Encryption [CiteSeer; NEC Research Institute; Steve Lawrence, Kurt Bollacker, Lee Giles]

Home Top: Security: Encryption [Access Control Encryption Information Warfare Intellectual Property Protection Intrusion Detection]

Change ordering: Authority Hubs (tutorials) Date Expected authority Show titles only
Reverse date order

This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.

Selecting Cryptographic Key Sizes - Lenstra, Verheul (2001) (Correct)
In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both over finite fields and over groups of ellip... / by the recently broken Data Encryption Standard and thereby br Often both the message and its encryption consist of a whole number of

Chapter 5. Propagation and Correlation. Annex to AES Proposal Rijndael - Daemen (2001) (Correct)
Introduction In this chapter we treat difference propagation and input-output correlation in Boolean mappings and iterated Boolean transformations. Difference propagation is specifically exploited in... / state machines. . The Data Encryption Standard The cipher that was br to be discussed is the Data Encryption Standard DES Fi

Lattice Reduction in Cryptology: An Update - Nguyen, Stern (2000) (Correct)
Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography. The goal of lattice reduction is to find useful representa... / some of those schemes offered encryption decryption rates asymptotically br and can attain very high encryption decryption rates. But basically

Security Protocols and their Properties - Abadi (2000) (Correct)
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper discusses those specifications, emphasizing authenticity a... / and the other is used for encryptions and for signature br The braces represent the encryption operation in this case using a

ACE: The Advanced Cryptographic Engine - Schweinberger, Shoup (2000) (Correct)
This document describes the Advanced Cryptographic Engine (ACE). It specifies a public key encryption scheme as well as a digital signature scheme with enough detail to ensure interoperability between... / It speci es a public key encryption scheme as well as a digital br . . Secure public key encryption .

Open Issues in Formal Methods for Cryptographic Protocol Analysis - Meadows (2000) (Correct)
The history of the application of formal methods to cryptographic protocol analysis spans nearly twenty years, and recently has been showing signs of new maturity and consolidation. A number of specia... / algebraic properties e.g. the encryption and decryption operations cancel br digital signatures public key encryption and conventional encryption

Fine-Grain Configurability for Secure Communication - Hiltunen, Jaiprakash, Schlichting.. (2000) (Correct)
Current solutions for providing communication security in network applications allow customization of certain security attributes and techniques, but in limited ways and without the benefit of a sin... / a message with multiple encryption methods alternating encryption br encryption methods alternating encryption methods or other methods that

Reconciling Two Views of Cryptography (The Computational Soundness of .. - Abadi, Rogaway (2000) (Correct)
Two distinct, rigorous views of cryptography have developed over the years, in two mostly separate communities. One of the views relies on a simple but effective formal approach; the other, on a det... / Computational Soundness of Formal Encryption Mart'in Abadi Bell Labs br for a formal treatment of encryption. Contents Two Views of

Interpreting Strands in Linear Logic - Cervesato, Durgin, Kanovich, Scedrov (2000) (Correct)
The adoption of the Dolev-Yao model, an abstraction of security protocols that supports symbolic reasoning, is responsible for many successes in protocol analysis. In particular, it has enabled using ... / not sequences of bits and encryption is modeled in an idealized way. br to public information and E encryption A detailed discussion of

Mix and Match: Secure Function Evaluation via Ciphertexts (Extended.. - Jakobsson, Juels (2000) (Correct)
We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instea... / In their scheme the underlying encryption scheme is a special variant of br the basis for our constructions. Encryption in the El Gamal cipher takes

Computing Functions Of A Shared Secret - Beimel, Burmester, Desmedt.. (2000) (Correct)
In this work we introduce and study threshold (t-out-of-n) secret sharing schemes for families of functions F . Such schemes allow any set of at least t parties to compute privately the value f(s) o... / sharing is viewed as a form of encryption and the security is

Self-certifying File System - Mazieres (2000) (Correct)
No secure network file system has ever grown to span the Internet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the Internet, any particular... / management to map file names to encryption keys SFS file names br of a subsequent compromise The encryption keys for these channels cannot

Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software.. - Collberg, Thomborson (2000) (Correct)
We identify three types of attack on the intellectual property contained in software, and three corresponding technical defenses. A potent defense against reverse engineering is obfuscation, a process... / by their very nature contain encryption keys or other secret

Provably Secure Password-Authenticated Key Exchange Using.. - Boyko, MacKenzie, Patel (2000) (Correct)
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked t... / including Optimal Asymmetric Encryption Padding OAEP It would br semantic security of the ElGamal encryption scheme See Boneh for

Draft material for Edition 3 of Distributed Systems - Concepts and.. - Coulouris (2000) (Correct)
Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Case studies Draft material for Edition 3 of Distributed Systems -- Concepts and Design ... / we note that the DES standard encryption algorithm was initially a br of much stronger secret-key encryption algorithms. Another useful

Secure Group Communication in Asynchronous Networks with Failures.. - Yair Amir (2000) (Correct)
Increasing popularity and diversity of collaborative applications prompts the need for highly secure and reliable communication platforms for dynamic peer groups. Security mechanisms for such groups t... / greater than that of conventional encryption public key encryption can be br encryption public key encryption can be used to secure

Authentication primitives and their compilation - Abadi, Fournet, Gonthier (2000) (Correct)
Adopting a programming-language perspective, we study the problem of implementing authentication in a distributed system. We define a process calculus with constructs for authentication and show how t... / digital signatures and encryption From the perspective of br a x y names j fug v encryption BitString j u v

A Method for Automatic Cryptographic Protocol Verification - Goubault-Larrecq (2000) (Correct)
We present an automatic, terminating method for verifying confidentiality properties, and to a lesser extent freshness properties of cryptographic protocols. It is based on a safe abstract interpr... / algorithmic techniques including encryption and decryption algorithms of br For example the RSA publickey encryption algorithm is prone to

Secure Coprocessor Integration with Kerberos V5 - Itoi (2000) (Correct)
The nightmare of Trusted Third Party (T3P) based protocol users is compromise of the T3P. Because the compromised T3P can read and modify any user information, the entire user group becomes vulnerab... / security software e.g.poor encryption of shelllock and Password br in Figure . Note that all the encryption and decryption is done in the

Magic Functions - Dwork, Naor, Reingold, Stockmeyer (2000) (Correct)
We prove that three apparently unrelated fundamental problems in distributed computing, cryptography, and complexity theory, are essentially the same problem. These three problems and brief descript... / setting processors use encryption to hide information from an br except that instead of seeing encryptions of plaintexts the adversary is

Taming the Adversary - Abadi (2000) (Correct)
While there is a great deal of sophistication in modern cryptology, simple (and simplistic) explanations of cryptography remain useful and perhaps necessary. Many of the explanations are informal; oth... / example that decryption can undo encryption. This property is easy to br particular a formal treatment of encryption is sound with respect to a

Lightweight Failure Detection in Secure Group Communication - McDaniel, Prakash (2000) (Correct)
The secure and efficient detection of process failures is an essential requirement of many distributed systems. In this paper, we present the design and analysis of a mechanism used for the detection... / of failed process requires the encryption and transmission of a periodic br A k kg Because encryption is only required when creating

Extended Notions of Security for Multicast Public Key Cryptosystems - Baudron, Pointcheval, Stern (2000) (Correct)
In this paper we introduce two notions of security: multiuser indistinguishability and multi-user non-malleability. We believe that they encompass the correct requirements for public key encryption ... / requirements for public key encryption schemes in the context of br setting. Key words. Multicast encryption semantic security

The Case for RC6 as the AES - Rivest, Robshaw, Yin (2000) (Correct)
this document. The more wehavelooked at recent controversial issues, the more wehave found to question. Much is riding on the success of the AES. After such a long time and such an enormous e#ort, sou... / double the number of rounds of encryption per block this would incur a br speed of key setup versus encryption and the length of the message to

Detecting Intrusions in Security Protocols - Yasinsac (2000) (Correct)
Secure electronic communication relies on the application of cryptography. However, even with perfect encryption, communication may be compromised without effective security protocols for key exchange... / However even with perfect encryption communication may be br stronghold of reliance on link encryption fielded their Electronic Key

MVSS: Multi-View Storage System - Ma, Reddy (2000) (Correct)
MVSS is a storage system that oers a single framework for supporting a wide range of proposed new services. MVSS proposes to provide a exible interface for associating services to a le through mul... / and how various services such as encryption networkattachment and br past and enhancements such as encryption are being proposed. b

One-Round Secure Computation and Secure Autonomous Mobile Agents.. - Cachin, Camenisch, Kilian, M�ller (2000) (Correct)
This paper investigates one-round secure computation between two distrusting parties: Alice and Bob each have private inputs to a common function, but only Alice, acting as the receiver, is to learn t... / where Alice sends to Bob an encryption of x Bob computes f on br later on. Homomorphic Encryption and Computing with Encrypted

On Certain Exponential Sums And The Distribution Of Diffie-Hellman.. - Canetti, Friedlander, Shparlinski (2000) (Correct)
Let g be a primitive root modulo a prime p. We prove that the triples (g x , g y , g xy ), x, y = 1, . . . , p-1, are uniformly distributed modulo p in the sense of H. Weyl. This result is base... / number generators and secure encryption functions this latter br the popular El-Gamal encryption scheme In fact it is not

Customization of Component-based Object Request Brokers Through.. - Truyen, Jørgensen, Joosen (2000) (Correct)
The success of distributed object technology, depends on the advent of Object Request Broker (ORB) architectures that are able to integrate flexible support for various nonfunctional requirements s... / in secure transactions require encryption of remote method invocations br sent over the network. However encryption is not required for remote

Kronos: A Scalable Group Re-Keying Approach for Secure Multicast - Setia, Koussih, Jajodia (2000) (Correct)
In this paper, we describe a novel approach to scalable group re-keying for secure multicast. Our approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate... / generates the same traffic encryption key at fixed intervals and br a single group-wide traffic encryption key the sub-group manager is no

Composition and Integrity Preservation of Secure Reactive Systems - Pfitzmann, Waidner (2000) (Correct)
We consider compositional properties of reactive systems that are secure in a cryptographic sense. We follow the well-known simulatability approach, i.e., the specification is an ideal system and a re... / concentrated on primitives like encryption and signature schemes or br pair of a participant X Two encryptions of a message m from a basic

Cryptanalytic Progress: Lessons for AES - Kelsey, Ferguson, Schneier, Stay (2000) (Correct)
this paper, we review cryptanalytic progress against three well-regarded block ciphers and discuss the development of new cryptanalytic tools against these ciphers over time. This review illustrates h... / IDEA and Khufu Fast Software Encryption th International Workshop br Cryptanalysis of the NBS Data Encryption Standard Computer v. n.

The Twofish Team's Final Comments on AES Selection - Schneier, Kelsey, Whiting, Wagner.. (2000) (Correct)
Introduction In 1996, the National Institute of Standards and Technology initiated a program to choose an Advanced Encryption Standard (AES) to replace DES [NIST97a]. In 1997, after soliciting public... / a program to choose an Advanced Encryption Standard AES to replace DES br process NIST requested proposed encryption algorithms from the

Exposure-Resilient Functions and All-Or-Nothing Transforms - Canetti, Dodis, Halevi, Kushilevitz, .. (2000) (Correct)
In this work, we study the problem of partial key exposure. Standard cryptographic definitions and constructions do not guarantee any security even if a tiny fraction of the secret key is compromised... / useful and complex actions from encryption and decryption to identification br and making fixed-blocksize encryption schemes more efficient For

A Security Framework for a Mobile Agent System - Bryce (2000) (Correct)
This paper describes a distributed security infrastructure for mobile agents. The first property of the infrastructure is believability ; this means that mechanisms are provided for authenticating... / agents this is achieved through encryption as well as agent replication and br bank key agents distribute the encryption keys c.f.steps and of

Speeding up the Arithmetic on Koblitz Curves of Genus Two - G�nther, Lange, Stein (2000) (Correct)
Koblitz, Solinas, and others investigated a family of elliptic curves which admit especially fast elliptic scalar multiplication. They considered elliptic curves defined over the finite field F 2 with... / the complexity of the ElGamal encryption scheme and the

Sharing Decryption in the Context of Voting or Lotteries - Fouque, Poupard, Stern (2000) (Correct)
Several public key cryptosystems with additional homomorphic properties have been proposed so far. They allow to perform computation with encrypted data without the knowledge of any secret informa... / Introduction Public Key encryption is a central primitive in br schemes based on a very simple encryption mechanism that essentially

Fair Encryption of RSA Keys - Poupard, Stern (2000) (Correct)
Cryptography is more and more concerned with elaborate protocols involving many participants. In some cases, it is crucial to be sure that players behave fairly especially when they use public key... / Fair Encryption of RSA Keys Guillaume Poupard br when they use public key encryption. Accordingly mechanisms are

REXEC: A Decentralized, Secure Remote Execution Environment for.. - Chun, Culler (2000) (Correct)
Bringing clusters of computers into the mainstream as general-purpose computing systems requires that better facilities for transparent remote execution of parallel and sequential applications be deve... / and strong authentication and encryption. The system is implemented and br and user authentication and encryption. It takes advantage of modern

Transforming out Timing Leaks - Agat (2000) (Correct)
One aspect of security in mobile code is privacy: private (or secret) data should not be leaked to unauthorised agents. Most of the work on secure information flow has until recently only been concern... / some implementations of the RSA encryption algorithm leak information about br leak information about the encryption key through their timing

A Multidisciplinary Electronic Commerce Project Studio for Secure.. - Ant�n, Earp (2000) (Correct)
While the Internet serves as a virtual marketplace that is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before. The evolutionary nat... / using technologies such as encryption firewalls and access control. br configurations of firewalls encryption and authentication for systems

An overview of multimedia content protection in consumer electronics.. - Eskicioglu, Delp (2000) (Correct)
A digital home network is a cluster of digital audio/visual (A/V) devices including set-top boxes, TVs, VCRs, DVD players, and general-purpose computing devices such as personal computers. The network... / groups of technologies encryption and watermarking have been br groups of technologies. Encryption-based technologies transform

The Cost of Adding Security Services to Group Communication Systems - Nita-Rotaru (2000) (Correct)
Numerous applications requiring information delivery from one sender to many receivers are based on a group communication model. Group communication systems are used in industry and military systems w... / project and Blowfish symmetric encryption algorithm. Its modular design br allows drop-in replacement of encryption and or key agreement protocol.

Using Hash Functions as a Hedge against Chosen Ciphertext Attack - Shoup (2000) (Correct)
The cryptosystem recently proposed by Cramer and Shoup [5] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional Diffie-Hellman assump... / to other available practical encryption schemes the scheme discussed br unrelated. In the context of encryption or signatures one can also

Efficient Arithmetic in Finite Field Extensions with Application in.. - Bailey, Paar (2000) (Correct)
This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by pr... / example the International Data Encryption Algorithm and RC are br In addition the NIST ANSI Data Encryption Algorithm has been designed so

Encrypting Virtual Memory - Provos (2000) (Correct)
In modern operating systems, cryptographic file systems can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, ... / in this paper uses swap encryption for processes in possession of br of con dential data. Volatile encryption keys are chosen randomly and

Authenticated Key Exchange Secure Against Dictionary Attacks - Bellare, Pointcheval, Rogaway (2000) (Correct)
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all p... / the security of EKE when its encryption function E is instantiated br Figure . It would seem that the encryption in the second flow can be

Lower Bounds on the Efficiency of Generic Cryptographic Constructions - Gennaro, Trevisan (2000) (Correct)
We present lower bounds on the eciency of constructions for Pseudo-Random Generators (PRGs) and Universal One-Way Hash Functions (UOWHFs) based on black-box access to one-way permutations. Our lower... / we know that semantically secure encryption can be implemented eciently br problems But if we look at encryption schemes secure against active

Relating Cryptography and Polymorphism - Pierce, Sumii (2000) (Correct)
Cryptography is information hiding. Polymorphism is also information hiding. So is cryptography polymorphic? Is polymorphism cryptographic? To investigate these questions, we dene the cryptographic ... / programs. Type abstraction and encryption are common approaches to br abstractly. On the other hand encryption prevents illegal access to

Publius: A robust, tamper-evident, censorship-resistant web.. - Waldman, Rubin, Cranor (2000) (Correct)
We describe a system that we have designed and implemented for publishing content on the web. Our publishing scheme has the property that it is very difficult for any adversary to censor or modify the... / called mixes that use a layered encryption technique to encode the path br an onion that specifies the encryption algorithms and keys to be used

Compiler Techniques for Code Compaction - Debray, Evans, Muth, De Sutter (2000) (Correct)
In recent years there has been an increasing trend towards the incorporation of computers into a variety of devices where the amount of memory available is limited. This makes it desirable to try to r... / software in such devices such as encryption software in telephones or

Fair Allocation of Discrete Bandwidth Layers in Multicast Networks - Sarkar, Tassiulas (2000) (Correct)
We study fairness when receivers in a multicast network can not subscribe to fractional layers. This case arises when the source hierarchically encodes its signal and the hierarchical structure is pre... / entrusting the network with the encryption key. Depending on the security

Towards an Analysis of Onion Routing Security - Syverson, Tsudik, Reed, Landwehr (2000) (Correct)
This paper presents a security analysis of Onion Routing, an application independent infrastructure for traffic-analysis-resistant and anonymous Internet connections. It also includes an overview of t... / onion router removes one layer of encryption so the data emerges as br that can perform fast symmetric encryption on passing traffic. In Onion

Automated Trust Negotiation - Winsborough, Seamons, Jones (2000) (Correct)
Distributed software subjects face the problem of determining one another's trustworthiness. The problem considered is managing the exchange of sensitive credentials between strangers for the purpose ... / and verifiable by using modern encryption technology a credential is

Confidentiality for Mobile Code: The Case of a Simple Payment Protocol - Dam, Giambiagi (2000) (Correct)
We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols using Java/JVM. An applet which receives and passes on confidential information onto a publ... / of realizing confidentiality is encryption. But in this context br encryption. But in this context encryption also poses some fundamental

Experiences with NIMI - Paxson, Adams, Mathis (2000) (Correct)
NIMI (National Internet Measurement Infrastructure) is a software system for building network measurement infrastructures. Its design emphasizes (i) large-scale infrastructures composed from diversel... / architecture. Authentication and encryption of all communication between br for its public key cryptography encryption and authentication RSAREF

The Raw Prototype Design Document - Michael Taylor Mbt (2000) (Correct)
this document, the tile processor is usually referred to as "the main processor, " "the processor," or "the tile processor." "The Raw processor" refers to the entire chip -- the networks and the tiles... / searching generation encryption and compression are on the

An FPGA Implementation and Performance Evaluation of the AES Block.. - Elbirt, Yip, Chetwynd, Paar (2000) (Correct)
The technical analysis used in determining which of the Advanced Encryption Standard candidates will be selected as the Advanced Encryption Algorithm includes e#ciency testing of both hardware and s... / The Third Advance Encryption Standard AES Candidate br determining which of the Advanced Encryption Standard candidates will be

On Interaction Refinement in Middleware - Truyen, Jørgensen, Joosen.. (2000) (Correct)
this paper, we show how we unknown On Interaction Refinement in Middleware Eddy Truyen , Bo Nrregaard Jrgensen , Wouter Joosen, Pierre Verbaeten + Distrinet Labs, KULeuven Dept. ComputerWetensch... / For example suppose that an encryption decryption component must be br interfaceEncryption . encrypt .

A High Capacity Image Steganographic Model - Yeuan-Kuen Lee And (2000) (Correct)
Steganographyisanancient art of conveying messages in a secret way that only the receiver knows the existence of message. So, a fundamental requirement for a steganographic method is imperceptibility,... / the security level a suitable encryption algorithm is then applied on br of messages. Note that the encryption module can conceal the

Lightweight, Dynamic and Programmable Virtual Private Networks - Isaacs (2000) (Correct)
A Virtual Private Network (VPN) that exists over a public network infrastructure like the internet is both cheaper and more flexible than a network comprising dedicated semi-permanent links such as le... / and security measures such as encryption of the VPN's traffic and

The Epistemics of Encryption - Bleeker, van Eijck (2000) (Correct)
Message passing by means of public key encryption is described in terms of doxastic dynamic logic. A secret message from a to b can have as eect that b learns something new from a, but it can also ca... / The Epistemics of Encryption Annette Bleeker Jan van Eijck br passing by means of public key encryption is described in terms of

Formal Verification of Cardholder Registration in SET - Bella, Massacci, Paulson, Tramontano (2000) (Correct)
The first phase of the SET protocol, namely Cardholder Registration, has been modelled inductively. This phase is presented in outline and its formal model is described. A number of basic lemmas h... / certificates for signature and encryption. Customers must generate and br but also a public key for encryption. The process is shorter because

Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000) (Correct)
As the recent denial-of-service attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. The wireless ad-hoc network is particularly vulnerable due to... / prevention measures such as encryption and authentication can be used br eliminate them. For example encryption and authentication cannot

Securing Electronic Commerce: Reducing the SSL Overhead - Apostolopoulos, Peris, Pradhan, Saha (2000) (Correct)
The last couple of years have seen a growing momentum towards using the Internet for conducting business. Web based electronic commerce applications are one of the fastest growing segments of the Inte... / with the job of negotiating encryption and message authentication br of the overhead is due to data encryption and message authentication. We

A Bit-Serial Implementation of the International Data Encryption.. - Leong, Cheung, Tsoi, Leong (2000) (Correct)
A high--performance implementation of the International Data Encryption Algorithm (IDEA) is presented in this paper. Using a novel bit--serial architecture to perform multiplication modulo 2 16 + 1 ... / of the International Data Encryption Algorithm IDEA M.P. Leong br of the International Data Encryption Algorithm IDEA is presented

Security of Signed ElGamal Encryption (Extended Abstract) - Schnorr, Jakobsson (2000) (Correct)
Claus Peter Schnorr Fachbereich Mathematik/Informatik Universitat Frankfurt, PSF 111932 D-60054 Frankfurt am Main, Germany schnorr@cs.uni-frankfurt.de Markus Jakobsson Information Sciences Labor... / Security of Signed ElGamal Encryption Extended Abstract Claus br H we show that ElGamal encryption with an added Schnorr signature

Practical Techniques for Searches on Encrypted Data - Song, Wagner, Perrig (2000) (Correct)
It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice f... / provide provable secrecy for encryption in the sense that the br a document of length n the encryption and search algorithms only need

Relationships among Differential, Truncated Differential, Impossible.. - Sugita, Kobara, Uehara, Kubota, Imai (2000) (Correct)
We propose a new method for evaluating the security of block ciphers against differential cryptanalysis and propose new structures for block ciphers. To this end, we define the word-wise Markov (Feist... / of block ciphers. We consider the encryption of a pair of distinct br X From the pair of encryption results one obtains the

The Taming of the (X)OR - Baumgartner, Massacci (2000) (Correct)
Many key verication problems such as bounded model-checking, circuit verication and logical cryptanalysis are formalized with combined clausal and ane logic (i.e. clauses with xor as the connective)... / plaintext attacks to the US Data Encryption Standard can be encoded as a br and Analysis of the U.S. Data Encryption Standard. Journal of Automated

Resolution of Dynamic Memory Allocation and Pointers for the. . . - Séméria, Sato, De.. (2000) (Correct)
One of the greatest challenges in C/C++-based design methodology is to efficiently map C/C++ models into hardware. Many of the networking and multimedia applications implemented in hardware or mixed h... / signal processing graphics and encryption. Memory architecture exploration

Detecting Backdoors - Zhang, Paxson (2000) (Correct)
Backdoors are often installed by attackers who have compromised a system to ease their subsequent return to the system. We consider the problem of identifying a large class of backdoors, namely those ... / through some application-level encryption method or directly using br unperturbed by the use of encryption. However timing information

Implementing a Distributed Firewall - Ioannidis, Keromytis, Bellovin, Smith (2000) (Correct)
Conventional firewalls rely on topology restrictions and controlled network entry points to enforce traffic filtering. Furthermore, a firewall cannot filter traffic it does not see, so, effectively, e... / exists. End-to-end encryption can also be a threat to rewalls br do ltering. Allowing end-to-end encryption through a rewall implies

A Data Mining and CIDF Based Approach for Detecting Novel and.. - Lee, Nimbalkar, Yee, Patil, Desai.. (2000) (Correct)
As the recent distributed Denial-of-Service (DDOS) attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. Furthermore, intrusion detection syste... / prevention techniques such as encryption authentication e.g.using br using RSA public key encryption technology. When components A

Provably Secure Certified Mail - Pfitzmann, Schunter, Waidner (2000) (Correct)
With a certified-mail protocol, one fairly exchanges a message for a receipt. No satisfactory protocols without any third party are possible, hence optimistic protocols are the best one can hope for... / perfectly clear even for simple encryption systems they are still being br m contained a committing encryption of m which would not be

Combinatorial properties of frameproof and traceability codes - Staddon, Stinson, Wei (2000) (Correct)
In order to protect copyrighted material, codes may be embedded in the content or codes may be associated with the keys used to recover the content. Codes can offer protection by providing some form... / movies. In the broadcast encryption scheme suggested by Chor Fiat br in connection with a broadcast encryption technique. It was also remarked

RC6 as the AES - Rivest, Robshaw, Yin (2000) (Correct)
Introduction After more than a year of design and nearly twoyears of scrutiny, the process to choose the Advanced Encryption Standard is drawing to a close. We are now left with five designs that wou... / process to choose the Advanced Encryption Standard is drawing to a close. br Certainly they won't require bulk encryption atmostafewblocks of data will

On Welch-Gong Transformation Sequence Generators - Gong, Youssef (2000) (Correct)
Welch-Gong (WG) transformation sequences are binary sequences of period 2 n 1 with 2-level auto correlation. These sequences were discovered by Golomb, Gong and Gaal in 1998 and veri ed for 5 n ... / analyze the S-boxes in DES Data Encryption Standard When they considered br Proceedings of Fast Software Encryption April - New

On the reachability problem in cryptographic protocols - Amadio, Lugiez (2000) (Correct)
We study the verication of secrecy and authenticity properties for cryptographic protocols which rely on symmetric shared keys. The verification can be reduced to check whether a certain parallel prog... / In these approaches a perfect' encryption scheme is assumed encryption is br encryption scheme is assumed encryption is an injective function and

Framework of Multi-agents Internet Security System - Ayesh, Bechkoum (2000) (Correct)
Software agents are playing an increasing variety of roles in helping with automating Internet related tasks such as searching and electronic commerce [1]. Such agents are being used, or investigated,... / attempts to access and that of encryption decryption which is

CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions - Black, Rogaway (2000) (Correct)
We suggest some simple variants of the CBC MAC that let you efficiently MAC messages of arbitrary lengths. Our constructions use three keys, K1, K2, K3, to avoid unnecessary padding and MAC any mess... / by the emergence of the Advanced Encryption Standard AES With the AES br Cm Gamma Avoiding multiple encryption keys xcbc. Most block ciphers

Security mechanisms for the MAP agent system - Puliafito, Tomarchio (2000) (Correct)
Mobile agents represent a new communication paradigm which has recently obtained a great attention from researcher and practitioners. Interesting applications exist in the fields of distributed system... / This model is based on the encryption and authentication mechanisms br used are based on public key encryption in which each user has a pair

Management of Environments in 2K - Carvalho, Kon, Ballesteros, Roman.. (2000) (Correct)
Computer users are increasingly multi-device equipped and no longer sedentary. It is desirable that the execution environment in any of these devices be customized to the user preferences and to the d... / A credential consists of encryption keys and tickets. Keys are

Efficient Dynamic Traitor Tracing - Berkman, Parnas, Sgall (2000) (Correct)
The notion of traitor tracing was introduced by Chor, Fiat and Naor, in order to combat piracy scenarios. Recently, Fiat and Tassa proposed a dynamic traitor tracing scenario, in which the algorithm a... / material that is being broadcast encryption is utilized and keys are br A. Fiat and M. Naor Broadcast Encryption CRYPTO' Springer LNCS

A Secure Data Hiding Scheme for Two-Color Images - Chen, Pan, Tseng. (2000) (Correct)
In this paper, we propose a new steganography scheme for hiding a piece of critical information in a host binary image (such as facsimiles). A secret key and a weight matrix are used to protect the hi... / is typically achieved by encryption. However as an encrypted br has a different flavor from encryption its purpose is to embed a

Onion Routing Access Configurations - Syverson, Reed, Goldschlag (2000) (Correct)
Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Thus it hi... / each OR removes one layer of encryption as defined by the cryptographic br is much more expensive than encryption the public-key burden rests

Keystone: A Group Key Management Service - Wong, Lam (2000) (Correct)
A major problem area in securing group communications is group key management. In this paper, we present the design and architecture of a scalable group key management system called Keystone. Keystone... / clients. A group key may be an encryption key a signing key a security br exchange triple DES CBC mode encryption and SHA digest algorithm. To

Protocol-Independent Secrecy - Millen, Rue� (2000) (Correct)
Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the... / constructed by concatenation or encryption. The concatenation of X and Y br X Y Z is unambiguous. The encryption of X using the key K is

Mobile Code as an Enabling Technology for Service-oriented Smartcard.. - Kehr, Rohs, Vogt (2000) (Correct)
Smartcards can be seen as service providing entities that implement a secure, tamper-proof storage and offer computational resources which make them ideally suited for a variety of tasks such as authe... / digital signatures encryption and cashless payment are far

Trawling Twofish (revisited) - Knudsen (2000) (Correct)
Twofish is a 128-bit block cipher submitted as a candidate for the Advanced Encryption Standard (AES). It has a structure related to the Feistel structure and runs in 16 rounds. In this paper we con... / as a candidate for the Advanced Encryption Standard AES It has a br Twofish is a secret-key encryption primitive which is one of the

A Reliability Model for Distributed Adaptation - Yarvis, Reiher, Popek (2000) (Correct)
End-to-end connectivity is growing increasingly diverse, with orders of magnitude differences in characteristics throughout the network. At the same time, most applications assume a level of network c... / of adaptations might be desired. Encryption might be employed on the br and Internet links. However encryption cannot be provided end-to-end

IdentiScape: Tackling the Personal Online Identity Crisis - Maniatis, Baker (2000) (Correct)
Traditional systems refer to a mobile person using the name or address of that person's communication device. As personal communications become more diverse and popular, this solution is no longer ade... / should be decentralized and that encryption keys are unsuitable as identi br location. The use of public encryption keys as personal names RL

Correlations in RC6 - Knudsen, Meier (2000) (Correct)
In this paper the block cipher RC6 is analysed. RC6 is submitted as a candidate for the Advanced Encryption Standard, it has 128-bit blocks and supports keys of 128, 192 and 256 bits, and is an iter... / as a candidate for the Advanced Encryption Standard it has -bit blocks br Block Cipher. Advanced Encryption Standard. RC . Introduction

Fast Implementations of AES Candidates - Aoki, Lipmaa (2000) (Correct)
Of the five AES finalists four---MARS, RC6, Rijndael, Twofish---have not only (expected) good security but also exceptional performance on the PC platforms, especially on those featuring the Pentium P... / can influence the relative encryption speed of different ciphers. To br were accepted as AES Advanced Encryption Standard candidates of

Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent - Kelsey, Kohno, Schneier (2000) (Correct)
We introduce a new cryptanalytic technique based on Wagner 's boomerang and inside-out attacks. We first describe this new attack in terms of the original boomerang attack, and then demonstrate it... / state prior to the ith round of encryption B is the plaintext and br eight-round Serpent encryptions. This attack covers rounds one

PRUNES: An Efficent and Complete Strategy for Automated Trust.. - Yu, Ma, Winslett (2000) (Correct)
The Internet provides an environment where two parties, who are virtually strangers to each other, can make connections and do business together. Before any actual business starts, a certain level of... / owner Using modern encryption technology the issuer signs a

Trade-offs in a Secure Jini Service Architecture - Hasselmeyer, Kehr, Vo� (2000) (Correct)
Jini is an infrastructure built on top of the mobile code facilities of the Java programming language enabling clients and services to spontaneously engage in arbitrary usage scenarios. For a smal... / There are no provisions for data encryption or authentication beyond the br e.g. authentication and encryption are then guaranteed by the

Evolution of Groupware for Business Applications: A Database.. - Mohan, Barber, Watts, Somani.. (2000) (Correct)
In this paper, we first introduce the database aspects of the groupware product Lotus Domino/Notes and then describe, in some more detail, many of the logging and recovery enhancements that were intro... / of the product. Field level encryption of documents is also supported.

Applications of Chaotic Signal Processing Techniques to Multimedia.. - Nikolaidis Tsekeridou Nikolaidis (2000) (Correct)
Usage of digital media has witnessed a tremendous growth during the last decades. However digital media are extremely vulnerable to copyright infringement, tampering and unauthorized distribution. Rec... / access to the data using some encryption technique. However encryption br encryption technique. However encryption does not provide overall

S16 & S32: Fast Stream Ciphers based on Linear Feedback over GF(2^n) - Rose (2000) (Correct)
This paper introduces S32 and S16, which are 32- and 16- bit members of the SOBER family. An extensive security analysis including results of study of SOBER itself are presented. 1. Introduction unkno... / applications such as voice encryption in wireless telephones which br memory available for software encryption algorithms. That paper

On the Convergence Rate of Good-Turing Estimators - McAllester, Schapire (2000) (Correct)
Good-Turing adjustments of word frequencies are an important tool in natural language modeling. In particular, for any sample of words, there is a set of words not occuring in that sample. The total p... / Enigma codes. The Enigma was an encryption device used by the German navy. br The Enigma used as part of its encryption key a three letter sequence.

Cryptanalysis of Imai and Matsumoto scheme B asymmetric cryptosystem - Youssef (2000) (Correct)
Imai and Matsumoto introduced alternative algebraic methods for constructing public key cryptosystems. An obvious advantage of theses public key cryptosystems is that the private side computations c... / a very limited number of encryption operations using the public br operations using the public encryption function. Keywords Public-key

Blind Detection Of Malicious Alterations On Still Images Using Robust .. - Rey, Dugelay (2000) (Correct)
Digital image manipulation software is now readily available on personal computers. It is therefore very simple to tamper with any image and make it available to others. Insuring digital image integri... / Private key a Feature encryption Signature Public key

Private Quantum Channels - Ambainis, Mosca, Tapp, de Wolf (2000) (Correct)
We investigate how a classical private key can be used by two players, connected by an insecure one-way quantum channel, to perform private communication of quantum information. In particular we show ... / of the classical one-time pad encryption scheme. Introduction br classical key is sucient. The encryption technique is fairly natural.

High-Speed MARS Hardware - Satoh, Ooba, Takano, D'Avignon (2000) (Correct)
High-speed MARS encryption/decryption hardware was developed using a 0.18m IBM CMOS technology. In order to boost performance, a special adder and multiplier was designed by optimizing the adder blo... / Abstract. High-speed MARS encryption decryption hardware was br achieves Mbit s data rate for encryption when using cipher block chaining

Compensating for a Lack of Transparency - Schoenmakers (2000) (Correct)
this article. unknown Proc. of the 10th Conference on Computers, Freedom and Privacy, Toronto, Canada, April 4-7, 2000, pp. 231-233. ACM, New York. Compensating for a Lack of Transparency Berry Sch... / veri ability is a special type of encryption for the ballots called br the ballots called homomorphic encryption. Concretely homomorphic

Trawling Twofish - Knudsen (2000) (Correct)
Twofish is a 128-bit block cipher submitted as a candidate for the Advanced Encryption Standard (AES). It has a structure related to the Feistel structure and runs in 16 rounds. In this paper we consi... / as a candidate for the Advanced Encryption Standard AES It has a br Twofish is a secret-key encryption primitive which is one of the

PILOT: An Interactive Tool for Learning and Grading - Bridgeman, Goodrich, Kobourov.. (2000) (Correct)
We describe a Web-based interactive tool, called PILOT, for testing computer science concepts. The strengths of our system are its universal access and platform independence, its ability to test algor... / form of password protection or encryption to allow only authorized users

Realization of the Round 2 AES Candidates using Altera FPGA - Fischer (2000) (Correct)
This paper presents an evaluation of five Round 2 Advanced Encryption Standard (AES) candidates from the viewpoint of their realization in a FPGA. After the analysis of the general characteristics of ... / of five Round Advanced Encryption Standard AES candidates from br of the operations used for encryption and decryption b the

Image Authentication Using Chaotic Mixing Systems - Anastasios Tefas And (2000) (Correct)
A novel method for image authentication is proposed. A watermark signal is embedded in a grayscale or a color host image. The watermark key controls a set of parameters of a chaotic system used for th... / feature of imperceptible encryption of the image owner logo in the br of chaotic mixing techniques for encryption provides high security. .

Performance Evaluation of AES Finalists on the High-End Smart Card - Sano, Koike, Kawamura, Shiba (2000) (Correct)
This paper rep orttt performance of tA AESfinalistH MARS, RC6, Rijndael, Serpent and Twofish, on tA high-endsmart card trd has a Z80 core wit Toshiba'sarit'sAU. coprocessor. 1 Introduction Durin the... / A Proposal for the Advanced Encryption Standard AES submission br . M.MatBxZ New Block Encryption Algorithm MISTY Fast Soft

The Differential Cryptanalysis of an AES Finalist-Serpent - Wang, Hui, Chow, Chong, Tsang, Chan (2000) (Correct)
Serpent is one of the ve AES nalists. In our paper, we give some dierentials about Serpent, two of the dierentials are a 5-round dierential with the probability of 1 2 61 and a 6-round dierenti... / community to develop an Advanced Encryption Standard AES So far three br give it's details here. The encryption algorithm is described as

Rijndael for AES - Daemen, Rijmen (2000) (Correct)
this document we give a short overview of the reasons why Rijndael should be selected as the AES. We have divided our arguments into four categories: unknown -RDQ 'DHPHQ 9 1462 5LMPHQ Rijndaelfj A... / a proposal for the Advanced Encryption Standard AES . Cl C. br et al.Twofish a block encryption algorithm AES . Li H.

Formal Security Proofs for a Signature Scheme with Partial Message.. - Brown, Johnson (2000) (Correct)
The Pintsov-Vanstone signature scheme with partial message recovery (PVSSR) is a variant of the Schnorr and Nyberg-Rueppel signature schemes. It produces very short signatures on messages with intri... / applications are symmetric encryption primitives such as DES or AES. br are deterministic symmetric encryption primitives such as DEs or AES.

Selling Bits: A Matter of Creating Consumer Value - Gordijn, Akkermans, van Vliet.. (2000) (Correct)
Digital goods such as music are vulnerable to illegal use over the internet. Technology-driven IT solutions to protection are useful but limited. Instead, we suggest that incentives to legal forms... / to protect digital content using encryption technology and watermarking br We distinguish protection by encryption protection by watermarking

AES Public Comment from the Rijndael Team - Daemen, Rijmen (2000) (Correct)
Introduction In this public comment to NIST we address a number of diverging issues: . provable security vs. provable properties; . suitability of AES candidates for hashing; . Rijndael software p... / for some unlikely reason encryption can be done using the inverse br a proposal for the Advanced Encryption Standard presented at st

Two Approaches for Pay-per-Use Software Construction - Ferreira, Dahab, Aragão.. (2000) (Correct)
This paper describes two architectures for building Pay-per-Run software systems. These are systems that allow the user to pay for each execution of an application, instead of buying a more expensive ... / or Revoked. . . . Encryption Engine All messages in the br an asymmetric cipher RSA The Encryption Engine is the sub-system that

An Adaptable Security Manager for Real-Time Transactions - Sang Son And (2000) (Correct)
The rising demand for real-time services over the network such as web-based information services requires new approaches for balancing competing demands on limited resources. The BeeHive database syst... / access some form of storage encryption is used. A secure distributed br mechanism for privacy DES encryption and for authentication MD

Dolev-Yao is no better than Machiavelli - Syverson, Meadows, Cervesato (2000) (Correct)
We show that all attacks that can be mounted by a traditional Dolev-Yao intruder against common cryptographic protocols can be enacted by an apparently weaker `Machiavellian' adversary in which compro... / k DY i fmg k Encryption n DY i n br reduce signatures to private key encryptions and render hashes as

On the Quadratic Span of Binary Sequences - Youssef, Gong (2000) (Correct)
The length of the shortest FSR that generates a sequence is called the span of the sequence. If the feedback function is linear, then the Berlekamp-Massey algorithm can be used to efficiently determin... / ciphers are an important class of encryption algorithms. By contrast to block br message one at a time using an encryption transformation which varies with

Hardware Performance Simulations of Round 2 Advanced Encryption.. - Bryan Weeks Mark (2000) (Correct)
The National Security Agency (NSA) is providing hardware simulation support and performance measurements to aid NIST in their selection of the AES algorithm. Although much of the Round 1 analysis focu... / Simulations of Round Advanced Encryption Standard Algorithms Bryan br of the Round Advanced Encryption Standard AES algorithm

Improved Cryptanalysis of Rijndael - Ferguson, Kelsey, Lucks, Schneier.. (2000) (Correct)
We improve the best attack on Rijndael reduced to 6 rounds from complexity 2^72 to 2^44 . We also present the first known attacks on 7- and 8-round Rijndael. The attacks on 8-round Rijndael work for 1... / attack starts by obtaining encryptions that only dier in a single br such that within each group the encryptions dier in a speci c byte of m

Approximate Entropy for Testing Randomness - Rukhin (2000) (Correct)
In this paper a new concept of approximate entropy is modified and applied to the problem of testing for randomness a string of binary bits. This concept has been introduced in a series of papers by S... / and the need for good secure encryption algorithms. All such algorithms br numbers generators such as Data Encryption Algorithm Secure Hash

Quadratic orders for NESSIE - Overview and parameter sizes of three.. - H�hnlein (2000) (Correct)
In the scope of the European project NESSIE 1 there was issued a Call for Cryptographic Primitives [NESSIE] soliciting proposals for block ciphers, stream ciphers, hash functions, pseudo-random ... / for digital signatures encryption and identification. Since the br Signature Integrity and Encryption industrial project

Benchmarking Java Grande Applications - Bull, Smith, Westhead, Henty, Davey (2000) (Correct)
Increasing interest is being shown in the use of Java for large scale or Grande applications. This new use of Java places specific demands on the Java execution environments that can be tested using... / Performs IDEA International Data Encryption Algorithm Lai et al br Algorithm Lai et al encryption and decryption on an array of N

Identification Protocols Secure Against Reset Attacks - Bellare, Goldwasser, Micali (2000) (Correct)
We introduce new ID schemes that are secure even when #1# an adversary can reset the internal state and#or randomization source of the user identifying itself, and #2# when executed in an asynchrono... / reset concurrency signatures encryption authentication. Dept. br . . CCA -secure Encryption schemes .

Looking for Diamonds in the Desert - Extending Automatic Protocol.. - Perrig, Song (2000) (Correct)
In this paper, we describe our new results in developing and extending Automatic Protocol Generation (APG), an approach to automatically generate security protocols. We explore two-party mutual authen... / e.g.symmetric or asymmetric encryption decryption low bandwidth. A br a system such as a smart-card encryption can be fast while the bandwidth

Key Separation in Twofish - Kelsey (2000) (Correct)
In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key schedule, and compare it with other block ciphers. While every block cipher has this ... / S-boxes used by the cipher during encryption and decryption. Now S is br schedule precomputation for bulk encryption. Assuming some restrictions on

Answer to "new observations on Rijndael" - Daemen, Rijmen (2000) (Correct)
This paper is organised as folows. We start in Section 2 with a few comments on the used terminology. In Section 3 we restate our evaluation criterium for `diffusion' and show that the results of [1] ... / Some people argue that an encryption algorithm should not only br session of AES . Data Encryption Standard Federal Information

On the Method of "XL" and Its Inefficiency to TTM - Moh (2000) (Correct)
Introduction In the preprint [2], Nicolas Courtois, Adi Shamir, Jacques Patarin and Alexander Klimov propose a method named "XL" which gives an "efficient algorithm for solving overdefined systems of... / the previous results to the encryption system TTM and show that it is br is routinely done for the TTM encryption systems. In these cases I

Development of a Cryptographic Protocol by Stepwise Refinement Using.. - Johnston (2000) (Correct)
s and compressed postscript les are available via http://svrc.it.uq.edu.au Development of a Cryptographic Protocol by Stepwise Renement Using the Cogito Methodology:Part 1 Wendy Johnston 1 Abst... / initiation by providing an encryption key readable only by the br initiation of the protocol the encryption of the message and the sending

Tradeoffs for Packet Classification - Feldmann, Muthukrishnan (2000) (Correct)
We present an algorithmic framework for solving the packet classification problem that allows various access time vs. memory tradeoffs. It reduces the multidimensional packet classification problem to... / communication that uses IP-Sec encryption will not expose port numbers.

Challenges in Distributed Adaptation - Yarvis (2000) (Correct)
Personal area nets . User-to-user services . Multi-hop networks . Network/server congestion Encrypt Internet Prefetch 56Kb Distill Encrypt Internet 768Kb Prefetch Distill Coalesce Priortize Cache ... / without notice Public key encryption is used for session key

Properties of the Building Blocks of Serpent - Mister (2000) (Correct)
Introduction In assessing the security of AES candidates, it is important to consider the amount of analysis that has been conducted. To this end, this note summarizes properties of the building bloc... / and x f x for encryption. Denote the output of the cipher br A proposal for the advanced encryption standard. Submission to AES

A Comparative Study of Performance of AES Final Candidates Using FPGAs - Dandalis, Prasanna, Rolim (2000) (Correct)
In this paper we study and compare the performance of FPGA-based implementations of the #ve #- nal AES candidates #MARS, RC6, Rijndael, Serpent, and Two#sh#. FPGAs seem to match extremely well with th... / operation e.g. CBC CFB where encryption results of each block are fed br each block are fed backinto the encryption of the current block

An efficient NICE-Schnorr-type signature scheme - H�hnlein, Merkle (2000) (Correct)
Recently there was proposed a novel public key cryptosystem [17] based on non-maximal imaginary quadratic orders with quadratic decryption time. This scheme was later on called NICE for New Ideal ... / NICE for New Ideal Coset Encryption First implementations show br is as efficient as RSA-encryption with e . It

NIST Performance Analysis of the Final Round Java AES Candidates - Dray (2000) (Correct)
This paper documents additional performance data for the five AES finalists obtained under JDK1.3, and should be used in combination with the first round NIST Java AES analysis to obtain a complete pi... / algorithms for the Advanced Encryption Standard AES in a Federal br do not require high-speed encryption of large amounts of data and

A comparison of AES candidates on the Alpha 21264 - Weiss, Binkert (2000) (Correct)
We compare the five candidates for the Advanced Encryption Standard based on their performance on the Alpha 21264, a 64-bit superscalar processor. There are several new features of the 21264 that have... / five candidates for the Advanced Encryption Standard based on their br have a significant impact on encryption decryption speed. The main ones

Identity Management Based On P3P - Berthold, K�hntopp (2000) (Correct)
Identity management is a powerful mechanism to enhance user-privacy. In this paper we will examine the idea of an identity management system built atop of an anonymous communication network. First, we... / for digital signatures and the encryption of communication contents.

Impossible Differential on 8-Round MARS' Core - Biham, Furman (2000) (Correct)
MARS is one of the AES #nalists. The up-to-date analysis of MARS includes the discovery of weak keys, and Biham's estimation that a 12round variant of MARS is breakable. This estimation was partly fou... / as a candidate for the Advanced Encryption Standard selection process and br Khafre LNCS Fast Software Encryption pp. - March .

Efficiency Testing of ANSI C Implementations of Round 2 Candidate.. - III (2000) (Correct)
This paper describes the testing methodology used in ANSI C efficiency testing, along with observations regarding the resulting measurements. The results of the measurements are included followed by c... / Algorithms for the Advanced Encryption Standard Revised April br criteria for the Advanced Encryption Standard AES Round candidate

The Power of NIST's Statistical Testing of AES Candidates - Sean Murphy Information (2000) (Correct)
One of the evaluation criteria for AES candidate algorithms is \their demonstrated suitability as random number generators". To evaluate AES candidates against this criterion, NIST has conducted st... / decision. . If an encryption algorithm fails a category test br is a potential problem with that encryption algorithm for that category of

Real Time Cryptanalysis of A5/1 on a PC - Biryukov, Shamir, Wagner (2000) (Correct)
A5/1 is the strong version of the encryption algorithm used by about 130 million GSM customers in Europe to protect the over-the-air privacy of their cellular voice and data communication. The best pu... / A is the strong version of the encryption algorithm used by about br The security of the A encryption algorithm was analyzed in

Laboratory for Telecommunication Sciences, Adelphi MD.. - Um Bc Edu (2000) (Correct)
This paper describes an architecture for a secure file system based on networkattached storage that guarantees end-to-end encryption for all user data. We describe the design of this system, focusin... / that guarantees end-to-end encryption for all user data. We describe br results using several popular encryption and authentication algorithms

Project "Anonymity and Unobservability in the Internet" - Berthold, Federrath, K�hntopp (2000) (Correct)
It is a hard problem to achieve anonymity for real-time services in the Internet (e.g. Web access). All existing concepts fail when we assume a very strong attacker model (i.e. an attacker is able t... / k nested layers of public-key encryption. Each Mix removes one layer. br removes one layer. Link-to-link encryption between Mixes is not sufficient

The Key Separation of Two sh - Sean Murphy Information (2000) (Correct)
This paper considers the discussion of Whiting et al that the key separation of the AES candidate Twosh, noted by Mirza and Murphy at AES2, does not lead to cryptographic weaknesses. This paper sho... / algorithm for the Advanced Encryption Standard AES and has br S-Box parameter. We term a Two sh encryption in which the -bit S-Box

Differential Cryptanalysis, Key-dependent S-boxes, and Twofish - Murphy, Robshaw (2000) (Correct)
In this note we make some observations on key-dependentSboxes and di#erential cryptanalysis. Using basic techniques we give good evidence for the existence of attacks on up to eight rounds of Two#... / of S-boxes that change from encryption to encryption can be quite br that change from encryption to encryption can be quite useful to an

Comments by the NESSIE Project on the AES Finalists - Preneel, Bosselaers, Rijmen, Van.. (2000) (Correct)
The document contains comments about the AES process and AES finalists that represent the consensus view of the NESSIE partners. unknown Date: Wed, 24 May 2000 17:30:17 +0100 (BST) From: Sean Murphy ... / for Signature Integrity and Encryption project is funded by the br and requiring encryptions will be found for any of the

Object Signing In Bamboo - Smith (2000) (Correct)
maximum 200 words) The rapid growth in the Internet has been fueled by an exorbitant number of users, organizations and individuals alike, many relying on e-commerce to conduct business including t... / as physical security types of encryption and hash algorithms to preclude br and authentication process. Encryption of the module content is not a

Some Informal Reflections on Rijndael and Twofish - Gladman (2000) (Correct)
This paper considers these functions informally from a security perspective and concludes by raising a question about the relative security strengths of the two algorithms. unknown From: "Brian Gladma... / on the expected size of the encryption task. Because similarities br Twofish when implemented for bulk encryption takes of the bytes of the

The Need for Multiple AES Winners - Gladman (2000) (Correct)
this paper available on my web site and put up a note about it unknown From: "Brian Gladman" To: Subject: AES Selection Date: Wed, 7 Apr 1999 ... / for the obsolescent Data Encryption Standard DES encryption br Data Encryption Standard DES encryption algorithm. The current objective

AES Key Agility Issues in High-Speed IPsec Implementations - Whiting, Schneier, Bellovin (2000) (Correct)
Some high-speed IPsec hardware systems need to support many thousands of security associations. The cost of switching among di erent encryption keys can dramatically affect throughput, particularly fo... / cost of switching among dierent encryption keys can dramatically aect br to aggregated trac hardware encryption is almost always necessary to

A Strategy for Analyzing Public Comments and Preparing the Round 2.. - Miles Smid Cygnacom (2000) (Correct)
This report was developed for the National Institute of Standards and Technology (NIST) as the first deliverable under Purchase Order 43SBNB067018. It is intended to suggest one or more strategies tha... / product developers will select encryption algorithms based upon these br the efficiency and reducing the encryption costs. However multiple

Public Comments Regarding the Advanced Encryption Standard (AES).. - Nist (2000) (Correct)
22 In this paper the block cipher Rijndael is analyzed. Rijndael is submitted as a candidate for the Advanced Encryption Standard. The cipher has variable key and block length. This paper focuses on ... / Comments Regarding The Advanced Encryption Standard AES Development br posted at csrc.nist.gov encryption aes round pubcmnts.htm.

The Regulation of Investigatory Powers Bill -- The Provisions for.. - By Dr Gladman (2000) (Correct)
The UK Government has put a Bill before Parliament which includes provisions giving a number of government and public authorities the power to demand copies of the encryption keys which UK citizen... / power to demand copies of the encryption keys which UK citizens and br the right to obtain the encryption keys that UK citizens use to

A Twofish Retreat: Related-Key Attacks Against Reduced-Round Twofish - Ferguson, Kelsey, Schneier, Whiting (2000) (Correct)
The Twofish AES submission document contains a partial chosen-key and a related-key attack against ten rounds of Twofish without whitening, using 256-bit keys. This attack does not work; it makes use... / weak key pairs. Given access to encryptions under a pair of such keys we br attacker is permitted to request encryptions under a number of di erent

Customization and Composition of Distributed Objects: Policy.. - Astley (1999) (Correct)
Research in software architecture has emphasized compositional development, where the computational aspects of a system are modularly separated from communication and coordination aspects. Typically, ... / . Meta-Level Implementation of Encryption The Encrypt meta-actor br . . Encryption Policy The Encryption policy

Security Protocols and Specifications - Abadi (1999) (Correct)
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper (intended to accompany a lecture at ETAPS '99) discusses t... / The braces represent the encryption operation in this case using a br for computing C S concern encryption and decryption if M

Discrete logarithms: The past and the future - Odlyzko (1999) (Correct)
The first practical public key cryptosystem to be published, the Diffie-Hellman key exchange algorithm, was based on the assumption that discrete logarithms are hard to compute. This intractability hy... / it is harder to use it for encryption than if it were based on RSA br control regulations on strong encryption without weakening the digital

IP Multicast Security: Issues and Directions - Hardjono, Tsudik (1999) (Correct)
Security represents one of the major obstacles today to the wider deployment of IP multicast. The current work identifies and discusses the various concepts and issues underlying multicast security.... / subscribers. In this example encryption of the data may be used to br and are confidential in nature encryption must be used to achieved the

Distributed Pseudo-Random Functions and KDCs - Naor, Pinkas, Reingold (1999) (Correct)
This work describes schemes for distributing between n servers the evaluation of a function f which is an approximation to a random function, such that only authorized subsets of servers are able to... / in Section . . ii Long-tem encryption of information where a user br used as a key for a private-key encryption scheme The parameter can

A Reduction for Automated Verification of Authentication Protocols - Stoller (1999) (Correct)
Authentication protocols (including protocols that provide key establishment) are designed to work correctly in the presence of an adversary that can prompt honest principals to engage in an unbounded... / or keys and Key is a set of encryption keys defined by Key Key br be unencrypted in a term. The encryption height of a ground term t is

Justifying Finite Resources for Adversaries in Automated Analysis of.. - Stoller (1999) (Correct)
Authentication protocols (including protocols that provide key establishment) are designed to work correctly in the presence of an adversary that can (1) perform an unbounded number of encryptions (an... / perform an unbounded number of encryptions and other operations while br bound on the worst-case number of encryptions by the adversary and an

Parallel Real-Time Cryptography: Beyond Speedup II - Akl, Bruda (1999) (Correct)
The primary purpose of parallel computation is the fast execution of computational tasks that are too slow to perform sequentially. However, it was shown recently that a second equally important motiv... / apply only one iteration of an encryption function on each block within br are used n iterations of the encryption function are possible. This

Average case reductions for Subset Sum and Decoding of Linear Codes - Arboit (1999) (Correct)
Average case reductions for Subset Sum and Decoding of Linear Codes Genevi`eve Arboit Master of Science Graduate Department of Computer Science University of Toronto 1999 In a 1996 paper, R. Impagliaz... / for the existence of secure encryption schemes is that NP is not br NP implies only that there exist encryption schemes that are hard to break

Encrypted Message Authentication by Firewalls - Gamage, Leiwo, Zheng (1999) (Correct)
Firewalls typically filter network traffic at several different layers. At application layer, filtering is based on various security relevant information encapsulated into protocol messages. The maj... / of content protected by encryption. This is due to a traditional br signcryption. Keywords. Encryption Digital Signatures Firewalls

The use of Watermarks in the Protection of Digital Multimedia Products - Voyatzis, Pitas (1999) (Correct)
The watermarking of digital images, audio, video and multimedia products in general has been proposed for resolving copyright ownership and verifying originality of content. This paper studies the con... / be used for this purpose. The encryption decryption techniques should br and should achieve real-time encryption decryption e.g. for video and

Separating key management from file system security - Mazieres, Kaminsky, Kaashoek, Witchel (1999) (Correct)
No secure network file system has ever grown to span the Internet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the Internet, any particular... / management to map file names to encryption keys SFS file names effectively br satisfactory means of managing encryption keys in such a large and diverse

Spread Spectrum Watermarking: Malicious Attacks and Counterattacks - Hartung, Su, Girod (1999) (Correct)
Most watermarking methods for images and video have been proposed are based on ideas from spread spectrum radio communications, namely additive embedding of a (signal adaptive or non-adaptive) pseudo-... / copying without fidelity loss. Encryption and copy protection mechanisms br do not fully solve the issue. Encryption usually protects the data only

Hardening COTS Software with Generic Software Wrappers - Fraser, Badger, Feldman (1999) (Correct)
Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Al... / additional security protocols encryption authentication or identifying

Cryptography in OpenBSD: An Overview - de Raadt, Hallqvist, Grabowski.. (1999) (Correct)
Cryptographic mechanisms are an important security component of an operating system in securing the system itself and its communication paths. Indeed, in many situations, cryptography is the only tool... / SSL libraries stronger password encryption Kerberos IV random number br as server authentication and data encryption. The Secure Socket Layer is

Executing parallel logical operations with DNA - Ogihara, Ray (1999) (Correct)
DNA computation investigates the potential of DNA as a massively parallel computing device. Research is focused on designing parallel computation models executable by DNA-based chemical processes and ... / is the attack on Data Encryption Standard DES In an br molecular computation to the Data Encryption Standard. In L. Landweber and

Very large conferences on the Internet: the Internet Multimedia.. - Handley Crowcroft (1999) (Correct)
In this paper we provide an overview of multimedia conferencing on the Internet. The protocols mentioned are all specified elsewhere as internet-drafts or RFCs. Each RFC gives details of the protocol ... / methods are used for encryption and authentication which need br can be implemented using encryption and restricted distribution of

A Meta-notation for Protocol Analysis - Cervesato, Durgin, Lincoln.. (1999) (Correct)
Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the "Dolev-Yao model." In this paper, we use a multiset rewriting formalism, based on lin... / a random number n and sends its encryption to Bob. There is no specific br a message that contains the encryption of f n By analogy with

One-way Functions are Essential for Single-Server Private Information .. - Beimel, Ishai, Kushilevitz, Malkin (1999) (Correct)
Private Information Retrieval (PIR) protocols allow a user to read information from a database without revealing to the server storing the database which information he has read. Kushilevitz and Ostro... / one-way functions private-key encryption identification and bit br and S. Micali. Probabilistic encryption. J. of Computer and System

Report on the AES Candidates - Baudron, Gilbert, Granboulan.. (1999) (Correct)
This document reports the activities of the AES working group organized at the Ecole Normale Sup�rieure. Several candidates are evaluated. In particular we outline some weaknesses in the designs of so... / of the report. Designing the encryption standard of the rst twentyyears br in clock cycles of one block encryption with a -bit key timing of

A Framework For A Cryptographic Protocol Evaluation Workbench - Yasinsac, Wulf (1999) (Correct)
Tools to evaluate Cryptographic Protocols (CPs) exploded into the literature after development of BAN Logic [BAN88,BAN90]. Many of these were created to repair weaknesses in BAN Logic. Unfortunately, ... / In the SN version the send and encryption operations are explicit br are implicit. In CPAL sending encryption receipt decryption and name

Securing Threshold Cryptosystems against Chosen Ciphertext Attack - Shoup, Gennaro (1999) (Correct)
For the most compelling applications of threshold cryptosystems, security against chosen ciphertext attack seems to be a requirement. However, there appear to be no practical threshold cryptosystems... / there is a single public encryption key but the corresponding br to the ciphertext during the encryption process. Such a label is a bit

On Quality of Service Optimization with Discrete QoS Options - Lee, Lehoczky, Rajkumar, Siewiorek (1999) (Correct)
We present a QoS management framework that enables us to quantitatively measure QoS, and to analytically plan and allocate resources. In this model, end users' quality preferences are considered when ... / Cryptographic Security encryption key-length off br in data delivery reliability encryption on or off and frame rates

Improved Magic Ink Signatures Using Hints - Jakobsson, M�ller (1999) (Correct)
We introduce two improvements to the recently proposed so called magic ink DSS signatures. A first improvement is that we reduce the overhead for tracing without noticeably increasing any other cost... / called hint value. This is an encryption of the signature transcript br Our protocol uses ElGamal encryption To encrypt a value m

Secure Computation with Honest-Looking Parties: What if nobody is.. - Canetti, Ostrovsky (1999) (Correct)
Ran Canetti Rafail Ostrovsky y April 28, 1999 Abstract In a secure multi-party computation a set of mutually distrustful parties interact in order to evaluate a pre-defined function of their in... / of the channels is obtained via encryption and even when the adversary is br is achieved via probabilistic encryption each party must locally

Safe Simplifying Transformations for Security Protocols or Not Just.. - Hui, Lowe (1999) (Correct)
Recent techniques for analyzing security protocols have tended to concentrate upon the small protocols that are typically found in the academic literature. However, there is a huge gulf between these ... / and much higher levels of nested encryption. As a result existing br . Removing encryptions .

The JavaSeal Mobile Agent Kernel - Bryce, Vitek (1999) (Correct)
JavaSeal is a secure mobile agent kernel that provides a small set of abstractions for constructing agent applications. This paper describes the design of these abstractions and their implementation. ... / application can choose its own encryption algorithms and its own br trust relations and the use of encryption. Regarding trust a consumer

A Top-Down Look at a Secure Message - Abadi, Fournet, Gonthier (1999) (Correct)
In ongoing work, we are investigating the design of secure distributed implementations of high-level process calculi (in particular, of the join-calculus). We formulate implementations as translations... / messages. They employ encryption in order to guarantee the br a pair of keys for public-key encryption x is an

Secure Object Spaces - A coordination model for Agents - Bryce, Oriol, Vitek (1999) (Correct)
Coordination languages based on shared data spaces are well suited to programming parallel applications composed of cooperating software components. Secure Object Spaces (SOS) extend this model to sup... / that permits to eschew encryption in favor of dynamic typing and br an object space is viewed as an encryption operation in the course of

A Coordination Model for Agents based on Secure Spaces - Bryce, Oriol, Vitek (1999) (Correct)
Shared space coordination models such as Linda are ill-suited for structuring applications composed of erroneous or insecure components. This paper presents the Secure Object Space model. In this ... / of the semantics that employs encryption is also outlined for use in br used to implement tuple locking. Encryption of objects is not necessary for

Rewriting Semantics of Meta-Objects and Composable Distributed.. - Denker, Meseguer (1999) (Correct)
This paper proposes a semantic approach to make precise the reflective concept of composable service in a distributed system, and to reason about the properties of service compositions. Our approach i...