Introduction to modern cryptography

Introduction to Modern Cryptography

Volumn , Issue , 2007, Pages 1-527

  Katz, Jonathan ^a   Lindell, Yehuda ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EID: 85122602758     PISSN: None     EISSN: None     Source Type: Book    
DOI: None     Document Type: Book

References (149)

1. C. Adams and S. Lloyd. Understanding PKI: Concepts, Standards, and Deployment Considerations. Addison Wesley, 2nd edition, 2002.
2. M. Agrawal, N. Kayal, and N. Saxena. PRIMES is in P. Annals of Mathematics, 160(2):781-793, 2004.
3. W. Aiello, M. Bellare, G. Di Crescenzo, and R. Venkatesan. Security amplification by composition: The case of doubly-iterated, ideal ciphers. In Advances in Cryptology - Crypto '98, volume 1462 of Lecture Notes in Computer Science, pages 390-407. Springer, 1998.
4. A.Akavia, S. Goldwasser, and S. Safra. Proving hard-core predicates using list decoding. In Proc. 44th Annual Symposium on Foundations of Computer Science, pages 146-157. IEEE, 2003.
5. W. Alexi, B. Chor, O. Goldreich, and C.P. Schnorr. RSA and Rabin functions: Certain parts are as hard as the whole. SIAM Journal on Computing, 17(2):194-209, 1988.
6. J.H. An, Y. Dodis, and T. Rabin. On the security of joint signature and encryption. In Advances in Cryptology - Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 83-107. Springer, 2002.
7. P. Barreto. The hashing function lounge. Online link can be found at http://paginas.terra.com.br/informatica/paulobarreto.
8. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In Advances in Cryptology - Crypto '96, volume 1109 of Lecture Notes in Computer Science, pages 1-15. Springer, 1996.
9. M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. In Proc. 38th Annual Symposium on Foundations of Computer Science, pages 394-403. IEEE, 1997.
10. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology - Crypto '98, volume 1462 of Lecture Notes in Computer Science, pages 26-45. Springer, 1998.
11. M. Bellare, O. Goldreich, and A. Mityagin. The power of verification queries in message authentication and authenticated encryption. Available at http://eprint.iacr.org/2004/309.
12. M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362-399, 2000.
13. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Ad- vances in Cryptology - Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 531-545. Springer, 2000.
14. M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In 1st ACM Conf. on Computer and Communications Security, pages 62-73. ACM, 1993.
15. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Ad-vances in Cryptology - Eurocrypt '94, volume 950 of Lecture Notes in Computer Science, pages 92-111. Springer, 1995.
16. M. Bellare and P. Rogaway. The exact security of digital signatures- how to sign with RSA and Rabin. In Advances in Cryptology -Eurocrypt '96, volume 1070 of Lecture Notes in Computer Science, pages 399-416. Springer, 1996.
17. M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. In Advances in Cryp-tology - Eurocrypt 2006, volume 4004 of Lecture Notes in Computer Science, pages 409-426. Springer, 2006. A full version of the paper is available at http://eprint.iacr.org.
18. E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryposystems. Journal of Cryptology, 4(1):3-72, 1991.
19. E. Biham and A. Shamir. Differential Cryptanalysis of the Data En-cryption Standard. Springer, 1993.
20. D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS#1. In Advances in Cryptology-Crypto '98, volume 1462 of Lecture Notes in Computer Science, pages 1-12. Springer, 1998.
21. M. Blum. Coin flipping by telephone. In Proc. IEEE COMPCOM, pages 133-137, 1982.
22. M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial information. In Advances in Cryptology - Crypto '84, volume 196 of Lecture Notes in Computer Science, pages 289-302. Springer, 1985.
23. M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing, 13(4):850-864, 1984.
24. D. Boneh. The decision Diffie-Hellman problem. In Algorithmic Number Theory, 3rd Intl. Symposium, volume 1423 of Lecture Notes in Computer Science, pages 48-63. Springer, 1998.
25. D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the American Mathematical Society, 46(2):203-213, 1999.
26. D. Boneh. Simplified OAEP for the RSA and Rabin functions. In Advances in Cryptology - Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 275-291. Springer, 2001.
27. D. Boneh, A. Joux, and P. Nguyen. Why textbook ElGamal and RSA encryption are insecure. In Advances in Cryptology - Asiacrypt 2000, volume 1976 of Lecture Notes in Computer Science, pages 30-44. Springer, 2000.
28. D. Boneh and R. Venkatesan. Breaking RSA may not be equivalent to factoring. In Advances in Cryptology - Eurocrypt '98, volume 1403 of Lecture Notes in Computer Science, pages 59-71. Springer, 1998.
29. D. Bressoud. Factorization and Primality Testing. Springer, 1989.
30. R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of the ACM, 51(4):557-594, 2004.
31. D. Chaum, E. van Heijst, and B. Pfitzmann. Cryptographically strong undeniable signatures, unconditionally secure for the signer. In Ad-vances in Cryptology - Crypto '91, volume 576 of Lecture Notes in Computer Science, pages 470-484. Springer, 1992.
32. L.N. Childs. A Concrete Introduction to Higher Algebra. Undergraduate Texts in Mathematics. Springer, 2nd edition, 2000.
33. C. Cid, S. Murphy, and M. Robshaw. Algebraic Aspects of the Advanced Encryption Standard. Springer, 2006.
34. D. Coppersmith. The Data Encryption Standard (DES) and its strength against attacks. IBM Journal of Research and De-velopment, 38(3):243-250, 1994. Available for download from http://researchweb.watson.ibm.com/journal/rd/.
35. J.-S. Coron. On the exact security of full-domain hash. In Advances in Cryptology - Crypto 2000, volume 1880 of Lecture Notes in Computer Science, pages 229-235. Springer, 2000.
36. J.-S. Coron. Optimal security proofs for PSS and other signature schemes. In Advances in Cryptology - Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 272-287. Springer, 2002.
37. J.-S. Coron, Y. Dodis, C. Malinaud, and P. Puniya. Merkle-Damg°ard revisited: How to construct a hash function. In Advances in Cryptology- Crypto 2005, volume 3621 of Lecture Notes in Computer Science, pages 430-448. Springer, 2005.
38. R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security, 3(3):161-185, 2000.
39. R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack.SIAM Journal on Computing, 33(1):167-226, 2003.
40. R. Crandall and C. Pomerance. Prime Numbers: A Computational Perspective. Springer, 2nd edition, 2005.
41. J. Daemen and V. Rijmen. The Design of Rijndael: AES - The Ad-vanced Encryption Standard. Springer, 2002.
42. W. Dai. Crypto++ 5.2.1 benchmarks. Available for download from http://www.cryptopp.com/benchmarks.html.
43. I. Damg°ard. Collision free hash functions and public key signature schemes. In Advances in Cryptology - Eurocrypt '87, volume 304 of Lecture Notes in Computer Science, pages 1-20. Springer, 1988.
44. I. Damg°ard. A design principle for hash functions. In Advances in Cryptology - Crypto '89, volume 435 of Lecture Notes in Computer Science, pages 416-427. Springer, 1990.
45. J. DeLaurentis. A further weakness in the common modulus protocol for the RSA cryptoalgorithm. Cryptologia, 8:253-259, 1984.
46. M. Dietzfelbinger. Primality Testing in Polynomial Time. Springer, 2004.
47. W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644-654, 1976.
48. W. Diffie and M. Hellman. Exhaustive cryptanalysis of the NBS data encryption standard. Computer, pages 74-84, June 1977.
49. J.D. Dixon. Asymptotically fast factorization of integers. Mathematics of Computation, 36:255-260, 1981.
50. D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. SIAM Journal on Computing, 30(2):391-437, 2000.
51. C. Ellison and B. Schneier. Ten risks of PKI:What you're not being told about public key infrastructure. Computer Security Journal, 16(1):1-7, 2000.
52. S. Even and Y. Mansour. A construction of a cipher from a single pseudorandom permutation. In ASIACRYPT, volume 739 of Lecture Notes in Computer Science, pages 210-224. Springer, 1993.
53. H. Feistel. Cryptography and computer privacy. Scientific American, 228(5):15-23, 1973.
54. A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology -Crypto '86, volume 263 of Lecture Notes in Computer Science, pages 186-194. Springer, 1987.
55. M. Fischlin. The Cramer-Shoup strong-RSA signature scheme revisited. In Public Key Cryptography - PKC 2003, volume 2567 of Lecture Notes in Computer Science, pages 116-129. Springer, 2003.
56. S. Fluhrer, I. Mantin, and A. Shamir. Attacks on RC4 and WEP. CryptoBytes, 5(2):26-34, 2002.
57. J.B. Fluhrer, I. Mantin, and A. Shamir. Attacks on RC4 and WEP. CryptoBytes, 5(2):26-34, 2002.
58. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In Advances in Cryptology -Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 260-274. Springer, 2001.
59. T. El Gamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory, 31(4):469-472, 1985.
60. C.F. Gauss. Disquisitiones Arithmeticae. Springer, 1986. (English edition).
61. R. Gennaro, S. Halevi, and T. Rabin. Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology - Eurocrypt '99, volume 1592 of Lecture Notes in Computer Science, pages 123-139. Springer, 1999.
62. E.-J. Goh, S. Jarecki, J. Katz, and N.Wang. Efficient signature schemes with tight security reductions to the Diffie-Hellman problems. J. Cryp-tology, to appear.
63. O. Goldreich. Two remarks concerning the Goldwasser-Micali-Rivest signature scheme. In Advances in Cryptology - Crypto '86, volume 263 of Lecture Notes in Computer Science, pages 104-110. Springer, 1987.
64. O. Goldreich. Foundations of Cryptography, vol. 1: Basic Tools. Cambridge University Press, 2001.
65. O. Goldreich. Foundations of Cryptography, vol. 2: Basic Applications. Cambridge University Press, 2004.
66. O. Goldreich, S. Goldwasser, and S. Micali. On the cryptographic applications of random functions. In Advances in Cryptology-Crypto'84, volume 196 of Lecture Notes in Computer Science, pages 276-288. Springer, 1985.
67. O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):792-807, 1986.
68. O. Goldreich and L. Levin. A hard-core predicate for all one-way functions. In Proc. 21st Annual ACM Symposium on Theory of Computing, pages 25-32. ACM, 1989.
69. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Com-puter and System Sciences, 28(2):270-299, 1984.
70. S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281-308, 1988.
71. S. Goldwasser, S. Micali, and A.C.-C. Yao. Strong signature schemes. In Proc. 15th Annual ACM Symposium on Theory of Computing, pages 431-439. ACM, 1983.
72. D. Hankerson, A.J. Menezes, and S.A. Vanstone. Guide to Elliptic Curve Cryptography. Springer, 2004.
73. J. H°astad. Solving simultaneous modular equations of low degree. SIAM Journal on Computing, 17(2):336-341, 1988.
74. J. H°astad, R. Impagliazzo, L. Levin, and M. Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364-1396, 1999.
75. J. H°astad and M. Näslund. The security of all RSA and discrete log bits. Journal of the ACM, 51(2):187-230, 2004.
76. I.N. Herstein. Abstract Algebra. Wiley, 3rd edition, 1996.
77. H. Heys. A tutorial on linear and differential cryptanalysis. Cryptologia, 26(3):189-221, 2002.
78. H.M. Heys. The Design of Substitution-Permutation Network Ciphers Resistant to Cryptanalysis. PhD thesis, Queen's University, 1994.
79. R. Impagliazzo and M. Luby. One-way functions are essential for complexity based cryptography. In Proc. 30th Annual Symposium on Foun-dations of Computer Science, pages 230-235. IEEE, 1989.
80. ISO/IEC 9797. Data cryptographic techniques - data integrity mechanism using a cryptographic check function employing a block cipher algorithm, 1989.
81. D. Kahn. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Scribner, 1996.
82. A. Kalai. Generating random factored numbers, easily. Journal of Cryptology, 16(4):287-289, 2003.
83. J. Katz. Digital Signatures. Springer, 2007.
84. J. Katz and C.-Y. Koo. On constructing universal one-way hash functions from arbitrary one-way functions. J. Cryptology, to appear. Available at http://eprint.iacr.org/2005/328.
85. J. Katz and M. Yung. Unforgeable encryption and chosen-ciphertext secure modes of operation. In Fast Software Encryption - FSE 2000, volume 1978 of Lecture Notes in Computer Science, pages 284-299. Springer, 2001.
86. J. Katz and M. Yung. Characterization of security notions for probabilistic private-key encryption. Journal of Cryptology, 19(1):67-96, 2006.
87. C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communication in a Public World. Prentice Hall, 2nd edition, 2002.
88. J. Kilian and P. Rogaway. How to protect DES against exhaustive key search (an analysis of DESX). Journal of Cryptology, 14(1):17-35, 2001.
89. L. Kohnfelder. Towards a practical public-key cryptosystem, 1978. Undergraduate thesis, MIT.
90. H. Krawczyk. The order of encryption and authentication for protecting communication (or: How secure is SSL?). In Advances in Cryptology -Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 310-331. Springer, 2001.
91. H. Kugel. America's code breaker. Available for download from: http://militaryhistory.about.com/.
92. L. Lamport. Constructing digital signatures from a one-way function. Technical Report CSL-98, SRI International, 1978.
93. S.K. Langford. Differential-Linear Cryptanalysis and Threshold Signa-tures. PhD thesis, Stanford University, 1995.
94. A.K. Lenstra and E.R. Verheul. Selecting cryptographic key sizes. Jour-nal of Cryptology, 14(4):255-293, 2001.
95. S. Levy. Crypto: How the Code Rebels Beat the Government - Saving Privacy in the Digital Age. Viking, 2001.
96. M. Luby. Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.
97. M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandomfunctions. SIAM Journal on Computing, 17(2):373-386, 1988.
98. M. Matsui. Linear cryptanalysis method for DES cipher. In Advances in Cryptology - Eurocrypt '93, volume 765 of Lecture Notes in Computer Science. Springer, 1994.
99. A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography. CRS Press, 1997.
100. R. Merkle. A digital signature scheme based on a conventional encryption function. In Advances in Cryptology - Crypto '87, volume 293 of Lecture Notes in Computer Science, pages 369-378. Springer, 1988.
101. R. Merkle. A certified digital signature. In Advances in Cryptology -Crypto '89, volume 435 of Lecture Notes in Computer Science, pages 218-238. Springer, 1990.
102. R. Merkle. One way hash functions and DES. In Advances in Cryptology - Crypto '89, volume 435 of Lecture Notes in Computer Science, pages 428-446. Springer, 1990.
103. R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465-467, 1981.
104. S. Micali, C. Rackoff, and B. Sloan. The notion of security for probabilistic cryptosystems. SIAM J. Computing, 17(2):412-426, 1988.
105. G.L. Miller. Riemann's hypothesis and tests for primality. Journal of Computer and System Sciences, 13(3):300-317, 1976.
106. M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proc. 21st Annual ACM Symposium on Theory of Computing, pages 33-43. ACM, 1989.
107. M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. 22nd Annual ACM Sym-posium on Theory of Computing, pages 427-437. ACM, 1990.
108. National Bureau of Standards. DES modes of operation, 1980. Federal Information Processing Standard (FIPS), publication 81.
109. National Bureau of Standards. Data encryption standard (DES), 1977. Federal Information Processing Standard (FIPS), publication 46.
110. National Institute of Standards and Technology. The keyed-hash message authentication code (HMAC), 2002. Federal Information Processing Standard (FIPS), publication 198.
111. V.I. Nechaev. Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes, 55(2):165-172, 1994.
112. A.M. Odlyzko. Discrete logarithms: The past and the future. Designs, Codes, and Cryptography, 19(2/3):129-145, 2000.
113. P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology - Eurocrypt '99, volume 1592 of Lecture Notes in Computer Science, pages 223-238. Springer, 1999.
114. S. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Information Theory, 24(1):106-110, 1978.
115. J.M. Pollard. Theorems of factorization and primality testing. Proc. Cambridge Philosophical Society, 76:521-528, 1974.
116. J.M. Pollard. A Monte Carlo method for factorization. BIT Numerical Mathematics, 15(3):331-334, 1975.
117. C. Pomerance. The quadratic sieve factoring algorithm. In Advances in Cryptology - Eurocrypt '84, volume 209 of Lecture Notes in Computer Science, pages 169-182. Springer, 1985.
118. M.O. Rabin. Digitalized signatures. In R.A. Demillo, D.P. Dobkin, A.K. Jones, and R.J. Lipton, editors, Foundations of Security Computation, pages 155-168. Academic Press, 1978.
119. M.O. Rabin. Digitalized signatures as intractable as factorization. Technical Report TR-212, MIT/LCS, 1979.
120. M.O. Rabin. Probabilistic algorithm for testing primality. Journal of Number Theory, 12(1):128-138, 1980.
121. C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology - Crypto '91, volume 576 of Lecture Notes in Computer Science, pages 433-444. Springer, 1992.
122. R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120-126, 1978.
123. P. Rogaway and T. Shrimpton. Cryptographic hash function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In Fast Software Encryption - FSE 2004, volume 3017 of Lecture Notes in Computer Science, pages 371-388. Springer, 2004.
124. J. Rompel. One-way functions are necessary and sufficient for secure signatures. In Proc. 22nd Annual ACM Symposium on Theory of Com-puting, pages 387-394. ACM, 1990.
125. B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley, 2nd edition, 1995.
126. D. Shanks. Class number, a theory of factorization, and genera. In Proc. Symposia in Pure Mathematics 20, pages 415-440, 1971.
127. C.E. Shannon. Communication theory of secrecy systems. Bell Systems Technical Journal, 28(4):656-715, 1949.
128. V. Shoup. Lower bounds for discrete logarithms and related problems. In Advances in Cryptology - Eurocrypt '97, volume 1233 of Lecture Notes in Computer Science, pages 256-266. Springer, 1997.
129. V. Shoup. Why chosen ciphertext security matters. Technical Report RZ 3076, IBM Zurich, November 1998. Available at http://shoup.net/papers/expo.pdf.
130. V. Shoup. OAEP reconsidered. In Advances in Cryptology - Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 239-259. Springer, 2001.
131. V. Shoup. A Computational Introduction to Number Theory and Algebra. Cambridge University Press, 2005. Also available at http://www.shoup.net/ntb.
132. J.H. Silverman and J. Tate. Rational Points on Elliptic Curves. Undergraduate Texts in Mathematics. Springer, 1994.
133. G. Simmons. A 'weak' privacy protocol using the RSA crypto algorithm. Cryptologia, 7:180-182, 1983.
134. G. Simmons. A survey of information authentication. In G. Simmons, editor, Contemporary Cryptology: The Science of Information Integrity, pages 379-419. IEEE Press, 1992.
135. R. Solovay and V. Strassen. A fastMonte-Carlo test for primality. SIAM Journal on Computing, 6(1):84-85, 1977.
136. D.R. Stinson. Universal hashing and authentication codes. Designs, Codes, and Cryptography, 4(4):369-380, 1994.
137. D.R. Stinson. Cryptography: Theory and Practice. Chapman & Hall/ CRC, 1st edition, 1995.
138. D.R. Stinson. Cryptography: Theory and Practice. Chapman & Hall/ CRC, 3rd edition, 2005.
139. W. Trappe and L. Washington. Introduction to Cryptography with Cod-ing Theory. Prentice Hall, 2nd edition, 2005.
140. A. Turing. On computable numbers, with an application to the entscheidungsproblem. Proceedings of the London Mathematical Soci-ety, 2(42):230-265, 1936.
141. G.S. Vernam. Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute for Electrical Engineers, 55:109-115, 1926.
142. S.S. Wagstaff, Jr. Cryptanalysis of Number Theoretic Ciphers. Chapman & Hall/CRC Press, 2003.
143. X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1. In Advances in Cryptology - Crypto 2005, volume 3621 of Lecture Notes in Computer Science, pages 17-36. Springer, 2005.
144. X. Wang and H. Yu. How to break MD5 and other hash functions. In Advances in Cryptology - Eurocrypt 2005, volume 3494 of Lecture Notes in Computer Science, pages 19-35. Springer, 2005.
145. L. Washington. Elliptic Curves: Number Theory and Cryptography. Chapman & Hall/CRC Press, 2003.
146. P. Weadon. The battle of Midway: AF is short of water, 2000. NSA Historical Publications. Available at: http://www.nsa.gov under Historical Publications.
147. H. Wu. The misuse of RC4 in Microsoft Word and Excel. Available at http://eprint.iacr.org/2005/007.
148. ANSI X9.9. American national standard for financial institution message authentication (wholesale), 1981.
149. A.C.-C. Yao. Theory and applications of trapdoor functions. In Proc. 23rd Annual Symposium on Foundations of Computer Science, pages 80-91. IEEE, 1982.