Cryptographic primitives for information authentication - State of the art

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 1528, Issue , 1998, Pages 49-104

  Preneel, Bart ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

HASH FUNCTIONS; SECURITY SYSTEMS;

COLLISION-RESISTANT HASH FUNCTIONS; CRYPTOGRAPHIC HASH FUNCTIONS; CRYPTOGRAPHIC PRIMITIVES; DETECTION CODES; DIGITAL SIGNATURE SCHEMES; MESSAGE AUTHENTICATION CODES; STATE OF THE ART;

AUTHENTICATION;

EID: 84979021449     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-49248-8_3     Document Type: Conference Paper

References (181)

1. V. Afanassiev, C. Gehrmann, B. Smeets, "Fast message authentication using efficient polynomial evaluation," Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 190-204.
2. G.B. Agnew, R.C. Mullin, S.A. Vanstone, "Common application protocols and their security characteristics," CALMOS CA34C168 Application Notes, U.S. Patent Number 4,745,568, August 1989.
3. A.V. Aho, J.E. Hopcroft, J.D. Ullman, "The Design and Analysis of Computer Algorithms," Addison-Wesley, 1974.
4. W. Aiello, R. Venkatesan, "Foiling birthday attacks in length-doubling transformations. Benes: a non-reversible alternative to Feistel," Advances in Cryptology, Proceedings Eurocrypt'96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 307-320.
5. W. Aiello, S. Haber, R. Venkatesan, "New constructions for secure hash functions," Fast Software Encryption, LNCS 1372, S. Vaudenay, Ed., Springer-Verlag, 1998, pp. 150-167.
6. M. Ajtai, "Generating hard instances of lattice problems," Proc. 28th ACM Symposium on the Theory of Computing, 1996, pp. 99-108.
7. R. Anderson, E. Biham, "Tiger: A new fast hash function," Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 89-97.
8. ANSI X9.9-1986 (Revised), "American National Standard for Financial Institution Message Authentication (Wholesale)," ANSI, New York.
9. ANSI X9.19 "Financial Institution Retail Message Authentication," American Bankers Association, August 13, 1986.
10. M. Bellare, R. Canetti, H. Krawczyk, "Keying hash functions for message authentication," Advances in Cryptology, Proceedings Crypto'96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 1-15.
11. Full version: http:// www.research.ibm.com/security/.
12. M. Bellare, R. Canetti, H. Krawczyk, "Pseudorandom functions revisited: The cascade construction and its concrete security," Proc. 37th Annual Symposium on the Foundations of Computer Science, IEEE, 1996, pp. 514-523.
13. Full version via http://www-cse.ucsd.edu/users/mihir.
14. M. Bellare, O. Goldreich, S. Goldwasser, "Incremental cryptography: the case of hashing and signing," Advances in Cryptology, Proceedings Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 216-233.
15. M. Bellare, R. Guérin, P. Rogaway, "XOR MACs: new methods for message authentication using block ciphers," Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 15-28.
16. M. Bellare, J. Kilian, P. Rogaway, "The security of cipher block chaining," Advances in Cryptology, Proceedings Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 341-358.
17. M. Bellare, D. Micciancio, "A new paradigm for collision-free hashing: incre-mentality at reduced cost," Advances in Cryptology, Proceedings Eurocrypt'97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 163-192.
18. M. Bellare, P. Rogaway, "The exact security of digital signatures - how to sign with RSA and Rabin," Advances in Cryptology, Proceedings Eurocrypt'96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 399-416.
19. M. Bellare, P. Rogaway, "Collision-resistant hashing: towards making UOWHFs practical," Advances in Cryptology, Proceedings Crypto '97, LNCS 1294, B. Kaliski, Ed., Springer-Verlag, 1997, pp. 470-484.
20. E. Biham, "On the applicability of differential cryptanalysis to hash functions," D. I.S.S. Workshop on Cryptographic Hash Functions, Oberwolfach (D), March 25-27, 1992.
21. E. Biham, A. Shamir, "Differential Cryptanalysis of the Data Encryption Standard," Springer-Verlag, 1993.
22. D. Bleichenbacher, "Generating ElGamal signatures without knowing the secret key," Advances in Cryptology, Proceedings Eurocrypt '96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 10-18.
23. D. Bleichenbacher, U.M. Maurer, "Directed acyclic graphs, one-way functions and digital signatures," Advances in Cryptology, Proceedings Crypto '94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 75-82.
24. D. Boneh, M. Franklin, "Efficient generation of shared RSA keys," Advances in Cryptology, Proceedings Crypto'97, LNCS 1294, B. Kaliski, Ed., Springer-Verlag, 1997, pp. 425-439.
25. J. Bos, D. Chaum, "Provably unforgeable signatures," Advances in Cryptology, Proceedings Crypto'92, LNCS 740, E.F. Brickell, Ed., Springer-Verlag, 1993, pp. 1-14.
26. B.O. Brachtl, D. Coppersmith, M.M. Hyden, S.M. Matyas, C.H. Meyer, J. Oseas, S. Pilpel, M. Schilling, "Data Authentication Using Modification Detection Codes Based on a Public One Way Encryption Function," U.S. Patent Number 4,908,861, March 13, 1990.
27. G. Brassard, "On computationally secure authentication tags requiring short secret shared keys," Advances in Cryptology, Proceedings Crypto 82, D. Chaum, R.L. Rivest, and A.T. Sherman, Eds., Plenum Press, New York, 1983, pp. 79-86.
28. P. Camion, J. Patarin, "The knapsack hash function proposed at Crypto'89 can be broken," Advances in Cryptology, Proceedings Eurocrypt'91, LNCS 547, D.W. Davies, Ed., Springer-Verlag, 1991, pp. 39-53.
29. C.M. Campbell Jr., "Design and specification of cryptographic capabilities," D.K. Branstad, Ed., Computer Security and the Data Encryption Standard, NBS Special Publication 500-27, U.S. Department of Commerce, 1977, pp. 54-66.
30. J.L. Carter, M.N. Wegman, "Universal classes of hash functions," Journal of Computer and System Sciences, Vol. 18, 1979, pp. 143-154.
31. C.C.I.T.T. X.509, "The Directory - Authentication Framework," Recommendation, 1988, (same as ISO/IEC 9594-8, 1989).
32. F. Chabaud, A. Joux, "Differential collisions: an explanation for SHA-1," Advances in Cryptology, Proceedings Crypto'98, LNCS 1462, H. Krawczyk, Ed., Springer-Verlag, 1998, pp. 56-71.
33. 2 hashing scheme," Advances in Cryptology, Proceedings Asiacrypt'94, LNCS 917, J. Pieprzyk and R. Safavi-Naini, Eds., Springer-Verlag, 1995, pp. 322-330.
34. D. Chaum, S. Roijakkers, "Unconditionally-secure digital signatures," Advances in Cryptology, Proceedings Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 206-214.
35. D. Chaum, E. van Heijst, B. Pfitzmann, "Cryptographically strong undeniable signatures, unconditionally secure for the signer," Advances in Cryptology, Proceedings Crypto '91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 470-484.
36. D. Coppersmith, "Another birthday attack," Advances in Cryptology, Proceedings Crypto 85, LNCS 218, H.C. Williams, Ed., Springer-Verlag, 1985, pp. 14-17.
37. D. Coppersmith, "Analysis of ISO/CCITT Document X.509 Annex D," IBM T.J. Watson Center, Yorktown Heights, N.Y., 10598, Internal Memo, June 11, 1989, (also ISO/IEC JTC1/SC20/WG2/N160).
38. D. Coppersmith, B. Preneel, "Comments on MASH-1 and MASH-2," February 21, 1995, ISO/IEC JTC1/SC27/N1055.
39. J. Daemen, "Cipher and Hash Function Design. Strategies Based on Linear and Differential Cryptanalysis," Doctoral Dissertation, Katholieke Universiteit Leuven, 1995.
40. J. Daemen, C. Clapp, "Fast hashing and stream encryption with PANAMA," Fast Software Encryption, LNCS 1372, S. Vaudenay, Ed., Springer-Verlag, 1998, pp. 60-74.
41. J. Daemen, R. Govaerts, J. Vandewalle, "A framework for the design of oneway hash functions including cryptanalysis of Damgard's one-way function based on a cellular automaton," Advances in Cryptology, Proceedings Asiacrypt'91, LNCS 739, H. Imai, R.L. Rivest, and T. Matsumoto, Eds., Springer-Verlag, 1993, pp. 82-96.
42. I.B. Damgard, "Collision free hash functions and public key signature schemes," Advances in Cryptology, Proceedings Eurocrypt '87, LNCS 304, D. Chaum and W.L. Price, Eds., Springer-Verlag, 1988, pp. 203-216.
43. I.B. Damgard, "The application of claw free functions in cryptography," PhD Thesis, Aarhus University, Mathematical Institute, 1988.
44. I.B. Damgard, "A design principle for hash functions," Advances in Cryptology, Proceedings Crypto '89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416-427.
45. I.B. Damgard, T.P. Pedersen, B. Pfitzmann, "On the existence of statistically hiding bit commitment schemes and fail-stop signatures," Advances in Cryptology, Proceedings Crypto 93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 250-265.
46. D. Davies, W. L. Price, "The application of digital signatures based on public key cryptosystems," NPL Report DNACS 39/80, December 1980.
47. D. Davies, "A message authenticator algorithm suitable for a mainframe computer," Advances in Cryptology, Proceedings Crypto '84, LNCS 196, G.R. Blakley and D. Chaum, Eds., Springer-Verlag, 1985, pp. 393-400.
48. D. Davies, W.L. Price, "Security for Computer Networks: an Introduction to Data Security in Teleprocessing and Electronic Funds Transfer (2nd edition)," Wiley & Sons, 1989.
49. B. den Boer, A. Bosselaers, "An attack on the last two rounds of MD4," Advances in Cryptology, Proceedings Crypto'91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 194-203.
50. B. den Boer, A. Bosselaers, "Collisions for the compression function of MD5," Advances in Cryptology, Proceedings Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 293-304.
51. E. De Win, B. Preneel, "Elliptic curve public-key cryptosystems - an introduction," This Volume, pp. 132-142.
52. W. Diffie, M.E. Hellman, "New directions in cryptography," IEEE Trans. on Information Theory, Vol. IT-22, No. 6, 1976, pp. 644-654.
53. H. Dobbertin, "RIPEMD with two-round compress function is not collisionfree," Journal of Cryptology, Vol. 10, No. 1, 1997, pp. 51-69.
54. H. Dobbertin, "Cryptanalysis of MD4," Journal of Cryptology, Vol. 11, No. 4, 1998, pp. 253-271.
55. Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 53-69.
56. H. Dobbertin, "The status of MD5 after a recent attack," CryptoBytes, Vol. 2, No. 2, Summer 1996, pp. 1-6.
57. H. Dobbertin, "The first two rounds of MD4 are not one-way," Fast Software Encryption, LNCS 1372, S. Vaudenay, Ed., Springer-Verlag, 1998, pp. 284-292.
58. H. Dobbertin, A. Bosselaers, B. Preneel, "RIPEMD-160: a strengthened version of RIPEMD," Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 71-82. See also http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.
59. C. Dwork, M. Naor, "An efficient existentially unforgeable signature scheme and its applications," Advances in Cryptology, Proceedings Crypto '94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 234-246.
60. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. on Information Theory, Vol. IT-31, No. 4, 1985, pp. 469-472.
61. J.H. Evertse, E. Van Heijst, "Which new RSA-signatures can be computed from certain given RSA-signatures?" Journal of Cryptology, Vol. 5, No. 1, 1992, pp. 41-52.
62. V. Fak, "Repeated uses of codes which detect deception," IEEE Trans. on Information Theory, Vol. IT-25, No. 2, 1979, pp. 233-234.
63. U. Feige, A. Fiat, A. Shamir, "Zero knowledge proofs of identity," Journal of Cryptology, Vol. 1, No. 2, 1988, pp. 77-94.
64. FIPS 46, "Data Encryption Standard," Federal Information Processing Standard, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., January 1977 (revised as FIPS 46-1:1988; FIPS 46-2:1993).
65. FIPS 81, "DES Modes of Operation," Federal Information Processing Standard, National Bureau of Standards, US Department of Commerce, Washington D.C., December 1980.
66. FIPS 113, "Computer Data Authentication," Federal Information Processing Standard, National Bureau of Standards, US Department of Commerce, Washington D.C., May 1985.
67. FIPS 180, "Secure Hash Standard," Federal Information Processing Standard (FIPS), Publication 180, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., May 11, 1993.
68. FIPS 180-1, "Secure Hash Standard," Federal Information Processing Standard (FIPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 17, 1995.
69. FIPS 186, "Digital Signature Standard," Federal Information Processing Standard (FIPS), Publication 186, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., May 19, 1994.
70. Y. Frankel, P. D. MacKenzie, M. Yung, "Robust efficient distributed RSA-key generation," Proc. 30th ACM Symposium on the Theory of Computing, 1998.
71. A. Fujioka, T. Okamoto, S. Miyaguchi, "ESIGN: an efficient digital signature implementation for smart cards," Advances in Cryptology, Proceedings Euro-crypt'91, LNCS 547, D.W. Davies, Ed., Springer-Verlag, 1991, pp. 446-457.
72. W. Geiselmann, "A note on the hash function of Tillich and Zemor," Cryptography and Coding. 5th IMA Conference, C. Boyd, Ed., Springer-Verlag, 1995, pp. 257-263.
73. J.K. Gibson, "Some comments on Damgard's hashing principle," Electronic Letters, Vol. 26, No. 15, 1990, pp. 1178-1179.
74. J.K. Gibson, "Discrete logarithm hash function that is collision free and one way," IEE Proceedings-E, Vol. 138, No. 6, November 1991, pp. 407-410.
75. E. Gilbert, F. MacWilliams, N. Sloane, "Codes which detect deception," Bell System Technical Journal, Vol. 53, No. 3, 1974, pp. 405-424.
76. M. Girault, "Hash-functions using modulo-n operations," Advances in Cryptology, Proceedings Eurocrypt'87, LNCS 304, D. Chaum and W.L. Price, Eds., Springer-Verlag, 1988, pp. 217-226.
77. M. Girault, R. Cohen, M. Campana, "A generalized birthday attack," Advances in Cryptology, Proceedings Eurocrypt'88, LNCS 330, C.G. Gunther, Ed., Springer-Verlag, 1988, pp. 129-156.
78. M. Girault, J.-F. Misarsky, "Selective forgery of RSA signatures using redundancy," Advances in Cryptology, Proceedings Eurocrypt'97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 495-507.
79. M. Girault, J. Stern, "On the length of cryptographic hash-values used in identification schemes," Advances in Cryptology, Proceedings Crypto '94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 202-215.
80. O. Goldreich, S. Goldwasser, S. Halevi, "Collision-free hashing from lattice problems," Theory of Cryptography Library, http://philby.ucsd.edu/cryptolib.html, 96-09, July 1996.
81. S. Goldwasser, S. Micali, R.L. Rivest, "A digital signature scheme secure against adaptive chosen-message attacks," SIAM Journal on Computing, Vol. 17, No. 2, 1988, pp. 281-308.
82. J.A. Gordon, "How to forge RSA certificates," Electronics Letters, Vol. 21, No. 9, 1985, pp. 377-379.
83. L.C. Guillou, J.-J. Quisquater, M. Walker, P. Landrock, C. Shaer, "Precautions taken against various potential attacks in ISO/IEC DIS 9796," Advances in Cryptology, Proceedings Eurocrypt'90, LNCS 473, I.B. Damgard, Ed., Springer-Verlag, 1991, pp. 465-473.
84. S. Halevi, H. Krawczyk, "MMH: Software message authentication in the Gbit/second rates," Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 172-189.
85. M. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer, "Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard," Information Systems Lab., Dept. of Electrical Eng., Stanford Univ., 1976.
86. W. Hohl, X. Lai, T. Meier, C. Waldvogel, "Security of iterated hash functions based on block ciphers," Advances in Cryptology, Proceedings Crypto 93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 379-390.
87. R. Impagliazzo, M. Naor, "Efficient cryptographic schemes provably as secure as subset sum," Journal of Cryptology, Vol. 9, No. 4, 1996, pp. 199-216.
88. ISO 7498-2, "Information processing - Open systems interconnection - Basic reference model - Part 2: Security architecture," 1987.
89. ISO 8731, "Banking - approved algorithms for message authentication - Part 1: DEA," 1987. "Part 2, Message Authentication Algorithm (MAA)," 1987.
90. ISO/IEC 9796, "Information technology - Security techniques - Part 1: Digital signature scheme giving message recovery," 1991, "Part 2: Mechanisms using a hash-function," 1997.
91. ISO/IEC 9797, "Information technology - Data cryptographic techniques - Data integrity mechanisms using a cryptographic check function employing a block cipher algorithm," ISO/IEC, 1994.
92. ISO/IEC 10116, "Information technology - Security techniques - Modes of operation of an n-bit block cipher algorithm," 1996.
93. ISO/IEC 10118, "Information technology - Security techniques - Hash-functions, Part 1: General", 1994, "Part 2: Hash-functions using an n-bit block cipher algorithm," 1994, "Part 3: Dedicated hash-functions," 1998. "Part 4: Hash-functions using modular arithmetic," (FDIS) 1998.
94. "Hash functions using a pseudo random algorithm," ISO-IEC/JTC1/SC27/WG2 N98, Japanese contribution, 1991.
95. M. Jakubowski, R. Venkatesan, "The chain & sum primitive and its applications to MACs and stream ciphers," Advances in Cryptology, Proceedings Eurocrypt '98, LNCS 1403, K. Nyberg, Ed., Springer-Verlag, 1998, pp. 281-293.
96. T. Johansson, "Bucket hashing with a small key size," Advances in Cryptology, Proceedings Eurocrypt'97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 149-162.
97. A. Joux, L. Granboulan, "A practical attack against knapsack based hash functions," Advances in Cryptology, Proceedings Eurocrypt '94, LNCS 950, A. De Santis, Ed., Springer-Verlag, 1995, pp. 58-66.
98. R.R. Jueneman, S.M. Matyas, C.H. Meyer, "Message authentication with Manipulation Detection Codes," Proc. 1983 IEEE Symposium on Security and Privacy, 1984, pp. 33-54.
99. R.R. Jueneman, "A high speed Manipulation Detection Code," Advances in Cryptology, Proceedings Crypto '86, LNCS 263, A.M. Odlyzko, Ed., Springer-Verlag, 1987, pp. 327-347.
100. G.A. Kabatianskii, T. Johansson, B. Smeets, "On the cardinality of systematic A-codes via error correcting codes," IEEE Trans. on Information Theory, Vol. IT-42, No. 2, 1996, pp. 566-578.
101. B.S. Kaliski, "The MD2 Message-Digest algorithm," Request for Comments (RFC) 1319, Internet Activities Board, Internet Privacy Task Force, April 1992.
102. L.R. Knudsen, "New potentially 'weak' keys for DES and LOKI," Advances in Cryptology, Proceedings Eurocrypt'94, LNCS 950, A. De Santis, Ed., Springer-Verlag, 1995, pp. 419-424.
103. L. Knudsen, "Chosen-text attack on CBC-MAC," Electronics Letters, Vol. 33, No. 1, 1997, pp. 48-49.
104. L.R. Knudsen, X. Lai, B. Preneel, "Attacks on fast double block length hash functions," Journal of Cryptology, Vol. 11, No. 1, Winter 1998, pp. 59-72.
105. L.R. Knudsen, B. Preneel, "Fast and secure hashing based on codes," Advances in Cryptology, Proceedings Crypto'97, LNCS 1294, B. Kaliski, Ed., Springer-Verlag, 1997, pp. 485-498.
106. L. Knudsen, B. Preneel, "MacDES: MAC algorithm based on DES," Electronics Letters, Vol. 34, No. 9, 1998, pp. 871-873
107. H. Krawczyk, "LFSR-based hashing and authentication," Advances in Cryptology, Proceedings Crypto '94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 129-139.
108. H. Krawczyk, "New hash functions for message authentication," Advances in Cryptology, Proceedings Eurocrypt '95, LNCS 921, L.C. Guillou and J.- J. Quisquater, Eds., Springer-Verlag, 1995, pp. 301-310.
109. X. Lai, "On the Design and Security of Block Ciphers," ETH Series in Information Processing, Vol. 1, J. Massey, Ed., Hartung-Gorre Verlag, Konstanz, 1992.
110. X. Lai, J.L. Massey, "Hash functions based on block ciphers," Advances in Cryptology, Proceedings Eurocrypt'92, LNCS 658, R.A. Rueppel, Ed., Springer-Verlag, 1993, pp. 55-70.
111. A. Lenstra, H. Lenstra, L. Lovász, "Factoring polynomials with rational coefficients," Mathematischen Annalen, Vol. 261, pp. 515-534, 1982.
112. M. Matsui, "The first experimental cryptanalysis of the Data Encryption Standard," Advances in Cryptology, Proceedings Crypto'94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 1-11.
113. J.L. Massey, "Cryptography - A selective survey," Digital Communications (Proc. 1985 International Tirrenia Workshop), E. Biglieri, G. Prati, Eds., Elsevier Science Publ., 1986, pp. 3-25.
114. J.L. Massey, "An introduction to contemporary cryptology," in "Contemporary Cryptology: The Science of Information Integrity," G.J. Simmons, Ed., IEEE Press, 1991, pp. 3-39.
115. S.M. Matyas, C.H. Meyer, J. Oseas, "Generating strong one-way functions with cryptographic algorithm," IBM Techn. Disclosure Bull., Vol. 27, No. 10A, 1985, pp. 5658-5659.
116. K. Mehlhorn, U. Vishkin, "Randomized and deterministic simulations of PRAMs by parallel machines with restricted granularity of parallel memories," Acta In-formatica, Vol. 21, Fasc. 4, 1984, pp. 339-374.
117. A. Menezes, Elliptic Curve Public-Key Cryptosystems, Kluwer Academic Publishers, 1993.
118. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography," CRC Press, 1997.
119. R. Merkle, "Secrecy, Authentication, and Public Key Systems," UMI Research Press, 1979.
120. R. Merkle, "A certified digital signature," Advances in Cryptology, Proceedings Crypto '89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 218-238.
121. R. Merkle, "One way hash functions and DES," Advances in Cryptology, Proceedings Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 428-446.
122. R. Merkle, "A fast software one-way hash function," Journal of Cryptology, Vol. 3, No. 1, 1990, pp. 43-58.
123. R. Merkle, M. Hellman, "Hiding information and signatures in trapdoor knapsacks," IEEE Trans. on Information Theory, Vol. IT-24, No. 5, 1978, pp. 525-530.
124. C.H. Meyer, S.M. Matyas, "Cryptography: a New Dimension in Data Security," Wiley & Sons, 1982.
125. C.H. Meyer, M. Schilling, "Secure program load with Manipulation Detection Code," Proc. Securicom 1988, pp. 111-130.
126. C. Mitchell, "Multi-destination secure electronic mail," The Computer Journal, Vol. 32, No. 1, 1989, pp. 13-15.
127. S. Miyaguchi, M. Iwata, K. Ohta, "New 128-bit hash function," Proc. 4th International Joint Workshop on Computer Communications, Tokyo, Japan, July 13-15, 1989, pp. 279-288.
128. S. Miyaguchi, K. Ohta, M. Iwata, "128-bit hash function (N-hash)," Proc. Securi-com 1990, pp. 127-137.
129. J.H. Moore, G.J. Simmons, "Cycle structure of the DES for keys having palindromic (or antipalindromic) sequences of round keys," IEEE Trans. on Software Engineering, Vol. 13, 1987, pp. 262-273.
130. J.H. Moore, "Protocol failures in cryptosystems," in "Contemporary Cryptology: The Science of Information Integrity," G.J. Simmons, Ed., IEEE Press, 1991, pp. 543-558.
131. M. Naor, M. Yung, "Universal one-way hash functions and their cryptographic applications," Proc. 21st ACM Symposium on the Theory of Computing, 1990, pp. 387-394.
132. A.M. Odlyzko, "The rise and fall of knapsack cryptosystems," Cryptology and Computational Number Theory, C. Pomerance, Ed., Proc. Sympos. Appl. Math., Vol. 42, American Mathematical Society, 1990, pp. 75-88.
133. T. Okamoto, "Provably secure and practical identification schemes and corresponding signature schemes," Advances in Cryptology, Proceedings Crypto '92, LNCS 740, E.F. Brickell, Ed., Springer-Verlag, 1993, pp. 31-53.
134. T. Okamoto, K. Ohta, "A modification of the Fiat-Shamir scheme," Advances in Cryptology, Proceedings Crypto '88, LNCS 403, S. Goldwasser, Ed., Springer-Verlag, 1990, pp. 232-243.
135. J. Patarin, "Collisions and inversions for Damgard's whole hash function," Advances in Cryptology, Proceedings Asiacrypt'94, LNCS 917, J. Pieprzyk and R. Safavi-Naini, Eds., Springer-Verlag, 1995, pp. 307-321.
136. B. Pfitzmann, "Digital Signatures Schemes. General Framework and Fail-Stop Signatures," LNCS 1100, Springer-Verlag, 1996.
137. B. Preneel, "Analysis and design of cryptographic hash functions," Doctoral Dissertation, Katholieke Universiteit Leuven, 1993.
138. B. Preneel, R. Govaerts, J. Vandewalle, "Cryptographically secure hash functions: an overview," ESAT Internal Report, K.U. Leuven, 1989.
139. B. Preneel, R. Govaerts, J. Vandewalle, "On the power of memory in the design of collision resistant hash functions," Advances in Cryptology, Proceedings Auscrypt'92, LNCS 718, J. Seberry and Y. Zheng, Eds., Springer-Verlag, 1993, pp. 105-121.
140. B. Preneel, R. Govaerts, J. Vandewalle, "Hash functions based on block ciphers: a synthetic approach," Advances in Cryptology, Proceedings Crypto '93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 368-378.
141. B. Preneel, V. Rijmen, A. Bosselaers, "Recent developments in the design of conventional cryptographic algorithms," This Volume, pp. 106-131.
142. B. Preneel, V. Rijmen, P.C. van Oorschot, "A security analysis of the Message Authenticator Algorithm (MAA)," European Transactions on Telecommunications, Vol. 8, No. 5, 1997, pp. 455-470.
143. B. Preneel, P.C. van Oorschot, "MDx-MAC and building fast MACs from hash functions," Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 1-14.
144. B. Preneel, P.C. van Oorschot, "On the security of two MAC algorithms," Advances in Cryptology, Proceedings Eurocrypt'96, LNCS 1070, U. Maurer, Ed., Springer-Verlag, 1996, pp. 19-32.
145. B. Preneel, P.C. van Oorschot, "A key recovery attack on the ANSI X9.19 retail MAC," Electronics Letters, Vol. 32, No. 17, 1996, pp. 1568-1569.
146. J.-J. Quisquater, J.-P. Delescaille, "How easy is collision search ? Application to DES," Advances in Cryptology, Proceedings Eurocrypt'89, LNCS 434, J.- J. Quisquater and J. Vandewalle, Eds., Springer-Verlag, 1990, pp. 429-434.
147. J.-J. Quisquater, J.-P. Delescaille, "How easy is collision search. New results and applications to DES," Advances in Cryptology, Proceedings Crypto '89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 408-413.
148. J.-J. Quisquater, L. Guillou, "A "paradoxical" identity-based signature scheme resulting from zero-knowledge," Advances in Cryptology, Proceedings Crypto 88, LNCS 403, S. Goldwasser, Ed., Springer-Verlag, 1990, pp. 216-231.
149. M.O. Rabin, "Digitalized signatures," in "Foundations of Secure Computation," R. Lipton, R. DeMillo, Eds., Academic Press, New York, 1978, pp. 155-166.
150. M.O. Rabin, "Digitalized signatures and public-key functions as intractable as factorization," Technical Report MIT/LCS/TR-212, Massachusetts Institute of Technology, Laboratory for Computer Science, Cambridge, MA, January 1979.
151. V. Rijmen, B. Preneel, "Improved characteristics for differential cryptanalysis of hash functions based on block ciphers," Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 242-248.
152. RIPE, "Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040)," LNCS 1007, A. Bosselaers, B. Preneel, Eds., Springer-Verlag, 1995.
153. R.L. Rivest, "The MD4 message digest algorithm," Advances in Cryptology, Proceedings Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303-311.
154. R.L. Rivest, "The MD5 message-digest algorithm," Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
155. R.L. Rivest, "All-or-nothing encryption and the package transform," Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 210-218.
156. R.L. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications ACM, Vol. 21, February 1978, pp. 120-126.
157. P. Rogaway, "Bucket hashing and its application to fast message authentication," Advances in Cryptology, Proceedings Crypto '95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 29-42.
158. N. Rogier, P. Chauvaud, "MD2 is not secure without the checksum byte," Designs, Codes, and Cryptography, Vol. 12, No. 3, 1997, pp. 245-251.
159. J. Rompel, "One-way functions are necessary and sufficient for secure signatures," Proc. 22nd ACM Symposium on the Theory of Computing, 1990, pp. 387-394.
160. R.A. Rueppel, "Stream ciphers," in "Contemporary Cryptology: The Science of Information Integrity," G.J. Simmons, Ed., IEEE Press, 1991, pp. 65-134.
161. C.P. Schnorr, "Efficient identification and signatures for smart cards," Advances in Cryptology, Proceedings Crypto '89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 239-252.
162. C.P. Schnorr, S. Vaudenay, "Parallel FFT-Hashing," Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 149-156.
163. C.E. Shannon, "Communication theory of secrecy systems," Bell System Technical Journal, Vol. 28, 1949, pp. 656-715.
164. V. Shoup, "On fast and provably secure message authentication based on universal hashing, Advances in Cryptology, Proceedings Crypto'96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 313-328.
165. G.J. Simmons, "A survey of information authentication," in "Contemporary Cryptology: The Science of Information Integrity," G.J. Simmons, Ed., IEEE Press, 1991, pp. 381-419.
166. G.J. Simmons, "How to insure that data acquired to verify treat compliance are trustworthy," in "Contemporary Cryptology: The Science of Information Integrity," G.J. Simmons, Ed., IEEE Press, 1991, pp. 615-630.
167. D. Simon, "Finding collisions on a one-way street: Can secure hash functions be based on general assumptions?" Advances in Cryptology, Proceedings Euro-crypt'98, LNCS 1403, K. Nyberg, Ed., Springer-Verlag, 1998, pp. 334-345.
168. D.R. Stinson, "The combinatorics of authentication and secrecy codes," Journal of Cryptology, Vol. 2, No. 1, 1990, pp. 23-49.
169. D.R. Stinson, "Universal hashing and authentication codes," Designs, Codes, and Cryptography, Vol. 4, No. 4, 1994, pp. 369-380.
170. Advances in Cryptology, Proceedings Crypto'91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 74-85.
171. D.R. Stinson, "Combinatorial characterizations of authentication codes," Designs, Codes, and Cryptography, Vol. 2, No. 2, 1992, pp. 175-187.
172. Advances in Cryptology, Proceedings Crypto 91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 62-73.
173. 2," Advances in Cryptology, Proceedings Crypto '94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 40-49.
174. P.C. van Oorschot, M.J. Wiener, "Parallel collision search with application to hash functions and discrete logarithms," Proc. 2nd ACM Conference on Computer and Communications Security, ACM, 1994, pp. 210-218 (final version to appear in Journal of Cryptology).
175. G.S. Vernam, "Cipher printing telegraph system for secret wire and radio telegraph communications," Journal American Institute of Electrical Engineers, Vol. XLV, 1926, pp. 109-115.
176. M.N. Wegman, J.L. Carter, "New hash functions and their use in authentication and set equality," Journal of Computer and System Sciences, Vol. 22, No. 3, 1981, pp. 265-279.
177. A.C. Yao, "Theory and applications of trapdoor functions," Proc. 23rd IEEE Symposium on Foundations of Computer Science, 1982, pp. 80-91.
178. G. Yuval, "How to swindle Rabin," Cryptologia, Vol. 3, 1979, pp. 187-189.
179. G. Zémor, "Hash functions and Cayley graphs," Designs, Codes, and Cryptography, Vol. 4, No. 4, 1994, pp. 381-394.
180. Y. Zheng, T. Matsumoto, H. Imai, "Connections between several versions of oneway hash functions," Proc. SCIS90, The 1990 Symposium on Cryptography and Information Security, Nihondaira, Japan, Jan. 31-Feb. 2, 1990.
181. Y. Zheng, J. Pieprzyk, J. Seberry, "HAVAL - a one-way hashing algorithm with variable length output," Advances in Cryptology, Proceedings Auscrypt'92, LNCS 718, J. Seberry and Y. Zheng, Eds., Springer-Verlag, 1993, pp. 83-104.