3 %%%--------------------------------------------------------------------------
8 \ifx\url\undefined\let\url\texttt\fi
9 \ifx\msgid\undefined\let\msgid\texttt\fi
10 \let\mdwxxthebibliography\thebibliography
11 \def\thebibliography
{\mdwxxbibhook\mdwxxthebibliography
}
13 \def\biburl#
1{\let\biburlsep\empty\biburlxi#
1;;\done
}
14 \def\biburlxi#
1;{\def\temp
{#
1}\ifx\temp\empty\expandafter\biburlxiii\else
15 \biburlxii#
1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi
}
16 \def\biburlxii#
1,{\def\temp
{#
1}\ifx\temp\empty\expandafter\biburlxiii\else
17 \biburlsep\mdwxxurl
{#
1}\def\biburlsep
{, }\let\biburlxafter\biburlxii
18 \expandafter\biburlxmunch\fi
}
19 \def\biburlxiii#
1\done
{}
20 \def\biburlxmunch
{\futurelet\next\biburlxmunchi
}
21 \def\biburlxmunchi
{\expandafter\ifx\space\next\expandafter\biburlxmunchii
22 \else\expandafter\biburlxafter\fi
}
23 \expandafter\def\expandafter\biburlxmunchii\space
{\biburlxmunch
}
24 \def\mdwxxbibhook
{\let\mdwxxurl\url\let\url\biburl
}
28 %%%--------------------------------------------------------------------------
29 %%% The main bibliography.
31 @InProceedings
{Abdalla
:2001:DHIES
,
32 author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway"
,
33 title = "
{DHIES
}: An Encryption Scheme Based on the
34 {Diffie
--Hellman
} Problem"
,
35 crossref
= "Naccache
:2001:TCC"
,
37 url
= "http
://www
-cse.ucsd.edu
/users
/mihir
/papers
/dhies.html"
40 @InProceedings
{Bellare
:1993:ROP
,
41 author = "Mihir Bellare and Phillip Rogaway"
,
42 title = "Random oracles are practical"
,
43 booktitle = "Proceedings of the First Annual Conference on Computer and
44 Communications Security"
,
45 organization = "
{ACM
}"
,
47 url
= "http
://www
-cse.ucsd.edu
/users
/mihir
/papers
/ro.html"
50 @InProceedings
{Bellare
:2004:EAX
,
51 title = "The
{EAX
} Mode of Operation"
,
52 author = "Mihir Bellare and Phillip Rogaway and David Wagner"
,
53 bibdate
= "
2004-07-29"
,
55 http
://dblp.uni
-trier.de
/db
/conf
/fse
/fse2004.html#BellareRW04"
,
57 booktitle = "Fast Software Encryption
, 11th International Workshop
,
58 {FSE
} 2004, Delhi
, India
, February
5-7, 2004, Revised
60 publisher = "Springer"
,
63 editor = "Bimal K. Roy and Willi Meier"
,
64 isbn
= "
3-540-22171-9"
,
66 series = "Lecture Notes in Computer Science"
,
67 url
= "http
://www.cs.berkeley.edu
/~daw
/papers
/eax
-fse04.ps"
70 @InProceedings
{Bellare
:2006:STE
,
71 title = "The Security of Triple Encryption and a Framework for
72 Code
-Based Game
-Playing Proofs"
,
73 author = "Mihir Bellare and Phillip Rogaway"
,
74 bibdate
= "
2006-07-05"
,
76 http
://dblp.uni
-trier.de
/db
/conf
/eurocrypt
/eurocrypt2006.html#BellareR06"
,
77 booktitle = "Advances in Cryptology
- {EUROCRYPT
} 2006, 25th Annual
78 International Conference on the Theory and Applications of
79 Cryptographic Techniques
, St. Petersburg
, Russia
, May
28 -
80 June
1, 2006, Proceedings"
,
81 publisher = "Springer"
,
84 editor = "Serge Vaudenay"
,
85 isbn
= "
3-540-34546-9"
,
87 series = "Lecture Notes in Computer Science"
,
88 note = "Proceedings version of \cite
{cryptoeprint
:2004:331}"
91 @InProceedings
{Brassard
:1989:SZK
,
92 author = "Gilles Brassard and Claude Crepeau"
,
93 title = "Sorting out Zero
-Knowledge"
,
94 booktitle = "Theory and Application of Cryptographic Techniques"
,
97 url
= "http
://citeseer.nj.nec.com
/brassard90sorting.html"
100 @TechReport
{Canetti
:2001:UCS
,
101 author = "Ran Canetti"
,
102 title = "Universally Composable Security
: {A
} New Paradigm for
103 Cryptographic Protocols"
,
105 url
= "http
://eprint.iacr.org
/2000/067"
,
108 abstract = "We propose a new paradigm for defining security of
109 cryptographic protocols
, called
{\sf universally composable
110 security.
} The salient property of universally composable
111 definitions of security is that they guarantee security
112 even when a secure protocol is composed with an arbitrary
113 set of protocols
, or more generally when the protocol is
114 used as a component of an arbitrary system. This is an
115 essential property for maintaining security of
116 cryptographic protocols in complex and unpredictable
117 environments such as the Internet. In particular
,
118 universally composable definitions guarantee security even
119 when an unbounded
number of protocol instances are executed
120 concurrently in an adversarially controlled manner
, they
121 guarantee non
-malleability with respect to arbitrary
122 protocols
, and more. We show how to formulate universally
123 composable definitions of security for practically any
124 cryptographic task. Furthermore
, we demonstrate that
125 practically any such definition can be realized using known
126 general techniques
, as long as only a minority of the
127 participants are corrupted. We then proceed to formulate
128 universally composable definitions of a wide array of
129 cryptographic tasks
, including authenticated and secure
130 communication
, key-exchange
, public
-key encryption
,
131 signature
, commitment
, oblivious transfer
, zero
-knowledge
,
132 and more. We also make initial steps towards studying the
133 realizability of the proposed definitions in other natural
135 keywords = "foundations
/ cryptographic protocols
, security analysis of
136 protocols
, concurrent composition"
,
138 annote = "Revised version of \cite
{Canetti
:2000:SCM
}."
,
140 institution = "Cryptology
{ePrint
} Archive"
,
141 added
-at
= "Wed Oct
17 16:02:37 2001"
,
142 note = "Extended Abstract appeared in proceedings of the
42nd
143 Symposium on Foundations of Computer Science
(FOCS
), 2001"
146 @Proceedings
{DBLP
:conf
/fse
/2001,
147 editor = "Mitsuru Matsui"
,
148 title = "Fast Software Encryption
, 8th International Workshop
, FSE
149 2001 Yokohama
, Japan
, April
2-4, 2001, Revised Papers"
,
151 publisher = "Springer"
,
152 series = "Lecture Notes in Computer Science"
,
155 isbn
= "
3-540-43869-6"
,
156 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
159 @PhdThesis
{Daemen
:1995:CHF
,
160 author = "Joan Daemen"
,
161 title = "Cipher and hash function design strategies based on linear
162 and differential cryptanalysis"
,
164 school = "K. U. Leuven"
167 @Misc
{Ellis
:1997:SNS
,
168 author = "James Ellis"
,
169 title = "The Story of Non
-Secret Encryption"
,
170 howpublished = "CESG internal document"
,
173 note = "Released internally in
1987."
,
174 url
= "http
://www.jya.com
/ellisdoc.htm"
177 @Misc
{Fisher
:2000:Storin
-collide
,
178 author = "Matthew Fisher"
,
179 title = "Re
: Yet another block cipher
: {Storin
}"
,
180 howpublished = "Usenet article in
{\texttt
{sci.crypt
}}"
,
182 note = "Message
-id
{\msgid
{<8gjctn\$
9ct\$
1@nnrp1.deja.com
>}}"
185 @TechReport
{Frier
:1996:SSL
,
186 author = "A. Frier and P. Karlton and P. Kocher"
,
187 title = "The
{SSL
3.0} Protocol"
,
188 institution = "Netscape Communications Corp."
,
191 url
= "http
://home.netscape.com
/eng
/ssl3
/ssl
-toc.html"
194 @Misc
{Goldwasser
:1999:LNC
,
195 author = "David A. McGrew and John Viega"
,
196 title = "Lecture Notes on Cryptography"
,
197 howpublished = "Summer Course ``Cryptography and Computer Security'' at
200 url
= "http
://citeseer.nj.nec.com
/goldwasser96lecture.html"
203 @Manual
{IEEE
:2000:1363,
205 title = "IEEE
1363-2000: Standard Specifications for Public Key
208 isbn
= "
0-7381-1956-3"
,
209 abstract = "This standard specifies common public
-key cryptographic
210 techniques
, including mathematical primitives for secret
211 value
(key) derivation
, public
-key encryption
, and digital
212 signatures
, and cryptographic schemes based on those
213 primitives. It also specifies related cryptographic
214 parameters
, public keys and private keys. The purpose of
215 this standard is to provide a reference for specifications
216 of a variety of techniques from which applications may
218 organization = "Microprocessor Standards Committee of the IEEE Computer
222 @Manual
{IEEE
:2004:1363a
,
223 title = "
{IEEE
} 1363a
-2004: Standard Specifications for Public Key
224 Cryptography
-- Amendment
1: Additional Techniques"
,
226 organization = "Microprocessor Standards Committee of the IEEE Computer
229 note = "Amendment to \cite
{IEEE
:2000:1363}."
,
230 isbn
= "
0-7381-4003-1"
,
231 abstract = "Amendment to IEEE Std
1363-2000. This standard specifies
232 additional public
-key cryptographic techniques beyond those
233 in IEEE Std
1363-2000. It is intended to be merged with
234 IEEE Std
1363-2000 during future revisions."
237 @PhdThesis
{IWJ
:1997:WGT
,
238 author = "Ian Jackson"
,
239 title = "Who goes there? Location confidentiality through
242 school = "Cambridge University Computer Laboratory"
,
244 url
= "http
://www.chiark.greenend.org.uk
/~ijackson
/thesis
/"
247 @Misc
{Kohno
:2003:CWC
,
248 author = "Tadayoshi Kohno and John Viega and Doug Whiting"
,
249 title = "The CWC Authenticated Encryption
(Associated Data
) Mode"
,
250 howpublished = "Cryptology ePrint Archive
, Report
2003/106"
,
252 url
= "http
://eprint.iacr.org
/2003/106"
255 @InProceedings
{McGrew
:2004:SPG
,
256 title = "The Security and Performance of the Galois
/Counter Mode
257 ({GCM
}) of Operation"
,
258 author = "David A. McGrew and John Viega"
,
259 bibdate
= "
2004-12-13"
,
261 http
://dblp.uni
-trier.de
/db
/conf
/indocrypt
/indocrypt2004.html#McGrewV04"
,
262 booktitle = "INDOCRYPT"
,
263 booktitle = "Progress in Cryptology
- {INDOCRYPT
} 2004, 5th
264 International Conference on Cryptology in India
, Chennai
,
265 India
, December
20-22, 2004, Proceedings"
,
266 publisher = "Springer"
,
269 editor = "Anne Canteaut and Kapalee Viswanathan"
,
270 isbn
= "
3-540-24130-2"
,
272 series = "Lecture Notes in Computer Science"
,
273 url
= "http
://eprint.iacr.org
/2004/193"
276 @Misc
{Menezes
:2005:IPB
,
277 author = "Alfred Menezes"
,
278 title = "An Introduction to Pairing
-Based Cryptography"
,
280 "http
://www.cacr.math.uwaterloo.ca
/~ajmeneze
/publications
/pairings.pdf"
,
281 note = "Notes from lectures given in Santander
, Spain"
,
285 @InProceedings
{Rogaway
:2001:OCB
,
286 author = "Phillip Rogaway and Mihir Bellare and John Black and Ted
288 title = "
{OCB
}: a block
-cipher mode of operation for efficient
289 authenticated encryption"
,
290 booktitle = "
{ACM
} Conference on Computer and Communications Security"
,
293 url
= "http
://www.cs.ucdavis.edu
/~rogaway
/ocb
/"
296 @InProceedings
{Rogaway
:2002:AEA
,
297 author = "Phillip Rogaway"
,
298 title = "Authenticated
-encryption with associated
-data"
,
299 added
-by
= "msteiner"
,
300 url
= "http
://www.cs.ucdavis.edu
/~rogaway
/papers
/ad.html"
,
302 added
-at
= "Sun Nov
16 12:50:24 2003"
,
303 abstract = "When a message is transformed into a ciphertext in a way
304 designed to protect both its privacy and authenticity
,
305 there may be additional information
, such as a packet
306 header
, that travels alongside the ciphertext
(at least
307 conceptually
) and must get authenticated with it. We
308 formalize and investigate this authenticated
-encryption
309 with associated
-data
(AEAD
) problem. Though the problem has
310 long been addressed in cryptographic practice
, it was never
311 provided a definition or even a name. We do this
, and go on
312 to look at efficient solutions for AEAD
, both in general
313 and for the authenticated
-encryption scheme OCB. For the
314 general setting we study two simple ways to turn an
315 authenticated
-encryption scheme that does not support
316 associated
-data into one that does
: nonce stealing and
317 ciphertext translation. For the case of OCB we construct an
318 AEAD
-scheme by combining OCB and the pseudorandom function
319 PMAC
, using the same
key for both algorithms. We prove
320 that
, despite ``interaction'' between the two schemes when
321 using a common
key, the combination is sound. We also
322 consider achieving AEAD by the generic composition of a
323 nonce
-based
, privacy
-only encryption scheme and a
324 pseudorandom function."
,
325 booktitle = "Proceedings of the
9th
{ACM
} Conference on Computer and
326 Communications Security"
,
328 editor = "Ravi Sandhu"
,
330 publisher = "ACM Press"
,
331 address = "Washington
, DC
, USA"
335 author = "
{Certicom Research
}"
,
336 title = "Standards for Efficient Cryptography
, {SEC
} 1: {E
}lliptic
337 curve cryptography
, Version
1.0"
,
339 url
= "http
://www.secg.org
/download
/aid
-385/sec1_final.pdf"
344 title = "Recommentation for Block Cipher Modes of Operation
: The
345 {CMAC
} Mode for Authentication"
,
346 volume = "SP~
800-38\
,B"
,
347 organization = pub
-NIST
,
348 address = pub
-NIST
:adr
,
351 series = "Special Publications"
,
352 url
= "http
://csrc.nist.gov
/publications
/nistpubs
/800-38B
/SP_800
-38B.pdf"
355 @Manual
{SP
:2008:TDEA
,
357 title = "Recommendation for the
{Triple Data Encryption Algorithm
}
358 ({TDEA
}) Block Cipher"
,
359 volume = "SP~
800-67"
,
360 organization = pub
-NIST
,
361 address = pub
-NIST
:adr
,
366 series = "Special Publications"
,
367 url
= "http
://csrc.nist.gov
/publications
/nistpubs
/800-67/SP800
-67.pdf"
,
368 acknowledgement
=ack
-nhfb
371 @Unpublished
{Shoup
:2001:PIS
,
372 author = "Victor Shoup"
,
373 title = "Proposal for an
{ISO
} Standard for Public Key Encryption
376 note = "Unpublished manuscript"
,
377 url
= "http
://www.shoup.net
/papers
/"
380 @TechReport
{Silverman
:2000:CBA
,
381 author = "Robert Silverman"
,
382 title = "A Cost
-Based Security Analysis of Symmetric and Asymmetric
384 institution = "RSA Laboratories"
,
388 url
= "http
://www.rsa.com
/rsalabs
/node.asp?id
=2088"
391 @InProceedings
{Wagner
:2000:PSU
,
392 author = "David Wagner and Ian Goldberg"
,
393 title = "Proofs of Security for the
{Unix
} Password Hashing
395 crossref
= "Okamoto
:2000:ACA"
,
397 url
= "http
://www.cs.berkeley.edu
/~daw
/papers
/"
400 @Book
{Washington
:2003:EC
,
401 author = "Lawrence C. Washington"
,
402 title = "Elliptic Curves
: Number Theory and Cryptography"
,
403 isbn
= "
1-584-88365-0"
,
404 publisher = "CRC Press"
,
409 @TechReport
{Wooding
:2000:Storin
,
410 author = "Mark Wooding"
,
411 title = "
{Storin
}: A block cipher for digitial signal processors"
,
412 institution = "Straylight
/Edgeware"
,
414 url
= "http
://www.excessus.demon.co.uk
/crypto
/storin.ps.gz"
,
415 abstract = "We present Storin
: a new
96-bit block cipher designed to
416 play to the strengths of current digital signal processors
417 (DSPs
). In particular
, DSPs tend to provide single
-cycle
418 multiply
-and
-accumulate operations
, making matrix
419 multiplications very cheap. Working in an environment
420 where multiplication is as fast as exclusive
-or changes the
421 usual perceptions about which operations provide good
422 cryptographic strength cheaply. The scarcity of available
423 memory
, for code and for tables
, and a penalty for
424 nonsequential access to data also make traditional block
425 ciphers based around substitution tables unsuitable."
428 @Misc
{Wooding
:2000:Storin
-diff
,
429 author = "Mark Wooding"
,
430 title = "Re
: Yet another block cipher
: {Storin
}"
,
431 howpublished = "Usenet article in \texttt
{sci.crypt
}"
,
433 note = "Message
-id
{\msgid
{<slrn8iqhaq
.872.mdw@mull.ncipher.com
>}}"
436 @Misc
{Wooding
:2003:NPO
,
437 author = "Mark Wooding"
,
438 title = "New proofs for old modes"
,
439 howpublished = "Unpublished work in progress"
,
443 @Misc
{Ylonen
:2001:STL
,
444 author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and
446 title = "
{SSH
} Transport Layer Protocol"
,
449 howpublished = "Internet Draft"
,
451 "http
://www.ietf.org
/internet
-drafts
/draft
-ietf
-secsh
-transport
-09.txt"
454 %%%--------------------------------------------------------------------------
458 %%% bibtex-maintain-sorted-entries: t