Algorithmic cryptanalysis

Algorithmic Cryptanalysis

Volumn , Issue , 2009, Pages 1-516

  Joux, Antoine ^a  

^a LABORATOIRE DES SCIENCES DU CLIMAT ET DE L ENVIRONNEMENT   (France)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 85122647391     PISSN: None     EISSN: None     Source Type: Book    
DOI: None     Document Type: Book

References (190)

1. A.O. L. Atkin and Daniel J. Bernstein. Prime sieves using binary quadratic forms. Mathematics of Computation, 73(246):1023- 1030, 2004. [123, 133, 134, 135]
2. Martin Abadi, Michael Burrows, and Ted Wobber. Moderately hard and memory-bound functions. In NDSS 2003, San Diego, California, USA, February 5-7, 2003. The Internet Society. [164]
3. V.L. Arlazarov, E. A. Dinic, M. A. Kronod, and I.A. Faradzev. On economical construction of the transitive closure of an oriented graph. Soviet Math. Dokl., 11:1209-1210, 1970. [85]
4. Leonard M. Adleman. The function field sieve. In First Algorithmic Number Theory Symposium (ANTS), volume 877 of LNCS, pages 108-121. Springer-Verlag, Berlin, Germany, 1994. [453]
5. Jee Hea An, Yevgeniy Dodis, and Tal Rabin. On the security of joint signature and encryption. In Lars R. Knudsen, editor, EUROCRYPT 2002, volume 2332 of LNCS, pages 83-107, Amsterdam, The Netherlands, April 28-May 2, 2002. Springer-Verlag, Berlin, Germany. [20]
6. Kazumaro Aoki, Jens Franke, Thorsten Kleinjung, Arjen K. Lenstra, and Dag Arne Osvik. A kilobit special number field sieve factorization. In Kaoru Kurosawa, editor, ASIACRYPT 2007, volume 4833 of LNCS, pages 1-12, Kuching, Malaysia, December 2-6, 2007. Springer-Verlag, Berlin, Germany. [113]
7. Miklos Ajtai, Ravi Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In 33rd ACM STOC, pages 601-610, Crete, Greece, July 6-8, 2001. ACM Press. [328]
8. Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. PRIMES is in P. Ann. of Math, 2:781-793, 2002. [38]
9. Onur Aciicmez and Werner Schindler. A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In Tal Malkin, editor, CT-RSA 2008, LNCS, pages 256-273, San Francisco, CA, USA, April 7-11, 2008. Springer-Verlag, Berlin, Germany. [92]
10. Onur Aciicmez, Werner Schindler, and Cetin Kaya Koç. Cache based remote timing attack on the AES. In Masayuki Abe, editor, CT-RSA 2007, volume 4377 of LNCS, pages 271-286, San Francisco, CA, USA, February 5-9, 2007. Springer-Verlag, Berlin, Germany. [92]
11. Magali Turrel Bardet. Etude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et aa la cryptographie. PhD thesis, Universite de Paris VI, 2004. [367]
12. Daniel J. Bernstein, Johannes Buchmann, and Erik Dahmen, editors. Post Quantum Cryptography. Springer-Verlag, Berlin, Germany, 2007. [363]
13. Eli Biham and Rafi Chen. Near-collisions of SHA-0. In Matthew Franklin, editor, CRYPTO 2004, volume 3152 of LNCS, pages 290-305, Santa Barbara, CA, USA, August 15-19, 2004. Springer-Verlag, Berlin, Germany. [179]
14. Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, and William Jalby. Collisions of SHA-0 and reduced SHA-1. In Ronald Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 36-57, Aarhus, Denmark, May 2226, 2005. Springer-Verlag, Berlin, Germany. [179, 181]
15. Dario Bini, Milvio Capovani, Francesco Romani, and Grazia Lotti. o(n2'7799) complexity for n x n approximate matrix multiplication. Information processing letters, 8(5):234-235, 1979. [89]
16. Dan Boneh and Glenn Durfee. Cryptanalysis of RSA with private key d less than n0 292. In Jacques Stern, editor, EURO- CRYPT'99, volume 1592 of LNCS, pages 1-11, Prague, Czech Republic, May 2-6, 1999. Springer-Verlag, Berlin, Germany. [414]
17. Mihir Bellare, Anand Desai, Eric Jokipii, and Phillip Rogaway. A concrete security treatment of symmetric encryption. In 38th FOCS, pages 394-403, Miami Beach, Florida, October 19-22, 1997. IEEE Computer Society Press. [15]
18. Daniel J. Bernstein. How to find small factors of integers. Available on cr.yp.to, 2000. [152]
19. Come Berbain. Analyse et conception d'algorithmes de chiffrement a flot. PhD thesis, Universite Paris Diderot, 2007. [289]
20. Come Berbain, Henri Gilbert, and Jacques Patarin. QUAD: A practical stream cipher with provable security. In Serge Vaude- nay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 109-128, St. Petersburg, Russia, May 28-June 1, 2006. SpringerVerlag, Berlin, Germany. [289]
21. Eli Biham. A fast new DES implementation in software. In Eli Biham, editor, FSE'97, volume 1267 of LNCS, pages 260- 272, Haifa, Israel, January 20-22, 1997. Springer-Verlag, Berlin, Germany. [162]
22. Aurelie Bauer and Antoine Joux. Toward a rigorous variation of Coppersmith's algorithm on three variables. In Moni Naor, editor, EUROCRYPT 2007, volume 4515 of LNCS, pages 361378, Barcelona, Spain, May 20-24, 2007. Springer-Verlag, Berlin, Germany. [413]
23. Dan Boneh, Antoine Joux, and Phong Q. Nguyen. Why textbook ElGamal and RSA encryption are insecure. In Tatsuaki Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, pages 30-43, Kyoto, Japan, December 3-7, 2000. Springer-Verlag, Berlin, Germany. [269]
24. Mihir Bellare and Tadayoshi Kohno. A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In Eli Biham, editor, EUROCRYPT 2003, volume 2656 of LNCS, pages 491-506, Warsaw, Poland, May 4-8, 2003. Springer-Verlag, Berlin, Germany. [21]
25. Mihir Bellare and Tadayoshi Kohno. Hash function balance and its impact on birthday attacks. In Christian Cachin and Jan Camenisch, editors, EUROCRYPT 2004, volume 3027 of LNCS, pages 401-418, Interlaken, Switzerland, May 2-6, 2004. SpringerVerlag, Berlin, Germany. [192]
26. Mihir Bellare, Tadayoshi Kohno, and Chanathip Namprempre. Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. ACM transactions on information and system security, 7(2):206-241, May 2004. Full paper available at http://www.cse.ucsd.edu/users/mihir/papers/ssh. html. Earlier version appeared in ACM CCS 02. [238, 239]
27. Mihir Bellare, Joe Kilian, and Phillip Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362-399, 2000. [5]
28. Mihir Bellare and Daniele Micciancio. A new paradigm for collision-free hashing: Incrementality at reduced cost. In Walter Fumy, editor, EUROCRYPT'97, volume 1233 of LNCS, pages 163-192, Konstanz, Germany, May 11-15, 1997. Springer-Verlag, Berlin, Germany. [266]
29. Johannes Blomer and Alexander May. A tool kit for finding small roots of bivariate polynomials over the integers. In Ronald Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 251-267, Aarhus, Denmark, May 22-26, 2005. SpringerVerlag, Berlin, Germany. [412]
30. Mihir Bellare and Chanathip Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Tatsuaki Okamoto, editor, ASI- ACRYPT 2000, volume 1976 of LNCS, pages 531-545, Kyoto, Japan, December 3-7, 2000. Springer-Verlag, Berlin, Germany. [17, 18]
31. Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption. In Alfredo De Santis, editor, EUROCRYPT'94, volume 950 of LNCS, pages 92-111, Perugia, Italy, May 9-12, 1994. SpringerVerlag, Berlin, Germany. [64]
32. Mihir Bellare and Phillip Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In Ueli M. Maurer, editor, EUROCRYPT'96, volume 1070 of LNCS, pages 399-416, Saragossa, Spain, May 12-16, 1996. Springer-Verlag, Berlin, Germany. [10, 64]
33. Mihir Bellare and Phillip Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. In Serge Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 409-426, St. Petersburg, Russia, May 28-June 1, 2006. Springer-Verlag, Berlin, Germany. [186]
34. Eli Biham and Adi Shamir. Differential cryptanalysis of DESlike cryptosystems. In Alfred J. Menezes and Scott A. Vanstone, editors, CRYPTO '90, volume 537 of LNCS, pages 2-21, Santa Barbara, CA, USA, August 11-15, 1991. Springer-Verlag, Berlin, Germany. [273]
35. Eli Biham and Adi Shamir. Differential cryptoanalysis of Feal and N-hash. In Donald W. Davies, editor, EUROCRYPT'91, volume 547 of LNCS, pages 1-16, Brighton, UK, April 8-11, 1991. Springer-Verlag, Berlin, Germany. [273]
36. Eli Biham and Adi Shamir. Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. In Joan Feigenbaum, editor, CRYPTO '91, volume 576 of LNCS, pages 156-171, Santa Barbara, CA, USA, August 11-15, 1992. Springer-Verlag, Berlin, Germany. [273]
37. Eli Biham and Adi Shamir. Differential cryptanalysis of the full 16-round DES. In Ernest F. Brickell, editor, CRYPTO'92, volume 740 of LNCS, pages 487-496, Santa Barbara, CA, USA, August 16-20, 1993. Springer-Verlag, Berlin, Germany. [273]
38. Alex Biryukov and Adi Shamir. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In Tatsuaki Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, pages 1-13, Kyoto, Japan, December 3-7, 2000. Springer-Verlag, Berlin, Germany. [394]
39. Ian F. Blake, Gadiel Seroussi, and Nigel P. Smart, editors. Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Note Series. Cambridge University Press, New York, 2005. [425]
40. Thomas Baigneres, Jacques Stern, and Serge Vaudenay. Linear cryptanalysis of non binary ciphers. In Carlisle M. Adams, Ali Miri, and Michael J. Wiener, editors, SAC 2007, volume 4876 of LNCS, pages 184-211, Ottawa, Canada, August 16-17, 2007. Springer-Verlag, Berlin, Germany. [289]
41. Alexandra Boldyreva and Nut Taesombut. Online encryption schemes: New security notions and constructions. In Tatsuaki Okamoto, editor, CT-RSA 2004, volume 2964 of LNCS, pages 1-14, San Francisco, CA, USA, February 23-27, 2004. SpringerVerlag, Berlin, Germany. [238]
42. Johannes Buchmann. Introduction to Cryptography (Second edition). Undergraduate texts in Mathematics. Springer, New York, 2004. [3]
43. Johannes Buchmann and Ulrich Vollmer. Binary Quadratic Forms-An Algorithmic Approach, volume 20 of Algorithms and Computation in Mathematics. Springer-Verlag, Berlin, Germany, 2007. [311]
44. Stefania Cavallar. Strategies in filtering in the number field sieve. In Fourth Algorithmic Number Theory Symposium (ANTS), volume 1838 of LNCS, pages 209-232. Springer-Verlag, Berlin, Germany, 2000. [118]
45. E.R. Canfield, Paul Erdos, and Carl Pomerance. On a problem of Oppenheim concerning factorisatio numerorum. Journal of Number Theory, 17:1-28, 1983. [467]
46. Henri Cohen and Gerhard Frey, editors. Handbook of Elliptic and Hyperelliptic Curve Cryptography, volume 34 of Discrete Mathematics and its Applications. Chapman & Hall, CRC, 2005. [417, 424, 432]
47. Florent Chabaud and Antoine Joux. Differential collisions in SHA-0. In Hugo Krawczyk, editor, CRYPTO'98, volume 1462 of LNCS, pages 56-71, Santa Barbara, CA, USA, August 23-27, 1998. Springer-Verlag, Berlin, Germany. [179]
48. Matthijs J. Costerr, Antoine Joux, Brian A. LaMacchia, Andrew M. Odlyzko, Clauss-Peter Schnorr, and Jacques Stern. Im proved low-density subset sum algorithms. Computational Complexity, 2:111-128, 1992. [402]
49. Philippe Chose, Antoine Joux, and Michel Mitton. Fast correlation attacks: An algorithmic point of view. In Lars R. Knudsen, editor, EUROCRYPT 2002, volume 2332 of LNCS, pages 209-221, Amsterdam, The Netherlands, April 28-May 2, 2002. Springer-Verlag, Berlin, Germany. [257, 385, 387]
50. Stephane Collart, Michael Kalkbrener, and Daniel Mall. Converting bases with the Groobner walk. J. Symbolic Computation, 24(3-4):465-469, 1997. [361]
51. Henry Cohn, Robert Kleinberg, Balazs Szegedy, and Christopher Umans. Group-theoretic algorithms for matrix multiplication. In Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, pages 379-388, Washington, DC, USA, 2005. IEEE Computer Society. [93]
52. Jean-Marc Couveignes and Reynald Lercier. Elliptic periods for finite fields. Finite fields and their applications, 15:1-22, 2009. [49]
53. David Cox, John Little, and Donal O'Shea. Ideals, Varieties and Algorithms (Third edition). Undergraduate texts in Mathematics. Springer, New York, 2007. [345, 348, 350, 353, 354]
54. Don Coppersmith. Solving homogeneous linear equations over gf (2) via block wiedemann algorithm. Mathematics of Computation, 62(205):333-350, 1994. [113]
55. Don Coppersmith. Finding a small root of a bivariate integer equation; factoring with high bits known. In Ueli M. Maurer, editor, EUROCRYPT'96, volume 1070 of LNCS, pages 178-189, Saragossa, Spain, May 12-16, 1996. Springer-Verlag, Berlin, Germany. [412]
56. Don Coppersmith. Finding a small root of a univariate modular equation. In Ueli M. Maurer, editor, EUROCRYPT'96, volume 1070 of LNCS, pages 155-165, Saragossa, Spain, May 12-16, 1996. Springer-Verlag, Berlin, Germany. [410]
57. Jean-Sebastien Coron. Finding small roots of bivariate integer polynomial equations revisited. In Christian Cachin and Jan Ca- menisch, editors, EUROCRYPT 2004, volume 3027 of LNCS, pages 492-505, Interlaken, Switzerland, May 2-6, 2004. SpringerVerlag, Berlin, Germany. [412]
58. Jean-Sebastien Coron. Finding small roots of bivariate integer polynomial equations: A direct approach. In Alfred Menezes, editor, CRYPTO 2007, volume 4622 of LNCS, pages 379-394, Santa Barbara, CA, USA, August 19-23, 2007. Springer-Verlag, Berlin, Germany. [412]
59. Paul Camion and Jacques Patarin. The Knapsack hash function proposed at Crypto'89 can be broken. In Donald W. Davies, editor, EUROCRYPT'91, volume 547 of LNCS, pages 39-53, Brighton, UK, April 8-11, 1991. Springer-Verlag, Berlin, Germany. [264, 405]
60. Jean-Sebastien Coron, Jacques Patarin, and Yannick Seurin. The random oracle model and the ideal cipher model are equivalent. In David Wagner, editor, CRYPTO 2008, volume 5157 of LNCS, pages 1-20, Santa Barbara, CA, USA, August 17-21, 2008. Springer-Verlag, Berlin, Germany. [22]
61. James W. Cooley and John W. Tukey. An algorithm for the machine calculation of complex Fourier series. Mathematics of Computation, 19:297-301, 1965. [296]
62. Florent Chabaud and Serge Vaudenay. Links between differential and linear cryptoanalysis. In Alfredo De Santis, editor, EURO- CRYPT'94, volume 950 of LNCS, pages 356-365, Perugia, Italy, May 9-12, 1994. Springer-Verlag, Berlin, Germany. [279, 281]
63. Don Coppersmith and Shmuel Winograd. Matrix multiplication via arithmetic progressions. J. of Symbolic Computation, 9(3):251-280, 1990. [93]
64. Ivan Damgard. A design principle for hash functions. In Gilles Brassard, editor, CRYPTO'89, volume 435 of LNCS, pages 416427, Santa Barbara, CA, USA, August 20-24, 1990. SpringerVerlag, Berlin, Germany. [405, 406]
65. Data encryption standard. National Bureau of Standards, NBS FIPS PUB 46, U.S. Department of Commerce, January 1977. [157]
66. Herve Daude, Philippe Flajolet, and Brigitte Vallee. An average- case analysis of the gaussian algorithm for lattice reduction. Combinatorics, Probability & Computing, 6(4):397-433, 1997. [318]
67. Joan Daemen, Rene Govaerts, and Joos Vandewalle. Correlation matrices. In Bart Preneel, editor, FSE'94, volume 1008 of LNCS, pages 275-285, Leuven, Belgium, December 14-16, 1994. Springer-Verlag, Berlin, Germany. [279]
68. Whitfield Diffie and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644- 654, 1976. [5, 9].
69. Frédéric Didier and Yann Laigle-Chapuy. Finding low-weight polynomial multiples using discrete logarithm. Computing Research Repository (CoRR), abs/cs/0701069, 2007. [386]
70. Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In Ernest F. Brickell, editor, CRYPTO'92, volume 740 of LNCS, pages 139-147, Santa Barbara, CA, USA, August 16-20, 1993. Springer-Verlag, Berlin, Germany. [164]
71. Itai Dinur and Adi Shamir. Cube attacks on tweakable black box polynomials. In Antoine Joux, editor, EUROCRYPT 2009, volume 5479 of LNCS, pages 278-299. Springer-Verlag, Berlin, Germany, 2009. [390, 391, 392, 396]
72. David Eisenbud. Commutative Algebra with a View Towards Algebraic Geometry, volume 150 of Graduate Texts in Mathematics. Springer, New York, 1995. [342]
73. Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G.R. Blakley and David Chaum, editors, CRYPTO'84, volume 196 of LNCS, pages 10-18, Santa Barbara, CA, USA, August 19-23, 1985. Springer-Verlag, Berlin, Germany. [66, 67]
74. Jean-Charles Faugere. A new efficient algorithm for computing Grobner bases (F4). J. Pure Appl. Algebra, 139(1-3):61-88, 1999. Effective methods in algebraic geometry (Saint-Malo, 1998). [356, 357]
75. Jean-Charles Faugere. A new efficient algorithm for computing Grobner bases without reduction to zero (F5). In T. Mora, editor, ISSAC 2002, pages 75-83, 2002. [356, 359]
76. Jean-Charles Faugere, Patricia Gianni, Daniel Lazard, and Teo Mora. Efficient computation of zero-dimensional Grooobner bases by change of ordering. J. Symbolic Computation, 16(4):329-344, 1993. [361, 362]
77. Jean-Charles Faugere and Antoine Joux. Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using grobner bases. In Dan Boneh, editor, CRYPTO 2003, volume 2729 of LNCS, pages 44-60, Santa Barbara, CA, USA, August 17-21, 2003. Springer-Verlag, Berlin, Germany. [365]
78. Pierre-Alain Fouque, Antoine Joux, Gwenaoelle Martinet, and Frederic Valette. Authenticated on-line encryption. In Mitsuru Matsui and Robert J. Zuccherato, editors, SAC 2003, volume 3006 of LNCS, pages 145-159, Ottawa, Ontario, Canada, August 14-15, 2004. Springer-Verlag, Berlin, Germany. [238]
79. Pierre-Alain Fouque, Antoine Joux, and Guillaume Poupard. Blockwise adversarial model for on-line ciphers and symmetric encryption schemes. In Helena Handschuh and Anwar Hasan, editors, SAC 2004, volume 3357 of LNCS, pages 212-226, Waterloo, Ontario, Canada, August 9-10, 2004. Springer-Verlag, Berlin, Germany. [238]
80. Matteo Frigo, Charles E. Leiserson, Harald Prokop, and Srid- har Ramachandran. Cache-oblivious algorithms. In 40th FOCS, pages 285-298, New York, New York, USA, October 17-19, 1999. IEEE Computer Society Press. [92]
81. Joanne Fuller and William Millan. Linear redundancy in S-boxes. In Thomas Johansson, editor, FSE 2003, volume 2887 of LNCS, pages 74-86, Lund, Sweden, February 24-26, 2003. SpringerVerlag, Berlin, Germany. [282]
82. Pierre-Alain Fouque, Gwenaelle Martinet, and Guillaume Poupard. Practical symmetric on-line encryption. In Thomas Johansson, editor, FSE 2003, volume 2887 of LNCS, pages 362-375, Lund, Sweden, February 24-26, 2003. Springer-Verlag, Berlin, Germany. [239]
83. Philippe Flajolet and Andrew M. Odlyzko. Random mapping statistics. In Jean-Jacques Quisquater and Joos Vandewalle, editors, EUROCRYPT'89, volume 434 of LNCS, pages 329-354, Houthalen, Belgium, April 10-13, 1990. Springer-Verlag, Berlin, Germany. [231, 233, 234]
84. U. Fincke and Michael E. Pohst. Improved methods for calculating vectors of short length in a lattice, including a complexity analysis. Mathematics of Computation, 44(170):463-471, 1985. [328]
85. Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, CRYPTO'86, volume 263 of LNCS, pages 186194, Santa Barbara, CA, USA, August 1987. Springer-Verlag, Berlin, Germany. [10]
86. William F. Galway. Ph. D. in mathematics. PhD thesis, University of Illinois at Urbana-Champaign, 2004. [135]
87. Henri Gilbert and Guy Chasse. A statistical attack of the FEAL- 8 cryptosystem. In Alfred J. Menezes and Scott A. Vanstone, editors, CRYPTO'90, volume 537 of LNCS, pages 22-33, Santa Barbara, CA, USA, August 11-15, 1991. Springer-Verlag, Berlin, Germany. [273]
88. Jovan Dj. Golic and Philip Hawkes. Vectorial approach to fast correlation attacks. Des. Codes Cryptography, 35(1):5-19, 2005. [380]
89. Louis Granboulan, Antoine Joux, and Jacques Stern. Inverting HFE is quasipolynomial. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 345-356, Santa Barbara, CA, USA, August 20-24, 2006. Springer-Verlag, Berlin, Germany. [366]
90. Gene H. Golub and Charles F. Van Loan. Matrix Computations (third edition). The Johns Hopkins University Press, London, 1996. [71]
91. Rosario Gennaro and Yehuda Lindell. A framework for password- based authenticated key exchange. In Eli Biham, editor, EUROCRYPT 2003, volume 2656 of LNCS, pages 524-543, Warsaw, Poland, May 4-8, 2003. Springer-Verlag, Berlin, Germany. http://eprint.iacr.org/2003/032.ps.gz. [156]
92. Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186-208, 1989. [66]
93. Nicolas Gama and Phong Q. Nguyen. Predicting lattice reduction. In Nigel P. Smart, editor, EUROCRYPT 2008, LNCS, pages 31-51, Istanbul, Turkey, April 13-17, 2008. Springer-Verlag, Berlin, Germany. [405]
94. Nick Howgrave-Graham. Finding small roots of univariate modular equations revisited. In Michael Darnell, editor, Cryptography and Coding, 6th IA International Conference, volume 1355 of LNCS, pages 131-142, Cirencester, UK, December 1997. Springer-Verlag, Berlin, Germany. [407, 410]
95. Nick Howgrave-Graham. A hybrid lattice-reduction and meet- in-the-middle attack against NTRU. In Alfred Menezes, editor, CRYPTO 2007, volume 4622 of LNCS, pages 150-169, Santa Barbara, CA, USA, August 19-23, 2007. Springer-Verlag, Berlin, Germany. [405]
96. Johan Hastad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. A Pseudorandom Generator from any One-way Function. SIAM J. Comput., 28(4):1364-1396, 1999. [286]
97. Guillaume Hanrot and Damien Stehle. Improved analysis of kan- nan's shortest lattice vector algorithm. In Alfred Menezes, editor, CRYPTO 2007, volume 4622 of LNCS, pages 170-186, Santa Barbara, CA, USA, August 19-23, 2007. Springer-Verlag, Berlin, Germany. [331]
98. Antoine Joux and Louis Granboulan. A practical attack against Knapsack based hash functions (extended abstract). In Alfredo De Santis, editor, EUROCRYPT'Qf, volume 950 of LNCS, pages 58-66, Perugia, Italy, May 9-12, 1994. Springer-Verlag, Berlin, Germany. [406]
99. Antoine Joux and Reynald Lercier. "Chinese & Match," an alternative to Atkin's "Match and Sort" method used in the SEA algorithm. Mathematics of Computation, 70:827-836, 2001. [267, 268, 269]
100. Antoine Joux, Reynald Lercier, Nigel Smart, and Frederik Ver-cauteren. The number field sieve in the medium prime case. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 326-344, Santa Barbara, CA, USA, August 20-24, 2006. Springer-Verlag, Berlin, Germany. [452, 456, 461]
101. Antoine Joux, Gwenaelle Martinet, and Frederic Valette. Blockwise-adaptive attackers: Revisiting the (in)security of some provably secure encryption models: CBC, GEM, IACBC. In Moti Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 17-30, Santa Barbara, CA, USA, August 18-22, 2002. Springer-Verlag, Berlin, Germany. [238, 239]
102. Marc Joye and Gregory Neven, editors. Identity-based Cryptography, volume 2 of Cryptology and Information Security Series. IOS Press, Amsterdam, 2008. [417]
103. Antoine Joux, David Naccache, and Emmanuel Thome. When e-th roots become easier than factoring. In Kaoru Kurosawa, editor, ASIACRYPT 2007, volume 4833 of LNCS, pages 13-28, Kuching, Malaysia, December 2-6, 2007. Springer-Verlag, Berlin, Germany. [439]
104. Antoine Joux and Thomas Peyrin. Hash functions and the (amplified) boomerang attack. In Alfred Menezes, editor, CRYPTO 2007, volume 4622 of LNCS, pages 244-263, Santa Barbara, CA, USA, August 19-23, 2007. Springer-Verlag, Berlin, Germany. [182]
105. Charanjit S. Jutla. Encryption modes with almost free message integrity. In Birgit Pfitzmann, editor, EUROCRYPT 2001, volume 2045 of LNCS, pages 529-544, Innsbruck, Austria, May 6-10, 2001. Springer-Verlag, Berlin, Germany. [17]
106. David Kahn. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Scribner, 1967. [11]
107. Ravi Kannan. Improved algorithms for integer programming and related lattice problems. In Proc. 15th Symp. Theory of Comp., pages 193-206, 1983. [327, 328, 330]
108. Auguste Kerckhoffs. La cryptographie militaire. Journal des sciences militaire, IX, 1883. Article in two parts: Jan. and Feb. issues. [4]
109. Lars R. Knudsen. Truncated and higher order differentials. In Bart Preneel, editor, FSE'94, volume 1008 of LNCS, pages 196211, Leuven, Belgium, December 14-16, 1994. Springer-Verlag, Berlin, Germany. [282, 392]
110. Jyrki Katajainen, Tomi Pasanen, and Jukka Teuhola. Practical in-place mergesort. Nordic J. of Computing, 3(1):27-40, 1996. [201]
111. Hugo Krawczyk. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 310331, Santa Barbara, CA, USA, August 19-23, 2001. SpringerVerlag, Berlin, Germany. [18]
112. Aviad Kipnis and Adi Shamir. Cryptanalysis of the HFE public key cryptosystem by relinearization. In Michael J. Wiener, editor, CRYPTO'99, volume 1666 of LNCS, pages 19-30, Santa Barbara, CA, USA, August 15-19, 1999. Springer-Verlag, Berlin, Germany. [357]
113. Tadayoshi Kohno, John Viega, and Doug Whiting. CWC: A high-performance conventional authenticated encryption mode. In Bimal K. Roy and Willi Meier, editors, FSE 2004, volume 3017 of LNCS, pages 408-426, New Delhi, India, February 5-7, 2004. Springer-Verlag, Berlin, Germany. [17]
114. Matthew Kwan. Reducing the gate count of bitslice DES. IACR eprint archive, 2000. Report 2000/051. [163, 183]
115. Xuejia Lai. Higher order derivatives and differential cryptanalysis. In Communication and Cryptography-Two Sides of One Tapestry, pages 227-233. Kluwer Academic Publisher, 1994. [392]
116. Serge Lang. Algebra, volume 211 of Graduate Texts in Mathematics. Springer, New York, 2005. Revised third edition. [37, 47, 48, 62, 110, 343]
117. Daniel Lazard. Grobner bases, gaussian elimination and resolution of systems of algebraic equations. In Computer algebra (London, 1983), volume 162 of LNCS, pages 146-156. SpringerVerlag, Berlin, Germany, 1983. [355]
118. Leonid A. Levin and Oded Goldreich. A Hard-core Predicate for all One-way Functions. In D.S. Johnson, editor, 21th ACM Symposium on Theory of Computing-STOC '89, pages 25-32. ACM Press, 1989. [286]
119. Arjen K. Lenstra and Hendrick W. Lenstra, Jr., editors. The development of the number field sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, Berlin, Germany, 1993. [456, 461]
120. Arjen K. Lenstra, Hendrick W. Lenstra, Jr., and Laszlo Lovasz. Factoring polynomials with rational coefficients. Math. Ann., 261:515-534, 1982. [319]
121. Yi Lu, Willi Meier, and Serge Vaudenay. The conditional correlation attack: A practical attack on bluetooth encryption. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 97-117, Santa Barbara, CA, USA, August 14-18, 2005. Springer-Verlag, Berlin, Germany. [380]
122. Jeffrey C. Lagarias and Andrew M. Odlyzko. Solving low-density subset sum problems. Journal of the ACM, 32(1):229-246, 1985. [402, 406]
123. Brian A. LaMacchia and Andrew M. Odlyzko. Solving large sparse linear systems over finite fields. In Alfred J. Menezes and Scott A. Vanstone, editors, CRYPTO'90, volume 537 of LNCS, pages 109-133, Santa Barbara, CA, USA, August 11-15, 1991. Springer-Verlag, Berlin, Germany. [113, 115]
124. Stefan Lucks. Two-pass authenticated encryption faster than generic composition. In Henri Gilbert and Helena Handschuh, editors, FSE 2005, volume 3557 of LNCS, pages 284-298, Paris, France, February 21-23, 2005. Springer-Verlag, Berlin, Germany. [17]
125. Harry M. Markowitz. The elimination form of the inverse and its application to linear programming. Management Science, 3(3):255-269, 1957. [116]
126. Mitsuru Matsui. Linear cryptoanalysis method for DES cipher. In Tor Helleseth, editor, EUROCRYPT'93, volume 765 of LNCS, pages 386-397, Lofthus, Norway, May 23-27, 1993. SpringerVerlag, Berlin, Germany. [273]
127. Mitsuru Matsui. The first experimental cryptanalysis of the data encryption standard. In Yvo Desmedt, editor, CRYPTO'94, volume 839 of LNCS, pages 1-11, Santa Barbara, CA, USA, August 21-25, 1994. Springer-Verlag, Berlin, Germany. [273]
128. Mitsuru Matsui. On correlation between the order of S-boxes and the strength of DES. In Alfredo De Santis, editor, EURO- CRYPT'94, volume 950 of LNCS, pages 366-375, Perugia, Italy, May 9-12, 1994. Springer-Verlag, Berlin, Germany. [273]
129. Miodrag J. Mihaljevic and Jovan Dj. Golic. A fast iterative algorithm for a shift register initial state reconstruction given the noisy output sequence. In Jennifer Seberry and Josef Pieprzyk, editors, AUSCRYPT'90, volume 453 of LNCS, pages 165-175, Sydney, Australia, January 8-11, 1990. Springer-Verlag, Berlin, Germany. [380]
130. Daniele Micciancio and Shafi Goldwasser. Complexity of Lattice Problems: A Cryptographic Perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, 2002. [311]
131. Victor S. Miller. The Weil pairing, and its efficient calculation. Journal of Cryptology, 17(4):235-261, September 2004. [431]
132. Peter L. Montgomery. A FFT Extension of the Elliptic Curve Method of Factorization. PhD thesis, University of California, Los Angeles, 1992. [236, 435]
133. Peter L. Montgomery. A block Lanczos algorithm for finding dependencies over GF(2). In Louis C. Guillou and Jean-Jacques Quisquater, editors, EUROCRYPT'95, volume 921 of LNCS, pages 106-120, Saint-Malo, France, May 21-25, 1995. SpringerVerlag, Berlin, Germany. [112]
134. Stephane Manuel and Thomas Peyrin. Collisions on SHA-0 in one hour. In Kaisa Nyberg, editor, FSE 2008, volume 5086 of LNCS, pages 16-35, Lausanne, Switzerland, February 10-13, 2008. Springer-Verlag, Berlin, Germany. [182]
135. Willi Meier and Othmar Staffelbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 1(3):159-176, 1989. [380]
136. Shiho Moriai, Takeshi Shimoyama, and Toshinobu Kaneko. Higher order differential attak of CAST cipher. In Serge Vau- denay, editor, FSE'98, volume 1372 of LNCS, pages 17-31, Paris, France, March 23-25, 1998. Springer-Verlag, Berlin, Germany. [392]
137. Ravi Montenegro and Prasad Tetali. How long does it take to catch a wild kangaroo? In Michael Mitzenmacher, editor, fist ACM STOC, pages 1-10, Bethesda, Maryland, USA, May 31- June 2 2009. ACM Press. [238]
138. Aldred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, editors. Handbook of Applied Cryptography. CRC Press LLC, Boca Raton, Florida, 1997. [3]
139. Mitsuru Matsui and Atsuhiro Yamagishi. A new method for known plaintext attack of FEAL cipher. In Rainer A. Ruep- pel, editor, EUROCRYPT'92, volume 658 of LNCS, pages 8191, Balatonfured, Hungary, May 24-28, 1992. Springer-Verlag, Berlin, Germany. [273]
140. G. Nivasch. Cycle detection using a stack. Information Processing Letter, 90(3):135-140, 2004. [229, 242]
141. Wim Nevelsteen and Bart Preneel. Software performance of universal hash functions. In Jacques Stern, editor, EURO- CRYPT'99, volume 1592 of LNCS, pages 24-41, Prague, Czech Republic, May 2-6, 1999. Springer-Verlag, Berlin, Germany. [8]
142. Phong Q. Nguyen and Damien Stehle. Floating-point LLL revisited. In Ronald Cramer, editor, EUROCRYPT 2005, volume 3494 of LNCS, pages 215-233, Aarhus, Denmark, May 22-26, 2005. Springer-Verlag, Berlin, Germany. [326]
143. Andrew M. Odlyzko. Discrete logarithms in finite fields and their cryptographic significance. In Thomas Beth, Norbert Cot, and Ingemar Ingemarsson, editors, EUROCRYPT'84, volume 209 of LNCS, pages 224-314, Paris, France, April 9-11, 1985. SpringerVerlag, Berlin, Germany. [113]
144. Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: The case of AES. In David Pointcheval, editor, CT-RSA 2006, volume 3860 of LNCS, pages 1-20, San Jose, CA, USA, February 13-17, 2006. Springer-Verlag, Berlin, Germany. [92]
145. Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Jacques Stern, editor, EURO- CRYPT'99, volume 1592 of LNCS, pages 223-238, Prague, Czech Republic, May 2-6, 1999. Springer-Verlag, Berlin, Germany. [64]
146. Victor Pan. How to multiply matrix faster, volume 179 of LNCS. Springer-Verlag, Berlin, Germany, 1984. [89]
147. Jacques Patarin. Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In Ueli M. Maurer, editor, EUROCRYPT'96, volume 1070 of LNCS, pages 33-48, Saragossa, Spain, May 12-16, 1996. Springer-Verlag, Berlin, Germany. [362, 363]
148. Daniel Panario, Xavier Gourdon, and Philippe Flajolet. An analytic approach to smooth polynomials over finite fields. In Third Algorithmic Number Theory Symposium (ANTS), volume 1423 of LNCS, pages 226-236. Springer-Verlag, Berlin, Germany, 1998. [444]
149. Walter T. Penzhorn and G.J. Kuhn. Computation of low- weight parity checks for correlation attacks on stream ciphers. In Cryptography and Coding-5th IMA Conference, volume 1025 of LNCS, pages 74-83. Springer-Verlag, Berlin, Germany, 1995. [386]
150. John M. Pollard. A Monte Carlo method for factorization. BIT Numerical Mathematics, 15(3):331-334, 1975. [233]
151. Carl Pomerance. Analysis and comparison of some integer factoring methods. In Jr. Hendrik W. Lenstra and Robert Tijde- man, editors, Computational methods in number theory-Part I, volume 154 of Mathematical centre tracts, pages 8-139. Mathematisch Centrum, Amsterdam, 1982. [141]
152. Paul Pritchard. A sublinear additive sieve for finding prime numbers. Communications of the ACM, 24(1):18-23, 1981. [128, 133]
153. Paul Pritchard. Fast compact prime number sieves (among others). Journal of algorithms, 4:332-344, 1983. [133]
154. Jean-Jacques Quisquater and Jean-Paul Delescaille. How easy is collision search. New results and applications to DES. In Gilles Brassard, editor, CRYPTO'89, volume 435 of LNCS, pages 408-413, Santa Barbara, CA, USA, August 20-24, 1990. SpringerVerlag, Berlin, Germany. [229, 244]
155. Phillip Rogaway, Mihir Bellare, John Black, and Ted Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In ACM CCS 01, pages 196-205, Philadelphia, PA, USA, November 5-8, 2001. ACM Press. [15, 17]
156. Sondre Rpnjom and Tor Helleseth. A new attack on the filter generator. IEEE Transactions on Information Theory, 53(5):1752-1758, 2007. [388, 389]
157. Claus-Peter Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53:201-224, 1987. [331]
158. Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In Gilles Brassard, editor, CRYPTO'89, volume 435 of LNCS, pages 239-252, Santa Barbara, CA, USA, August 20-24, 1990. Springer-Verlag, Berlin, Germany. [67]
159. Claus-Peter Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161-174, 1991. [10]
160. Oliver Schirokauer. Discrete logarithms and local units. Phil. Trans. R. Soc. Lond. A 345, pages 409-423, 1993. [461]
161. Bruce Schneier. Applied Cryptography (Second Edition). John Wiley & Sons, 1996. [3]
162. Claus-Peter Schnorr and M. Euchner. Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Program., 66:181-199, 1994. [326, 328]
163. Claude E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28:656-715, 1949. [4, 337]
164. T. Siegenthaler. Correlation-immunity of nonlinear combining functions for cryptographic applications. IEEE Trans. on Information Theory, IT-30:776-780, 1984. [378]
165. T. Siegenthaler. Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Comput., C-34:81-85, 1985. [378]
166. Joseph H. Silverman. The Arithmetic of Elliptic Curves, volume 106 of Graduate Texts in Mathematics. Springer, New York, 1986. [417, 424, 431]
167. Gustavus J. Simmons. A system for point-of-sale or access user authentication and identification. In Allen Gersho, editor, CRYPTO'81, volume ECE Report 82-04, pages 31-37, Santa Barbara, CA, USA, 1982. U.C. Santa Barbara, Dept. of Elec. and Computer Eng. [8]
168. Gustavus J. Simmons. Authentication theory/coding theory. In G.R. Blakley and David Chaum, editors, CRYPTO'84, volume 196 of LNCS, pages 411-431, Santa Barbara, CA, USA, August 19-23, 1985. Springer-Verlag, Berlin, Germany. [8]
169. Gustavus J. Simmons. The practice of authentication. In Franz Pichler, editor, EUROCRYPT'85, volume 219 of LNCS, pages 261-272, Linz, Austria, April 1986. Springer-Verlag, Berlin, Germany. [8]
170. Jonathan P. Sorenson. Trading time for space in prime number sieves. In Third Algorithmic Number Theory Symposium (ANTS), volume 1423 of LNCS, pages 179-195. Springer-Verlag, Berlin, Germany, 1998. [133]
171. Richard Schroeppel and Adi Shamir. A T = O(2n/2), S = O(2n/4) algorithm for certain NP-complete problems. SIAM Journal on Computing, 10(3):456-464, 1981. [251]
172. Douglas Stinson. Cryptography: Theory and Practice (Third Edition). CRC Press LLC, Boca Raton, Florida, 2002. [3]
173. Volker Strassen. Gaussian elimination is not optimal. Numer. Math., 13:354-356, 1969. [80]
174. Anne Tardy-Corfdir and Henri Gilbert. A known plaintext attack of FEAL-4 and FEAL-6. In Joan Feigenbaum, editor, CRYPTO'91, volume 576 of LNCS, pages 172-181, Santa Barbara, CA, USA, August 11-15, 1992. Springer-Verlag, Berlin, Germany. [273]
175. Toshio Tokita, Tohru Sorimachi, and Mitsuru Matsui. Linear cryptanalysis of LOKI and s2DES. In Josef Pieprzyk and Reihaneh Safavi-Naini, editors, ASIACRYPT'94, volume 917 of LNCS, pages 293-303, Wollongong, Australia, November 28-December 1, 1994. Springer-Verlag, Berlin, Germany. [273]
176. Brigitte Vallee. Gauss' algorithm revisited. J. Algorithms, 12(4), 1991. [318]
177. Paul C. van Oorschot and Michael J. Wiener. Improving im- plementable meet-in-the-middle attacks by orders of magnitude. In Neal Koblitz, editor, CRYPTO'96, volume 1109 of LNCS, pages 229-236, Santa Barbara, CA, USA, August 18-22, 1996. Springer-Verlag, Berlin, Germany. [244]
178. David Wagner. The boomerang attack. In Lars R. Knudsen, editor, FSE'99, volume 1636 of LNCS, pages 156-170, Rome, Italy, March 24-26, 1999. Springer-Verlag, Berlin, Germany. [182]
179. David Wagner. A generalized birthday problem. In Moti Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 288-303, Santa Barbara, CA, USA, August 18-22, 2002. Springer-Verlag, Berlin, Germany. [264, 265]
180. Lawrence C. Washington. Elliptic curves: number theory and cryptography. CRC Press LLC, Boca Raton, Florida, 2003. [422]
181. Mark N. Wegman and Larry Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 22:265-279, 1981. [8]
182. Michael J. Wiener. Cryptanalysis of short RSA secret exponents (abstract). In Jean-Jacques Quisquater and Joos Vande- walle, editors, EUROCRYPT'89, volume 434 of LNCS, page 372, Houthalen, Belgium, April 10-13, 1990. Springer-Verlag, Berlin, Germany. [414]
183. Michael J. Wiener. The full cost of cryptanalytic attacks. Journal of Cryptology, 17(2):105-124, March 2004. [5]
184. Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Efficient collision search attacks on SHA-0. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 1-16, Santa Barbara, CA, USA, August 14-18, 2005. Springer-Verlag, Berlin, Germany. [179, 182]
185. Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Finding collisions in the full SHA-1. In Victor Shoup, editor, CRYPTO 2005, volume 3621 of LNCS, pages 17-36, Santa Barbara, CA, USA, August 14-18, 2005. Springer-Verlag, Berlin, Germany. [179, 182]
186. Guo-Zhen Xiao and James L. Massey. A spectral characterization of correlation-immune combining functions. IEEE Transactions on Information Theory, 34(3):569-571, 1988. [275]
187. Gideon Yuval. How to swindle Rabin. Cryptologia, 3:187-189, 1979. [243]
188. Bin Zhang and Dengguo Feng. Multi-pass fast correlation attack on stream ciphers. In Eli Biham and Amr M. Youssef, editors, SAC 2006, volume 4356 of LNCS, pages 234-248, Montreal, Canada, August 17-18, 2006. Springer-Verlag, Berlin, Germany. [380]
189. Fuzhen Zhang, editor. The Schur Complement and Its Applications (Numerical Methods and Algorithms). Springer, New York, 2005. [94]
190. Yuliang Zheng. Digital signcryption or how to achieve cost(signature & encryption) cost(signature) + cost(en- cryption). In Burton S. Kaliski Jr., editor, CRYPTO'97, volume 1294 of LNCS, pages 165-179, Santa Barbara, CA, USA, August 17-21, 1997. Springer-Verlag, Berlin, Germany. [20]