RSA Laboratories

Appendix C References

Bibliography


[ACG84]
W. Alexi, B. Chor, O. Goldreich, and C.P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM Journal of Computing (2) 17 (1988), 194-209.

[AD97]
M. Ajtai and C. Dwork, A public-key cryptosystem with worst-case/average-case equivalence, Proc. 29th ACM STOC (1997), 284-297.

[Adl95]
L.M. Adleman, On constructing a molecular computer, draft, University of Southern California, January 1995.

[Adl96]
L.M. Adleman, Statement, Cryptographer's Expert Panel, RSA Data Security Conference, San Francisco, CA, January 17, 1996.

[AGL95]
D. Atkins, M. Graff, A.K. Lenstra and P.C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 263-277.

[AHU74]
Aho, Hopcroft, and Ullman, The Design and Analysis of Computer Algorithms, Addison-Wesley, 1974.

[ANS83]
American National Standards Institute, American National Standard X3.106-1983 (R1996): Data Encryption Algorithm, Modes of Operations for the, 1983.

[ANS86a]
American National Standards Institute, ANSI X9.9: Financial Institution Message Authentication (Wholesale), 1986.

[ANS94a]
American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.42-1993: Public Key Cryptography for the Financial Services Industry: Management of Symmetric Algorithm Keys Using Diffie-Hellman, American Bankers Association, 1994.

[ANS94b]
American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.44: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry: Transport of Symmetric Algorithm Keys Using RSA, American Bankers Association, 1994.

[ANS95]
American National Standards Institute, ANSI X9.17: Financial Institution Key Management (Wholesale), 1995.

[ANS96]
American National Standards Institute, ANSI X9.19: Financial Institution Retail Message Authentication, 1986.

[ANS97]
American National Standards Institute, ANSI X9.30.1-1997: Public-Key Cryptography for the Financial Services Industry - Part 1: The Digital Signature Algorithm (DSA), American Bankers Association, 1997.

[ANS98]
American National Standards Institute, ANSI X9.31-1998: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry (rDSA), 1998.

[ARV95]
W. Aiello, S. Rajagopalan, and R. Venkatesan, Design of practical and provably good random number generators (extended abstract), Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (1995), 1-9.

[Bam82]
J. Bamford, The Puzzle Palace, Houghton Mifflin, Boston, 1982.

[Bar92]
J.P. Barlow, Decrypting the puzzle palace, Communications of the ACM (7) 35 (1992) 25-31.

[BBB92]
C. Bennett, F. Bessette, G. Brassard, L. Savail, and J. Smolin, Experimental quantum cryptography, Journal of Cryptology (1) 5 (1992), 3-28.

[BBC88]
P. Beauchemin, G. Brassard, C. Crepeau, C. Goutier, and C. Pomerance, The generation of random numbers that are probably prime, Journal of Cryptology 1 (1988), 53-64.

[BBL95]
D. Bleichenbacher, W. Bosma, and A. Lenstra, Some remarks on Lucas-based cryptosystems, Advances in Cryptology - Crypto '95, Springer-Verlag (1995). 386-396,

[BBS86]
L. Blum, M. Blum, and M. Shub, A simple unpredictable random number generator, SIAM Journal on Computing 15 (1986), 364-383.

[BD93b]
J. Brandt and I. Damgard, On generation of probable primes by incremental search, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 358-370.

[BDK93]
E.F. Brickell, D.E. Denning, S.T. Kent, D.P. Maher, and W. Tuchman, Skipjack Review, Interim Report: The Skipjack Algorithm, 1993.

[BDN97]
W. Burr, D. Dodson, N. Nazario, and W. T. Polk, MISPC, Minimum Interoperability Specification for PKI Components, Version 1, NIST, 1997.

[Bea95]
D. Beaver, Factoring: The DNA solution, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 419-423.

[Ben82]
P. Benioff, Quantum mechanical Hamiltonian models of Turing machines, Journal of Statistical Physics (3) 29 (1982), 515-546.

[BG85]
M. Blum and S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 289-299,.

[BGH95]
M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, iKP - A Family of Secure Electronic Payment Protocols, Usenix Electronic Commerce Workshop, July 1995.

[BHS93]
D. Bayer, S. Haber, and W.S. Stornetta, Improving the efficiency and reliability of digital timestamping, Proceedings Sequences II: Methods in Communication, Security, and Computer Science, Springer-Verlag (1993), 329-334.

[Bih95]
E. Biham, Cryptanalysis of Multiple Modes of Operation, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 278-292.

[BK98]
A. Biryukov and E. Kushilevitz, Improved cryptanalysis of RC5, Advances in Cryptology - Eurocrypt '98, Springer Verlag (1998).

[BKR94]
M. Bellare, J. Killian and P. Rogaway, The security of cipher block chaining, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 341-358.

[Bla79]
G.R. Blakley, Safeguarding cryptographic keys, AFIPS Conference Proceedings 48 (1979), 313-317.

[Bla94]
Matt Blaze, Protocol Failure in the Escrowed Encryption Standard, Proceedings of the 2nd ACM Conference on Computer and Communications Security (1994), 59-67.

[BLP94]
J.P. Buhler, H.W. Lenstra, and C. Pomerance, The development of the number field sieve, Volume 1554 of Lecture Notes in Computer Science, Springer-Verlag, 1994.

[BLS88]
J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, and S.S. Wagstaff Jr, Factorizations of bn ±1, b = 2,3,5,6,7,10,11,12 up to High Powers, Volume 22 of Contemporary Mathematics, 2nd edition, American Mathematical Society, 1988.

[BLZ94]
J. Buchmann, J. Loho, and J. Zayer, An implementation of the general number field sieve, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 159-166.

[BM84]
M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits, SIAM Journal on Computing (4) 13 (1984), 850-863.

[BR93]
M. Bellare and P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proceedings of the first Annual Conference on Computer and Communications Security (1993), 62-73.

[BR94]
M. Bellare and P. Rogaway, Optimal asymmetric encryption, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 92-111.

[BR96]
M. Bellare and P. Rogaway, The exact security of digital signatures how to sign with RSA and Rabin, Advances in Cryptology - Eurocrypt '96, Springer-Verlag (1996), 399-414.

[Bra88]
G. Brassard, Modern Cryptology, Springer-Verlag, 1988.

[Bra93]
G. Brassard, Cryptography column - Quantum cryptography: A bibliography, Sigact News (3) 24 (1993), 16-20.

[Bra95a]
G. Brassard, The computer in the 21st Century, Scientific American (March 1995).

[Bra95b]
G. Brassard, The impending demise of RSA? CryptoBytes (1) 1 (Spring 1995).

[Bra95c]
G. Brassard, A quantum jump in computer science, Current Trends in Computer Science, Springer-Verlag (1995), 1-14.

[Bre89]
D.M. Bressoud, Factorization and Primality Testing, Springer-Verlag, 1989.

[Bri85]
E.F. Brickell, Breaking iterated knapsacks, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 342-358.

[BS91a]
E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 2-21.

[BS91b]
E. Biham and A. Shamir, Differential cryptanalysis of FEAL and N-Hash, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 156-171.

[BS93a]
E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 487-496.

[BS93b]
E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.

[BV98]
D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring, Advances in Cryptology - Eurocrypt '98, Springer-Verlag (1998), 59-71.

[CCI88a]
CCITT, Recommendation X.400: Message Handling System and Service Overview, 1988.

[CCI88b]
CCITT, Recommendation X.500: The Directory Overview of Concepts, Models and Services, 1988.

[CCI88c]
CCITT, Recommendation X.509: The Directory Authentication Framework, 1988.

[CCI91]
CCITT, Recommendation X.435: Message Handling Systems: EDI Messaging System, 1991.

[CFG95]
S. Crocker, N. Freed, J. Galvin, and S. Murphy, RFC 1848: MIME Object Security Services. CyberCash, Inc., Innosoft International, Inc., and Trusted Information Systems, 1995.

[CFN88]
D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology - Crypto '88, Springer-Verlag (1988), 319-327.

[CGH97]
Canetti, R. Gennaro, A. Herzberg and D. Naor, Proactive Security: Long-term Protection Against Break-ins, CryptoBytes (1) 3 (Spring 1997).

[Cha83]
D. Chaum, Blind signatures for untraceable payments, Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199-203.

[Cha85]
D. Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM 28 (10) (1985), 1030-1044.

[Cha94]
D. Chaum, Designated confirmer signatures, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 86-91.

[CJ98]
F. Chabaud and A. Joux, Differential Collisions in SHA-0, Advances in Cryptology - Crypto '98 Springer-Verlag (1998), 56-71.

[CKM94]
D. Coppersmith, H. Krawczyz and Y. Mansour, The shrinking generator, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 22-38.

[CLR90]
T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms, MIT Press, Cambridge, Massachusetts, 1990.

[Cop92]
D. Coppersmith, The data encryption standard and its strength against attacks, IBM Research Report RC 18613 (81421), T. J. Watson research center, 1992.

[COS86]
D. Coppersmith, A.M. Odlyzko, and R. Schroeppel, Discrete logarithms in GF(p), Algorithmica 1 (1986), 1-15.

[CP94]
L. Chen and T.P. Pederson, New group signature schemes, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 171-181.

[CP95]
L. Chen and T.P. Pedersen, On the efficiency of group signatures: providing information-theoretic anonymity, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 39-49.

[CR88]
B. Chor and R.L. Rivest, A knapsack-type public-key cryptosystem based on arithmetic in finite fields, IEEE Transactions on Information Theory (5) 34 (1988), 901-909.

[CR97]
G. Caronni and M. Robshaw, How Exhausting is Exhaustive Search?, CryptoBytes (3) 2 (Winter 1997).

[CV90]
D. Chaum and H. van Antwerpen, Undeniable signatures, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 212-216.

[CV91]
D. Chaum and E. van Heijst, Group signatures, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991) 257-265.

[CV92]
D. Chaum and H. van Antwerpen, Cryptographically strong undeniable signatures, unconditionally secure for the signer, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 470-484.

[CW93]
K.W. Campbell and M.J. Wiener, DES is not a group, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 512-520.

[Dam90]
I. Damgård, A design principle for hash functions, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 416-427.

[Dav82]
G. Davida, Chosen signature cryptanalysis of the RSA public key cryptosystem, Technical Report TR-CS-82-2, Department of EECS, University of Wisconsin, Milwaukee, 1982.

[DB92]
B. den Boer and A. Bosselaers, An attack on the last two rounds of MD4, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 194-203.

[DB94]
B. den Boer and A. Bosselaers, Collisions for the compression function of MD5, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1994), 293-304.

[DB95]
D.E. Denning and D.K. Branstad, A taxonomy for key escrow encryption systems, 1995.

[DB96]
D.E. Denning and D. Branstad, A Taxonomy for Key Escrow Encryption Systems, Communications of the ACM (3) 39 (1996), 34-40.

[DB96b]
H. Dobbertin, The Status of MD5 After a Recent Attack, CryptoBytes (2) 2 (Summer 1996).

[DBP96]
H. Dobbertin, A. Bosselaers, and B. Preneel, RIPEMD-160: A strengthened version of RIPEMD, Proceedings of 3rd International Workshop on Fast Software Encryption, Springer-Verlag (1996), 71-82.

[Den93]
D.E. Denning, The Clipper encryption system, American Scientist (4) 81 (1993), 319-323.

[Den95]
D.E. Denning, The Case for ``Clipper,'' Technology Review (July 1995), 48-55.

[Des95]
Y. Desmedt, Securing traceability of ciphertexts - Towards a secure software key escrow system, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 147-157.

[Deu92]
D. Deutsch, Quantum theory, the Church-Turing principle and the universal quantum computer, Proceedings of the Royal Society of London, Series A 439 (1992).

[DGV94]
J. Daemen, R. Govaerts, and J. Vandewalle, Weak keys for IDEA, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 224-231.

[DH76]
W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22 (1976), 644-654.

[DH77]
W. Diffie and M.E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer 10 (1977), 74-84.

[Dif88]
W. Diffie, The first ten years of public-key cryptography, Proceedings of the IEEE 76 (1988), 560-577.

[DIP94]
D. Davis, R. Ihaka, and P. Fenstermacher, Cryptographic randomness from air turbulence in disk drives, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 114-120.

[DL95]
B. Dodson and A.K. Lenstra, NFS with four large primes: An explosive experiment, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 372-385.

[DO86]
Y. Desmedt and A.M. Odlyzko, A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 516-522.

[Dob95]
H. Dobbertin, Alf Swindles Ann, CryptoBytes (3) 1 (Autumn 1995).

[DP83]
D.W. Davies and G.I. Parkin, The average cycle size of the key stream in output feedback encipherment, Advances in Cryptology - Crypto '82, Plenum Press (1983), 97-98.

[DVW92]
W. Diffie, P.C. van Oorschot, and M.J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography 2 (1992), 107-125.

[ECS94]
D. Eastlake, 3rd, S. Crocker, and J. Schiller, RFC 1750: Randomness Recommendations for Security, DEC, Cybercash, and MIT, 1994.

[EGM89]
S. Even, O. Goldreich, and S. Micali, On-Line/Off-Line Digital Signatures, Advances in Cryptology - Crypto '89 Springer-Verlag (1990), 263-275.

[Elg85]
T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory 31 (1985), 469-472.

[EPIC99]
Electronic Privacy Information Center, Cryptography and Liberty 1999, An International Survey of Encryption Policy, Washington, DC, 1999. 1
[Fei73]
H. Feistel, Cryptography and Computer Privacy, Scientific American (May 1973).

[Fey82]
R.P. Feynman, Simulating physics with computers, International Journal of Theoretical Physics (6) 21 (1982), 467-488.

[Fey86]
R.P. Feynman, Quantum mechanical computers, Optic News (February 1985); Reprinted in Foundations of Physics (6) 16 (1986), 507-531.

[FFS88]
U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptography 1 (1988), 66-94.

[FGM97]
Y. Frankel, P. Gemmel, P. D. MacKenzie and M. Yung, Proactive RSA, Advances in Cryptology - Crypto '97, Springer-Verlag (1997), 440-454.

[For94]
W. Ford, Computer Communications Security Principles, Standard Protocols and Techniques, Prentice-Hall, New Jersey (1994).

[Fra98]
J.B. Fraleigh, An Introduction to Abstract Algebra, 6th edition, Addison-Wesley, 1998.

[FR95]
P. Fahn and M.J.B. Robshaw, Results from the RSA Factoring Challenge, Technical Report TR-501, version 1.3, RSA Laboratories, January 1995.

[FS87]
A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Advances in Cryptology - Crypto '86, Springer-Verlag (1987), 186-194.

[FY94]
M. Franklin and M. Yung, Blind Weak Signature and its Applications: Putting Non-Cryptographic Secure Computation to Work, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 67-76.

[Gan95]
R. Ganesan. Yaksha, Augmenting Kerberos with public key cryptography, Proceedings of the 1995 Internet Society Symposium on Network and Distributed Systems Security, IEEE Press (1995), 132-143.

[GC89]
D. Gollman and W.G. Chambers, Clock-controlled shift registers: a review, IEEE Journal on Selected Areas in Communications (4) 7 (1989), 525-533.

[Gib93]
J.K. Gibson, Severely denting the Babidulin version of the McElience public key cryptosystem, Preproceedings of the 4th IMA Conference on Cryptography and Coding (1993).

[GJ79]
Michael R. Garey and David S. Johnson, Computers and Intractability - A Guide to the Theory of NP-Completeness, W.H. Freeman, New York, 1979.

[GJK96]
R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin, Robust Threshold DSS Signatures, Advances in Cryptology - Eurocrypt '96, Springer-Verlag, (1996), 354-371.

[GM84]
S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences, 28 (1984), 270-299.

[GM93]
D.M. Gordon and K.S. McCurley, Massively parallel computation of discrete logarithms, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 312-323.

[GMR86]
S. Goldwasser, S. Micali, and R. Rivest, A digital signature scheme secure against adaptive chosen message attack, SIAM Journal on Computing (2) 17 (1988), 289-308.

[Gor93]
D.M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal of Computing (1) 6 (1993), 124-138.

[GPT91]
E.M. Gabidulin, A.V. Paramonov, and O.V. Tretjakov, Ideals over a non-commutative ring and their application in cryptology, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 482-489.

[GQ88]
L.C. Guillou and J.J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, Advances in Cryptology - Eurocrypt '88, Springer-Verlag (1988), 123-128.

[H as88]
J. Håstad, Solving simultaneous modular equations of low degree, SIAM Journal of Computing 17 (1988), 336-341.

[Hel80]
M.E. Hellman, A cryptanalytic time-memory trade off, IEEE Transactions on Information Theory 26 (1980), 401-406.

[Hic95]
K.E.B. Hickman, The SSL Protocol, December 1995. 2

[HJJ97]
A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk and M. Yung, Proactive Public Key and Signature Systems, 1997 ACM Conference on Computers and Communication Security (1997).

[HS91]
S. Haber and W.S. Stornetta, How to timestamp a digital document, Journal of Cryptology (2) 3 (1991), 99-111.

[ISO87]
ISO DIS 8730, Banking requirements for message authentication (wholesale), 1987.

[ISO91]
ISO/IEC 9979, Data Cryptographic Techniques - Procedures for the Registration of Cryptographic Algorithms, 1991.

[ISO92a]
ISO/IEC 9798, Entity authentication mechanisms using symmetric techniques, 1992.

[ISO92b]
ISO/IEC 10116, Modes of operation for an n-bit block cipher algorithm, 1992.

[ISO92c]
ISO/IEC 10118, Information technology - Security techniques - Hash functions, 1992.

[Jue83]
R.R. Jueneman, Analysis of certain aspects of output feedback mode, Advances in Cryptology - Crypto '82, Plenum Press (1983), 99-127.

[Kah67]
D. Kahn, The Codebreakers, Macmillan Co., New York, 1967.

[Kal92]
B.S. Kaliski Jr, RFC 1319: The MD2 Message-Digest Algorithm, RSA Laboratories, April 1992.

[Kal93a]
B.S. Kaliski Jr, RFC 1424: Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, RSA Laboratories, February 1993.

[Kal93b]
B.S. Kaliski Jr, A survey of encryption standards, IEEE Micro (6) 13 (1993), 74-81.

[Ken93]
S. Kent, RFC 1422: Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Internet Activities Board, February 1993.

[KM96]
L.R. Knudsen and W. Meier, Improved differential attacks on RC5, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 216-228.

[KNT94]
J. Kohl, B. Neuman, and T. Tso, The evolution of the Kerberos authentication service, Distributed Open Systems, IEEE Press (1994).

[Knu81]
D.E. Knuth, The Art of Computer Programming, volume 2, Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981.

[Knu93]
L.R. Knudsen, Practically secure Feistel ciphers, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 211-221.

[Knu95]
L.R. Knudsen, A key-schedule weakness in SAFER K-64, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 274-286.

[Kob87]
N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation 48 (1997), 203-209.

[Kob94]
N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, 1994.

[Koç94]
Ç. K. Koç, High-Speed RSA Implementation, Technical Report TR-201, version 2.0, RSA Laboratories, November 1994.

[Koç95]
Ç. K. Koç, RSA Hardware Implementation, Technical Report TR-801, version 1.0, RSA Laboratories, August 1995.

[Koh90]
J.T. Kohl, The Use of Encryption in Kerberos for Network Authentication, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 35-43.

[KR94]
B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations, Advances in Cryptology - Crypto '94, Springer-Verlag (1994) 26-39.

[KR95a]
B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations and FEAL, Proceedings of 2nd International Workshop on Fast Software Encryption, Springer-Verlag (1995), 249-264.

[KR95b]
B.S. Kaliski Jr. and M.J.B. Robshaw, Message authentication with MD5, CryptoBytes (1) 1 (Spring 1995).

[KR95c]
B.S. Kaliski Jr. and M.J.B. Robshaw, The secure use of RSA, CryptoBytes (3) 1 (Autumn 1995).

[KR96]
B.S. Kaliski Jr. and M.J.B. Robshaw, Multiple encryption: weighing up security and performance, Dr. Dobb's Journal 243 (1996), 123-127.

[Kra93]
D. Kravitz, Digital signature algorithm. U.S. Patent 5,231,668, July 27, 1993.

[KRS88]
B.S. Kaliski Jr., R.L. Rivest, and A.T. Sherman, Is the data encryption standard a group? Journal of Cryptology 1 (1988), 3-36.

[KSW96]
J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and Triple-DES, Advances in Cryptology-CRYPTO '96 Proceedings, Springer-Verlag (1996), 237-251.

[KY95]
B.S. Kaliski Jr. and Y.L. Yin, On differential and linear cryptanalysis of the RC5 encryption algorithm, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 171-183.

[Lan88]
S. Landau, Zero knowledge and the Department of Defense, Notices of the American Mathematical Society 35 (1988), 5-12.

[Len87]
H.W. Lenstra Jr, Factoring integers with elliptic curves, Annals of Mathematics 126 (1987), 649-673.

[LH94]
S.K. Langford and M.E. Hellman, Differential-linear cryptanalysis, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 17-25.

[Lin93]
J. Linn, RFC 1508: Generic Security Services Application Programming Interface, Geer Zolot Associates, September 1993.

[Lip94]
R.J. Lipton, Speeding up computations via molecular biology, draft, Princeton University, December 1994.

[LL90]
A.K. Lenstra and H.W. Lenstra Jr, Algorithms in number theory, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam (1990), 673-715.

[LM91]
X. Lai and J.L. Massey, A proposal for a new block encryption standard, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 389-404.

[LMM92]
X. Lai, J.L. Massey and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1992), 17-38.

[LP98]
Harry R. Lewis and Christos H. Papadimitriou, Elements of the Theory of Computation, 2nd edition, Prentice Hall, Upper Saddle River, NJ, 1998.

[LRW92]
X. Lai, R.A. Rueppel, and J. Woollven, A fast cryptographic checksum algorithm based on stream ciphers, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1992), 339-348.

[LV00]
A.K. Lenstra and E.R. Verheul, Selecting Cryptographic Key Sizes, The 2000 International Workshop on Practice and Theory in Public Key Cryptography (PKC2000), Melbourne, Australia (January 2000).

[Mas93]
J.L. Massey, SAFER K-64: A byte-oriented block ciphering algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 1-17.

[Mas95]
J.L. Massey, SAFER K-64: One year later, Proceedings of 2nd Workshop on Fast Software Encryption, Springer-Verlag (1995), 212-241.

[Mat93]
M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 386-397.

[Mat94]
M. Matsui, The first experimental cryptanalysis of the data encryption standard, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 1-11.

[Mat96]
T. Matthews, Suggestions for random number generation in software, Bulletin No. 1, RSA Laboratories, January 1996.

[Mau94]
U. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 271-281.

[Mce78]
R.J. McEliece, A public-key cryptosystem based on algebraic coding theory, JPL DSN Progress Report 4244 (1978), 114-116.

[Mcn95]
F.L. McNulty, Clipper Alive and well as a voluntary government standard for telecommunications, The 1995 RSA Data Security Conference (January 1995).

[Men93]
A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993.

[Men95]
A. Menezes, Elliptic Curve Cryptosystems, CryptoBytes (2) 1 (Summer 1995).

[Mer79]
R.C. Merkle, Secrecy, authentication and public-key systems, Ph. D. Thesis, Stanford University, 1979.

[Mer90a]
R.C. Merkle, One way hash functions and DES, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446.

[Mer90b]
R.C. Merkle, A digital signature based on a conventional encryption function, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446.

[Mer91]
R.C. Merkle, Fast software encryption functions, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 627-638.

[MH78]
R.C. Merkle and M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, IEEE Transactions on Information Theory 24 (1978), 525-530.

[MH81]
R.C. Merkle and M.E. Hellman, On the security of multiple encryption, Communications of the ACM textbf24 (1981), 465-467.

[Mic93]
S. Micali, Fair public-key cryptosystems, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 113-138.

[Mil86]
V.S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 417-426.

[MOV90]
A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, Unpublished manuscript, September 1990.

[MQV95]
A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995).

[MS95b]
W. Meier and O. Staffelbach, The self-shrinking generator, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 205-214.

[Mur90]
S. Murphy, The cryptanalysis of FEAL-4 with 20 chosen plaintexts, Journal of Cryptology (3) 2 (1990), 145-154.

[MY92]
M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEAL cipher, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 81-91.

[NIS80]
National Institute of Standards and Technology (NIST), FIPS Publication 81: DES Modes of Operation, 1980.

[NIS85]
National Institute of Standards and Technology (NIST), FIPS Publication 113: Computer Data Authentication, 1985.

[NIS92]
National Institute of Standards and Technology (NIST), The Digital Signature Standard, proposal and discussion, Communications of the ACM (7) 35 (1992), 36-54.

[NIS93a]
National Institute of Standards and Technology (NIST), FIPS Publication 180: Secure Hash Standard (SHS), 1993.

[NIS93b]
National Institute of Standards and Technology (NIST), FIPS Publication 46-2: Data Encryption Standard, 1993.

[NIS94a]
National Institute of Standards and Technology (NIST), FIPS Publication 185: Escrowed Encryption Standard, 1994.

[NIS94b]
National Institute of Standards and Technology (NIST), FIPS Publication 186: Digital Signature Standard (DSS), 1994.

[NIS94c]
National Institute of Standards and Technology (NIST), Announcement of Weakness in the Secure Hash Standard, 1994.

[NK95]
K. Nyberg and L.R. Knudsen, Provable security against a differential attack, Journal of Cryptology (1) 8 (1995), 27-37.

[NMR94]
D. Naccache, D. M'raïhi, D. Raphaeli, and S. Vaudenay, Can D.S.A. be improved? Complexity trade-offs with the Digital Signature Standard, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 77-85.

[NS78]
R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM 21 (1978), 993-999.

[NS94]
M. Naor and A. Shamir, Visual cryptography, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 1-12.

[NSA95]
NSA Cross Organization CAPI Team, Security Service API: Cryptographic API Recommendation, 1995.

[Nyb95]
K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 439-444.

[OA94]
K. Ohta and K. Aoki, Linear cryptanalysis of the fast data encipherment algorithm, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 12-16.

[Oco95]
L. O'Connor, A unified markov approach to differential and linear cryptanalysis, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 387-397.

[Odl84]
A.M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology - Eurocrypt '84, Springer-Verlag (1984), 224-314.

[Odl95]
A.M. Odlyzko, The future of integer factorization, CryptoBytes (2) 1 (Summer 1995).

[OG96]
The Open Group, Generic Cryptographic Service API (GCS-API), 1996 3

[OG99]
The Open Group, Architecture for Public-Key Infrastructure (APKI), 1999.

[Pol74]
J. Pollard, Theorems of factorization and primality testing, Proceedings of Cambridge Philosophical Society 76 (1974), 521-528.

[Pol75]
J. Pollard, Monte Carlo method for factorization, BIT 15 (1975), 331-334.

[Pre93]
B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis, Katholieke University Leuven, 1993.

[Pre94]
B. Preneel, The State of DES, 1994 RSA Laboratories Seminar Series (August 1994).

[PV95]
B. Preneel and P.C. van Oorschot, MDx-MAC and Building Fast MACs from Hash Functions, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 1-14.

[QG90]
J.J. Quisquater and L. Guillou, How to explain zero-knowledge protocols to your children, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 628-631.

[Rab79]
M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, Technical Report MIT/LCS/TR-212, MIT, 1979.

[RC93]
P. Rogaway and D. Coppersmith, A software-optimized encryption algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 56-63.

[RC95]
N. Rogier and P. Chauvaud, The compression function of MD2 is not collision free, Selected Areas in Cryptography '95, Ottawa, Canada (May 1995).

[RG91]
D. Russell and G.T. Gangemi Sr, Computer Security Basics, O'Reilly & Associates, Inc., 1991.

[Riv90]
R.L. Rivest, Cryptography, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam, 1990, 719-755.

[Riv91a]
R.L. Rivest, Finding four million random primes, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 625-626.

[Riv91b]
R.L. Rivest, The MD4 message digest algorithm, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 303-311.

[Riv92a]
R.L. Rivest, Response to NIST's proposal, Communications of the ACM 35 (1992), 41-47.

[Riv92b]
R.L. Rivest, RFC 1320: The MD4 Message-Digest Algorithm, Network Working Group, 1992.

[Riv92c]
R.L. Rivest, RFC 1321: The MD5 Message-Digest Algorithm, Internet Activities Board, 1992.

[Riv95]
R.L. Rivest, The RC5 encryption algorithm, CryptoBytes (1) 1 (Spring 1995).

[RK96]
Joe Kilian and Phillip Rogaway, How to protect DES against exhaustive key search, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 252-267.

[Rob95a]
M.J.B. Robshaw, Stream Ciphers Technical Report TR-701, version 2.0, RSA Laboratories, 1995.

[Rob95b]
M.J.B. Robshaw, MD2, MD4, MD5, SHA and Other Hash Functions, Technical Report TR-101, version 4.0, RSA Laboratories, 1995.

[Rob95c]
M.J.B. Robshaw, Security estimates for 512-bit RSA, Technical Note, RSA Laboratories, 1995.

[Rob96]
M.J.B. Robshaw, On Recent Results for MD2, MD4 and MD5, RSA Laboratories Bulletin 4 (November 1996).

[Rog96]
P. Rogaway, The security of DESX, CryptoBytes (2) 2 (Summer 1996).

[RS95]
E. Rescorla and A. Schiffman, The Secure HyperText Transfer Protocol, Internet-Draft, EIT, 1995.

[RSA78]
R.L. Rivest, A. Shamir, and L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM (2) 21 (1978), 120-126.

[Rue92]
R.A. Rueppel, Stream ciphers, Contemporary Cryptology - The Science of Information Integrity (1992), IEEE Press.

[RY97]
M.J.B. Robshaw and Y.L. Yin, Elliptic Curve Cryptosystems, Technical Note, RSA Laboratories, 1997.

[SB93]
M.E. Smid and D.K. Branstad, Response to comments on the NIST proposed Digital Signature Standard, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 76-87.

[Sch83]
I. Schaumuller-Bichl, Cryptanalysis of the Data Encryption Standard by a method of formal coding, Cryptography, Proc. Burg Feuerstein 1982 149 (1983), 235-255.

[Sch90]
C.P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 239-251.

[Sch91]
C.P. Schnorr, Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system, U.S. Patent 4,995,082, February 19, 1991.

[Sch93]
B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 191-204.

[Sch95]
B. Schneier, The Blowfish encryption algorithm: one year later, Dr. Dobb's Journal 234 (1995), 137-138.

[Sch96]
B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, 1995.

[Sel98]
A. A. Selcuk, New results in linear cryptanalysis of RC5, Proceedings of 5th International Workshop on Fast Software Encryption, Springer Verlag (1998), 1-16.

[SH95]
C.P. Schnorr and H.H. Hörner, Attacking the Chor-Rivest cryptosystem by improved lattice reduction, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 1-12.

[Sha49]
C.E. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal 28 (1949), 656-715.

[Sha79]
A. Shamir, How to share a secret, Communications of the ACM 22 (1979), 612-613.

[Sha84]
A. Shamir, A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem, IEEE Transactions on Information Theory, (5) 30 (1984), 699-704.

[Sha95]
M. Shand, Personal communication, 1995.

[Sho94]
P.W. Shor, Algorithms for quantum computation: Discrete logarithms and factoring, Proceedings of the 35th Annual IEEE Symposium on the Foundations of Computer Science (1994), 124-134.

[Sil87]
R.D. Silverman, The multiple polynomial quadratic sieve, Mathematics of Computation 48 (1987), 329-339.

[Sim83]
G.J. Simmons, The Prisoner's Problem and the Subliminal Channel, Advances in Cryptology - Crypto '83, Plenum Press (1984), 51-70.

[Sim92]
G.J. Simmons, editor, Contemporary Cryptology - The Science of Information Integrity, IEEE Press, 1992.

[Sim93a]
G.J. Simmons, Subliminal Communication is Easy Using DSA, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 218-232.

[Sim93b]
G.J. Simmons, The Subliminal Signatures in the U.S. Digital Signature Algorithm (DSA), 3rd Symposium on State and Progress of Research in Cryptography (February 15-16, 1993), Rome, Italy.

[SM88]
A. Shimizu and S. Miyaguchi, Fast data encipherment algorithm FEAL, Advances in Cryptology - Eurocrypt '87, Springer-Verlag (1988), 267-280.

[SPC95]
M. Stadler, J.M. Piveteau, and J. Carmenisch, Fair blind signatures, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 209-219.

[SS95]
P. Smith and C. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 357-364.

[Sta95]
W. Stallings, Network and Internetwork Security - Principles and Practice, Prentice-Hall, New Jersey, 1995.

[Sti95]
D.R. Stinson, Cryptography - Theory and Practice, CRC Press, Boca Raton, 1995.

[SV93]
M. Shand and J. Vuillemin, Fast implementations of RSA cryptography, Proceedings of the 11th IEEE Symposium on Computer Arithmetic, IEEE Computer Society Press (1993), 252-259,

[Ver26]
G.S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. Amer. Inst. Elec. Eng. 45 (1926), 109-115.

[VP92]
E. van Heyst and T.P. Pederson, How to make efficient fail-stop signatures, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 366-377.

[VW91]
P. van Oorschot and M. Wiener, A known plaintext attack on two-key triple encryption, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 318-325.

[VW94]
P. van Oorschot and M. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of 2nd ACM Conference on Computer and Communication Security (1994).

[Wie94]
M.J. Wiener, Efficient DES key search, Technical Report TR244, School of Computer Science, Carleton University, Ottawa, Canada, 1994.

[Wie98]
M.J. Wiener, Performance Comparison of Public-Key Cryptosytstems, CryptoBytes (1) 4 (Summer 1998).

[Yuv79]
G. Yuval, How to swindle Rabin, Cryptologia (July 1979).

[Yin97]
Y.L. Yin, The RC5 encryption algorithm: two years on, CryptoBytes (3) 2 (Winter 1997).

[ZPS93]
Y. Zheng, J. Pieprzyk and J. Seberry, HAVAL - a one-way hashing algorithm with variable length output, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1993), 83-104.


Top of the page
Notes: