| 1 | %%% mdw's bibliography |
| 2 | |
| 3 | %%%-------------------------------------------------------------------------- |
| 4 | %%% Initial hacking. |
| 5 | |
| 6 | @preamble { |
| 7 | " |
| 8 | \ifx\url\undefined\let\url\texttt\fi |
| 9 | \ifx\msgid\undefined\let\msgid\texttt\fi |
| 10 | \let\mdwxxthebibliography\thebibliography |
| 11 | \def\thebibliography{\mdwxxbibhook\mdwxxthebibliography} |
| 12 | \def\mdwxxurl#1{[#1]} |
| 13 | \def\biburl#1{\let\biburlsep\empty\biburlxi#1;;\done} |
| 14 | \def\biburlxi#1;{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else |
| 15 | \biburlxii#1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi} |
| 16 | \def\biburlxii#1,{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else |
| 17 | \biburlsep\mdwxxurl{#1}\def\biburlsep{, }\let\biburlxafter\biburlxii |
| 18 | \expandafter\biburlxmunch\fi} |
| 19 | \def\biburlxiii#1\done{} |
| 20 | \def\biburlxmunch{\futurelet\next\biburlxmunchi} |
| 21 | \def\biburlxmunchi{\expandafter\ifx\space\next\expandafter\biburlxmunchii |
| 22 | \else\expandafter\biburlxafter\fi} |
| 23 | \expandafter\def\expandafter\biburlxmunchii\space{\biburlxmunch} |
| 24 | \def\mdwxxbibhook{\let\mdwxxurl\url\let\url\biburl} |
| 25 | " |
| 26 | } |
| 27 | |
| 28 | %%%-------------------------------------------------------------------------- |
| 29 | %%% The main bibliography. |
| 30 | |
| 31 | @InProceedings{Abdalla:2001:DHIES, |
| 32 | author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway", |
| 33 | title = "{DHIES}: An Encryption Scheme Based on the |
| 34 | {Diffie--Hellman} Problem", |
| 35 | crossref = "Naccache:2001:TCC", |
| 36 | year = 2001, |
| 37 | url = "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html" |
| 38 | } |
| 39 | |
| 40 | @InProceedings{Bellare:1993:ROP, |
| 41 | author = "Mihir Bellare and Phillip Rogaway", |
| 42 | title = "Random oracles are practical", |
| 43 | booktitle = "Proceedings of the First Annual Conference on Computer and |
| 44 | Communications Security", |
| 45 | organization = "{ACM}", |
| 46 | year = 1993, |
| 47 | url = "http://www-cse.ucsd.edu/users/mihir/papers/ro.html" |
| 48 | } |
| 49 | |
| 50 | @InProceedings{Bellare:2004:EAX, |
| 51 | title = "The {EAX} Mode of Operation", |
| 52 | author = "Mihir Bellare and Phillip Rogaway and David Wagner", |
| 53 | bibdate = "2004-07-29", |
| 54 | bibsource = "DBLP, |
| 55 | http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04", |
| 56 | booktitle = "FSE", |
| 57 | booktitle = "Fast Software Encryption, 11th International Workshop, |
| 58 | {FSE} 2004, Delhi, India, February 5-7, 2004, Revised |
| 59 | Papers", |
| 60 | publisher = "Springer", |
| 61 | year = 2004, |
| 62 | volume = 3017, |
| 63 | editor = "Bimal K. Roy and Willi Meier", |
| 64 | isbn = "3-540-22171-9", |
| 65 | pages = "389--407", |
| 66 | series = "Lecture Notes in Computer Science", |
| 67 | url = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps" |
| 68 | } |
| 69 | |
| 70 | @InProceedings{Bellare:2006:STE, |
| 71 | title = "The Security of Triple Encryption and a Framework for |
| 72 | Code-Based Game-Playing Proofs", |
| 73 | author = "Mihir Bellare and Phillip Rogaway", |
| 74 | bibdate = "2006-07-05", |
| 75 | bibsource = "DBLP, |
| 76 | http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06", |
| 77 | booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual |
| 78 | International Conference on the Theory and Applications of |
| 79 | Cryptographic Techniques, St. Petersburg, Russia, May 28 - |
| 80 | June 1, 2006, Proceedings", |
| 81 | publisher = "Springer", |
| 82 | year = 2006, |
| 83 | volume = 4004, |
| 84 | editor = "Serge Vaudenay", |
| 85 | isbn = "3-540-34546-9", |
| 86 | pages = "409--426", |
| 87 | series = "Lecture Notes in Computer Science", |
| 88 | note = "Proceedings version of \cite{cryptoeprint:2004:331}" |
| 89 | } |
| 90 | |
| 91 | @InProceedings{Brassard:1989:SZK, |
| 92 | author = "Gilles Brassard and Claude Crepeau", |
| 93 | title = "Sorting out Zero-Knowledge", |
| 94 | booktitle = "Theory and Application of Cryptographic Techniques", |
| 95 | pages = "181-191", |
| 96 | year = 1989, |
| 97 | url = "http://citeseer.nj.nec.com/brassard90sorting.html" |
| 98 | } |
| 99 | |
| 100 | @TechReport{Canetti:2001:UCS, |
| 101 | author = "Ran Canetti", |
| 102 | title = "Universally Composable Security: {A} New Paradigm for |
| 103 | Cryptographic Protocols", |
| 104 | added-by = "sti", |
| 105 | url = "http://eprint.iacr.org/2000/067", |
| 106 | number = "2000/067", |
| 107 | month = oct, |
| 108 | abstract = "We propose a new paradigm for defining security of |
| 109 | cryptographic protocols, called {\sf universally composable |
| 110 | security.} The salient property of universally composable |
| 111 | definitions of security is that they guarantee security |
| 112 | even when a secure protocol is composed with an arbitrary |
| 113 | set of protocols, or more generally when the protocol is |
| 114 | used as a component of an arbitrary system. This is an |
| 115 | essential property for maintaining security of |
| 116 | cryptographic protocols in complex and unpredictable |
| 117 | environments such as the Internet. In particular, |
| 118 | universally composable definitions guarantee security even |
| 119 | when an unbounded number of protocol instances are executed |
| 120 | concurrently in an adversarially controlled manner, they |
| 121 | guarantee non-malleability with respect to arbitrary |
| 122 | protocols, and more. We show how to formulate universally |
| 123 | composable definitions of security for practically any |
| 124 | cryptographic task. Furthermore, we demonstrate that |
| 125 | practically any such definition can be realized using known |
| 126 | general techniques, as long as only a minority of the |
| 127 | participants are corrupted. We then proceed to formulate |
| 128 | universally composable definitions of a wide array of |
| 129 | cryptographic tasks, including authenticated and secure |
| 130 | communication, key-exchange, public-key encryption, |
| 131 | signature, commitment, oblivious transfer, zero-knowledge, |
| 132 | and more. We also make initial steps towards studying the |
| 133 | realizability of the proposed definitions in other natural |
| 134 | settings.", |
| 135 | keywords = "foundations / cryptographic protocols, security analysis of |
| 136 | protocols, concurrent composition", |
| 137 | type = "Report", |
| 138 | annote = "Revised version of \cite{Canetti:2000:SCM}.", |
| 139 | year = 2001, |
| 140 | institution = "Cryptology {ePrint} Archive", |
| 141 | added-at = "Wed Oct 17 16:02:37 2001", |
| 142 | note = "Extended Abstract appeared in proceedings of the 42nd |
| 143 | Symposium on Foundations of Computer Science (FOCS), 2001" |
| 144 | } |
| 145 | |
| 146 | @Proceedings{DBLP:conf/fse/2001, |
| 147 | editor = "Mitsuru Matsui", |
| 148 | title = "Fast Software Encryption, 8th International Workshop, FSE |
| 149 | 2001 Yokohama, Japan, April 2-4, 2001, Revised Papers", |
| 150 | booktitle = "FSE", |
| 151 | publisher = "Springer", |
| 152 | series = "Lecture Notes in Computer Science", |
| 153 | volume = 2355, |
| 154 | year = 2002, |
| 155 | isbn = "3-540-43869-6", |
| 156 | bibsource = "DBLP, http://dblp.uni-trier.de" |
| 157 | } |
| 158 | |
| 159 | @PhdThesis{Daemen:1995:CHF, |
| 160 | author = "Joan Daemen", |
| 161 | title = "Cipher and hash function design strategies based on linear |
| 162 | and differential cryptanalysis", |
| 163 | year = 1995, |
| 164 | school = "K. U. Leuven" |
| 165 | } |
| 166 | |
| 167 | @Misc{Fisher:2000:Storin-collide, |
| 168 | author = "Matthew Fisher", |
| 169 | title = "Re: Yet another block cipher: {Storin}", |
| 170 | howpublished = "Usenet article in {\texttt{sci.crypt}}", |
| 171 | year = 2000, |
| 172 | note = "Message-id {\msgid{<8gjctn\$9ct\$1@nnrp1.deja.com>}}" |
| 173 | } |
| 174 | |
| 175 | @TechReport{Frier:1996:SSL, |
| 176 | author = "A. Frier and P. Karlton and P. Kocher", |
| 177 | title = "The {SSL 3.0} Protocol", |
| 178 | institution = "Netscape Communications Corp.", |
| 179 | month = nov, |
| 180 | year = 1996, |
| 181 | url = "http://home.netscape.com/eng/ssl3/ssl-toc.html" |
| 182 | } |
| 183 | |
| 184 | @Misc{Goldwasser:1999:LNC, |
| 185 | author = "David A. McGrew and John Viega", |
| 186 | title = "Lecture Notes on Cryptography", |
| 187 | howpublished = "Summer Course ``Cryptography and Computer Security'' at |
| 188 | MIT, 1996--1999", |
| 189 | year = 1999, |
| 190 | url = "http://citeseer.nj.nec.com/goldwasser96lecture.html" |
| 191 | } |
| 192 | |
| 193 | @Manual{IEEE:2000:1363, |
| 194 | author = "{IEEE}", |
| 195 | title = "IEEE 1363-2000: Standard Specifications for Public Key |
| 196 | Cryptography", |
| 197 | year = 2000, |
| 198 | isbn = "0-7381-1956-3", |
| 199 | abstract = "This standard specifies common public-key cryptographic |
| 200 | techniques, including mathematical primitives for secret |
| 201 | value (key) derivation, public-key encryption, and digital |
| 202 | signatures, and cryptographic schemes based on those |
| 203 | primitives. It also specifies related cryptographic |
| 204 | parameters, public keys and private keys. The purpose of |
| 205 | this standard is to provide a reference for specifications |
| 206 | of a variety of techniques from which applications may |
| 207 | select.", |
| 208 | organization = "Microprocessor Standards Committee of the IEEE Computer |
| 209 | Society, USA" |
| 210 | } |
| 211 | |
| 212 | @PhdThesis{IWJ:1997:WGT, |
| 213 | author = "Ian Jackson", |
| 214 | title = "Who goes there? Location confidentiality through |
| 215 | anonymity", |
| 216 | year = 1997, |
| 217 | school = "Cambridge University Computer Laboratory", |
| 218 | pages = "vi + 97", |
| 219 | url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/" |
| 220 | } |
| 221 | |
| 222 | @Misc{Kohno:2003:CWC, |
| 223 | author = "Tadayoshi Kohno and John Viega and Doug Whiting", |
| 224 | title = "The CWC Authenticated Encryption (Associated Data) Mode", |
| 225 | howpublished = "Cryptology ePrint Archive, Report 2003/106", |
| 226 | year = 2003, |
| 227 | url = "http://eprint.iacr.org/2003/106" |
| 228 | } |
| 229 | |
| 230 | @InProceedings{McGrew:2004:SPG, |
| 231 | title = "The Security and Performance of the Galois/Counter Mode |
| 232 | ({GCM}) of Operation", |
| 233 | author = "David A. McGrew and John Viega", |
| 234 | bibdate = "2004-12-13", |
| 235 | bibsource = "DBLP, |
| 236 | http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04", |
| 237 | booktitle = "INDOCRYPT", |
| 238 | booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th |
| 239 | International Conference on Cryptology in India, Chennai, |
| 240 | India, December 20-22, 2004, Proceedings", |
| 241 | publisher = "Springer", |
| 242 | year = 2004, |
| 243 | volume = 3348, |
| 244 | editor = "Anne Canteaut and Kapalee Viswanathan", |
| 245 | isbn = "3-540-24130-2", |
| 246 | pages = "343--355", |
| 247 | series = "Lecture Notes in Computer Science", |
| 248 | url = "http://eprint.iacr.org/2004/193" |
| 249 | } |
| 250 | |
| 251 | @Misc{Menezes:2005:IPB, |
| 252 | author = "Alfred Menezes", |
| 253 | title = "An Introduction to Pairing-Based Cryptography", |
| 254 | url = |
| 255 | "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf", |
| 256 | note = "Notes from lectures given in Santander, Spain", |
| 257 | year = 2005 |
| 258 | } |
| 259 | |
| 260 | @InProceedings{Rogaway:2001:OCB, |
| 261 | author = "Phillip Rogaway and Mihir Bellare and John Black and Ted |
| 262 | Krovetz", |
| 263 | title = "{OCB}: a block-cipher mode of operation for efficient |
| 264 | authenticated encryption", |
| 265 | booktitle = "{ACM} Conference on Computer and Communications Security", |
| 266 | pages = "196-205", |
| 267 | year = 2001, |
| 268 | url = "http://www.cs.ucdavis.edu/~rogaway/ocb/" |
| 269 | } |
| 270 | |
| 271 | @InProceedings{Rogaway:2002:AEA, |
| 272 | author = "Phillip Rogaway", |
| 273 | title = "Authenticated-encryption with associated-data", |
| 274 | added-by = "msteiner", |
| 275 | url = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html", |
| 276 | pages = "98--107", |
| 277 | added-at = "Sun Nov 16 12:50:24 2003", |
| 278 | abstract = "When a message is transformed into a ciphertext in a way |
| 279 | designed to protect both its privacy and authenticity, |
| 280 | there may be additional information, such as a packet |
| 281 | header, that travels alongside the ciphertext (at least |
| 282 | conceptually) and must get authenticated with it. We |
| 283 | formalize and investigate this authenticated-encryption |
| 284 | with associated-data (AEAD) problem. Though the problem has |
| 285 | long been addressed in cryptographic practice, it was never |
| 286 | provided a definition or even a name. We do this, and go on |
| 287 | to look at efficient solutions for AEAD, both in general |
| 288 | and for the authenticated-encryption scheme OCB. For the |
| 289 | general setting we study two simple ways to turn an |
| 290 | authenticated-encryption scheme that does not support |
| 291 | associated-data into one that does: nonce stealing and |
| 292 | ciphertext translation. For the case of OCB we construct an |
| 293 | AEAD-scheme by combining OCB and the pseudorandom function |
| 294 | PMAC, using the same key for both algorithms. We prove |
| 295 | that, despite ``interaction'' between the two schemes when |
| 296 | using a common key, the combination is sound. We also |
| 297 | consider achieving AEAD by the generic composition of a |
| 298 | nonce-based, privacy-only encryption scheme and a |
| 299 | pseudorandom function.", |
| 300 | booktitle = "Proceedings of the 9th {ACM} Conference on Computer and |
| 301 | Communications Security", |
| 302 | year = 2002, |
| 303 | editor = "Ravi Sandhu", |
| 304 | month = nov, |
| 305 | publisher = "ACM Press", |
| 306 | address = "Washington, DC, USA" |
| 307 | } |
| 308 | |
| 309 | @Misc{SEC1, |
| 310 | author = "{Certicom Research}", |
| 311 | title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic |
| 312 | curve cryptography, Version 1.0", |
| 313 | year = 2000, |
| 314 | url = "http://www.secg.org/download/aid-385/sec1_final.pdf" |
| 315 | } |
| 316 | |
| 317 | @Unpublished{Shoup:2001:PIS, |
| 318 | author = "Victor Shoup", |
| 319 | title = "Proposal for an {ISO} Standard for Public Key Encryption |
| 320 | (Version 2.0)", |
| 321 | year = 2001, |
| 322 | note = "Unpublished manuscript", |
| 323 | url = "http://www.shoup.net/papers/" |
| 324 | } |
| 325 | |
| 326 | @TechReport{Silverman:2000:CBA, |
| 327 | author = "Robert Silverman", |
| 328 | title = "A Cost-Based Security Analysis of Symmetric and Asymmetric |
| 329 | Key Lengths", |
| 330 | institution = "RSA Laboratories", |
| 331 | number = 13, |
| 332 | month = "April", |
| 333 | year = 2000, |
| 334 | url = "http://www.rsa.com/rsalabs/node.asp?id=2088" |
| 335 | } |
| 336 | |
| 337 | @InProceedings{Wagner:2000:PSU, |
| 338 | author = "David Wagner and Ian Goldberg", |
| 339 | title = "Proofs of Security for the {Unix} Password Hashing |
| 340 | Algorithm", |
| 341 | crossref = "Okamoto:2000:ACA", |
| 342 | pages = "560--572", |
| 343 | url = "http://www.cs.berkeley.edu/~daw/papers/" |
| 344 | } |
| 345 | |
| 346 | @Book{Washington:2003:EC, |
| 347 | author = "Lawrence C. Washington", |
| 348 | title = "Elliptic Curves: Number Theory and Cryptography", |
| 349 | isbn = "1-584-88365-0", |
| 350 | publisher = "CRC Press", |
| 351 | year = 2003, |
| 352 | pages = 428 |
| 353 | } |
| 354 | |
| 355 | @TechReport {Wooding:2000:Storin, |
| 356 | author = "Mark Wooding", |
| 357 | title = "{Storin}: A block cipher for digitial signal processors", |
| 358 | institution = "Straylight/Edgeware", |
| 359 | year = 2000, |
| 360 | url = "http://www.excessus.demon.co.uk/crypto/storin.ps.gz", |
| 361 | abstract = "We present Storin: a new 96-bit block cipher designed to |
| 362 | play to the strengths of current digital signal processors |
| 363 | (DSPs). In particular, DSPs tend to provide single-cycle |
| 364 | multiply-and-accumulate operations, making matrix |
| 365 | multiplications very cheap. Working in an environment |
| 366 | where multiplication is as fast as exclusive-or changes the |
| 367 | usual perceptions about which operations provide good |
| 368 | cryptographic strength cheaply. The scarcity of available |
| 369 | memory, for code and for tables, and a penalty for |
| 370 | nonsequential access to data also make traditional block |
| 371 | ciphers based around substitution tables unsuitable." |
| 372 | } |
| 373 | |
| 374 | @Misc{Wooding:2000:Storin-diff, |
| 375 | author = "Mark Wooding", |
| 376 | title = "Re: Yet another block cipher: {Storin}", |
| 377 | howpublished = "Usenet article in \texttt{sci.crypt}", |
| 378 | year = 2000, |
| 379 | note = "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}" |
| 380 | } |
| 381 | |
| 382 | @Misc{Wooding:2003:NPO, |
| 383 | author = "Mark Wooding", |
| 384 | title = "New proofs for old modes", |
| 385 | howpublished = "Unpublished work in progress", |
| 386 | year = 2003 |
| 387 | } |
| 388 | |
| 389 | @Misc{Ylonen:2001:STL, |
| 390 | author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and |
| 391 | S. Lehtinen", |
| 392 | title = "{SSH} Transport Layer Protocol", |
| 393 | month = jan, |
| 394 | year = 2001, |
| 395 | howpublished = "Internet Draft", |
| 396 | url = |
| 397 | "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt" |
| 398 | } |
| 399 | |
| 400 | %%%-------------------------------------------------------------------------- |
| 401 | \f |
| 402 | %%% Local variables: |
| 403 | %%% mode: bibtex |
| 404 | %%% bibtex-maintain-sorted-entries: t |
| 405 | %%% End: |