Computer Science, vol. 1403, Springer, Berlin, 1998, pp. 251-265. [.pdf] [.ps]

M. Blaze, J. Feigenbaum, and A. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), in Proceedings of the 1998 Cambridge University Security Protocols International Workshop, Springer, Berlin, to appear. [.ps]

M. Blaze, Efficient Symmetric-Key Ciphers Based on an NP-Complete Subproblem (DRAFT), Submitted for publication, October 2, 1996. [.ps]

M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, The KeyNote Trust Management System, Version 2. RFC-2704. IETF, September 1999. [.txt]

M. Blaze, J. Feigenbaum, and F. Leighton, Master-Key Cryptosytems. Abstract presented at Crypto '95 (rump session), Santa Barbara, CA, August 1995. [.ps]

M. Blaze, Protocol Failure in the Escrowed Encryption Standard, Proceedings of the 2nd ACM Conference on Computer and Communications Security (2-4 November 1994), ACM Press, pp 59-67. [.ps]

M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management. IEEE Conference on Security and Privacy, Oakland, CA, May 1996. [.ps]

M. Blaze, J. Ioannidis, and A. Keromytis, Trust Management and Network-Layer Security Protocols [.ps], 1999 Cambridge Protocols Workshop, Cambridge, April 1999. [.ps] [.tex]

M. Blaze, A Cryptographic File System for Unix. Proceedings of First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993. [.ps]

M. Blaze and M. Strauss, Proxy Cryptography. Draft, May 1997. [.ps]

M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Weiner, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996.

M. Blaze, Cryptography Policy and the Information Economy. Draft, 17 December 1996. [.ps]

M. Blaze, J. Feigenbaum, P. Resnick, and M. Strauss, Managing Trust in an Information-Labeling System, European Transactions on Telecommunications, 8 (1997), pp. 491-501. Special issue of selected papers from the 1996 Amalfi Conference on Secure Communication in Networks.

D. Bleichenbacher, E. Gabber, P. Gibbons, Y. Matias, and A. Mayer, On Secure and Pseudonymous Client Relationships with Multiple Servers, Proc. 3rd USENIX Workshop on Electronic Commerce, 1998. [.pdf]

D. Bleichenbacher, B. Kaliski, and J. Staddon, Recent results on PKCS #1: RSA encryption standard [.pdf], RSA Laboratories' bulletin #7, June 1998. [.pdf] [.ps]

D. Bleichenbacher, E. Gabber, M. Jakobsson, Y. Matias, and A. Mayer, Curbing Junk E-mail via Secure Classification, Proc. Financial Cryptography'98, Springer-Verlag LNCS 1465. [.ps]

D. Bleichenbacher and U. Maurer, Optimal Tree-Based One-time Digital Signature Schemes, STACS 96, LNCS vol. 1046, Springer-Verlag, pp. 363-374, 1996. [.txt - abstract] [.pdf] [.ps]

D. Bleichenbacher, Generating ElGamal signatures without knowing the secret key, Advances in Cryptology - EUROCRYPT '96 (corrected version), LNCS vol. 1070, Springer Verlag, pp. 10-18, 1996. [.txt - abstract] [.pdf] [.ps]

D. Bleichenbacher, Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS #1 [.ps.gz], Advances in Cryptology -- CRYPTO'98, LNCS v. 1462, pp. 1-12, 1998. [.ps] [.ps.gz]

D. Bleichenbacher, On the Security of the KMOV Public Key cryptosystem, in Advances in Cryptology - CRYPTO '97, LNCS vol. 1294. Springer-Verlag, pp. 235-248, 1997. [.ps] [.ps.gz]

D. Bleichenbacher and S. Patel, SOBER Cryptanalysis [.ps], Fast Software Encryption Workshop 1999, LNCS vol. 1636, Springer-Verlag, pp. 305-316, 1999. [.ps] [.ps.gz]

D. Bleichenbacher and U. Maurer, Directed Acyclic Graphs, One-way Functions and Digital Signature, Advances in Cryptology - CRYPTO '94, LNCS vol. 839, Springer-Verlag, pp. 75-82, 1994. [.txt - abstract] [.pdf] [.ps]

D. Bleichenbacher, M. Joye, and J.-J. Quisquater, A new and optimal chosen-message attack on RSA-type cryptosystems, Information and Communications Security - ICICS'97, LNCS vol. 1334. Springer-Verlag, pp. 302-313, 1997. [.ps] [.ps.gz]

D. Bleichenbaher and U. Maurer, On the efficiency of one-time digital signatures, Advances in Cryptology - ASIACRYPT '96, LNCS vol. 1163. Springer-Verlag, pp. 145-158, 1996. [abstract - .txt] [.pdf] [.ps]

G. Bleumer, B. Pfitzmann, and M. Waidner, A Remark on a Signature Scheme where Forgery can be Proved; Eurocrypt '90, LNCS 473, Springer-Verlag, Berlin 1991, 441-445. [.ps.gz]

G. Bleumer, Security for Decentralised Health Information Systems; in: Caring for Health Information -- Safety, Security, Secrecy; Elsevier Science, Amsterdam 1994, 139-146. [.ps.gz]

G. Bleumer and M. Schunter, Privacy Oriented Clearing for the German Healthcare System; Personal Medical Information -- Security, Engineering, and Ethics, Springer-Verlag, Berlin 1997, 175-194. [.ps.gz]

A. Blum, M. Furst, M. Kearns, and R. Lipton, Cryptographic Primitives Based on Hard Learning Problems, Advances in Cryptology -- CRYPTO 93, Lecture Notes in Computer Science #773, pages 278-291, Springer-Verlag, 1994. [.ps.Z]

M. Blum and O. Goldreich, Towards a Computational Theory of Statistical Tests; 1992. [.ps]

U. Blumenthal and S. Bellovin, A Better Key Schedule for DES-like Ciphers, Proceedings of PRAGOCRYPT '96, Prague, September 1996. [.pdf] [.ps]

C. Blundo, P. D'Arco, A. De Santis, and D. Stinson, Contrast optimal threshold visual cryptography schemes; Submitted to SIAM Journal on Discrete Mathematics. [.ps]

C. Blundo, A. De Santis, and D. Stinson, On the contrast in visual cryptography schemes, Journal of Cryptology. [.ps]

C. Blundo, L. Frota Mattos, and D. Stinson, Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution; Lecture Notes in Computer Science 1109 (1996), 387-400 (Advances in Cryptology - CRYPTO '96). [.ps]

C. Blundo, A. Giorgio Gaggia, and D. Stinson, On the dealer's randomness required in secret sharing schemes; Designs, Codes and Cryptography 11 (1997), 235-259. [Preliminary version appeared in Lecture Notes in Computer Science 950 (1995), 35-46 (Advances in Cryptology - EUROCRYPT '94).] [.ps]

C. Blundo, L. Frota Mattos, and D. Stinson, Generalized Beimel-Chor schemes for broadcast encryption and