References ABA95 American Bar Association: Digital Signature Guidelines; Information Security Commit- tee, Science and Technology Section, American Bar Association, Draft, Oct. 5, 1995. ABEP90 Mireille Antonie, Jean-Francois Brakeland, Marc Eloy, Yves Poullet: Legal require- ments facing new signature technologies; Eurocrypt '89,. LNCS 434, Springer-Verlag, Berlin 1990, 273-287. AbTu91 Martin Abadi, Mark R. Tuttle: A Semantics for a Logic of Authentication; 10th Symposium on Principles of Distributed Computing (PoDC), 1991, ACM, New York 1991, 201-216. AdHu87 Leonard M. Adleman, Mind-Deh A. Huang: Recognizing Primes In Random Polyno- mial Time; 19th Symposium on Theory of Computing (STOC) 1987, ACM, New York 1987, 462-469. AdPR83 Leonard M. Adleman, Carl Pomerance, R. S. Rumely: On distinguishing prime numbers from composite numbers; Annals of Mathematic 117 (1983) 173-206. AGLL95 Derek Atkins, Michael Graft, Arjen K. Lenstra, Paul C. Leyland: The Magic Words are Squeamish Ossifrage; Asiacrypt '94, LNCS 917, Springer-Verlag, Berlin 1995, 263-277. Ak182 Selim G. Akl: Digital Signature with Blindfolded Arbitrators who cannot form Alliances; 1982 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 129-135. Ande94 Ross J. Anderson: Why Cryptosystems Fail; Communications of the ACM 37/11 (1994) 32-40. AnLe81 Tom Anderson, Pete A. Lee: Fault Tolerance -- Principles and Practice; Prentice Hall, Englewood Cliffs, New Jersey, 1981. ABma89 Ralf ABmann: Assembler-Implementierung von modularer Langzahlarithmetik; Studien- arbeit, Institut ftir Rechnerentwurf und Fehlertoleranz, Universi~t Karlsruhe 1989. Bach88 Eric Bach: How to generate factored random numbers; SIAM Journal on Computing 17/2 (1988) 179-193. BaDG88 Jos6 Luis Balc~izar, Josep Diaz, Joaquim Gabarr6: Structural Complexity I; EATCS Monographs on Theoretical Computer Science 11, Springer-Verlag, Berlin 1988. Bale93 D. Balenson: Privacy Enhancement for Internet Electronic Mail, Part III: Algorithms, Modes, and Identifiers; Internet RFC 1423, TIS, Feb. 1993. BCDP91 Joan Boyar, David Chaum, Ivan Damg~rd, Torben Pedersen: Convertible Undeniable Signatures; Crypto '90, LNCS 537, Springer-Verlag, Berlin 1991, 189-205. BDPW90 Mike V. D. Burmester, Yvo Desmedt, Fred Piper, Michael Walker: A general zero- knowledge scheme; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 122-133. Beav90 Donald Beaver: Security, Fault Tolerance, and Communication Complexity in Distributed Systems; Ph.D. Thesis, Division of Applied Sciences, Harvard University, Cambridge, Massachusetts, May 1990. Beav91 Donald Beaver: Secure Multiparty Protocols and Zero Knowledge Proof Systems Tolerating a Faulty Minority; Journal of Cryptology 4/2 (1991) 75-122. Beav95 Donald Beaver: Factoring: The DNA Solution; Asiacrypt '94, LNCS 917, Springer- Verlag, Berlin 1995, 419-423. BeGG94 Mihir Bellare, Oded Goldreich, Shaft Goldwasser: Incremental cryptography: the case of hashing and signing; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 216-233. BeGG95 Mihir Bellare, Oded Goldreich, Shaft Goldwasser: Incremental Cryptography and Appli- cation to Virus Protection; 27th Symposium on Theory of Computing (STOC) 1995, ACM, New York 1995, 45-56. BeGo90 Mihir Bellare, Shaft Goldwasser: New Paradigms for Digital Signatures and Message Authentication Based on Non-interactive Zero-knowledge Proofs; Crypto '89, LNCS 435, Springer-Verlag, Heidelberg 1990, 194-211. 372 References BeGo93 Mihir Bellare, Oded Goldreich: On Defining Proofs of Knowledge; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 390-420. BeGW88 Michael Ben-Or, Shaft Goldwasser, Avi Wigderson: Completeness theorems for non-cryptographic fault-tolerant distributed computation; 20th Symposium on Theory of Computing (STOC) 1988, ACM, New York 1988, 1-10. BeMa94 Josh Benaloh, Michael de Mare: One-Way Accumulators: A Decentralized Alternative to Digital Signatures; Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 274-285. BeMi88 Mihir Bellare, Silvio Micali: How to sign given any trapdoor function; 20th Sympo- sium on Theory of Computing (STOC) 1988, ACM, New York 1988, 32-42. BeMi92 Mihir Bellare, Silvio Micali: How to Sign Given Any Trapdoor Permutation; Journal of the ACM 39/1 (1992) 214-233. Bena87 Josh Cohen Benaloh: Verifiable Secret-Ballot Elections; Ph.D. Thesis, Yale Univer- sity, Sept. 1987. BtQu95 Philippe Btguin, Jean-Jasques Quisquater: Fast Server-Aided RSA Signatures Secure Against Active Attacks; Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 57-69. BeRo93 Mihir Bellare, Phillip Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols; 1st Conference on Computer and Communications Security, 1993, ACM, New York 1993, 62-73. BeRo94 Mihir Bellare, Phillip Rogaway: Entity Authentication and Key Distribution; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 232-249. BeVa93 Ethan Bernstein, Umesh Vazirani: Quantum Complexity Theory; 25th Symposium on Theory of Computing (STOC) 1993, ACM, New York 1993, 11-20. BeYu93 Mihir Bellare, Moti Yung: Certifying Cryptographic Tools: The Case of Trapdoor Permutations; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 442-460. BGB86 BGB Biirgerliches Gesetzbuch; (29. ed) dtv-Band 5001 (Beck-Texte), Deutscher Taschenbuch Verlag, MiJnchen 1986. BGMW93 Ernest Brickell, Daniel M. Gordon, Kevin S. McCurley, David B. Wilson: Fast expo- nentiation with precomputation; Eurocrypt '92, LNCS 658, Springer-Verlag, Berlin 1993, 200-207. BiBT94 Ingrid Biehl, Johannes Buchmann, Christoph Thiel: Cryptographic protocols based on discrete logarithms in real-quadratic orders; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 56-60. BiSh93 Eli Biham, Adi Shamir: Differential Cryptanalysis of the Data Encryption Standard; Springer-Verlag, New York 1993. Bisk93 Joachim Biskup: Sicherheit von IT-Systemen als "sogar wenn - sonst nichts - Eigenschaft"; Verl~iBliche Informationssysteme (VIS '93), DuD Fachbeitr~ige 16, Vieweg, Wiesbaden 1993, 239-254. BJKS94 Jiirgen Bierbrauer, Thomas Johansson, Gregory Kabatianskii, Ben Smeets: On Families of Hash Functions via Geometric Codes and Concatenation; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 331-342. Blak79 G. R. Blakley: Safeguarding cryptographic keys; AFIPS Conference Proceedings Vol. 48, National Computer Conference (NCC) 1979, 313-317. Bleu90 Gerrit Bleumer: Vertrauenswiirdige Schliissel fiar ein Signatursystem, dessen Brechen beweisbar ist; Studienarbeit, Institut fiir Rechnerentwurf und Fehlertoleranz, Universit~it Karlsruhe 1990. BIFM88 Manuel Blum, Paul Feldman, Silvio Micali: Non-interactive zero-knowledge and its applications; 20th Symposium on Theory of Computing (STOC) 1988, ACM, New York 1988, 103-112. BIMa94 Daniel Bleichenbacher, Ueli M. Maurer: Directed acyclic graphs, one-way functions and digital signatures; Crypto '94, LNCS 839, Springer-Verlag, Berlin 1994, 75-82. BIMi84 Manuel Blum, Silvio Micali: How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits; SIAM Journal on Computing 13/4 (1984) 850-864. References 373 BIPW91 Gerrit Bleumer, Birgit Pfitzmann, Michael Waidner: A remark on a signature scheme where forgery can be proved; Eurocrypt '90, LNCS 473, Springer-Vedag, Berlin 1991, 441-445. Blum82 Manuel Blum: Coin Flipping by Telephone -- A Protocol for Solving Impossible Problems; compcon spring 1982, 133-137. BoCh93 Jurjen Bos, David Chaum: Provably Unforgeable Signatures; Crypto '92, LNCS 740, Springer-Verlag, Berlin 1993, 1-14. BoCo90 Jurjen Bos, Matthijs Coster: Addition chain heuristics; Crypto '89, LNCS 435, Springer-Verlag, Heidelberg 1990, 400-407. BoCP88 Jurjen Bos, David Chaum, George Purdy: A Voting Scheme; unpublished manuscript, presented at the rump session of Crypto '88. BoFL91 Joan Boyar, Katalin Friedl, Carsten Lund: Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies; Journal of Cryptology 4/3 (1991) 185-206. BoKK90 Joan F. Boyar, Stuart A. Kurtz, Mark W. Krentel: A Discrete Logarithm Implementa- tion of Perfect Zero-Knowledge Blobs; Journal of Cryptology 2/2 (1990) 63-76. BoLi95 Dan Boneh, Richard J. Lipton: Quantum Cryptanalysis of Hidden Linear Functions; Crypto '95, LNCS 963, Springer-Verlag, Berlin 1995, 424-437. Bos92 Jurjen Bos: Practical Privacy; Proefschrift (Ph.D. Thesis), Technische Universiteit Eindhoven 1992. Boyd86 Colin Boyd: Digital Multisignatures; IMA Conference on Coding and Cryptography, Cirencester 1986, proceedings published 1989. Bran93 Stefan Brands: An Efficient Off-line Electronic Cash System Based On The Represen- tation Problem; Centrum voor Wiskunde en Informatica (CWI), Report CS-R9323, Amsterdam 1993. Bran94 Stefan Brands: Untraceable Off-line Cash in Wallet with Observers; Crypto '93, LNCS 773, Springer-Verlag, Bedin 1994, 302-318. Bran95 Stefan Brands: Restrictive Blinding of Secret-Key Certificates; Eurocrypt '95, LNCS 921, Springer-Verlag, Berlin 1995, 231-247. Bras88 Gilles Brassard: Modern Cryptology -- A Tutorial; LNCS 325, Springer-Verlag, Berlin 1988. Bras90 Gilles Brassard: How to improve signature schemes; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 16-22. BrCC88 Gilles Brassard, David Chaum, Claude Cr6peau: Minimum Disclosure Proofs of Knowledge; Journal of Computer and System Sciences 37 (1988) 156-189. BrCh94 Stefan Brands, David Chaum: Distance-Bounding Protocols; Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 344-359. BrCr90 Gilles Brassard, Claude Cr6peau: Sorting out zero-knowledge; Eurocrypt '89, LNCS 434, Springer-Verlag, Berlin 1990, 181-191. BrDL93 JCrgen Brandt,