3 %%%--------------------------------------------------------------------------
8 \ifx\url\undefined\let\url\texttt\fi
9 \ifx\msgid\undefined\let\msgid\texttt\fi
10 \let\mdwxxthebibliography\thebibliography
11 \def\thebibliography
{\mdwxxbibhook\mdwxxthebibliography
}
13 \def\biburl#
1{\let\biburlsep\empty\biburlxi#
1;;\done
}
14 \def\biburlxi#
1;{\def\temp
{#
1}\ifx\temp\empty\expandafter\biburlxiii\else
15 \biburlxii#
1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi
}
16 \def\biburlxii#
1,{\def\temp
{#
1}\ifx\temp\empty\expandafter\biburlxiii\else
17 \biburlsep\mdwxxurl
{#
1}\def\biburlsep
{, }\let\biburlxafter\biburlxii
18 \expandafter\biburlxmunch\fi
}
19 \def\biburlxiii#
1\done
{}
20 \def\biburlxmunch
{\futurelet\next\biburlxmunchi
}
21 \def\biburlxmunchi
{\expandafter\ifx\space\next\expandafter\biburlxmunchii
22 \else\expandafter\biburlxafter\fi
}
23 \expandafter\def\expandafter\biburlxmunchii\space
{\biburlxmunch
}
24 \def\mdwxxbibhook
{\let\mdwxxurl\url\let\url\biburl
}
28 %%%--------------------------------------------------------------------------
29 %%% The main bibliography.
31 @InProceedings
{Abdalla
:2001:DHIES
,
32 author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway"
,
33 title = "
{DHIES
}: An Encryption Scheme Based on the
34 {Diffie
--Hellman
} Problem"
,
35 crossref
= "Naccache
:2001:TCC"
,
37 url
= "http
://www
-cse.ucsd.edu
/users
/mihir
/papers
/dhies.html"
40 @InProceedings
{Alexander
:2007:IUA
,
41 author = "Chris Alexander and Ian Goldberg"
,
42 title = "Improved user authentication in off
-the
-record messaging"
,
46 ee
= "http
://doi.acm.org
/10.1145/1314333.1314340"
,
47 url
= "http
://www.cypherpunks.ca
/~iang
/pubs
/impauth.pdf"
,
48 crossref
= "DBLP
:conf
/wpes
/2007"
,
49 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
52 @InProceedings
{Bellare
:1993:ROP
,
53 author = "Mihir Bellare and Phillip Rogaway"
,
54 title = "Random oracles are practical"
,
55 booktitle = "Proceedings of the First Annual Conference on Computer and
56 Communications Security"
,
57 organization = "
{ACM
}"
,
59 url
= "http
://www
-cse.ucsd.edu
/users
/mihir
/papers
/ro.html"
62 @InProceedings
{Bellare
:2004:EAX
,
63 title = "The
{EAX
} Mode of Operation"
,
64 author = "Mihir Bellare and Phillip Rogaway and David Wagner"
,
65 bibdate
= "
2004-07-29"
,
67 http
://dblp.uni
-trier.de
/db
/conf
/fse
/fse2004.html#BellareRW04"
,
69 booktitle = "Fast Software Encryption
, 11th International Workshop
,
70 {FSE
} 2004, Delhi
, India
, February
5-7, 2004, Revised
72 publisher = "Springer"
,
75 editor = "Bimal K. Roy and Willi Meier"
,
76 isbn
= "
3-540-22171-9"
,
78 series = "Lecture Notes in Computer Science"
,
79 url
= "http
://www.cs.berkeley.edu
/~daw
/papers
/eax
-fse04.ps"
82 @InProceedings
{Bellare
:2006:STE
,
83 title = "The Security of Triple Encryption and a Framework for
84 Code
-Based Game
-Playing Proofs"
,
85 author = "Mihir Bellare and Phillip Rogaway"
,
86 bibdate
= "
2006-07-05"
,
88 http
://dblp.uni
-trier.de
/db
/conf
/eurocrypt
/eurocrypt2006.html#BellareR06"
,
89 booktitle = "Advances in Cryptology
- {EUROCRYPT
} 2006, 25th Annual
90 International Conference on the Theory and Applications of
91 Cryptographic Techniques
, St. Petersburg
, Russia
, May
28 -
92 June
1, 2006, Proceedings"
,
93 publisher = "Springer"
,
96 editor = "Serge Vaudenay"
,
97 isbn
= "
3-540-34546-9"
,
99 series = "Lecture Notes in Computer Science"
,
100 note = "Proceedings version of \cite
{cryptoeprint
:2004:331}"
103 @InProceedings
{Borisov
:2004:OTR
,
104 author = "Nikita Borisov and Ian Goldberg and Eric A. Brewer"
,
105 title = "Off
-the
-record communication
, or
, why not to use PGP"
,
109 ee
= "http
://doi.acm.org
/10.1145/1029179.1029200"
,
110 url
= "http
://www.cypherpunks.ca
/otr
/otr
-wpes.pdf"
,
111 crossref
= "DBLP
:conf
/wpes
/2004"
,
112 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
115 @InProceedings
{Brassard
:1989:SZK
,
116 author = "Gilles Brassard and Claude Crepeau"
,
117 title = "Sorting out Zero
-Knowledge"
,
118 booktitle = "Theory and Application of Cryptographic Techniques"
,
121 url
= "http
://citeseer.nj.nec.com
/brassard90sorting.html"
124 @TechReport
{Canetti
:2001:UCS
,
125 author = "Ran Canetti"
,
126 title = "Universally Composable Security
: {A
} New Paradigm for
127 Cryptographic Protocols"
,
129 url
= "http
://eprint.iacr.org
/2000/067"
,
132 abstract = "We propose a new paradigm for defining security of
133 cryptographic protocols
, called
{\sf universally composable
134 security.
} The salient property of universally composable
135 definitions of security is that they guarantee security
136 even when a secure protocol is composed with an arbitrary
137 set of protocols
, or more generally when the protocol is
138 used as a component of an arbitrary system. This is an
139 essential property for maintaining security of
140 cryptographic protocols in complex and unpredictable
141 environments such as the Internet. In particular
,
142 universally composable definitions guarantee security even
143 when an unbounded
number of protocol instances are executed
144 concurrently in an adversarially controlled manner
, they
145 guarantee non
-malleability with respect to arbitrary
146 protocols
, and more. We show how to formulate universally
147 composable definitions of security for practically any
148 cryptographic task. Furthermore
, we demonstrate that
149 practically any such definition can be realized using known
150 general techniques
, as long as only a minority of the
151 participants are corrupted. We then proceed to formulate
152 universally composable definitions of a wide array of
153 cryptographic tasks
, including authenticated and secure
154 communication
, key-exchange
, public
-key encryption
,
155 signature
, commitment
, oblivious transfer
, zero
-knowledge
,
156 and more. We also make initial steps towards studying the
157 realizability of the proposed definitions in other natural
159 keywords = "foundations
/ cryptographic protocols
, security analysis of
160 protocols
, concurrent composition"
,
162 annote = "Revised version of \cite
{Canetti
:2000:SCM
}."
,
164 institution = "Cryptology
{ePrint
} Archive"
,
165 added
-at
= "Wed Oct
17 16:02:37 2001"
,
166 note = "Extended Abstract appeared in proceedings of the
42nd
167 Symposium on Foundations of Computer Science
(FOCS
), 2001"
170 @Proceedings
{DBLP
:conf
/fse
/2001,
171 editor = "Mitsuru Matsui"
,
172 title = "Fast Software Encryption
, 8th International Workshop
, FSE
173 2001 Yokohama
, Japan
, April
2-4, 2001, Revised Papers"
,
175 publisher = "Springer"
,
176 series = "Lecture Notes in Computer Science"
,
179 isbn
= "
3-540-43869-6"
,
180 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
183 @Proceedings
{DBLP
:conf
/wpes
/2004,
184 editor = "Vijay Atluri and Paul F. Syverson and Sabrina De Capitani
186 title = "Proceedings of the
2004 ACM Workshop on Privacy in the
187 Electronic Society
, WPES
2004, Washington
, DC
, USA
, October
192 isbn
= "
1-58113-968-3"
,
193 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
196 @Proceedings
{DBLP
:conf
/wpes
/2007,
197 editor = "Peng Ning and Ting Yu"
,
198 title = "Proceedings of the
2007 ACM Workshop on Privacy in the
199 Electronic Society
, WPES
2007, Alexandria
, VA
, USA
, October
204 isbn
= "
978-1-59593-883-1"
,
205 bibsource
= "DBLP
, http
://dblp.uni
-trier.de"
208 @PhdThesis
{Daemen
:1995:CHF
,
209 author = "Joan Daemen"
,
210 title = "Cipher and hash function design strategies based on linear
211 and differential cryptanalysis"
,
213 school = "K. U. Leuven"
216 @Misc
{Ferguson
:2005:AWG
,
217 author = "Niels Ferguson"
,
218 title = "Authentication Weaknesses in GCM"
,
221 url
= "http
://csrc.nist.gov
/groups
/ST
/toolkit
/BCM
/documents
/comments
/CWC
-GCM
/Ferguson2.pdf"
,
222 note = "Public comment to NIST"
225 @Misc
{Fisher
:2000:Storin
-collide
,
226 author = "Matthew Fisher"
,
227 title = "Re
: Yet another block cipher
: {Storin
}"
,
228 howpublished = "Usenet article in
{\texttt
{sci.crypt
}}"
,
230 note = "Message
-id
{\msgid
{<8gjctn\$
9ct\$
1@nnrp1.deja.com
>}}"
233 @TechReport
{Frier
:1996:SSL
,
234 author = "A. Frier and P. Karlton and P. Kocher"
,
235 title = "The
{SSL
3.0} Protocol"
,
236 institution = "Netscape Communications Corp."
,
239 url
= "http
://home.netscape.com
/eng
/ssl3
/ssl
-toc.html"
242 @Misc
{Goldwasser
:1999:LNC
,
243 author = "Shafi Goldwasser and Mihir Bellare"
,
244 title = "Lecture Notes on Cryptography"
,
245 howpublished = "Summer Course ``Cryptography and Computer Security'' at
248 url
= "http
://citeseer.nj.nec.com
/goldwasser96lecture.html"
251 @Manual
{IEEE
:2000:1363,
253 title = "IEEE
1363-2000: Standard Specifications for Public Key
256 isbn
= "
0-7381-1956-3"
,
257 abstract = "This standard specifies common public
-key cryptographic
258 techniques
, including mathematical primitives for secret
259 value
(key) derivation
, public
-key encryption
, and digital
260 signatures
, and cryptographic schemes based on those
261 primitives. It also specifies related cryptographic
262 parameters
, public keys and private keys. The purpose of
263 this standard is to provide a reference for specifications
264 of a variety of techniques from which applications may
266 organization = "Microprocessor Standards Committee of the IEEE Computer
270 @PhdThesis
{IWJ
:1997:WGT
,
271 author = "Ian Jackson"
,
272 title = "Who goes there? Location confidentiality through
275 school = "Cambridge University Computer Laboratory"
,
277 url
= "http
://www.chiark.greenend.org.uk
/~ijackson
/thesis
/"
280 @Misc
{Kohno
:2003:CWC
,
281 author = "Tadayoshi Kohno and John Viega and Doug Whiting"
,
282 title = "The CWC Authenticated Encryption
(Associated Data
) Mode"
,
283 howpublished = "Cryptology ePrint Archive
, Report
2003/106"
,
285 url
= "http
://eprint.iacr.org
/2003/106"
288 @InProceedings
{McGrew
:2004:SPG
,
289 title = "The Security and Performance of the Galois
/Counter Mode
290 ({GCM
}) of Operation"
,
291 author = "David A. McGrew and John Viega"
,
292 bibdate
= "
2004-12-13"
,
294 http
://dblp.uni
-trier.de
/db
/conf
/indocrypt
/indocrypt2004.html#McGrewV04"
,
295 booktitle = "INDOCRYPT"
,
296 booktitle = "Progress in Cryptology
- {INDOCRYPT
} 2004, 5th
297 International Conference on Cryptology in India
, Chennai
,
298 India
, December
20-22, 2004, Proceedings"
,
299 publisher = "Springer"
,
302 editor = "Anne Canteaut and Kapalee Viswanathan"
,
303 isbn
= "
3-540-24130-2"
,
305 series = "Lecture Notes in Computer Science"
,
306 url
= "http
://eprint.iacr.org
/2004/193"
309 @Misc
{Menezes
:2005:IPB
,
310 author = "Alfred Menezes"
,
311 title = "An Introduction to Pairing
-Based Cryptography"
,
313 "http
://www.cacr.math.uwaterloo.ca
/~ajmeneze
/publications
/pairings.pdf"
,
314 note = "Notes from lectures given in Santander
, Spain"
,
318 @InProceedings
{Rogaway
:2001:OCB
,
319 author = "Phillip Rogaway and Mihir Bellare and John Black and Ted
321 title = "
{OCB
}: a block
-cipher mode of operation for efficient
322 authenticated encryption"
,
323 booktitle = "
{ACM
} Conference on Computer and Communications Security"
,
326 url
= "http
://www.cs.ucdavis.edu
/~rogaway
/ocb
/"
329 @InProceedings
{Rogaway
:2002:AEA
,
330 author = "Phillip Rogaway"
,
331 title = "Authenticated
-encryption with associated
-data"
,
332 added
-by
= "msteiner"
,
333 url
= "http
://www.cs.ucdavis.edu
/~rogaway
/papers
/ad.html"
,
335 added
-at
= "Sun Nov
16 12:50:24 2003"
,
336 abstract = "When a message is transformed into a ciphertext in a way
337 designed to protect both its privacy and authenticity
,
338 there may be additional information
, such as a packet
339 header
, that travels alongside the ciphertext
(at least
340 conceptually
) and must get authenticated with it. We
341 formalize and investigate this authenticated
-encryption
342 with associated
-data
(AEAD
) problem. Though the problem has
343 long been addressed in cryptographic practice
, it was never
344 provided a definition or even a name. We do this
, and go on
345 to look at efficient solutions for AEAD
, both in general
346 and for the authenticated
-encryption scheme OCB. For the
347 general setting we study two simple ways to turn an
348 authenticated
-encryption scheme that does not support
349 associated
-data into one that does
: nonce stealing and
350 ciphertext translation. For the case of OCB we construct an
351 AEAD
-scheme by combining OCB and the pseudorandom function
352 PMAC
, using the same
key for both algorithms. We prove
353 that
, despite ``interaction'' between the two schemes when
354 using a common
key, the combination is sound. We also
355 consider achieving AEAD by the generic composition of a
356 nonce
-based
, privacy
-only encryption scheme and a
357 pseudorandom function."
,
358 booktitle = "Proceedings of the
9th
{ACM
} Conference on Computer and
359 Communications Security"
,
361 editor = "Ravi Sandhu"
,
363 publisher = "ACM Press"
,
364 address = "Washington
, DC
, USA"
368 author = "
{Certicom Research
}"
,
369 title = "Standards for Efficient Cryptography
, {SEC
} 1: {E
}lliptic
370 curve cryptography
, Version
1.0"
,
372 url
= "http
://www.secg.org
/download
/aid
-385/sec1_final.pdf"
375 @Unpublished
{Shoup
:2001:PIS
,
376 author = "Victor Shoup"
,
377 title = "Proposal for an
{ISO
} Standard for Public Key Encryption
380 note = "Unpublished manuscript"
,
381 url
= "http
://www.shoup.net
/papers
/"
384 @TechReport
{Silverman
:2000:CBA
,
385 author = "Robert Silverman"
,
386 title = "A Cost
-Based Security Analysis of Symmetric and Asymmetric
388 institution = "RSA Laboratories"
,
392 url
= "http
://www.rsa.com
/rsalabs
/node.asp?id
=2088"
395 @InProceedings
{Wagner
:2000:PSU
,
396 author = "David Wagner and Ian Goldberg"
,
397 title = "Proofs of Security for the
{Unix
} Password Hashing
399 crossref
= "Okamoto
:2000:ACA"
,
401 url
= "http
://www.cs.berkeley.edu
/~daw
/papers
/"
404 @Book
{Washington
:2003:EC
,
405 author = "Lawrence C. Washington"
,
406 title = "Elliptic Curves
: Number Theory and Cryptography"
,
407 isbn
= "
1-584-88365-0"
,
408 publisher = "CRC Press"
,
413 @TechReport
{Wooding
:2000:Storin
,
414 author = "Mark Wooding"
,
415 title = "
{Storin
}: A block cipher for digitial signal processors"
,
416 institution = "Straylight
/Edgeware"
,
418 url
= "http
://www.excessus.demon.co.uk
/crypto
/storin.ps.gz"
,
419 abstract = "We present Storin
: a new
96-bit block cipher designed to
420 play to the strengths of current digital signal processors
421 (DSPs
). In particular
, DSPs tend to provide single
-cycle
422 multiply
-and
-accumulate operations
, making matrix
423 multiplications very cheap. Working in an environment
424 where multiplication is as fast as exclusive
-or changes the
425 usual perceptions about which operations provide good
426 cryptographic strength cheaply. The scarcity of available
427 memory
, for code and for tables
, and a penalty for
428 nonsequential access to data also make traditional block
429 ciphers based around substitution tables unsuitable."
432 @Misc
{Wooding
:2000:Storin
-diff
,
433 author = "Mark Wooding"
,
434 title = "Re
: Yet another block cipher
: {Storin
}"
,
435 howpublished = "Usenet article in \texttt
{sci.crypt
}"
,
437 note = "Message
-id
{\msgid
{<slrn8iqhaq
.872.mdw@mull.ncipher.com
>}}"
440 @Misc
{Wooding
:2001:TrIPE
,
441 author = "Mark Wooding"
,
443 url
= "http
://git.distorted.org.uk
/~mdw
/tripe
/"
,
444 title = "Trivial IP Encryption
(TrIPE
): A simple
{VPN
}"
447 @Misc
{Wooding
:2003:NPO
,
448 author = "Mark Wooding"
,
449 title = "New proofs for old modes"
,
450 howpublished = "Unpublished work in progress"
,
454 @Misc
{Ylonen
:2001:STL
,
455 author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and
457 title = "
{SSH
} Transport Layer Protocol"
,
460 howpublished = "Internet Draft"
,
462 "http
://www.ietf.org
/internet
-drafts
/draft
-ietf
-secsh
-transport
-09.txt"
466 %%%--------------------------------------------------------------------------
470 %%% bibtex-maintain-sorted-entries: t