# A.2 Crypto Proceedings

ADVANCES **IN **CRYPTOGRAPHY - A Report on **CRYPTO 81. **ECE Rept **No 82-04, **Dept, of Electrical & Computer Engineering, University of California, Santa Barbara, CA, U.S.A., **1982. **Editor: A. Gersho.

L. M. Adleman, *Prhuahty testing* (abstract only), 10.

H.R. Amirazizi, M.E. Heilman, *Time-memory-processor tradeoffs* (abstract only), 7-9.

H.R. Amirazizi, E.D. Kamin, J.M. Reyneri, *Compact knapsacks are polynomially solvable* (abstract only), 17-19.

H.J. Beker, *Stream ciphers: Applications and techniques,* 121-123.

T.A. Berson, R.K. Bauer, *Local network cryptosystem architecture,* 73-78.

G.R. Blakley, *Key management from a security viewpoint* (abstract only), 82.

M. Blum, *Coin Hipping by telephone: A protocol for solving impossible problems,* 11-15.

G. Brassard, An *optimally secure relativized cryptosystem,* 54-58.

D.L. Chaum, *Silo watching,* 138-139.

D. W. Davies, *Some regular properties of the DES* (abstract only), 41.

R. A. DeMillo, N.A. Lynch, M.J. Merritt, *The design and analysis of cryptographic protocols* (abstract

only), 71.

W. Diffie, *Cryptographic teclmology: Fifteen year forecast,* 84-108.

S. Even, *A protocol for signing contracts,* 148-153.

M. Gasser, *Limitations of encryption to enforce mandatory security,* 130-134.

J.A. Gordon, *Towards a design procedure for cryptosecure substitution boxes* (abstract only), 53.

M E. Heilman, E.D. Kamin, J. Reyneri, *On the necessity of cryptanalytic exhaustive search, 2-6.*

RS. Henry, R.D. Nash, *Fast decryption algorithm for the knapsack cipher* (abstract only), 16.

E. Henze, *The solution of the general equation for public key distribution systems,* 140-141.

T. Herlestam, *On the feasibility of computing discrete losarithms using Adleman’s subexponential algo*

*rithm,* 142-147.

I. Ingemarsson, Are *all injective knapsacks partly solvable after multiplication modulo q?,* 20-24.

J. P. Jordan, A *variant of a pubhc key cryptosystem based on Goppa codes,* 25-30.

S.C. Как, *Scrambling and randomization,* 59-63.

S.T. Kent, *Cryptographic techniques for protecting storage* (abstract only), 80.

A.G. Konheim, A *one-way sequence for transaction verification* (abstract only), 38.

A. L. Lang Jr., J. Vasak, A *methodology for evaluating the relative security of connnercial COMSEC de*

*vices,* 124-129.

Y. A. Lau, T.R. McPherson, *Implementation of a hybrid RSA/DES key management system* (abstract only), 83.

L. -S. Lee, G.-C. Chou, *New results on sampling-based scrambling techniques for secure speech commu*

*nications,* 115-119.

H. Meijer, S. Akl, *Digital signature schemes,* 65-70.

D.R. Morrison, *Subtractive encryptors* - *alternatives to the DES,* 42-52.

J.M. Nye, *Current market: Products, costs, trends,* 110-114.

J.M. Nye, *The import/export dilennna* (abstract only), 135-137.

S. Porter, A *password extension for improved human* factors (abstract only), 81.

G. Purdy, G. Simmons, J. Studier, Software *protection using* "conununal-key-cryptosystems” (abstract only), 79.

B. P Schaiming, *MEMO: A hybrid approach to encrypted electronic mail* (abstract only), 64.

A. Shamir, *The generation of cryptographically strong pseudo-random sequences* (abstract only), 1.

G. J. Simmons, A *system for point-of-sale or access user authentication and identification,* 31-37.

M. E. Sruid, *DES **81**: An update,* 39-40.

S.B. Weinstein, *Security mechanism in electronic cards* (abstract only), 109.

A.D. Wyner, *Some thoughts on speech encryption* (abstract only), 120.

Advances in Cryptology - Proceedings of **CRYPTO 82. **Plenum Press **(1983). **Editors: D. Chaum, R.L. Rivest, and A.T. Sherman.

L.M. Adleman, *Implementing an electronic notary public,* 259-265.

L.M. Adleman, *On breaking the iterated Merkle-Helhnan public-key cryptosystem,* 303-308.

S. G. Akl, P.D. Taylor, *Cryptographic solution to a multilevel security problem,* 237-249.

G.M. Avis, S.E. Tavares, *Using data uncertainty to increase the crypto-complexity of simple private key enciphering schemes,* 139-143.

C.H. Bennett, G. Brassard, S. Breidbart, S. Wiesner, *Quantum cryptography, or unforgeable subway tokens,* 267-275.

T. A. Berson, *Local network cryptosystem architecture: Access control,* 251-258.

T.A. Berson, *Long key variants of DES,* 311-313.

G.R. Blakley, L. Swanson, *Infinite structures in information theory,* 39-50.

R. Blom, *Non-public key distribution,* 231-236.

L. Blum, M. Blum, M. Shub, *Comparison of two pseudo-random number generators,* 61-78.

G. Brassard, On *computationally secure authentication tags requiring short secret shared keys,* 79-86.

E.F. Brickell, *A fast modular multiplication algorithm with applications to two key cryptography,* 51-60.

E.F. Brickell, J.A. Davis, G.J. Simmons, *A preliminary report on the cryptanalysis of Merkle-Helhnan knapsack cryptosystems,* 289-301.

E.F. Brickell, J.H. Moore, *Some remarks on the Herlestam-Johaimesson algorithm for computing logarithms over GF(2 ^{P}),* 15-19.

D. Chaum, *Bhnd signatures for untraceable payments,* 199-203.

D.W. Davies, *Some regular properties of the ‘Data Encryption Standard' algorithm,* 89-96.

D.W. Davies, G.I.P. Parkin, *The average cycle size of the key stream in output feedback encipherment.* 97- 98.

D. Dolev, S. Even, R.M. Karp, *On the security of ping-pong protocols,* 177-186.

D. Dolev, A. Wigderson, *On the security of multi-party protocols in distributed systems,* 167-175.

S. Even, O. Goldreich, *On the security of multi-party ping-pong protocols,* 315.

S. Even, O. Goldreich, A. Lempel, A *randomized protocol for signing contracts,* 205-210.

S. Goldwasser, S. Micali, A. Yao, On *signatures and authentication,* 211-215.

M E. Heilman, J.M. Reyneri, *Drainage and the DES,* 129-131.

M.E. Heilman, J.M. Reyneri, *Fast computation of discrete logaritlnns in* GF*(q),* 3-13.

R. Janardan, K.B. Lakshmanan, A *public-key cryptosystem based on the matrix cover NP-complete problem,* 21-37.

R.R. Jueneman, *Analysis of certam aspects of output feedback mode,* 99-127.

L. Longpre, *The use of public-key cryptography for signing checks,* 187-197.

M. Merritt, *Key reconstruction,* 321-322.

C. Mueller-Schloer, N.R. Wagner, *Ctyptographic protection of personal data cards,* 219-229.

C. Nicolai, *Nondetenninistic cryptography,* 323-326.

J.B. Plumstead, *Inferring a sequence produced by a linear congruence,* 317-319.

R.L. Rivest, A *short report on the RSA chip,* 327.

R.L. Rivest, A.T. Sherman, *Randomized encryption techniques,* 145-163.

A. Shamir, A *polynomial time algoritlun for breaking the basic Merkle-Hellman cryptosystem,* 279-288.

R.S. Wintemitz, *Security of a keystrem cipher with secret initial value,* 133-137.

Advances in Cryptology - Proceedings of CRYPTO 83. Plenum Press (1984). Editor: D. Chaum.

S. G. Akl, On *the security of compressed encodings,* 209-230.

M. Blum, U.V. Vazirani, V.V. Vazirani, *Reducibility among protocols,* 137-146.

E.F. Brickell, *Solving low density knapsacks,* 25-37.

E.F. Brickell, J.C. Lagarias, A M. Odlyzko, *Evaluation of the Adleman attack on multiply iterated knapsack cryptosystems,* 39-42.

D. Chaum, *Bhnd signature system,* 153.

D. Chaum, *Design concepts for tamper responding systems,* 387-392.

D.W. Davies, *Use of the ‘signature token ’ to create a negotiable document,* 377-382.

M. Davio, Y. Desmedt, M. Fosseprez, R. Govaerts, J. Hulsbosch, P. Neutjens, P. Piret, J.-J. Quisquater,

J. Vandewalle, P. Wouters, *Analytical characteristics of the DES,* 171-202.

J.A. Davis, D.B. Holdridge, *Factorization using the quadratic sieve algoritlun,* 103-113.

D.E. Denning, *Field encryption and authentication,* 231-247.

T. ElGamal, A *subexponential-time algoritlun for computing discrete logaritlnns overGF(p ^{2}),* 275-292.

S. Even, O. Goldreich, *Electronic wallet,* 383-386.

S. Even, O. Goldreich, *On the power of cascade ciphers,* 43-50.

B.W. Fam, *Improving the security of exponential key exchange,* 359-368.

O. Goldreich, A *simple protocol for signing contracts,* 133-136.

H. Jiirgensen, D.E. Matthews, *Some results on the information theoretic analysis of cryptosystems,* 303- 356.

J.C. Lagarias, *Knapsack pubhc key cryptosystems and diophantine approximation,* 3-23.

R. Lidl, W.B. Muller, *Permutation polynomials in RSA-cryptosystems,* 293-301.

H. Ong, C.P. Schnorr, *Signatures through approximate respresentations by quadratic forms,* 117-131.

C. Pornerance, J.W. Smith, S.S. Wagstaff Jr., *New ideas for factoring large integers,* 81-85.

J.A. Reeds, N.J.A. Sloane, *Sluft-register synthesis (modulo m),* 249.

J.E. Sachs, S. Berkovits, *Probabilistic analysis and performance modelling of the 'Swedish' algoritlnn and modifications,* 253-273.

G. J. Simmons, *The prisoners’ problem and the subliminal channel,* 51-67.

M.E. Spencer, S.E. Tavares, *A layered broadcaset cryptographic system,* 157-170.

T. Tedrick, *How to exchange half a bit,* 147-151.

U. V. Vazirani, V.V. Vazirani, *RSA bits are* .732 + *e secure,* 369-375.

H. C. Williams, *An overview of factonng,* 71-80.

R.S. Wintemitz, *Producing a one-way hash function from DES,* 203-207.

M.C. Wunderlich, *Factonng numbers on the massively parallel computer,* 87-102.

Advances in Cryptology - Proceedings of CRYPTO 84. Springer-Verlag LNCS 196 (1985). Editors: G.R. Blakley and D. Chaum.

S.G. Akl, H. Meijer, A *fast pseudo random permutation senerator with applications to cryptology,* 269- 275.

H. Beker, M. Walker, *Key management for secure electronic funds transfer in a retail environment,* 401-

410.

C. H. Bennett, G. Brassard, *An update on quantum cryptography,* 475-480.

I. F. Blake, R.C. Mullin, S.A. Vanstone, *Computing logarithms in GF(*2"), 73-82.

G.R. Blakley, *Infonnation theorу* without the *finiteness assumption, I: Cryptosystems as group-theoretic objects,* 314-338.

G. R. Blakley, C. Meadows, *Security of ramp schemes,* 242-268.

M. Blum, S. Goldwasser, *An efficient probabihstic pubhc-key encryption scheme which hides all partial information,* 289-299.

E. F. Brickell, *Brealdng iterated knapsacks,* 342-358.

D. Chaum, *How to keep a secret alive: Extensible partial key, key safesuardins, and threshold systems,*

481—485.

D. Chaum, *New secret codes can prevent a computerized big brother,* 432-433.

S. -S. Chen, On *rotation group and encryption of analog signals,* 95-100.

B. Chor, O. Goldreich, *RSA/Rabin least significant bits are* 1/2 + *l/poly(og n) secure,* 303-313.

В. Chor, R.L. Rivest, A *knapsack type pubhc key cryptosystem based on ahtlunetic in finite fields,* 54-65. D.W. Davies, A *message authenticator algoritlnn suitable for a mainframe computer,* 393-400.

M. Davio, Y. Desmedt, J. Goubert, F. Hoomaert, J.-J. Quisquater, *Efficient hardware and software imple*

*mentations for the DES,* 144-146.

J. A. Davis, D.B. Holdridge, An *update on factorization at Sandia National Laboratories,* 114.

Y. Desmedt, J.-J. Quisquater, M. Davio, *Dependence of output on input in DES: Small avalanche characteristics,* 359-376.

T. ElGamal, A *public key cryptosystem and a signature scheme based on discrete logaritluns,* 10-18. R.C. Fairfield, A. Matusevich, J. Plany, An *LSI digital encryption processor (DEP),* 115-143.

R. C. Fairfield, R.L. Mortenson, K.B. Coulthart, An *LSI random number generator (RNG),* 203-230.

S. Fortune, M. Merritt, *Poker protocols,* 454-464.

O. Goldreich, S. Goldwasser, S. Micali, *On the cryptographic applications of random functions,* 276-288. S. Goldwasser, S. Micali, R.L. Rivest, A *'paradoxical" solution to the signature problem, 467.*

F. Hoomaert, J. Goubert, Y. Desmedt, *Efficient hardware implementation of the DES,* 147-173.

B.S. Kaliski, *Wyner’s analog encryption scheme: Results of a simulation,* 83-94.

A.G. Konheim, *Cryptanalysis of ADFGVX encipherment systems,* 339-341.

S.C. Kothari, *Generalized linear threshold scheme,* 231-241.

A.C. Leighton, S.M. Matyas, *The history of book ciphers,* 101-113.

A.K. Leung, S.E. Tavares, *Sequence complexity as a test for cryptographic systems,* 468-474.

H. Ong, C.P. Schnorr, A. Shamir, *Efficient signamre schemes based on polynomial equations, 37-46.*

N. Proctor, A *self-synchronizing cascaded cipher system with dynamic control of error propasation.* 174—

190.

J.A. Reeds, J.L. Manferdelli, *DES has no per round linear factors,* 377-389.

S. C. Serpell, C.B. Brookson, B.L. Clark, *A prototype encryption system using public key,* 3-9.

A. Shamir, *Identity-based cryptosystems and signature schemes,* 47-53.

G. J. Simmons, *Authentication theory/coding theory,* 411-431.

T. Tedrick, *Fair exchange of secrets,* 434-438.

U. V. Vazirani, V.V. Vazirani, *Efficient and secure pseudo-random number generation,* 193-202.

N.R. Wagner, M R. Magyarik, *A public key cryptosystem based on the word problem,* 19-36.

H. C. Williams, *Some public key crypto-functions as intractable as factorization,* 66-70.

M. Yung, *Cryptoprotocols: Subscription to a public key, the secret blocking and the multi-player mental poker game,* 439-453.

Advances in Cryptology - CRYPTO ’85. Springer-Verlag LNCS 218 (1986). Editor: H.C. Williams.

C. H. Bennett, G. Brassard, J.-M. Robert, *How to reduce your enemy’s information,* 468-476.

R. Berger, S. Kannan, R. Peralta, A *framework for the study of cryptographic protocols,* 87-103.

G.R. Blakley, *Information theory'* without the *finiteness assumption, П. Unfolding the DES,* 282-337.

G. R. Blakley, C. Meadows, G.B. Purdy, *Fingerprinting long forgiving messages,* 180-189.

E.F. Brickell, J.M. DeLaurentis, *An attack on a signature scheme proposed by Okamoto and Shiraishi.* 28- 32.

D. Chaum, J.-H. Evertse, *Cryptanalysis of DES with a reduced number of rounds - sequences of linear fac*

*tors in block ciphers,* 192-211.

B. Chor, O. Goldreich, S. Goldwasser, *The bit security of modular squaring given partial factorization of*

*the modules,* 448-457.

D. Coppersmith, *Another birthday attack,* 14-17.

D. Coppersmith, *Cheating at mental poker,* 104-107.

D. Coppersmith, *The real reason for Rivest’s phenomenon,* 535-536.

C. Crepeau, *A secure poker protocol that minimizes the effect of player coalitions,* 73-86.

W. de Jonge, D. Chaum, *Attacks on some RSA signatures,* 18-27.

Y. Desmedt, *Unconditionally secure authentication schemes and practical and theoretical consequences, *42-55.

Y. Desmedt, A M. Odlyzko, A *chosen text attack on the RSA cryptosystem and some discrete logaritlun*

*schemes,* 516-522.

W. Diffie, *Security for the DoD transmission control protocol,* 108-127.

T. ElGamal, *On computing logarithms over finite fields,* 396-402.

D. Estes, L.M. Adleman, K. Kompella, K.S. McCurley, G.L. Miller, *Breaking the Ong-Sclmorr-Shamir*

*signature scheme for quadratic number fields,* 3-13.

S. Even, O. Goldreich, A. Shamir. *On the security of pins-pons protocols when implemented using the*

*RSA,* 58-72.

J. Feigenbaum, *Encrypting problem instances: Or... , can you take advantage of someone without having to trust him?,* 477-488.

H. Fell, W. Diffie, *Analysis of a public key approach based on polynomial substitution,* 340-349.

Z. Galil, S. Haber, M. Yung, *Symmetric public-key encryption,* 128-137.

P. Godlewski, G.D. Cohen, *Some cryptographic aspects of Womcodes,* 458-467.

J.R. Gosler, *Software protection: Myth or reality?,* 140-157.

J. Hastad, *On using RSA with low exponent in a public key network,* 403-408.

W. Haemers, Access *control at the Netherlands Postal and Telecommunications Sendees,* 543-544.

A. Herzberg, S. Pinter, *Pubhc protection of software,* 158-179.

B. S. Kaliski Jr., R.L. Rivest, A.T. Sherman, *Is DES a pure cipher? (Results of more cyclins experiments*

*on DES),* 212-226.

M. Kochanski, *Developing an RSA chip,* 350-357.

M. Luby, C. Rackoff, *How to construct pseudo-random permutations from pseudo-random functions,* 447.

V.S. Miller, *Use of elliptic cun'es in cryptography,* 417-426.

T. E. Moore, S.E. Tavares, A *layered approach to the design of private key cryptosystems,* 227-245.

E. Okamoto, K. Nakamura, *Lifetimes of keys in cryptographic key management systems,* 246-259.

J.-J. Quisquater, Y. Desmedt, M. Davio, *The importance of “good” key scheduling schemes (how to make a secure DES scheme with <* 48 *bit keys?),* 537-542.

J.H. Reif, J.D. Tygar, *Efficient parallel pseudo-random number generation,* 433-446.

R. A. Rueppel, *Correlation immunity and the summation generator,* 260-272.

A. Shamir, *On the security of DES,* 280-281.

T. Siegenthaler, *Design of combiners* to prevent divide and *conquer attacks,* 273-279.

G. J. Simmons, *A secure subliminal channel (?),* 33-41.

N.M. Stephens, *Lenstra’s factorisation method based on elliptic curves,* 409-416.

J. van Tilburg, D.E. Boekee, *Divergence bounds on key equivocation and error probability in cryptanalysis,* 489-513.

V. Varadharajan, *Trapdoor rings and their use in cryptography,* 369-395.

A.F. Webster, S.E. Tavares, *On the design of S-boxes,* 523-534.

H. C. Williams, An *M ^{3} public-key encryption scheme,* 358-368.

S. Wolfram, *Cryptography with cellular automata,* 429-432.

Advances in Cryptology - CRYPTO ’86. Springer-Verlag LNCS 263 (1987). Editor: A.M. Odlyzko.

P. Barrett, *Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor,* 311-323.

P. Beauchemin, G. Brassard, C. Crepeau, C. Goutier, *Two observations on probabilistic primality testms, 443-450.*

J.C. Benaloh, *Cryptographic capsules:* A *disjunctive primitive for interactive protocols,* 213-222.

J.C. Benaloh, *Secret sharuig homomorphisms: Keeping shares of a secret secret,* 251-260.

T. Beth, B.M. Cook, D. Gollmann, *Architectures for exponentiation in GF(2 ^{n}),* 302-310.

G.R. Blakley, R.D. Dixon, *Smallest possible message expansion hi threshold schemes,* 266-274.

G. Brassard, C. Crepeau, *Zero-knowledge simulation of Boolean circuits,* 223-233.

G. Brassard, C. Crepeau, J.-M. Robert, *All-or-nothing disclosure of secrets,* 234-238.

E.F. Brickell, J.H. Moore, M.R. Purtill, *Structure in the S-boxes of the DES,* 3-8.

J.J. Cade, A *modification of a broken public-key cipher,* 64-83.

A.H. Chan, R.A. Games, *On the lmear span of binary sequences obtained from finite geometries,* 405^117.

D. Chaum, *Demonstrating that a pubhc predicate can be satisfied without revealing any mformation about how,* 195-199.

D. Chaum, J.-H. Evertse, A *secure and privacy-protecting protocol for transmitting personal information between organizations,* 118-167.

D. Chaum, J.-H. Evertse, J. van de Graaf, R. Peralta, *Demonstrating possession of a discrete logaritlun without revealing it,* 200-212.

C. Crepeau, A *zero-knowledge poker protocol that achieves confidentiality of the players ’ strategy or how to achieve an electronic poker face,* 239-247.

W. de Jonge, D. Chaum, *Some variations on RSA signatures and their security,* 49-59.

Y. Desmedt, *Is there an ultimate use of cryptography ?,* 459-463.

Y. Desmedt, J.-J. Quisquater, *Public-key systems based on the difficulty of tampering (Is there a difference between DES and RSA?),* 111-117.

A. Fiat, A. Shamir, *How to prove yourself: Practical solutions to identification and* signature *problems,*

186-194.

O. Goldreich, *Towards a theory of software protection,* 426-439.

O. Goldreich, *Two remarks concerning the Goldwasser-Micali-Rivest signature scheme,* 104-110.

O. Goldreich, S. Micali, A. Wigderson, *How to prove all NP* statements *in zero-knowledge, and a methodology of cryptographic protocol design,* 171-185.

L.C. Guillou, M. Ugon, *Smart card* - *a highly reliable and portable security device,* 464-479.

R. Gyoery, J. Seberry, *Electronic funds transfer point of sale in Australia,* 347-377.

N.S. James, R. Lidl, H. Niederreiter, *Breaking the Cade cipher,* 60-63.

R. R. Jueneman, A *high speed manipulation detection code,* 327-346.

B. S. Kaliski Jr., A *pseudo-random bit generator based on elliptic logaritlmis,* 84-103.

S. M. Matyas, *Pubhc-key registration,* 451-458.

S. Micali, C. Rackoff, B. Sloan, *The notion of security for probabilistic cryptosystems,* 381-392.

J.H. Moore, G. J. Simmons, *Cycle structure of the DES with weak and semi-weak keys,* 9-32.

G.A. Orton, M.R Roy, RA. Scott, L.E. Peppard, S.E. Tavares, *VLSI implementation of public-key* encryption *algorithms,* 277-301.

G. Rankine, *THOMAS - a complete single chip RSA device,* 480-487.

T. R.N. Rao, K.-H. Nam, *Private-key algebraic-coded cryptosystems,* 35-48.

D.R. Stinson, *Some constructions and bounds for authentication codes,* 418-425.

M. Tompa, H. Woll, *How to share a secret with cheaters,* 261-265.

N. R. Wagner, P.S. Putter, M.R. Cain, *Large-scale randomization techniques,* 393-404.

Advances in Cryptology - **CRYPTO **’87. Springer-Verlag LNCS 293 (1988). Editor: C. Pomerance.

C. M. Adams, H. Meijer, *Security-related comments regarding McEliece's public-key ciyptosystem,* 224-

228.

P. Beauchemin, G. Brassard, A *generalization of Heilman's extension of* Shannon’s *approach to cryptography,* 461.

G.R. Blakley, W. Rundell, *Cryptosystems based on an analog of heat flow,* 306-329.

E.F. Brickell. D. Chaum, I.B. Damgard, J. van de Graaf, *Gradual and verifiable release of a secret,* 156— 166.

E. F. Brickell, PJ. Lee, Y. Yacobi, *Secure audio teleconference,* 418-426.

D. Chaum, C. Crepeau, I. Damgard, *Multiparty unconditionally secure protocols,* 462.

D. Chaum, I.B. Damgard, J. van de Graaf, *Multipart}' computations ensuring privacy of each party’s input*

*and correctness of the result,* 87-119.

C. Crepeau, *Equivalence between two flavours of oblivious transfers,* 350-354.

G.I. Davida, F.B. Danes, *A crypto-engine,* 257-268.

G.I. Davida, B.J. Matt, *Arbitration in tamper proof systems (If DES* « *RSA then what’s the difference between true signature and arbitrated signature schemes?),* 216-222.

A. De Santis, S. Micali, G. Persiano, *Non-interactive zero-knowledge proof systems,* 52-72.

J. M. DeLaurentis, *Components and cycles of a random function,* 231-242.

Y. Desmedt, *Society and group oriented cryptography:* A new *concept,* 120-127.

Y. Desmedt, C. Goutier, S. Bengio, *Special uses and abuses of the Fiat-Shamir passport protocol,* 21-39.

F. A. Feldman, *Fast spectral tests for measuring nonrandomness and the DES,* 243-254.

W. Fumy, *On the F-function of FEAL,* 434-437.

Z. Galil, S. Haber, M. Yung, *Cryptographic computation: Secure fault-tolerant protocols and the pubhe-*

*key model,* 135-155.

O. Goldreich, R. Vainish, *How to solve any protocol problem - an efficient improvement,* 73-86.

L. Guillou, J.-J. Quisquater, *Efficient digital public-key signatures with shadow,* 223.

M. P Herlihy, J.D. Tygar, *How to make replicated data secure,* 379-391.

R. Impagliazzo, M. Yung, *Direct minimum-knowledge computations,* 40-51.

R.A. Kennnerer, *Analyzing encryption protocols using formal verification techniques,* 289-305.

K. Koyama, K. Ohta, *Identity-based conference key distribution systems,* 175-184.

M. Luby, C. Rackoff, *A study of password security,* 392-397.

Y. Matias, A. Shamir, A *video scrambling technique based on space filling curves.* 398-417.

T. Matsumoto. H. Imai, *On the key predistribution system: A practical solution to the key distribution problem,* 185-193.

R.C. Merkle, A *digital signature based on a conventional encryption function,* 369-378.

J. H. Moore, *Strong practical protocols,* 167-172.

E. Okamoto, *Key distribution systems based on identification information,* 194-202.

K. Presttun, *Integratmg cryptography m ISDN,* 9-18.

W.L. Price, *Standards for data security - a change of direction,* 3-8.

J.-J. Quisquater, *Secret distribution of keys for public-key systems,* 203-208.

J.-J. Quisquater, J.-P. Delescaille, *Other cychng tests for DES,* 255-256.

T.R.N. Rao, On *Struik-Tilburg cryptanalysis of Rao-Nam scheme,* 458-460.

G.J. Simmons, *An impersonation-proof identity verification scheme,* 211-215.

G. J. Simmons, *A natural taxonomy for digital information authentication schemes,* 269-288.

D.R. Stinson, *A construction for authentication/secrecy codes from certain combinatorial desisns,* 355— 366.

D.R. Stinson, S.A. Vanstone, *A combinatorial approach to threshold schemes,* 330-339.

R. Struik, J. van Tilburg, *The Rao-Nam scheme is insecure against a chosen-plamtext attack,* 445-457.

H. Tanaka, *A realization scheme for the identity-based cryptosystem,* 340-349.

J. van de Graaf, R. Peralta, *A simple and secure way to show the validity of your public key,* 128-134.

Y. Yacobi, *Attack on the Koyama-Ohta identity based key distribution scheme,* 429-433.

K. C. Zeng, J.H. Yang, Z.T. Dai, *Patterns of entropy drop of the key* in *an S-box of the DES,* 438-444.

Advances in Cryptology - CRYPTO ’88. Springer-Verlag LNCS 403 (1990). Editor: S. Goldwasser.

M. Abadi, E. Allender, A. Broder, J. Feigenbaum, L.A Hemachandra, *On generatmg solved distances of computational problems,* 297-310.

L. M. Adleman, An *abstract theorу of computer viruses,* 354-374.

E. Bach, *Intractable problems in number theory,* 77-93.

M. Bellare, S. Micali, *How to sign given any trapdoor function,* 200-215.

M. Ben-Or, O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, P. Rogaway, *Everything provable is provable in zero-knowledge,* 37-56.

J. Benaloh, J. Leichter, *Generalized secret sharing and* monotone *functions,* 27-35.

M. Blum, P. Feldman, S. Micali, *Proving security against chosen ciphertext attacks,* 256-268.

J. Brandt, I.B. Damgard, P. Landrock, T. Pedersen, *Zero-knowledge authentication scheme with secret key exchange,* 583-588.

G. Brassard, I.B. Damgard, *“Practical IP’’* С MA, 580-582.

E.F. Brickell, D.R. Stinson, *The detection of cheaters in threshold schemes,* 564-577.

D. Chaum, A. Fiat, M. Naor, *Untraceable electronic cash,* 319-327.

C. Crepeau, J. Kilian, *Weakening security assumptions and oblivious transfer,* 2-7.

I.B. Damgard, On *the randonmess of Legendre and Jacobi sequences,* 163-172.

I.B. Damgard, *Payment systems and credential mechanisms with provable* securiry *against abuse by* individuals, 328-335.

A. De Santis, S. Micali, G. Persiano, *Non-interactive zero-knowledge with preprocessing,* 269-282.

M. De Soete, *Bounds and constructions for authentication-secrecy codes with splitting,* 311-317.

B. den Boer, *Difhe-Hellman is as strong as discrete log for certain primes,* 530-539.

Y. Desmedt, *Abuses in cryptography and how to light them,* 375-389.

C. Dwork, L. Stockmeyer, *Zero-knowledge with finite state verifiers,* 71-75.

U. Feige, A. Shamir, M. Tennenholtz, *The noisy oracle problem,* 284-296.

R. Forre, *The strict avalanche criterion: Spectral properties of Boolean functions and an extended definition,* 450-468.

M. Girault, P. Toffin, B. Yallee, *Computation of approximate L-th roots modulo n and application to cryptography,* 100-117.

O. Goldreich, H. Krawczyk, M. Luby, *On the existence of pseudorandom generators,* 146-162.

O. Goldreich, E. Kushilevitz, A *perfect zero-knowledge proof for a problem equivalent to discrete logarithm,* 57-70.

L. C. Guillou, J.-J. Quisquater, A "*paradoxical” identity-based signamre scheme resulting from zero-*

*knowledge,* 216-231.

B.J. Herbison, *Developing Ethernet enhanced-security system,* 507-519.

M. -D.A. Huang, S.-H. Tens, A *universal problem in secure and verifiable distributed computation,* 336-

352.

T. Hwang, T.R.N. Rao, *Secret error-correcting codes (SECC),* 540-563.

R. Impagliazzo, S. Rudich, *Limits on the provable consequences of one-way permutations,* 8-26.

N. Koblitz, A *family of Jacobians suitable for discrete log cryptosystems,* 94-99.

S. A. Kurtz, S.R. Mahaney, J.S. Royer, On *the power of 1-way functions,* 578-579.

R.T.C. Kwok, M. Beale, *Aperiodic linear complexities of de Bruijn sequences,* 479-482.

M. Lucks, *A* constraint *satisfaction algorithm for the automated decryption of simple substitution ciphers, *132-144.

T. Matsumoto, K. Kato, H. Imai. *Speedins up secret* computations *with insecure auxiliary devices,* 497- 506.

S. Micali, C.P. Sclmorr, *Efficient, perfect random number generators,* 173-198.

S. Micali, A. Shamir, *An improvement of the Fiat-Shanur identification and signature scheme,* 244-247.

K. Ohta, T. Okamoto, *A modification of the Fiat-Shanur scheme,* 232-243.

C. Rackoff, *A basic theory' of public and private cryptosystems,* 249-255.

J.R. Sherwood, V.A. Gallo, *The application of smart cards for RSA digital signatures in a network comprising both interactive and store-and-forwared facilities,* 484-496.

G.J. Simmons, *How to (really) share a secret,* 390-448.

D. G. Steer, L. Strawczynski, W. Diffie, M. Wiener, A *secure audio teleconference system,* 520-528.

J. van Tilburg, On *the McEliece public-key cryptosystem,* 119-131.

K. Zeng, M. Huang, On *the Unear syndrome method in cryptanalysis,* 469-478.

Advances in Cryptology - CRYPTO ’89. Springer-Verlag LNCS 435 (1990). Editor: G. Brassard.

C. Adams, S. Tavares, *Good S-boxes are* easy *to find,* 612-615.

P. Barrett, R. Eisele, *The smart diskette - a universal user* token and *personal crypto-engine,* 74-79.

D. Beaver, *Multiparty protocols tolerating half faulty processors,* 560-572.

D. Beaver, S. Goldwasser, *Multiparty computation with faulty majority,* 589-590.

M. Bellare, L. Cowen, S. Goldwasser, On *the structure of secret key exchange protocols,* 604-605.

M. Bellare, S. Goldwasser, *New paradigms for digital signatures and message authentication based on non- interactive zero knowledge proofs,* 194-211.

M. Bellare, S. Micali, *Non-mteractive oblivious transfer and apphcations,* 547-557.

M. Ben-Or, S. Goldwasser, J. Kilian, A. Wigderson, *Efficient identification schemes using two prover interactive proofs,* 498-506.

A. Bender, G. Castagnoli, On *the implementation of elliptic* curve *cryptosystems,* 186-192.

J. Bos, M. Coster, *Addition chain heuristics,* 400-407.

J. Boyar, R. Peralta, On *the* concrete *complexity of zero-knowledge proofs,* 507-525.

R.L. Brand, *Problems with the normal use of cryptography for providing security on unclassified networks. *30-34.

E. F. Brickell, A *sur'ey of hardware implementations of RSA,* 368-370.

E.F. Brickell, D.M. Davenport, On *the classification of ideal secret sharing schemes,* 278-285.

J.A. Buchmann, H.C. Williams, A *key exchange system based on real quadratic fields,* 335-343.

A. H. Chan, R.A. Games, On *the quadratic spans of periodic sequences,* 82-89.

D. Chaum, *The Spymasters double-agent problem: Multiparty computations secure unconditionally from minorities and cryptographically from majorities,* 591-602.

D. Chaum, H. van Antwerpen, *Undemable signatures,* 212-216.

G.C. Chick, S.E. Tavares, *Flexible access control with master keys,* 316-322.

B. Chor, E. Kushilevitz, *Secret sharing over infinite domains,* 299-306.

R. Cleve, *Controlled gradual disclosure schemes for random bits and their applications,* 573-588.

I.B. Damgard, *A design principle for hash functions,* 416-427.

I.B. Damgard, On *the existence of bit commitment schemes and zero-knowledge proofs,* 17-27.

M. De Soete, J.-J. Quisquater, K. Vedder, A *signature with shared verification scheme,* 253-262.

Y.G. Desmedt, *Making conditionally secure cryptosystems unconditionally abuse-free in a general context, *6-16.

Y.G. Desmedt, Y. Frankel, *Threshold cryptosystems,* 307-315.

S. Even, O. Goldreich, S. Micali, *On-lme/off-lme digital signatures,* 263-275.

U. Feige, A. Shamir, *Zero knowledge proofs of knowledge in two rounds,* 526-544.

D.C. Feldmeier, PR. Kam, *UNIX password security - ten years later,* 44-63.

A. Fiat, *Batch RSA,* 175-185.

PA. Findlay, B.A. Johnson, *Modular exponentiation using recursive sums of residues,* 371-386.

O. Goldreich, H. Krawczyk, *Sparse pseudorandom distributions,* 113-127.

C. J.A. Jansen, D.E. Boekee, *The shortest feedback shift resister that can senerate a siven sequence,* 90-

99.

D. Kahn, *Keymg the German navy’s Enigma,* 2-5.

J. Kilian, S. Micali, R. Ostrovsky, *Minimum resource zero-knowledge proofs,* 545-546.

J.T. Kohl, *The use of encryption in Kerberos for network authentication,* 35-43.

H. Krawczyk, *How to predict congruential generators,* 138-153.

C.-S. Laih, L. Ham, J.-Y. Lee, T. Hwang, *Dynamic threshold scheme based on the definition of cross- product in an n-dimensional linear space,* 286-298.

S.S. Magliveras, N.D. Memon, *Properties of cryptosystem PGM,* 447-460.

U.M. Maurer, J.L. Massey, *Perfect local randomness in pseudo-random sequences*, 100-112.

R.C. Merkle, *A certified digital signature,* 218-238.

R. C. Merkle, *One way hash functions and DES,* 428-446.

S. Miyaguchi, *The FEAL - 8 cryptosystem and a call for attack,* 624-627.

H. Morita, *A fast modular-multiplication algoritlun based on a lugher radix,* 387-399.

M. Naor, *Bit commitment using pseudo-randomness,* 128-136.

R. Nelson, J. Hermann, *SDNS architecture and end-to-end encryption,* 356-366.

T. Okamoto, K. Ohta, *Disposable zero-knowledge authentications and their apphcations to untraceable*

*electronic cash,* 481-496.

R. Ostrovsky, An *efficient software protection scheme,* 610-611.

B. Preneel, A. Bosselaers, R. Govaerts, J. Vandewalle, A *chosen text attack on the modified cryptographic*

*checksum algoritlun of Cohen and Huang,* 154-163.

W.L. Price, *Progress in data security standardisation,* 620-623.

J.-J. Quisquater, J.-P. Delescaille, *How easy is colhsion search. New results and applications to DES,* 408- 413.

J.-J. Quisquater, L. Guillou, T. Berson, *How to explam zero-knowledge protocols to your children.* 628- 631.

C. P. Schnorr, *Efficient identification and signatures for smart cards,* 239-252.

A. Shamir, *An efficient identification scheme based on permuted kernels,* 606-609.

J. M. Smith, *Practical problems with a cryptographic protection scheme,* 64-73.

M. Tatebayashi, N. Matsuzaki, D.B. Newman Jr., *Key distribution protocol for digital mobile communication systems,* 324-334.

S. R. White, *Covert distributed processing with computer viruses,* 616-619.

Y. Yacobi, Z. Shmuely, *On key distribution systems,* 344-355.

K. Zena, C.H. Yang, T.R.N. Rao, On *the linear consistency test (LCT) in cryptanalysis with applications,*

164-174.

Y. Zheng, T. Matsumoto, H. Imai, On *the construction of block ciphers provably secure and not relying* on *any unproved hypotheses,* 461-480.

Advances in Cryptology - CRYPTO ’90. Springer-Verlag LNCS 537 (1991). Editors: A.J. Menezes and S.A. Vanstone.

D. Beaver, J. Feigenbaum, J. Kilian, P. Rogaway, *Security with low communication overhead,* 62-76.

D. Beaver, J. Feigenbaum, V. Shoup, *Hiding instances in zero-knowledge proof systems,* 326-338.

T. Beth, Y. Desmedt, *Identification tokens - or: Solving the chess grandmaster problem,* 169-176.

E. Biham, A. Shamir, *Differential cryptanalysis of DES-like cryptosystems,* 2-21.

J. Boyar, D. Chaum, I B. Damgard, T. Pedersen, *Convertible undeniable signatures,* 189-205.

G. Brassard, C. Crepeau, *Quantum bit commitment and coin tossing protocols,* 49-61.

G. Brassard, M. Yung, *One-way group actions,* 94-107.

E.F. Brickell, D.R. Stinson, *Some improved bounds on the information rate of perfect secret sharing schemes,* 242-252.

J. Buchmann, S. Diillmann, *On the computation of discrete logaritluns m class groups,* 134-139.

D. Chaum, S. Roijakkers, *Unconditionally-secure digital signatures,* 206-214.

C.-C. Chuang, J.G. Dunham, *Matrix extensions of the RSA algoritlun,* 140-155.

R. Cleve, *Complexity theoretic issues concerning block ciphers related to D.E.S.,* 530-544.

T. W. Cusick, M.C. Wood, *The REDOC П cryptosystem,* 545-563.

A. De Santis, M. Yung, *Cryptographic apphcations of the non-mteractive metaproof and many-prover sys*

*tems,* 366-377.

D. de Waleffe, J.-J. Quisquater, *CORSAIR:* A *smart card for pubhc key cryptosystems,* 502-513.

Y. Desmedt, M. Yung, *Arbitrated unconditionally secure authentication can be unconditionally protected agamst arbiter’s attacks,* 177-188.

S. Even, *Systolic modular multiplication,* 619-624.

W. Fumy, M. Munzert, A *modular approach to key distribution,* 274-283.

H. Gilbert, G. Chasse, A *statistical attack of the Feal-8 cryptosystem,* 22-33.

S. Goldwasser, L. Levin, *Fair computation of general functions in presence of umnoral majority,* 77-93.

S. Haber, W.S. Stometta, How *to time-stamp a digital document,* 437-455.

J. Kilian, *Achieving zero-knowledge robustly,* 313-325.

J. Kilian, *Interactive proofs with provable security against honest verifiers,* 378-392.

K. Kim, T. Matsumoto, H. Imai, A *recursive* construction *method of S-boxes satisfying strict avalanche*

*criterion,* 564-574.

N. Koblitz, *Constructing elliptic cun ^{r}e cryptosystems in characteristic 2,* 156-167.

K. Kompella, L. Adleman, *Fast checkers for cryptography,* 515-529.

K. Koyama, R. Terada, *Nonlinear parity circuits and their cryptographic applications,* 582-600.

K. Kurosawa, S. Tsujii, *Multi-language zero knowledge interactive proof systems,* 339-352.

B. A. LaMacchia, AM. Odlyzko, *Computation of discrete logaritlmis in prime Gelds,* 616-618.

B.A. LaMacchia, A M. Odlyzko, *Solving large sparse linear systems over Gnite Gelds,* 109-133.

D. Lapidot, A. Shamir, *Publicly veriGable non-interactive zero-knowledge proofs,* 353-365.

U. M. Maurer, A *universal statistical test for random bit generators,* 409-420.

J. L. Mclimes, B. Pinkas. *On the impossibility of private key cryptography witii weakly random keys,* 421—

435.

R. C. Merkle, *Fast software encryption functions,* 476-501.

S. Micali, T. Rabin, *Collective coin tossmg without assumptions nor broadcasting,* 253-266.

S. Miyaguchi, *The FEAL cipher family,* 627-638.

T. Okamoto, K. Ohta, *How to utilize the randonmess of zero-knowledge proofs,* 456-475.

R.L. Rivest, *Finding four million large random primes,* 625-626.

R.L. Rivest, *The MD4 message digest algorithm,* 303-311.

A.W. Scluift, A. Shamir, *On the universality of the next bit test,* 394-408.

G.J. Simmons, *Geometric shared secret and/or shared control schemes,* 216-241.

O. Staffelbach, W. Meier, *Cryptographic signiGcance of the carry for ciphers based on mteger addition,*

601-614.

P. van Oorschot, A *comparison of practical pubhc-key cryptosystems based on integer factorization and*

*discrete logaritlmis,* 576-581.

Y. Yacobi, *Discrete-log with compressible exponents,* 639-643.

Y. Yacobi, *A key distribution'paradox’’,* 268-273.

K. Zeng, C.H. Yang, T.R.N. Rao, An *improved linear syndrome algoritlnn in cryptanalysis with apphca*

*tions,* 34-47.

Y. Zheng, T. Matsumoto, H. Imai, SrnicruraJ *properties of one-way hash functions,* 285-302.

Advances in Cryptology - CRYPTO ’91. Springer-Verlag LNCS 576 (1992). Editor: J. Feigenbaum.

M. Abadi, M. Burrows, B. Lampson, G. Plotkin, A *calculus for access control in distributed systems,* 1- 23.

D. Beaver, *EfGcient multiparty protocols using circuit randomization,* 420-432.

D. Beaver, *Foundations of secure interactive computing,* 377-391.

C.H. Bennett, G. Brassard, C. Crepeau, M.-H. Skubiszewska, *Practical quantum oblivious transfer,* 351- 366.

E. Biham, A. Shamir. *Differential cryptanalysis of Snefru. Khafre. REDOC-II. LOKI. and Lucifer,* 156—

171.

R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, M. Yung, *Systematic design of two-party authentication protocols,* 44-61.

A. G. Broscius, J.M. Smith, *Exploitmg parallelism in hardware implementation of the DES,* 367-376.

P. Camion, C. Carlet, P. Charpin, N. Sendrier, *On correlation-innnune functions,* 86-100.

R. M. Capocelli, A. De Santis, L. Gargano, U. Vaccaro. On *the size of shares for secret shanng schemes,*

101-113.

D. Chaum, E. van Heijst, B. Pfitzmann, *Cryptographically strong undeniable signatures, unconditionally secure for the signer,* 470-484.

Y.M. Chee. A. Joux, J. Stem, *The cryptanalysis of a new public-key cryptosystem based on modular knapsacks,* 204-212.

I. B. Damgard, *Towards practical public key systems secure agamst chosen ciphertext attacks,* 445-456.

B. den Boer, A. Bosselaers, An *attack on the last two rounds of MD4,* 194-203.

Y. Desmedt, Y. Frankel, *Shared generation of authenticators and signatures,* 457-469.

C. Dwork, *On verification hi secret sharing,* 114-128.

M J. Fischer, R.N. Wright, *Multiparty secret key exchange using a random deal of cards,* 141-155.

K.R. Iversen, *A cryptographic scheme for computerized general elections,* 405-419.

J. Kilian, R. Rubinfeld, *Interactive proofs with space bounded pro vers,* 225-231.

N. Koblitz, *CM-Curves with good cryptographic properties,* 279-287.

K. Koyama, U.M. Maurer, T. Okamoto, S.A. Vanstone, *New pubhc-key schemes based on elhptic curves*

*over the ring Z _{n},* 252-266.

D. Lapidot, A. Shamir, *A one-round, two-prover, zero-knowledge protocol forNP,* 213-224.

M. Luby, *Pseudo-random generators from one-way functions,* 300.

S. Micali, P. Rogaway, *Secure computation,* 392-404.

H. Morita, K. Ohta, S. Miyaguchi, A *switching closure test to analyze cryptosystems,* 183-193.

T. Okamoto, K. Ohta, *Universal electronic cash,* 324-337.

T. Okamoto, K. Sakurai, *Efficient algorithms for the construction of hyperelhptic cryptosystems,* 267-278. J. Patarin, *New results on pseudorandom permutation generators based on the DES scheme,* 301-312.

T.P. Pedersen, *Non-mteractive and information-theoretic secure verifiable secret sharing,* 129-140.

B. Pfitzmann, M. Waidner, *How to break and repair a “provably secure” untraceable payment system,* 338—

350.

C. Rackoff, D.R. Simon, *Non-interactive zero-knowledge proof of knowledge and chosen ciphertext at*

*tack,* 433-444.

S. Rudich, *The use of mteraction in public cryptosystems,* 242-251.

D. R. Stinson, *Combinatorial characterizations of authentication codes,* 62-73.

D.R. Stinson, *Universal hashing and authentication codes,* 74-85.

A. Tardy-Corfdir, H. Gilbert, A *known plamtext attack of FEAL-4 and FEAL-6,* 172-182.

S.-H. Teng, *Functional inversion and connnunication complexity,* 232-241.

M.-J. Toussaint, *Deriving the complete knowledge of participants in cryptographic protocols,* 24-43.

S. Tsujii, J. Chao, A new *Ю-based key sharhig system,* 288-299.

C D. Walter, *Faster modular multiplication by operand scahng,* 313-323.

Advances in Cryptology - CRYPTO ’92. Springer-Verlag LNCS 740 (1993). Editor: E.F. Brickell.

T. Baritaud, M. Сатрапа, P. Chauvaud, H. Gilbert, On *the security of the permuted kernel identification scheme,* 305-311.

A. Beimel, B. Chor, *Universally ideal secret sharing schemes,* 183-195.

M. Bellare, O. Goldreich, On *defining proofs of knowledge,* 390-420.

M. Bellare, M. Yung, *Certifying cryptographic tools: The case of trapdoor permutations,* 442-460.

E. Biham, A. Shamir, *Differential cryptanalysis of the full 16-round DES,* 487-496.

B. Blakley, G.R. Blakley, A.H. Chan, J.L. Massey, *Threshold schemes with disemollment,* 540-548.

C. Blundo, A. De Santis, L. Gar°ano, U. Vaccaro, On *the information rate of secret sharing schemes,* 148—

167.

C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, M. Yung, *Perfectly-secure key distribution for dynamic conferences,* 471-486.

J.N.E. Bos, D. Chaum, *Provably unforgeable signatures,* 1-14.

J. Brandt, I. Damgard, *On generation of probable primes by incremental search,* 358-370.

K. W. Campbell, M.J. Wiener, *DES is not a group,* 512-520.

C. Carlet, *Partially-bent functions,* 280-291.

D. Chaum, T.P. Pedersen, *Wallet databases with observers,* 89-105.

C. Dwork, U. Feige, J. Kilian, M. Naor, M. Safra, *Low communication 2-prover zero-knowledse proofs for NP,* 215-227.

C. Dwork, M. Naor, *Pricing via processing or combatting junk mail,* 139-147.

H. Eberle, *A high-speed DES implementation for network applications,* 521-539.

M. Fellows, N. Koblitz, *Kidkrypto,* 371-389.

Y. Frankel, Y. Desmedt, M. Bunnester, *Non-existence of homomorpluc general sharing schemes for some key spaces,* 549-557.

S. Goldwasser. R. Ostrovsky, *Invariant sisnatures and non-interactive zero-knowledse proofs are equivalent,* 228-245.

D. M. Gordon, *Designing and detecting trapdoors for discrete log cryptosystems,* 66-75.

D.M. Gordon, K.S. McCurley, *Massively parallel* computations of discrete logaritluns, 312-323.

L. Ham, H.-Y. Lin, An/-span generalized secret sharing *scheme,* 558-565.

A. Herzberg, M. Luby, *Public randomness in cryptography,* 421-432.

R. Hirschfeld, *Making electronic refunds safer,* 106-112.

L. R. Knudsen, *Iterative characteristics of DES and s ^{2}-DES,* 497-511.

K. Koyama, Y. Tsuruoka, *Speedins up elliptic cryptosystems by usins a sisned binary' window method. *345-357.

U.M. Maurer, *Protocols for secret key agreement by public discussion based on common information. *461—470.

W. Meier, O. Staffelbach, *Efficient multiplication on certain nonsupersingular elliptic* curves, 333-344.

S. Micali, *Fair public-key cryptosystems,* 113-138.

M. Naor, R. Ostrovsky, R. Venkatesan, M. Yung, *Perfect zero-knowledge arguments for NP can be based*

*on general complexity assumptions,* 196-214.

K. Nyberg, L.R. Knudsen, *Provable security against differential cryptanalysis,* 566-574.

T. Okamoto, *Provably secure and practical identification schemes and correspondhis signature schemes,*

31-53.

T. Okamoto, A. Fujioka, E. Fujisaki, An *efficient digital signature scheme based on an elliptic cun ^{r}e over the ring Z_{n},* 54-65.

R. Peralta, A *quadratic sieve on the n-dimensional cube,* 324-332.

A. Russell, *Necessary and sufficient conditions for collision-free hashing,* 433-441.

K. Sakurai, T. Itoh, On *the discrepancy between serial and parallel of zero-knowledge protocols,* 246-259.

M. Sivabalan, S. Tavares, L.E. Peppard, *On the design of SP networks from an information theoretic point of view,* 260-279.

M E. Smid, D.K. Branstad, *Response to comments on the NIST proposed disital signature standard,* 76-

88.

D. R. Stinson, *New general lower bounds on the information rate of secret sharing schemes,* 168-182.

E. van Heijst, T.P. Pedersen. B. Pfitzmann, *New constructions of fail-stop sisnatures and lower bounds.*

15-30.

S. Vaudenay, *FFT-Hash-II is not yet collision-free,* 587-593.

PC. Wayner, *Content-addressable search engines and DES-like systems,* 575-586.

Y. Zheng, J. Seberry, *Practical approaches to attaining security asainst adaptively chosen ciphertext attacks,* 292-304.

Advances in Cryptology - CRYPTO ’93. Springer-Verlag LNCS 773 (1994).

Editor: D.R. Stinson.

L. M. Adleman, J. DeMarrais, *A subexponential alsoritlun for discrete losaritlnns over all finite fields,*

147-158.

Y. Aumann, U. Feige, One *message proof systems with known space verifiers,* 85-99.

A. Beimel, B. Chor, *Interaction in key distribution schemes,* 444-455.

M. Bellare, P. Rogaway, *Entity authentication and key distribution,* 232-249.

I. Ben-Aroya, E. Biham, *Differential cyptanalysis of Lucifer,* 187-199.

J. Bierbrauer, T. Johansson, G. Kabatianskii, B. Smeets, *On families of hash functions via geometric codes*

*and concatenation,* 331-342.

A. Blum. M. Furst, M. Kearns, R.J. Lipton. *Cryptographic primitives based on hard learning problems. *278-291.

C. Blundo, A. Cresti, A. De Santis, U. Vaccaro, *Fully dynamic secret sharing schemes,* 110-125.

A. Bosselaers, R. Govaerts, J. Vandewalle, *Comparison of three modular reduction functions,* 175-186.

S. Brands, *Untraceable off-line cash in wallets with observers,* 302-318.

J. Buchmann, J. Loho, J. Zayer, An *implementation of the general number field sieve,* 159-165.

D. Coppersmith, H. Krawczyk, Y. Mansour, *The shrinking generator,* 22-39.

D. Coppersmith, J. Stem, S. Vaudenay, *Attacks on the birationalpermutation signature schemes,* 435-443. C. Crepeau, J. Kilian, *Discreet sohtary games,* 319-330.

J. Daemen, R. Govaerts, J. Vandewalle, *Weak keys for IDEA,* 224-231.

I.B. Damgard, *Interactive hashing can simplify zero-knowledge protocol design without computational assumptions,* 100-109.

I. B. Damgard, T.P. Pedersen, B. Pfitzmann, On *the existence of statistically hiding bit conmhtment sch*

*emes and fail-stop signatures,* 250-265.

A. De Santis, G. Di Crescenzo, G. Persiano, *Secret sharing and perfect zero knowledge,* 73-84.

T. Denny, B. Dodson, A.K. Lenstra, M.S. Manasse, On *the factorization ofRSA-120,* 166-174.

N. Ferguson, *Extensions of single-term coins,* 292-301.

A. Fiat, M. Naor, *Broadcast encryption,* 480-491.

M. Franklin, S. Haber, *Joint encryption and message-efficient secure computation,* 266-277.

P. Gemmell, M. Naor, *Codes for interactive authentication,* 355-367.

W. Hohl, X. Lai, T. Meier, C. Waldvogel, *Security of* iterated hash *functions based on block ciphers.* 379- 390.

T. Itoh, M. Hoshi, S. Tsujii, A *low communication competitive interactive proof system for promised quadratic residuosity,* 61-72.

W.-A. Jackson, K.M. Martin, C.M. O'Keefe, *Multisecret threshold schemes,* 126-135.

T. Johansson, On *the construction of perfect authentication codes that permit arbitration,* 343-354.

H. Krawczyk, *Secret sharing made short,* 136-146.

T. Leighton, S. Micali, *Secret-key agreement without public-key cryptography,* 456-479.

C.-M. Li, T. Hwang, N.-Y. Lee, *Remark on the threshold RSA signature scheme,* 413-419.

C.H. Lint. P.J. Lee, *Another method for* attaining *security asainst adaptively chosen ciphertext attacks, *420-434.

L. O’Connor, On *the distribution of characteristics* in *composite permutations,* 403-412.

K. Ohta, M. Matsui, *Differential attack on message authentication codes,* 200-211.

J. Patarin, P. Chauvaud, *Improved algoritlnns for the permuted kernel problem,* 391-402.

B. Preneel, R. Govaerts, J. Vandewalle, *Hash functions based on block ciphers:* A *synthetic approach.*

368-378.

B. Preneel, M. Nuttin, V. Rijmen, J. Buelens, *Cryptanalysis of the CFB mode of the DES with a reduced number of rounds,* 212-223.

J. Seberry, X.-M. Zhang, Y. Zheng, *Nonlinearly balanced Boolean functions and their propagation characteristics,* 49-60.

A. Shamir, *Efficient signature schemes based on birational permutations,* 1-12.

J. Stem, A *new identification scheme based on syndrome decoding,* 13-21.

R. Taylor, An *mtegrity check value algorithm for stream ciphers,* 40-48.

Advances in Cryptology - CRYPTO ’94. Springer-Verlag LNCS 839 (1994).

Editor: Y.G. Desmedt.

M. Bellare. 0. Goldreich, S. Goldwasser, *Incremental cryptography: The case of hashing and signing, *216-233.

M. Bellare, J. Kilian, P. Rogaway, *The security of cipher block chaining,* 341-358.

T. Beth, D.E. Lazic, A. Mathias, *Cryptanalysis of cryptosystems based on remote chaos rephcation,* 318— 331.

I. Biehl, J. Buchmann, C. Thiel, *Cryptographic protocols based on discrete logarithms in real-quadratic or*

*ders,* 56-60.

J. Bierbrauer, K. Gopalakrishnan, D.R. Stinson, *Bounds for resilient functions and orthogonal arrays,*

247-256.

D. Bleichenbacher, U.M. Maurer, *Directed acychc graphs, one-way functions and digital signatures,* 75- 82.

C. Blundo, A. De Santis, G. Di Crescenzo, A.G. Gassia, U. Vaccaro, *Multi-secret sharing schemes,* ISO-

163.

M. Burmester, *On the risk of opening distributed keys,* 308-317.

R. Canetti, A. Herzberg, *Maintaining security in the presence of transient faults,* 425-438.

J. Chao, K. Tanada, S. Tsujii, *Design of elliptic* curves *with controllable lower boundary' of extension de*

*gree for reduction attacks, 50-55.*

B. Chor, A. Fiat, M. Naor, *Tracing traitors,* 257-270.

D. Coppersmith, *Attack on the cryptographic scheme NIKS-TAS,* 294-307.

R. Cramer, I. Damgard, B. Schoemnakers, *Proofs of partial knowledge and simplified design of witness*

*hiding protocols,* 174-187.

D. Davis, R. Ihaka, P. Fenstennacher. *Cryptographic randonmess from air turbulence in disk drives,* 114—

120.

O. Delos, J.-J. Quisquater, An *identity-based signature scheme with bounded life-span,* 83-94.

C. Dwork, M. Naor, *An efficient existentially uirforgeable signamre scheme and its applications,* 234-246.

C. Gehrmann, *Cryptanalysis of the Gemmell and Naor multiround authentication protocol,* 121-128.

H. Gilbert, P. Chauvaud, A *chosen plaintext attack of the 16-round Khufu cryptosystem,* 359-368.

M. Girault, J. Stem, On *the length of cryptographic hash-values used in identification schemes,* 202-215. T. Horvath, S.S. Masliveras, T. van Trans, *A parallel permutation multiplier for a PGM crypto-chip.* 108— 113.

T. Itoh, Y. Ohta, H. Shizuya, *Language dependent secure bit commitment,* 188-201.

B. S. Kaliski Jr., M.J.B. Robshaw, *Linear cryptanalysis using multiple approximations,* 26-39.

H. Krawczyk, *LFSR-based hashing and authentication,* 129-139.

K. Kurosawa, *New bound on authentication code with arbitration,* 140-149.

E. Kushilevitz, A. Rosen, A *randomness-rounds tradeoff hi private computation,* 397-410.

S. K. Langford, M.E. Heilman, *Differential-linear cryptanalysis,* 17-25.

C. H. Lim, P.J. Lee, *More flexible exponentiation with precomputation,* 95-107.

J. L. Massey, S. Serconek, A *Fourier transform approach to the lmear complexity of nonlinearly filtered se*

*quences,* 332-340.

M. Matsui, *Die first experimental cryptanalysis of the Data Encryption Standard,* 1-11.

U. M. Maurer, *Towards the equivalence of breaking the Diffie-Heilman protocol and computing discrete*

*logarithms,* 271-281.

P. Miliailescu, *Fast generation of provable primes using search in aritlunetic progressions,* 282-293.

K. Ohta, K. Aoki, *Linear cryptanalysis of the Fast Data Encipherment Algorithm,* 12-16.

T. Okamoto, *Designated confirmer signatures and public-key encryption are equivalent,* 61-74.

K. Sako, J. Kilian, *Secure vothig ushig partially compatible homomorphisms,* 411-424.

J. Seberry, X.-M. Zhang, Y. Zheng, *Pitfalls in designing substitution boxes,* 383-396.

J. Stem, *Designing identification schemes with keys of short size,* 164-173.

J.-P. Tillich, G. Zemor, *Hashing with SL-г,* 40-49.

Y. Tsunoo, E. Okamoto, T. Uyematsu, *Ciphertext only attack for one-way function of the MAP using one ciphertext,* 369-382.

Advances in Cryptology - CRYPTO ’95. Springer-Verlag LNCS 963 (1995).

Editor: D. Coppersmith.

R. Anderson, R. Needham, *Robustness principles for public key protocols,* 236-247.

D. Beaver, *Precomputing oblivous transfer,* 97-109.

P. Beguin, J.-J. Quisquater, *Fast server-aided RSA signatures secure against active attacks,* 57-69.

A. Beimel, B. Chor, *Secret sharing with pubhc reconstruction,* 353-366.

M. Bellare, R. Guerin, P. Rogaway, *XOR MACs: New methods for message authentication using finite pseudorandom functions,* 15-28.

G.R. Blakley, G.A. Kabatianskii, *On general perfect secret sharing schemes,* 367-371.

D. Bleichenbacher, W. Bosma, A.K. Lenstra, *Some remarks on Lucas-based cryptosystems,* 386-396.

D. Boneh, R.J. Lipton, *Quantum cryptanalysis of hidden linear functions,* 424-437.

D. Boneh, J. Shaw, *Collusion-secure Gngerpruiting for digital data,* 452-465.

R. Cramer, I. Damgard, *Secure signature schemes based on interactive protocols,* 297-310.

C. Crepeau, J. van de Graaf, A. Tapp, *Committed oblivious transfer and private multi-party computation, *110-123.

I. Damgard, O. Goldreich, T. Okamoto, A. Wigderson, *Honest verifier vs. dishonest verifier in public coin*

*zero-knowledge proofs,* 325-338.

B. Dodson, A.K. Lenstra, *NFS with four large primes: An explosive experiment,* 372-385.

Y. Frankel, M. Yung, *Cryptanalysis of the inunuiuzed LL public key systems,* 287-296.

Y. Frankel, M. Yung, *Escrow encryption systems visited: Attacks, analysis and designs,* 222-235.

S. Halevi, *Efficient conmntment schemes with bounded sender and unbounded receiver,* 84-96.

A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, *Proactive secret sharing or: How to cope with perpetual*

*leakage,* 339-352.

B. S. Kaliski Jr., Y.L. Yin, *On differential and linear cryptanalysis of the RC5 encryption alsoritlun,* 171—

184.

J. Kilian, *Improved efficient arguments,* 311-324.

J. Kilian, T. Leighton, *Fair cryptosystems, revisited:* A *rigorous approach to key-escrow,* 208-221.

A. Klapper, M. Goresky, *Cryptanalysis based on 2-adic rational approximation,* 262-273.

L.R. Knudsen, A *key-schedule weakness in SAFER K-64,* 274-286.

K. Kurosawa, S. Obana. W. Ogata, *t-cheater identifiable ***(к. n) ***threshold secret sharuis schemes,* 410-

423.

S.K. Langford, *Threshold DSS signatures without a trusted party,* 397-409.

A. K. Lenstra, P. Winkler, Y. Yacobi, A *key escrow system with warrant bounds,* 197-207.

C. H. Lim, P. J. Lee, *Security and performance of server-aided RSA computation protocols,* 70-83.

D. Mayers, *On the security of the quantum obhvious transfer and key distribution protocols,* 124-135.

S. Micali, R. Sidney, A *simple method for generating and sharing pseudo-random functions, with applica*

*tions to Clipper-like key escrow systems,* 185-196.

K. Ohta, S. Moriai, K. Aoki, *Improving the search algoritlun for the best linear expression,* 157-170.

T. Okamoto, *An efficient divisible electronic cash scheme,* 438-451.

S. -J. Park, S.-J. Lee, S.-C. Goh, *On the security of the Gollmaim cascades,* 148-156.

J. Patarin, *Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt ’88,* 248-261.

B. Preneel, P. van Oorschot, *MDx-MAC and building fast MACs from hash functions,* 1-14.

P. Rogaway, *Bucket hashing and its application to fast message authentication,* 29-42.

R. Schroeppel, H. Orman, S. O’Malley, O. Spatscheck, *Fast key exchanse with elliptic curve systems, *43-56.

T. Theobald, *How to break Shamir’s asymmetric basis,* 136-147.

Advances in Cryptology - CRYPTO ’96. Springer-Verlag LNCS 1109 (1996).

Editor: N. Koblitz.

M. Atici, D. Stinson, *Universal hashing and multiple authentication,* 16-30.

M. Bellare, R. Canetti, H. Krawczyk, *Keying hash functions for message authenticaion,* 1-15.

C. Blundo, L. Mattos, D. Stinson, *Trade-offs between communication and storage in unconditionally se*

*cure schemes for broadcast encryption and interactive key distribution,* 388-401.

D. Boneh, R. Lipton, *Algoritluns for black-box fields and their application to cryptography,* 283-297.

D. Boneh, R. Venkatesan, *Hardness of computing the most significant bits of secret keys in Diffie-Helhnan and related schemes,* 129-142.

A. Bosselaers, R. Govaerts, J. Vandewalle, *Fasthaslung on the Pentium,* 298-312.

P. Camion, A. Canteaut, *Generahzation of Siegenthaler inequality and Schnorr-Vaudenay multipermutations,* 373-387.

R. Cramer, I. Damgard, *New generation of secure and practical RSA-based signatures,* 173-185.

S. Droste, *New results on visual cryptography,* 402-416.

R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, *Robust and efficient sharing of RSA functions,* 157-172.

S. Halevi, S. Micali. *Practical and provably-secure commitment schemes from collision-free hashing,*

201-215.

T. Helleseth, T. Johansson, *Universal hash functions from exponential sums over finite fields and Galois*

*rings,* 31-44.

R. Hughes, G. Luther, G. Morgan, C. Peterson, C. Simmons, *Quantum cryptography over underground*

*optical fibers,* 329-343.

M. Jakobsson. M. Yung, *Provins without knowing: On oblivious, aenostic and blindfolded provers,* 186— 200.

J. Kelsey, B. Schneier, D. Wagner, *Key-schedule cryptanalysis of ЮЕА, G-DES, GOST. SAFER, and Triple-DES,* 237-251.

J. Kilian, P. Rogaway, *How to protect DES agamst exhaustive key search,* 252-267.

L. Knudsen, W. Meier, *Improved differential attacks on RC5,* 216-228.

P. Kocher, *Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,* 104-113.

S. Langford, Weaknesses *in some threshold cryptosystems,* 74-82.

J. Massey, S. Serconek, *Linear complexity of periodic sequences: A general theory',* 359-372.

U. Maurer, S. Wolf, *Diffie-Hellman oracles,* 268-282.

D. Mayers, *Quantum key distribution and string oblivious transfer in noisy channels,* 344-358.

M. Naslund, *All bits in ax + b mod p are hard,* 114-128.

J. Patarin, *Asymmetric cryptography with a hidden monomial,* 45-60.

C. Schnorr, *Security of 2 ^{1} -root identification and signatures,* 143-156.

V. Shoup, *On fast and provably secure message authentication basedon universal hashing,* 313-328.

D. Simon, Anonymous *communication and anonymous cash,* 61-73.

P. van Oorschot, M. Wiener, *Improving implementable meet-in-the-middle attacks by orders of magnitude, *229-236.

S. Vaudenay, *Hidden collisions on DSS,* 83-88.

A. Young, M. Yung, *The dark side of ‘black-box’ cryptography, or: Why should we trust Capstone?,* 89- ЮЗ.