+@String{j-J-CRYPTOLOGY = "Journal of Cryptology: the journal of the International Association for Cryptologic Research"}
+
+%%%--------------------------------------------------------------------------
+%%% The main bibliography.
+
+@InProceedings{abdalla-2001:dhies,
+ author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway",
+ title = "{DHIES}: An Encryption Scheme Based on the
+ {Diffie--Hellman} Problem",
+ year = 2001,
+ crossref = "Naccache:2001:TCC",
+ url = "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html"
+}
+
+@InProceedings{alexander-goldberg-2007:improved-user-authn-otr,
+ author = "Chris Alexander and Ian Goldberg",
+ title = "Improved user authentication in off-the-record messaging",
+ booktitle = "WPES",
+ year = 2007,
+ pages = "41--47",
+ ee = "http://doi.acm.org/10.1145/1314333.1314340",
+ url = "http://www.cypherpunks.ca/~iang/pubs/impauth.pdf",
+ crossref = "DBLP:conf/wpes/2007",
+ bibsource = "DBLP, http://dblp.uni-trier.de"
+}
+
+@InProceedings{bellare-1994:security-cbc,
+ author = "Mihir Bellare and Joe Kilian and Phillip Rogaway",
+ title = "The Security of Cipher Block Chaining",
+ booktitle = "{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}",
+ year = 1994,
+ editor = "Yvo G. Desmedt",
+ volume = 839,
+ series = "Lecture Notes in Computer Science",
+ pages = "341--358",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ doi = "????",
+ isbn = "3-540-58333-5 (Berlin), 0-387-58333-5 (New York)",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url =
+ "http://link.springer-ny.com/link/service/series/0558/bibs/0839/08390341.htm"
+}
+
+@InProceedings{bellare-1995:xor-macs,
+ author = "Mihir Bellare and Roch Gu{\'e}rin and Phillip Rogaway",
+ title = "{XOR MACs}: New methods for message authentication using
+ finite pseudorandom functions",
+ booktitle = "{Advances in cryptology, {CRYPTO '95}: 15th Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 27--31, 1995: proceedings}",
+ year = 1995,
+ editor = "Don Coppersmith",
+ volume = 963,
+ series = "Lecture Notes in Computer Science",
+ pages = "15--35",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ note = "Sponsored by the International Association for Cryptologic
+ Research (IACR), in cooperation with the IEEE Computer
+ Society Technical Committee on Security and Privacy.",
+ doi = "????",
+ isbn = "3-540-60221-6 (Berlin)",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url =
+ "http://link.springer-ny.com/link/service/series/0558/tocs/t0963.htm"
+}
+
+@InProceedings{bellare-1996:hmac,
+ author = "Mihir Bellare and Ran Canetti and Hugo Krawczyk",
+ title = "Keying Hash Functions for Message Authentication",
+ booktitle = "{Advances in cryptology, {CRYPTO '96}: 16th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 18--22, 1996: proceedings}",
+ year = 1996,
+ editor = "Neal Koblitz",
+ volume = 1109,
+ series = "Lecture Notes in Computer Science",
+ pages = "1--15",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ note = "Sponsored by the International Association for Cryptologic
+ Research (IACR), in cooperation with the IEEE Computer
+ Society Technical Committee on Security and Privacy and
+ the Computer Science Department of the University of
+ California at Santa Barbara (UCSB).",
+ annote = "``Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the IEEE
+ Computer Society Technical Committee on Security and
+ Privacy and the Computer Science Department of the
+ University of California at Santa Barbara (UCSB)''",
+ doi = "????",
+ isbn = "3-540-61512-1",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://www.research.ibm.com/security/"
+}
+
+@InProceedings{bellare-1997:concrete-symmetric,
+ author = "M. Bellare and A. Desai and E. Jokipii and P. Rogaway",
+ title = "A concrete security treatment of symmetric encryption",
+ booktitle = "38th Annual Symposium on Foundations of Computer Science:
+ October 20--22, 1997, Miami Beach, Florida",
+ year = 1997,
+ editor = "{IEEE}",
+ pages = "394--403",
+ address = "1109 Spring Street, Suite 300, Silver Spring, MD 20910,
+ USA",
+ publisher = "IEEE Computer Society Press",
+ note = "IEEE catalog number 97CB36150. IEEE Computer Society Press
+ order number PR08197.",
+ key = "IEEE-FOCS'97",
+ isbn = "0-8186-8197-7 (paperback), 0-8186-8198-5 (casebound),
+ 0-8186-8199-3 (microfiche)",
+ issn = "0272-5428"
+}
+
+@InProceedings{bellare-1998:modular-key-exchange,
+ author = "Mihir Bellare and Ran Canetti and Hugo Krawczyk",
+ title = "A modular approach to the design and analysis of
+ authentication and key exchange protocols (extended
+ abstract)",
+ booktitle = "Proceedings of the thirtieth annual {ACM} Symposium on
+ Theory of Computing: Dallas, Texas, May 23--26, 1998",
+ year = 1998,
+ editor = "{ACM}",
+ pages = "419--428",
+ address = "New York, NY, USA",
+ publisher = "ACM Press",
+ note = "ACM order number 508980.",
+ isbn = "0-89791-962-9",
+ url =
+ "http://www.acm.org/pubs/citations/proceedings/stoc/276698/p419-bellare/"
+}
+
+@Article{bellare-1998:pub-enc-notions,
+ author = "Mihir Bellare and Anand Desai and David Pointcheval and
+ Phillip Rogaway",
+ title = "Relations Among Notions of Security for Public-Key
+ Encryption Schemes",
+ journal = "Lecture Notes in Computer Science",
+ year = 1998,
+ volume = 1462,
+ pages = "26--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url =
+ "http://link.springer-ny.com/link/service/series/0558/bibs/1462/14620026.htm"
+}
+
+@Article{bellare-1999:practice-oriented-provable-security,
+ author = "M. Bellare",
+ title = "Practice-Oriented Provable Security",
+ journal = "Lecture Notes in Computer Science",
+ year = 1999,
+ volume = 1561,
+ pages = "1--15",
+ issn = "0302-9743 (print), 1611-3349 (electronic)"
+}
+
+@InProceedings{bellare-2004:eax,
+ author = "Mihir Bellare and Phillip Rogaway and David Wagner",
+ title = "The {EAX} Mode of Operation",
+ year = 2004,
+ editor = "Bimal K. Roy and Willi Meier",
+ volume = 3017,
+ series = "Lecture Notes in Computer Science",
+ pages = "389--407",
+ publisher = "Springer",
+ bibdate = "2004-07-29",
+ bibsource = "DBLP,
+ http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04",
+ booktitle = "Fast Software Encryption, 11th International Workshop,
+ {FSE} 2004, Delhi, India, February 5-7, 2004, Revised
+ Papers",
+ isbn = "3-540-22171-9",
+ url = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps"
+}
+
+@InCollection{bellare-namprempre-2000:authn-enc-notions,
+ author = "Mihir Bellare and Chanathip Namprempre",
+ title = "Authenticated Encryption: Relations among Notions and
+ Analysis of the Generic Composition Paradigm",
+ booktitle = "Advances in cryptology---ASIACRYPT 2000 (Kyoto)",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ year = 2000,
+ volume = 1976,
+ series = "Lecture Notes in Comput. Sci.",
+ pages = "531--545",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ url =
+ "http://link.springer-ny.com/link/service/series/0558/bibs/1976/19760531.htm"
+}
+
+@InProceedings{bellare-rogaway-1993:random-oracles,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "Random oracles are practical",
+ booktitle = "Proceedings of the First Annual Conference on Computer and
+ Communications Security",
+ year = 1993,
+ pages = "62--73",
+ organization = "{ACM}",
+ url = "http://www-cse.ucsd.edu/users/mihir/papers/ro.html"
+}
+
+@InProceedings{bellare-rogaway-1994:entity-authn-key-distrib,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "Entity Authentication and Key Distribution",
+ booktitle = "{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}",
+ year = 1994,
+ editor = "Yvo G. Desmedt",
+ volume = 839,
+ series = "Lecture Notes in Computer Science",
+ pages = "232--249",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ doi = "????",
+ isbn = "3-540-58333-5 (Berlin), 0-387-58333-5 (New York)",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://link.springer-ny.com/link/service/series/0558/bibs/0773/07730232.htm"
+}
+
+@InProceedings{bellare-rogaway-1995:oaep,
+ author = "M. Bellare and P. Rogaway",
+ title = "Optimal asymmetric encryption: How to Encrypt with {RSA}",
+ booktitle = "Advances in cryptology --- {EUROCRYPT} '94: Workshop on
+ the Theory and Application of Cryptographic Techniques,
+ Perugia, Italy, May 9--12, 1994: proceedings",
+ year = 1995,
+ editor = "Alfredo {De Santis}",
+ volume = 950,
+ series = "Lecture Notes in Computer Science",
+ pages = "92--111",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ isbn = "3-540-60176-7",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url =
+ "http://link.springer-ny.com/link/service/series/0558/bibs/0950/09500092.htm"
+}
+
+@InProceedings{bellare-rogaway-1995:session-key-distrib,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "Provably secure session key distribution: the three party
+ case",
+ booktitle = "Proceedings of the twenty-seventh annual {ACM} Symposium
+ on Theory of Computing: Las Vegas, Nevada, May 29--June 1,
+ 1995",
+ year = 1995,
+ editor = "{ACM}",
+ pages = "57--66",
+ address = "New York, NY, USA",
+ publisher = "ACM Press",
+ note = "ACM order no. 508950.",
+ isbn = "0-89791-718-9",
+ url = "http://www.acm.org/pubs/citations/proceedings/stoc/225058/p57-bellare/"
+}
+
+@Article{bellare-rogaway-1996:exact-security-sigs,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "The exact security of digital signatures --- how to sign
+ with {RSA} and {Rabin}",
+ journal = "Lecture Notes in Computer Science",
+ year = 1996,
+ volume = 1070,
+ pages = "399--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://link.springer-ny.com/link/service/series/0558/bibs/1070/10700399.htm"
+}
+
+@Misc{bellare-rogaway-2004:triple-enc-eprint,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "Code-Based Game-Playing Proofs and the Security of Triple
+ Encryption",
+ howpublished = "Cryptology ePrint Archive, Report 2004/331",
+ year = 2004,
+ url = "http://eprint.iacr.org/2004/331"
+}
+
+@InProceedings{bellare-rogaway-2006:triple-enc,
+ author = "Mihir Bellare and Phillip Rogaway",
+ title = "The Security of Triple Encryption and a Framework for
+ Code-Based Game-Playing Proofs",
+ booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual
+ International Conference on the Theory and Applications of
+ Cryptographic Techniques, St. Petersburg, Russia, May 28 -
+ June 1, 2006, Proceedings",
+ year = 2006,
+ editor = "Serge Vaudenay",
+ volume = 4004,
+ series = "Lecture Notes in Computer Science",
+ pages = "409--426",
+ publisher = "Springer",
+ note = "Proceedings version of
+ \cite{bellare-rogaway-2004:triple-enc-eprint}",
+ bibdate = "2006-07-05",
+ bibsource = "DBLP, http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06",
+ isbn = "3-540-34546-9"
+}
+
+@InProceedings{bernstein-2005:poly1305,
+ author = "Daniel J. Bernstein",
+ title = "The Poly1305-AES Message-Authentication Code",
+ booktitle = "Fast Software Encryption: 12th International Workshop,
+ {FSE} 2005, Paris, France, February 21-23, 2005, Revised
+ Selected Papers",
+ year = 2005,
+ pages = "32--49",
+ crossref = "DBLP:conf/fse/2005",
+ url = "https://doi.org/10.1007/11502760_3",
+ doi = "10.1007/11502760_3",
+ timestamp = "Tue, 30 May 2017 16:36:53 +0200",
+ biburl = "http://dblp.uni-trier.de/rec/bib/conf/fse/Bernstein05",
+ bibsource = "dblp computer science bibliography, http://dblp.org"
+}
+
+@Misc{bernstein-2005:salsa20,
+ author = "Daniel J. Bernstein",
+ title = "{Salsa20} Specification",
+ howpublished = "Submission to the ECRYPT Stream Cipher project (eSTREAM)",
+ month = apr,
+ year = 2005,
+ url = "https://cr.yp.to/snuffle/spec.pdf"
+}
+
+@InProceedings{bernstein-2006:curve25519,
+ author = "Daniel J. Bernstein",
+ title = "Curve25519: New Diffie-Hellman Speed Records",
+ booktitle = "Public Key Cryptography - {PKC} 2006, 9th International
+ Conference on Theory and Practice of Public-Key
+ Cryptography, New York, NY, USA, April 24-26, 2006,
+ Proceedings",
+ year = 2006,
+ pages = "207--228",
+ crossref = "DBLP:conf/pkc/2006",
+ url = "https://cr.yp.to/papers.html#curve25519",
+ doi = "10.1007/11745853_14",
+ timestamp = "Tue, 30 May 2017 16:36:52 +0200",
+ biburl = "http://dblp.uni-trier.de/rec/bib/conf/pkc/Bernstein06",
+ bibsource = "dblp computer science bibliography, http://dblp.org"
+}
+
+@Article{blake-wilson-1997:key-agreement,
+ author = "S. Blake-Wilson and D. Johnson and A. Menezes",
+ title = "Key Agreement Protocols and Their Security Analysis",
+ journal = "Lecture Notes in Computer Science",
+ year = 1997,
+ volume = 1355,
+ pages = "30--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)"
+}
+
+@Article{blake-wilson-menezes-1998:asymm-key-transport,
+ author = "S. Blake-Wilson and A. Menezes",
+ title = "Entity Authentication and Authenticated Key Transport
+ Protocols Employing Asymmetric Techniques",
+ journal = "Lecture Notes in Computer Science",
+ year = 1998,
+ volume = 1361,
+ pages = "137--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)"
+}
+
+@Article{boneh-1998:ddh,
+ author = "D. Boneh",
+ title = "The Decision {Diffie--Hellman} Problem",
+ journal = "Lecture Notes in Computer Science",
+ year = 1998,
+ volume = 1423,
+ pages = "48--63",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://theory.stanford.edu/~dabo/papers/DDH.ps.gz"
+}
+
+@Article{boneh-franklin-2003:ibe-weil-pairing,
+ author = "Dan Boneh and Matthew Franklin",
+ title = "Identity-Based Encryption from the {Weil} Pairing",
+ journal = "SIAM Journal on Computing",
+ year = 2003,
+ volume = 32,
+ number = 3,
+ pages = "586--615",
+ month = jun,
+ doi = "https://doi.org/10.1137/S0097539701398521",
+ issn = "0097-5397 (print), 1095-7111 (electronic)",
+ url = "http://epubs.siam.org/sam-bin/dbq/article/39852"
+}
+
+@InProceedings{borisov-2004:off-the-record,
+ author = "Nikita Borisov and Ian Goldberg and Eric A. Brewer",
+ title = "Off-the-record communication, or, why not to use PGP",
+ booktitle = "WPES",
+ year = 2004,
+ pages = "77--84",
+ ee = "http://doi.acm.org/10.1145/1029179.1029200",
+ url = "http://www.cypherpunks.ca/otr/otr-wpes.pdf",
+ crossref = "DBLP:conf/wpes/2004",
+ bibsource = "DBLP, http://dblp.uni-trier.de"
+}
+
+@InProceedings{brassard-crepeau-1989:sorting-zero-knowledge,
+ author = "Gilles Brassard and Claude Crepeau",
+ title = "Sorting out Zero-Knowledge",
+ booktitle = "Theory and Application of Cryptographic Techniques",
+ year = 1989,
+ pages = "181--191",
+ url = "http://citeseer.nj.nec.com/brassard90sorting.html"
+}
+
+@TechReport{burrows-1989:logic-authn,
+ author = "Michael Burrows and Martin Abadi and Roger Needham",
+ title = "A Logic of Authentication",
+ institution = "Digital Equipment Corporation, Systems Research Centre",
+ year = 1989,
+ number = 39,
+ month = feb,
+ pages = 48,
+ abstract = "Questions of belief are essential in analyzing protocols
+ for authentication in distributed computing systems. In
+ this paper we motivate, set out, and exemplify a logic
+ specifically designed for this analysis; we show how
+ various protocols differ subtly with respect to the
+ required initial assumptions of the participants and their
+ final beliefs. Our formalism has enabled us to isolate and
+ express these differences with a precision that was not
+ previously possible. It has drawn attention to features of
+ protocols of which we and their authors were previously
+ unaware, and allowed us to suggest improvements to the
+ protocols. The reasoning about some protocols has been
+ mechanically verified. This paper starts with an informal
+ account of the problem, goes on to explain the formalism
+ to be used, and gives examples of its application to
+ protocols from the literature, both with conventional
+ shared-key cryptography and with public-key
+ cryptography. Some of the examples are chosen because of
+ their practical importance, while others serve to
+ illustrate subtle points of the logic and to explain how
+ we use it. We discuss extensions of the logic motivated by
+ actual practice -- for example, in order to account for
+ the use of hash functions in signatures. The final
+ sections contain a formal semantics of the logic and some
+ conclusions."
+}
+
+@Article{canetti-2000:security-and-composition,
+ author = "Ran Canetti",
+ title = "Security and Composition of Multiparty Cryptographic
+ Protocols",
+ journal = j-J-CRYPTOLOGY,
+ year = 2000,
+ volume = 13,
+ number = 1,
+ pages = "143--202",
+ coden = "JOCREQ",
+ issn = "0933-2790 (print), 1432-1378 (electronic)",
+ issn-l = "0933-2790",
+ bibdate = "Mon Oct 9 17:48:14 MDT 2000",
+ bibsource = "http://link.springer.de/link/service/journals/00145/tocs/t0013001.html;
+ http://www.math.utah.edu/pub/tex/bib/jcryptology.bib",
+ url = "http://link.springer.de/link/service/journals/00145/bibs/0013001/00130143.html",
+ acknowledgement= ack-nhfb,
+ journal-url = "http://link.springer.com/journal/145"
+}
+
+@InProceedings{canetti-2001:uc-security,
+ author = "R. Canetti",
+ title = "{Universally Composable} security: a new paradigm for
+ cryptographic protocols",
+ booktitle = "{42nd IEEE Symposium on Foundations of Computer Science:
+ proceedings: October 14--17, 2001, Las Vegas, Nevada,
+ USA}",
+ year = 2001,
+ editor = "{IEEE}",
+ pages = "136--145",
+ address = "1109 Spring Street, Suite 300, Silver Spring, MD 20910,
+ USA",
+ publisher = "IEEE Computer Society Press",
+ isbn = "0-7695-1390-5, 0-7695-1391-3 (case), 0-7695-1392-1
+ (microfiche)",
+ issn = "0272-5428"
+}
+
+@TechReport{canetti-2001:uc-security-eprint,
+ author = "Ran Canetti",
+ title = "{Universally Composable} Security: a New Paradigm for
+ Cryptographic Protocols",
+ institution = "Cryptology {ePrint} Archive",
+ year = 2001,
+ type = "Report",
+ number = "2000/067",
+ month = oct,
+ note = "Extended Abstract appeared in proceedings of the 42nd
+ Symposium on Foundations of Computer Science (FOCS), 2001",
+ annote = "Revised version of
+ \cite{canetti-2000:security-and-composition}.",
+ added-by = "sti",
+ url = "http://eprint.iacr.org/2000/067",
+ abstract = "We propose a new paradigm for defining security of
+ cryptographic protocols, called {\sf universally
+ composable security.} The salient property of universally
+ composable definitions of security is that they guarantee
+ security even when a secure protocol is composed with an
+ arbitrary set of protocols, or more generally when the
+ protocol is used as a component of an arbitrary
+ system. This is an essential property for maintaining
+ security of cryptographic protocols in complex and
+ unpredictable environments such as the Internet. In
+ particular, universally composable definitions guarantee
+ security even when an unbounded number of protocol
+ instances are executed concurrently in an adversarially
+ controlled manner, they guarantee non-malleability with
+ respect to arbitrary protocols, and more. We show how to
+ formulate universally composable definitions of security
+ for practically any cryptographic task. Furthermore, we
+ demonstrate that practically any such definition can be
+ realized using known general techniques, as long as only a
+ minority of the participants are corrupted. We then
+ proceed to formulate universally composable definitions of
+ a wide array of cryptographic tasks, including
+ authenticated and secure communication, key-exchange,
+ public-key encryption, signature, commitment, oblivious
+ transfer, zero-knowledge, and more. We also make initial
+ steps towards studying the realizability of the proposed
+ definitions in other natural settings.",
+ keywords = "foundations / cryptographic protocols, security analysis
+ of protocols, concurrent composition",
+ added-at = "Wed Oct 17 16:02:37 2001"
+}
+
+@Article{canetti-2004:rand-oracle-revisit,
+ author = "Ran Canetti and Oded Goldreich and Shai Halevi",
+ title = "The random oracle methodology, revisited",
+ journal = "Journal of the ACM",
+ year = 2004,
+ volume = 51,
+ number = 4,
+ pages = "557--594",
+ month = jul,
+ issn = "0004-5411 (print), 1557-735X (electronic)"
+}
+
+@Article{canetti-krawczyk-2001:secure-channels,
+ author = "Ran Canetti and Hugo Krawczyk",
+ title = "Analysis of Key-Exchange Protocols and Their Use for
+ Building Secure Channels",
+ journal = "Lecture Notes in Computer Science",
+ year = 2001,
+ volume = 2045,
+ pages = "453--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://link.springer-ny.com/link/service/series/0558/bibs/2045/20450453.htm"
+}
+
+@Misc{canetti-krawczyk-2001:secure-channels-eprint,
+ author = "Ran Canetti and Hugo Krawczyk",
+ title = "Analysis of Key-Exchange Protocols and Their Use for
+ Building Secure Channels",
+ howpublished = "Cryptology ePrint Archive, Report 2001/040",
+ year = 2001,
+ url = "http://eprint.iacr.org/2001/040"
+}
+
+@Article{canetti-krawczyk-2002:uc-key-exchange,
+ author = "Ran Canetti and Hugo Krawczyk",
+ title = "Universally Composable Notions of Key Exchange and Secure
+ Channels",
+ journal = "Lecture Notes in Computer Science",
+ year = 2002,
+ volume = 2332,
+ pages = "337--??",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url = "http://link.springer-ny.com/link/service/series/0558/bibs/2332/23320337.htm"
+}
+
+@Misc{certicom-2000:sec1,
+ author = "{Certicom Research}",
+ title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic
+ curve cryptography, Version 1.0",
+ year = 2000,
+ url = "http://www.secg.org/download/aid-385/sec1_final.pdf"
+}
+
+@PhdThesis{daemen-1995:cipher-hash-design,
+ author = "Joan Daemen",
+ title = "Cipher and hash function design strategies based on linear
+ and differential cryptanalysis",
+ school = "K. U. Leuven",
+ year = 1995
+}
+
+@Manual{dworkin-2010:cbc-ciphertext-stealing,
+ title = "Recommendation for Block Cipher Modes of Operation: Three
+ Variants of Ciphertext Stealing for CBC Mode",
+ author = "Morris Dworkin",
+ organization = pub-NIST,
+ address = pub-NIST:adr,
+ month = oct,
+ year = 2010,
+ note = "Addendum to NIST Special Publication 800-38A",
+ pages = "iv + 7",
+ url = "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf"
+}
+
+@InProceedings{elgamal-1985:dlog-enc-sign,
+ author = "Taher ElGamal",
+ title = "A Public Key Cryptosystem and a Signature Scheme Based on
+ Discrete Logarithms",
+ booktitle = "{Advances in Cryptology: Proceedings of CRYPTO 84}",
+ year = 1985,
+ editor = "George Robert Blakley and David Chaum",
+ volume = 196,
+ series = "Lecture Notes in Computer Science",
+ pages = "10--18",
+ address = "Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/ etc.",
+ publisher = "Spring{\-}er-Ver{\-}lag",
+ note = "CRYPTO 84: a Workshop on the Theory and Application of
+ Cryptographic Techniques, held at the University of
+ California, Santa Barbara, August 19--22, 1984, sponsored
+ by the International Association for Cryptologic
+ Research.",
+ doi = "https://doi.org/10.1007/3-540-39568-7",
+ isbn = "0-387-15658-5; 3-540-39568-7",
+ issn = "0302-9743 (print), 1611-3349 (electronic)",
+ url =
+ "http://www.springerlink.com/openurl.asp?genre=article&issn=????&volume=0&issue=0&spage=10"
+}
+
+@Misc{ellis-1997:non-secret-enc,
+ author = "James Ellis",
+ title = "The Story of Non-Secret Encryption",
+ howpublished = "CESG internal document",
+ month = dec,
+ year = 1997,
+ note = "Released internally in 1987.",
+ url = "http://www.jya.com/ellisdoc.htm"
+}
+
+@Misc{ferguson-2005:gcm-authn-weakness,
+ author = "Niels Ferguson",
+ title = "Authentication Weaknesses in {GCM}",
+ month = "May",
+ year = 2005,
+ note = "Public comment to NIST",
+ url = "http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf"
+}
+
+@Misc{fisher-2000:storin-usenet,
+ author = "Matthew Fisher",
+ title = "Re: Yet another block cipher: {Storin}",