Commit | Line | Data |
---|---|---|
38e062db MW |
1 | |
2 | @preamble { | |
3 | " | |
4 | \ifx\url\undefined\let\url\texttt\fi | |
5 | \ifx\msgid\undefined\let\msgid\texttt\fi | |
6 | " | |
7 | } | |
8 | ||
9 | @techreport { | |
10 | Wooding:2000:Storin, | |
11 | author = "Mark Wooding", | |
12 | title = "{Storin}: A block cipher for digitial signal processors", | |
13 | institution = "Straylight/Edgeware", | |
14 | year = "2000", | |
15 | url = "http://www.excessus.demon.co.uk/crypto/storin.ps.gz", | |
16 | abstract = | |
17 | "We present Storin: a new 96-bit block cipher designed to play to the | |
18 | strengths of current digital signal processors (DSPs). In particular, DSPs | |
19 | tend to provide single-cycle multiply-and-accumulate operations, making | |
20 | matrix multiplications very cheap. Working in an environment where | |
21 | multiplication is as fast as exclusive-or changes the usual perceptions | |
22 | about which operations provide good cryptographic strength cheaply. The | |
23 | scarcity of available memory, for code and for tables, and a penalty for | |
24 | nonsequential access to data also make traditional block ciphers based | |
25 | around substitution tables unsuitable." | |
26 | } | |
27 | ||
28 | @PhdThesis{ | |
29 | Daemen:1995:CHF, | |
30 | author = "Joan Daemen", | |
31 | title = "Cipher and hash function design strategies based on linear and | |
32 | differential cryptanalysis", | |
33 | year = 1995, | |
34 | school = "K. U. Leuven" | |
35 | } | |
36 | ||
37 | @misc { | |
38 | Fisher:2000:Storin-collide, | |
39 | author = "Matthew Fisher", | |
40 | title = "Re: Yet another block cipher: {Storin}", | |
41 | howpublished = "Usenet article in {\texttt{sci.crypt}}", | |
42 | year = "2000", | |
43 | note = "Message-id {\msgid{<8gjctn\$9ct\$1@nnrp1.deja.com>}}" | |
44 | } | |
45 | ||
46 | @misc { | |
47 | Wooding:2000:Storin-diff, | |
48 | author = "Mark Wooding", | |
49 | title = "Re: Yet another block cipher: {Storin}", | |
50 | howpublished = "Usenet article in \texttt{sci.crypt}", | |
51 | year = "2000", | |
52 | note = "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}" | |
53 | } | |
54 | ||
50046700 MW |
55 | @misc { |
56 | Wooding:2003:NPO, | |
57 | author = "Mark Wooding", | |
58 | title = "New proofs for old modes", | |
59 | howpublished = "Unpublished work in progress", | |
60 | year = "2003", | |
61 | } | |
62 | ||
38e062db MW |
63 | @PhdThesis{IWJ:1997:WGT, |
64 | Author = "Ian Jackson", | |
65 | title = "Who goes there? Location confidentiality through | |
66 | anonymity", | |
67 | year = 1997, | |
68 | school = "Cambridge University Computer Laboratory", | |
69 | pages = "vi + 97", | |
70 | url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/" | |
71 | } | |
72 | ||
73 | @inproceedings{Rogaway:2002:AEAD, | |
74 | author = "Phillip Rogaway", | |
75 | title = "Authenticated-Encryption with Associated Data", | |
76 | year = 2002, | |
77 | booktitle = "{ACM} Conference on Computer and Communications Security", | |
78 | url = "http://www.cs.ucdavis.edu/~rogaway/" | |
79 | } | |
80 | ||
81 | @inproceedings{Rogaway:2001:OCB, | |
82 | author = "Phillip Rogaway and Mihir Bellare and John Black | |
83 | and Ted Krovetz", | |
84 | title = "{OCB}: a block-cipher mode of operation for efficient | |
85 | authenticated encryption", | |
86 | booktitle = "{ACM} Conference on Computer and Communications Security", | |
87 | pages = "196-205", | |
88 | year = "2001", | |
89 | url = "http://www.cs.ucdavis.edu/~rogaway/ocb/" | |
90 | } | |
91 | ||
92 | @misc{Kohno:2003:CWC, | |
93 | author = {Tadayoshi Kohno and John Viega and Doug Whiting}, | |
94 | title = {The CWC Authenticated Encryption (Associated Data) Mode}, | |
95 | howpublished = {Cryptology ePrint Archive, Report 2003/106}, | |
96 | year = {2003}, | |
b675c096 | 97 | url = "http://eprint.iacr.org/2003/106", |
38e062db MW |
98 | } |
99 | ||
100 | @inproceedings{Lim:1997:KRA, | |
101 | author = "Chae Hoon Lim and Pil Joong Lee", | |
102 | title = "A Key Recovery Attack On Discrete Log-based Schemes Using a | |
103 | Prime Order Subgroup", | |
104 | booktitle = "{CRYPTO}", | |
105 | pages = "249-263", | |
106 | year = 1997, | |
107 | url = "http://citeseer.nj.nec.com/article/lim97key.html" | |
108 | } | |
109 | ||
110 | @Periodical{FIPS81, | |
111 | author = "{United States. National Bureau of Standards}", | |
112 | title = "{FIPS} Pub 81: {DES} Modes of Operation", | |
113 | publisher = pub-NBS, | |
114 | address = pub-NBS:adr, | |
115 | day = "2", | |
116 | month = dec, | |
117 | year = "1981", | |
118 | CODEN = "FIPPAT", | |
119 | series = "FIPS Pub; 81", | |
120 | acknowledgement = ack-nhfb, | |
121 | keywords = "Computer networks --- Security measures --- Standards; | |
122 | Computers --- Access control --- Standards; Electronic | |
123 | data processing departments --- Security measures; | |
124 | Standards", | |
125 | } | |
126 | ||
127 | @misc{Canetti:2001:AKE, | |
128 | author = "Ran Canetti and Hugo Krawczyk", | |
129 | title = "Analysis of Key-Exchange Protocols and Their Use for Building | |
130 | Secure Channels", | |
131 | month = may, | |
132 | year = 2001, | |
b675c096 | 133 | url = "http://eprint.iacr.org/2001/040", |
38e062db MW |
134 | note = "An extended abstract appears in the proceedings of Eurocrypt 2001." |
135 | } | |
136 | ||
137 | @misc{Krawczyk:2001:OEA, | |
138 | author = "Hugo Krawczyk", | |
139 | title = "The order of encryption and authentication for protecting | |
140 | communications (Or: how secure is {SSL}?)", | |
141 | month = jun, | |
142 | year = 2001, | |
b675c096 | 143 | url = "http://eprint.iacr.org/2001/045", |
38e062db MW |
144 | note = "An abridged version appears in the proceedings of {CRYPTO} 2001." |
145 | } | |
146 | ||
147 | @techreport{Frier:1996:SSL, | |
148 | author = "A. Frier and P. Karlton and P. Kocher", | |
149 | title = "The {SSL 3.0} Protocol", | |
150 | institution = "Netscape Communications Corp.", | |
151 | month = nov, | |
152 | year = "1996", | |
153 | url = "http://home.netscape.com/eng/ssl3/ssl-toc.html" | |
154 | } | |
155 | ||
156 | @misc{RFC2246, | |
157 | author = "T. Dierks and C. Allen", | |
158 | title = "{RFC 2264}: The {TLS} Protocol -- Version 1", | |
159 | year = 1999, | |
160 | howpublished = "Internet Request for Comments", | |
161 | url = "ftp://ftp.internic.net/rfc/rfc2246.txt" | |
162 | } | |
163 | ||
164 | @misc{Ylonen:2001:STL, | |
165 | author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and | |
166 | S. Lehtinen", | |
167 | title = "{SSH} Transport Layer Protocol", | |
168 | month = jan, | |
169 | year = 2001, | |
170 | howpublished = "Internet Draft", | |
171 | url = "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt" | |
172 | } | |
173 | ||
174 | @inproceedings{Bellare:1993:ROP, | |
175 | author = "Mihir Bellare and Phillip Rogaway", | |
176 | title = "Random oracles are practical", | |
177 | booktitle = "Proceedings of the First Annual Conference on Computer and | |
178 | Communications Security", | |
179 | organization = "{ACM}", | |
180 | year = 1993, | |
181 | url = "http://www-cse.ucsd.edu/users/mihir/papers/ro.html" | |
182 | } | |
183 | ||
184 | @inproceedings{Brassard:1989:SZK, | |
185 | author = "Gilles Brassard and Claude Crepeau", | |
186 | title = "Sorting out Zero-Knowledge", | |
187 | booktitle = "Theory and Application of Cryptographic Techniques", | |
188 | pages = "181-191", | |
189 | year = "1989", | |
190 | url = "http://citeseer.nj.nec.com/brassard90sorting.html" | |
191 | } | |
192 | ||
193 | @inproceedings{Bellare:2000:CST, | |
194 | author = "Mihir Bellare and Anand Desai and E. Jokipii and Phillip Rogaway", | |
195 | title = "A Concrete Security Treatment of Symmetric Encryption", | |
196 | booktitle = "{IEEE} Symposium on Foundations of Computer Science", | |
197 | pages = "394-403", | |
198 | year = "1997", | |
199 | url = "http://www-cse.ucsd.edu/users/mihir/papers/sym-enc.html" | |
200 | } | |
201 | ||
202 | @misc{Goldwasser:1999:LNC, | |
203 | author = "Shafi Goldwasser and Mihir Bellare", | |
204 | title = "Lecture Notes on Cryptography", | |
205 | howpublished = "Summer Course ``Cryptography and Computer Security'' at MIT, 1996--1999", | |
206 | year = "1999", | |
207 | url = "http://citeseer.nj.nec.com/goldwasser96lecture.html" | |
208 | } | |
209 | ||
b675c096 MW |
210 | |
211 | @InProceedings{Rogaway:2002:AEA, | |
212 | author = "Phillip Rogaway", | |
213 | title = "Authenticated-encryption with associated-data", | |
214 | added-by = "msteiner", | |
215 | URL = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html", | |
216 | pages = "98--107", | |
217 | added-at = "Sun Nov 16 12:50:24 2003", | |
218 | abstract = "When a message is transformed into a ciphertext in a | |
219 | way designed to protect both its privacy and | |
220 | authenticity, there may be additional information, such | |
221 | as a packet header, that travels alongside the | |
222 | ciphertext (at least conceptually) and must get | |
223 | authenticated with it. We formalize and investigate | |
224 | this authenticated-encryption with associated-data | |
225 | (AEAD) problem. Though the problem has long been | |
226 | addressed in cryptographic practice, it was never | |
227 | provided a definition or even a name. We do this, and | |
228 | go on to look at efficient solutions for AEAD, both in | |
229 | general and for the authenticated-encryption scheme | |
230 | OCB. For the general setting we study two simple ways | |
231 | to turn an authenticated-encryption scheme that does | |
232 | not support associated-data into one that does: nonce | |
233 | stealing and ciphertext translation. For the case of | |
234 | OCB we construct an AEAD-scheme by combining OCB and | |
235 | the pseudorandom function PMAC, using the same key for | |
236 | both algorithms. We prove that, despite | |
237 | {"}interaction{"} between the two schemes when using a | |
238 | common key, the combination is sound. We also consider | |
239 | achieving AEAD by the generic composition of a | |
240 | nonce-based, privacy-only encryption scheme and a | |
241 | pseudorandom function.", | |
242 | booktitle = "Proceedings of the 9th {ACM} Conference on Computer | |
243 | and Communications Security", | |
244 | year = "2002", | |
245 | editor = "Ravi Sandhu", | |
246 | month = nov, | |
247 | publisher = "ACM Press", | |
248 | address = "Washington, DC, USA", | |
249 | } | |
250 | ||
251 | @Article{Rogaway:2003:OCB, | |
252 | author = "Phillip Rogaway and Mihir Bellare and John Black", | |
253 | title = "{OCB}: a block-cipher mode of operation for efficient | |
254 | authenticated encryptiona", | |
255 | added-by = "msteiner", | |
256 | URL = "http://www.cs.colorado.edu/~jrblack/papers/ocb.pdf", | |
257 | journal = "ACM Transactions on Information and System Security", | |
258 | volume = "6", | |
259 | year = "2003", | |
260 | pages = "365--403", | |
261 | number = "3", | |
262 | added-at = "Sun Sep 28 21:27:38 2003", | |
263 | } | |
264 | ||
265 | @InProceedings{McGrew:2004:SPG, | |
266 | title = "The Security and Performance of the Galois/Counter | |
267 | Mode ({GCM}) of Operation", | |
268 | author = "David A. McGrew and John Viega", | |
269 | bibdate = "2004-12-13", | |
270 | bibsource = "DBLP, | |
271 | http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04", | |
272 | booktitle = "INDOCRYPT", | |
273 | booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th | |
274 | International Conference on Cryptology in India, | |
275 | Chennai, India, December 20-22, 2004, Proceedings", | |
276 | publisher = "Springer", | |
277 | year = "2004", | |
278 | volume = "3348", | |
279 | editor = "Anne Canteaut and Kapalee Viswanathan", | |
280 | ISBN = "3-540-24130-2", | |
281 | pages = "343--355", | |
282 | series = "Lecture Notes in Computer Science", | |
283 | URL = "http://eprint.iacr.org/2004/193" | |
284 | } | |
285 | ||
38e062db MW |
286 | @techreport{Abdalla:1999:DHAES, |
287 | author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway", | |
288 | title = "{DHAES}: An Encryption Scheme Based on the {Diffie-Hellman} Problem", | |
289 | number = "99-07", | |
290 | year = "1999", | |
291 | url = "http://www-cse.ucsd.edu/users/mihir/papers/pke.html" | |
292 | } | |
293 | ||
294 | @inproceedings{Abdalla:2001:DHIES, | |
295 | author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway", | |
296 | title = "{DHIES}: An Encryption Scheme Based on the {Diffie-Hellman} Problem", | |
297 | crossref = "Naccache:2001:TCC", | |
298 | year = 2001, | |
299 | url = "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html" | |
300 | } | |
301 | ||
302 | @inproceedings{Shoup:2001:OAEPR, | |
303 | author = "V. Shoup", | |
304 | title = "{OAEP} reconsidered", | |
305 | crossref = "Kilian:2001:ACC", | |
306 | pages = "239--259", | |
307 | url = "http://www.shoup.net/papers/" | |
308 | } | |
309 | ||
310 | @inproceedings{Wagner:2000:PSU, | |
311 | author = "David Wagner and Ian Goldberg", | |
312 | title = "Proofs of Security for the {Unix} Password Hashing Algorithm", | |
313 | crossref = "Okamoto:2000:ACA", | |
314 | pages = "560--572", | |
315 | url = "http://www.cs.berkeley.edu/~daw/papers/" | |
316 | } | |
317 | ||
318 | @inproceedings{Brier:2001:CRS, | |
319 | author = "Eric Brier and Cristophe Clavier and Jean-S\'ebastien Coron and | |
320 | David Naccache", | |
321 | title = "Cryptanalysis of {RSA} Signatures with Fixed-Patten Padding", | |
322 | year = 2001, | |
323 | crossref = "Kilian:2001:ACC", | |
324 | pages = "433--439" | |
325 | } | |
326 | ||
327 | @inproceedings{ Alkassar:2001:OSS, | |
328 | author = "Ammar Alkassar and Alexander Geraldy and Birgit Pfitzmann and Ahmad-Reza Sadeghi", | |
329 | title = "Optimized Self-Synchronizing Mode of Operation", | |
330 | crossref = "DBLP:conf/fse/2001", | |
331 | year = 2001, | |
332 | url = "http://citeseer.nj.nec.com/alkassar01optimized.html" } | |
333 | ||
334 | @unpublished{Shoup:2001:PIS, | |
335 | author = "Victor Shoup", | |
336 | title = "Proposal for an {ISO} Standard for Public Key Encryption | |
337 | (Version 2.0)", | |
338 | year = 2001, | |
339 | note = "Unpublished manuscript", | |
340 | url = "http://www.shoup.net/papers/" | |
341 | } | |
342 | ||
b675c096 MW |
343 | @inproceedings{Shoup:1997:LBD, |
344 | author = "Victor Shoup", | |
345 | title = "Lower bounds for discrete logarithms and related problems", | |
346 | year = 1997, | |
347 | url = "http://www.shoup.net/papers/", | |
348 | crossref = "Fumy:1997:ACE" | |
349 | } | |
350 | ||
351 | @InProceedings{Bellare:2004:EAX, | |
352 | title = "The {EAX} Mode of Operation", | |
353 | author = "Mihir Bellare and Phillip Rogaway and David Wagner", | |
354 | bibdate = "2004-07-29", | |
355 | bibsource = "DBLP, | |
356 | http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04", | |
357 | booktitle = "FSE", | |
358 | booktitle = "Fast Software Encryption, 11th International Workshop, | |
359 | {FSE} 2004, Delhi, India, February 5-7, 2004, Revised | |
360 | Papers", | |
361 | publisher = "Springer", | |
362 | year = "2004", | |
363 | volume = "3017", | |
364 | editor = "Bimal K. Roy and Willi Meier", | |
365 | ISBN = "3-540-22171-9", | |
366 | pages = "389--407", | |
367 | series = "Lecture Notes in Computer Science", | |
368 | URL = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps" | |
369 | } | |
370 | ||
371 | @Misc{Shoup:1999:OFM, | |
372 | title = "On Formal Models for Secure Key Exchange", | |
373 | author = "Victor Shoup", | |
374 | year = "1999", | |
375 | month = apr # "~21", | |
376 | abstract = "A new formal security model for session key exchange | |
377 | protocols in the public key setting is proposed, and | |
378 | several efficient protocols are analyzed in this model. | |
379 | The relationship between this new model and previously | |
380 | proposed models is explored, and several interesting, | |
381 | subtle distinctions between static and adaptive | |
382 | adversaries are explored. We also give a brief account | |
383 | of anonymous users.", | |
384 | citeseer-references = "oai:CiteSeerPSU:100248; oai:CiteSeerPSU:159141; | |
385 | oai:CiteSeerPSU:587558; oai:CiteSeerPSU:70784; | |
386 | oai:CiteSeerPSU:459391; oai:CiteSeerPSU:340126; | |
387 | oai:CiteSeerPSU:343528; oai:CiteSeerPSU:451555; | |
388 | oai:CiteSeerPSU:432396", | |
389 | annote = "Victor Shoup (IBM Zurich Research Lab , Saumerstr; 4 , | |
390 | 8803 Ruschlikon , Switzerland);", | |
391 | bibsource = "OAI-PMH server at cs1.ist.psu.edu", | |
392 | oai = "oai:CiteSeerPSU:190779", | |
393 | rights = "unrestricted", | |
394 | URL = "http://www.shoup.net/papers/skey.ps.Z", | |
395 | } | |
396 | ||
397 | @misc{Koblitz:2006:ALP, | |
398 | author = {Neal Koblitz and Alfred Menezes}, | |
399 | title = {Another Look at ``Provable Security''. {II}}, | |
400 | howpublished = {Cryptology ePrint Archive, Report 2006/229}, | |
401 | year = {2006}, | |
402 | url = {http://eprint.iacr.org/2006/229}, | |
403 | } | |
404 | ||
405 | @Article{Blake-Wilson:1998:EAA, | |
406 | author = "S. Blake-Wilson and A. Menezes", | |
407 | title = "Entity Authentication and Authenticated Key Transport | |
408 | Protocols Employing Asymmetric Techniques", | |
409 | journal = "Lecture Notes in Computer Science", | |
410 | volume = "1361", | |
411 | pages = "137--??", | |
412 | year = "1998", | |
413 | CODEN = "LNCSD9", | |
414 | ISSN = "0302-9743", | |
415 | bibdate = "Tue Apr 28 08:51:33 MDT 1998", | |
416 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific | |
417 | Computing, University of Utah, Department of | |
418 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
419 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
420 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
421 | \path|beebe@acm.org|, \path|beebe@computer.org|, | |
422 | \path|beebe@ieee.org| (Internet), URL: | |
423 | \path|http://www.math.utah.edu/~beebe/|", | |
424 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/transport.ps" | |
425 | } | |
426 | ||
427 | @Article{Blake-Wilson:1997:KAP, | |
428 | author = "S. Blake-Wilson and D. Johnson and A. Menezes", | |
429 | title = "Key Agreement Protocols and Their Security Analysis", | |
430 | journal = "Lecture Notes in Computer Science", | |
431 | volume = "1355", | |
432 | pages = "30--??", | |
433 | year = "1997", | |
434 | CODEN = "LNCSD9", | |
435 | ISSN = "0302-9743", | |
436 | bibdate = "Tue Apr 28 08:51:33 MDT 1998", | |
437 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department | |
438 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
439 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
440 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
441 | \path|beebe@acm.org|, \path|beebe@computer.org| | |
442 | (Internet), URL: | |
443 | \path|http://www.math.utah.edu/~beebe/|", | |
444 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/agreement.ps" | |
445 | } | |
446 | ||
447 | @InProceedings{Bellare:1998:MAD, | |
448 | author = "Mihir Bellare and Ran Canetti and Hugo Krawczyk", | |
449 | title = "A Modular Approach to the Design and Analysis of Key | |
450 | Exchange Protocols", | |
451 | pages = "419--428", | |
452 | ISBN = "0-89791-962-9", | |
453 | booktitle = "Proceedings of the 30th Annual {ACM} Symposium on | |
454 | Theory of Computing ({STOC}-98)", | |
455 | month = may # "~23--26", | |
456 | publisher = "ACM Press", | |
457 | address = "New York", | |
458 | year = "1998", | |
459 | url = "http://www.cs.ucsd.edu/~mihir/papers/key-distribution.html" | |
460 | } | |
461 | ||
462 | @TechReport{Canetti:2001:UCS, | |
463 | author = "Ran Canetti", | |
464 | title = "Universally Composable Security: {A} New Paradigm for | |
465 | Cryptographic Protocols", | |
466 | added-by = "sti", | |
467 | URL = "http://eprint.iacr.org/2000/067", | |
468 | number = "2000/067", | |
469 | month = oct, | |
470 | abstract = "We propose a new paradigm for defining security of | |
471 | cryptographic protocols, called {\sf universally | |
472 | composable security.} The salient property of | |
473 | universally composable definitions of security is that | |
474 | they guarantee security even when a secure protocol is | |
475 | composed with an arbitrary set of protocols, or more | |
476 | generally when the protocol is used as a component of | |
477 | an arbitrary system. This is an essential property for | |
478 | maintaining security of cryptographic protocols in | |
479 | complex and unpredictable environments such as the | |
480 | Internet. In particular, universally composable | |
481 | definitions guarantee security even when an unbounded | |
482 | number of protocol instances are executed concurrently | |
483 | in an adversarially controlled manner, they guarantee | |
484 | non-malleability with respect to arbitrary protocols, | |
485 | and more. We show how to formulate universally | |
486 | composable definitions of security for practically any | |
487 | cryptographic task. Furthermore, we demonstrate that | |
488 | practically any such definition can be realized using | |
489 | known general techniques, as long as only a minority of | |
490 | the participants are corrupted. We then proceed to | |
491 | formulate universally composable definitions of a wide | |
492 | array of cryptographic tasks, including authenticated | |
493 | and secure communication, key-exchange, public-key | |
494 | encryption, signature, commitment, oblivious transfer, | |
495 | zero-knowledge, and more. We also make initial steps | |
496 | towards studying the realizability of the proposed | |
497 | definitions in other natural settings.", | |
498 | keywords = "foundations / cryptographic protocols, security | |
499 | analysis of protocols, concurrent composition", | |
500 | type = "Report", | |
501 | annote = "Revised version of \cite{Canett2000a}.", | |
502 | year = "2001", | |
503 | institution = "Cryptology {ePrint} Archive", | |
504 | added-at = "Wed Oct 17 16:02:37 2001", | |
505 | note = "Extended Abstract appeared in proceedings of the 42nd | |
506 | Symposium on Foundations of Computer Science (FOCS), | |
507 | 2001", | |
508 | } | |
509 | ||
510 | @Article{Canett2000a, | |
511 | author = "Ran Canetti", | |
512 | title = "Security and Composition of Multiparty Cryptographic | |
513 | Protocols", | |
514 | added-by = "sti", | |
515 | URL = "http://link.springer-ny.com/link/service/journals/00145/papers/0013001/00130143.pdf", | |
516 | journal = "Journal of Cryptology", | |
517 | number = "1", | |
518 | month = "Winter", | |
519 | abstract = "We present general definitions of security for | |
520 | multiparty cryptographic protocols, with focus on the | |
521 | task of evaluating a probabilistic function of the | |
522 | parties' inputs. We show that, with respect to these | |
523 | definitions, security is preserved under a natural | |
524 | composition operation. The definitions follow the | |
525 | general paradigm of known definitions; yet some | |
526 | substantial modifications and simplifications are | |
527 | introduced. The composition operation is the natural | |
528 | ``subroutine substitution'' operation, formalized by | |
529 | Micali and Rogaway. We consider several standard | |
530 | settings for multiparty protocols, including the cases | |
531 | of eavesdropping, Byzantine, nonadaptive and adaptive | |
532 | adversaries, as well as the information-theoretic and | |
533 | the computational models. In particular, in the | |
534 | computational model we provide the first definition of | |
535 | security of protocols that is shown to be preserved | |
536 | under composition.", | |
537 | volume = "13", | |
538 | annote = "Discusses general formalization of Secure Multiparty | |
539 | Computation in synchronous model with passive vs active | |
540 | (=> compute function t-privately vs t-securely) and | |
541 | static vs adaptive adversaries as well as perfect | |
542 | (e.g., with secure channel) and cryptographic settings. | |
543 | Contrary to previous definitions doesn't restrict to | |
544 | black-box simulations (though probably that restriction | |
545 | was not that important) and allows rewinds (more | |
546 | important, e.g., ZKP). Probably most precise and | |
547 | complete to date. Proves composition theorems for | |
548 | 'sequential subroutine composition'. To model adaptive | |
549 | adversaries he defines an additional TM Z to model the | |
550 | environment which feeds the context as auxiliary input | |
551 | on corruptions as well models post-execution effects in | |
552 | a non-erasing model by allowing Z (on input \emph{all} | |
553 | outputs of the protocol) to further corrupt parties | |
554 | (via adversary) after the termination of the protocol. | |
555 | The simulation has to hold now for all Z and all A (but | |
556 | note that contrary to A, Z is the same in the ideal | |
557 | model!). However, if we consider erasing models where | |
558 | all internal states are deleted after protocol | |
559 | terminatin then Z can be simplified to apriori fixed | |
560 | auxilliary strings for each corruption. Appeared also | |
561 | as Theory of Cryptography Library Record 98-18.", | |
562 | year = "2000", | |
563 | pages = "143--202", | |
564 | publisher = "Springer-Verlag, Berlin Germany", | |
565 | added-at = "Thu Jul 20 11:01:42 2000", | |
566 | } | |
567 | ||
568 | ||
569 | @Article{Canetti:2002:UCN, | |
570 | author = "Ran Canetti and Hugo Krawczyk", | |
571 | title = "Universally Composable Notions of Key Exchange and | |
572 | Secure Channels", | |
573 | journal = "Lecture Notes in Computer Science", | |
574 | volume = "2332", | |
575 | pages = "337--??", | |
576 | year = "2002", | |
577 | CODEN = "LNCSD9", | |
578 | ISSN = "0302-9743", | |
579 | bibdate = "Tue Sep 10 19:09:37 MDT 2002", | |
580 | bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2332.htm", | |
581 | url = "http://eprint.iacr.org/2002/059", | |
582 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific | |
583 | Computing, University of Utah, Department of | |
584 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
585 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
586 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
587 | \path|beebe@acm.org|, \path|beebe@computer.org|, | |
588 | \path|beebe@ieee.org| (Internet), URL: | |
589 | \path|http://www.math.utah.edu/~beebe/|", | |
590 | } | |
591 | ||
592 | @misc{Shoup:2004:SGT, | |
593 | author = {Victor Shoup}, | |
594 | title = {Sequences of games: a tool for taming complexity in security proofs}, | |
595 | howpublished = {Cryptology ePrint Archive, Report 2004/332}, | |
596 | year = {2004}, | |
597 | url = {http://eprint.iacr.org/2004/332}, | |
598 | } | |
599 | ||
600 | @InProceedings{Bellare:2006:STE, | |
601 | title = "The Security of Triple Encryption and a Framework for | |
602 | Code-Based Game-Playing Proofs", | |
603 | author = "Mihir Bellare and Phillip Rogaway", | |
604 | bibdate = "2006-07-05", | |
605 | bibsource = "DBLP, | |
606 | http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06", | |
607 | booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual | |
608 | International Conference on the Theory and Applications | |
609 | of Cryptographic Techniques, St. Petersburg, Russia, | |
610 | May 28 - June 1, 2006, Proceedings", | |
611 | publisher = "Springer", | |
612 | year = "2006", | |
613 | volume = "4004", | |
614 | editor = "Serge Vaudenay", | |
615 | ISBN = "3-540-34546-9", | |
616 | pages = "409--426", | |
617 | series = "Lecture Notes in Computer Science", | |
618 | note = "Proceedings version of \cite{Bellare:2004:CBG}" | |
619 | } | |
620 | ||
621 | @misc{Bellare:2004:CBG, | |
622 | author = {Mihir Bellare and Phillip Rogaway}, | |
623 | title = {Code-Based Game-Playing Proofs and the Security of Triple Encryption}, | |
624 | howpublished = {Cryptology ePrint Archive, Report 2004/331}, | |
625 | year = {2004}, | |
626 | url = {http://eprint.iacr.org/2004/331}, | |
627 | note = "Full version of \cite{Bellare:2006:STE}" | |
628 | } | |
629 | ||
630 | @Article{Shoup:2001:OR, | |
631 | author = "Victor Shoup", | |
632 | title = "{OAEP} Reconsidered", | |
633 | journal = "Lecture Notes in Computer Science", | |
634 | volume = "2139", | |
635 | pages = "239--??", | |
636 | year = "2001", | |
637 | CODEN = "LNCSD9", | |
638 | ISSN = "0302-9743", | |
639 | bibdate = "Sat Feb 2 13:05:41 MST 2002", | |
640 | bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2139.htm", | |
641 | URL = "http://link.springer-ny.com/link/service/series/0558/bibs/2139/21390239.htm; | |
642 | http://link.springer-ny.com/link/service/series/0558/papers/2139/21390239.pdf", | |
643 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific | |
644 | Computing, University of Utah, Department of | |
645 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
646 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
647 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
648 | \path|beebe@acm.org|, \path|beebe@computer.org|, | |
649 | \path|beebe@ieee.org| (Internet), URL: | |
650 | \path|http://www.math.utah.edu/~beebe/|", | |
651 | } | |
652 | ||
653 | @Article{Canetti:2004:ROM, | |
654 | author = "Ran Canetti and Oded Goldreich and Shai Halevi", | |
655 | title = "The random oracle methodology, revisited", | |
656 | journal = "Journal of the ACM", | |
657 | volume = "51", | |
658 | number = "4", | |
659 | pages = "557--594", | |
660 | month = jul, | |
661 | year = "2004", | |
662 | CODEN = "JACOAH", | |
663 | ISSN = "0004-5411", | |
664 | bibdate = "Sat Jul 10 09:49:01 MDT 2004", | |
665 | bibsource = "http://portal.acm.org/", | |
666 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department | |
667 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
668 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
669 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
670 | \path|beebe@acm.org|, \path|beebe@computer.org| | |
671 | (Internet), URL: | |
672 | \path|http://www.math.utah.edu/~beebe/|", | |
673 | } | |
674 | ||
675 | @Article{Boneh:2003:IBE, | |
676 | author = "Dan Boneh and Matthew Franklin", | |
677 | title = "Identity-Based Encryption from the {Weil} Pairing", | |
678 | journal = "SIAM Journal on Computing", | |
679 | volume = "32", | |
680 | number = "3", | |
681 | pages = "586--615", | |
682 | month = jun, | |
683 | year = "2003", | |
684 | CODEN = "SMJCAT", | |
685 | doi = "http://dx.doi.org/10.1137/S0097539701398521", | |
686 | ISSN = "0097-5397 (print), 1095-7111 (electronic)", | |
687 | bibdate = "Wed Aug 20 06:43:35 MDT 2003", | |
688 | bibsource = "http://epubs.siam.org/sam-bin/dbq/toclist/SICOMP/32/3", | |
689 | URL = "http://epubs.siam.org/sam-bin/dbq/article/39852", | |
690 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department | |
691 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake | |
692 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 | |
693 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, | |
694 | \path|beebe@acm.org|, \path|beebe@computer.org| | |
695 | (Internet), URL: | |
696 | \path|http://www.math.utah.edu/~beebe/|", | |
697 | doi-url = "http://dx.doi.org/10.1137/S0097539701398521", | |
698 | } | |
699 | ||
700 | ||
701 | @Article{ElGamal:1985:PKC, | |
702 | author = "Taher ElGamal", | |
703 | booktitle = "Advances in cryptology (Santa Barbara, Calif., 1984)", | |
704 | title = "A public key cryptosystem and a signature scheme based | |
705 | on discrete logarithms", | |
706 | journal = "Lecture Notes in Computer Science", | |
707 | volume = "196", | |
708 | pages = "10--18", | |
709 | year = "1985", | |
710 | CODEN = "LNCSD9", | |
711 | ISSN = "0302-9743", | |
712 | MRclass = "94A60 (11T71 68P25)", | |
713 | MRnumber = "87b:94037", | |
714 | mrnumber-url = "http://www.ams.org/mathscinet-getitem?mr=87b%3a94037", | |
715 | } | |
716 | ||
717 | @misc{Menezes:2005:IPB, | |
718 | author = "Alfred Menezes", | |
719 | title = "An Introduction to Pairing-Based Cryptography", | |
720 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf", | |
721 | note = "Notes from lectures given in Santander, Spain", | |
722 | year = "2005" | |
723 | } | |
724 | ||
725 | @misc{Stinson:2006:EST, | |
726 | author = {D.R. Stinson and J. Wu}, | |
727 | title = {An Efficient and Secure Two-flow Zero-Knowledge Identification Protocol}, | |
728 | howpublished = {Cryptology ePrint Archive, Report 2006/337}, | |
729 | year = {2006}, | |
730 | url = {http://eprint.iacr.org/2006/337}, | |
731 | } | |
732 | ||
733 | @misc{DiRaimondo:2006:DAK, | |
734 | author = {Mario Di Raimondo and Rosario Gennaro and Hugo Krawczyk}, | |
735 | title = {Deniable Authentication and Key Exchange}, | |
736 | howpublished = {Cryptology ePrint Archive, Report 2006/280}, | |
737 | year = {2006}, | |
738 | url = {http://eprint.iacr.org/2006/280}, | |
739 | } | |
740 | ||
741 | @misc{SEC1, | |
742 | author = "{Certicom Research}", | |
743 | title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic curve cryptography, Version 1.0", | |
744 | year = "2000", | |
745 | url = "http://www.secg.org/download/aid-385/sec1_final.pdf" | |
746 | } | |
747 | ||
38e062db MW |
748 | @proceedings{DBLP:conf/fse/2001, |
749 | editor = {Mitsuru Matsui}, | |
750 | title = {Fast Software Encryption, 8th International Workshop, FSE 2001 | |
751 | Yokohama, Japan, April 2-4, 2001, Revised Papers}, | |
752 | booktitle = {FSE}, | |
753 | publisher = {Springer}, | |
754 | series = {Lecture Notes in Computer Science}, | |
755 | volume = {2355}, | |
756 | year = {2002}, | |
757 | isbn = {3-540-43869-6}, | |
758 | bibsource = {DBLP, http://dblp.uni-trier.de} | |
759 | } | |
760 |