RSA Laboratories - Appendix C References

Bibliography

[ACG84]: W. Alexi, B. Chor, O. Goldreich, and C.P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM Journal of Computing (2) 17 (1988), 194-209.
[AD97]: M. Ajtai and C. Dwork, A public-key cryptosystem with worst-case/average-case equivalence, Proc. 29th ACM STOC (1997), 284-297.
[Adl95]: L.M. Adleman, On constructing a molecular computer, draft, University of Southern California, January 1995.
[Adl96]: L.M. Adleman, Statement, Cryptographer's Expert Panel, RSA Data Security Conference, San Francisco, CA, January 17, 1996.
[AGL95]: D. Atkins, M. Graff, A.K. Lenstra and P.C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 263-277.
[AHU74]: Aho, Hopcroft, and Ullman, The Design and Analysis of Computer Algorithms, Addison-Wesley, 1974.
[ANS83]: American National Standards Institute, American National Standard X3.106-1983 (R1996): Data Encryption Algorithm, Modes of Operations for the, 1983.
[ANS86a]: American National Standards Institute, ANSI X9.9: Financial Institution Message Authentication (Wholesale), 1986.
[ANS94a]: American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.42-1993: Public Key Cryptography for the Financial Services Industry: Management of Symmetric Algorithm Keys Using Diffie-Hellman, American Bankers Association, 1994.
[ANS94b]: American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.44: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry: Transport of Symmetric Algorithm Keys Using RSA, American Bankers Association, 1994.
[ANS95]: American National Standards Institute, ANSI X9.17: Financial Institution Key Management (Wholesale), 1995.
[ANS96]: American National Standards Institute, ANSI X9.19: Financial Institution Retail Message Authentication, 1986.
[ANS97]: American National Standards Institute, ANSI X9.30.1-1997: Public-Key Cryptography for the Financial Services Industry - Part 1: The Digital Signature Algorithm (DSA), American Bankers Association, 1997.
[ANS98]: American National Standards Institute, ANSI X9.31-1998: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry (rDSA), 1998.
[ARV95]: W. Aiello, S. Rajagopalan, and R. Venkatesan, Design of practical and provably good random number generators (extended abstract), Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (1995), 1-9.
[Bam82]: J. Bamford, The Puzzle Palace, Houghton Mifflin, Boston, 1982.
[Bar92]: J.P. Barlow, Decrypting the puzzle palace, Communications of the ACM (7) 35 (1992) 25-31.
[BBB92]: C. Bennett, F. Bessette, G. Brassard, L. Savail, and J. Smolin, Experimental quantum cryptography, Journal of Cryptology (1) 5 (1992), 3-28.
[BBC88]: P. Beauchemin, G. Brassard, C. Crepeau, C. Goutier, and C. Pomerance, The generation of random numbers that are probably prime, Journal of Cryptology 1 (1988), 53-64.
[BBL95]: D. Bleichenbacher, W. Bosma, and A. Lenstra, Some remarks on Lucas-based cryptosystems, Advances in Cryptology - Crypto '95, Springer-Verlag (1995). 386-396,
[BBS86]: L. Blum, M. Blum, and M. Shub, A simple unpredictable random number generator, SIAM Journal on Computing 15 (1986), 364-383.
[BD93b]: J. Brandt and I. Damgard, On generation of probable primes by incremental search, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 358-370.
[BDK93]: E.F. Brickell, D.E. Denning, S.T. Kent, D.P. Maher, and W. Tuchman, Skipjack Review, Interim Report: The Skipjack Algorithm, 1993.
[BDN97]: W. Burr, D. Dodson, N. Nazario, and W. T. Polk, MISPC, Minimum Interoperability Specification for PKI Components, Version 1, NIST, 1997.
[Bea95]: D. Beaver, Factoring: The DNA solution, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 419-423.
[Ben82]: P. Benioff, Quantum mechanical Hamiltonian models of Turing machines, Journal of Statistical Physics (3) 29 (1982), 515-546.
[BG85]: M. Blum and S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 289-299,.
[BGH95]: M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, iKP - A Family of Secure Electronic Payment Protocols, Usenix Electronic Commerce Workshop, July 1995.
[BHS93]: D. Bayer, S. Haber, and W.S. Stornetta, Improving the efficiency and reliability of digital timestamping, Proceedings Sequences II: Methods in Communication, Security, and Computer Science, Springer-Verlag (1993), 329-334.
[Bih95]: E. Biham, Cryptanalysis of Multiple Modes of Operation, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 278-292.
[BK98]: A. Biryukov and E. Kushilevitz, Improved cryptanalysis of RC5, Advances in Cryptology - Eurocrypt '98, Springer Verlag (1998).
[BKR94]: M. Bellare, J. Killian and P. Rogaway, The security of cipher block chaining, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 341-358.
[Bla79]: G.R. Blakley, Safeguarding cryptographic keys, AFIPS Conference Proceedings 48 (1979), 313-317.
[Bla94]: Matt Blaze, Protocol Failure in the Escrowed Encryption Standard, Proceedings of the 2nd ACM Conference on Computer and Communications Security (1994), 59-67.
[BLP94]: J.P. Buhler, H.W. Lenstra, and C. Pomerance, The development of the number field sieve, Volume 1554 of Lecture Notes in Computer Science, Springer-Verlag, 1994.
[BLS88]: J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, and S.S. Wagstaff Jr, Factorizations of bⁿ ±1, b = 2,3,5,6,7,10,11,12 up to High Powers, Volume 22 of Contemporary Mathematics, 2nd edition, American Mathematical Society, 1988.
[BLZ94]: J. Buchmann, J. Loho, and J. Zayer, An implementation of the general number field sieve, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 159-166.
[BM84]: M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits, SIAM Journal on Computing (4) 13 (1984), 850-863.
[BR93]: M. Bellare and P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proceedings of the first Annual Conference on Computer and Communications Security (1993), 62-73.
[BR94]: M. Bellare and P. Rogaway, Optimal asymmetric encryption, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 92-111.
[BR96]: M. Bellare and P. Rogaway, The exact security of digital signatures how to sign with RSA and Rabin, Advances in Cryptology - Eurocrypt '96, Springer-Verlag (1996), 399-414.
[Bra88]: G. Brassard, Modern Cryptology, Springer-Verlag, 1988.
[Bra93]: G. Brassard, Cryptography column - Quantum cryptography: A bibliography, Sigact News (3) 24 (1993), 16-20.
[Bra95a]: G. Brassard, The computer in the 21st Century, Scientific American (March 1995).
[Bra95b]: G. Brassard, The impending demise of RSA? CryptoBytes (1) 1 (Spring 1995).
[Bra95c]: G. Brassard, A quantum jump in computer science, Current Trends in Computer Science, Springer-Verlag (1995), 1-14.
[Bre89]: D.M. Bressoud, Factorization and Primality Testing, Springer-Verlag, 1989.
[Bri85]: E.F. Brickell, Breaking iterated knapsacks, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 342-358.
[BS91a]: E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 2-21.
[BS91b]: E. Biham and A. Shamir, Differential cryptanalysis of FEAL and N-Hash, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 156-171.
[BS93a]: E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 487-496.
[BS93b]: E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
[BV98]: D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring, Advances in Cryptology - Eurocrypt '98, Springer-Verlag (1998), 59-71.
[CCI88a]: CCITT, Recommendation X.400: Message Handling System and Service Overview, 1988.
[CCI88b]: CCITT, Recommendation X.500: The Directory Overview of Concepts, Models and Services, 1988.
[CCI88c]: CCITT, Recommendation X.509: The Directory Authentication Framework, 1988.
[CCI91]: CCITT, Recommendation X.435: Message Handling Systems: EDI Messaging System, 1991.
[CFG95]: S. Crocker, N. Freed, J. Galvin, and S. Murphy, RFC 1848: MIME Object Security Services. CyberCash, Inc., Innosoft International, Inc., and Trusted Information Systems, 1995.
[CFN88]: D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology - Crypto '88, Springer-Verlag (1988), 319-327.
[CGH97]: Canetti, R. Gennaro, A. Herzberg and D. Naor, Proactive Security: Long-term Protection Against Break-ins, CryptoBytes (1) 3 (Spring 1997).
[Cha83]: D. Chaum, Blind signatures for untraceable payments, Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199-203.
[Cha85]: D. Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM 28 (10) (1985), 1030-1044.
[Cha94]: D. Chaum, Designated confirmer signatures, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 86-91.
[CJ98]: F. Chabaud and A. Joux, Differential Collisions in SHA-0, Advances in Cryptology - Crypto '98 Springer-Verlag (1998), 56-71.
[CKM94]: D. Coppersmith, H. Krawczyz and Y. Mansour, The shrinking generator, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 22-38.
[CLR90]: T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms, MIT Press, Cambridge, Massachusetts, 1990.
[Cop92]: D. Coppersmith, The data encryption standard and its strength against attacks, IBM Research Report RC 18613 (81421), T. J. Watson research center, 1992.
[COS86]: D. Coppersmith, A.M. Odlyzko, and R. Schroeppel, Discrete logarithms in GF(p), Algorithmica 1 (1986), 1-15.
[CP94]: L. Chen and T.P. Pederson, New group signature schemes, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 171-181.
[CP95]: L. Chen and T.P. Pedersen, On the efficiency of group signatures: providing information-theoretic anonymity, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 39-49.
[CR88]: B. Chor and R.L. Rivest, A knapsack-type public-key cryptosystem based on arithmetic in finite fields, IEEE Transactions on Information Theory (5) 34 (1988), 901-909.
[CR97]: G. Caronni and M. Robshaw, How Exhausting is Exhaustive Search?, CryptoBytes (3) 2 (Winter 1997).
[CV90]: D. Chaum and H. van Antwerpen, Undeniable signatures, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 212-216.
[CV91]: D. Chaum and E. van Heijst, Group signatures, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991) 257-265.
[CV92]: D. Chaum and H. van Antwerpen, Cryptographically strong undeniable signatures, unconditionally secure for the signer, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 470-484.
[CW93]: K.W. Campbell and M.J. Wiener, DES is not a group, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 512-520.
[Dam90]: I. Damgård, A design principle for hash functions, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 416-427.
[Dav82]: G. Davida, Chosen signature cryptanalysis of the RSA public key cryptosystem, Technical Report TR-CS-82-2, Department of EECS, University of Wisconsin, Milwaukee, 1982.
[DB92]: B. den Boer and A. Bosselaers, An attack on the last two rounds of MD4, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 194-203.
[DB94]: B. den Boer and A. Bosselaers, Collisions for the compression function of MD5, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1994), 293-304.
[DB95]: D.E. Denning and D.K. Branstad, A taxonomy for key escrow encryption systems, 1995.
[DB96]: D.E. Denning and D. Branstad, A Taxonomy for Key Escrow Encryption Systems, Communications of the ACM (3) 39 (1996), 34-40.
[DB96b]: H. Dobbertin, The Status of MD5 After a Recent Attack, CryptoBytes (2) 2 (Summer 1996).
[DBP96]: H. Dobbertin, A. Bosselaers, and B. Preneel, RIPEMD-160: A strengthened version of RIPEMD, Proceedings of 3rd International Workshop on Fast Software Encryption, Springer-Verlag (1996), 71-82.
[Den93]: D.E. Denning, The Clipper encryption system, American Scientist (4) 81 (1993), 319-323.
[Den95]: D.E. Denning, The Case for ``Clipper,'' Technology Review (July 1995), 48-55.
[Des95]: Y. Desmedt, Securing traceability of ciphertexts - Towards a secure software key escrow system, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 147-157.
[Deu92]: D. Deutsch, Quantum theory, the Church-Turing principle and the universal quantum computer, Proceedings of the Royal Society of London, Series A 439 (1992).
[DGV94]: J. Daemen, R. Govaerts, and J. Vandewalle, Weak keys for IDEA, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 224-231.
[DH76]: W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22 (1976), 644-654.
[DH77]: W. Diffie and M.E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer 10 (1977), 74-84.
[Dif88]: W. Diffie, The first ten years of public-key cryptography, Proceedings of the IEEE 76 (1988), 560-577.
[DIP94]: D. Davis, R. Ihaka, and P. Fenstermacher, Cryptographic randomness from air turbulence in disk drives, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 114-120.
[DL95]: B. Dodson and A.K. Lenstra, NFS with four large primes: An explosive experiment, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 372-385.
[DO86]: Y. Desmedt and A.M. Odlyzko, A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 516-522.
[Dob95]: H. Dobbertin, Alf Swindles Ann, CryptoBytes (3) 1 (Autumn 1995).
[DP83]: D.W. Davies and G.I. Parkin, The average cycle size of the key stream in output feedback encipherment, Advances in Cryptology - Crypto '82, Plenum Press (1983), 97-98.
[DVW92]: W. Diffie, P.C. van Oorschot, and M.J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography 2 (1992), 107-125.
[ECS94]: D. Eastlake, 3rd, S. Crocker, and J. Schiller, RFC 1750: Randomness Recommendations for Security, DEC, Cybercash, and MIT, 1994.
[EGM89]: S. Even, O. Goldreich, and S. Micali, On-Line/Off-Line Digital Signatures, Advances in Cryptology - Crypto '89 Springer-Verlag (1990), 263-275.
[Elg85]: T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory 31 (1985), 469-472.
[EPIC99]: Electronic Privacy Information Center, Cryptography and Liberty 1999, An International Survey of Encryption Policy, Washington, DC, 1999. ¹
[Fei73]: H. Feistel, Cryptography and Computer Privacy, Scientific American (May 1973).
[Fey82]: R.P. Feynman, Simulating physics with computers, International Journal of Theoretical Physics (6) 21 (1982), 467-488.
[Fey86]: R.P. Feynman, Quantum mechanical computers, Optic News (February 1985); Reprinted in Foundations of Physics (6) 16 (1986), 507-531.
[FFS88]: U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptography 1 (1988), 66-94.
[FGM97]: Y. Frankel, P. Gemmel, P. D. MacKenzie and M. Yung, Proactive RSA, Advances in Cryptology - Crypto '97, Springer-Verlag (1997), 440-454.
[For94]: W. Ford, Computer Communications Security Principles, Standard Protocols and Techniques, Prentice-Hall, New Jersey (1994).
[Fra98]: J.B. Fraleigh, An Introduction to Abstract Algebra, 6th edition, Addison-Wesley, 1998.
[FR95]: P. Fahn and M.J.B. Robshaw, Results from the RSA Factoring Challenge, Technical Report TR-501, version 1.3, RSA Laboratories, January 1995.
[FS87]: A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Advances in Cryptology - Crypto '86, Springer-Verlag (1987), 186-194.
[FY94]: M. Franklin and M. Yung, Blind Weak Signature and its Applications: Putting Non-Cryptographic Secure Computation to Work, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 67-76.
[Gan95]: R. Ganesan. Yaksha, Augmenting Kerberos with public key cryptography, Proceedings of the 1995 Internet Society Symposium on Network and Distributed Systems Security, IEEE Press (1995), 132-143.
[GC89]: D. Gollman and W.G. Chambers, Clock-controlled shift registers: a review, IEEE Journal on Selected Areas in Communications (4) 7 (1989), 525-533.
[Gib93]: J.K. Gibson, Severely denting the Babidulin version of the McElience public key cryptosystem, Preproceedings of the 4th IMA Conference on Cryptography and Coding (1993).
[GJ79]: Michael R. Garey and David S. Johnson, Computers and Intractability - A Guide to the Theory of NP-Completeness, W.H. Freeman, New York, 1979.
[GJK96]: R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin, Robust Threshold DSS Signatures, Advances in Cryptology - Eurocrypt '96, Springer-Verlag, (1996), 354-371.
[GM84]: S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences, 28 (1984), 270-299.
[GM93]: D.M. Gordon and K.S. McCurley, Massively parallel computation of discrete logarithms, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 312-323.
[GMR86]: S. Goldwasser, S. Micali, and R. Rivest, A digital signature scheme secure against adaptive chosen message attack, SIAM Journal on Computing (2) 17 (1988), 289-308.
[Gor93]: D.M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal of Computing (1) 6 (1993), 124-138.
[GPT91]: E.M. Gabidulin, A.V. Paramonov, and O.V. Tretjakov, Ideals over a non-commutative ring and their application in cryptology, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 482-489.
[GQ88]: L.C. Guillou and J.J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, Advances in Cryptology - Eurocrypt '88, Springer-Verlag (1988), 123-128.
[H as88]: J. Håstad, Solving simultaneous modular equations of low degree, SIAM Journal of Computing 17 (1988), 336-341.
[Hel80]: M.E. Hellman, A cryptanalytic time-memory trade off, IEEE Transactions on Information Theory 26 (1980), 401-406.
[Hic95]: K.E.B. Hickman, The SSL Protocol, December 1995.²
[HJJ97]: A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk and M. Yung, Proactive Public Key and Signature Systems, 1997 ACM Conference on Computers and Communication Security (1997).
[HS91]: S. Haber and W.S. Stornetta, How to timestamp a digital document, Journal of Cryptology (2) 3 (1991), 99-111.
[ISO87]: ISO DIS 8730, Banking requirements for message authentication (wholesale), 1987.
[ISO91]: ISO/IEC 9979, Data Cryptographic Techniques - Procedures for the Registration of Cryptographic Algorithms, 1991.
[ISO92a]: ISO/IEC 9798, Entity authentication mechanisms using symmetric techniques, 1992.
[ISO92b]: ISO/IEC 10116, Modes of operation for an n-bit block cipher algorithm, 1992.
[ISO92c]: ISO/IEC 10118, Information technology - Security techniques - Hash functions, 1992.
[Jue83]: R.R. Jueneman, Analysis of certain aspects of output feedback mode, Advances in Cryptology - Crypto '82, Plenum Press (1983), 99-127.
[Kah67]: D. Kahn, The Codebreakers, Macmillan Co., New York, 1967.
[Kal92]: B.S. Kaliski Jr, RFC 1319: The MD2 Message-Digest Algorithm, RSA Laboratories, April 1992.
[Kal93a]: B.S. Kaliski Jr, RFC 1424: Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, RSA Laboratories, February 1993.
[Kal93b]: B.S. Kaliski Jr, A survey of encryption standards, IEEE Micro (6) 13 (1993), 74-81.
[Ken93]: S. Kent, RFC 1422: Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Internet Activities Board, February 1993.
[KM96]: L.R. Knudsen and W. Meier, Improved differential attacks on RC5, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 216-228.
[KNT94]: J. Kohl, B. Neuman, and T. Tso, The evolution of the Kerberos authentication service, Distributed Open Systems, IEEE Press (1994).
[Knu81]: D.E. Knuth, The Art of Computer Programming, volume 2, Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981.
[Knu93]: L.R. Knudsen, Practically secure Feistel ciphers, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 211-221.
[Knu95]: L.R. Knudsen, A key-schedule weakness in SAFER K-64, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 274-286.
[Kob87]: N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation 48 (1997), 203-209.
[Kob94]: N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, 1994.
[Koç94]: Ç. K. Koç, High-Speed RSA Implementation, Technical Report TR-201, version 2.0, RSA Laboratories, November 1994.
[Koç95]: Ç. K. Koç, RSA Hardware Implementation, Technical Report TR-801, version 1.0, RSA Laboratories, August 1995.
[Koh90]: J.T. Kohl, The Use of Encryption in Kerberos for Network Authentication, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 35-43.
[KR94]: B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations, Advances in Cryptology - Crypto '94, Springer-Verlag (1994) 26-39.
[KR95a]: B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations and FEAL, Proceedings of 2nd International Workshop on Fast Software Encryption, Springer-Verlag (1995), 249-264.
[KR95b]: B.S. Kaliski Jr. and M.J.B. Robshaw, Message authentication with MD5, CryptoBytes (1) 1 (Spring 1995).
[KR95c]: B.S. Kaliski Jr. and M.J.B. Robshaw, The secure use of RSA, CryptoBytes (3) 1 (Autumn 1995).
[KR96]: B.S. Kaliski Jr. and M.J.B. Robshaw, Multiple encryption: weighing up security and performance, Dr. Dobb's Journal 243 (1996), 123-127.
[Kra93]: D. Kravitz, Digital signature algorithm. U.S. Patent 5,231,668, July 27, 1993.
[KRS88]: B.S. Kaliski Jr., R.L. Rivest, and A.T. Sherman, Is the data encryption standard a group? Journal of Cryptology 1 (1988), 3-36.
[KSW96]: J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and Triple-DES, Advances in Cryptology-CRYPTO '96 Proceedings, Springer-Verlag (1996), 237-251.
[KY95]: B.S. Kaliski Jr. and Y.L. Yin, On differential and linear cryptanalysis of the RC5 encryption algorithm, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 171-183.
[Lan88]: S. Landau, Zero knowledge and the Department of Defense, Notices of the American Mathematical Society 35 (1988), 5-12.
[Len87]: H.W. Lenstra Jr, Factoring integers with elliptic curves, Annals of Mathematics 126 (1987), 649-673.
[LH94]: S.K. Langford and M.E. Hellman, Differential-linear cryptanalysis, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 17-25.
[Lin93]: J. Linn, RFC 1508: Generic Security Services Application Programming Interface, Geer Zolot Associates, September 1993.
[Lip94]: R.J. Lipton, Speeding up computations via molecular biology, draft, Princeton University, December 1994.
[LL90]: A.K. Lenstra and H.W. Lenstra Jr, Algorithms in number theory, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam (1990), 673-715.
[LM91]: X. Lai and J.L. Massey, A proposal for a new block encryption standard, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 389-404.
[LMM92]: X. Lai, J.L. Massey and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1992), 17-38.
[LP98]: Harry R. Lewis and Christos H. Papadimitriou, Elements of the Theory of Computation, 2nd edition, Prentice Hall, Upper Saddle River, NJ, 1998.
[LRW92]: X. Lai, R.A. Rueppel, and J. Woollven, A fast cryptographic checksum algorithm based on stream ciphers, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1992), 339-348.
[LV00]: A.K. Lenstra and E.R. Verheul, Selecting Cryptographic Key Sizes, The 2000 International Workshop on Practice and Theory in Public Key Cryptography (PKC2000), Melbourne, Australia (January 2000).
[Mas93]: J.L. Massey, SAFER K-64: A byte-oriented block ciphering algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 1-17.
[Mas95]: J.L. Massey, SAFER K-64: One year later, Proceedings of 2nd Workshop on Fast Software Encryption, Springer-Verlag (1995), 212-241.
[Mat93]: M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 386-397.
[Mat94]: M. Matsui, The first experimental cryptanalysis of the data encryption standard, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 1-11.
[Mat96]: T. Matthews, Suggestions for random number generation in software, Bulletin No. 1, RSA Laboratories, January 1996.
[Mau94]: U. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 271-281.
[Mce78]: R.J. McEliece, A public-key cryptosystem based on algebraic coding theory, JPL DSN Progress Report 4244 (1978), 114-116.
[Mcn95]: F.L. McNulty, Clipper Alive and well as a voluntary government standard for telecommunications, The 1995 RSA Data Security Conference (January 1995).
[Men93]: A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993.
[Men95]: A. Menezes, Elliptic Curve Cryptosystems, CryptoBytes (2) 1 (Summer 1995).
[Mer79]: R.C. Merkle, Secrecy, authentication and public-key systems, Ph. D. Thesis, Stanford University, 1979.
[Mer90a]: R.C. Merkle, One way hash functions and DES, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446.
[Mer90b]: R.C. Merkle, A digital signature based on a conventional encryption function, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446.
[Mer91]: R.C. Merkle, Fast software encryption functions, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 627-638.
[MH78]: R.C. Merkle and M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, IEEE Transactions on Information Theory 24 (1978), 525-530.
[MH81]: R.C. Merkle and M.E. Hellman, On the security of multiple encryption, Communications of the ACM textbf24 (1981), 465-467.
[Mic93]: S. Micali, Fair public-key cryptosystems, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 113-138.
[Mil86]: V.S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 417-426.
[MOV90]: A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, Unpublished manuscript, September 1990.
[MQV95]: A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995).
[MS95b]: W. Meier and O. Staffelbach, The self-shrinking generator, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 205-214.
[Mur90]: S. Murphy, The cryptanalysis of FEAL-4 with 20 chosen plaintexts, Journal of Cryptology (3) 2 (1990), 145-154.
[MY92]: M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEAL cipher, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 81-91.
[NIS80]: National Institute of Standards and Technology (NIST), FIPS Publication 81: DES Modes of Operation, 1980.
[NIS85]: National Institute of Standards and Technology (NIST), FIPS Publication 113: Computer Data Authentication, 1985.
[NIS92]: National Institute of Standards and Technology (NIST), The Digital Signature Standard, proposal and discussion, Communications of the ACM (7) 35 (1992), 36-54.
[NIS93a]: National Institute of Standards and Technology (NIST), FIPS Publication 180: Secure Hash Standard (SHS), 1993.
[NIS93b]: National Institute of Standards and Technology (NIST), FIPS Publication 46-2: Data Encryption Standard, 1993.
[NIS94a]: National Institute of Standards and Technology (NIST), FIPS Publication 185: Escrowed Encryption Standard, 1994.
[NIS94b]: National Institute of Standards and Technology (NIST), FIPS Publication 186: Digital Signature Standard (DSS), 1994.
[NIS94c]: National Institute of Standards and Technology (NIST), Announcement of Weakness in the Secure Hash Standard, 1994.
[NK95]: K. Nyberg and L.R. Knudsen, Provable security against a differential attack, Journal of Cryptology (1) 8 (1995), 27-37.
[NMR94]: D. Naccache, D. M'raïhi, D. Raphaeli, and S. Vaudenay, Can D.S.A. be improved? Complexity trade-offs with the Digital Signature Standard, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 77-85.
[NS78]: R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM 21 (1978), 993-999.
[NS94]: M. Naor and A. Shamir, Visual cryptography, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 1-12.
[NSA95]: NSA Cross Organization CAPI Team, Security Service API: Cryptographic API Recommendation, 1995.
[Nyb95]: K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 439-444.
[OA94]: K. Ohta and K. Aoki, Linear cryptanalysis of the fast data encipherment algorithm, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 12-16.
[Oco95]: L. O'Connor, A unified markov approach to differential and linear cryptanalysis, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 387-397.
[Odl84]: A.M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology - Eurocrypt '84, Springer-Verlag (1984), 224-314.
[Odl95]: A.M. Odlyzko, The future of integer factorization, CryptoBytes (2) 1 (Summer 1995).
[OG96]: The Open Group, Generic Cryptographic Service API (GCS-API), 1996³
[OG99]: The Open Group, Architecture for Public-Key Infrastructure (APKI), 1999.
[Pol74]: J. Pollard, Theorems of factorization and primality testing, Proceedings of Cambridge Philosophical Society 76 (1974), 521-528.
[Pol75]: J. Pollard, Monte Carlo method for factorization, BIT 15 (1975), 331-334.
[Pre93]: B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis, Katholieke University Leuven, 1993.
[Pre94]: B. Preneel, The State of DES, 1994 RSA Laboratories Seminar Series (August 1994).
[PV95]: B. Preneel and P.C. van Oorschot, MDx-MAC and Building Fast MACs from Hash Functions, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 1-14.
[QG90]: J.J. Quisquater and L. Guillou, How to explain zero-knowledge protocols to your children, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 628-631.
[Rab79]: M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, Technical Report MIT/LCS/TR-212, MIT, 1979.
[RC93]: P. Rogaway and D. Coppersmith, A software-optimized encryption algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 56-63.
[RC95]: N. Rogier and P. Chauvaud, The compression function of MD2 is not collision free, Selected Areas in Cryptography '95, Ottawa, Canada (May 1995).
[RG91]: D. Russell and G.T. Gangemi Sr, Computer Security Basics, O'Reilly & Associates, Inc., 1991.
[Riv90]: R.L. Rivest, Cryptography, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam, 1990, 719-755.
[Riv91a]: R.L. Rivest, Finding four million random primes, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 625-626.
[Riv91b]: R.L. Rivest, The MD4 message digest algorithm, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 303-311.
[Riv92a]: R.L. Rivest, Response to NIST's proposal, Communications of the ACM 35 (1992), 41-47.
[Riv92b]: R.L. Rivest, RFC 1320: The MD4 Message-Digest Algorithm, Network Working Group, 1992.
[Riv92c]: R.L. Rivest, RFC 1321: The MD5 Message-Digest Algorithm, Internet Activities Board, 1992.
[Riv95]: R.L. Rivest, The RC5 encryption algorithm, CryptoBytes (1) 1 (Spring 1995).
[RK96]: Joe Kilian and Phillip Rogaway, How to protect DES against exhaustive key search, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 252-267.
[Rob95a]: M.J.B. Robshaw, Stream Ciphers Technical Report TR-701, version 2.0, RSA Laboratories, 1995.
[Rob95b]: M.J.B. Robshaw, MD2, MD4, MD5, SHA and Other Hash Functions, Technical Report TR-101, version 4.0, RSA Laboratories, 1995.
[Rob95c]: M.J.B. Robshaw, Security estimates for 512-bit RSA, Technical Note, RSA Laboratories, 1995.
[Rob96]: M.J.B. Robshaw, On Recent Results for MD2, MD4 and MD5, RSA Laboratories Bulletin 4 (November 1996).
[Rog96]: P. Rogaway, The security of DESX, CryptoBytes (2) 2 (Summer 1996).
[RS95]: E. Rescorla and A. Schiffman, The Secure HyperText Transfer Protocol, Internet-Draft, EIT, 1995.
[RSA78]: R.L. Rivest, A. Shamir, and L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM (2) 21 (1978), 120-126.
[Rue92]: R.A. Rueppel, Stream ciphers, Contemporary Cryptology - The Science of Information Integrity (1992), IEEE Press.
[RY97]: M.J.B. Robshaw and Y.L. Yin, Elliptic Curve Cryptosystems, Technical Note, RSA Laboratories, 1997.
[SB93]: M.E. Smid and D.K. Branstad, Response to comments on the NIST proposed Digital Signature Standard, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 76-87.
[Sch83]: I. Schaumuller-Bichl, Cryptanalysis of the Data Encryption Standard by a method of formal coding, Cryptography, Proc. Burg Feuerstein 1982 149 (1983), 235-255.
[Sch90]: C.P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 239-251.
[Sch91]: C.P. Schnorr, Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system, U.S. Patent 4,995,082, February 19, 1991.
[Sch93]: B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 191-204.
[Sch95]: B. Schneier, The Blowfish encryption algorithm: one year later, Dr. Dobb's Journal 234 (1995), 137-138.
[Sch96]: B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, 1995.
[Sel98]: A. A. Selcuk, New results in linear cryptanalysis of RC5, Proceedings of 5th International Workshop on Fast Software Encryption, Springer Verlag (1998), 1-16.
[SH95]: C.P. Schnorr and H.H. Hörner, Attacking the Chor-Rivest cryptosystem by improved lattice reduction, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 1-12.
[Sha49]: C.E. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal 28 (1949), 656-715.
[Sha79]: A. Shamir, How to share a secret, Communications of the ACM 22 (1979), 612-613.
[Sha84]: A. Shamir, A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem, IEEE Transactions on Information Theory, (5) 30 (1984), 699-704.
[Sha95]: M. Shand, Personal communication, 1995.
[Sho94]: P.W. Shor, Algorithms for quantum computation: Discrete logarithms and factoring, Proceedings of the 35th Annual IEEE Symposium on the Foundations of Computer Science (1994), 124-134.
[Sil87]: R.D. Silverman, The multiple polynomial quadratic sieve, Mathematics of Computation 48 (1987), 329-339.
[Sim83]: G.J. Simmons, The Prisoner's Problem and the Subliminal Channel, Advances in Cryptology - Crypto '83, Plenum Press (1984), 51-70.
[Sim92]: G.J. Simmons, editor, Contemporary Cryptology - The Science of Information Integrity, IEEE Press, 1992.
[Sim93a]: G.J. Simmons, Subliminal Communication is Easy Using DSA, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 218-232.
[Sim93b]: G.J. Simmons, The Subliminal Signatures in the U.S. Digital Signature Algorithm (DSA), 3rd Symposium on State and Progress of Research in Cryptography (February 15-16, 1993), Rome, Italy.
[SM88]: A. Shimizu and S. Miyaguchi, Fast data encipherment algorithm FEAL, Advances in Cryptology - Eurocrypt '87, Springer-Verlag (1988), 267-280.
[SPC95]: M. Stadler, J.M. Piveteau, and J. Carmenisch, Fair blind signatures, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 209-219.
[SS95]: P. Smith and C. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 357-364.
[Sta95]: W. Stallings, Network and Internetwork Security - Principles and Practice, Prentice-Hall, New Jersey, 1995.
[Sti95]: D.R. Stinson, Cryptography - Theory and Practice, CRC Press, Boca Raton, 1995.
[SV93]: M. Shand and J. Vuillemin, Fast implementations of RSA cryptography, Proceedings of the 11th IEEE Symposium on Computer Arithmetic, IEEE Computer Society Press (1993), 252-259,
[Ver26]: G.S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. Amer. Inst. Elec. Eng. 45 (1926), 109-115.
[VP92]: E. van Heyst and T.P. Pederson, How to make efficient fail-stop signatures, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 366-377.
[VW91]: P. van Oorschot and M. Wiener, A known plaintext attack on two-key triple encryption, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 318-325.
[VW94]: P. van Oorschot and M. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of 2nd ACM Conference on Computer and Communication Security (1994).
[Wie94]: M.J. Wiener, Efficient DES key search, Technical Report TR244, School of Computer Science, Carleton University, Ottawa, Canada, 1994.
[Wie98]: M.J. Wiener, Performance Comparison of Public-Key Cryptosytstems, CryptoBytes (1) 4 (Summer 1998).
[Yuv79]: G. Yuval, How to swindle Rabin, Cryptologia (July 1979).
[Yin97]: Y.L. Yin, The RC5 encryption algorithm: two years on, CryptoBytes (3) 2 (Winter 1997).
[ZPS93]: Y. Zheng, J. Pieprzyk and J. Seberry, HAVAL - a one-way hashing algorithm with variable length output, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1993), 83-104.

Footnotes:

¹ http://www.epic.org/crypto/.

² http://www.netscape.com/eng/security/SSL_2.html.

³ http://www.opengroup.org/pubs/catalog/.

Public-Key Cryptography Standards (PKCS) PKCS #1: RSA Cryptography Standard Section Index Foreword PKCS #3: Diffie-Hellman Key Agreement Standard PKCS #5: Password-Based Cryptography Standard Chapter 1 Introduction Chapter 2 Cryptography PKCS #6: Extended-Certificate Syntax Standard PKCS #7: Cryptographic Message Syntax Standard Chapter 3 Techniques in Cryptography Chapter 4 Applications of Cryptography PKCS #8: Private-Key Information Syntax Standard PKCS #9: Selected Attribute Types Chapter 5 Cryptography in the Real World Chapter 6 Laws Concerning Cryptography PKCS #10: Certification Request Syntax Standard PKCS #11: Cryptographic Token Interface Standard Chapter 7 Miscellaneous Topics Chapter 8 Further Reading PKCS #12: Personal Information Exchange Syntax Standard PKCS #13: Elliptic Curve Cryptography Standard Appendix A Mathematical concepts Appendix B Glossary PKCS #15: Cryptographic Token Information Format Standard PKCS Mailing Lists Appendix C References Workshops PKCS News Archives Guidelines for Contributions to the Public-Key Cryptography Standards (PKCS) One-Time Password Specifications (OTPS)	Home: Standards Initiatives: Public-Key Cryptography Standards (PKCS) Appendix C References Bibliography [ACG84] W. Alexi, B. Chor, O. Goldreich, and C.P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM Journal of Computing (2) 17 (1988), 194-209. [AD97] M. Ajtai and C. Dwork, A public-key cryptosystem with worst-case/average-case equivalence, Proc. 29th ACM STOC (1997), 284-297. [Adl95] L.M. Adleman, On constructing a molecular computer, draft, University of Southern California, January 1995. [Adl96] L.M. Adleman, Statement, Cryptographer's Expert Panel, RSA Data Security Conference, San Francisco, CA, January 17, 1996. [AGL95] D. Atkins, M. Graff, A.K. Lenstra and P.C. Leyland, The magic words are squeamish ossifrage, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 263-277. [AHU74] Aho, Hopcroft, and Ullman, The Design and Analysis of Computer Algorithms, Addison-Wesley, 1974. [ANS83] American National Standards Institute, American National Standard X3.106-1983 (R1996): Data Encryption Algorithm, Modes of Operations for the, 1983. [ANS86a] American National Standards Institute, ANSI X9.9: Financial Institution Message Authentication (Wholesale), 1986. [ANS94a] American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.42-1993: Public Key Cryptography for the Financial Services Industry: Management of Symmetric Algorithm Keys Using Diffie-Hellman, American Bankers Association, 1994. [ANS94b] American National Standards Institute, Accredited Standards Committee X9 Working Draft: ANSI X9.44: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry: Transport of Symmetric Algorithm Keys Using RSA, American Bankers Association, 1994. [ANS95] American National Standards Institute, ANSI X9.17: Financial Institution Key Management (Wholesale), 1995. [ANS96] American National Standards Institute, ANSI X9.19: Financial Institution Retail Message Authentication, 1986. [ANS97] American National Standards Institute, ANSI X9.30.1-1997: Public-Key Cryptography for the Financial Services Industry - Part 1: The Digital Signature Algorithm (DSA), American Bankers Association, 1997. [ANS98] American National Standards Institute, ANSI X9.31-1998: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry (rDSA), 1998. [ARV95] W. Aiello, S. Rajagopalan, and R. Venkatesan, Design of practical and provably good random number generators (extended abstract), Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (1995), 1-9. [Bam82] J. Bamford, The Puzzle Palace, Houghton Mifflin, Boston, 1982. [Bar92] J.P. Barlow, Decrypting the puzzle palace, Communications of the ACM (7) 35 (1992) 25-31. [BBB92] C. Bennett, F. Bessette, G. Brassard, L. Savail, and J. Smolin, Experimental quantum cryptography, Journal of Cryptology (1) 5 (1992), 3-28. [BBC88] P. Beauchemin, G. Brassard, C. Crepeau, C. Goutier, and C. Pomerance, The generation of random numbers that are probably prime, Journal of Cryptology 1 (1988), 53-64. [BBL95] D. Bleichenbacher, W. Bosma, and A. Lenstra, Some remarks on Lucas-based cryptosystems, Advances in Cryptology - Crypto '95, Springer-Verlag (1995). 386-396, [BBS86] L. Blum, M. Blum, and M. Shub, A simple unpredictable random number generator, SIAM Journal on Computing 15 (1986), 364-383. [BD93b] J. Brandt and I. Damgard, On generation of probable primes by incremental search, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 358-370. [BDK93] E.F. Brickell, D.E. Denning, S.T. Kent, D.P. Maher, and W. Tuchman, Skipjack Review, Interim Report: The Skipjack Algorithm, 1993. [BDN97] W. Burr, D. Dodson, N. Nazario, and W. T. Polk, MISPC, Minimum Interoperability Specification for PKI Components, Version 1, NIST, 1997. [Bea95] D. Beaver, Factoring: The DNA solution, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 419-423. [Ben82] P. Benioff, Quantum mechanical Hamiltonian models of Turing machines, Journal of Statistical Physics (3) 29 (1982), 515-546. [BG85] M. Blum and S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 289-299,. [BGH95] M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, iKP - A Family of Secure Electronic Payment Protocols, Usenix Electronic Commerce Workshop, July 1995. [BHS93] D. Bayer, S. Haber, and W.S. Stornetta, Improving the efficiency and reliability of digital timestamping, Proceedings Sequences II: Methods in Communication, Security, and Computer Science, Springer-Verlag (1993), 329-334. [Bih95] E. Biham, Cryptanalysis of Multiple Modes of Operation, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 278-292. [BK98] A. Biryukov and E. Kushilevitz, Improved cryptanalysis of RC5, Advances in Cryptology - Eurocrypt '98, Springer Verlag (1998). [BKR94] M. Bellare, J. Killian and P. Rogaway, The security of cipher block chaining, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 341-358. [Bla79] G.R. Blakley, Safeguarding cryptographic keys, AFIPS Conference Proceedings 48 (1979), 313-317. [Bla94] Matt Blaze, Protocol Failure in the Escrowed Encryption Standard, Proceedings of the 2nd ACM Conference on Computer and Communications Security (1994), 59-67. [BLP94] J.P. Buhler, H.W. Lenstra, and C. Pomerance, The development of the number field sieve, Volume 1554 of Lecture Notes in Computer Science, Springer-Verlag, 1994. [BLS88] J. Brillhart, D.H. Lehmer, J.L. Selfridge, B. Tuckerman, and S.S. Wagstaff Jr, Factorizations of bⁿ ±1, b = 2,3,5,6,7,10,11,12 up to High Powers, Volume 22 of Contemporary Mathematics, 2nd edition, American Mathematical Society, 1988. [BLZ94] J. Buchmann, J. Loho, and J. Zayer, An implementation of the general number field sieve, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 159-166. [BM84] M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits, SIAM Journal on Computing (4) 13 (1984), 850-863. [BR93] M. Bellare and P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proceedings of the first Annual Conference on Computer and Communications Security (1993), 62-73. [BR94] M. Bellare and P. Rogaway, Optimal asymmetric encryption, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 92-111. [BR96] M. Bellare and P. Rogaway, The exact security of digital signatures how to sign with RSA and Rabin, Advances in Cryptology - Eurocrypt '96, Springer-Verlag (1996), 399-414. [Bra88] G. Brassard, Modern Cryptology, Springer-Verlag, 1988. [Bra93] G. Brassard, Cryptography column - Quantum cryptography: A bibliography, Sigact News (3) 24 (1993), 16-20. [Bra95a] G. Brassard, The computer in the 21st Century, Scientific American (March 1995). [Bra95b] G. Brassard, The impending demise of RSA? CryptoBytes (1) 1 (Spring 1995). [Bra95c] G. Brassard, A quantum jump in computer science, Current Trends in Computer Science, Springer-Verlag (1995), 1-14. [Bre89] D.M. Bressoud, Factorization and Primality Testing, Springer-Verlag, 1989. [Bri85] E.F. Brickell, Breaking iterated knapsacks, Advances in Cryptology - Crypto '84, Springer-Verlag (1985), 342-358. [BS91a] E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 2-21. [BS91b] E. Biham and A. Shamir, Differential cryptanalysis of FEAL and N-Hash, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 156-171. [BS93a] E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 487-496. [BS93b] E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993. [BV98] D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring, Advances in Cryptology - Eurocrypt '98, Springer-Verlag (1998), 59-71. [CCI88a] CCITT, Recommendation X.400: Message Handling System and Service Overview, 1988. [CCI88b] CCITT, Recommendation X.500: The Directory Overview of Concepts, Models and Services, 1988. [CCI88c] CCITT, Recommendation X.509: The Directory Authentication Framework, 1988. [CCI91] CCITT, Recommendation X.435: Message Handling Systems: EDI Messaging System, 1991. [CFG95] S. Crocker, N. Freed, J. Galvin, and S. Murphy, RFC 1848: MIME Object Security Services. CyberCash, Inc., Innosoft International, Inc., and Trusted Information Systems, 1995. [CFN88] D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology - Crypto '88, Springer-Verlag (1988), 319-327. [CGH97] Canetti, R. Gennaro, A. Herzberg and D. Naor, Proactive Security: Long-term Protection Against Break-ins, CryptoBytes (1) 3 (Spring 1997). [Cha83] D. Chaum, Blind signatures for untraceable payments, Advances in Cryptology - Crypto '82, Springer-Verlag (1983), 199-203. [Cha85] D. Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM 28 (10) (1985), 1030-1044. [Cha94] D. Chaum, Designated confirmer signatures, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 86-91. [CJ98] F. Chabaud and A. Joux, Differential Collisions in SHA-0, Advances in Cryptology - Crypto '98 Springer-Verlag (1998), 56-71. [CKM94] D. Coppersmith, H. Krawczyz and Y. Mansour, The shrinking generator, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 22-38. [CLR90] T.H. Cormen, C.E. Leiserson, and R.L. Rivest, Introduction to Algorithms, MIT Press, Cambridge, Massachusetts, 1990. [Cop92] D. Coppersmith, The data encryption standard and its strength against attacks, IBM Research Report RC 18613 (81421), T. J. Watson research center, 1992. [COS86] D. Coppersmith, A.M. Odlyzko, and R. Schroeppel, Discrete logarithms in GF(p), Algorithmica 1 (1986), 1-15. [CP94] L. Chen and T.P. Pederson, New group signature schemes, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 171-181. [CP95] L. Chen and T.P. Pedersen, On the efficiency of group signatures: providing information-theoretic anonymity, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 39-49. [CR88] B. Chor and R.L. Rivest, A knapsack-type public-key cryptosystem based on arithmetic in finite fields, IEEE Transactions on Information Theory (5) 34 (1988), 901-909. [CR97] G. Caronni and M. Robshaw, How Exhausting is Exhaustive Search?, CryptoBytes (3) 2 (Winter 1997). [CV90] D. Chaum and H. van Antwerpen, Undeniable signatures, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 212-216. [CV91] D. Chaum and E. van Heijst, Group signatures, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991) 257-265. [CV92] D. Chaum and H. van Antwerpen, Cryptographically strong undeniable signatures, unconditionally secure for the signer, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 470-484. [CW93] K.W. Campbell and M.J. Wiener, DES is not a group, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 512-520. [Dam90] I. Damgård, A design principle for hash functions, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 416-427. [Dav82] G. Davida, Chosen signature cryptanalysis of the RSA public key cryptosystem, Technical Report TR-CS-82-2, Department of EECS, University of Wisconsin, Milwaukee, 1982. [DB92] B. den Boer and A. Bosselaers, An attack on the last two rounds of MD4, Advances in Cryptology - Crypto '91, Springer-Verlag (1992), 194-203. [DB94] B. den Boer and A. Bosselaers, Collisions for the compression function of MD5, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1994), 293-304. [DB95] D.E. Denning and D.K. Branstad, A taxonomy for key escrow encryption systems, 1995. [DB96] D.E. Denning and D. Branstad, A Taxonomy for Key Escrow Encryption Systems, Communications of the ACM (3) 39 (1996), 34-40. [DB96b] H. Dobbertin, The Status of MD5 After a Recent Attack, CryptoBytes (2) 2 (Summer 1996). [DBP96] H. Dobbertin, A. Bosselaers, and B. Preneel, RIPEMD-160: A strengthened version of RIPEMD, Proceedings of 3rd International Workshop on Fast Software Encryption, Springer-Verlag (1996), 71-82. [Den93] D.E. Denning, The Clipper encryption system, American Scientist (4) 81 (1993), 319-323. [Den95] D.E. Denning, The Case for ``Clipper,'' Technology Review (July 1995), 48-55. [Des95] Y. Desmedt, Securing traceability of ciphertexts - Towards a secure software key escrow system, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 147-157. [Deu92] D. Deutsch, Quantum theory, the Church-Turing principle and the universal quantum computer, Proceedings of the Royal Society of London, Series A 439 (1992). [DGV94] J. Daemen, R. Govaerts, and J. Vandewalle, Weak keys for IDEA, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 224-231. [DH76] W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22 (1976), 644-654. [DH77] W. Diffie and M.E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer 10 (1977), 74-84. [Dif88] W. Diffie, The first ten years of public-key cryptography, Proceedings of the IEEE 76 (1988), 560-577. [DIP94] D. Davis, R. Ihaka, and P. Fenstermacher, Cryptographic randomness from air turbulence in disk drives, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 114-120. [DL95] B. Dodson and A.K. Lenstra, NFS with four large primes: An explosive experiment, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 372-385. [DO86] Y. Desmedt and A.M. Odlyzko, A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 516-522. [Dob95] H. Dobbertin, Alf Swindles Ann, CryptoBytes (3) 1 (Autumn 1995). [DP83] D.W. Davies and G.I. Parkin, The average cycle size of the key stream in output feedback encipherment, Advances in Cryptology - Crypto '82, Plenum Press (1983), 97-98. [DVW92] W. Diffie, P.C. van Oorschot, and M.J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography 2 (1992), 107-125. [ECS94] D. Eastlake, 3rd, S. Crocker, and J. Schiller, RFC 1750: Randomness Recommendations for Security, DEC, Cybercash, and MIT, 1994. [EGM89] S. Even, O. Goldreich, and S. Micali, On-Line/Off-Line Digital Signatures, Advances in Cryptology - Crypto '89 Springer-Verlag (1990), 263-275. [Elg85] T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory 31 (1985), 469-472. [EPIC99] Electronic Privacy Information Center, Cryptography and Liberty 1999, An International Survey of Encryption Policy, Washington, DC, 1999. ¹ [Fei73] H. Feistel, Cryptography and Computer Privacy, Scientific American (May 1973). [Fey82] R.P. Feynman, Simulating physics with computers, International Journal of Theoretical Physics (6) 21 (1982), 467-488. [Fey86] R.P. Feynman, Quantum mechanical computers, Optic News (February 1985); Reprinted in Foundations of Physics (6) 16 (1986), 507-531. [FFS88] U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptography 1 (1988), 66-94. [FGM97] Y. Frankel, P. Gemmel, P. D. MacKenzie and M. Yung, Proactive RSA, Advances in Cryptology - Crypto '97, Springer-Verlag (1997), 440-454. [For94] W. Ford, Computer Communications Security Principles, Standard Protocols and Techniques, Prentice-Hall, New Jersey (1994). [Fra98] J.B. Fraleigh, An Introduction to Abstract Algebra, 6th edition, Addison-Wesley, 1998. [FR95] P. Fahn and M.J.B. Robshaw, Results from the RSA Factoring Challenge, Technical Report TR-501, version 1.3, RSA Laboratories, January 1995. [FS87] A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Advances in Cryptology - Crypto '86, Springer-Verlag (1987), 186-194. [FY94] M. Franklin and M. Yung, Blind Weak Signature and its Applications: Putting Non-Cryptographic Secure Computation to Work, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 67-76. [Gan95] R. Ganesan. Yaksha, Augmenting Kerberos with public key cryptography, Proceedings of the 1995 Internet Society Symposium on Network and Distributed Systems Security, IEEE Press (1995), 132-143. [GC89] D. Gollman and W.G. Chambers, Clock-controlled shift registers: a review, IEEE Journal on Selected Areas in Communications (4) 7 (1989), 525-533. [Gib93] J.K. Gibson, Severely denting the Babidulin version of the McElience public key cryptosystem, Preproceedings of the 4th IMA Conference on Cryptography and Coding (1993). [GJ79] Michael R. Garey and David S. Johnson, Computers and Intractability - A Guide to the Theory of NP-Completeness, W.H. Freeman, New York, 1979. [GJK96] R. Gennaro, S. Jarecki, H. Krawczyk and T. Rabin, Robust Threshold DSS Signatures, Advances in Cryptology - Eurocrypt '96, Springer-Verlag, (1996), 354-371. [GM84] S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences, 28 (1984), 270-299. [GM93] D.M. Gordon and K.S. McCurley, Massively parallel computation of discrete logarithms, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 312-323. [GMR86] S. Goldwasser, S. Micali, and R. Rivest, A digital signature scheme secure against adaptive chosen message attack, SIAM Journal on Computing (2) 17 (1988), 289-308. [Gor93] D.M. Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM Journal of Computing (1) 6 (1993), 124-138. [GPT91] E.M. Gabidulin, A.V. Paramonov, and O.V. Tretjakov, Ideals over a non-commutative ring and their application in cryptology, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1991), 482-489. [GQ88] L.C. Guillou and J.J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, Advances in Cryptology - Eurocrypt '88, Springer-Verlag (1988), 123-128. [H as88] J. Håstad, Solving simultaneous modular equations of low degree, SIAM Journal of Computing 17 (1988), 336-341. [Hel80] M.E. Hellman, A cryptanalytic time-memory trade off, IEEE Transactions on Information Theory 26 (1980), 401-406. [Hic95] K.E.B. Hickman, The SSL Protocol, December 1995.² [HJJ97] A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk and M. Yung, Proactive Public Key and Signature Systems, 1997 ACM Conference on Computers and Communication Security (1997). [HS91] S. Haber and W.S. Stornetta, How to timestamp a digital document, Journal of Cryptology (2) 3 (1991), 99-111. [ISO87] ISO DIS 8730, Banking requirements for message authentication (wholesale), 1987. [ISO91] ISO/IEC 9979, Data Cryptographic Techniques - Procedures for the Registration of Cryptographic Algorithms, 1991. [ISO92a] ISO/IEC 9798, Entity authentication mechanisms using symmetric techniques, 1992. [ISO92b] ISO/IEC 10116, Modes of operation for an n-bit block cipher algorithm, 1992. [ISO92c] ISO/IEC 10118, Information technology - Security techniques - Hash functions, 1992. [Jue83] R.R. Jueneman, Analysis of certain aspects of output feedback mode, Advances in Cryptology - Crypto '82, Plenum Press (1983), 99-127. [Kah67] D. Kahn, The Codebreakers, Macmillan Co., New York, 1967. [Kal92] B.S. Kaliski Jr, RFC 1319: The MD2 Message-Digest Algorithm, RSA Laboratories, April 1992. [Kal93a] B.S. Kaliski Jr, RFC 1424: Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, RSA Laboratories, February 1993. [Kal93b] B.S. Kaliski Jr, A survey of encryption standards, IEEE Micro (6) 13 (1993), 74-81. [Ken93] S. Kent, RFC 1422: Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Internet Activities Board, February 1993. [KM96] L.R. Knudsen and W. Meier, Improved differential attacks on RC5, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 216-228. [KNT94] J. Kohl, B. Neuman, and T. Tso, The evolution of the Kerberos authentication service, Distributed Open Systems, IEEE Press (1994). [Knu81] D.E. Knuth, The Art of Computer Programming, volume 2, Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981. [Knu93] L.R. Knudsen, Practically secure Feistel ciphers, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 211-221. [Knu95] L.R. Knudsen, A key-schedule weakness in SAFER K-64, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 274-286. [Kob87] N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation 48 (1997), 203-209. [Kob94] N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, 1994. [Koç94] Ç. K. Koç, High-Speed RSA Implementation, Technical Report TR-201, version 2.0, RSA Laboratories, November 1994. [Koç95] Ç. K. Koç, RSA Hardware Implementation, Technical Report TR-801, version 1.0, RSA Laboratories, August 1995. [Koh90] J.T. Kohl, The Use of Encryption in Kerberos for Network Authentication, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 35-43. [KR94] B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations, Advances in Cryptology - Crypto '94, Springer-Verlag (1994) 26-39. [KR95a] B.S. Kaliski Jr. and M.J.B. Robshaw, Linear cryptanalysis using multiple approximations and FEAL, Proceedings of 2nd International Workshop on Fast Software Encryption, Springer-Verlag (1995), 249-264. [KR95b] B.S. Kaliski Jr. and M.J.B. Robshaw, Message authentication with MD5, CryptoBytes (1) 1 (Spring 1995). [KR95c] B.S. Kaliski Jr. and M.J.B. Robshaw, The secure use of RSA, CryptoBytes (3) 1 (Autumn 1995). [KR96] B.S. Kaliski Jr. and M.J.B. Robshaw, Multiple encryption: weighing up security and performance, Dr. Dobb's Journal 243 (1996), 123-127. [Kra93] D. Kravitz, Digital signature algorithm. U.S. Patent 5,231,668, July 27, 1993. [KRS88] B.S. Kaliski Jr., R.L. Rivest, and A.T. Sherman, Is the data encryption standard a group? Journal of Cryptology 1 (1988), 3-36. [KSW96] J. Kelsey, B. Schneier, and D. Wagner, Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and Triple-DES, Advances in Cryptology-CRYPTO '96 Proceedings, Springer-Verlag (1996), 237-251. [KY95] B.S. Kaliski Jr. and Y.L. Yin, On differential and linear cryptanalysis of the RC5 encryption algorithm, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 171-183. [Lan88] S. Landau, Zero knowledge and the Department of Defense, Notices of the American Mathematical Society 35 (1988), 5-12. [Len87] H.W. Lenstra Jr, Factoring integers with elliptic curves, Annals of Mathematics 126 (1987), 649-673. [LH94] S.K. Langford and M.E. Hellman, Differential-linear cryptanalysis, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 17-25. [Lin93] J. Linn, RFC 1508: Generic Security Services Application Programming Interface, Geer Zolot Associates, September 1993. [Lip94] R.J. Lipton, Speeding up computations via molecular biology, draft, Princeton University, December 1994. [LL90] A.K. Lenstra and H.W. Lenstra Jr, Algorithms in number theory, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam (1990), 673-715. [LM91] X. Lai and J.L. Massey, A proposal for a new block encryption standard, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 389-404. [LMM92] X. Lai, J.L. Massey and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology - Eurocrypt '91, Springer-Verlag (1992), 17-38. [LP98] Harry R. Lewis and Christos H. Papadimitriou, Elements of the Theory of Computation, 2nd edition, Prentice Hall, Upper Saddle River, NJ, 1998. [LRW92] X. Lai, R.A. Rueppel, and J. Woollven, A fast cryptographic checksum algorithm based on stream ciphers, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1992), 339-348. [LV00] A.K. Lenstra and E.R. Verheul, Selecting Cryptographic Key Sizes, The 2000 International Workshop on Practice and Theory in Public Key Cryptography (PKC2000), Melbourne, Australia (January 2000). [Mas93] J.L. Massey, SAFER K-64: A byte-oriented block ciphering algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 1-17. [Mas95] J.L. Massey, SAFER K-64: One year later, Proceedings of 2nd Workshop on Fast Software Encryption, Springer-Verlag (1995), 212-241. [Mat93] M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 386-397. [Mat94] M. Matsui, The first experimental cryptanalysis of the data encryption standard, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 1-11. [Mat96] T. Matthews, Suggestions for random number generation in software, Bulletin No. 1, RSA Laboratories, January 1996. [Mau94] U. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 271-281. [Mce78] R.J. McEliece, A public-key cryptosystem based on algebraic coding theory, JPL DSN Progress Report 4244 (1978), 114-116. [Mcn95] F.L. McNulty, Clipper Alive and well as a voluntary government standard for telecommunications, The 1995 RSA Data Security Conference (January 1995). [Men93] A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993. [Men95] A. Menezes, Elliptic Curve Cryptosystems, CryptoBytes (2) 1 (Summer 1995). [Mer79] R.C. Merkle, Secrecy, authentication and public-key systems, Ph. D. Thesis, Stanford University, 1979. [Mer90a] R.C. Merkle, One way hash functions and DES, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446. [Mer90b] R.C. Merkle, A digital signature based on a conventional encryption function, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 428-446. [Mer91] R.C. Merkle, Fast software encryption functions, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 627-638. [MH78] R.C. Merkle and M.E. Hellman, Hiding information and signatures in trapdoor knapsacks, IEEE Transactions on Information Theory 24 (1978), 525-530. [MH81] R.C. Merkle and M.E. Hellman, On the security of multiple encryption, Communications of the ACM textbf24 (1981), 465-467. [Mic93] S. Micali, Fair public-key cryptosystems, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 113-138. [Mil86] V.S. Miller, Use of elliptic curves in cryptography, Advances in Cryptology - Crypto '85, Springer-Verlag (1986), 417-426. [MOV90] A. Menezes, T. Okamoto, and S. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, Unpublished manuscript, September 1990. [MQV95] A. Menezes, M. Qu, and S. Vanstone, Some new key agreement protocols providing implicit authentication, Preproceedings of Workshops on Selected Areas in Cryptography (1995). [MS95b] W. Meier and O. Staffelbach, The self-shrinking generator, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 205-214. [Mur90] S. Murphy, The cryptanalysis of FEAL-4 with 20 chosen plaintexts, Journal of Cryptology (3) 2 (1990), 145-154. [MY92] M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEAL cipher, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 81-91. [NIS80] National Institute of Standards and Technology (NIST), FIPS Publication 81: DES Modes of Operation, 1980. [NIS85] National Institute of Standards and Technology (NIST), FIPS Publication 113: Computer Data Authentication, 1985. [NIS92] National Institute of Standards and Technology (NIST), The Digital Signature Standard, proposal and discussion, Communications of the ACM (7) 35 (1992), 36-54. [NIS93a] National Institute of Standards and Technology (NIST), FIPS Publication 180: Secure Hash Standard (SHS), 1993. [NIS93b] National Institute of Standards and Technology (NIST), FIPS Publication 46-2: Data Encryption Standard, 1993. [NIS94a] National Institute of Standards and Technology (NIST), FIPS Publication 185: Escrowed Encryption Standard, 1994. [NIS94b] National Institute of Standards and Technology (NIST), FIPS Publication 186: Digital Signature Standard (DSS), 1994. [NIS94c] National Institute of Standards and Technology (NIST), Announcement of Weakness in the Secure Hash Standard, 1994. [NK95] K. Nyberg and L.R. Knudsen, Provable security against a differential attack, Journal of Cryptology (1) 8 (1995), 27-37. [NMR94] D. Naccache, D. M'raïhi, D. Raphaeli, and S. Vaudenay, Can D.S.A. be improved? Complexity trade-offs with the Digital Signature Standard, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 77-85. [NS78] R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM 21 (1978), 993-999. [NS94] M. Naor and A. Shamir, Visual cryptography, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1994), 1-12. [NSA95] NSA Cross Organization CAPI Team, Security Service API: Cryptographic API Recommendation, 1995. [Nyb95] K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology - Eurocrypt '94, Springer-Verlag (1995), 439-444. [OA94] K. Ohta and K. Aoki, Linear cryptanalysis of the fast data encipherment algorithm, Advances in Cryptology - Crypto '94, Springer-Verlag (1994), 12-16. [Oco95] L. O'Connor, A unified markov approach to differential and linear cryptanalysis, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 387-397. [Odl84] A.M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology - Eurocrypt '84, Springer-Verlag (1984), 224-314. [Odl95] A.M. Odlyzko, The future of integer factorization, CryptoBytes (2) 1 (Summer 1995). [OG96] The Open Group, Generic Cryptographic Service API (GCS-API), 1996³ [OG99] The Open Group, Architecture for Public-Key Infrastructure (APKI), 1999. [Pol74] J. Pollard, Theorems of factorization and primality testing, Proceedings of Cambridge Philosophical Society 76 (1974), 521-528. [Pol75] J. Pollard, Monte Carlo method for factorization, BIT 15 (1975), 331-334. [Pre93] B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis, Katholieke University Leuven, 1993. [Pre94] B. Preneel, The State of DES, 1994 RSA Laboratories Seminar Series (August 1994). [PV95] B. Preneel and P.C. van Oorschot, MDx-MAC and Building Fast MACs from Hash Functions, Advances in Cryptology - Crypto '95, Springer-Verlag (1995), 1-14. [QG90] J.J. Quisquater and L. Guillou, How to explain zero-knowledge protocols to your children, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 628-631. [Rab79] M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, Technical Report MIT/LCS/TR-212, MIT, 1979. [RC93] P. Rogaway and D. Coppersmith, A software-optimized encryption algorithm, Proceedings of 1st International Workshop on Fast Software Encryption, Springer Verlag (1993), 56-63. [RC95] N. Rogier and P. Chauvaud, The compression function of MD2 is not collision free, Selected Areas in Cryptography '95, Ottawa, Canada (May 1995). [RG91] D. Russell and G.T. Gangemi Sr, Computer Security Basics, O'Reilly & Associates, Inc., 1991. [Riv90] R.L. Rivest, Cryptography, Handbook of Theoretical Computer Science, volume A (editor: J. van Leeuwen), MIT Press/Elsevier, Amsterdam, 1990, 719-755. [Riv91a] R.L. Rivest, Finding four million random primes, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 625-626. [Riv91b] R.L. Rivest, The MD4 message digest algorithm, Advances in Cryptology - Crypto '90, Springer-Verlag (1991), 303-311. [Riv92a] R.L. Rivest, Response to NIST's proposal, Communications of the ACM 35 (1992), 41-47. [Riv92b] R.L. Rivest, RFC 1320: The MD4 Message-Digest Algorithm, Network Working Group, 1992. [Riv92c] R.L. Rivest, RFC 1321: The MD5 Message-Digest Algorithm, Internet Activities Board, 1992. [Riv95] R.L. Rivest, The RC5 encryption algorithm, CryptoBytes (1) 1 (Spring 1995). [RK96] Joe Kilian and Phillip Rogaway, How to protect DES against exhaustive key search, Advances in Cryptology - Crypto '96, Springer-Verlag (1996), 252-267. [Rob95a] M.J.B. Robshaw, Stream Ciphers Technical Report TR-701, version 2.0, RSA Laboratories, 1995. [Rob95b] M.J.B. Robshaw, MD2, MD4, MD5, SHA and Other Hash Functions, Technical Report TR-101, version 4.0, RSA Laboratories, 1995. [Rob95c] M.J.B. Robshaw, Security estimates for 512-bit RSA, Technical Note, RSA Laboratories, 1995. [Rob96] M.J.B. Robshaw, On Recent Results for MD2, MD4 and MD5, RSA Laboratories Bulletin 4 (November 1996). [Rog96] P. Rogaway, The security of DESX, CryptoBytes (2) 2 (Summer 1996). [RS95] E. Rescorla and A. Schiffman, The Secure HyperText Transfer Protocol, Internet-Draft, EIT, 1995. [RSA78] R.L. Rivest, A. Shamir, and L.M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM (2) 21 (1978), 120-126. [Rue92] R.A. Rueppel, Stream ciphers, Contemporary Cryptology - The Science of Information Integrity (1992), IEEE Press. [RY97] M.J.B. Robshaw and Y.L. Yin, Elliptic Curve Cryptosystems, Technical Note, RSA Laboratories, 1997. [SB93] M.E. Smid and D.K. Branstad, Response to comments on the NIST proposed Digital Signature Standard, Advances in Cryptology - Crypto '92, Springer-Verlag (1993), 76-87. [Sch83] I. Schaumuller-Bichl, Cryptanalysis of the Data Encryption Standard by a method of formal coding, Cryptography, Proc. Burg Feuerstein 1982 149 (1983), 235-255. [Sch90] C.P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology - Crypto '89, Springer-Verlag (1990), 239-251. [Sch91] C.P. Schnorr, Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system, U.S. Patent 4,995,082, February 19, 1991. [Sch93] B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), Proceedings of 1st International Workshop on Fast Software Encryption, Springer-Verlag (1993), 191-204. [Sch95] B. Schneier, The Blowfish encryption algorithm: one year later, Dr. Dobb's Journal 234 (1995), 137-138. [Sch96] B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, 1995. [Sel98] A. A. Selcuk, New results in linear cryptanalysis of RC5, Proceedings of 5th International Workshop on Fast Software Encryption, Springer Verlag (1998), 1-16. [SH95] C.P. Schnorr and H.H. Hörner, Attacking the Chor-Rivest cryptosystem by improved lattice reduction, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 1-12. [Sha49] C.E. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal 28 (1949), 656-715. [Sha79] A. Shamir, How to share a secret, Communications of the ACM 22 (1979), 612-613. [Sha84] A. Shamir, A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem, IEEE Transactions on Information Theory, (5) 30 (1984), 699-704. [Sha95] M. Shand, Personal communication, 1995. [Sho94] P.W. Shor, Algorithms for quantum computation: Discrete logarithms and factoring, Proceedings of the 35th Annual IEEE Symposium on the Foundations of Computer Science (1994), 124-134. [Sil87] R.D. Silverman, The multiple polynomial quadratic sieve, Mathematics of Computation 48 (1987), 329-339. [Sim83] G.J. Simmons, The Prisoner's Problem and the Subliminal Channel, Advances in Cryptology - Crypto '83, Plenum Press (1984), 51-70. [Sim92] G.J. Simmons, editor, Contemporary Cryptology - The Science of Information Integrity, IEEE Press, 1992. [Sim93a] G.J. Simmons, Subliminal Communication is Easy Using DSA, Advances in Cryptology - Eurocrypt '93, Springer-Verlag (1993), 218-232. [Sim93b] G.J. Simmons, The Subliminal Signatures in the U.S. Digital Signature Algorithm (DSA), 3rd Symposium on State and Progress of Research in Cryptography (February 15-16, 1993), Rome, Italy. [SM88] A. Shimizu and S. Miyaguchi, Fast data encipherment algorithm FEAL, Advances in Cryptology - Eurocrypt '87, Springer-Verlag (1988), 267-280. [SPC95] M. Stadler, J.M. Piveteau, and J. Carmenisch, Fair blind signatures, Advances in Cryptology - Eurocrypt '95, Springer-Verlag (1995), 209-219. [SS95] P. Smith and C. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, Advances in Cryptology - Asiacrypt '94, Springer-Verlag (1995), 357-364. [Sta95] W. Stallings, Network and Internetwork Security - Principles and Practice, Prentice-Hall, New Jersey, 1995. [Sti95] D.R. Stinson, Cryptography - Theory and Practice, CRC Press, Boca Raton, 1995. [SV93] M. Shand and J. Vuillemin, Fast implementations of RSA cryptography, Proceedings of the 11th IEEE Symposium on Computer Arithmetic, IEEE Computer Society Press (1993), 252-259, [Ver26] G.S. Vernam, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. Amer. Inst. Elec. Eng. 45 (1926), 109-115. [VP92] E. van Heyst and T.P. Pederson, How to make efficient fail-stop signatures, Advances in Cryptology - Eurocrypt '92, Springer-Verlag (1992), 366-377. [VW91] P. van Oorschot and M. Wiener, A known plaintext attack on two-key triple encryption, Advances in Cryptology - Eurocrypt '90, Springer-Verlag (1991), 318-325. [VW94] P. van Oorschot and M. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of 2nd ACM Conference on Computer and Communication Security (1994). [Wie94] M.J. Wiener, Efficient DES key search, Technical Report TR244, School of Computer Science, Carleton University, Ottawa, Canada, 1994. [Wie98] M.J. Wiener, Performance Comparison of Public-Key Cryptosytstems, CryptoBytes (1) 4 (Summer 1998). [Yuv79] G. Yuval, How to swindle Rabin, Cryptologia (July 1979). [Yin97] Y.L. Yin, The RC5 encryption algorithm: two years on, CryptoBytes (3) 2 (Winter 1997). [ZPS93] Y. Zheng, J. Pieprzyk and J. Seberry, HAVAL - a one-way hashing algorithm with variable length output, Advances in Cryptology - Auscrypt '92, Springer-Verlag (1993), 83-104. Footnotes: ¹ http://www.epic.org/crypto/. ² http://www.netscape.com/eng/security/SSL_2.html. ³ http://www.opengroup.org/pubs/catalog/. Top of Page
		Email to a friend Print