7 @preamble{ " \ifx\url\undefined\let\url\texttt\fi
8 \ifx\msgid\undefined\let\msgid\texttt\fi
9 \let\mdwxxthebibliography\thebibliography
10 \def\thebibliography{\mdwxxbibhook\mdwxxthebibliography}
12 \def\biburl#1{\let\biburlsep\empty\biburlxi#1;;\done}
13 \def\biburlxi#1;{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
14 \biburlxii#1,,\done\let\biburlxafter\biburlxi\expandafter\biburlxmunch\fi}
15 \def\biburlxii#1,{\def\temp{#1}\ifx\temp\empty\expandafter\biburlxiii\else
16 \biburlsep\mdwxxurl{#1}\def\biburlsep{, }\let\biburlxafter\biburlxii
17 \expandafter\biburlxmunch\fi} \def\biburlxiii#1\done{}
18 \def\biburlxmunch{\futurelet\next\biburlxmunchi}
19 \def\biburlxmunchi{\expandafter\ifx\space\next\expandafter\biburlxmunchii
20 \else\expandafter\biburlxafter\fi}
21 \expandafter\def\expandafter\biburlxmunchii\space{\biburlxmunch}
22 \def\mdwxxbibhook{\let\mdwxxurl\url\let\url\biburl} \ifx \k \undefined \let
23 \k = \c \immediate\write16{Ogonek accent unavailable: replaced by cedilla}
24 \fi\input bibnames.sty\input path.sty\ifx \undefined \mathrm \def \mathrm
25 #1{{\rm #1}}\fi\hyphenation{ Cher-vo-nen-kis Eh-ren-feucht Hal-pern Jean-ette
26 Kam-eda Leigh-ton Mehl-horn Metro-po-lis Pra-sad Prep-a-ra-ta Press-er
27 Pros-ku-row-ski Ros-en-krantz Ru-dolph Schie-ber Schnei-der Te-zu-ka
28 Vis-wa-na-than Yech-ez-kel Yech-i-ali data-base data-bases dead-lock
29 poly-adic }\ifx \undefined \mathbb \def \mathbb #1{{\bf #1}}\fi\hyphenation{
30 Ay-ka-nat Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li Reut-e-nau-er
31 Thiel-sch-er }\ifx \undefined \mathbf \def \mathbf #1{{\bf #1}}\fi\ifx
32 \undefined \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ Ay-ka-nat
33 Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li Reut-e-nau-er Thiel-sch-er
34 }\ifx \undefined \eth \def \eth {{\font\ethfont = msbm10 \ethfont g}} \fi\ifx
35 \undefined \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathcal \def
36 \mathcal #1{{\cal #1}}\fi\ifx \undefined \TM \def \TM {${}^{\sc TM}$}
37 \fi\hyphenation{ Ay-ka-nat Giun-chi-glia Lakh-neche Mal-er-ba Mart-el-li
38 Reut-e-nau-er Thiel-sch-er }\ifx \undefined \bbb \def \bbb #1{\mathbb{#1}}
39 \fi\ifx \undefined \circled \def \circled #1{(#1)}\fi\ifx \undefined \mathbb
40 \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathbf \def \mathbf #1{{\bf
41 #1}}\fi\ifx \undefined \mathcal \def \mathcal #1{{\cal #1}}\fi\ifx \undefined
42 \mathrm \def \mathrm #1{{\rm #1}}\fi\ifx \undefined \ocirc \def \ocirc
43 #1{{\accent'27#1}}\fi\ifx \undefined \reg \def \reg {\circled{R}}\fi\ifx
44 \undefined \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ }\ifx \undefined
45 \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \Dbar \def
46 \Dbar {\leavevmode\raise0.2ex\hbox{--}\kern-0.5emD} \fi\ifx \undefined
47 \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
48 #1{{\rm #1}}\fi\ifx \undefined \operatorname \def \operatorname #1{{\rm
49 #1}}\fi\hyphenation{ Aba-di Arch-ives Ding-yi for-ge-ry Go-pa-la-krish-nan
50 Hi-de-ki Kraw-czyk Lands-verk Law-rence Leigh-ton Mich-ael Moell-er
51 North-ridge para-digm para-digms Piep-rzyk Piv-e-teau Ram-kilde
52 Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey Ste-ph-en The-o-dore Tho-m-as
53 Tzone-lih venge-ance Will-iam Ye-sh-i-va }\ifx \undefined \bbb \def \bbb
54 #1{\mathbb{#1}} \fi\ifx \undefined \circled \def \circled #1{(#1)}\fi\ifx
55 \undefined \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined
56 \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
57 #1{{\rm #1}}\fi\ifx \undefined \reg \def \reg {\circled{R}}\fi\ifx \undefined
58 \TM \def \TM {${}^{\sc TM}$} \fi\hyphenation{ Aba-di Arch-ives Ding-yi
59 for-ge-ry Go-pa-la-krish-nan Hi-de-ki Kraw-czyk Lands-verk Law-rence
60 Leigh-ton Mich-ael Moell-er North-ridge para-digm para-digms Piep-rzyk
61 Piv-e-teau Ram-kilde Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey
62 Ste-ph-en The-o-dore Tho-m-as Tzone-lih venge-ance Will-iam Ye-sh-i-va }\ifx
63 \undefined \bbb \def \bbb #1{\mathbb{#1}} \fi\ifx \undefined \cprime \def
64 \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \mathbb \def \mathbb
65 #1{{\bf #1}}\fi\ifx \undefined \mathcal \def \mathcal #1{{\cal #1}}\fi\ifx
66 \undefined \mathrm \def \mathrm #1{{\rm #1}}\fi\hyphenation{ }\ifx \undefined
67 \cprime \def \cprime {$\mathsurround=0pt '$}\fi\ifx \undefined \Dbar \def
68 \Dbar {\leavevmode\raise0.2ex\hbox{--}\kern-0.5emD} \fi\ifx \undefined
69 \mathbb \def \mathbb #1{{\bf #1}}\fi\ifx \undefined \mathrm \def \mathrm
70 #1{{\rm #1}}\fi\ifx \undefined \operatorname \def \operatorname #1{{\rm
71 #1}}\fi\hyphenation{ Aba-di Arch-ives Ding-yi for-ge-ry Go-pa-la-krish-nan
72 Hi-de-ki Kraw-czyk Lands-verk Law-rence Leigh-ton Mich-ael Moell-er
73 North-ridge para-digm para-digms Piep-rzyk Piv-e-teau Ram-kilde
74 Re-tro-fit-ting Rich-ard Sho-stak Si-ro-mo-n-ey Ste-ph-en The-o-dore Tho-m-as
75 Tzone-lih venge-ance Will-iam Ye-sh-i-va }"
82 @misc{cryptoeprint:2006:337,
83 author = {D.R. Stinson and J. Wu},
84 howpublished = {Cryptology ePrint Archive, Report 2006/337},
85 title = {An Efficient and Secure Two-flow Zero-Knowledge
86 Identification Protocol},
88 url = {http://eprint.iacr.org/2006/337},
91 @misc{cryptoeprint:1999:012,
92 author = {Victor Shoup},
93 howpublished = {Cryptology ePrint Archive, Report 1999/012},
94 title = {On Formal Models for Secure Key Exchange},
96 url = {http://eprint.iacr.org/1999/012},
99 @misc{cryptoeprint:2006:229,
100 author = {Neal Koblitz and Alfred Menezes},
101 howpublished = {Cryptology ePrint Archive, Report 2006/229},
102 title = {Another Look at "Provable Security". II},
104 url = {http://eprint.iacr.org/2006/229},
107 @inproceedings{Bellare:1994:SCB,
108 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
110 author = {Mihir Bellare and Joe Kilian and Phillip Rogaway},
111 booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
112 international cryptology conference, Santa Barbara,
113 California, {USA}, August 21--25, 1994: proceedings}},
114 editor = {Yvo G. Desmedt},
116 publisher = {Spring{\-}er-Ver{\-}lag},
117 series = {Lecture Notes in Computer Science},
118 title = {The Security of Cipher Block Chaining},
122 isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
123 issn = {0302-9743 (print), 1611-3349 (electronic)},
124 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
125 0839/08390341.htm; http://link.springer-ny.com/link/service/
126 series/0558/papers/0839/08390341.pdf},
129 @inproceedings{Bellare:1995:XMN,
130 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
132 author = {Mihir Bellare and Roch Gu{\'e}rin and
134 booktitle = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
135 International Cryptology Conference, Santa Barbara,
136 California, {USA}, August 27--31, 1995: proceedings}},
137 editor = {Don Coppersmith},
138 note = {Sponsored by the International Association for
139 Cryptologic Research (IACR), in cooperation with the
140 IEEE Computer Society Technical Committee on Security
143 publisher = {Spring{\-}er-Ver{\-}lag},
144 series = {Lecture Notes in Computer Science},
145 title = {{XOR MACs}: New methods for message authentication
146 using finite pseudorandom functions},
150 isbn = {3-540-60221-6 (Berlin)},
151 issn = {0302-9743 (print), 1611-3349 (electronic)},
152 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
153 t0963.htm; http://www.springerlink.com/openurl.asp?
154 genre=issue&issn=0302-9743&volume=963},
157 @inproceedings{Bellare:1995:OAE,
158 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
160 author = {M. Bellare and P. Rogaway},
161 booktitle = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
162 on the Theory and Application of Cryptographic
163 Techniques, Perugia, Italy, May 9--12, 1994:
165 editor = {Alfredo {De Santis}},
167 publisher = {Spring{\-}er-Ver{\-}lag},
168 series = {Lecture Notes in Computer Science},
169 title = {Optimal asymmetric encryption},
172 isbn = {3-540-60176-7},
173 issn = {0302-9743 (print), 1611-3349 (electronic)},
174 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
175 0950/09500092.htm; http://link.springer-ny.com/link/service/
176 series/0558/papers/0950/09500092.pdf},
179 @article{Bellare:1996:ESD,
180 author = {Mihir Bellare and Phillip Rogaway},
181 journal = {Lecture Notes in Computer Science},
183 title = {The exact security of digital signatures --- how to
184 sign with {RSA} and {Rabin}},
187 issn = {0302-9743 (print), 1611-3349 (electronic)},
188 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
189 1070/10700399.htm; http://link.springer-ny.com/link/service/
190 series/0558/papers/1070/10700399.pdf},
193 @inproceedings{Bellare:1996:KHF,
194 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
196 author = {Mihir Bellare and Ran Canetti and Hugo Krawczyk},
197 booktitle = {{Advances in cryptology, {CRYPTO '96}: 16th annual
198 international cryptology conference, Santa Barbara,
199 California, {USA}, August 18--22, 1996: proceedings}},
200 editor = {Neal Koblitz},
201 note = {Sponsored by the International Association for
202 Cryptologic Research (IACR), in cooperation with the
203 IEEE Computer Society Technical Committee on Security
204 and Privacy and the Computer Science Department of
205 the University of California at Santa Barbara
208 publisher = {Spring{\-}er-Ver{\-}lag},
209 series = {Lecture Notes in Computer Science},
210 title = {Keying Hash Functions for Message Authentication},
213 annote = {``Sponsored by the International Association for
214 Cryptologic Research (IACR), in cooperation with the
215 IEEE Computer Society Technical Committee on Security
216 and Privacy and the Computer Science Department of
217 the University of California at Santa Barbara
220 isbn = {3-540-61512-1},
221 issn = {0302-9743 (print), 1611-3349 (electronic)},
222 url = {Full version: http://www.research.ibm.com/security/; http://
223 link.springer-ny.com/link/service/series/0558/bibs/1109/
224 11090001.htm; http://link.springer-ny.com/link/service/
225 series/0558/papers/1109/11090001.pdf},
228 @inproceedings{Bellare:1997:CST,
229 address = {1109 Spring Street, Suite 300, Silver Spring, MD
231 author = {M. Bellare and A. Desai and E. Jokipii and
233 booktitle = {38th Annual Symposium on Foundations of Computer
234 Science: October 20--22, 1997, Miami Beach, Florida},
236 note = {IEEE catalog number 97CB36150. IEEE Computer Society
237 Press order number PR08197.},
239 publisher = {IEEE Computer Society Press},
240 title = {A concrete security treatment of symmetric
243 isbn = {0-8186-8197-7, 0-8186-8198-5 (casebound),
244 0-8186-8199-3 (microfiche)},
248 @article{Bellare:1999:POP,
249 author = {M. Bellare},
250 journal = {Lecture Notes in Computer Science},
252 title = {Practice-Oriented Provable Security},
255 issn = {0302-9743 (print), 1611-3349 (electronic)},
258 @techreport{Burrows:1989:LAa,
259 author = {Michael Burrows and Martin Abadi and Roger Needham},
260 institution = {Digital Equipment Corporation, Systems Research
265 title = {A Logic of Authentication},
267 abstract = {Questions of belief are essential in analyzing
268 protocols for authentication in distributed computing
269 systems. In this paper we motivate, set out, and
270 exemplify a logic specifically designed for this
271 analysis; we show how various protocols differ subtly
272 with respect to the required initial assumptions of
273 the participants and their final beliefs. Our
274 formalism has enabled us to isolate and express these
275 differences with a precision that was not previously
276 possible. It has drawn attention to features of
277 protocols of which we and their authors were
278 previously unaware, and allowed us to suggest
279 improvements to the protocols. The reasoning about
280 some protocols has been mechanically verified. This
281 paper starts with an informal account of the problem,
282 goes on to explain the formalism to be used, and
283 gives examples of its application to protocols from
284 the literature, both with conventional shared-key
285 cryptography and with public-key cryptography. Some
286 of the examples are chosen because of their practical
287 importance, while others serve to illustrate subtle
288 points of the logic and to explain how we use it. We
289 discuss extensions of the logic motivated by actual
290 practice -- for example, in order to account for the
291 use of hash functions in signatures. The final
292 sections contain a formal semantics of the logic and
296 @inproceedings{Bellare:1994:EAK,
297 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
299 author = {Mihir Bellare and Phillip Rogaway},
300 booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
301 international cryptology conference, Santa Barbara,
302 California, {USA}, August 21--25, 1994: proceedings}},
303 editor = {Yvo G. Desmedt},
305 publisher = {Spring{\-}er-Ver{\-}lag},
306 series = {Lecture Notes in Computer Science},
307 title = {Entity Authentication and Key Distribution},
311 isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
312 issn = {0302-9743 (print), 1611-3349 (electronic)},
313 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
314 0773/07730232.htm; http://link.springer-ny.com/link/service/
315 series/0558/papers/0773/07730232.pdf},
318 @inproceedings{Bellare:1995:PSS,
319 address = {New York, NY, USA},
320 author = {Mihir Bellare and Phillip Rogaway},
321 booktitle = {Proceedings of the twenty-seventh annual {ACM}
322 Symposium on Theory of Computing: Las Vegas, Nevada,
323 May 29--June 1, 1995},
325 note = {ACM order no. 508950.},
327 publisher = {ACM Press},
328 title = {Provably secure session key distribution: the three
331 isbn = {0-89791-718-9},
332 url = {http://www.acm.org/pubs/citations/proceedings/stoc/225058/
333 p57-bellare/; http://www.acm.org/pubs/articles/proceedings/
334 stoc/225058/p57-bellare/p57-bellare.pdf},
337 @article{Blake-Wilson:1997:KAP,
338 author = {S. Blake-Wilson and D. Johnson and A. Menezes},
339 journal = {Lecture Notes in Computer Science},
341 title = {Key Agreement Protocols and Their Security Analysis},
347 @article{Blake-Wilson:1998:EAA,
348 author = {S. Blake-Wilson and A. Menezes},
349 journal = {Lecture Notes in Computer Science},
351 title = {Entity Authentication and Authenticated Key Transport
352 Protocols Employing Asymmetric Techniques},
358 @inproceedings{Bellare:1998:MAD,
359 address = {New York, NY, USA},
360 author = {Mihir Bellare and Ran Canetti and Hugo Krawczyk},
361 booktitle = {Proceedings of the thirtieth annual {ACM} Symposium
362 on Theory of Computing: Dallas, Texas, May 23--26,
365 note = {ACM order number 508980.},
367 publisher = {ACM Press},
368 title = {A modular approach to the design and analysis of
369 authentication and key exchange protocols (extended
372 isbn = {0-89791-962-9},
373 url = {http://www.acm.org/pubs/citations/proceedings/stoc/276698/
374 p419-bellare/; http://www.acm.org/pubs/articles/proceedings/
375 stoc/276698/p419-bellare/p419-bellare.pdf},
378 @misc{cryptoeprint:2001:040,
379 author = {Ran Canetti and Hugo Krawczyk},
380 howpublished = {Cryptology ePrint Archive, Report 2001/040},
381 title = {Analysis of Key-Exchange Protocols and Their Use for
382 Building Secure Channels},
384 url = {http://eprint.iacr.org/2001/040},
387 @article{Canetti:2001:AKE,
388 author = {Ran Canetti and Hugo Krawczyk},
389 journal = {Lecture Notes in Computer Science},
391 title = {Analysis of Key-Exchange Protocols and Their Use for
392 Building Secure Channels},
396 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
397 2045/20450453.htm; http://link.springer-ny.com/link/service/
398 series/0558/papers/2045/20450453.pdf},
401 @techreport{Canetti:2001:UCS,
402 author = {Ran Canetti},
403 institution = {Cryptology {ePrint} Archive},
405 note = {Extended Abstract appeared in proceedings of the 42nd
406 Symposium on Foundations of Computer Science (FOCS),
410 title = {Universally Composable Security: {A} New Paradigm for
411 Cryptographic Protocols},
413 abstract = {We propose a new paradigm for defining security of
414 cryptographic protocols, called {\sf universally
415 composable security.} The salient property of
416 universally composable definitions of security is
417 that they guarantee security even when a secure
418 protocol is composed with an arbitrary set of
419 protocols, or more generally when the protocol is
420 used as a component of an arbitrary system. This is
421 an essential property for maintaining security of
422 cryptographic protocols in complex and unpredictable
423 environments such as the Internet. In particular,
424 universally composable definitions guarantee security
425 even when an unbounded number of protocol instances
426 are executed concurrently in an adversarially
427 controlled manner, they guarantee non-malleability
428 with respect to arbitrary protocols, and more. We
429 show how to formulate universally composable
430 definitions of security for practically any
431 cryptographic task. Furthermore, we demonstrate that
432 practically any such definition can be realized using
433 known general techniques, as long as only a minority
434 of the participants are corrupted. We then proceed to
435 formulate universally composable definitions of a
436 wide array of cryptographic tasks, including
437 authenticated and secure communication, key-exchange,
438 public-key encryption, signature, commitment,
439 oblivious transfer, zero-knowledge, and more. We also
440 make initial steps towards studying the realizability
441 of the proposed definitions in other natural
443 annote = {Revised version of \cite{Canetti:2000:SCM}.},
444 url = {http://eprint.iacr.org/2000/067},
447 @article{Canetti:2002:UCN,
448 author = {Ran Canetti and Hugo Krawczyk},
449 journal = {Lecture Notes in Computer Science},
451 title = {Universally Composable Notions of Key Exchange and
455 issn = {0302-9743 (print), 1611-3349 (electronic)},
456 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
457 2332/23320337.htm; http://link.springer-ny.com/link/service/
458 series/0558/papers/2332/23320337.pdf},
461 @misc{cryptoeprint:2004:332,
462 author = {Victor Shoup},
463 howpublished = {Cryptology ePrint Archive, Report 2004/332},
464 title = {Sequences of games: a tool for taming complexity in
467 url = {http://eprint.iacr.org/2004/332},
470 @misc{cryptoeprint:2004:331,
471 author = {Mihir Bellare and Phillip Rogaway},
472 howpublished = {Cryptology ePrint Archive, Report 2004/331},
473 title = {Code-Based Game-Playing Proofs and the Security of
476 url = {http://eprint.iacr.org/2004/331},
479 @inproceedings{Shoup:2001:OR,
480 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
482 author = {Victor Shoup},
483 booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
484 International Cryptology Conference, Santa Barbara,
485 California, {USA}, August 19--23, 2001: proceedings},
486 editor = {Joe Kilian},
488 publisher = {Spring{\-}er-Ver{\-}lag},
489 series = {Lecture Notes in Computer Science},
490 title = {{OAEP} Reconsidered},
493 isbn = {3-540-42456-3 (paperback)},
494 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
495 2139/21390239.htm; http://link.springer-ny.com/link/service/
496 series/0558/papers/2139/21390239.pdf},
499 @inproceedings{Bellare:1993:ROP,
500 author = {Mihir Bellare and Phillip Rogaway},
501 booktitle = {Proceedings of the First Annual Conference on
502 Computer and Communications Security},
503 organization = {{ACM}},
505 title = {Random oracles are practical},
507 url = {http://www-cse.ucsd.edu/users/mihir/papers/ro.html},
510 @article{Canetti:2004:ROM,
511 author = {Ran Canetti and Oded Goldreich and Shai Halevi},
512 journal = {Journal of the ACM},
516 title = {The random oracle methodology, revisited},
519 issn = {0004-5411 (print), 1557-735X (electronic)},
522 @article{Boneh:2003:IBE,
523 author = {Dan Boneh and Matthew Franklin},
524 journal = {SIAM Journal on Computing},
528 title = {Identity-Based Encryption from the {Weil} Pairing},
531 doi = {http://dx.doi.org/10.1137/S0097539701398521},
532 issn = {0097-5397 (print), 1095-7111 (electronic)},
533 url = {http://epubs.siam.org/sam-bin/dbq/article/39852},
536 @article{Shoup:1997:LBD,
537 author = {Victor Shoup},
538 journal = {Lecture Notes in Computer Science},
540 title = {Lower Bounds for Discrete Logarithms and Related
545 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
546 1233/12330256.htm; http://link.springer-ny.com/link/service/
547 series/0558/papers/1233/12330256.pdf},
550 @article{Boneh:1998:DDP,
552 journal = {Lecture Notes in Computer Science},
554 title = {The Decision {Diffie--Hellman} Problem},
557 issn = {0302-9743 (print), 1611-3349 (electronic)},
558 url = {http://theory.stanford.edu/~dabo/papers/DDH.ps.gz},
561 @article{Bellare:1998:RAN,
562 author = {Mihir Bellare and Anand Desai and David Pointcheval and
564 journal = {Lecture Notes in Computer Science},
566 title = {Relations Among Notions of Security for Public-Key
570 issn = {0302-9743 (print), 1611-3349 (electronic)},
571 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
572 1462/14620026.htm; http://link.springer-ny.com/link/service/
573 series/0558/papers/1462/14620026.pdf},
576 @inproceedings{ElGamal:1985:PKCb,
577 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
579 author = {Taher ElGamal},
580 booktitle = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
581 editor = {George Robert Blakley and David Chaum},
582 note = {CRYPTO 84: a Workshop on the Theory and Application
583 of Cryptographic Techniques, held at the University
584 of California, Santa Barbara, August 19--22, 1984,
585 sponsored by the International Association for
586 Cryptologic Research.},
588 publisher = {Spring{\-}er-Ver{\-}lag},
589 series = {Lecture Notes in Computer Science},
590 title = {A Public Key Cryptosystem and a Signature Scheme
591 Based on Discrete Logarithms},
594 doi = {http://dx.doi.org/10.1007/3-540-39568-7},
595 isbn = {0-387-15658-5; 3-540-39568-7},
596 issn = {0302-9743 (print), 1611-3349 (electronic)},
597 url = {http://www.springerlink.com/openurl.asp?genre=article&issn=?
598 ???&volume=0&issue=0&spage=10},
601 @misc{Menezes:2005:IPB,
602 author = {Alfred Menezes},
603 note = {Notes from lectures given in Santander, Spain},
604 title = {An Introduction to Pairing-Based Cryptography},
606 url = {http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/
610 @book{Schneier:1996:ACP,
611 address = {New York, NY, USA},
612 author = {Bruce Schneier},
614 pages = {xxiii + 758},
615 publisher = {John Wiley and Sons, Inc.},
616 title = {Applied Cryptography: Protocols, Algorithms, and
619 isbn = {0-471-12845-7 (cloth), 0-471-11709-9 (paper)},
620 url = {http://www.counterpane.com/applied.html},
624 author = {{Certicom Research}},
625 title = {Standards for Efficient Cryptography, {SEC} 1:
626 {E}lliptic curve cryptography, Version 1.0},
628 url = {http://www.secg.org/download/aid-385/sec1_final.pdf},
631 @misc{cryptoeprint:2006:280,
632 author = {Mario Di Raimondo and Rosario Gennaro and
634 howpublished = {Cryptology ePrint Archive, Report 2006/280},
635 title = {Deniable Authentication and Key Exchange},
637 url = {http://eprint.iacr.org/2006/280},
641 author = {J. Postel},
642 howpublished = {RFC 793 (Standard)},
644 note = {Updated by RFCs 1122, 3168},
647 series = {Request for Comments},
648 title = {{Transmission Control Protocol}},
650 url = {http://www.ietf.org/rfc/rfc793.txt},
654 author = {J. Postel},
655 howpublished = {RFC 768 (Standard)},
659 series = {Request for Comments},
660 title = {{User Datagram Protocol}},
662 url = {http://www.ietf.org/rfc/rfc768.txt},
665 @incollection{Bellare:2000:AER,
666 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
668 author = {Mihir Bellare and Chanathip Namprempre},
669 booktitle = {Advances in cryptology---ASIACRYPT 2000 (Kyoto)},
671 publisher = {Spring{\-}er-Ver{\-}lag},
672 series = {Lecture Notes in Comput. Sci.},
673 title = {Authenticated Encryption: Relations among Notions and
674 Analysis of the Generic Composition Paradigm},
677 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
678 1976/19760531.htm; http://link.springer-ny.com/link/service/
679 series/0558/papers/1976/19760531.pdf},
682 @inproceedings{Krawczyk:2001:OEA,
683 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
685 author = {Hugo Krawczyk},
686 booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
687 International Cryptology Conference, Santa Barbara,
688 California, {USA}, August 19--23, 2001: proceedings},
689 editor = {Joe Kilian},
691 publisher = {Spring{\-}er-Ver{\-}lag},
692 series = {Lecture Notes in Computer Science},
693 title = {The Order of Encryption and Authentication for
694 Protecting Communications (or: How Secure Is {SSL}?)},
697 isbn = {3-540-42456-3 (paperback)},
698 url = {http://link.springer-ny.com/link/service/series/0558/bibs/
699 2139/21390310.htm; http://link.springer-ny.com/link/service/
700 series/0558/papers/2139/21390310.pdf},
703 @article{Rogaway:2003:OBC,
704 author = {Phillip Rogaway and Mihir Bellare and John Black},
705 journal = {ACM Transactions on Information and System Security},
709 title = {{OCB}: {A} block-cipher mode of operation for
710 efficient authenticated encryption},
713 issn = {1094-9224 (print), 1557-7406 (electronic)},
716 @inproceedings{Bellare:2004:EAX,
717 author = {Mihir Bellare and Phillip Rogaway and David Wagner},
719 editor = {Bimal K. Roy and Willi Meier},
721 publisher = {Springer},
722 series = {Lecture Notes in Computer Science},
723 title = {The {EAX} Mode of Operation},
726 isbn = {3-540-22171-9},
727 url = {http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps},
730 @inproceedings{McGrew:2004:SPG,
731 author = {David A. McGrew and John Viega},
732 booktitle = {Progress in Cryptology - {INDOCRYPT} 2004, 5th
733 International Conference on Cryptology in India,
734 Chennai, India, December 20-22, 2004, Proceedings},
735 editor = {Anne Canteaut and Kapalee Viswanathan},
737 publisher = {Springer},
738 series = {Lecture Notes in Computer Science},
739 title = {The Security and Performance of the Galois/Counter
740 Mode ({GCM}) of Operation},
743 isbn = {3-540-24130-2},
744 url = {http://eprint.iacr.org/2004/193},
747 @inproceedings{Rogaway:2002:AEA,
748 address = {Washington, DC, USA},
749 author = {Phillip Rogaway},
750 booktitle = {Proceedings of the 9th {ACM} Conference on Computer
751 and Communications Security},
752 editor = {Ravi Sandhu},
755 publisher = {ACM Press},
756 title = {Authenticated-encryption with associated-data},
758 abstract = {When a message is transformed into a ciphertext in a
759 way designed to protect both its privacy and
760 authenticity, there may be additional information,
761 such as a packet header, that travels alongside the
762 ciphertext (at least conceptually) and must get
763 authenticated with it. We formalize and investigate
764 this authenticated-encryption with associated-data
765 (AEAD) problem. Though the problem has long been
766 addressed in cryptographic practice, it was never
767 provided a definition or even a name. We do this, and
768 go on to look at efficient solutions for AEAD, both
769 in general and for the authenticated-encryption
770 scheme OCB. For the general setting we study two
771 simple ways to turn an authenticated-encryption
772 scheme that does not support associated-data into one
773 that does: nonce stealing and ciphertext translation.
774 For the case of OCB we construct an AEAD-scheme by
775 combining OCB and the pseudorandom function PMAC,
776 using the same key for both algorithms. We prove
777 that, despite ``interaction'' between the two schemes
778 when using a common key, the combination is sound. We
779 also consider achieving AEAD by the generic
780 composition of a nonce-based, privacy-only encryption
781 scheme and a pseudorandom function.},
782 url = {http://www.cs.ucdavis.edu/~rogaway/papers/ad.html},
785 @proceedings{Desmedt:1994:ACC,
786 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
788 booktitle = {{Advances in cryptology, {CRYPTO '94}: 14th annual
789 international cryptology conference, Santa Barbara,
790 California, {USA}, August 21--25, 1994: proceedings}},
791 editor = {Yvo G. Desmedt},
793 publisher = {Spring{\-}er-Ver{\-}lag},
794 series = {Lecture Notes in Computer Science},
795 title = {{Advances in cryptology, {CRYPTO '94}: 14th annual
796 international cryptology conference, Santa Barbara,
797 California, {USA}, August 21--25, 1994: proceedings}},
801 isbn = {3-540-58333-5 (Berlin), 0-387-58333-5 (New York)},
802 issn = {0302-9743 (print), 1611-3349 (electronic)},
803 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
804 t0839.htm; http://www.springerlink.com/openurl.asp?
805 genre=issue&issn=0302-9743&volume=839},
808 @proceedings{Kilian:2001:ACC,
809 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
811 booktitle = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
812 International Cryptology Conference, Santa Barbara,
813 California, {USA}, August 19--23, 2001: proceedings},
814 editor = {Joe Kilian},
816 publisher = {Spring{\-}er-Ver{\-}lag},
817 series = {Lecture Notes in Computer Science},
818 title = {Advances in cryptology --- {CRYPTO} 2001: 21st Annual
819 International Cryptology Conference, Santa Barbara,
820 California, {USA}, August 19--23, 2001: proceedings},
823 isbn = {3-540-42456-3 (paperback)},
824 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
828 @proceedings{IEEE:1997:ASF,
829 address = {1109 Spring Street, Suite 300, Silver Spring, MD
831 booktitle = {38th Annual Symposium on Foundations of Computer
832 Science: October 20--22, 1997, Miami Beach, Florida},
834 note = {IEEE catalog number 97CB36150. IEEE Computer Society
835 Press order number PR08197.},
836 pages = {xiii + 606},
837 publisher = {IEEE Computer Society Press},
838 title = {38th Annual Symposium on Foundations of Computer
839 Science: October 20--22, 1997, Miami Beach, Florida},
841 isbn = {0-8186-8197-7, 0-8186-8198-5 (casebound),
842 0-8186-8199-3 (microfiche)},
846 @proceedings{ACM:1995:PTS,
847 address = {New York, NY, USA},
848 booktitle = {Proceedings of the twenty-seventh annual {ACM}
849 Symposium on Theory of Computing: Las Vegas, Nevada,
850 May 29--June 1, 1995},
852 note = {ACM order no. 508950.},
853 pages = {viii + 763},
854 publisher = {ACM Press},
855 title = {Proceedings of the twenty-seventh annual {ACM}
856 Symposium on Theory of Computing: Las Vegas, Nevada,
857 May 29--June 1, 1995},
859 isbn = {0-89791-718-9},
862 @proceedings{ACM:1998:PTA,
863 address = {New York, NY, USA},
864 booktitle = {Proceedings of the thirtieth annual {ACM} Symposium
865 on Theory of Computing: Dallas, Texas, May 23--26,
868 note = {ACM order number 508980.},
870 publisher = {ACM Press},
871 title = {Proceedings of the thirtieth annual {ACM} Symposium
872 on Theory of Computing: Dallas, Texas, May 23--26,
875 isbn = {0-89791-962-9},
878 @proceedings{DeSantis:1995:ACE,
879 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
881 booktitle = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
882 on the Theory and Application of Cryptographic
883 Techniques, Perugia, Italy, May 9--12, 1994:
885 editor = {Alfredo {De Santis}},
886 pages = {xiii + 472},
887 publisher = {Spring{\-}er-Ver{\-}lag},
888 series = {Lecture Notes in Computer Science},
889 title = {Advances in cryptology --- {EUROCRYPT} '94: Workshop
890 on the Theory and Application of Cryptographic
891 Techniques, Perugia, Italy, May 9--12, 1994:
895 isbn = {3-540-60176-7},
896 issn = {0302-9743 (print), 1611-3349 (electronic)},
899 @proceedings{Coppersmith:1995:ACC,
900 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
902 booktitle = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
903 International Cryptology Conference, Santa Barbara,
904 California, {USA}, August 27--31, 1995: proceedings}},
905 editor = {Don Coppersmith},
906 note = {Sponsored by the International Association for
907 Cryptologic Research (IACR), in cooperation with the
908 IEEE Computer Society Technical Committee on Security
911 publisher = {Spring{\-}er-Ver{\-}lag},
912 series = {Lecture Notes in Computer Science},
913 title = {{Advances in cryptology, {CRYPTO '95}: 15th Annual
914 International Cryptology Conference, Santa Barbara,
915 California, {USA}, August 27--31, 1995: proceedings}},
919 isbn = {3-540-60221-6 (Berlin)},
920 issn = {0302-9743 (print), 1611-3349 (electronic)},
921 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
922 t0963.htm; http://www.springerlink.com/openurl.asp?
923 genre=issue&issn=0302-9743&volume=963},
926 @proceedings{Koblitz:1996:ACC,
927 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
929 booktitle = {{Advances in cryptology, {CRYPTO '96}: 16th annual
930 international cryptology conference, Santa Barbara,
931 California, {USA}, August 18--22, 1996: proceedings}},
932 editor = {Neal Koblitz},
933 note = {Sponsored by the International Association for
934 Cryptologic Research (IACR), in cooperation with the
935 IEEE Computer Society Technical Committee on Security
936 and Privacy and the Computer Science Department of
937 the University of California at Santa Barbara
940 publisher = {Spring{\-}er-Ver{\-}lag},
941 series = {Lecture Notes in Computer Science},
942 title = {{Advances in cryptology, {CRYPTO '96}: 16th annual
943 international cryptology conference, Santa Barbara,
944 California, {USA}, August 18--22, 1996: proceedings}},
947 annote = {``Sponsored by the International Association for
948 Cryptologic Research (IACR), in cooperation with the
949 IEEE Computer Society Technical Committee on Security
950 and Privacy and the Computer Science Department of
951 the University of California at Santa Barbara
954 isbn = {3-540-61512-1},
955 issn = {0302-9743 (print), 1611-3349 (electronic)},
956 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
957 t1109.htm; http://www.springerlink.com/openurl.asp?
958 genre=issue&issn=0302-9743&volume=1109},
961 @proceedings{Blakley:1985:ACP,
962 address = {Berlin, Germany~/ Heidelberg, Germany~/ London, UK~/
964 booktitle = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
965 editor = {George Robert Blakley and David Chaum},
966 note = {CRYPTO 84: a Workshop on the Theory and Application
967 of Cryptographic Techniques, held at the University
968 of California, Santa Barbara, August 19--22, 1984,
969 sponsored by the International Association for
970 Cryptologic Research.},
972 publisher = {Spring{\-}er-Ver{\-}lag},
973 series = {Lecture Notes in Computer Science},
974 title = {{Advances in Cryptology: Proceedings of CRYPTO 84}},
977 doi = {http://dx.doi.org/10.1007/3-540-39568-7},
978 isbn = {0-387-15658-5; 3-540-39568-7},
979 issn = {0302-9743 (print), 1611-3349 (electronic)},
980 url = {http://link.springer-ny.com/link/service/series/0558/tocs/
981 t0196.htm; http://www.springerlink.com/content/cemajg0qmeev/
982 ; http://www.springerlink.com/openurl.asp?genre=issue&
983 issn=0302-9743&volume=196},
~mdw / tripe / blob