--- /dev/null
+
+
+,-------------------.
+| PREAMBLE |
+`-------------------'
+
+@preamble{ " \ifx\url\undefined\let\url\texttt\fi
+ \ifx\msgid\undefined\let\msgid\texttt\fi
+ \let\mdwxxthebibliography\thebibliography
+ \def\thebibliography{\mdwxxbibhook\mdwxxthebibliography}
+ \def\mdwxxurl#1{[#1]}
+ \def\biburl#1{\let\biburlsep\empty\biburlxi#1;;\done}
+ \def\biburlxi#1;{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
+ \biburlxii#1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi}
+ \def\biburlxii#1,{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
+ \biburlsep\mdwxxurl{#1}\def\biburlsep{, }\let\biburlxafter\biburlxii
+ \expandafter\biburlxmunch\fi} \def\biburlxiii#1\done{}
+ \def\biburlxmunch{\futurelet\next\biburlxmunchi}
+ \def\biburlxmunchi{\expandafter\ifx\space\next\expandafter\biburlxmunchii
+ \else\expandafter\biburlxafter\fi}
+ \expandafter\def\expandafter\biburlxmunchii\space{\biburlxmunch}
+ \def\mdwxxbibhook{\let\mdwxxurl\url\let\url\biburl} \ifx \k \undefined \let
+ \k = \c \immediate\write16{Ogonek accent unavailable: replaced by cedilla}
+ \fi\input bibnames.sty\input path.sty\ifx \undefined \mathrm \def \mathrm
+ #1{{\rm #1}}\fi\hyphenation{ Cher-vo-nen-kis Eh-ren-feucht Hal-pern Jean-ette
+ Kam-eda Leigh-ton Mehl-horn Metro-po-lis Pra-sad Prep-a-ra-ta Press-er
+ Pros-ku-row-ski Ros-en-krantz Ru-dolph Schie-ber Schnei-der Te-zu-ka
+ Vis-wa-na-than Yech-ez-kel Yech-i-ali data-base data-bases dead-lock
+ poly-adic }\ifx \undefined \mathbb \def \mathbb #1{{\bf #1}}\fi\hyphenation{
+ Ay-ka-nat Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li Reut-e-nau-er
+ Thiel-sch-er }\ifx \undefined \mathbf \def \mathbf #1{{\bf #1}}\fi\ifx
+ \undefined \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ Ay-ka-nat
+ Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li Reut-e-nau-er Thiel-sch-er
+ }\ifx \undefined \eth \def \eth {{\font\ethfont = msbm10 \ethfont g}} \fi\ifx
+ \undefined \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathcal \def
+ \mathcal #1{{\cal #1}}\fi\ifx \undefined \TM \def \TM {${}^{\sc TM}$}
+ \fi\hyphenation{ Ay-ka-nat Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li
+ Reut-e-nau-er Thiel-sch-er }\ifx \undefined \bbb \def \bbb #1{\mathbb{#1}}
+ \fi\ifx \undefined \circled \def \circled #1{(#1)}\fi\ifx \undefined \mathbb
+ \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathbf \def \mathbf #1{{\bf
+ #1}}\fi\ifx \undefined \mathcal \def \mathcal #1{{\cal #1}}\fi\ifx \undefined
+ \mathrm \def \mathrm #1{{\rm #1}}\fi\ifx \undefined \ocirc \def \ocirc
+ #1{{\accent'27#1}}\fi\ifx \undefined \reg \def \reg {\circled{R}}\fi\ifx
+ \undefined \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ }\ifx \undefined
+ \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \Dbar \def
+ \Dbar {\leavevmode\raise0.2ex\hbox{--}\kern-0.5emD} \fi\ifx \undefined
+ \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
+ #1{{\rm #1}}\fi\ifx \undefined \operatorname \def \operatorname #1{{\rm
+ #1}}\fi\hyphenation{ Aba-di Arch-ives Ding-yi for-ge-ry Go-pa-la-krish-nan
+ Hi-de-ki Kraw-czyk Lands-verk Law-rence Leigh-ton Mich-ael Moell-er
+ North-ridge para-digm para-digms Piep-rzyk Piv-e-teau Ram-kilde
+ Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey Ste-ph-en The-o-dore Tho-m-as
+ Tzone-lih venge-ance Will-iam Ye-sh-i-va }\ifx \undefined \bbb \def \bbb
+ #1{\mathbb{#1}} \fi\ifx \undefined \circled \def \circled #1{(#1)}\fi\ifx
+ \undefined \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined
+ \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
+ #1{{\rm #1}}\fi\ifx \undefined \reg \def \reg {\circled{R}}\fi\ifx \undefined
+ \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ Aba-di Arch-ives Ding-yi
+ for-ge-ry Go-pa-la-krish-nan Hi-de-ki Kraw-czyk Lands-verk Law-rence
+ Leigh-ton Mich-ael Moell-er North-ridge para-digm para-digms Piep-rzyk
+ Piv-e-teau Ram-kilde Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey
+ Ste-ph-en The-o-dore Tho-m-as Tzone-lih venge-ance Will-iam Ye-sh-i-va }\ifx
+ \undefined \bbb \def \bbb #1{\mathbb{#1}} \fi\ifx \undefined \cprime \def
+ \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \mathbb \def \mathbb
+ #1{{\bf #1}}\fi\ifx \undefined \mathcal \def \mathcal #1{{\cal #1}}\fi\ifx
+ \undefined \mathrm \def \mathrm #1{{\rm #1}}\fi\hyphenation{ }\ifx \undefined
+ \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \Dbar \def
+ \Dbar {\leavevmode\raise0.2ex\hbox{--}\kern-0.5emD} \fi\ifx \undefined
+ \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
+ #1{{\rm #1}}\fi\ifx \undefined \operatorname \def \operatorname #1{{\rm
+ #1}}\fi\hyphenation{ Aba-di Arch-ives Ding-yi for-ge-ry Go-pa-la-krish-nan
+ Hi-de-ki Kraw-czyk Lands-verk Law-rence Leigh-ton Mich-ael Moell-er
+ North-ridge para-digm para-digms Piep-rzyk Piv-e-teau Ram-kilde
+ Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey Ste-ph-en The-o-dore Tho-m-as
+ Tzone-lih venge-ance Will-iam Ye-sh-i-va }"
+}
+
+,-------------------.
+| BIBTEX ENTRIES |
+`-------------------'
+
+@misc{cryptoeprint:2006:337,
+ author = {D.R. Stinson and J. Wu},
+ howpublished = {Cryptology ePrint Archive, Report 2006/337},
+ title = {An Efficient and Secure Two-flow Zero-Knowledge
+ Identification Protocol},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/337},
+}
+
+@misc{cryptoeprint:1999:012,
+ author = {Victor Shoup},
+ howpublished = {Cryptology ePrint Archive, Report 1999/012},
+ title = {On Formal Models for Secure Key Exchange},
+ year = {1999},
+ url = {http://eprint.iacr.org/1999/012},
+}
+
+@misc{cryptoeprint:2006:229,
+ author = {Neal Koblitz and Alfred Menezes},
+ howpublished = {Cryptology ePrint Archive, Report 2006/229},
+ title = {Another Look at "Provable Security". II},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/229},
+}
+
+@inproceedings{Bellare:1994:SCB,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Mihir Bellare and Joe Kilian and Phillip Rogaway},
+ booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}},
+ editor = {Yvo G. Desmedt},
+ pages = {341--358},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {The Security of Cipher Block Chaining},
+ volume = {839},
+ year = {1994},
+ doi = {????},
+ isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 0839/08390341.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/0839/08390341.pdf},
+}
+
+@inproceedings{Bellare:1995:XMN,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Mihir Bellare and Roch Gu{\'e}rin and
+ Phillip Rogaway},
+ booktitle = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 27--31, 1995: proceedings}},
+ editor = {Don Coppersmith},
+ note = {Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy.},
+ pages = {15--35},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{XOR MACs}: New methods for message authentication
+ using finite pseudorandom functions},
+ volume = {963},
+ year = {1995},
+ doi = {????},
+ isbn = {3-540-60221-6 (Berlin)},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t0963.htm; http://www.springerlink.com/openurl.asp?
+ genre=issue&issn=0302-9743&volume=963},
+}
+
+@inproceedings{Bellare:1995:OAE,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {M. Bellare and P. Rogaway},
+ booktitle = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
+ on the Theory and Application of Cryptographic
+ Techniques, Perugia, Italy, May 9--12, 1994:
+ proceedings},
+ editor = {Alfredo {De Santis}},
+ pages = {92--111},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {Optimal asymmetric encryption},
+ volume = {950},
+ year = {1995},
+ isbn = {3-540-60176-7},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 0950/09500092.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/0950/09500092.pdf},
+}
+
+@article{Bellare:1996:ESD,
+ author = {Mihir Bellare and Phillip Rogaway},
+ journal = {Lecture Notes in Computer Science},
+ pages = {399--??},
+ title = {The exact security of digital signatures --- how to
+ sign with {RSA} and {Rabin}},
+ volume = {1070},
+ year = {1996},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 1070/10700399.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/1070/10700399.pdf},
+}
+
+@inproceedings{Bellare:1996:KHF,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Mihir Bellare and Ran Canetti and Hugo Krawczyk},
+ booktitle = {{Advances in cryptology, {CRYPTO '96}: 16th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 18--22, 1996: proceedings}},
+ editor = {Neal Koblitz},
+ note = {Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy and the Computer Science Department of
+ the University of California at Santa Barbara
+ (UCSB).},
+ pages = {1--15},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {Keying Hash Functions for Message Authentication},
+ volume = {1109},
+ year = {1996},
+ annote = {``Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy and the Computer Science Department of
+ the University of California at Santa Barbara
+ (UCSB)''},
+ doi = {????},
+ isbn = {3-540-61512-1},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {Full version: http://www.research.ibm.com/security/; http://
+ link.springer-ny.com/link/service/series/0558/bibs/1109/
+ 11090001.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/1109/11090001.pdf},
+}
+
+@inproceedings{Bellare:1997:CST,
+ address = {1109 Spring Street, Suite 300, Silver Spring, MD
+ 20910, USA},
+ author = {M. Bellare and A. Desai and E. Jokipii and
+ P. Rogaway},
+ booktitle = {38th Annual Symposium on Foundations of Computer
+ Science: October 20--22, 1997, Miami Beach, Florida},
+ editor = {{IEEE}},
+ note = {IEEE catalog number 97CB36150. IEEE Computer Society
+ Press order number PR08197.},
+ pages = {394--403},
+ publisher = {IEEE Computer Society Press},
+ title = {A concrete security treatment of symmetric
+ encryption},
+ year = {1997},
+ isbn = {0-8186-8197-7, 0-8186-8198-5 (casebound),
+ 0-8186-8199-3 (microfiche)},
+ issn = {0272-5428},
+}
+
+@article{Bellare:1999:POP,
+ author = {M. Bellare},
+ journal = {Lecture Notes in Computer Science},
+ pages = {1--15},
+ title = {Practice-Oriented Provable Security},
+ volume = {1561},
+ year = {1999},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+}
+
+@techreport{Burrows:1989:LAa,
+ author = {Michael Burrows and Martin Abadi and Roger Needham},
+ institution = {Digital Equipment Corporation, Systems Research
+ Centre},
+ month = feb,
+ number = {39},
+ pages = {48},
+ title = {A Logic of Authentication},
+ year = {1989},
+ abstract = {Questions of belief are essential in analyzing
+ protocols for authentication in distributed computing
+ systems. In this paper we motivate, set out, and
+ exemplify a logic specifically designed for this
+ analysis; we show how various protocols differ subtly
+ with respect to the required initial assumptions of
+ the participants and their final beliefs. Our
+ formalism has enabled us to isolate and express these
+ differences with a precision that was not previously
+ possible. It has drawn attention to features of
+ protocols of which we and their authors were
+ previously unaware, and allowed us to suggest
+ improvements to the protocols. The reasoning about
+ some protocols has been mechanically verified. This
+ paper starts with an informal account of the problem,
+ goes on to explain the formalism to be used, and
+ gives examples of its application to protocols from
+ the literature, both with conventional shared-key
+ cryptography and with public-key cryptography. Some
+ of the examples are chosen because of their practical
+ importance, while others serve to illustrate subtle
+ points of the logic and to explain how we use it. We
+ discuss extensions of the logic motivated by actual
+ practice -- for example, in order to account for the
+ use of hash functions in signatures. The final
+ sections contain a formal semantics of the logic and
+ some conclusions.},
+}
+
+@inproceedings{Bellare:1994:EAK,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Mihir Bellare and Phillip Rogaway},
+ booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}},
+ editor = {Yvo G. Desmedt},
+ pages = {232--249},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {Entity Authentication and Key Distribution},
+ volume = {839},
+ year = {1994},
+ doi = {????},
+ isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 0773/07730232.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/0773/07730232.pdf},
+}
+
+@inproceedings{Bellare:1995:PSS,
+ address = {New York, NY, USA},
+ author = {Mihir Bellare and Phillip Rogaway},
+ booktitle = {Proceedings of the twenty-seventh annual {ACM}
+ Symposium on Theory of Computing: Las Vegas, Nevada,
+ May 29--June 1, 1995},
+ editor = {{ACM}},
+ note = {ACM order no. 508950.},
+ pages = {57--66},
+ publisher = {ACM Press},
+ title = {Provably secure session key distribution: the three
+ party case},
+ year = {1995},
+ isbn = {0-89791-718-9},
+ url = {http://www.acm.org/pubs/citations/proceedings/stoc/225058/
+ p57-bellare/; http://www.acm.org/pubs/articles/proceedings/
+ stoc/225058/p57-bellare/p57-bellare.pdf},
+}
+
+@article{Blake-Wilson:1997:KAP,
+ author = {S. Blake-Wilson and D. Johnson and A. Menezes},
+ journal = {Lecture Notes in Computer Science},
+ pages = {30--??},
+ title = {Key Agreement Protocols and Their Security Analysis},
+ volume = {1355},
+ year = {1997},
+ issn = {0302-9743},
+}
+
+@article{Blake-Wilson:1998:EAA,
+ author = {S. Blake-Wilson and A. Menezes},
+ journal = {Lecture Notes in Computer Science},
+ pages = {137--??},
+ title = {Entity Authentication and Authenticated Key Transport
+ Protocols Employing Asymmetric Techniques},
+ volume = {1361},
+ year = {1998},
+ issn = {0302-9743},
+}
+
+@inproceedings{Bellare:1998:MAD,
+ address = {New York, NY, USA},
+ author = {Mihir Bellare and Ran Canetti and Hugo Krawczyk},
+ booktitle = {Proceedings of the thirtieth annual {ACM} Symposium
+ on Theory of Computing: Dallas, Texas, May 23--26,
+ 1998},
+ editor = {{ACM}},
+ note = {ACM order number 508980.},
+ pages = {419--428},
+ publisher = {ACM Press},
+ title = {A modular approach to the design and analysis of
+ authentication and key exchange protocols (extended
+ abstract)},
+ year = {1998},
+ isbn = {0-89791-962-9},
+ url = {http://www.acm.org/pubs/citations/proceedings/stoc/276698/
+ p419-bellare/; http://www.acm.org/pubs/articles/proceedings/
+ stoc/276698/p419-bellare/p419-bellare.pdf},
+}
+
+@misc{cryptoeprint:2001:040,
+ author = {Ran Canetti and Hugo Krawczyk},
+ howpublished = {Cryptology ePrint Archive, Report 2001/040},
+ title = {Analysis of Key-Exchange Protocols and Their Use for
+ Building Secure Channels},
+ year = {2001},
+ url = {http://eprint.iacr.org/2001/040},
+}
+
+@article{Canetti:2001:AKE,
+ author = {Ran Canetti and Hugo Krawczyk},
+ journal = {Lecture Notes in Computer Science},
+ pages = {453--??},
+ title = {Analysis of Key-Exchange Protocols and Their Use for
+ Building Secure Channels},
+ volume = {2045},
+ year = {2001},
+ issn = {0302-9743},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 2045/20450453.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/2045/20450453.pdf},
+}
+
+@techreport{Canetti:2001:UCS,
+ author = {Ran Canetti},
+ institution = {Cryptology {ePrint} Archive},
+ month = oct,
+ note = {Extended Abstract appeared in proceedings of the 42nd
+ Symposium on Foundations of Computer Science (FOCS),
+ 2001},
+ number = {2000/067},
+ type = {Report},
+ title = {Universally Composable Security: {A} New Paradigm for
+ Cryptographic Protocols},
+ year = {2001},
+ abstract = {We propose a new paradigm for defining security of
+ cryptographic protocols, called {\sf universally
+ composable security.} The salient property of
+ universally composable definitions of security is
+ that they guarantee security even when a secure
+ protocol is composed with an arbitrary set of
+ protocols, or more generally when the protocol is
+ used as a component of an arbitrary system. This is
+ an essential property for maintaining security of
+ cryptographic protocols in complex and unpredictable
+ environments such as the Internet. In particular,
+ universally composable definitions guarantee security
+ even when an unbounded number of protocol instances
+ are executed concurrently in an adversarially
+ controlled manner, they guarantee non-malleability
+ with respect to arbitrary protocols, and more. We
+ show how to formulate universally composable
+ definitions of security for practically any
+ cryptographic task. Furthermore, we demonstrate that
+ practically any such definition can be realized using
+ known general techniques, as long as only a minority
+ of the participants are corrupted. We then proceed to
+ formulate universally composable definitions of a
+ wide array of cryptographic tasks, including
+ authenticated and secure communication, key-exchange,
+ public-key encryption, signature, commitment,
+ oblivious transfer, zero-knowledge, and more. We also
+ make initial steps towards studying the realizability
+ of the proposed definitions in other natural
+ settings.},
+ annote = {Revised version of \cite{Canetti:2000:SCM}.},
+ url = {http://eprint.iacr.org/2000/067},
+}
+
+@article{Canetti:2002:UCN,
+ author = {Ran Canetti and Hugo Krawczyk},
+ journal = {Lecture Notes in Computer Science},
+ pages = {337--??},
+ title = {Universally Composable Notions of Key Exchange and
+ Secure Channels},
+ volume = {2332},
+ year = {2002},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 2332/23320337.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/2332/23320337.pdf},
+}
+
+@misc{cryptoeprint:2004:332,
+ author = {Victor Shoup},
+ howpublished = {Cryptology ePrint Archive, Report 2004/332},
+ title = {Sequences of games: a tool for taming complexity in
+ security proofs},
+ year = {2004},
+ url = {http://eprint.iacr.org/2004/332},
+}
+
+@misc{cryptoeprint:2004:331,
+ author = {Mihir Bellare and Phillip Rogaway},
+ howpublished = {Cryptology ePrint Archive, Report 2004/331},
+ title = {Code-Based Game-Playing Proofs and the Security of
+ Triple Encryption},
+ year = {2004},
+ url = {http://eprint.iacr.org/2004/331},
+}
+
+@inproceedings{Shoup:2001:OR,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Victor Shoup},
+ booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 19--23, 2001: proceedings},
+ editor = {Joe Kilian},
+ pages = {239--??},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{OAEP} Reconsidered},
+ volume = {2139},
+ year = {2001},
+ isbn = {3-540-42456-3 (paperback)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 2139/21390239.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/2139/21390239.pdf},
+}
+
+@inproceedings{Bellare:1993:ROP,
+ author = {Mihir Bellare and Phillip Rogaway},
+ booktitle = {Proceedings of the First Annual Conference on
+ Computer and Communications Security},
+ organization = {{ACM}},
+ pages = {62--73},
+ title = {Random oracles are practical},
+ year = {1993},
+ url = {http://www-cse.ucsd.edu/users/mihir/papers/ro.html},
+}
+
+@article{Canetti:2004:ROM,
+ author = {Ran Canetti and Oded Goldreich and Shai Halevi},
+ journal = {Journal of the ACM},
+ month = jul,
+ number = {4},
+ pages = {557--594},
+ title = {The random oracle methodology, revisited},
+ volume = {51},
+ year = {2004},
+ issn = {0004-5411 (print), 1557-735X (electronic)},
+}
+
+@article{Boneh:2003:IBE,
+ author = {Dan Boneh and Matthew Franklin},
+ journal = {SIAM Journal on Computing},
+ month = jun,
+ number = {3},
+ pages = {586--615},
+ title = {Identity-Based Encryption from the {Weil} Pairing},
+ volume = {32},
+ year = {2003},
+ doi = {http://dx.doi.org/10.1137/S0097539701398521},
+ issn = {0097-5397 (print), 1095-7111 (electronic)},
+ url = {http://epubs.siam.org/sam-bin/dbq/article/39852},
+}
+
+@article{Shoup:1997:LBD,
+ author = {Victor Shoup},
+ journal = {Lecture Notes in Computer Science},
+ pages = {256--??},
+ title = {Lower Bounds for Discrete Logarithms and Related
+ Problems},
+ volume = {1233},
+ year = {1997},
+ issn = {0302-9743},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 1233/12330256.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/1233/12330256.pdf},
+}
+
+@article{Boneh:1998:DDP,
+ author = {D. Boneh},
+ journal = {Lecture Notes in Computer Science},
+ pages = {48--63},
+ title = {The Decision {Diffie--Hellman} Problem},
+ volume = {1423},
+ year = {1998},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://theory.stanford.edu/~dabo/papers/DDH.ps.gz},
+}
+
+@article{Bellare:1998:RAN,
+ author = {Mihir Bellare and Anand Desai and David Pointcheval and
+ Phillip Rogaway},
+ journal = {Lecture Notes in Computer Science},
+ pages = {26--??},
+ title = {Relations Among Notions of Security for Public-Key
+ Encryption Schemes},
+ volume = {1462},
+ year = {1998},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 1462/14620026.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/1462/14620026.pdf},
+}
+
+@inproceedings{ElGamal:1985:PKCb,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Taher ElGamal},
+ booktitle = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
+ editor = {George Robert Blakley and David Chaum},
+ note = {CRYPTO 84: a Workshop on the Theory and Application
+ of Cryptographic Techniques, held at the University
+ of California, Santa Barbara, August 19--22, 1984,
+ sponsored by the International Association for
+ Cryptologic Research.},
+ pages = {10--18},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {A Public Key Cryptosystem and a Signature Scheme
+ Based on Discrete Logarithms},
+ volume = {196},
+ year = {1985},
+ doi = {http://dx.doi.org/10.1007/3-540-39568-7},
+ isbn = {0-387-15658-5; 3-540-39568-7},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://www.springerlink.com/openurl.asp?genre=article&issn=?
+ ???&volume=0&issue=0&spage=10},
+}
+
+@misc{Menezes:2005:IPB,
+ author = {Alfred Menezes},
+ note = {Notes from lectures given in Santander, Spain},
+ title = {An Introduction to Pairing-Based Cryptography},
+ year = {2005},
+ url = {http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/
+ pairings.pdf},
+}
+
+@book{Schneier:1996:ACP,
+ address = {New York, NY, USA},
+ author = {Bruce Schneier},
+ edition = {Second},
+ pages = {xxiii + 758},
+ publisher = {John Wiley and Sons, Inc.},
+ title = {Applied Cryptography: Protocols, Algorithms, and
+ Source Code in {C}},
+ year = {1996},
+ isbn = {0-471-12845-7 (cloth), 0-471-11709-9 (paper)},
+ url = {http://www.counterpane.com/applied.html},
+}
+
+@misc{SEC1,
+ author = {{Certicom Research}},
+ title = {Standards for Efficient Cryptography, {SEC} 1:
+ {E}lliptic curve cryptography, Version 1.0},
+ year = {2000},
+ url = {http://www.secg.org/download/aid-385/sec1_final.pdf},
+}
+
+@misc{cryptoeprint:2006:280,
+ author = {Mario Di Raimondo and Rosario Gennaro and
+ Hugo Krawczyk},
+ howpublished = {Cryptology ePrint Archive, Report 2006/280},
+ title = {Deniable Authentication and Key Exchange},
+ year = {2006},
+ url = {http://eprint.iacr.org/2006/280},
+}
+
+@misc{rfc793,
+ author = {J. Postel},
+ howpublished = {RFC 793 (Standard)},
+ month = sep,
+ note = {Updated by RFCs 1122, 3168},
+ number = {793},
+ publisher = {IETF},
+ series = {Request for Comments},
+ title = {{Transmission Control Protocol}},
+ year = {1981},
+ url = {http://www.ietf.org/rfc/rfc793.txt},
+}
+
+@misc{rfc768,
+ author = {J. Postel},
+ howpublished = {RFC 768 (Standard)},
+ month = aug,
+ number = {768},
+ publisher = {IETF},
+ series = {Request for Comments},
+ title = {{User Datagram Protocol}},
+ year = {1980},
+ url = {http://www.ietf.org/rfc/rfc768.txt},
+}
+
+@incollection{Bellare:2000:AER,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Mihir Bellare and Chanathip Namprempre},
+ booktitle = {Advances in cryptology---ASIACRYPT 2000 (Kyoto)},
+ pages = {531--545},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Comput. Sci.},
+ title = {Authenticated Encryption: Relations among Notions and
+ Analysis of the Generic Composition Paradigm},
+ volume = {1976},
+ year = {2000},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 1976/19760531.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/1976/19760531.pdf},
+}
+
+@inproceedings{Krawczyk:2001:OEA,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ author = {Hugo Krawczyk},
+ booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 19--23, 2001: proceedings},
+ editor = {Joe Kilian},
+ pages = {310--??},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {The Order of Encryption and Authentication for
+ Protecting Communications (or: How Secure Is {SSL}?)},
+ volume = {2139},
+ year = {2001},
+ isbn = {3-540-42456-3 (paperback)},
+ url = {http://link.springer-ny.com/link/service/series/0558/bibs/
+ 2139/21390310.htm; http://link.springer-ny.com/link/service/
+ series/0558/papers/2139/21390310.pdf},
+}
+
+@article{Rogaway:2003:OBC,
+ author = {Phillip Rogaway and Mihir Bellare and John Black},
+ journal = {ACM Transactions on Information and System Security},
+ month = aug,
+ number = {3},
+ pages = {365--403},
+ title = {{OCB}: {A} block-cipher mode of operation for
+ efficient authenticated encryption},
+ volume = {6},
+ year = {2003},
+ issn = {1094-9224 (print), 1557-7406 (electronic)},
+}
+
+@inproceedings{Bellare:2004:EAX,
+ author = {Mihir Bellare and Phillip Rogaway and David Wagner},
+ booktitle = {FSE},
+ editor = {Bimal K. Roy and Willi Meier},
+ pages = {389--407},
+ publisher = {Springer},
+ series = {Lecture Notes in Computer Science},
+ title = {The {EAX} Mode of Operation},
+ volume = {3017},
+ year = {2004},
+ isbn = {3-540-22171-9},
+ url = {http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps},
+}
+
+@inproceedings{McGrew:2004:SPG,
+ author = {David A. McGrew and John Viega},
+ booktitle = {Progress in Cryptology - {INDOCRYPT} 2004, 5th
+ International Conference on Cryptology in India,
+ Chennai, India, December 20-22, 2004, Proceedings},
+ editor = {Anne Canteaut and Kapalee Viswanathan},
+ pages = {343--355},
+ publisher = {Springer},
+ series = {Lecture Notes in Computer Science},
+ title = {The Security and Performance of the Galois/Counter
+ Mode ({GCM}) of Operation},
+ volume = {3348},
+ year = {2004},
+ isbn = {3-540-24130-2},
+ url = {http://eprint.iacr.org/2004/193},
+}
+
+@inproceedings{Rogaway:2002:AEA,
+ address = {Washington, DC, USA},
+ author = {Phillip Rogaway},
+ booktitle = {Proceedings of the 9th {ACM} Conference on Computer
+ and Communications Security},
+ editor = {Ravi Sandhu},
+ month = nov,
+ pages = {98--107},
+ publisher = {ACM Press},
+ title = {Authenticated-encryption with associated-data},
+ year = {2002},
+ abstract = {When a message is transformed into a ciphertext in a
+ way designed to protect both its privacy and
+ authenticity, there may be additional information,
+ such as a packet header, that travels alongside the
+ ciphertext (at least conceptually) and must get
+ authenticated with it. We formalize and investigate
+ this authenticated-encryption with associated-data
+ (AEAD) problem. Though the problem has long been
+ addressed in cryptographic practice, it was never
+ provided a definition or even a name. We do this, and
+ go on to look at efficient solutions for AEAD, both
+ in general and for the authenticated-encryption
+ scheme OCB. For the general setting we study two
+ simple ways to turn an authenticated-encryption
+ scheme that does not support associated-data into one
+ that does: nonce stealing and ciphertext translation.
+ For the case of OCB we construct an AEAD-scheme by
+ combining OCB and the pseudorandom function PMAC,
+ using the same key for both algorithms. We prove
+ that, despite ``interaction'' between the two schemes
+ when using a common key, the combination is sound. We
+ also consider achieving AEAD by the generic
+ composition of a nonce-based, privacy-only encryption
+ scheme and a pseudorandom function.},
+ url = {http://www.cs.ucdavis.edu/~rogaway/papers/ad.html},
+}
+
+@proceedings{Desmedt:1994:ACC,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}},
+ editor = {Yvo G. Desmedt},
+ pages = {xii + 438},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{Advances in cryptology, {CRYPTO '94}: 14th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 21--25, 1994: proceedings}},
+ volume = {839},
+ year = {1994},
+ doi = {????},
+ isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t0839.htm; http://www.springerlink.com/openurl.asp?
+ genre=issue&issn=0302-9743&volume=839},
+}
+
+@proceedings{Kilian:2001:ACC,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 19--23, 2001: proceedings},
+ editor = {Joe Kilian},
+ pages = {xi + 598},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 19--23, 2001: proceedings},
+ volume = {2139},
+ year = {2001},
+ isbn = {3-540-42456-3 (paperback)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t2139.htm},
+}
+
+@proceedings{IEEE:1997:ASF,
+ address = {1109 Spring Street, Suite 300, Silver Spring, MD
+ 20910, USA},
+ booktitle = {38th Annual Symposium on Foundations of Computer
+ Science: October 20--22, 1997, Miami Beach, Florida},
+ editor = {{IEEE}},
+ note = {IEEE catalog number 97CB36150. IEEE Computer Society
+ Press order number PR08197.},
+ pages = {xiii + 606},
+ publisher = {IEEE Computer Society Press},
+ title = {38th Annual Symposium on Foundations of Computer
+ Science: October 20--22, 1997, Miami Beach, Florida},
+ year = {1997},
+ isbn = {0-8186-8197-7, 0-8186-8198-5 (casebound),
+ 0-8186-8199-3 (microfiche)},
+ issn = {0272-5428},
+}
+
+@proceedings{ACM:1995:PTS,
+ address = {New York, NY, USA},
+ booktitle = {Proceedings of the twenty-seventh annual {ACM}
+ Symposium on Theory of Computing: Las Vegas, Nevada,
+ May 29--June 1, 1995},
+ editor = {{ACM}},
+ note = {ACM order no. 508950.},
+ pages = {viii + 763},
+ publisher = {ACM Press},
+ title = {Proceedings of the twenty-seventh annual {ACM}
+ Symposium on Theory of Computing: Las Vegas, Nevada,
+ May 29--June 1, 1995},
+ year = {1995},
+ isbn = {0-89791-718-9},
+}
+
+@proceedings{ACM:1998:PTA,
+ address = {New York, NY, USA},
+ booktitle = {Proceedings of the thirtieth annual {ACM} Symposium
+ on Theory of Computing: Dallas, Texas, May 23--26,
+ 1998},
+ editor = {{ACM}},
+ note = {ACM order number 508980.},
+ pages = {x + 684},
+ publisher = {ACM Press},
+ title = {Proceedings of the thirtieth annual {ACM} Symposium
+ on Theory of Computing: Dallas, Texas, May 23--26,
+ 1998},
+ year = {1998},
+ isbn = {0-89791-962-9},
+}
+
+@proceedings{DeSantis:1995:ACE,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
+ on the Theory and Application of Cryptographic
+ Techniques, Perugia, Italy, May 9--12, 1994:
+ proceedings},
+ editor = {Alfredo {De Santis}},
+ pages = {xiii + 472},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
+ on the Theory and Application of Cryptographic
+ Techniques, Perugia, Italy, May 9--12, 1994:
+ proceedings},
+ volume = {950},
+ year = {1995},
+ isbn = {3-540-60176-7},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+}
+
+@proceedings{Coppersmith:1995:ACC,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 27--31, 1995: proceedings}},
+ editor = {Don Coppersmith},
+ note = {Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy.},
+ pages = {xii + 465},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
+ International Cryptology Conference, Santa Barbara,
+ California, {USA}, August 27--31, 1995: proceedings}},
+ volume = {963},
+ year = {1995},
+ doi = {????},
+ isbn = {3-540-60221-6 (Berlin)},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t0963.htm; http://www.springerlink.com/openurl.asp?
+ genre=issue&issn=0302-9743&volume=963},
+}
+
+@proceedings{Koblitz:1996:ACC,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {{Advances in cryptology, {CRYPTO '96}: 16th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 18--22, 1996: proceedings}},
+ editor = {Neal Koblitz},
+ note = {Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy and the Computer Science Department of
+ the University of California at Santa Barbara
+ (UCSB).},
+ pages = {xii + 415},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{Advances in cryptology, {CRYPTO '96}: 16th annual
+ international cryptology conference, Santa Barbara,
+ California, {USA}, August 18--22, 1996: proceedings}},
+ volume = {1109},
+ year = {1996},
+ annote = {``Sponsored by the International Association for
+ Cryptologic Research (IACR), in cooperation with the
+ IEEE Computer Society Technical Committee on Security
+ and Privacy and the Computer Science Department of
+ the University of California at Santa Barbara
+ (UCSB)''},
+ doi = {????},
+ isbn = {3-540-61512-1},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t1109.htm; http://www.springerlink.com/openurl.asp?
+ genre=issue&issn=0302-9743&volume=1109},
+}
+
+@proceedings{Blakley:1985:ACP,
+ address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
+ etc.},
+ booktitle = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
+ editor = {George Robert Blakley and David Chaum},
+ note = {CRYPTO 84: a Workshop on the Theory and Application
+ of Cryptographic Techniques, held at the University
+ of California, Santa Barbara, August 19--22, 1984,
+ sponsored by the International Association for
+ Cryptologic Research.},
+ pages = {ix + 491},
+ publisher = {Spring{\-}er-Ver{\-}lag},
+ series = {Lecture Notes in Computer Science},
+ title = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
+ volume = {196},
+ year = {1985},
+ doi = {http://dx.doi.org/10.1007/3-540-39568-7},
+ isbn = {0-387-15658-5; 3-540-39568-7},
+ issn = {0302-9743 (print), 1611-3349 (electronic)},
+ url = {http://link.springer-ny.com/link/service/series/0558/tocs/
+ t0196.htm; http://www.springerlink.com/content/cemajg0qmeev/
+ ; http://www.springerlink.com/openurl.asp?genre=issue&
+ issn=0302-9743&volume=196},
+}
+