title = {The CWC Authenticated Encryption (Associated Data) Mode},
howpublished = {Cryptology ePrint Archive, Report 2003/106},
year = {2003},
- url = "http://eprint.iacr.org/",
+ url = "http://eprint.iacr.org/2003/106",
}
@inproceedings{Lim:1997:KRA,
Secure Channels",
month = may,
year = 2001,
- url = "http://eprint.iacr.org/2001/040.ps.gz",
+ url = "http://eprint.iacr.org/2001/040",
note = "An extended abstract appears in the proceedings of Eurocrypt 2001."
}
communications (Or: how secure is {SSL}?)",
month = jun,
year = 2001,
- url = "http://eprint.iacr.org/2001/045.ps.gz",
+ url = "http://eprint.iacr.org/2001/045",
note = "An abridged version appears in the proceedings of {CRYPTO} 2001."
}
url = "http://citeseer.nj.nec.com/goldwasser96lecture.html"
}
+
+@InProceedings{Rogaway:2002:AEA,
+ author = "Phillip Rogaway",
+ title = "Authenticated-encryption with associated-data",
+ added-by = "msteiner",
+ URL = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html",
+ pages = "98--107",
+ added-at = "Sun Nov 16 12:50:24 2003",
+ abstract = "When a message is transformed into a ciphertext in a
+ way designed to protect both its privacy and
+ authenticity, there may be additional information, such
+ as a packet header, that travels alongside the
+ ciphertext (at least conceptually) and must get
+ authenticated with it. We formalize and investigate
+ this authenticated-encryption with associated-data
+ (AEAD) problem. Though the problem has long been
+ addressed in cryptographic practice, it was never
+ provided a definition or even a name. We do this, and
+ go on to look at efficient solutions for AEAD, both in
+ general and for the authenticated-encryption scheme
+ OCB. For the general setting we study two simple ways
+ to turn an authenticated-encryption scheme that does
+ not support associated-data into one that does: nonce
+ stealing and ciphertext translation. For the case of
+ OCB we construct an AEAD-scheme by combining OCB and
+ the pseudorandom function PMAC, using the same key for
+ both algorithms. We prove that, despite
+ {"}interaction{"} between the two schemes when using a
+ common key, the combination is sound. We also consider
+ achieving AEAD by the generic composition of a
+ nonce-based, privacy-only encryption scheme and a
+ pseudorandom function.",
+ booktitle = "Proceedings of the 9th {ACM} Conference on Computer
+ and Communications Security",
+ year = "2002",
+ editor = "Ravi Sandhu",
+ month = nov,
+ publisher = "ACM Press",
+ address = "Washington, DC, USA",
+}
+
+@Article{Rogaway:2003:OCB,
+ author = "Phillip Rogaway and Mihir Bellare and John Black",
+ title = "{OCB}: a block-cipher mode of operation for efficient
+ authenticated encryptiona",
+ added-by = "msteiner",
+ URL = "http://www.cs.colorado.edu/~jrblack/papers/ocb.pdf",
+ journal = "ACM Transactions on Information and System Security",
+ volume = "6",
+ year = "2003",
+ pages = "365--403",
+ number = "3",
+ added-at = "Sun Sep 28 21:27:38 2003",
+}
+
+@InProceedings{McGrew:2004:SPG,
+ title = "The Security and Performance of the Galois/Counter
+ Mode ({GCM}) of Operation",
+ author = "David A. McGrew and John Viega",
+ bibdate = "2004-12-13",
+ bibsource = "DBLP,
+ http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04",
+ booktitle = "INDOCRYPT",
+ booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th
+ International Conference on Cryptology in India,
+ Chennai, India, December 20-22, 2004, Proceedings",
+ publisher = "Springer",
+ year = "2004",
+ volume = "3348",
+ editor = "Anne Canteaut and Kapalee Viswanathan",
+ ISBN = "3-540-24130-2",
+ pages = "343--355",
+ series = "Lecture Notes in Computer Science",
+ URL = "http://eprint.iacr.org/2004/193"
+}
+
@techreport{Abdalla:1999:DHAES,
author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway",
title = "{DHAES}: An Encryption Scheme Based on the {Diffie-Hellman} Problem",
url = "http://www.shoup.net/papers/"
}
+@inproceedings{Shoup:1997:LBD,
+ author = "Victor Shoup",
+ title = "Lower bounds for discrete logarithms and related problems",
+ year = 1997,
+ url = "http://www.shoup.net/papers/",
+ crossref = "Fumy:1997:ACE"
+}
+
+@InProceedings{Bellare:2004:EAX,
+ title = "The {EAX} Mode of Operation",
+ author = "Mihir Bellare and Phillip Rogaway and David Wagner",
+ bibdate = "2004-07-29",
+ bibsource = "DBLP,
+ http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04",
+ booktitle = "FSE",
+ booktitle = "Fast Software Encryption, 11th International Workshop,
+ {FSE} 2004, Delhi, India, February 5-7, 2004, Revised
+ Papers",
+ publisher = "Springer",
+ year = "2004",
+ volume = "3017",
+ editor = "Bimal K. Roy and Willi Meier",
+ ISBN = "3-540-22171-9",
+ pages = "389--407",
+ series = "Lecture Notes in Computer Science",
+ URL = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps"
+}
+
+@Misc{Shoup:1999:OFM,
+ title = "On Formal Models for Secure Key Exchange",
+ author = "Victor Shoup",
+ year = "1999",
+ month = apr # "~21",
+ abstract = "A new formal security model for session key exchange
+ protocols in the public key setting is proposed, and
+ several efficient protocols are analyzed in this model.
+ The relationship between this new model and previously
+ proposed models is explored, and several interesting,
+ subtle distinctions between static and adaptive
+ adversaries are explored. We also give a brief account
+ of anonymous users.",
+ citeseer-references = "oai:CiteSeerPSU:100248; oai:CiteSeerPSU:159141;
+ oai:CiteSeerPSU:587558; oai:CiteSeerPSU:70784;
+ oai:CiteSeerPSU:459391; oai:CiteSeerPSU:340126;
+ oai:CiteSeerPSU:343528; oai:CiteSeerPSU:451555;
+ oai:CiteSeerPSU:432396",
+ annote = "Victor Shoup (IBM Zurich Research Lab , Saumerstr; 4 ,
+ 8803 Ruschlikon , Switzerland);",
+ bibsource = "OAI-PMH server at cs1.ist.psu.edu",
+ oai = "oai:CiteSeerPSU:190779",
+ rights = "unrestricted",
+ URL = "http://www.shoup.net/papers/skey.ps.Z",
+}
+
+@misc{Koblitz:2006:ALP,
+ author = {Neal Koblitz and Alfred Menezes},
+ title = {Another Look at ``Provable Security''. {II}},
+ howpublished = {Cryptology ePrint Archive, Report 2006/229},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/229},
+}
+
+@Article{Blake-Wilson:1998:EAA,
+ author = "S. Blake-Wilson and A. Menezes",
+ title = "Entity Authentication and Authenticated Key Transport
+ Protocols Employing Asymmetric Techniques",
+ journal = "Lecture Notes in Computer Science",
+ volume = "1361",
+ pages = "137--??",
+ year = "1998",
+ CODEN = "LNCSD9",
+ ISSN = "0302-9743",
+ bibdate = "Tue Apr 28 08:51:33 MDT 1998",
+ acknowledgement = "Nelson H. F. Beebe, Center for Scientific
+ Computing, University of Utah, Department of
+ Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|,
+ \path|beebe@ieee.org| (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+ url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/transport.ps"
+}
+
+@Article{Blake-Wilson:1997:KAP,
+ author = "S. Blake-Wilson and D. Johnson and A. Menezes",
+ title = "Key Agreement Protocols and Their Security Analysis",
+ journal = "Lecture Notes in Computer Science",
+ volume = "1355",
+ pages = "30--??",
+ year = "1997",
+ CODEN = "LNCSD9",
+ ISSN = "0302-9743",
+ bibdate = "Tue Apr 28 08:51:33 MDT 1998",
+ acknowledgement = "Nelson H. F. Beebe, University of Utah, Department
+ of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|
+ (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+ url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/agreement.ps"
+}
+
+@InProceedings{Bellare:1998:MAD,
+ author = "Mihir Bellare and Ran Canetti and Hugo Krawczyk",
+ title = "A Modular Approach to the Design and Analysis of Key
+ Exchange Protocols",
+ pages = "419--428",
+ ISBN = "0-89791-962-9",
+ booktitle = "Proceedings of the 30th Annual {ACM} Symposium on
+ Theory of Computing ({STOC}-98)",
+ month = may # "~23--26",
+ publisher = "ACM Press",
+ address = "New York",
+ year = "1998",
+ url = "http://www.cs.ucsd.edu/~mihir/papers/key-distribution.html"
+}
+
+@TechReport{Canetti:2001:UCS,
+ author = "Ran Canetti",
+ title = "Universally Composable Security: {A} New Paradigm for
+ Cryptographic Protocols",
+ added-by = "sti",
+ URL = "http://eprint.iacr.org/2000/067",
+ number = "2000/067",
+ month = oct,
+ abstract = "We propose a new paradigm for defining security of
+ cryptographic protocols, called {\sf universally
+ composable security.} The salient property of
+ universally composable definitions of security is that
+ they guarantee security even when a secure protocol is
+ composed with an arbitrary set of protocols, or more
+ generally when the protocol is used as a component of
+ an arbitrary system. This is an essential property for
+ maintaining security of cryptographic protocols in
+ complex and unpredictable environments such as the
+ Internet. In particular, universally composable
+ definitions guarantee security even when an unbounded
+ number of protocol instances are executed concurrently
+ in an adversarially controlled manner, they guarantee
+ non-malleability with respect to arbitrary protocols,
+ and more. We show how to formulate universally
+ composable definitions of security for practically any
+ cryptographic task. Furthermore, we demonstrate that
+ practically any such definition can be realized using
+ known general techniques, as long as only a minority of
+ the participants are corrupted. We then proceed to
+ formulate universally composable definitions of a wide
+ array of cryptographic tasks, including authenticated
+ and secure communication, key-exchange, public-key
+ encryption, signature, commitment, oblivious transfer,
+ zero-knowledge, and more. We also make initial steps
+ towards studying the realizability of the proposed
+ definitions in other natural settings.",
+ keywords = "foundations / cryptographic protocols, security
+ analysis of protocols, concurrent composition",
+ type = "Report",
+ annote = "Revised version of \cite{Canett2000a}.",
+ year = "2001",
+ institution = "Cryptology {ePrint} Archive",
+ added-at = "Wed Oct 17 16:02:37 2001",
+ note = "Extended Abstract appeared in proceedings of the 42nd
+ Symposium on Foundations of Computer Science (FOCS),
+ 2001",
+}
+
+@Article{Canett2000a,
+ author = "Ran Canetti",
+ title = "Security and Composition of Multiparty Cryptographic
+ Protocols",
+ added-by = "sti",
+ URL = "http://link.springer-ny.com/link/service/journals/00145/papers/0013001/00130143.pdf",
+ journal = "Journal of Cryptology",
+ number = "1",
+ month = "Winter",
+ abstract = "We present general definitions of security for
+ multiparty cryptographic protocols, with focus on the
+ task of evaluating a probabilistic function of the
+ parties' inputs. We show that, with respect to these
+ definitions, security is preserved under a natural
+ composition operation. The definitions follow the
+ general paradigm of known definitions; yet some
+ substantial modifications and simplifications are
+ introduced. The composition operation is the natural
+ ``subroutine substitution'' operation, formalized by
+ Micali and Rogaway. We consider several standard
+ settings for multiparty protocols, including the cases
+ of eavesdropping, Byzantine, nonadaptive and adaptive
+ adversaries, as well as the information-theoretic and
+ the computational models. In particular, in the
+ computational model we provide the first definition of
+ security of protocols that is shown to be preserved
+ under composition.",
+ volume = "13",
+ annote = "Discusses general formalization of Secure Multiparty
+ Computation in synchronous model with passive vs active
+ (=> compute function t-privately vs t-securely) and
+ static vs adaptive adversaries as well as perfect
+ (e.g., with secure channel) and cryptographic settings.
+ Contrary to previous definitions doesn't restrict to
+ black-box simulations (though probably that restriction
+ was not that important) and allows rewinds (more
+ important, e.g., ZKP). Probably most precise and
+ complete to date. Proves composition theorems for
+ 'sequential subroutine composition'. To model adaptive
+ adversaries he defines an additional TM Z to model the
+ environment which feeds the context as auxiliary input
+ on corruptions as well models post-execution effects in
+ a non-erasing model by allowing Z (on input \emph{all}
+ outputs of the protocol) to further corrupt parties
+ (via adversary) after the termination of the protocol.
+ The simulation has to hold now for all Z and all A (but
+ note that contrary to A, Z is the same in the ideal
+ model!). However, if we consider erasing models where
+ all internal states are deleted after protocol
+ terminatin then Z can be simplified to apriori fixed
+ auxilliary strings for each corruption. Appeared also
+ as Theory of Cryptography Library Record 98-18.",
+ year = "2000",
+ pages = "143--202",
+ publisher = "Springer-Verlag, Berlin Germany",
+ added-at = "Thu Jul 20 11:01:42 2000",
+}
+
+
+@Article{Canetti:2002:UCN,
+ author = "Ran Canetti and Hugo Krawczyk",
+ title = "Universally Composable Notions of Key Exchange and
+ Secure Channels",
+ journal = "Lecture Notes in Computer Science",
+ volume = "2332",
+ pages = "337--??",
+ year = "2002",
+ CODEN = "LNCSD9",
+ ISSN = "0302-9743",
+ bibdate = "Tue Sep 10 19:09:37 MDT 2002",
+ bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2332.htm",
+ url = "http://eprint.iacr.org/2002/059",
+ acknowledgement = "Nelson H. F. Beebe, Center for Scientific
+ Computing, University of Utah, Department of
+ Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|,
+ \path|beebe@ieee.org| (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+}
+
+@misc{Shoup:2004:SGT,
+ author = {Victor Shoup},
+ title = {Sequences of games: a tool for taming complexity in security proofs},
+ howpublished = {Cryptology ePrint Archive, Report 2004/332},
+ year = {2004},
+ url = {http://eprint.iacr.org/2004/332},
+}
+
+@InProceedings{Bellare:2006:STE,
+ title = "The Security of Triple Encryption and a Framework for
+ Code-Based Game-Playing Proofs",
+ author = "Mihir Bellare and Phillip Rogaway",
+ bibdate = "2006-07-05",
+ bibsource = "DBLP,
+ http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06",
+ booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual
+ International Conference on the Theory and Applications
+ of Cryptographic Techniques, St. Petersburg, Russia,
+ May 28 - June 1, 2006, Proceedings",
+ publisher = "Springer",
+ year = "2006",
+ volume = "4004",
+ editor = "Serge Vaudenay",
+ ISBN = "3-540-34546-9",
+ pages = "409--426",
+ series = "Lecture Notes in Computer Science",
+ note = "Proceedings version of \cite{Bellare:2004:CBG}"
+}
+
+@misc{Bellare:2004:CBG,
+ author = {Mihir Bellare and Phillip Rogaway},
+ title = {Code-Based Game-Playing Proofs and the Security of Triple Encryption},
+ howpublished = {Cryptology ePrint Archive, Report 2004/331},
+ year = {2004},
+ url = {http://eprint.iacr.org/2004/331},
+ note = "Full version of \cite{Bellare:2006:STE}"
+}
+
+@Article{Shoup:2001:OR,
+ author = "Victor Shoup",
+ title = "{OAEP} Reconsidered",
+ journal = "Lecture Notes in Computer Science",
+ volume = "2139",
+ pages = "239--??",
+ year = "2001",
+ CODEN = "LNCSD9",
+ ISSN = "0302-9743",
+ bibdate = "Sat Feb 2 13:05:41 MST 2002",
+ bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2139.htm",
+ URL = "http://link.springer-ny.com/link/service/series/0558/bibs/2139/21390239.htm;
+ http://link.springer-ny.com/link/service/series/0558/papers/2139/21390239.pdf",
+ acknowledgement = "Nelson H. F. Beebe, Center for Scientific
+ Computing, University of Utah, Department of
+ Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|,
+ \path|beebe@ieee.org| (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+}
+
+@Article{Canetti:2004:ROM,
+ author = "Ran Canetti and Oded Goldreich and Shai Halevi",
+ title = "The random oracle methodology, revisited",
+ journal = "Journal of the ACM",
+ volume = "51",
+ number = "4",
+ pages = "557--594",
+ month = jul,
+ year = "2004",
+ CODEN = "JACOAH",
+ ISSN = "0004-5411",
+ bibdate = "Sat Jul 10 09:49:01 MDT 2004",
+ bibsource = "http://portal.acm.org/",
+ acknowledgement = "Nelson H. F. Beebe, University of Utah, Department
+ of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|
+ (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+}
+
+@Article{Boneh:2003:IBE,
+ author = "Dan Boneh and Matthew Franklin",
+ title = "Identity-Based Encryption from the {Weil} Pairing",
+ journal = "SIAM Journal on Computing",
+ volume = "32",
+ number = "3",
+ pages = "586--615",
+ month = jun,
+ year = "2003",
+ CODEN = "SMJCAT",
+ doi = "http://dx.doi.org/10.1137/S0097539701398521",
+ ISSN = "0097-5397 (print), 1095-7111 (electronic)",
+ bibdate = "Wed Aug 20 06:43:35 MDT 2003",
+ bibsource = "http://epubs.siam.org/sam-bin/dbq/toclist/SICOMP/32/3",
+ URL = "http://epubs.siam.org/sam-bin/dbq/article/39852",
+ acknowledgement = "Nelson H. F. Beebe, University of Utah, Department
+ of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake
+ City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1
+ 801 581 4148, e-mail: \path|beebe@math.utah.edu|,
+ \path|beebe@acm.org|, \path|beebe@computer.org|
+ (Internet), URL:
+ \path|http://www.math.utah.edu/~beebe/|",
+ doi-url = "http://dx.doi.org/10.1137/S0097539701398521",
+}
+
+
+@Article{ElGamal:1985:PKC,
+ author = "Taher ElGamal",
+ booktitle = "Advances in cryptology (Santa Barbara, Calif., 1984)",
+ title = "A public key cryptosystem and a signature scheme based
+ on discrete logarithms",
+ journal = "Lecture Notes in Computer Science",
+ volume = "196",
+ pages = "10--18",
+ year = "1985",
+ CODEN = "LNCSD9",
+ ISSN = "0302-9743",
+ MRclass = "94A60 (11T71 68P25)",
+ MRnumber = "87b:94037",
+ mrnumber-url = "http://www.ams.org/mathscinet-getitem?mr=87b%3a94037",
+}
+
+@misc{Menezes:2005:IPB,
+ author = "Alfred Menezes",
+ title = "An Introduction to Pairing-Based Cryptography",
+ url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf",
+ note = "Notes from lectures given in Santander, Spain",
+ year = "2005"
+}
+
+@misc{Stinson:2006:EST,
+ author = {D.R. Stinson and J. Wu},
+ title = {An Efficient and Secure Two-flow Zero-Knowledge Identification Protocol},
+ howpublished = {Cryptology ePrint Archive, Report 2006/337},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/337},
+}
+
+@misc{DiRaimondo:2006:DAK,
+ author = {Mario Di Raimondo and Rosario Gennaro and Hugo Krawczyk},
+ title = {Deniable Authentication and Key Exchange},
+ howpublished = {Cryptology ePrint Archive, Report 2006/280},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/280},
+}
+
+@misc{SEC1,
+ author = "{Certicom Research}",
+ title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic curve cryptography, Version 1.0",
+ year = "2000",
+ url = "http://www.secg.org/download/aid-385/sec1_final.pdf"
+}
+
@proceedings{DBLP:conf/fse/2001,
editor = {Mitsuru Matsui},
title = {Fast Software Encryption, 8th International Workshop, FSE 2001
~mdw / doc / texmf / commitdiff