- year = 1997,
- school = "Cambridge University Computer Laboratory",
- pages = "vi + 97",
- url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/"
-}
-
-@inproceedings{Rogaway:2002:AEAD,
- author = "Phillip Rogaway",
- title = "Authenticated-Encryption with Associated Data",
- year = 2002,
- booktitle = "{ACM} Conference on Computer and Communications Security",
- url = "http://www.cs.ucdavis.edu/~rogaway/"
-}
-
-@inproceedings{Rogaway:2001:OCB,
- author = "Phillip Rogaway and Mihir Bellare and John Black
- and Ted Krovetz",
- title = "{OCB}: a block-cipher mode of operation for efficient
- authenticated encryption",
- booktitle = "{ACM} Conference on Computer and Communications Security",
- pages = "196-205",
- year = "2001",
- url = "http://www.cs.ucdavis.edu/~rogaway/ocb/"
-}
-
-@misc{Kohno:2003:CWC,
- author = {Tadayoshi Kohno and John Viega and Doug Whiting},
- title = {The CWC Authenticated Encryption (Associated Data) Mode},
- howpublished = {Cryptology ePrint Archive, Report 2003/106},
- year = {2003},
- url = "http://eprint.iacr.org/",
-}
-
-@inproceedings{Lim:1997:KRA,
- author = "Chae Hoon Lim and Pil Joong Lee",
- title = "A Key Recovery Attack On Discrete Log-based Schemes Using a
- Prime Order Subgroup",
- booktitle = "{CRYPTO}",
- pages = "249-263",
- year = 1997,
- url = "http://citeseer.nj.nec.com/article/lim97key.html"
-}
-
-@Periodical{FIPS81,
- author = "{United States. National Bureau of Standards}",
- title = "{FIPS} Pub 81: {DES} Modes of Operation",
- publisher = pub-NBS,
- address = pub-NBS:adr,
- day = "2",
- month = dec,
- year = "1981",
- CODEN = "FIPPAT",
- series = "FIPS Pub; 81",
- acknowledgement = ack-nhfb,
- keywords = "Computer networks --- Security measures --- Standards;
- Computers --- Access control --- Standards; Electronic
- data processing departments --- Security measures;
- Standards",
-}
-
-@misc{Canetti:2001:AKE,
- author = "Ran Canetti and Hugo Krawczyk",
- title = "Analysis of Key-Exchange Protocols and Their Use for Building
- Secure Channels",
- month = may,
- year = 2001,
- url = "http://eprint.iacr.org/2001/040.ps.gz",
- note = "An extended abstract appears in the proceedings of Eurocrypt 2001."
-}
-
-@misc{Krawczyk:2001:OEA,
- author = "Hugo Krawczyk",
- title = "The order of encryption and authentication for protecting
- communications (Or: how secure is {SSL}?)",
- month = jun,
- year = 2001,
- url = "http://eprint.iacr.org/2001/045.ps.gz",
- note = "An abridged version appears in the proceedings of {CRYPTO} 2001."
-}
-
-@techreport{Frier:1996:SSL,
- author = "A. Frier and P. Karlton and P. Kocher",
- title = "The {SSL 3.0} Protocol",
- institution = "Netscape Communications Corp.",
- month = nov,
- year = "1996",
- url = "http://home.netscape.com/eng/ssl3/ssl-toc.html"
-}
-
-@misc{RFC2246,
- author = "T. Dierks and C. Allen",
- title = "{RFC 2264}: The {TLS} Protocol -- Version 1",
- year = 1999,
- howpublished = "Internet Request for Comments",
- url = "ftp://ftp.internic.net/rfc/rfc2246.txt"
-}
-
-@misc{Ylonen:2001:STL,
- author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and
+ year = 1997,
+ school = "Cambridge University Computer Laboratory",
+ pages = "vi + 97",
+ url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/"
+}
+
+@Misc{Kohno:2003:CWC,
+ author = "Tadayoshi Kohno and John Viega and Doug Whiting",
+ title = "The CWC Authenticated Encryption (Associated Data) Mode",
+ howpublished = "Cryptology ePrint Archive, Report 2003/106",
+ year = 2003,
+ url = "http://eprint.iacr.org/2003/106"
+}
+
+@InProceedings{Maurer:2009:UZK,
+ author = "Ueli M. Maurer",
+ title = "Unifying Zero-Knowledge Proofs of Knowledge",
+ booktitle = "AFRICACRYPT",
+ year = 2009,
+ pages = "272-286",
+ ee = "http://dx.doi.org/10.1007/978-3-642-02384-2_17",
+ crossref = "DBLP:conf/africacrypt/2009",
+ bibsource = "DBLP, http://dblp.uni-trier.de"
+}
+
+@InProceedings{McGrew:2004:SPG,
+ author = "David A. McGrew and John Viega",
+ title = "The Security and Performance of the Galois/Counter Mode
+ ({GCM}) of Operation",
+ bibdate = "2004-12-13",
+ bibsource = "DBLP,
+ http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04",
+ booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th
+ International Conference on Cryptology in India, Chennai,
+ India, December 20-22, 2004, Proceedings",
+ publisher = "Springer",
+ year = 2004,
+ volume = 3348,
+ editor = "Anne Canteaut and Kapalee Viswanathan",
+ isbn = "3-540-24130-2",
+ pages = "343--355",
+ series = "Lecture Notes in Computer Science",
+ url = "http://eprint.iacr.org/2004/193"
+}
+
+@Misc{Menezes:2005:IPB,
+ author = "Alfred Menezes",
+ title = "An Introduction to Pairing-Based Cryptography",
+ url =
+ "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf",
+ note = "Notes from lectures given in Santander, Spain",
+ year = 2005
+}
+
+@InProceedings{Rogaway:2001:OCB,
+ author = "Phillip Rogaway and Mihir Bellare and John Black and Ted
+ Krovetz",
+ title = "{OCB}: a block-cipher mode of operation for efficient
+ authenticated encryption",
+ booktitle = "{ACM} Conference on Computer and Communications Security",
+ pages = "196--205",
+ year = 2001,
+ url = "http://www.cs.ucdavis.edu/~rogaway/ocb/"
+}
+
+@InProceedings{Rogaway:2002:AEA,
+ author = "Phillip Rogaway",
+ title = "Authenticated-encryption with associated-data",
+ added-by = "msteiner",
+ url = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html",
+ pages = "98--107",
+ added-at = "Sun Nov 16 12:50:24 2003",
+ abstract = "When a message is transformed into a ciphertext in a way
+ designed to protect both its privacy and authenticity,
+ there may be additional information, such as a packet
+ header, that travels alongside the ciphertext (at least
+ conceptually) and must get authenticated with it. We
+ formalize and investigate this authenticated-encryption
+ with associated-data (AEAD) problem. Though the problem has
+ long been addressed in cryptographic practice, it was never
+ provided a definition or even a name. We do this, and go on
+ to look at efficient solutions for AEAD, both in general
+ and for the authenticated-encryption scheme OCB. For the
+ general setting we study two simple ways to turn an
+ authenticated-encryption scheme that does not support
+ associated-data into one that does: nonce stealing and
+ ciphertext translation. For the case of OCB we construct an
+ AEAD-scheme by combining OCB and the pseudorandom function
+ PMAC, using the same key for both algorithms. We prove
+ that, despite ``interaction'' between the two schemes when
+ using a common key, the combination is sound. We also
+ consider achieving AEAD by the generic composition of a
+ nonce-based, privacy-only encryption scheme and a
+ pseudorandom function.",
+ booktitle = "Proceedings of the 9th {ACM} Conference on Computer and
+ Communications Security",
+ year = 2002,
+ editor = "Ravi Sandhu",
+ month = nov,
+ publisher = "ACM Press",
+ address = "Washington, DC, USA"
+}
+
+@Misc{SEC1,
+ author = "{Certicom Research}",
+ title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic
+ curve cryptography, Version 1.0",
+ year = 2000,
+ url = "http://www.secg.org/download/aid-385/sec1_final.pdf"
+}
+
+@Manual{SP:2005:BCM,
+ author = "{NIST}",
+ title = "Recommentation for Block Cipher Modes of Operation: The
+ {CMAC} Mode for Authentication",
+ volume = "SP~800-38\,B",
+ organization = pub-NIST,
+ address = pub-NIST:adr,
+ month = may,
+ year = 2005,
+ series = "Special Publications",
+ url = "http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf"
+}
+
+@Manual{SP:2008:TDEA,
+ author = "{NIST}",
+ title = "Recommendation for the {Triple Data Encryption Algorithm}
+ ({TDEA}) Block Cipher",
+ volume = "SP~800-67",
+ organization = pub-NIST,
+ address = pub-NIST:adr,
+ pages = "x + 30",
+ day = 19,
+ month = may,
+ year = 2008,
+ series = "Special Publications",
+ url = "http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf",
+ acknowledgement =ack-nhfb
+}
+
+@Unpublished{Shoup:2001:PIS,
+ author = "Victor Shoup",
+ title = "Proposal for an {ISO} Standard for Public Key Encryption
+ (Version 2.0)",
+ year = 2001,
+ note = "Unpublished manuscript",
+ url = "http://www.shoup.net/papers/"
+}
+
+@TechReport{Silverman:2000:CBA,
+ author = "Robert Silverman",
+ title = "A Cost-Based Security Analysis of Symmetric and Asymmetric
+ Key Lengths",
+ institution = "RSA Laboratories",
+ number = 13,
+ month = "April",
+ year = 2000,
+ url = "http://www.rsa.com/rsalabs/node.asp?id=2088"
+}
+
+@Misc{Unicode:5.0,
+ author = "Unicode Consortium",
+ title = "The {Unicode} {Standard} 5.0",
+ year = 2007,
+ url = "http://www.unicode.org/versions/Unicode5.0.0/"
+}
+
+@InProceedings{Wagner:2000:PSU,
+ author = "David Wagner and Ian Goldberg",
+ title = "Proofs of Security for the {Unix} Password Hashing
+ Algorithm",
+ crossref = "Okamoto:2000:ACA",
+ pages = "560--572",
+ url = "http://www.cs.berkeley.edu/~daw/papers/"
+}
+
+@Book{Washington:2003:EC,
+ author = "Lawrence C. Washington",
+ title = "Elliptic Curves: Number Theory and Cryptography",
+ isbn = "1-584-88365-0",
+ publisher = "CRC Press",
+ year = 2003,
+ pages = 428
+}
+
+@TechReport {Wooding:2000:Storin,
+ author = "Mark Wooding",
+ title = "{Storin}: A block cipher for digitial signal processors",
+ institution = "Straylight/Edgeware",
+ year = 2000,
+ url = "http://www.excessus.demon.co.uk/crypto/storin.ps.gz",
+ abstract = "We present Storin: a new 96-bit block cipher designed to
+ play to the strengths of current digital signal processors
+ (DSPs). In particular, DSPs tend to provide single-cycle
+ multiply-and-accumulate operations, making matrix
+ multiplications very cheap. Working in an environment
+ where multiplication is as fast as exclusive-or changes the
+ usual perceptions about which operations provide good
+ cryptographic strength cheaply. The scarcity of available
+ memory, for code and for tables, and a penalty for
+ nonsequential access to data also make traditional block
+ ciphers based around substitution tables unsuitable."
+}
+
+@Misc{Wooding:2000:Storin-diff,
+ author = "Mark Wooding",
+ title = "Re: Yet another block cipher: {Storin}",
+ howpublished = "Usenet article in \texttt{sci.crypt}",
+ year = 2000,
+ note = "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}"
+}
+
+@Misc{Wooding:2001:TrIPE,
+ author = "Mark Wooding",
+ year = "2001--2010",
+ url = "http://git.distorted.org.uk/~mdw/tripe/",
+ title = "Trivial IP Encryption (TrIPE): A simple {VPN}"
+}
+
+@Misc{Wooding:2003:NPO,
+ author = "Mark Wooding",
+ title = "New proofs for old modes",
+ howpublished = "Unpublished work in progress",
+ year = 2003
+}
+
+@Misc{Ylonen:2001:STL,
+ author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and