The Joy of CryptographyBibilography
| [1] |
M. R. Albrecht, K. G. Paterson, and G. J. Watson. Plaintext recovery attacks against SSH. In 2009 IEEE Symposium on Security and Privacy, pages 16–26. IEEE Computer Society Press, May 2009. |
| [2] |
N. J. AlFardan and K. G. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In 2013 IEEE Symposium on Security and Privacy, pages 526–540. IEEE Computer Society Press, May 2013. |
| [3] |
J. Alwen, S. Coretti, and Y. Dodis. The double ratchet: Security notions, proofs, and modularization for the Signal protocol. In Y. Ishai and V. Rijmen, editors, Advances in Cryptology – EUROCRYPT 2019, Part I, volume 11476 of Lecture Notes in Computer Science, pages 129–158. Springer, Heidelberg, May 2019. |
| [4] |
J. Alwen, S. Coretti, Y. Dodis, and Y. Tselekounis. Security analysis and improvements for the IETF MLS standard for group messaging. In D. Micciancio and T. Ristenpart, editors, Advances in Cryptology – CRYPTO 2020, Part I, volume 12170 of Lecture Notes in Computer Science, pages 248–277. Springer, Heidelberg, Aug. 2020. |
| [5] |
J. Alwen, S. Coretti, Y. Dodis, and Y. Tselekounis. Modular design of secure group messaging protocols and the security of MLS. In G. Vigna and E. Shi, editors, ACM CCS 2021: 28th Conference on Computer and Communications Security, pages 1463–1483. ACM Press, Nov. 2021. |
| [6] |
B. Applebaum, D. Cash, C. Peikert, and A. Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In S. Halevi, editor, Advances in Cryptology – CRYPTO 2009, volume 5677 of Lecture Notes in Computer Science, pages 595–618. Springer, Heidelberg, Aug. 2009. |
| [7] |
S. Arora and B. Barak. Computational Complexity: A Modern Approach. Cambridge University Press, 2009. |
| [8] |
R. Avanzi, J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J. M. Schanck, P. Schwabe, G. Seiler, and D. Stehlé. CRYSTALS-Kyber: algorithm specifications and supporting documentation, 2021. https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf. |
| [9] |
E. Barker, A. Roginsky, and R. Davis. Recommendation for cryptographic key generation. NIST Special Publication 800-133, Revision 2, 2020. |
| [10] |
G. Barthe, D. Hedin, S. Zanella-Béguelin, B. Grégoire, and S. Heraud. A machine-checked formalization of sigma-protocols. In A. Myers and M. Backes, editors, CSF 2010: IEEE 23rd Computer Security Foundations Symposium, pages 246–260. IEEE Computer Society Press, 2010. |
| [11] |
D. Basin, C. Cremers, and S. Meier. Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security, 21(6):817–846, 2013. |
| [12] |
M. Bellare. New proofs for NMAC and HMAC: Security without collision-resistance. In C. Dwork, editor, Advances in Cryptology – CRYPTO 2006, volume 4117 of Lecture Notes in Computer Science, pages 602–619. Springer, Heidelberg, Aug. 2006. |
| [13] |
M. Bellare, A. Boldyreva, and A. Palacio. An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In C. Cachin and J. Camenisch, editors, Advances in Cryptology – EUROCRYPT 2004, volume 3027 of Lecture Notes in Computer Science, pages 171–188. Springer, Heidelberg, May 2004. |
| [14] |
M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology – CRYPTO'96, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer, Heidelberg, Aug. 1996. |
| [15] |
M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. In 38th Annual Symposium on Foundations of Computer Science, pages 394–403. IEEE Computer Society Press, Oct. 1997. |
| [16] |
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In H. Krawczyk, editor, Advances in Cryptology – CRYPTO'98, volume 1462 of Lecture Notes in Computer Science, pages 26–45. Springer, Heidelberg, Aug. 1998. |
| [17] |
M. Bellare, O. Goldreich, and A. Mityagin. The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004/309, 2004. https://eprint.iacr.org/2004/309. |
| [18] |
M. Bellare, R. Guérin, and P. Rogaway. XOR MACs: New methods for message authentication using finite pseudorandom functions. In D. Coppersmith, editor, Advances in Cryptology – CRYPTO'95, volume 963 of Lecture Notes in Computer Science, pages 15–28. Springer, Heidelberg, Aug. 1995. |
| [19] |
M. Bellare, D. Hofheinz, and E. Kiltz. Subtleties in the definition of IND-CCA: When and how should challenge decryption be disallowed? Journal of Cryptology, 28(1):29–48, Jan. 2015. |
| [20] |
M. Bellare, J. Kilian, and P. Rogaway. The security of cipher block chaining. In Y. Desmedt, editor, Advances in Cryptology – CRYPTO'94, volume 839 of Lecture Notes in Computer Science, pages 341–358. Springer, Heidelberg, Aug. 1994. |
| [21] |
M. Bellare, T. Kohno, and C. Namprempre. Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol. In V. Atluri, editor, ACM CCS 2002: 9th Conference on Computer and Communications Security, pages 1–11. ACM Press, Nov. 2002. |
| [22] |
M. Bellare, T. Krovetz, and P. Rogaway. Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible. In K. Nyberg, editor, Advances in Cryptology – EUROCRYPT'98, volume 1403 of Lecture Notes in Computer Science, pages 266–280. Springer, Heidelberg, May / June 1998. |
| [23] |
M. Bellare and D. Micciancio. A new paradigm for collision-free hashing: Incrementality at reduced cost. In W. Fumy, editor, Advances in Cryptology – EUROCRYPT'97, volume 1233 of Lecture Notes in Computer Science, pages 163–192. Springer, Heidelberg, May 1997. |
| [24] |
M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology – ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer, Heidelberg, Dec. 2000. |
| [25] |
M. Bellare and G. Neven. Multi-signatures in the plain public-key model and a general forking lemma. In A. Juels, R. N. Wright, and S. De Capitani di Vimercati, editors, ACM CCS 2006: 13th Conference on Computer and Communications Security, pages 390–399. ACM Press, Oct. / Nov. 2006. |
| [26] |
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In D. E. Denning, R. Pyle, R. Ganesan, R. S. Sandhu, and V. Ashby, editors, ACM CCS 93: 1st Conference on Computer and Communications Security, pages 62–73. ACM Press, Nov. 1993. |
| [27] |
M. Bellare and P. Rogaway. Entity authentication and key distribution. In D. R. Stinson, editor, Advances in Cryptology – CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 232–249. Springer, Heidelberg, Aug. 1994. |
| [28] |
M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In U. M. Maurer, editor, Advances in Cryptology – EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 399–416. Springer, Heidelberg, May 1996. |
| [29] |
M. Bellare and P. Rogaway. Code-based game-playing proofs and the security of triple encryption. Cryptology ePrint Archive, Report 2004/331, 2004. https://eprint.iacr.org/2004/331. |
| [30] |
M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. In S. Vaudenay, editor, Advances in Cryptology – EUROCRYPT 2006, volume 4004 of Lecture Notes in Computer Science, pages 409–426. Springer, Heidelberg, May / June 2006. |
| [31] |
M. Bellare, A. C. Singh, J. Jaeger, M. Nyayapati, and I. Stepanovs. Ratcheted encryption and key exchange: The security of messaging. In J. Katz and H. Shacham, editors, Advances in Cryptology – CRYPTO 2017, Part III, volume 10403 of Lecture Notes in Computer Science, pages 619–650. Springer, Heidelberg, Aug. 2017. |
| [32] |
S. M. Bellovin. Frank Miller: Inventor of the one-time pad. Cryptologia, 35(3):203–222, 2011. |
| [33] |
C. H. Bennett, G. Brassard, and J.-M. Robert. Privacy amplification by public discussion. SIAM Journal on Computing, 17(2):210–229, 1988. |
| [34] |
D. J. Bernstein. The poly1305-AES message-authentication code. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption – FSE 2005, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer, Heidelberg, Feb. 2005. |
| [35] |
D. J. Bernstein. A short proof of the unpredictability of cipher block chaining, 2005. https://cr.yp.to/papers.html#easycbc. |
| [36] |
D. J. Bernstein. Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems., 2009. |
| [37] |
D. J. Bernstein and T. Lange. Faster addition and doubling on elliptic curves. In K. Kurosawa, editor, Advances in Cryptology – ASIACRYPT 2007, volume 4833 of Lecture Notes in Computer Science, pages 29–50. Springer, Heidelberg, Dec. 2007. |
| [38] |
G. Bertoni, J. Daemen, M. Peeters, and G. V. Aasche. Keccak sponge function family main document, 2010. https://keccak.team/sponge_duplex.html. |
| [39] |
G. Bertoni, J. Daemen, M. Peeters, and G. V. Aasche. Cryptographic sponge functions, 2011. https://keccak.team/sponge_duplex.html. |
| [40] |
K. Bhargavan, R. Barnes, and E. Rescorla. TreeKEM: asynchronous decentralized key management for large dynamic groups. IETF MLS Mailing List, 2018. |
| [41] |
A. Bienstock, J. Fairoze, S. Garg, P. Mukherjee, and S. Raghuraman. A more complete analysis of the Signal double ratchet algorithm. In Y. Dodis and T. Shrimpton, editors, Advances in Cryptology – CRYPTO 2022, Part I, volume 13507 of Lecture Notes in Computer Science, pages 784–813. Springer, Heidelberg, Aug. 2022. |
| [42] |
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. In M. J. Wiener, editor, Advances in Cryptology – CRYPTO'99, volume 1666 of Lecture Notes in Computer Science, pages 216–233. Springer, Heidelberg, Aug. 1999. |
| [43] |
J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The three-key constructions. In M. Bellare, editor, Advances in Cryptology – CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 197–215. Springer, Heidelberg, Aug. 2000. |
| [44] |
J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The three-key constructions. Journal of Cryptology, 18(2):111–131, Apr. 2005. |
| [45] |
J. Black, P. Rogaway, and T. Shrimpton. Black-box analysis of the block-cipher-based hash-function constructions from PGV. In M. Yung, editor, Advances in Cryptology – CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 320–335. Springer, Heidelberg, Aug. 2002. |
| [46] |
S. Blake-Wilson, D. Johnson, and A. Menezes. Key agreement protocols and their security analysis. In M. Darnell, editor, 6th IMA International Conference on Cryptography and Coding, volume 1355 of Lecture Notes in Computer Science, pages 30–45. Springer, Heidelberg, Dec. 1997. |
| [47] |
G. R. Blakley. Safeguarding cryptographic keys. Proceedings of AFIPS 1979 National Computer Conference, 48:313–317, 1979. |
| [48] |
D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In H. Krawczyk, editor, Advances in Cryptology – CRYPTO'98, volume 1462 of Lecture Notes in Computer Science, pages 1–12. Springer, Heidelberg, Aug. 1998. |
| [49] |
M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo random bits. In 23rd Annual Symposium on Foundations of Computer Science, pages 112–117. IEEE Computer Society Press, Nov. 1982. |
| [50] |
D. Boneh. Twenty years of attacks on the rsa cryptosystem. Notices of the AMS, 46(2):203–213, 1999. |
| [51] |
N. Borisov, I. Goldberg, and E. A. Brewer. Off-the-record communication, or, why not to use PGP. In V. Atluri, P. F. Syverson, and S. D. C. di Vimercati, editors, Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES 2004, Washington, DC, USA, October 28, 2004, pages 77–84. ACM, 2004. |
| [52] |
S. Brands. An efficient off-line electronic cash system based on the representation problem. CWI Technical Report, (R 9323), 1993. https://ir.cwi.nl/pub/5303. |
| [53] |
G. Brassard. On computationally secure authentication tags requiring short secret shared keys. In D. Chaum, R. L. Rivest, and A. T. Sherman, editors, Advances in Cryptology – CRYPTO'82, pages 79–86. Plenum Press, New York, USA, 1982. |
| [54] |
G. Brassard, P. Høyer, and A. Tapp. Quantum cryptanalysis of hash and claw-free functions. In C. L. Lucchesi and A. V. Moura, editors, LATIN 1998: Theoretical Informatics, 3rd Latin American Symposium, volume 1380 of Lecture Notes in Computer Science, pages 163–169. Springer, Heidelberg, Apr. 1998. |
| [55] |
D. M. Broline. Renumbering of the faces of dice. Mathematics Magazine, 52(5):312–315, 1979. |
| [56] |
C. Brzuska, A. Delignat-Lavaud, C. Fournet, K. Kohbrok, and M. Kohlweiss. State separation for code-based game-playing proofs. In T. Peyrin and S. Galbraith, editors, Advances in Cryptology – ASIACRYPT 2018, Part III, volume 11274 of Lecture Notes in Computer Science, pages 222–249. Springer, Heidelberg, Dec. 2018. |
| [57] |
J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In D. Boneh, editor, Advances in Cryptology – CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pages 126–144. Springer, Heidelberg, Aug. 2003. |
| [58] |
R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited (preliminary version). In 30th Annual ACM Symposium on Theory of Computing, pages 209–218. ACM Press, May 1998. |
| [59] |
R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In B. Pfitzmann, editor, Advances in Cryptology – EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 453–474. Springer, Heidelberg, May 2001. |
| [60] |
R. Canetti and H. Krawczyk. Universally composable notions of key exchange and secure channels. In L. R. Knudsen, editor, Advances in Cryptology – EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, pages 337–351. Springer, Heidelberg, Apr. / May 2002. |
| [61] |
B. Canvel, A. P. Hiltgen, S. Vaudenay, and M. Vuagnoux. Password interception in a SSL/TLS channel. In D. Boneh, editor, Advances in Cryptology – CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pages 583–599. Springer, Heidelberg, Aug. 2003. |
| [62] |
J.-C. Caraco, R. Géraud-Stewart, and D. Naccache. Kerckhoffs' legacy. Cryptology ePrint Archive, Report 2020/556, 2020. https://eprint.iacr.org/2020/556. |
| [63] |
J. L. Carter and M. N. Wegman. Universal classes of hash functions. In Proceedings of the ninth annual ACM symposium on Theory of computing, pages 106–112, 1977. |
| [64] |
D. Chaum and T. P. Pedersen. Wallet databases with observers. In E. F. Brickell, editor, Advances in Cryptology – CRYPTO'92, volume 740 of Lecture Notes in Computer Science, pages 89–105. Springer, Heidelberg, Aug. 1993. |
| [65] |
S. G. Choi, J. Herranz, D. Hofheinz, J. Y. Hwang, E. Kiltz, D. H. Lee, and M. Yung. The Kurosawa–Desmedt key encapsulation is not chosen-ciphertext secure. Information Processing Letters, 109(16):897–901, 2009. |
| [66] |
A. Cobham. The intrinsic computational difficulty of functions. Proc. 1964 International Congress for Logic Methodology and Philosophy of Science, pages 24–30, 1964. |
| [67] |
C. Cocks. A note on `non-secret encryption'. Communications-Electronic Security Group (CESG) Research Report, 1973. Available online at https://joyofcryptography.com/files/cocks73.pdf. |
| [68] |
K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila. A formal security analysis of the signal messaging protocol. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26-28, 2017, pages 451–466. IEEE, 2017. |
| [69] |
K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila. A formal security analysis of the Signal messaging protocol. Journal of Cryptology, 33(4):1914–1983, Oct. 2020. |
| [70] |
K. Cohn-Gordon, C. Cremers, L. Garratt, J. Millican, and K. Milner. On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In D. Lie, M. Mannan, M. Backes, and X. Wang, editors, ACM CCS 2018: 25th Conference on Computer and Communications Security, pages 1802–1819. ACM Press, Oct. 2018. |
| [71] |
K. Cohn-Gordon, C. J. F. Cremers, and L. Garratt. On post-compromise security. In M. Hicks and B. Köpf, editors, CSF 2016: IEEE 29th Computer Security Foundations Symposium, pages 164–178. IEEE Computer Society Press, 2016. |
| [72] |
J.-S. Coron. On the exact security of full domain hash. In M. Bellare, editor, Advances in Cryptology – CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 229–235. Springer, Heidelberg, Aug. 2000. |
| [73] |
J.-S. Coron. Optimal security proofs for PSS and other signature schemes. In L. R. Knudsen, editor, Advances in Cryptology – EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, pages 272–287. Springer, Heidelberg, Apr. / May 2002. |
| [74] |
R. Cramer. Modular design of secure yet practical cryptographic protocols. Ph. D.-thesis, CWI and Uni. of Amsterdam, 1996. |
| [75] |
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Y. Desmedt, editor, Advances in Cryptology – CRYPTO'94, volume 839 of Lecture Notes in Computer Science, pages 174–187. Springer, Heidelberg, Aug. 1994. |
| [76] |
R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 33(1):167–226, 2003. |
| [77] |
W. Dai. an attack against SSH2 protocol, 2002. Post to sci.crypt newsgroup and IETF SSH mailing list. http://www.weidai.com/ssh2-attack.txt. |
| [78] |
I. Damgård. Collision free hash functions and public key signature schemes. In D. Chaum and W. L. Price, editors, Advances in Cryptology – EUROCRYPT'87, volume 304 of Lecture Notes in Computer Science, pages 203–216. Springer, Heidelberg, Apr. 1988. |
| [79] |
I. Damgård. A design principle for hash functions. In G. Brassard, editor, Advances in Cryptology – CRYPTO'89, volume 435 of Lecture Notes in Computer Science, pages 416–427. Springer, Heidelberg, Aug. 1990. |
| [80] |
I. Damgård. On -protocols. Lecture Notes, University of Aarhus, Department for Computer Science, page 84, 2002. |
| [81] |
J. B. DeLong. Estimating world GDP, one million B.C. – present, 1998. http://www.j-bradford-delong.net/TCEH/1998_Draft/World_GDP/Estimating_World_GDP.html. |
| [82] |
B. den Boer. A simple and key-economical unconditional authentication scheme. J. Comput. Secur., 2(1):65–71, 1993. |
| [83] |
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976. |
| [84] |
W. Diffie and M. E. Hellman. Privacy and authentication: An introduction to cryptography. Proceedings of the IEEE, 67(3):397–427, 1979. |
| [85] |
W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2(2):107–125, June 1992. |
| [86] |
C. Dobraunig, M. Eichlseder, F. Mendel, and M. Schläffer. Ascon v1.2: Lightweight authenticated encryption and hashing. Journal of Cryptology, 34(3):33, July 2021. |
| [87] |
Y. Dodis, P. Grubbs, T. Ristenpart, and J. Woodage. Fast message franking: From invisible salamanders to encryptment. In H. Shacham and A. Boldyreva, editors, Advances in Cryptology – CRYPTO 2018, Part I, volume 10991 of Lecture Notes in Computer Science, pages 155–186. Springer, Heidelberg, Aug. 2018. |
| [88] |
B. Dowling, M. Fischlin, F. Günther, and D. Stebila. A cryptographic analysis of the TLS 1.3 handshake protocol. Journal of Cryptology, 34(4):37, Oct. 2021. |
| [89] |
O. Dunkelman, N. Keller, and A. Shamir. Minimalism in cryptography: The Even-Mansour scheme revisited. In D. Pointcheval and T. Johansson, editors, Advances in Cryptology – EUROCRYPT 2012, volume 7237 of Lecture Notes in Computer Science, pages 336–354. Springer, Heidelberg, Apr. 2012. |
| [90] |
T. Duong and J. Rizzo. Flickr’s API signature forgery vulnerability, 2009. Technical report. https://dl.packetstormsecurity.net/0909-advisories/flickr_api_signature_forgery.pdf. |
| [91] |
T. Duong and J. Rizzo. BEAST: surprising crypto attack against HTTPS, 2011. https://youtu.be/-BjpkHCeqU0. |
| [92] |
K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In 2012 IEEE Symposium on Security and Privacy, pages 332–346. IEEE Computer Society Press, May 2012. |
| [93] |
J. Edmonds. Paths, trees, and flowers. Canadian Journal of Mathematics, 17:449–467, 1965. |
| [94] |
H. M. Edwards. A normal form for elliptic curves. Bulletin of the American Mathematical Society, 44:393–422. |
| [95] |
W. F. Ehrsam, C. H. W. Meyer, J. L. Smith, and W. L. Tuchman. Message verification and transmission error detection by block chaining, 1976. U.S. Patent 4074066. |
| [96] |
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology – CRYPTO'84, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer, Heidelberg, Aug. 1984. |
| [97] |
J. H. Ellis. The possibility of non-secret digital encryption. Communications-Electronic Security Group (CESG) Research Report 3006, 1970. Available online at https://joyofcryptography.com/files/ellis70.pdf. |
| [98] |
S. Even and Y. Mansour. A construction of a cipher from a single pseudorandom permutation. In H. Imai, R. L. Rivest, and T. Matsumoto, editors, Advances in Cryptology – ASIACRYPT'91, volume 739 of Lecture Notes in Computer Science, pages 210–224. Springer, Heidelberg, Nov. 1993. |
| [99] |
U. Feige, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. In A. Aho, editor, 19th Annual ACM Symposium on Theory of Computing, pages 210–217. ACM Press, May 1987. |
| [100] |
H. Feistel. Block cipher cryptographic system, 1971. U.S. Patent 3798359A. |
| [101] |
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. M. Odlyzko, editor, Advances in Cryptology – CRYPTO'86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer, Heidelberg, Aug. 1987. |
| [102] |
M. Fischlin and A. Mittelbach. An overview of the hybrid argument. Cryptology ePrint Archive, Report 2021/088, 2021. https://eprint.iacr.org/2021/088. |
| [103] |
French Cybersecurity Agency, Federal Office for Information Security, Netherlands National Communications Security Agency, and Swedish National Communications Security Authority. Position paper on quantum key distribution, 2024. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Crypto/Quantum_Positionspapier.pdf. |
| [104] |
E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In M. J. Wiener, editor, Advances in Cryptology – CRYPTO'99, volume 1666 of Lecture Notes in Computer Science, pages 537–554. Springer, Heidelberg, Aug. 1999. |
| [105] |
M. Gardner. Mathematical games. Scientific American, 238(2):19–32, 1978. |
| [106] |
C. Garman, M. Green, G. Kaptchuk, I. Miers, and M. Rushanan. Dancing on the lip of the volcano: Chosen ciphertext attacks on apple iMessage. In T. Holz and S. Savage, editors, USENIX Security 2016: 25th USENIX Security Symposium, pages 655–672. USENIX Association, Aug. 2016. |
| [107] |
K. Gellert, T. Jager, L. Lyu, and T. Neuschulten. On fingerprinting attacks and length-hiding encryption. In S. D. Galbraith, editor, Topics in Cryptology – CT-RSA 2022, volume 13161 of Lecture Notes in Computer Science, pages 345–369. Springer, Heidelberg, Mar. 2022. |
| [108] |
Y. Geng, S. Li, and S. Zhou. Probabilistic RSA with homomorphism and its applications. Int. J. Netw. Secur., 21(6):1042–1053, 2019. |
| [109] |
C. Gentry, C. Peikert, and V. Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In R. E. Ladner and C. Dwork, editors, 40th Annual ACM Symposium on Theory of Computing, pages 197–206. ACM Press, May 2008. |
| [110] |
E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane. Codes which detect deception. The Bell System Technical Journal, 53(3):405–424, 1974. |
| [111] |
O. Goldreich. On post-modern cryptography, 2006. https://www.wisdom.weizmann.ac.il/ oded/on-pmc.html. |
| [112] |
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions (extended abstract). In 25th Annual Symposium on Foundations of Computer Science, pages 464–479. IEEE Computer Society Press, Oct. 1984. |
| [113] |
O. Goldreich, S. Goldwasser, and S. Micali. On the cryptographic applications of random functions. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology – CRYPTO'84, volume 196 of Lecture Notes in Computer Science, pages 276–288. Springer, Heidelberg, Aug. 1984. |
| [114] |
S. Goldwasser and Y. T. Kalai. On the (in)security of the Fiat-Shamir paradigm. In 44th Annual Symposium on Foundations of Computer Science, pages 102–115. IEEE Computer Society Press, Oct. 2003. |
| [115] |
S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, 1984. |
| [116] |
S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, Apr. 1988. |
| [117] |
L. K. Grover. A fast quantum mechanical algorithm for database search. In 28th Annual ACM Symposium on Theory of Computing, pages 212–219. ACM Press, May 1996. |
| [118] |
L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both trasmission and memory. In C. G. Günther, editor, Advances in Cryptology – EUROCRYPT'88, volume 330 of Lecture Notes in Computer Science, pages 123–128. Springer, Heidelberg, May 1988. |
| [119] |
C. G. Günther. An identity-based key-exchange protocol. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology – EUROCRYPT'89, volume 434 of Lecture Notes in Computer Science, pages 29–37. Springer, Heidelberg, Apr. 1990. |
| [120] |
D. Harnik, J. Kilian, M. Naor, O. Reingold, and A. Rosen. On robust combiners for oblivious transfer and other primitives. In R. Cramer, editor, Advances in Cryptology – EUROCRYPT 2005, volume 3494 of Lecture Notes in Computer Science, pages 96–113. Springer, Heidelberg, May 2005. |
| [121] |
A. Herzberg. On tolerant cryptographic constructions. In A. Menezes, editor, Topics in Cryptology – CT-RSA 2005, volume 3376 of Lecture Notes in Computer Science, pages 172–190. Springer, Heidelberg, Feb. 2005. |
| [122] |
D. Hofheinz, K. Hövelmanns, and E. Kiltz. A modular analysis of the Fujisaki-Okamoto transformation. In Y. Kalai and L. Reyzin, editors, TCC 2017: 15th Theory of Cryptography Conference, Part I, volume 10677 of Lecture Notes in Computer Science, pages 341–371. Springer, Heidelberg, Nov. 2017. |
| [123] |
D. Hofheinz, D. Unruh, and J. Müller-Quade. Polynomial runtime and composability. Journal of Cryptology, 26(3):375–441, July 2013. |
| [124] |
W. G. Horner. A new method of solving numerical equations of all orders, by continuous approximation. Philosophical Transactions of the Royal Society of London, 2(117):308–335, 1819. |
| [125] |
R. Impagliazzo and D. Zuckerman. How to recycle random bits. In 30th Annual Symposium on Foundations of Computer Science, pages 248–253. IEEE Computer Society Press, Oct. / Nov. 1989. |
| [126] |
T. Jager and J. Somorovsky. How to break XML encryption. In Y. Chen, G. Danezis, and V. Shmatikov, editors, ACM CCS 2011: 18th Conference on Computer and Communications Security, pages 413–422. ACM Press, Oct. 2011. |
| [127] |
D. Jost, U. Maurer, and M. Mularczyk. Efficient ratcheting: Almost-optimal guarantees for secure messaging. In Y. Ishai and V. Rijmen, editors, Advances in Cryptology – EUROCRYPT 2019, Part I, volume 11476 of Lecture Notes in Computer Science, pages 159–188. Springer, Heidelberg, May 2019. |
| [128] |
A. Joux. Multicollisions in iterated hash functions. Application to cascaded constructions. In M. Franklin, editor, Advances in Cryptology – CRYPTO 2004, volume 3152 of Lecture Notes in Computer Science, pages 306–316. Springer, Heidelberg, Aug. 2004. |
| [129] |
M. Just and S. Vaudenay. Authenticated multi-party key agreement. In K. Kim and T. Matsumoto, editors, Advances in Cryptology – ASIACRYPT'96, volume 1163 of Lecture Notes in Computer Science, pages 36–49. Springer, Heidelberg, Nov. 1996. |
| [130] |
J. Katz and M. Yung. Complete characterization of security notions for probabilistic private-key encryption. In 32nd Annual ACM Symposium on Theory of Computing, pages 245–254. ACM Press, May 2000. |
| [131] |
B. Keaton. The amazing story of the grandma and the longest craps roll in history, 2021. https://www.casino.org/blog/longest-craps-roll-in-history/. |
| [132] |
A. Kerckhoffs. La cryptographie militaire. Journal des sciences militaires, 9:5–38, January 1883. Online version available at https://www.petitcolas.net/kerckhoffs/index.html. |
| [133] |
J. Kilian and P. Rogaway. How to protect DES against exhaustive key search. In N. Koblitz, editor, Advances in Cryptology – CRYPTO'96, volume 1109 of Lecture Notes in Computer Science, pages 252–267. Springer, Heidelberg, Aug. 1996. |
| [134] |
N. Koblitz and A. Menezes. Another look at non-uniformity. Groups - Complexity - Cryptology, 5(2):117–139, 2013. |
| [135] |
N. Koblitz and A. J. Menezes. The random oracle model: A twenty-year retrospective. Designs, Codes and Cryptography, 77(2–3):587–610, 2015. |
| [136] |
K. Kohbrok. [MLS] improve FS granularity at a cost, 2019. IETF MLS mailing list. https://mailarchive.ietf.org/arch/msg/mls/WRdXVr8iUwibaQu0tH6sDnqU1no/. |
| [137] |
T. Kohno, J. Viega, and D. Whiting. CWC: A high-performance conventional authenticated encryption mode. In B. K. Roy and W. Meier, editors, Fast Software Encryption – FSE 2004, volume 3017 of Lecture Notes in Computer Science, pages 408–426. Springer, Heidelberg, Feb. 2004. |
| [138] |
H. Krawczyk. LFSR-based hashing and authentication. In Y. Desmedt, editor, Advances in Cryptology – CRYPTO'94, volume 839 of Lecture Notes in Computer Science, pages 129–139. Springer, Heidelberg, Aug. 1994. |
| [139] |
H. Krawczyk. Secret sharing made short. In D. R. Stinson, editor, Advances in Cryptology – CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 136–146. Springer, Heidelberg, Aug. 1994. |
| [140] |
H. Krawczyk. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In J. Kilian, editor, Advances in Cryptology – CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 310–331. Springer, Heidelberg, Aug. 2001. |
| [141] |
H. Krawczyk. SIGMA: The “SIGn-and-MAc” approach to authenticated Diffie-Hellman and its use in the IKE protocols. In D. Boneh, editor, Advances in Cryptology – CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pages 400–425. Springer, Heidelberg, Aug. 2003. |
| [142] |
H. Krawczyk. 8th BIU winter school on cryptography, 2018. Bar-Ilan University, videos obtained from https://www.youtube.com/playlist?list=PL8Vt-7cSFnw1rYVsVE7p0aNZc4wTmta3w. |
| [143] |
C. Kudla and K. G. Paterson. Modular security proofs for key agreement protocols. In B. K. Roy, editor, Advances in Cryptology – ASIACRYPT 2005, volume 3788 of Lecture Notes in Computer Science, pages 549–565. Springer, Heidelberg, Dec. 2005. |
| [144] |
K. Kurosawa and Y. Desmedt. A new paradigm of hybrid encryption scheme. In M. Franklin, editor, Advances in Cryptology – CRYPTO 2004, volume 3152 of Lecture Notes in Computer Science, pages 426–442. Springer, Heidelberg, Aug. 2004. |
| [145] |
B. A. LaMacchia, K. Lauter, and A. Mityagin. Stronger security of authenticated key exchange. In W. Susilo, J. K. Liu, and Y. Mu, editors, ProvSec 2007: 1st International Conference on Provable Security, volume 4784 of Lecture Notes in Computer Science, pages 1–16. Springer, Heidelberg, Nov. 2007. |
| [146] |
M. Li and P. M. B. Vitányi. An Introduction to Kolmogorov Complexity and Its Applications, 4th Edition. Texts in Computer Science. Springer, 2019. |
| [147] |
U. Libbrecht. Chinese mathematics in the thirteenth century, volume 1. Courier Corporation, 2005. |
| [148] |
R. Lindner and C. Peikert. Better key sizes (and attacks) for LWE-based encryption. In A. Kiayias, editor, Topics in Cryptology – CT-RSA 2011, volume 6558 of Lecture Notes in Computer Science, pages 319–339. Springer, Heidelberg, Feb. 2011. |
| [149] |
M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions (abstract). In H. C. Williams, editor, Advances in Cryptology – CRYPTO'85, volume 218 of Lecture Notes in Computer Science, page 447. Springer, Heidelberg, Aug. 1986. |
| [150] |
S. Lucks. Faster Luby-Rackoff ciphers. In D. Gollmann, editor, Fast Software Encryption – FSE'96, volume 1039 of Lecture Notes in Computer Science, pages 189–203. Springer, Heidelberg, Feb. 1996. |
| [151] |
V. Lyubashevsky, A. Palacio, and G. Segev. Public-key cryptographic primitives provably as secure as subset sum. In D. Micciancio, editor, TCC 2010: 7th Theory of Cryptography Conference, volume 5978 of Lecture Notes in Computer Science, pages 382–400. Springer, Heidelberg, Feb. 2010. |
| [152] |
M. Marlinspike. Advanced cryptographic ratcheting, 2013. https://signal.org/blog/advanced-ratcheting/. |
| [153] |
M. Marlinspike and T. Perrin. The X3DH key agreement protocol, 2016. https://signal.org/docs/specifications/x3dh/x3dh.pdf. |
| [154] |
T. Matsumoto, Y. Takashima, and H. Imai. IECE Transactions, E69(2):99–106, 1986. |
| [155] |
S. M. Matyas, C. H. Meyer, and J. Oseas. Generating strong one-way functions with cryptographic algorithm, 1985. |
| [156] |
U. Maurer. Zero-knowledge proofs of knowledge for group homomorphisms. Designs, Codes and Cryptography, 77:663–676, 2015. |
| [157] |
F. Maury, J.-R. Reinhard, O. Levillain, and H. Gilbert. Format oracles on OpenPGP. In K. Nyberg, editor, Topics in Cryptology – CT-RSA 2015, volume 9048 of Lecture Notes in Computer Science, pages 220–236. Springer, Heidelberg, Apr. 2015. |
| [158] |
D. McGrew and J. Viega. The galois/counter mode of operation (gcm). submission to NIST Modes of Operation Process, 20:0278–0070, 2004. |
| [159] |
R. C. Merkle. CS244 project proposal, 1974. http://www.ralphmerkle.com/1974/. |
| [160] |
R. C. Merkle. A certified digital signature. In G. Brassard, editor, Advances in Cryptology – CRYPTO'89, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer, Heidelberg, Aug. 1990. |
| [161] |
R. C. Merkle. One way hash functions and DES. In G. Brassard, editor, Advances in Cryptology – CRYPTO'89, volume 435 of Lecture Notes in Computer Science, pages 428–446. Springer, Heidelberg, Aug. 1990. |
| [162] |
D. Micciancio and M. Walter. On the bit security of cryptographic primitives. In J. B. Nielsen and V. Rijmen, editors, Advances in Cryptology – EUROCRYPT 2018, Part I, volume 10820 of Lecture Notes in Computer Science, pages 3–28. Springer, Heidelberg, Apr. / May 2018. |
| [163] |
Y. Mikami. The development of mathematics in China and Japan, volume 30. BG Teubner, 1913. |
| [164] |
C. J. Mitchell. Error oracle attacks on CBC mode: Is there a future for CBC mode encryption? In J. Zhou, J. Lopez, R. H. Deng, and F. Bao, editors, ISC 2005: 8th International Conference on Information Security, volume 3650 of Lecture Notes in Computer Science, pages 244–258. Springer, Heidelberg, Sept. 2005. |
| [165] |
S. Miyaguchi, K. Ohta, and M. Iwata. 128-bit hash function (N-hash). NTT review, 2(6):128–132, 1990. |
| [166] |
P. L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation, 48:243–264, 1987. |
| [167] |
R. Morris and K. Thompson. Password security: A case history. Commun. ACM, 22(11):594–597, nov 1979. |
| [168] |
C. Namprempre, P. Rogaway, and T. Shrimpton. Reconsidering generic composition. In P. Q. Nguyen and E. Oswald, editors, Advances in Cryptology – EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science, pages 257–274. Springer, Heidelberg, May 2014. |
| [169] |
M. Naor and O. Reingold. On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract). In 29th Annual ACM Symposium on Theory of Computing, pages 189–199. ACM Press, May 1997. |
| [170] |
M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In H. Ortiz, editor, 22nd Annual ACM Symposium on Theory of Computing, pages 427–437. ACM Press, May 1990. |
| [171] |
National Security Agency. National cryptologic museum opens new exhibit on Dr. John Nash, 2012. https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/1630570/national-cryptologic-museum-opens-new-exhibit-on-dr-john-nash/. Scans of Nash's handwritten letters are archived at https://joyofcryptography.com/files/nash.pdf. |
| [172] |
J. B. Nielsen. Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In M. Yung, editor, Advances in Cryptology – CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 111–126. Springer, Heidelberg, Aug. 2002. |
| [173] |
Y. Ohnishi. A study on data security. Master's thesis, Tohoku University, Japan, 1989. In Japanese. |
| [174] |
T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. In E. F. Brickell, editor, Advances in Cryptology – CRYPTO'92, volume 740 of Lecture Notes in Computer Science, pages 31–53. Springer, Heidelberg, Aug. 1993. |
| [175] |
E. Papadogiannaki and S. Ioannidis. A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Comput. Surv., 54(6):123:1–123:35, 2022. |
| [176] |
J. Patarin. Pseudorandom permutations based on the D.E.S. scheme. In ESORICS'90: 1st European Symposium on Research in Computer Security, Lecture Notes in Computer Science, pages 185–187. AFCET, Oct. 1990. |
| [177] |
K. G. Paterson, T. Ristenpart, and T. Shrimpton. Tag size does matter: Attacks and proofs for the TLS record protocol. In D. H. Lee and X. Wang, editors, Advances in Cryptology – ASIACRYPT 2011, volume 7073 of Lecture Notes in Computer Science, pages 372–389. Springer, Heidelberg, Dec. 2011. |
| [178] |
C. Peikert. Lattice cryptography for the internet. In M. Mosca, editor, Post-Quantum Cryptography - 6th International Workshop, PQCrypto 2014, pages 197–219. Springer, Heidelberg, Oct. 2014. |
| [179] |
C. Peikert. A decade of lattice cryptography. Foundations and Trends® in Theoretical Computer Science, 10(4):283–424, 2016. |
| [180] |
T. Perrin and M. Marlinspike. The double ratchet algorithm, 2016. https://www.signal.org/docs/specifications/doubleratchet/doubleratchet.pdf. |
| [181] |
E. Petrank and C. Rackoff. CBC MAC for real-time data sources. Journal of Cryptology, 13(3):315–338, June 2000. |
| [182] |
J. Pieprzyk. How to construct pseudorandom permutations from single pseudorandom functions. In I. Damgård, editor, Advances in Cryptology – EUROCRYPT'90, volume 473 of Lecture Notes in Computer Science, pages 140–150. Springer, Heidelberg, May 1991. |
| [183] |
D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. M. Maurer, editor, Advances in Cryptology – EUROCRYPT'96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer, Heidelberg, May 1996. |
| [184] |
B. Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven, Belgium, 1993. |
| [185] |
B. Preneel, R. Govaerts, and J. Vandewalle. Hash functions based on block ciphers: A synthetic approach. In D. R. Stinson, editor, Advances in Cryptology – CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 368–378. Springer, Heidelberg, Aug. 1994. |
| [186] |
M. O. Rabin. Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM, 36(2):335–348, apr 1989. |
| [187] |
C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Advances in Cryptology – CRYPTO'91, volume 576 of Lecture Notes in Computer Science, pages 433–444. Springer, Heidelberg, Aug. 1992. |
| [188] |
O. Regev. On lattices, learning with errors, random linear codes, and cryptography. In H. N. Gabow and R. Fagin, editors, 37th Annual ACM Symposium on Theory of Computing, pages 84–93. ACM Press, May 2005. |
| [189] |
R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the Association for Computing Machinery, 21(2):120–126, Feb. 1978. |
| [190] |
P. Rogaway. Authenticated-encryption with associated-data. In V. Atluri, editor, ACM CCS 2002: 9th Conference on Computer and Communications Security, pages 98–107. ACM Press, Nov. 2002. |
| [191] |
P. Rogaway. Nonce-based symmetric encryption. In B. K. Roy and W. Meier, editors, Fast Software Encryption – FSE 2004, volume 3017 of Lecture Notes in Computer Science, pages 348–359. Springer, Heidelberg, Feb. 2004. |
| [192] |
P. Rogaway. Formalizing human ignorance. In P. Q. Nguyen, editor, Progress in Cryptology - VIETCRYPT 06: 1st International Conference on Cryptology in Vietnam, volume 4341 of Lecture Notes in Computer Science, pages 211–228. Springer, Heidelberg, Sept. 2006. |
| [193] |
P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In M. K. Reiter and P. Samarati, editors, ACM CCS 2001: 8th Conference on Computer and Communications Security, pages 196–205. ACM Press, Nov. 2001. |
| [194] |
P. Rogaway and T. Shrimpton. Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In B. K. Roy and W. Meier, editors, Fast Software Encryption – FSE 2004, volume 3017 of Lecture Notes in Computer Science, pages 371–388. Springer, Heidelberg, Feb. 2004. |
| [195] |
P. Rogaway and T. Shrimpton. A provable-security treatment of the key-wrap problem. In S. Vaudenay, editor, Advances in Cryptology – EUROCRYPT 2006, volume 4004 of Lecture Notes in Computer Science, pages 373–390. Springer, Heidelberg, May / June 2006. |
| [196] |
P. Rogaway and Y. Zhang. Simplifying game-based definitions - indistinguishability up to correctness and its application to stateful AE. In H. Shacham and A. Boldyreva, editors, Advances in Cryptology – CRYPTO 2018, Part II, volume 10992 of Lecture Notes in Computer Science, pages 3–32. Springer, Heidelberg, Aug. 2018. |
| [197] |
R. A. Rueppel. On the security of Schnorr's pseudo random generator. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology – EUROCRYPT'89, volume 434 of Lecture Notes in Computer Science, pages 423–428. Springer, Heidelberg, Apr. 1990. |
| [198] |
C.-P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Advances in Cryptology – CRYPTO'89, volume 435 of Lecture Notes in Computer Science, pages 239–252. Springer, Heidelberg, Aug. 1990. |
| [199] |
R. Schuster, V. Shmatikov, and E. Tromer. Beauty and the burst: Remote identification of encrypted video streams. In E. Kirda and T. Ristenpart, editors, USENIX Security 2017: 26th USENIX Security Symposium, pages 1357–1374. USENIX Association, Aug. 2017. |
| [200] |
A. Shamir. How to share a secret. Communications of the Association for Computing Machinery, 22(11):612–613, Nov. 1979. |
| [201] |
C. E. Shannon. Communication theory of secrecy systems. Bell Systems Technical Journal, 28(4):656–715, 1949. |
| [202] |
P. W. Shor. Algorithms for quantum computation: Discrete logarithms and factoring. In 35th Annual Symposium on Foundations of Computer Science, pages 124–134. IEEE Computer Society Press, Nov. 1994. |
| [203] |
V. Shoup. Using hash functions as a hedge against chosen ciphertext attack. In B. Preneel, editor, Advances in Cryptology – EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 275–288. Springer, Heidelberg, May 2000. |
| [204] |
V. Shoup. OAEP reconsidered. In J. Kilian, editor, Advances in Cryptology – CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 239–259. Springer, Heidelberg, Aug. 2001. |
| [205] |
V. Shoup. A proposal for an ISO standard for public key encryption. Cryptology ePrint Archive, Report 2001/112, 2001. https://eprint.iacr.org/2001/112. |
| [206] |
V. Shoup. Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332, 2004. https://eprint.iacr.org/2004/332. |
| [207] |
T. Shrimpton. A characterization of authenticated-encryption as a form of chosen-ciphertext security. Cryptology ePrint Archive, Report 2004/272, 2004. https://eprint.iacr.org/2004/272. |
| [208] |
M. Sipser. Introduction to the theory of computation. PWS Publishing Company, 1997. |
| [209] |
R. Taylor. An integrity check value algorithm for stream ciphers. In D. R. Stinson, editor, Advances in Cryptology – CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 40–48. Springer, Heidelberg, Aug. 1994. |
| [210] |
W. Toomey. The Unix heritage society. https://www.tuhs.org/. |
| [211] |
Y. Tsiounis and M. Yung. On the security of ElGamal based encryption. In H. Imai and Y. Zheng, editors, PKC'98: 1st International Workshop on Theory and Practice in Public Key Cryptography, volume 1431 of Lecture Notes in Computer Science, pages 117–134. Springer, Heidelberg, Feb. 1998. |
| [212] |
G. Tsudik. Message authentication with one-way hash functions. SIGCOMM Comput. Commun. Rev., 22(5):29–38, oct 1992. |
| [213] |
F. Valsorda. The ECB penguin, 2013. https://words.filippo.io/the-ecb-penguin/. |
| [214] |
S. Vaudenay. Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS... In L. R. Knudsen, editor, Advances in Cryptology – EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, pages 534–546. Springer, Heidelberg, Apr. / May 2002. |
| [215] |
G. S. Vernam. Cipher printing telegraph systems: For secret wire and radio telegraphic communications. Journal of the American Institute of Electrical Engineers, 45(2):109–115, 1926. |
| [216] |
X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1. In V. Shoup, editor, Advances in Cryptology – CRYPTO 2005, volume 3621 of Lecture Notes in Computer Science, pages 17–36. Springer, Heidelberg, Aug. 2005. |
| [217] |
M. J. Wiener. Cryptanalysis of short RSA secret exponents (abstract). In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology – EUROCRYPT'89, volume 434 of Lecture Notes in Computer Science, page 372. Springer, Heidelberg, Apr. 1990. |
| [218] |
R. S. Winternitz. Producing a one-way hash function from DES. In D. Chaum, editor, Advances in Cryptology – CRYPTO'83, pages 203–207. Plenum Press, New York, USA, 1983. |
| [219] |
C. V. Wright, L. Ballard, S. E. Coull, F. Monrose, and G. M. Masson. Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations. In 2008 IEEE Symposium on Security and Privacy, pages 35–49. IEEE Computer Society Press, May 2008. |
| [220] |
A. C.-C. Yao. Theory and applications of trapdoor functions (extended abstract). In 23rd Annual Symposium on Foundations of Computer Science, pages 80–91. IEEE Computer Society Press, Nov. 1982. |
| [221] |
J. R. Yost. An interview with Martin Hellman, 2004. https://conservancy.umn.edu/bitstream/handle/11299/107353/oh375mh.pdf. |
| [222] |
Y. Zheng, T. Matsumoto, and H. Imai. Impossibility and optimality results on constructing pseudorandom permutations (extended abstract). In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology – EUROCRYPT'89, volume 434 of Lecture Notes in Computer Science, pages 412–422. Springer, Heidelberg, Apr. 1990. |