DOCSLIB.ORG

A Bibliography of Papers in Lecture Notes in Computer Science (1994)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Bibliography of Papers in Lecture Notes in Computer Science (1994) A Bibliography of Papers in Lecture Notes in Computer Science (1994) Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 11 March 2017 Version 1.27 Title word cross-reference p [2640]. π [2136, 2294, 2138, 1568, 2137, 1585]. pi=4 [554]. q [346]. r [2631]. t [1507]. v [2070]. w (1+,λ) [3101]. (s; t) [2700]. 0 [2716]. 1 [1175]. Z [1227]. [2716]. 16 [2245]. 2 [3492, 874, 633, 1887, 1891, 1116, 1872, 872]. - [1202, 2070, 2716, 2162]. -adic [2640]. -ary 2k − 1 [1202]. 3 [2593, 2207]. -Best [2077]. -Body [1074, 3282, 1048, 2075, 2480, 1883, 1097, [3482, 898]. -Calculus 3284, 1887, 1891, 2760, 1116, 1059, 1885, [2294, 3317, 1568, 2136, 2138, 2137, 754, 1585]. 1870, 1088, 1203, 1872, 1119, 1082, 3377, -categorical [633]. -Clustering [354]. 1037, 1091, 1108, 1121, 876]. 8 [539]. k [339]. -Coloring [2037]. -Cube [2586]. -cubes 2 [2217]. D [1202, 2162]. f [2291, 2037]. h [2593]. -D [2070]. k [1202, 1733, 354, 2593, 1974, 2053, [3492, 1048, 2480, 1887, 1116, 1059, 1091, 62]. 1848, 306, 2312, 2039, 2077, 2162, 1865]. k=n -Dimensional [539, 1203, 3377, 1097]. [573]. L [3560]. Lp [374]. λ∆ [754]. m [106]. -DQPSK [554]. -Edge-Connect [2039]. NCk(NP)=ACk−1(NP) [341]. µ [3317]. N -Grammars [346]. -Interpretation [2168]. [3482, 2207, 821, 1720, 898, 2593, 2586, 62]. o -invariants [1507]. -Label [306]. [167]. O(log log N) [1201, 1861]. O(n) [3543]. -Languages [1175]. -Matching [2291]. 1 2 -Metric [374]. -MKRP [1476]. -Nodes 1741, 1742, 3360, 654, 1162, 2016, 3065, 988, [167]. -Overlap [2312]. -Pairwise [2053]. 1407, 503, 743, 3337, 3430, 758, 1233, 739, -Paths [2700]. -Reductions [3560]. 2010, 627, 1453, 1458, 722, 638, 724, 2148]. -Round [2245]. -Sequences [106]. -sets Abstracted [1156]. Abstracting [1974]. -Strategies [3101]. -Structures [780, 2353, 1831, 2351, 1745, 2329]. [1733]. -Style [1227]. -Trees [1848, 1865]. Abstraction [728, 3169, 1164, 1330, 1304, 1653, 2104, 486, / [185]. 483, 3551, 3326, 503, 2890, 2320]. Abstractions 0/1 [3225]. 011 [1773]. 011-AC [1773]. [2795, 1633, 516, 1342, 1623, 2143]. 011-DC [1773]. abstractor [701]. AC [2374, 1455, 2372, 499, 1773]. 1 [182, 879, 982, 3504, 2822]. 1-k [335]. AC-superposition [1455]. AC-Unification 1-Reader [2822]. 1-Writer [2822]. 1.2 [2374, 2372]. AC-unifiers [1455]. [2031]. 120 [231]. 15 [1009]. Academic [32, 23]. Accelerated [2652]. Accelerating [838]. Acceleration [164]. 2 [950, 2656, 1356, 2406, 1360, 3027, 1294, Acceptance [359, 360, 3430]. Accepted 2355, 3253, 3517, 1606, 2398, 2713, 2617]. [2284]. Access 2-Adic [1294]. 2-class [3446]. 2-d [2739]. [568, 2926, 2525, 564, 3418, 1678, 2652, 490, 2-Optimal [2713]. 2-Structures 3415, 532, 2940, 549, 2905, 2649, 542, 1903]. [1356, 1360]. 200 [3518, 893]. 2DT [650]. Accesses [149]. Accessibility [2917]. Accessible [2924, 2917]. Accessing [2936]. 3 [485]. Accommodation [2933]. Accounting [2842]. Accumulators [116]. Accuracy 5 [3489, 118, 148, 2602, 965, 3518, 893, 910]. [846, 3528]. Accurate [1307, 1879, 3139]. 5/4 [2694]. 5/4-Approximation [2694]. 5/ Achieved [1000]. Achievement [1791]. CM [3484, 3521]. 5E [3484, 3521]. Achieving [2091, 2572]. Acquisition [3163, 597, 2986, 3159, 3158, 3165]. Across 6 [205]. 64 [1274]. 64-bit [1297]. 65 [572]. [670, 2348]. Act [1333, 1331]. Action [3330, 65-MHz [572]. 1959, 3087, 1910, 747, 178, 2956, 1994, 3357, 644, 643, 2359, 2010, 3257, 2140, 3263, 3242]. 802.12 [2397]. Action-Based [643]. Actions [2938, 1402, 2886, 3233]. Activation 90 [998, 1004]. 90D [152]. 90D/HPF [152]. [3018, 1580]. Activation-Oriented [3018]. 93 [1485]. Active [1680, 2768, 1035, 2298, 2852, 2769, 2851, 2770, 2771, 1577, 1054, 1037, 1057, = [1379]. 1144, 1108]. Activities [1663]. Activity [202]. Actor [1597, 394]. Actor-Based A-Codes [92]. Abduction [1597]. ACTRESS [644]. Acyclic [2190, 3299, 1928]. Abductive [2221, 651]. AD [3273]. Ada [9]. [1304, 1782, 2498, 1925]. abelian [3449]. Adaptable [2165]. Adaptation [3188, 2166, Ability [1592]. AbleProfessionals [2933]. 3080, 84, 3187, 3114, 3115, 2165, 3193]. Abnormality [2959]. Abstract [1182, 3046, Adaptations [2511]. Adapted [3429, 1116]. 655, 385, 387, 1780, 729, 3043, 2297, 3053, Adapting [978, 2969, 2897, 815, 548]. 3 Adaptive [340, 1573, 148, 2594, 1653, 2611, 1528, 3551, 2736, 3521, 1192, 698, 2146, 2142, 2593, 2006, 2554, 2178, 2392, 2609, 2592, 1458, 624]. Algebra-Based [845]. 1563, 3085, 3142, 532, 3176, 546, 3118, 1127]. Algebraic Adaptively [3141, 254, 253]. Add [1006]. [3059, 1941, 1898, 3486, 2490, 1725, 519, 632, Add-On [1006]. Added [2531]. Adder 315, 1526, 1891, 686, 2002, 2275, 2861, 1191, [2571]. Adding 1590, 3549, 1872, 72, 58, 403, 2761, 2762, [2202, 3366, 1767, 1552, 525, 660, 3379]. 1199, 727, 1442, 3038, 1170, 3531, 626, 3241, Additional [3294, 348, 3296]. Additive 622, 634, 3455, 639, 801, 640, 641, 3469]. [2269]. Address [1, 2600]. Adequacy Algebras [1829, 1151, 628]. adic [2640, 1294]. [2313, 793, 1378, 2130, 633, 638, 2132]. adjunctions [635]. Adjusting [2064]. ALGOL [2320]. ALGOL-like [2320]. Adjustment [74]. Admissible [1409]. Algorithm Admission [2398]. Admits [2017]. [229, 951, 3306, 2385, 2092, 3186, 1837, 1234, Admitting [2639]. ADMS [460]. Advance 1839, 1947, 3308, 3079, 2463, 504, 2990, 2714, [3179]. Advanced 2703, 2702, 3150, 676, 960, 1842, 3129, 2717, [779, 2515, 993, 2526, 2513, 564, 3102, 2811, 2087, 2063, 2644, 2654, 2973, 1728, 3075, 3501, 28, 2423, 57, 1374, 872, 803]. Advances 2689, 2439, 2031, 3147, 298, 1609, 3317, 606, [416, 2901, 1043]. Advantages [512, 1057]. 919, 587, 1649, 3151, 2042, 1644, 920, 355, Advection [3481]. Advection-Chemistry 1274, 687, 2050, 893, 790, 1538, 1582, 3543, [3481]. Adventure [17]. Adverbials [1922]. 1281, 3109, 2713, 1861, 2854, 309, 2701, 2633, Advice [2766, 1479]. ADVISE [2629]. AE 2831, 3328, 217, 3107, 2835, 2377, 1208, 839, [1424]. AEA [907]. Aeronautical [860]. 2716, 596, 1289, 3124, 2062, 3099, 458, 2699, Aerospace [937, 935, 936]. AF2 [1996]. 1865, 3448, 3451, 3461, 3248, 1139, 2117, 824, Affine 3462, 1070, 1110, 3456, 3464, 802, 2214]. [1126, 1715, 1867, 1881, 1872, 1049, 1117, Algorithmic 1080, 1116, 1067, 1084, 1069, 1047, 1037]. [1710, 78, 2885, 1374, 2687, 2040]. Affinity [157, 1587]. AFORIZM [3168]. Algorithms Aft [6]. After [1968]. Against [2601, 1835, 3558, 3104, 3136, 1237, 3548, 581, [1869, 253, 805, 254]. Agent 3106, 1573, 2698, 3092, 3137, 2064, 2875, 3080, [2791, 3159, 1956, 3439, 1957, 2100, 1593, 354, 2593, 3103, 1845, 2662, 1591, 2626, 1847, 1271, 1268, 1965, 3232, 3240]. Agent-Based 3500, 3542, 2690, 2688, 2689, 1198, 2712, 1848, [3159]. Agents 3078, 1704, 3508, 3133, 1852, 3083, 1257, 2634, [2522, 1964, 191, 3145, 1960, 2976, 2954, 1927]. 2027, 3082, 161, 2045, 892, 2033, 1200, 1615, AGG [403]. Aggregate [1662]. 353, 1242, 3146, 446, 2026, 1855, 2312, 2603, Aggregating [283]. Aggregation 2643, 2676, 3091, 250, 3450, 3521, 1858, 2888, [1330, 3423, 3387]. Aggregations [1958]. 3072, 3557, 3081, 331, 2995, 417, 3564, 2978, Agley [6]. Agreement [2832, 257]. 2727, 1592, 2683, 3144, 3073, 2721, 1377, 1969, Agricultural [2629]. AI [2415, 2896, 1315]. 2067, 3524, 882, 2169, 1219, 567, 3093, 2999, aid [3229]. Aided [57, 66, 58, 87, 90, 3234]. 2086, 2084, 3289, 1078, 1093, 825, 3225, 1509]. Aids [2902]. Air algorithms [3477, 1077]. Aliasing [3481, 3491, 2225, 454, 1660]. Aircraft [2569, 2506]. Align [159]. Alignment [855, 2804, 936]. Airline [2716]. AKL [1237, 1888, 1234, 1235, 154, 1241, 1240, 1135]. [1012]. Al [2937, 703]. ALF [1226]. Algebra Alignment-Distribution [154]. [1181, 1982, 1944, 1873, 3369, 845, 479, 498, Alignments [1236]. all-digital [803]. All/ 4 Nothing [113]. Allcache [1575]. Allegories Annealing [1387]. Allocation [513, 1759, 2828, 529, [1608, 3137, 2682, 2428, 3135, 3134, 898]. 2544, 986, 1607, 1963, 1588]. Allows [1243]. Annotated [2340]. Annotation [1933]. Almost [98]. ALOHA [822, 566]. Annotation-Based [1933]. Anomalies ALOHA-based [822]. Alpha [497, 1230]. [1762, 2825]. Anomalous [2959]. Alpha-Conversion [497, 1230]. Alphabet Anonymous [113]. Answer [305, 1026]. [1244]. Alphabet-Independent [1244]. Answering [1805, 3230, 1438]. Ant [1956]. Alphabetic [1708]. Alphabets [1250]. Antenna [534]. Anti [1788]. Anti-Links Altera [2437, 2468]. Altera-PLDs [2468]. [1788]. Anticipatory [3087]. Alternate [133, 134]. Alternating Antiprenexing [1775]. APIs [2525]. [136, 1712]. Alternation [2309, 1404, 323]. apparent [1039]. Appendix [2264]. Alternative [116, 1240, 41, 482, 2561, 21]. Applicability [2512, 581, 1430]. Alternatives [447]. Always [327]. Application Amalgamated [403]. ambiguities [1072]. [2993, 280, 368, 1669, 2378, 2653, 957, 2177, Ambiguity [371, 2854, 3223]. Ambiguous 2537, 2988, 1671, 3205, 1673, 2529, 1956, [3321]. America [2921]. among 2001, 1867, 2352, 269, 1687, 1807, 1393, 3095, [3546, 2709]. Amorphous [894]. Amount 2804, 2054, 1663, 2735, 3512, 3187, 975, 3146, [2091]. AMPHION [3244]. Amplifiers 1620, 1795, 1269, 1995, 1768, 990, 2983, 2716, [555, 546]. Amplitude [544]. analog [1070]. 933, 2194, 3001, 2028, 1428, 1489, 3216, 1040]. Analogical [2417, 603, 2151, 1312, 2152]. Applications Analogies [3300]. Analogue [95]. [3181, 3396, 3586, 3195, 570, 2668, 2759, Analogues [3513, 3076]. Analogy 1911, 994, 1658, 3196, 1670, 993, 2669, 958, [2167, 3300]. Analyser [2098]. Analyses 889, 2395, 921, 3559, 2630, 2235, 2555, 1689, [2869]. Analysing [2064, 1613]. Analysis 1935, 2588, 3272, 2797, 3334, 2516, 3585, [380, 2280, 2494, 2574, 2696, 1326, 3059, 2283, 2018, 965, 832, 576, 86, 394, 3398, 572, 265, 843, 421, 2759, 2847, 1761, 840, 655, 3335, 1745, 1322, 2394, 1880, 987, 3380, 2254, 2267, 912, 1790, 3069, 1985, 514, 296, 149, 562, 666, 3179, 969, 3590, 1347, 2743, 1009, 1119, 2375, 3102, 2501, 1211, 3054, 174, 173, 171, 3066, 532, 973, 902, 2787, 757, 1917, 2009, 3281, 3044, 36, 3393, 3067, 1732, 1596, 1721, 2178, 2014, 3172, 1659, 816, 1046, 3475]. Applied 3064, 3063, 2674, 2582, 1695, 84, 586, 1334, [2425, 2340, 3504, 892, 3519, 1407, 987, 936, 3055, 1242, 833, 88, 2675, 2568, 2850, 2764, 62, 3229, 1077]. Applying [206, 3145, 1596, 687, 2616, 3383, 1760, 2844, 501, 3048, 2592, 3348, 208, 1090, 3173, 3088, 1672, 2794].
Load more

Recommended publications
  • Integral Cryptanalysis on Full MISTY1⋆
    Integral Cryptanalysis on Full MISTY1? Yosuke Todo NTT Secure Platform Laboratories, Tokyo, Japan [email protected] Abstract. MISTY1 is a block cipher designed by Matsui in 1997. It was well evaluated and standardized by projects, such as CRYPTREC, ISO/IEC, and NESSIE. In this paper, we propose a key recovery attack on the full MISTY1, i.e., we show that 8-round MISTY1 with 5 FL layers does not have 128-bit security. Many attacks against MISTY1 have been proposed, but there is no attack against the full MISTY1. Therefore, our attack is the first cryptanalysis against the full MISTY1. We construct a new integral characteristic by using the propagation characteristic of the division property, which was proposed in 2015. We first improve the division property by optimizing a public S-box and then construct a 6-round integral characteristic on MISTY1. Finally, we recover the secret key of the full MISTY1 with 263:58 chosen plaintexts and 2121 time complexity. Moreover, if we can use 263:994 chosen plaintexts, the time complexity for our attack is reduced to 2107:9. Note that our cryptanalysis is a theoretical attack. Therefore, the practical use of MISTY1 will not be affected by our attack. Keywords: MISTY1, Integral attack, Division property 1 Introduction MISTY [Mat97] is a block cipher designed by Matsui in 1997 and is based on the theory of provable security [Nyb94,NK95] against differential attack [BS90] and linear attack [Mat93]. MISTY has a recursive structure, and the component function has a unique structure, the so-called MISTY structure [Mat96].
    [Show full text]
  • SAEB: a Lightweight Blockcipher-Based AEAD Mode of Operation
    SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation Yusuke Naito1, Mitsuru Matsui1, Takeshi Sugawara2 and Daisuke Suzuki1 1 Mitsubishi Electric Corporation, Japan {Naito.Yusuke@ce,Matsui.Mitsuru@ab,Suzuki.Daisuke@bx}.MitsubishiElectric.co.jp 2 The University of Electro-Communications, Japan [email protected] Abstract. Lightweight cryptography in computationally constrained devices is ac- tively studied. In contrast to advances of lightweight blockcipher in the last decade, lightweight mode of operation is seemingly not so mature, yet it has large impact in performance. Therefore, there is a great demand for lightweight mode of oper- ation, especially that for authenticated encryption with associated data (AEAD). Among many known properties of conventional modes of operation, the following four properties are essential for constrained devices: 1. Minimum State Size: the state size equals to a block size of a blockcipher. 2. Inverse Free: no need for a blockcipher decryption. 3. XOR Only: only XOR is needed in addition to a blockcipher encryption. 4. Online: a data block is processed only once. The properties 1 and 4 contribute to small memory usage, and the properties 2 and 3 contribute to small program/circuit footprint. On top of the above properties, the fifth property regarding associated data (AD) is also important for performance: 5. Efficient Handling of Static AD: static AD can be precomputed. We design a lightweight blockcipher-based AEAD mode of operation called SAEB: the first mode of operation that satisfies all the five properties to the best of our knowledge. Performance of SAEB is evaluated in various software and hardware platforms.
    [Show full text]
  • Improved Meet-In-The-Middle Distinguisher on Feistel Schemes
    Improved Meet-in-the-Middle Distinguisher on Feistel Schemes Li Lin1;2 and Wenling Wu1 1 Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China 2 Graduate University of Chinese Academy of Sciences, Beijing 100190, China flinli, [email protected] Abstract. Improved meet-in-the-middle cryptanalysis with efficient tab- ulation technique has been shown to be a very powerful form of crypt- analysis against SPN block ciphers. However, few literatures show the ef- fectiveness of this cryptanalysis against Balanced-Feistel-Networks (BFN) and Generalized-Feistel-Networks (GFN) ciphers due to the stagger of affected trail and special truncated differential trail. In this paper, we de- scribe a versatile and powerful algorithm for searching the best improved meet-in-the-middle distinguisher with efficient tabulation technique on word-oriented BFN and GFN block ciphers, which is based on recursion and greedy algorithm. To demonstrate the usefulness of our approach, we show key recovery attacks on 14/16-round CLEFIA-192/256 which are the best attacks. We also propose key recovery attacks on 13/15-round Camellia-192/256 (without F L=F L−1). Keywords: Block Ciphers, Improved Meet-in-the-Middle Attack, Effi- cient Tabulation Technique, Automatic Search Tool, Truncated Differ- ential Trail, CLEFIA, Camellia. 1 Introduction The meet-in-the-middle attack was first proposed by Diffie and Hellman to attack DES [7]. In recent years, it was widely researched due to its effectiveness against block cipher AES [4]. For AES, Gilbert and Minier showed in [10] a collision attack on 7-round AES.
    [Show full text]
  • Eurocrypt'2000 Conference Report
    Eurocrypt'2000 Conference Report May 15–18, 2000 Bruges Richard Graveman Telcordia Technologies Morristown, NJ USA [email protected] Welcome This was the nineteenth annual Eurocrypt conference. Thirty-nine out of 150 papers were accepted, and there were two invited talks along with the traditional rump session. About 480 participants from 39 countries were present. Bart Preneel was Program Chair. The Proceedings were published by Springer Verlag as Advances in Cryptology— Eurocrypt'98, Lecture Notes in Computer Science, Volume 1807, Bart Preneel, editor. Session 1: Factoring and Discrete Logarithm, Chair: Bart Preneel Factorization of a 512-bit RSA Modulus, Stefania Cavallar (CWI, The Netherlands), Bruce Dodson (Lehigh University, USA), Arjen K. Lenstra (Citibank, USA), Walter Lioen (CWI, The Netherlands), Peter L. Montgomery (Microsoft Research, USA and CWI, The Netherlands), Brian Murphy (The Australian National University, Australia), Herman te Riele (CWI, The Netherlands), Karen Aardal (Utrecht University, The Netherlands), Jeff Gilchrist (Entrust Technologies Ltd., Canada), Gérard Guillerm (École Polytechnique, France), Paul Leyland (Microsoft Research Ltd., UK), Joël Marchand (École Polytechnique/CNRS, France), François Morain (École Polytechnique, France), Alec Muffett (Sun Microsystems, UK), Chris and Craig Putnam (USA), Paul Zimmermann (Inria Lorraine and Loria, France) The authors factored the RSA challenge number RSA-512 with the general number field sieve (NFS). The algorithm has four steps: polynomial selection, sieving, linear algebra, and square root extraction. For N known to be composite, two irreducible polynomials with a common root mod N are needed. f1 (of degree 5 in this case) should have many roots modulo small primes as well as being as small as possible.
    [Show full text]
  • Specification of Camellia | a 128-Bit Block Cipher
    Sp eci cation of C amel l ia | a 128-bit Blo ck Cipher y z y Kazumaro AOKI , Tetsuya ICHIKAWA , Masayuki KANDA , z y z z Mitsuru MATSUI , Shiho MORIAI , Junko NAKAJIMA , Toshio TOKITA y z Nipp on Telegraph and Telephone Corp oration, Mitsubishi Electric Corp oration Version 1.0: July 12, 2000 Version 2.0: September 26, 2001 Contents 1 Intro duction 3 2 Notations and Conventions 3 2.1 Radix . 3 2.2 Notations . 3 2.3 List of Symbols . 3 2.4 Bit/Byte Ordering . 3 3 Structure of C amel l ia 5 3.1 List of Functions and Variables . 5 3.2 Encryption Pro cedure . 5 3.2.1 128-bit key . 5 3.2.2 192-bit and 256-bit key . 6 3.3 Decryption Pro cedure . 6 3.3.1 128-bit key . 6 3.3.2 192-bit and 256-bit key . 7 3.4 Key Schedule . 8 4 Comp onents of C amel l ia 10 4.1 F -function . 10 4.2 FL-function . 10 1 4.3 FL -function . 10 4.4 S -function . 10 4.5 s-b oxes . 11 4.6 P -function . 15 A Figures of the Camellia Algorithm 16 B Test Data 22 1 Copyright NTT and Mitsubishi Electric Corp oration 2000-2001 2 C Software Implementation Techniques 22 C.1 Setup . 22 C.1.1 Store All Subkeys . 22 C.1.2 Subkey Generation Order . 23 C.1.3 XOR Cancellation Prop erty in Key Schedule . 23 C.1.4 Rotation Bits for K , K , K ,andK .
    [Show full text]
  • Caltech/Mit Voting Technology Project
    CALTECH/MIT VOTING TECHNOLOGY PROJECT A multi-disciplinary, collaborative project of the California Institute of Technology – Pasadena, California 91125 and the Massachusetts Institute of Technology – Cambridge, Massachusetts 02139 ADVANCES IN CRYPTOGRAPHIC VOTING SYSTEMS BEN ADIDA MIT Key words: voting systems, cryptographic, election administration, secret- ballot elections VTP WORKING PAPER #51 September 2006 Advances in Cryptographic Voting Systems by Ben Adida Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY August 2006 c Massachusetts Institute of Technology 2006. All rights reserved. Author . .................................................................. Department of Electrical Engineering and Computer Science August 31st, 2006 Certified by . ............................................................. Ronald L. Rivest Viterbi Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by . ............................................................ Arthur C. Smith Chairman, Department Committee on Graduate Students 2 Advances in Cryptographic Voting Systems by Ben Adida Submitted to the Department of Electrical Engineering and Computer Science on August 31st, 2006, in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Abstract Democracy depends on the proper administration of popular
    [Show full text]
  • Lecture Notes in Computer Science 2355 Edited by G
    Lecture Notes in Computer Science 2355 Edited by G. Goos, J. Hartmanis, and J. van Leeuwen 3 Berlin Heidelberg New York Barcelona Hong Kong London Milan Paris Tokyo Mitsuru Matsui (Ed.) Fast Software Encryption 8th International Workshop, FSE 2001 Yokohama, Japan, April 2-4, 2001 Revised Papers 13 Series Editors Gerhard Goos, Karlsruhe University, Germany Juris Hartmanis, Cornell University, NY, USA Jan van Leeuwen, Utrecht University, The Netherlands Volume Editor Mitsuru Matsui Mitsubishi Electric Corporation 5-1-1 Ofuna Kamakura Kanagawa, 247-8501, Japan E-mail: [email protected] Cataloging-in-Publication Data applied for Die Deutsche Bibliothek - CIP-Einheitsaufnahme Fast software encryption : 8th international workshop ; proceedings / FSE 2001, Yokohama, Japan, April2-4,2001. Mitsuru Matsui (ed.). - Berlin ; Heidelberg ; New York ; Barcelona ; Hong Kong ; London ; Milan ; Paris ; Tokyo : Springer, 2002 (Lecture notes in computer science ; Vol. 2355) ISBN 3-540-43869-6 CR Subject Classification (1998): E.3, F.2.1, E.4, G.4 ISSN 0302-9743 ISBN 3-540-43869-6 Springer-Verlag Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are liable for prosecution under the German Copyright Law.
    [Show full text]
  • Security of Cryptosystems Against Power-Analysis Attacks
    Thales Communications & Security École Normale Supérieure Laboratoire Chiffre Équipe Crypto École doctorale Sciences Mathématiques de Paris Centre – ED 386 Spécialité : Informatique Thèse de doctorat Security of Cryptosystems Against Power-Analysis Attacks Spécialité : Informatique présentée et soutenue publiquement le 22 octobre 2015 par Sonia Belaïd pour obtenir le grade de Docteur de l’École normale supérieure devant le jury composé de Directeurs de thèse : Michel Abdalla (CNRS et École normale supérieure) Pierre-Alain Fouque (Université de Rennes 1 et Institut universitaire de France) Rapporteurs : Louis Goubin (Université de Versailles Saint-Quentin en Yvelines) Elisabeth Oswald (University of Bristol, Royaume-Uni) Examinateurs : Gilles Barthe (IMDEA Software, Espagne) Pascal Paillier (CryptoExperts) Emmanuel Prouff (ANSSI) François-Xavier Standaert (Université catholique de Louvain-la-Neuve, Belgique) Invités : Éric Garrido (Thales Communications & Security) Mehdi Tibouchi (NTT Secure Platform Lab, Japon) Remerciements Je présente en premier lieu mes sincères remerciements à mes deux directeurs de thèse Michel Abdalla et Pierre-Alain Fouque. Je les remercie sincèrement de m’avoir donné l’opportunité de réaliser cette thèse à l’ENS en parallèle de mon travail chez Thales et de m’avoir guidée tout au long de ces trois ans. Je les remercie pour leurs idées précieuses, leurs enseignements, leurs encouragements, et la liberté qu’ils m’ont octroyée dans mon travail de recherche. Je tiens ensuite à remercier Éric Garrido qui m’a accueillie au sein du laboratoire Crypto de Thales Communications & Security. Il m’a accordé sa confiance en me confiant un poste d’ingénieur mais a également fait tout son possible pour m’accorder le temps nécessaire à mon projet de thèse.
    [Show full text]
  • 3GPP KASUMI Evaluation Report
    3GPP KASUMI Evaluation Report Public Report 3rd Generation Partnership Project; Security Algorithms Group of Experts (SAGE); Report on the Evaluation of 3GPP Standard Confidentiality and Integrity Algorithms (SAGE version 2.0) The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented. This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners’ Publications Offices. SAGE version 2.0 2 3GPP KASUMI Evaluation Report Keywords 3GPP, algorithm, KASUMI 3GPP Postal address 3GPP support office address 650 Route des Lucioles - Sophia Antipolis Valbonne - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Internet http://www.3gpp.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. © 2001, 3GPP Organizational Partners (ARIB, CWTS, ETSI, T1, TTA, TTC). All rights reserved. 3GPP SAGE version 2.0 3 3GPP KASUMI Evaluation Report Contents Foreword...........................................................................................................................................................
    [Show full text]
  • Cache Timing Attacks on Camellia Block Cipher∗
    Cache Timing Attacks on Camellia Block Cipher∗ ZHAO Xin-jie, WANG Tao, ZHENG Yuan-yuan (Department of Computer Engineering, Ordnance Engineering College, Shijiazhuang 050003, China) [email protected] Abstract: Camellia, as the final winner of 128-bit block cipher in NESSIE, is the most secure block cipher of the world. In 2003, Tsunoo proposed a Cache Attack using a timing of CPU cache, successfully recovered Camellia-128 key within 228 plaintexts and 35 minutes. In 2004, IKEDA YOSHITAKA made some further improvements on Tsunoo’s attacks, recovered Camellia-128 key within 221.4 plaintexts and 22 minutes. All of their attacks are belonged to timing driven Cache attacks, our research shows that, due to its frequent S-box lookup operations, Camellia is also quite vulnerable to access driven Cache timing attacks, and it is much more effective than timing driven Cache attacks. Firstly, we provide a general analysis model for symmetric ciphers using S-box based on access driven Cache timing attacks, point out that the F function of the Camellia can leak information about the result of encryption key XORed with expand-key, and the left circular rotating operation of the key schedule in Camellia has serious designing problem. Next, we present several attacks on Camellia-128/192/256 with and without FL/FL-1. Experiment results demonstrate: 500 random plaintexts are enough to recover full Camellia-128 key; 900 random plaintexts are enough to recover full Camellia-192/256 key; also, our attacks can be expanded to known ciphertext conditions by attacking the Camellia decryption procedure; besides, our attacks are quite easy to be expanded to remote scenarios, 3000 random plaintexts are enough to recover full encryption key of Camellia-128/192/256 in both local and campus networks.
    [Show full text]
  • A 270 Attack on the Full MISTY1
    A 270 Attack on the Full MISTY1 Achiya Bar-On1? 1 Department of Mathematics Bar Ilan University Ramat Gan, 52900, Israel [email protected] Abstract. MISTY1 is a block cipher designed by Matsui in 1997. It is widely deployed in Japan, and is recognized internationally as a Euro- pean NESSIE-recommended cipher and an ISO standard. After almost 20 years of unsuccessful cryptanalytic attempts, a first attack on the full MISTY1 was presented at CRYPTO 2015 by Todo. The attack, using a new technique called division property, requires almost the full codebook and has time complexity of 2107:3 encryptions. In this paper we present a new attack on the full MISTY1. It is based on a modified variant of Todo's division property, along with a variety of refined key-recovery techniques. Our attack requires the full codebook, but allows to retrieve 49 bits of the secret key in time complexity of only 264 encryptions, and the full key in time complexity of 269:5 encryptions. While our attack is clearly impractical due to its large data complexity, it shows that MISTY1 provides security of only 270 | significantly less than what was considered before. 1 Introduction MISTY1 [10] is a 64-bit block cipher with 128-bit keys designed in 1997 by Matsui. In 2002, MISTY1 was selected by the Japanese government to be one of the e-government candidate recommended cipher, and since then, it became widely deployed in Japan. MISTY1 also gained recognition outside Japan, when it was selected to the portfolio of European NESSIE-recommended ciphers, and approved as an ISO standard in 2005.
    [Show full text]
  • Algebraic Cryptanalysis of Deterministic Symmetric Encryption
    Algebraic Cryptanalysis of Deterministic Symmetric Encryption THÈSE NO 6651 (2015) PRÉSENTÉE LE 28 AOÛT 2015 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SÉCURITÉ ET DE CRYPTOGRAPHIE PROGRAMME DOCTORAL EN INFORMATIQUE ET COMMUNICATIONS ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Petr SUŠIL acceptée sur proposition du jury: Prof. M. Pauly, président du jury Prof. S. Vaudenay, directeur de thèse Prof. J. Ding, rapporteur Prof. N. Courtois, rapporteur Prof. A. Lenstra, rapporteur Suisse 2015 To my parents Aleš and Lenka III Abstract Deterministic symmetric encryption is widely used in many cryptographic applications. The security of deterministic block and stream ciphers is evaluated using cryptanaly- sis. Cryptanalysis is divided into two main categories: statistical cryptanalysis and algebraic cryptanalysis. Statistical cryptanalysis is a powerful tool for evaluating the security but it often requires a large number of plaintext/ciphertext pairs which is not always available in real life scenario. Algebraic cryptanalysis requires a smaller number of plaintext/ciphertext pairs but the attacks are often underestimated compared to statis- tical methods. In algebraic cryptanalysis, we consider a polynomial system representing the cipher and a solution of this system reveals the secret key used in the encryption. The contribution of this thesis is twofold. Firstly, we evaluate the performance of existing algebraic techniques with respect to number of plaintext/ciphertext pairs and their selection. We introduce a new strategy for selection of samples. We build this strategy based on cube attacks, which is a well- known technique in algebraic cryptanalysis. We use cube attacks as a fast heuristic to determine sets of plaintexts for which standard algebraic methods, such as Gröbner ba- sis techniques or SAT solvers, are more efficient.
    [Show full text]