[doc/texmf] / mdw-crypto.bib

%%% mdw's bibliography

%%%--------------------------------------------------------------------------
%%% Initial hacking.

@preamble {
"
\ifx\url\undefined\let\url\texttt\fi
\ifx\msgid\undefined\let\msgid\texttt\fi
\let\mdwxxthebibliography\thebibliography
\def\thebibliography{\mdwxxbibhook\mdwxxthebibliography}
\def\mdwxxurl#1{[#1]}
\def\biburl#1{\let\biburlsep\empty\biburlxi#1;;\done}
\def\biburlxi#1;{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
  \biburlxii#1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi}
\def\biburlxii#1,{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
  \biburlsep\mdwxxurl{#1}\def\biburlsep{, }\let\biburlxafter\biburlxii
  \expandafter\biburlxmunch\fi}
\def\biburlxiii#1\done{}
\def\biburlxmunch{\futurelet\next\biburlxmunchi}
\def\biburlxmunchi{\expandafter\ifx\space\next\expandafter\biburlxmunchii
  \else\expandafter\biburlxafter\fi}
\expandafter\def\expandafter\biburlxmunchii\space{\biburlxmunch}
\def\mdwxxbibhook{\let\mdwxxurl\url\let\url\biburl}
"
}

%%%--------------------------------------------------------------------------
%%% The main bibliography.

@InProceedings{Abdalla:2001:DHIES,
  author =	 "Michel Abdalla and Mihir Bellare and Phillip Rogaway",
  title =	 "{DHIES}: An Encryption Scheme Based on the
                  {Diffie--Hellman} Problem",
  crossref =	 "Naccache:2001:TCC",
  year =	 2001,
  url =		 "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html"
}

@InProceedings{Bellare:1993:ROP,
  author =	 "Mihir Bellare and Phillip Rogaway",
  title =	 "Random oracles are practical",
  booktitle =	 "Proceedings of the First Annual Conference on Computer and
                  Communications Security",
  organization = "{ACM}",
  year =	 1993,
  url =		 "http://www-cse.ucsd.edu/users/mihir/papers/ro.html"
}

@InProceedings{Bellare:2004:EAX,
  title =	 "The {EAX} Mode of Operation",
  author =	 "Mihir Bellare and Phillip Rogaway and David Wagner",
  bibdate =	 "2004-07-29",
  bibsource =	 "DBLP,
                  http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04",
  booktitle =	 "FSE",
  booktitle =	 "Fast Software Encryption, 11th International Workshop,
                  {FSE} 2004, Delhi, India, February 5-7, 2004, Revised
                  Papers",
  publisher =	 "Springer",
  year =	 2004,
  volume =	 3017,
  editor =	 "Bimal K. Roy and Willi Meier",
  isbn =	 "3-540-22171-9",
  pages =	 "389--407",
  series =	 "Lecture Notes in Computer Science",
  url =		 "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps"
}

@InProceedings{Bellare:2006:STE,
  title =	 "The Security of Triple Encryption and a Framework for
                  Code-Based Game-Playing Proofs",
  author =	 "Mihir Bellare and Phillip Rogaway",
  bibdate =	 "2006-07-05",
  bibsource =	 "DBLP,
                  http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06",
  booktitle =	 "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual
                  International Conference on the Theory and Applications of
                  Cryptographic Techniques, St. Petersburg, Russia, May 28 -
                  June 1, 2006, Proceedings",
  publisher =	 "Springer",
  year =	 2006,
  volume =	 4004,
  editor =	 "Serge Vaudenay",
  isbn =	 "3-540-34546-9",
  pages =	 "409--426",
  series =	 "Lecture Notes in Computer Science",
  note =	 "Proceedings version of \cite{cryptoeprint:2004:331}"
}

@InProceedings{Brassard:1989:SZK,
  author =	 "Gilles Brassard and Claude Crepeau",
  title =	 "Sorting out Zero-Knowledge",
  booktitle =	 "Theory and Application of Cryptographic Techniques",
  pages =	 "181-191",
  year =	 1989,
  url =		 "http://citeseer.nj.nec.com/brassard90sorting.html"
}

@TechReport{Canetti:2001:UCS,
  author =	 "Ran Canetti",
  title =	 "Universally Composable Security: {A} New Paradigm for
                  Cryptographic Protocols",
  added-by =	 "sti",
  url =		 "http://eprint.iacr.org/2000/067",
  number =	 "2000/067",
  month =	 oct,
  abstract =	 "We propose a new paradigm for defining security of
                  cryptographic protocols, called {\sf universally composable
                  security.} The salient property of universally composable
                  definitions of security is that they guarantee security
                  even when a secure protocol is composed with an arbitrary
                  set of protocols, or more generally when the protocol is
                  used as a component of an arbitrary system. This is an
                  essential property for maintaining security of
                  cryptographic protocols in complex and unpredictable
                  environments such as the Internet. In particular,
                  universally composable definitions guarantee security even
                  when an unbounded number of protocol instances are executed
                  concurrently in an adversarially controlled manner, they
                  guarantee non-malleability with respect to arbitrary
                  protocols, and more. We show how to formulate universally
                  composable definitions of security for practically any
                  cryptographic task. Furthermore, we demonstrate that
                  practically any such definition can be realized using known
                  general techniques, as long as only a minority of the
                  participants are corrupted. We then proceed to formulate
                  universally composable definitions of a wide array of
                  cryptographic tasks, including authenticated and secure
                  communication, key-exchange, public-key encryption,
                  signature, commitment, oblivious transfer, zero-knowledge,
                  and more. We also make initial steps towards studying the
                  realizability of the proposed definitions in other natural
                  settings.",
  keywords =	 "foundations / cryptographic protocols, security analysis of
                  protocols, concurrent composition",
  type =	 "Report",
  annote =	 "Revised version of \cite{Canetti:2000:SCM}.",
  year =	 2001,
  institution =	 "Cryptology {ePrint} Archive",
  added-at =	 "Wed Oct 17 16:02:37 2001",
  note =	 "Extended Abstract appeared in proceedings of the 42nd
                  Symposium on Foundations of Computer Science (FOCS), 2001"
}

@Proceedings{DBLP:conf/fse/2001,
  editor =	 "Mitsuru Matsui",
  title =	 "Fast Software Encryption, 8th International Workshop, FSE
                  2001 Yokohama, Japan, April 2-4, 2001, Revised Papers",
  booktitle =	 "FSE",
  publisher =	 "Springer",
  series =	 "Lecture Notes in Computer Science",
  volume =	 2355,
  year =	 2002,
  isbn =	 "3-540-43869-6",
  bibsource =	 "DBLP, http://dblp.uni-trier.de"
}

@PhdThesis{Daemen:1995:CHF,
  author =	 "Joan Daemen",
  title =	 "Cipher and hash function design strategies based on linear
                  and differential cryptanalysis",
  year =	 1995,
  school =	 "K. U. Leuven"
}

@Misc{Fisher:2000:Storin-collide,
  author =	 "Matthew Fisher",
  title =	 "Re: Yet another block cipher: {Storin}",
  howpublished = "Usenet article in {\texttt{sci.crypt}}",
  year =	 2000,
  note =	 "Message-id {\msgid{<8gjctn\$9ct\$1@nnrp1.deja.com>}}"
}

@TechReport{Frier:1996:SSL,
  author =	 "A. Frier and P. Karlton and P. Kocher",
  title =	 "The {SSL 3.0} Protocol",
  institution =	 "Netscape Communications Corp.",
  month =	 nov,
  year =	 1996,
  url =		 "http://home.netscape.com/eng/ssl3/ssl-toc.html"
}

@Misc{Goldwasser:1999:LNC,
  author =	 "David A. McGrew and John Viega",
  title =	 "Lecture Notes on Cryptography",
  howpublished = "Summer Course ``Cryptography and Computer Security'' at
                  MIT, 1996--1999",
  year =	 1999,
  url =		 "http://citeseer.nj.nec.com/goldwasser96lecture.html"
}

@Manual{IEEE:2000:1363,
  author =	 "{IEEE}",
  title =	 "IEEE 1363-2000: Standard Specifications for Public Key
                  Cryptography",
  year =	 2000,
  isbn =	 "0-7381-1956-3",
  abstract =	 "This standard specifies common public-key cryptographic
                  techniques, including mathematical primitives for secret
                  value (key) derivation, public-key encryption, and digital
                  signatures, and cryptographic schemes based on those
                  primitives. It also specifies related cryptographic
                  parameters, public keys and private keys. The purpose of
                  this standard is to provide a reference for specifications
                  of a variety of techniques from which applications may
                  select.",
  organization = "Microprocessor Standards Committee of the IEEE Computer
                  Society, USA"
}

@PhdThesis{IWJ:1997:WGT,
  author =	 "Ian Jackson",
  title =	 "Who goes there?  Location confidentiality through
                  anonymity",
  year =	 1997,
  school =	 "Cambridge University Computer Laboratory",
  pages =	 "vi + 97",
  url =		 "http://www.chiark.greenend.org.uk/~ijackson/thesis/"
}

@Misc{Kohno:2003:CWC,
  author =	 "Tadayoshi Kohno and John Viega and Doug Whiting",
  title =	 "The CWC Authenticated Encryption (Associated Data) Mode",
  howpublished = "Cryptology ePrint Archive, Report 2003/106",
  year =	 2003,
  url =		 "http://eprint.iacr.org/2003/106"
}

@InProceedings{McGrew:2004:SPG,
  title =	 "The Security and Performance of the Galois/Counter Mode
                  ({GCM}) of Operation",
  author =	 "David A. McGrew and John Viega",
  bibdate =	 "2004-12-13",
  bibsource =	 "DBLP,
                  http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04",
  booktitle =	 "INDOCRYPT",
  booktitle =	 "Progress in Cryptology - {INDOCRYPT} 2004, 5th
                  International Conference on Cryptology in India, Chennai,
                  India, December 20-22, 2004, Proceedings",
  publisher =	 "Springer",
  year =	 2004,
  volume =	 3348,
  editor =	 "Anne Canteaut and Kapalee Viswanathan",
  isbn =	 "3-540-24130-2",
  pages =	 "343--355",
  series =	 "Lecture Notes in Computer Science",
  url =		 "http://eprint.iacr.org/2004/193"
}

@Misc{Menezes:2005:IPB,
  author =	 "Alfred Menezes",
  title =	 "An Introduction to Pairing-Based Cryptography",
  url =
                  "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf",
  note =	 "Notes from lectures given in Santander, Spain",
  year =	 2005
}

@InProceedings{Rogaway:2001:OCB,
  author =	 "Phillip Rogaway and Mihir Bellare and John Black and Ted
                  Krovetz",
  title =	 "{OCB}: a block-cipher mode of operation for efficient
                  authenticated encryption",
  booktitle =	 "{ACM} Conference on Computer and Communications Security",
  pages =	 "196-205",
  year =	 2001,
  url =		 "http://www.cs.ucdavis.edu/~rogaway/ocb/"
}

@InProceedings{Rogaway:2002:AEA,
  author =	 "Phillip Rogaway",
  title =	 "Authenticated-encryption with associated-data",
  added-by =	 "msteiner",
  url =		 "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html",
  pages =	 "98--107",
  added-at =	 "Sun Nov 16 12:50:24 2003",
  abstract =	 "When a message is transformed into a ciphertext in a way
                  designed to protect both its privacy and authenticity,
                  there may be additional information, such as a packet
                  header, that travels alongside the ciphertext (at least
                  conceptually) and must get authenticated with it. We
                  formalize and investigate this authenticated-encryption
                  with associated-data (AEAD) problem. Though the problem has
                  long been addressed in cryptographic practice, it was never
                  provided a definition or even a name. We do this, and go on
                  to look at efficient solutions for AEAD, both in general
                  and for the authenticated-encryption scheme OCB. For the
                  general setting we study two simple ways to turn an
                  authenticated-encryption scheme that does not support
                  associated-data into one that does: nonce stealing and
                  ciphertext translation. For the case of OCB we construct an
                  AEAD-scheme by combining OCB and the pseudorandom function
                  PMAC, using the same key for both algorithms. We prove
                  that, despite ``interaction'' between the two schemes when
                  using a common key, the combination is sound. We also
                  consider achieving AEAD by the generic composition of a
                  nonce-based, privacy-only encryption scheme and a
                  pseudorandom function.",
  booktitle =	 "Proceedings of the 9th {ACM} Conference on Computer and
                  Communications Security",
  year =	 2002,
  editor =	 "Ravi Sandhu",
  month =	 nov,
  publisher =	 "ACM Press",
  address =	 "Washington, DC, USA"
}

@Misc{SEC1,
  author =	 "{Certicom Research}",
  title =	 "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic
                  curve cryptography, Version 1.0",
  year =	 2000,
  url =		 "http://www.secg.org/download/aid-385/sec1_final.pdf"
}

@Unpublished{Shoup:2001:PIS,
  author =	 "Victor Shoup",
  title =	 "Proposal for an {ISO} Standard for Public Key Encryption
                  (Version 2.0)",
  year =	 2001,
  note =	 "Unpublished manuscript",
  url =		 "http://www.shoup.net/papers/"
}

@TechReport{Silverman:2000:CBA,
  author =	 "Robert Silverman",
  title =	 "A Cost-Based Security Analysis of Symmetric and Asymmetric
                  Key Lengths",
  institution =	 "RSA Laboratories",
  number =	 13,
  month =	 "April",
  year =	 2000,
  url =		 "http://www.rsa.com/rsalabs/node.asp?id=2088"
}

@InProceedings{Wagner:2000:PSU,
  author =	 "David Wagner and Ian Goldberg",
  title =	 "Proofs of Security for the {Unix} Password Hashing
                  Algorithm",
  crossref =	 "Okamoto:2000:ACA",
  pages =	 "560--572",
  url =		 "http://www.cs.berkeley.edu/~daw/papers/"
}

@Book{Washington:2003:EC,
  author =	 "Lawrence C. Washington",
  title =	 "Elliptic Curves: Number Theory and Cryptography",
  isbn =	 "1-584-88365-0",
  publisher =	 "CRC Press",
  year =	 2003,
  pages =	 428
}

@TechReport {Wooding:2000:Storin,
  author =	 "Mark Wooding",
  title =	 "{Storin}: A block cipher for digitial signal processors",
  institution =	 "Straylight/Edgeware",
  year =	 2000,
  url =		 "http://www.excessus.demon.co.uk/crypto/storin.ps.gz",
  abstract =	 "We present Storin: a new 96-bit block cipher designed to
                  play to the strengths of current digital signal processors
                  (DSPs).  In particular, DSPs tend to provide single-cycle
                  multiply-and-accumulate operations, making matrix
                  multiplications very cheap.  Working in an environment
                  where multiplication is as fast as exclusive-or changes the
                  usual perceptions about which operations provide good
                  cryptographic strength cheaply.  The scarcity of available
                  memory, for code and for tables, and a penalty for
                  nonsequential access to data also make traditional block
                  ciphers based around substitution tables unsuitable."
}

@Misc{Wooding:2000:Storin-diff,
  author =	 "Mark Wooding",
  title =	 "Re: Yet another block cipher: {Storin}",
  howpublished = "Usenet article in \texttt{sci.crypt}",
  year =	 2000,
  note =	 "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}"
}

@Misc{Wooding:2003:NPO,
  author =	 "Mark Wooding",
  title =	 "New proofs for old modes",
  howpublished = "Unpublished work in progress",
  year =	 2003
}

@Misc{Ylonen:2001:STL,
  author =	 "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and
                  S. Lehtinen",
  title =	 "{SSH} Transport Layer Protocol",
  month =	 jan,
  year =	 2001,
  howpublished = "Internet Draft",
  url =
                  "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt"
}

%%%--------------------------------------------------------------------------
\f
%%% Local variables:
%%% mode: bibtex
%%% bibtex-maintain-sorted-entries: t
%%% End:
Commit	Line	Data
3c0f06a3 MW	1	%%% mdw's bibliography
	2
	3	%%%--------------------------------------------------------------------------
	4	%%% Initial hacking.
38e062db MW	5
	6	@preamble {
	7	"
	8	\ifx\url\undefined\let\url\texttt\fi
	9	\ifx\msgid\undefined\let\msgid\texttt\fi
3c0f06a3 MW	10	\let\mdwxxthebibliography\thebibliography
	11	\def\thebibliography{\mdwxxbibhook\mdwxxthebibliography}
	12	\def\mdwxxurl#1{[#1]}
	13	\def\biburl#1{\let\biburlsep\empty\biburlxi#1;;\done}
	14	\def\biburlxi#1;{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
	15	\biburlxii#1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi}
	16	\def\biburlxii#1,{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
	17	\biburlsep\mdwxxurl{#1}\def\biburlsep{, }\let\biburlxafter\biburlxii
	18	\expandafter\biburlxmunch\fi}
	19	\def\biburlxiii#1\done{}
	20	\def\biburlxmunch{\futurelet\next\biburlxmunchi}
	21	\def\biburlxmunchi{\expandafter\ifx\space\next\expandafter\biburlxmunchii
	22	\else\expandafter\biburlxafter\fi}
	23	\expandafter\def\expandafter\biburlxmunchii\space{\biburlxmunch}
	24	\def\mdwxxbibhook{\let\mdwxxurl\url\let\url\biburl}
38e062db MW	25	"
	26	}
	27
3c0f06a3 MW	28	%%%--------------------------------------------------------------------------
3c0f06a3 MW	29	%%% The main bibliography.
38e062db	30
3c0f06a3 MW	31	@InProceedings{Abdalla:2001:DHIES,
	32	author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway",
	33	title = "{DHIES}: An Encryption Scheme Based on the
	34	{Diffie--Hellman} Problem",
	35	crossref = "Naccache:2001:TCC",
	36	year = 2001,
	37	url = "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html"
38e062db MW	38	}
38e062db MW	39
3c0f06a3 MW	40	@InProceedings{Bellare:1993:ROP,
	41	author = "Mihir Bellare and Phillip Rogaway",
	42	title = "Random oracles are practical",
	43	booktitle = "Proceedings of the First Annual Conference on Computer and
38e062db MW	44	Communications Security",
38e062db MW	45	organization = "{ACM}",
3c0f06a3 MW	46	year = 1993,
3c0f06a3 MW	47	url = "http://www-cse.ucsd.edu/users/mihir/papers/ro.html"
b675c096 MW	48	}
	49
	50	@InProceedings{Bellare:2004:EAX,
3c0f06a3 MW	51	title = "The {EAX} Mode of Operation",
	52	author = "Mihir Bellare and Phillip Rogaway and David Wagner",
	53	bibdate = "2004-07-29",
	54	bibsource = "DBLP,
	55	http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04",
	56	booktitle = "FSE",
	57	booktitle = "Fast Software Encryption, 11th International Workshop,
	58	{FSE} 2004, Delhi, India, February 5-7, 2004, Revised
	59	Papers",
	60	publisher = "Springer",
	61	year = 2004,
	62	volume = 3017,
	63	editor = "Bimal K. Roy and Willi Meier",
	64	isbn = "3-540-22171-9",
	65	pages = "389--407",
	66	series = "Lecture Notes in Computer Science",
	67	url = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps"
b675c096 MW	68	}
	69
	70	@InProceedings{Bellare:2006:STE,
3c0f06a3 MW	71	title = "The Security of Triple Encryption and a Framework for
	72	Code-Based Game-Playing Proofs",
	73	author = "Mihir Bellare and Phillip Rogaway",
	74	bibdate = "2006-07-05",
	75	bibsource = "DBLP,
	76	http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06",
	77	booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual
	78	International Conference on the Theory and Applications of
	79	Cryptographic Techniques, St. Petersburg, Russia, May 28 -
	80	June 1, 2006, Proceedings",
	81	publisher = "Springer",
	82	year = 2006,
	83	volume = 4004,
	84	editor = "Serge Vaudenay",
	85	isbn = "3-540-34546-9",
	86	pages = "409--426",
	87	series = "Lecture Notes in Computer Science",
	88	note = "Proceedings version of \cite{cryptoeprint:2004:331}"
	89	}
	90
	91	@InProceedings{Brassard:1989:SZK,
	92	author = "Gilles Brassard and Claude Crepeau",
	93	title = "Sorting out Zero-Knowledge",
	94	booktitle = "Theory and Application of Cryptographic Techniques",
	95	pages = "181-191",
	96	year = 1989,
	97	url = "http://citeseer.nj.nec.com/brassard90sorting.html"
b675c096 MW	98	}
b675c096 MW	99
3c0f06a3 MW	100	@TechReport{Canetti:2001:UCS,
	101	author = "Ran Canetti",
	102	title = "Universally Composable Security: {A} New Paradigm for
	103	Cryptographic Protocols",
	104	added-by = "sti",
	105	url = "http://eprint.iacr.org/2000/067",
	106	number = "2000/067",
	107	month = oct,
	108	abstract = "We propose a new paradigm for defining security of
	109	cryptographic protocols, called {\sf universally composable
	110	security.} The salient property of universally composable
	111	definitions of security is that they guarantee security
	112	even when a secure protocol is composed with an arbitrary
	113	set of protocols, or more generally when the protocol is
	114	used as a component of an arbitrary system. This is an
	115	essential property for maintaining security of
	116	cryptographic protocols in complex and unpredictable
	117	environments such as the Internet. In particular,
	118	universally composable definitions guarantee security even
	119	when an unbounded number of protocol instances are executed
	120	concurrently in an adversarially controlled manner, they
	121	guarantee non-malleability with respect to arbitrary
	122	protocols, and more. We show how to formulate universally
	123	composable definitions of security for practically any
	124	cryptographic task. Furthermore, we demonstrate that
	125	practically any such definition can be realized using known
	126	general techniques, as long as only a minority of the
	127	participants are corrupted. We then proceed to formulate
	128	universally composable definitions of a wide array of
	129	cryptographic tasks, including authenticated and secure
	130	communication, key-exchange, public-key encryption,
	131	signature, commitment, oblivious transfer, zero-knowledge,
	132	and more. We also make initial steps towards studying the
	133	realizability of the proposed definitions in other natural
	134	settings.",
	135	keywords = "foundations / cryptographic protocols, security analysis of
	136	protocols, concurrent composition",
	137	type = "Report",
	138	annote = "Revised version of \cite{Canetti:2000:SCM}.",
	139	year = 2001,
	140	institution = "Cryptology {ePrint} Archive",
	141	added-at = "Wed Oct 17 16:02:37 2001",
	142	note = "Extended Abstract appeared in proceedings of the 42nd
	143	Symposium on Foundations of Computer Science (FOCS), 2001"
	144	}
	145
	146	@Proceedings{DBLP:conf/fse/2001,
	147	editor = "Mitsuru Matsui",
	148	title = "Fast Software Encryption, 8th International Workshop, FSE
	149	2001 Yokohama, Japan, April 2-4, 2001, Revised Papers",
	150	booktitle = "FSE",
	151	publisher = "Springer",
	152	series = "Lecture Notes in Computer Science",
	153	volume = 2355,
	154	year = 2002,
	155	isbn = "3-540-43869-6",
	156	bibsource = "DBLP, http://dblp.uni-trier.de"
	157	}
	158
	159	@PhdThesis{Daemen:1995:CHF,
	160	author = "Joan Daemen",
	161	title = "Cipher and hash function design strategies based on linear
	162	and differential cryptanalysis",
	163	year = 1995,
164	school = "K. U. Leuven"
165	}
166
167	@Misc{Fisher:2000:Storin-collide,
168	author = "Matthew Fisher",
169	title = "Re: Yet another block cipher: {Storin}",
170	howpublished = "Usenet article in {\texttt{sci.crypt}}",
171	year = 2000,
172	note = "Message-id {\msgid{<8gjctn\$9ct\$1@nnrp1.deja.com>}}"
173	}
174
175	@TechReport{Frier:1996:SSL,
176	author = "A. Frier and P. Karlton and P. Kocher",
177	title = "The {SSL 3.0} Protocol",
178	institution = "Netscape Communications Corp.",
179	month = nov,
180	year = 1996,
181	url = "http://home.netscape.com/eng/ssl3/ssl-toc.html"
182	}
183
184	@Misc{Goldwasser:1999:LNC,
185	author = "David A. McGrew and John Viega",
186	title = "Lecture Notes on Cryptography",
187	howpublished = "Summer Course ``Cryptography and Computer Security'' at
188	MIT, 1996--1999",
189	year = 1999,
190	url = "http://citeseer.nj.nec.com/goldwasser96lecture.html"
191	}
192
193	@Manual{IEEE:2000:1363,
194	author = "{IEEE}",
195	title = "IEEE 1363-2000: Standard Specifications for Public Key
196	Cryptography",
197	year = 2000,
198	isbn = "0-7381-1956-3",
199	abstract = "This standard specifies common public-key cryptographic
200	techniques, including mathematical primitives for secret
201	value (key) derivation, public-key encryption, and digital
202	signatures, and cryptographic schemes based on those
203	primitives. It also specifies related cryptographic
204	parameters, public keys and private keys. The purpose of
205	this standard is to provide a reference for specifications
206	of a variety of techniques from which applications may
207	select.",
208	organization = "Microprocessor Standards Committee of the IEEE Computer
209	Society, USA"
b675c096 MW	210	}
b675c096 MW	211
3c0f06a3 MW	212	@PhdThesis{IWJ:1997:WGT,
	213	author = "Ian Jackson",
	214	title = "Who goes there? Location confidentiality through
	215	anonymity",
	216	year = 1997,
	217	school = "Cambridge University Computer Laboratory",
	218	pages = "vi + 97",
	219	url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/"
b675c096 MW	220	}
b675c096 MW	221
3c0f06a3 MW	222	@Misc{Kohno:2003:CWC,
	223	author = "Tadayoshi Kohno and John Viega and Doug Whiting",
	224	title = "The CWC Authenticated Encryption (Associated Data) Mode",
	225	howpublished = "Cryptology ePrint Archive, Report 2003/106",
	226	year = 2003,
	227	url = "http://eprint.iacr.org/2003/106"
b675c096 MW	228	}
b675c096 MW	229
3c0f06a3 MW	230	@InProceedings{McGrew:2004:SPG,
	231	title = "The Security and Performance of the Galois/Counter Mode
	232	({GCM}) of Operation",
	233	author = "David A. McGrew and John Viega",
	234	bibdate = "2004-12-13",
	235	bibsource = "DBLP,
	236	http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04",
	237	booktitle = "INDOCRYPT",
	238	booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th
	239	International Conference on Cryptology in India, Chennai,
	240	India, December 20-22, 2004, Proceedings",
	241	publisher = "Springer",
	242	year = 2004,
	243	volume = 3348,
	244	editor = "Anne Canteaut and Kapalee Viswanathan",
	245	isbn = "3-540-24130-2",
	246	pages = "343--355",
	247	series = "Lecture Notes in Computer Science",
	248	url = "http://eprint.iacr.org/2004/193"
	249	}
	250
	251	@Misc{Menezes:2005:IPB,
	252	author = "Alfred Menezes",
	253	title = "An Introduction to Pairing-Based Cryptography",
	254	url =
	255	"http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf",
	256	note = "Notes from lectures given in Santander, Spain",
	257	year = 2005
	258	}
	259
	260	@InProceedings{Rogaway:2001:OCB,
	261	author = "Phillip Rogaway and Mihir Bellare and John Black and Ted
	262	Krovetz",
	263	title = "{OCB}: a block-cipher mode of operation for efficient
	264	authenticated encryption",
	265	booktitle = "{ACM} Conference on Computer and Communications Security",
	266	pages = "196-205",
	267	year = 2001,
	268	url = "http://www.cs.ucdavis.edu/~rogaway/ocb/"
b675c096 MW	269	}
b675c096 MW	270
3c0f06a3 MW	271	@InProceedings{Rogaway:2002:AEA,
	272	author = "Phillip Rogaway",
	273	title = "Authenticated-encryption with associated-data",
	274	added-by = "msteiner",
	275	url = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html",
	276	pages = "98--107",
	277	added-at = "Sun Nov 16 12:50:24 2003",
	278	abstract = "When a message is transformed into a ciphertext in a way
	279	designed to protect both its privacy and authenticity,
	280	there may be additional information, such as a packet
	281	header, that travels alongside the ciphertext (at least
	282	conceptually) and must get authenticated with it. We
	283	formalize and investigate this authenticated-encryption
	284	with associated-data (AEAD) problem. Though the problem has
	285	long been addressed in cryptographic practice, it was never
	286	provided a definition or even a name. We do this, and go on
	287	to look at efficient solutions for AEAD, both in general
	288	and for the authenticated-encryption scheme OCB. For the
	289	general setting we study two simple ways to turn an
	290	authenticated-encryption scheme that does not support
	291	associated-data into one that does: nonce stealing and
	292	ciphertext translation. For the case of OCB we construct an
	293	AEAD-scheme by combining OCB and the pseudorandom function
	294	PMAC, using the same key for both algorithms. We prove
	295	that, despite ``interaction'' between the two schemes when
	296	using a common key, the combination is sound. We also
	297	consider achieving AEAD by the generic composition of a
	298	nonce-based, privacy-only encryption scheme and a
	299	pseudorandom function.",
	300	booktitle = "Proceedings of the 9th {ACM} Conference on Computer and
	301	Communications Security",
	302	year = 2002,
	303	editor = "Ravi Sandhu",
	304	month = nov,
	305	publisher = "ACM Press",
	306	address = "Washington, DC, USA"
	307	}
	308
	309	@Misc{SEC1,
	310	author = "{Certicom Research}",
	311	title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic
	312	curve cryptography, Version 1.0",
	313	year = 2000,
	314	url = "http://www.secg.org/download/aid-385/sec1_final.pdf"
	315	}
	316
	317	@Unpublished{Shoup:2001:PIS,
	318	author = "Victor Shoup",
	319	title = "Proposal for an {ISO} Standard for Public Key Encryption
	320	(Version 2.0)",
	321	year = 2001,
	322	note = "Unpublished manuscript",
	323	url = "http://www.shoup.net/papers/"
	324	}
	325
	326	@TechReport{Silverman:2000:CBA,
	327	author = "Robert Silverman",
	328	title = "A Cost-Based Security Analysis of Symmetric and Asymmetric
	329	Key Lengths",
	330	institution = "RSA Laboratories",
	331	number = 13,
	332	month = "April",
	333	year = 2000,
	334	url = "http://www.rsa.com/rsalabs/node.asp?id=2088"
335	}
336
337	@InProceedings{Wagner:2000:PSU,
338	author = "David Wagner and Ian Goldberg",
339	title = "Proofs of Security for the {Unix} Password Hashing
340	Algorithm",
341	crossref = "Okamoto:2000:ACA",
342	pages = "560--572",
343	url = "http://www.cs.berkeley.edu/~daw/papers/"
344	}
345
346	@Book{Washington:2003:EC,
347	author = "Lawrence C. Washington",
348	title = "Elliptic Curves: Number Theory and Cryptography",
349	isbn = "1-584-88365-0",
350	publisher = "CRC Press",
351	year = 2003,
352	pages = 428
353	}
354
355	@TechReport {Wooding:2000:Storin,
356	author = "Mark Wooding",
357	title = "{Storin}: A block cipher for digitial signal processors",
358	institution = "Straylight/Edgeware",
359	year = 2000,
360	url = "http://www.excessus.demon.co.uk/crypto/storin.ps.gz",
361	abstract = "We present Storin: a new 96-bit block cipher designed to
362	play to the strengths of current digital signal processors
363	(DSPs). In particular, DSPs tend to provide single-cycle
364	multiply-and-accumulate operations, making matrix
365	multiplications very cheap. Working in an environment
366	where multiplication is as fast as exclusive-or changes the
367	usual perceptions about which operations provide good
368	cryptographic strength cheaply. The scarcity of available
369	memory, for code and for tables, and a penalty for
370	nonsequential access to data also make traditional block
371	ciphers based around substitution tables unsuitable."
372	}
373
374	@Misc{Wooding:2000:Storin-diff,
375	author = "Mark Wooding",
376	title = "Re: Yet another block cipher: {Storin}",
377	howpublished = "Usenet article in \texttt{sci.crypt}",
378	year = 2000,
379	note = "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}"
b675c096 MW	380	}
b675c096 MW	381
3c0f06a3 MW	382	@Misc{Wooding:2003:NPO,
	383	author = "Mark Wooding",
	384	title = "New proofs for old modes",
	385	howpublished = "Unpublished work in progress",
	386	year = 2003
b675c096 MW	387	}
b675c096 MW	388
3c0f06a3 MW	389	@Misc{Ylonen:2001:STL,
	390	author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and
	391	S. Lehtinen",
	392	title = "{SSH} Transport Layer Protocol",
	393	month = jan,
	394	year = 2001,
	395	howpublished = "Internet Draft",
	396	url =
	397	"http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt"
38e062db MW	398	}
38e062db MW	399
3c0f06a3 MW	400	%%%--------------------------------------------------------------------------
	401	\f
	402	%%% Local variables:
	403	%%% mode: bibtex
	404	%%% bibtex-maintain-sorted-entries: t
	405	%%% End: