This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
1208.2 RTP: A Transport Protocol for Real-Time Applications - Schulzrinne, Casner (1993)(Correct)
This memorandum describes the real-time transport protocol, RTP. RTP provides end-toend
network transport functions suitable for applications transmitting real-time data, such as
audio, video or simul... / . . ENC Encryption br integrity check asymmetric encryption
1182.9 A Survey of Active Network Research - Tennenhouse, Smith, Sincoskie.. (1997)(Correct)
Active networks are a novel approach to network architecture in which the switches of the network perform customized computations on the messages flowing through them. This approach is motivated by bo... / additional security such as encryption when operating away from the
925.7 A Calculus for Cryptographic Protocols - The Spi Calculus - Abadi, Gordon (1998)(Correct)
We introduce the spi calculus, an extension of the pi calculus designed for describing and analyzing cryptographic protocols. We show how to use the spi calculus, particularly for studying authenticat... / . . Public-Key Encryption and Digital Signatures . br Appendices A Encoding Encryption in the Pi Calculus B Proofs
859.0 A Method for Obtaining Digital Signatures and Public-Key Cryptosystems - Rivest, Shamir, Adleman (1978)(Correct)
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: 1. Co... / L. Adleman Abstract An encryption method is presented with the br that publicly revealing an encryption key does not thereby reveal the
794.2 Non-Malleable Cryptography - Dolev, Dwork, Naor (1998)(Correct)
The notion of non-malleable cryptography, an extension of semantically secure cryptography,
is defined. Informally, in the context of encryption the additional requirement is that given
the ciphertext... / Informally in the context of encryption the additional requirement is br Informally in the context of encryption the additional requirement is
771.4 Selecting Cryptographic Key Sizes - Lenstra, Verheul (2001)(Correct)
In this article we offer guidelines for the determination of key sizes for
symmetric cryptosystems, RSA, and discrete logarithm based cryptosystems both
over finite fields and over groups of ellip... / by the recently broken Data Encryption Standard and thereby br Often both the message and its encryption consist of a whole number of
666.6 Random Oracles are Practical: A Paradigm for Designing Efficient.. - Bellare, Rogaway (1995)(Correct)
We argue that the random oracle model ---where all parties have access to a public random oracle--- provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we sugges... / gains for problems including encryption signatures and zero-knowledge br oracle setting. Efficient Encryption. Goals which are possible but
594.2 The Inductive Approach to Verifying Cryptographic Protocols - Paulson (1998)(Correct)
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state systems.... / OtwayRees which uses shared-key encryption Needham-Schroeder which uses br which uses public-key encryption and a recursive protocol
537.1 A Practical Public Key Cryptosystem Provably Secure against Adaptive.. - Cramer, Shoup (1998)(Correct)
A new public key cryptosystem is proposed and analyzed. The scheme is quite practical, and is provably secure against adaptive chosen ciphertext attack under standard intractability assumptions. There... / security of the basic El Gamal encryption scheme Thus with just a br there are several provably secure encryption schemes in the literature they
480.8 MediaBench: A Tool for Evaluating and Synthesizing Multimedia and.. - Lee (1997)(Correct)
Over the last decade, significant advances have been made in compilation technology for capitalizing on instruction-level parallelism (ILP). The vast majority of ILP compilation research has been cond... / PEGWIT A program for public key encryption and authentication. It uses an
411.4 Secrecy by Typing in Security Protocols - Abadi (1998)(Correct)
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurren... / In our approach encryption keys are pieces of data and as br explicitly the class Any Encryption keys are data so our
373.9 Horus: A Flexible Group Communications System - van Renesse, Birman, Maffeis (1996)(Correct)
This paper reports on the Horus system, which provides an unusually flexible group communication model to application-developers. This flexibility extends to system interfaces, the properties provided... / accept the overhead of data encryption but wish to avoid this cost br overcoming lost packets encryption and decryption maintaining
359.9 The SLam Calculus: Programming with Secrecy and Integrity - Heintze, Riecke (1998)(Correct)
We describe the SLam calculus, a typed -calculus that maintains security information as well as type information. The type system propagates both secrecy and integrity, maintaining four distinct forms... / of public keys in a public key encryption system. To study secrecy and
353.1 Garp: A MIPS Processor with a Reconfigurable Coprocessor - Hauser, Wawrzynek (1997)(Correct)
Typical reconfigurable machines exhibit shortcomings that make them less than ideal for general-purposecomputing. The Garp Architecture combines reconfigurable hardware with a standard MIPS processor ... / pattern searching and RSA encryption to name just a few. br least some problems. . Data Encryption Standard DES One of the
344.6 Automated Analysis of Cryptographic Protocols Using Murphi - Mitchell, Mitchell, Stern (1997)(Correct)
A methodology is presented for using a generalpurpose state enumeration tool, Murphi, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzin... / involving properties of the encryption primitives which may be br the adversary to generate an encryption of nm from an encryption of
340.4 Proving Properties of Security Protocols by Induction - Paulson (1997)(Correct)
Informal justifications of security protocols involve arguing backwards that
various events are impossible. Inductive definitions can make such arguments
rigorous. The resulting proofs are complicated... / outer-level braces and indicating encryption by a notation such as fjNa br Crypt KX. Under public-key encryption K Gamma is the
329.8 Privacy Enhancement for Internet Electronic Mail: Part II.. - Kent (1993)(Correct)
this memo is unlimited.
Acknowledgements unknown Privacy Enhancement for Internet Electronic Mail:
Part II: Certificate-Based Key Management
S. Kent
February 1993
Status of this Memo
This RFC specif... / and used to encrypt the data encryption key DEK which in turn is br CIC algorithm and a public-key encryption algorithm. RFC contains
314.2 Security and Composition of Multi-party Cryptographic Protocols - Canetti (1998)(Correct)
We present general definitions of security for multi-party cryptographic protocols.We show
that, with respect to these definitions, security is preserved under a natural composition operation.
The de... / in to define security of encryption functions and in to define br as in the case of probabilistic encryption or zeroknowledge but
300.0 Transforming out Timing Leaks - Agat (2000)(Correct)
One aspect of security in mobile code is privacy: private (or
secret) data should not be leaked to unauthorised agents.
Most of the work on secure information flow has until recently
only been concern... / some implementations of the RSA encryption algorithm leak information about br leak information about the encryption key through their timing
295.6 Prudent Engineering Practice for Cryptographic Protocols - Abadi, Needham (1995)(Correct)
We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevent... / Notation Naming Encryption . The uses of encryption br Encryption . The uses of encryption .
284.0 Agent Tcl: A flexible and secure mobile-agent system - Gray (1996)(Correct)
An information agent manages all or a portion of a user's information space. The electronic resources in this space are often distributed across a network and can contain tremendous quantities of data... / issues -Tacoma via simple encryption and SodaBot via minimal user br PGP or that uses different encryption software Way When an
281.0 Authentication in Distributed Systems: Theory and Practice - Lampson, Abadi, Burrows, Wobber (1992)(Correct)
this paper appeared in the Proceedings of the Thirteenth ACM Sympos - ium on Operating Systems Principles. unknown Lampson et al, Authentication in Distributed Systems 1
A preliminary version of / it handles public and shared key encryption name lookup in a large name br E. Data Data Encryption General Terms Security
262.8 Towards a Completeness Result for Model Checking of Security.. - Lowe (1998)(Correct)
Gavin Lowe
Department of Mathematics and Computer Science
University of Leicester, University Road
Leicester, LE1 7RH, UK
E-mail: gavin.lowe@mcs.le.ac.uk
Abstract
Model checking approaches to the... / for example if there is an encryption with a public secret or shared br keys so we assume perfect encryption. However some of the
256.0 End-To-End Arguments In System Design - Saltzer, Reed, Clark (1984)(Correct)
This paper presents a design principle that helps guide placement of functions among the modules of a distributed computer system. The principle, called the end-to-end argument, suggests that function... / error recovery security using encryption duplicate message suppression br system this range includes encryption duplicate message detection
254.5 On Formal Models for Secure Key Exchange - Shoup (1999)(Correct)
A new formal security model for session key exchange protocols in the public key setting is
proposed, and several efficient protocols are analyzed in this model. The relationship between
this new mode... / the security of a public key encryption based key exchange protocol. In br consider the Diffie-Hellman and encryption protocols previously proved
252.1 SDSI - A Simple Distributed Security Infrastructure - Rivest, Lampson (1996)(Correct)
We propose a new distributed security infrastructure, called SDSI (pronounced "Sudsy"). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group-member... / Object Types Keys and Encryption Parameters Principals as br and signed objects. Keys and encryption parameters Cryptographic keys
251.4 Tight Bounds on Quantum Searching - Boyer, Brassard, Høyer, Tapp (1998)(Correct)
this paper we assume for simplicity that each evaluation of F takes unit time. Grover [1] has discovered an algorithm for the quantum computer that can solve this problem in expected time in O( unknow... / to crack the widely used Data Encryption Standard des under a br Bureau of Standards Data Encryption Standard Federal Information
245.7 AES Proposal: Rijndael - Daemen, Rijmen (1998)(Correct)
this document we describe the cipher Rijndael. First we present the mathematical basis
necessary for understanding the specifications followed by the design rationale and the
description itself. Subse... / functionality other than block encryption decryption. We conclude with the br if the mode of use is ECB encryption are mapped onto the state
242.8 Authenticated Key Exchange Secure Against Dictionary Attacks - Bellare, Pointcheval, Rogaway (2000)(Correct)
Password-based protocols for authenticated key exchange
(AKE) are designed to work despite the use of passwords drawn from
a space so small that an adversary might well enumerate, off line, all
p... / the security of EKE when its encryption function E is instantiated br Figure . It would seem that the encryption in the second flow can be
237.6 Keying Hash Functions for Message Authentication - Bellare, Canetti, Krawczyk (1996)(Correct)
The use of cryptographic hash functions like MD5 or SHA for message authentication has
become a standard approach in many Internet applications and protocols. Though very easy to
implement, these mech... / authentication as opposed to encryption the breaking of a MAC does not
228.5 On the reachability problem in cryptographic protocols - Amadio, Lugiez (2000)(Correct)
We study the verication of secrecy and authenticity properties for cryptographic protocols which rely on symmetric shared keys. The verification can be reduced to check whether a certain parallel prog... / In these approaches a perfect' encryption scheme is assumed encryption is br encryption scheme is assumed encryption is an injective function and
226.0 The Exact Security of Digital Signatures - How to Sign with RSA and.. - Bellare, Rogaway (1996)(Correct)
We describe an RSA-based signing scheme which combines essentially optimal efficiency with
attractive security properties. Signing takes one RSA decryption plus some hashing, verification
takes one RS... / verification takes one RSA encryption plus some hashing and the size br but still takes only one RSA encryption and some hashing. See Section
222.2 File System Development with Stackable Layers - Heidemann (1994)(Correct)
Filing services have experienced a number of innovations
in recent years, but many of these promising ideas have
failed to enter into broad use. One reason is that current
filing environments present ... / decompression ffl automatic encryption and decryption ffl cache br could be built by configuring encryption decryption layers around the
204.7 A Logic of Authentication - Burrows, Abadi, Needham (1990)(Correct)
Authentication protocols form the basis of security in many distributed systems, making it imperative to ensure the proper functioning of these protocols. A simple logic is presented that allows the a... / is by means of secrets usually encryption keys. In barest outline an br protocols establish shared encryption keys that principals can use in
200.0 Open Issues in Formal Methods for Cryptographic Protocol Analysis - Meadows (2000)(Correct)
The history of the application of formal methods to cryptographic protocol analysis spans nearly twenty years, and recently has been showing signs of new maturity and consolidation. A number of specia... / algebraic properties e.g. the encryption and decryption operations cancel br digital signatures public key encryption and conventional encryption
200.0 Towards Robust and Hidden Image Copyright Labeling - Koch, Zhao (1995)(Correct)
This paper first presents a "hidden label" approach for identifying the ownership and distribution of multimedia information (image or video data) in digital networked environment. Then it discusses c... / A secret key type encryption code must be created using the br implementing it using existing encryption and pseudo random number
199.9 CAPSL Intermediate Language - Denker, Millen (1999)(Correct)
specification of the translation, with an executable
version in Maude, meets the need for unambiguous CAPSL semantics.
There are areas still under development, especially surrounding the specificatio... / with symbolic terms to represent encryption and other computations. There is br symmetric-key and publickey encryption. Environment specifications are
199.9 Optimistic Fair Exchange of Digital Signatures - Asokan, Shoup, Waidner (1998)(Correct)
We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other's signature, or neither player does. The obv... / a player can send an encryption of his signature to the other br so that the recipient of the encryption can have it decrypted by the
194.2 NetBill Security and Transaction Protocol - Cox, al. (1995)(Correct)
NetBill is a system for micropayments for information
goods on the Internet. This paper presents the NetBill
protocol and describes its security and transactional
features. Among our key innovations a... / delivers the goods under encryption but withholds the key. Key br are assured by the symmetric key encryption protocol only accountability
190.9 Twenty Years of Attacks on the RSA Cryptosystem - Boneh (1999)(Correct)
this article. For completeness we note that the current fastest factoring algorithm is
the General Number Field Sieve. Its running time on n-bit integers is exp unknown Twenty Years of Attacks on the ... / a simplified version of RSA encryption. Let N pq be the product br N the RSA modulus e the encryption exponent and d the
188.4 Provably Secure Session Key Distribution - The Three Party Case - Bellare, Rogaway (1995)(Correct)
We study session key distribution in the three-party setting
of Needham and Schroeder. (This is the trust model
assumed by the popular Kerberos authentication system.)
Such protocols are basic buildin... / to provably achieve goals like encryption and signatures private or br of polynomial security of encryption We emphasize that it is
185.7 Provably Secure Password-Authenticated Key Exchange Using.. - Boyko, MacKenzie, Patel (2000)(Correct)
When designing password-authenticated key exchange protocols (as opposed to key exchange
protocols authenticated using cryptographically secure keys), one must not allow any information
to be leaked t... / including Optimal Asymmetric Encryption Padding OAEP It would br semantic security of the ElGamal encryption scheme See Boneh for
185.7 Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000)(Correct)
As the recent denial-of-service attacks on several major Internet
sites have shown us, no open computer network is
immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to... / prevention measures such as encryption and authentication can be used br eliminate them. For example encryption and authentication cannot
185.5 The NRL Protocol Analyzer: An Overview - Meadows (1996)(Correct)
this paper we give an overview of how the
Analyzer works and describe its achievements so far. We also show how our
use of the Prolog language benefited us in the design and implementation
of the Anal... / communication protocol that uses encryption in order to achieve goals such br to perform operations such as encryption that are available to honest
185.5 Transparent Robust Image Watermarking - Swanson, Zhu, Tewfik (1996)(Correct)
We propose a watermarking scheme to hide copyright information in an image. The scheme employs visual masking to guarantee that the embedded watermark is invisible and to maximize the robustness of th... / to its pixels. Unlike encryption watermarking does not restrict
183.8 Differential Cryptanalysis attacks - Biham, Shamir (1991)(Correct)
The Data Encryption Standard (DES) is the best known and most
widely used cryptosystem for civilian applications. It was developed
at IBM and adopted by the National Buraeu of Standards in the mid
70'... / July Abstract The Data Encryption Standard DES is the best known br data. In most applications the encryption algorithm is assumed to be known
182.9 Crowds: Anonymity for Web Transactions - Reiter, Rubin (1997)(Correct)
In this paper we introduce a system called Crowds for protecting users' anonymity on the world-wide-web. Crowds, named for the notion of "blending into a crowd", operates by grouping users into a larg... / time and frequency of exchanges. Encryption also does little to protect the br typically rely on public key encryption the algebraic properties of
182.9 RTP Profile for Audio and Video Conferences with Minimal Control - Schulzrinne (1997)(Correct)
This memo describes a profile called "RTP/AVP" for the use of the real-time transport protocol
(RTP), version 2, and the associated control protocol, RTCP, within audio and video multiparticipant
conf... / by a specification of the encryption algorithm. Any characters up to br are taken as the name of the encryption algorithm. The encryption format
182.8 Finite-State Analysis of SSL 3.0 - Mitchell, al. (1998)(Correct)
The Secure Sockets Layer (SSL) protocol is analyzed using a finite-state enumeration tool called Murphi. The analysis is presented using a sequence of incremental approximations to the SSL 3.0 handsha... / if the participants support weak encryption algorithms which can be broken br time required to attack the encryption or attacks relying on the
181.8 Spread Spectrum Watermarking: Malicious Attacks and Counterattacks - Hartung, Su, Girod (1999)(Correct)
Most watermarking methods for images and video have been proposed are based on ideas from spread spectrum radio communications, namely additive embedding of a (signal adaptive or non-adaptive) pseudo-... / copying without fidelity loss. Encryption and copy protection mechanisms br do not fully solve the issue. Encryption usually protects the data only
181.8 A Meta-notation for Protocol Analysis - Cervesato, Durgin, Lincoln.. (1999)(Correct)
Most formal approaches to security protocol analysis are
based on a set of assumptions commonly referred to as the
"Dolev-Yao model." In this paper, we use a multiset rewriting
formalism, based on lin... / a random number n and sends its encryption to Bob. There is no specific br a message that contains the encryption of f n By analogy with
181.8 Onion Routing for Anonymous and Private Internet Connections - Goldschlag, Reed, Syverson (1999)(Correct)
this
article's publication, the prototype network is processing more than 1 million
Web connections per month from more than six thousand IP addresses in twenty
countries and in all six main top level... / onion-router removes one layer of encryption as defined by the cryptographic br is much more expensive than encryption the public key burden is mainly
177.1 Abstractions for Mobile Computation - Cardelli (1998)(Correct)
ions for Mobile Computation
Luca Cardelli
August 1, 1998
Technical Report
MSR-TR-98-34
Microsoft Research
Microsoft Corporation
One Microsoft Way
Redmond, WA
1
Abstract. We discuss the difficulties... / because of authentication and encryption across domain boundaries. br piece of text can be seen as an encryption of the text in the sense that a
177.1 A probabilistic poly-time framework for protocol analysis - Lincoln, Mitchell, Mitchell, Scedrov (1998)(Correct)
We develop a framework for analyzing security protocols in which protocol adversaries may be arbitrary probabilistic polynomial-time processes. In this framework, protocols are written in a form of pr... / primitives. For example encryption is generally considered a br and all protocols relying on encryption would be broken. However in
177.1 Using State Space Exploration and a Natural Deduction Style Message.. - Clarke, Jha, Marrero (1998)(Correct)
As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of acc... / and generate new messages using encryption decryption concatenation br on the reasons for the perfect encryption and atomic key assumptions which
174.4 Anonymous Connections and Onion Routing - Syverson, Goldschlag, Reed (1997)(Correct)
Onion Routing provides anonymous connections
that are strongly resistant to both eavesdropping and
traffic analysis. Unmodified Internet applications can
use these anonymous connections by means of pr... / important public issue. Encryption can effectively hide the br a cryptographic operation be it encryption or decryption. Paul F.
172.7 Parallelizing Applications into Silicon - Babb, Rinard, Moritz, Lee, Frank.. (1999)(Correct)
The next decade of computing will be dominated by embedded
systems, information appliances and application-specific
computers. In order to build these systems, designers will
need high-level compilati... / machine recently cracked the encryption standard of our banking systems
171.4 On the Security of ElGamal based Encryption - Tsiounis, Yung (1998)(Correct)
The ElGamal encryption scheme has been proposed several
years ago and is one of the few probabilistic encryption schemes. However,
its security has never been concretely proven based on clearly unde... / On the Security of ElGamal based Encryption Yiannis Tsiounis and br Abstract. The ElGamal encryption scheme has been proposed several
171.4 Towards Mobile Cryptography - Sander, Tschudin (1998)(Correct)
Mobile code technology has become a driving force for recent advances in distributed
systems. The concept of mobility of executable code raises major security problems.
In this paper we deal with the ... / based on the use of homomorphic encryption schemes and function composition br relies on the use of a public key encryption scheme that has certain
165.9 The Oakley Key Determination Protocol - Orman (1997)(Correct)
This document describes a protocol, named OAKLEY, by which two authenticated parties can agree on secure and secret keying material. The basic mechanism is the Diffie-Hellman key exchange algorithm. T... / a shared value without requiring encryption. The shared value is immediately br keys which will be used for encryption. The OAKLEY protocol is related
163.6 Securing Threshold Cryptosystems against Chosen Ciphertext Attack - Shoup, Gennaro (1999)(Correct)
For the most compelling applications of threshold cryptosystems, security against chosen
ciphertext attack seems to be a requirement. However, there appear to be no practical threshold
cryptosystems... / there is a single public encryption key but the corresponding br to the ciphertext during the encryption process. Such a label is a bit
162.8 Programmable Active Memories: a Performance Assessment - Bertin Roncin (1993)(Correct)
We present some quantitative performance measurements for the computing power of Programmable
Active Memories (PAM), as introduced by [BRV 89]. Based on Programmable Gate Array (PGA)
technology, the P... / with this design computes RSA encryption decryption at bits per
162.3 Robustness principles for public key protocols - Anderson, Needham (1995)(Correct)
We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which ca... / some old ones. The Order of Encryption and Signature We will start br on several protocols which do encryption before signature including
159.9 Byzantine Quorum Systems - Malkhi, Reiter (1998)(Correct)
Quorum systems are well-known tools for ensuring the consistency and availability of replicated
data despite the benign failure of data repositories. In this paper we consider the arbitrary
(Byzantine... / data self-verifying via encryption and thus the quorum system
157.4 Model Checking for Security Protocols - Marrero, Clarke, Jha (1997)(Correct)
As more resources are added to computer networks, and as more vendors look to the World Wide Web as
a viable marketplace, the importance of being able to restrict access and to insure some kind of acc... / has made the following perfect encryption assumptions. ffl The br can only be generated using encryption with the appropriate key. This
157.4 The Interpolation Attack on Block Ciphers - Jakobsen, Knudsen (1997)(Correct)
In this paper we introduce a new method of attacks on block
ciphers, the interpolation attack. This new method is useful for attacking
ciphers using simple algebraic functions (in particular quadrat... / we use the total number of encryptions of the attacked block cipher. br and uses the following encryption rule m i F k
154.5 Undecidability of Bounded Security Protocols - Mitchell (1999)(Correct)
Using a multiset rewriting formalism with existential quantification, it is shown that protocol security remains undecidable even when rather severe restrictions are placed on protocols. In particular... / roles role length and depth of encryption are bounded by constants br protocol framework. The way that encryption and adversary behavior are used
154.5 Abstracting Cryptographic Protocols with Tree Automata - David (1999)(Correct)
ing Cryptographic Protocols with Tree
Automata #
David Monniaux
David.Monniaux@ens.fr
Laboratoire d'Informatique de l'
Ecole Normale Superieure +
& SRI International, Computer science laboratory ... / such as message digests or encryption primitives. For instance it is
154.2 SLIC: An Extensibility System for Commodity Operating Systems - Ghormley, Petrou, Rodrigues, Anderson (1998)(Correct)
Modern commodity operating systems are large and complex
systems developed over many years by large teams of
programmers, containing hundreds of thousands of lines of
code. Consequently, it is extreme... / in a CERT advisory a simple encryption file system and a restricted br for a recent CERT advisory an encryption file system and a restricted
154.2 Time Limited Blackbox Security: Protecting Mobile Agents From.. - Hohl (1998)(Correct)
In this paper, an approach to partially solve one of the most difficult aspects of security of mobile agents systems is presented, the problem of malicious hosts. This problem consists in the possib... / cryptographic techniques like encryption or digital signatures. The br the attacker cannot break the encryption of the data it cannot read or
150.6 Why Cryptosystems Fail - Anderson (1994)(Correct)
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government age... / ATM must be able to perform this encryption operation or to check the PIN br these devices having a full encryption capability. For example
150.6 On Unifying Some Cryptographic Protocol Logics - Syverson, van Oorschot (1994)(Correct)
We present a logic for analyzing cryptographic protocols. This logic encompasses a unification of four of its predecessors in the BAN family of logics, namely those given in [GNY90], [AT91], [vO93], a... / simple arithmetical functions encryption etc. In addition to these is a br X Xn and encryptions fXgK ffl is a
148.5 Data Mining Approaches for Intrusion Detection - Lee, Stolfo (1998)(Correct)
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns o... / information protection e.g.encryption have been used to protect
148.5 Watermarking of Uncompressed and Compressed Video - Hartung, Girod (1998)(Correct)
this paper, methods for embedding additive digital watermarks
into uncompressed and compressed video sequences are presented.
The basic principle borrows from spread spectrum communications.
It consis... / individual receiver ID encryption sealed set-top box at receiver
148.5 Key Establishment in Large Dynamic Groups Using One-Way Function Trees - McGrew, Sherman (1998)(Correct)
We present and analyze a new algorithm for establishing shared cryptographic keys in large, dynamically changing groups. Our algorithm is based on a novel application of one-way function trees. In com... / group manager must perform n encryptions and transmit n keys. br are slow in software relative to encryption or one-way function operations.
145.4 UMAC: Fast and Secure Message Authentication - Black, Halevi, Krawczyk, Krovetz.. (1999)(Correct)
We describe a message authentication algorithm, UMAC, which can authenticate messages (in software, on contemporary machines) roughly an order of magnitude faster than current practice (e.g., HMAC-SHA... / family and a secret encryption key. A message is authenticated br than the one we defined and the encryption is realized by a one-time pad
145.4 Proof-Carrying Authentication - Appel, Felten (1999)(Correct)
We have designed and implemented a general and powerful distributed authentication framework based on higher-order logic. Authentication frameworks --- including Taos, SPKI, SDSI, and X.509 --- have b... / frameworks uses symmetric-key encryption to authenticate users. Each br signatures using one or more encryption algorithms. Because
144.6 On the Construction of Pseudo-Random Permutations: Luby-Rackoff.. - Naor, Reingold (1997)(Correct)
Luby and Rackoff [27] showed a method for constructing a pseudo-random permutation from
a pseudo-random function. The method is based on composing four (or three for weakened security)
so called Feist... / Block ciphers are private-key encryption schemes such that the br encryption schemes such that the encryption of every plaintext-block is a
144.3 Increasing Network Throughput by Integrating Protocol Layers - Abbott, Peterson (1993)(Correct)
Integrating protocol data manipulations is a strategy for increasing the throughput of network protocols. The idea is to combine a series of protocol layers into a pipeline so as to access message dat... / Data manipulation-e.g.encryption presentation formatting br checksumming and DES Data Encryption Standard encryption. These data
142.8 Fast Implementations of AES Candidates - Aoki, Lipmaa (2000)(Correct)
Of the five AES finalists four---MARS, RC6, Rijndael, Twofish---have not only (expected) good security but also exceptional performance on the PC platforms, especially on those featuring the Pentium P... / can influence the relative encryption speed of different ciphers. To br were accepted as AES Advanced Encryption Standard candidates of
140.7 Authentication in the Taos Operating System - Wobber, Abadi, Burrows, Lampson (1994)(Correct)
this paper we do not describe any formal
notations or rules for propositional connectives. Instead, we use English keywords, like "if" and
"then", and informal reasoning.
4 \Delta E. Wobber et al.
-... / we explain our treatment of encryption and time sketch the rules of br detail We use shared key encryption to secure short-term
139.1 The RC5 Encryption Algorithm - Rivest (1995)(Correct)
This document describes the RC5 encryption algorithm, a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of RC5 is the heavy use of data-dependent rotat... / The RC Encryption Algorithm Ronald L. br This document describes the RC encryption algorithm a fast symmetric
138.2 A Calculus for Access Control in Distributed Systems - Abadi, Burrows, Lampson, Plotkin (1991)(Correct)
This paper is a study of some of the concepts, protocols, and algorithms for security in distributed systems, with a focus on access control. Our treatment is fairly formal, as it is based on logics. ... / communication lines some form of encryption is typically required. In what br we assume that shared-key encryption e.g. and public-key
137.1 A Bisimulation Method for Cryptographic Protocols - Abadi, Gordon (1998)(Correct)
We introduce a definition of bisimulation for cryptographic
protocols. The definition includes a simple and precise model of the
knowledge of the environment with which a protocol interacts. Bisimul... / suc M successor fMgN encryption x variable Intuitively br we study an example with nested encryption. We consider the processes K
136.3 Performance Comparison of the AES Submissions - Schneier, Kelsey, Whiting, Wagner.. (1999)(Correct)
this paper, we will completely ignore security.
Instead, we will compare the performance of
the leading AES candidates on a variety of common
platforms: 32-bit CPUs, 64-bit CPUs, cheap 8-bit
smart-car... / goal guiding the design of any encryption algorithm must be security. In br of Key Length The speed both encryption and key setup of most AES
136.2 Computer Immunology - Forrest, Hofmeyr, Somayaji (1996)(Correct)
this article argues that the similarities are compelling
and could point the way to improved computer security. Improvements can be achieved by
designing computer immune systems that have some of the ... / security system that relies on encryption to protect data but has no br no mechanism for noticing if the encryption system has been broken. ffl
131.9 A review of watermarking and the importance of perceptual modeling - Cox, Miller (1997)(Correct)
A watermark embeds an imperceptible signal into data such as audio, video and images, for a variety of purposes, including captioning and copyright control. In this paper, we first outline the desirab... / Two complimentary techniques are encryption and watermarking. Encryption br are encryption and watermarking. Encryption protects content during the
131.9 Using CSP to detect errors in the TMN protocol - Lowe, Roscoe (1997)(Correct)
In this paper we use FDR, a model checker for CSP, to
detect errors in the TMN protocol [TMN90]. We model
the protocol and a very general intruder as CSP processes,
and use the model checker to test w... / The protocol employs two sorts of encryption Standard encryption This br sorts of encryption Standard encryption This uses an encryption
131.0 A Continuous Media Player - Rowe, Smith (1992)(Correct)
The design and implementation of a continuous media player for Unix workstations
is described. The player can play synchronized digital video and audio read
from a file server. The system architectu... /
128.5 Composition and Integrity Preservation of Secure Reactive Systems - Pfitzmann, Waidner (2000)(Correct)
We consider compositional properties of reactive systems that are secure in a cryptographic sense. We follow the well-known simulatability approach, i.e., the specification is an ideal system and a re... / concentrated on primitives like encryption and signature schemes or br pair of a participant X Two encryptions of a message m from a basic
128.5 Protocol-Independent Secrecy - Millen, Rueß (2000)(Correct)
Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the... / constructed by concatenation or encryption. The concatenation of X and Y br X Y Z is unambiguous. The encryption of X using the key K is
127.5 Encrypted Key Exchange: Password-Based Protocols Secure Against.. - Bellovin, Merritt (1992)(Correct)
Classical cryptographic protocols based on userchosen
keys allow an attacker to mount passwordguessing
attacks. We introduce a novel combination
of asymmetric (public-key) and symmetric (secret-key)
... / cryptosystem has public encryption keys and private decryption br R info Symmetric secret-key encryption of info with key R. R
127.2 An FPGA Implementation and Performance Evaluation of the Serpent.. - Elbirt, Paar (1999)(Correct)
With the expiration of the Data Encryption Standard (DES)
in 1998, the Advanced Encryption Standard (AES) development
process is well underway. It is hoped that the result
of the AES process will be t... / With the expiration of the Data Encryption Standard DES in the br DES in the Advanced Encryption Standard AES development
125.7 Public-key cryptography and password protocols - Halevi, Krawczyk (1998)(Correct)
We study protocols for strong authentication and key exchange
in asymmetric scenarios where the authentication
server possesses a pair of private and public keys while the
client has only a weak human... / choice of suitable public key encryption functions the security of these br as the private key for public-key encryption while the client uses a weak
125.7 Compression Tolerant Image Authentication - Sushil Bhattacharjee (1998)(Correct)
It is straightforward to apply general schemes for
authenticating digital data to the problem of authenticating
digital images. However, such a scheme would
not authenticate images that have undergone... / is encrypted using public key encryption to generate the digital br followed by public key encryption. These authentication schemes
123.4 New Types of Cryptanalytic Attacks Using Related Keys - Biham (1994)(Correct)
In this paper we study the influence of key scheduling algorithms on the
strength of blockciphers. We show that the key scheduling algorithms of many
blockciphers inherit obvious relationships between... / plaintext attacks LOKI Data Encryption Standard. Introduction In br before the second round in an encryption under the key K equals the data
123.4 Number-Theoretic Constructions of Efficient Pseudo-Random Functions - Naor, Reingold (1997)(Correct)
We describe efficient constructions for various cryptographic primitives (both in privatekey
and in public-key cryptography). We show these constructions to be at least as secure as
the decisional ver... / the public key g a the encryption of a message m is hg b br in order to get a probabilistic encryption-scheme whose semantic security
123.4 Bucket Hashing and its Application to Fast Message Authentication - Rogaway (1997)(Correct)
We introduce a new technique for constructing a family of universal hash functions.
At its center is a simple metaphor: to hash a string x, cast each of its words into a small
number of buckets; xor... / to a cryptographic operation encryption now applied to a much shorter br th Workshop on Fast Software Encryption Springer-Verlag . T.
123.4 Identity Escrow - Kilian, Petrank (1997)(Correct)
We introduce the notion of escrowed identity, an application of key-escrow ideas to the
problem of identification. In escrowed identity, one party A does not give his identity to
another party B, but ... / on the El-Gamal signature and encryption schemes and on the RSA br One is based on the RSA encryption scheme and the other on the
121.7 Digital Watermarks For Audio Signals - Boney (1996)(Correct)
In this paper, we present a novel technique for embedding
digital "watermarks" into digital audio signals. Watermarking
is a technique used to label digital media by hiding
copyright or other informat... / is scrambled using an encryption transformation before it is sent br signed The security of the encryption algorithm is based on the fact
120.6 Voice Communication Across the Internet: A Network Voice Terminal - Schulzrinne (1992)(Correct)
Voice conferencing has attracted interest as a useful and viable first real-time application on the Internet. This report describes Nevot a network voice terminal meant to support multiple concurrent ... / ffl DES-based voice encryption ffl current audio encodings br despot.ecs.umass.edu The encryption key is used when encryption
119.9 A Proxy Based Filtering Mechanism for the Mobile Environment - Zenel (1998)(Correct)
A Proxy Based Filtering Mechanism for the Mobile
Environment
Bruce Zenel
Host mobility complicates the standard networking model in unexpected ways. It
increases network heterogeneity, causing diff... / . . End to End Encryption . br of authentication and encryption to increase the level of
119.1 The Kerberos Network Authentication Service - Kohl, Neuman (1991)(Correct)
This DRAFT document gives an overview and specification of the Version 5 protocol for the Kerberos network authentication system. Version 4, described elsewhere [1, 2], is presently in production use ... / for the server and a temporary encryption key often called a session br keys. Code libraries provide encryption and implement the Kerberos
118.8 Mobile Agent Security and Telescript - Tardo, Valente (1996)(Correct)
Telescript is a software technology for building distributed
applications using the mobile agent paradigm. Telescript
mobile agents are migrating processes capable of
being executed on any Telescript ... / a credit card number password encryption key or e-cash token br modify data e.g.change an encryption key to a known value
118.8 Protocol Implementation Using Integrated Layer Processing - Braun, Diot (1995)(Correct)
Integrated Layer Processing (ILP) is an implementation concept which "permit[s] the implementor the option of performing all the [data] manipulation steps in one or two integrated processing loops" [1... / transfer application with an encryption function on top of a user-level br by integrating marshalling encryption and TCP checksum calculation.
118.8 iKP - A Family of Secure Electronic Payment Protocols - Bellare, Garay, Hauser, Herzberg.. (1995)(Correct)
This paper proposes a family of protocols -- iKP -- for secure electronic payments over the Internet. The protocols implement credit card-based transactions between the customer and the merchant while... / improvement. ffl The use of encryption in iKP is limited to br signature verification and encryption is held by each accredited
118.1 Distributed Pseudo-Random Functions and KDCs - Naor, Pinkas, Reingold (1999)(Correct)
This work describes schemes for distributing between n servers
the evaluation of a function f which is an approximation to a random
function, such that only authorized subsets of servers are able to... / in Section . . ii Long-tem encryption of information where a user br used as a key for a private-key encryption scheme The parameter can
118.1 Analysis of the Internet Key Exchange Protocol Using the NRL Protocol .. - Meadows (1999)(Correct)
In this paper we show how the NRL Protocol Analyzer,
a special-purpose formal methods tool designed
for the verification of cryptographic protocols, was used
in the analysis of the Internet Key Exchan... / digital signatures public key encryption and conventional encryption br key encryption and conventional encryption using shared keys. The
118.1 Flash Mixing - Jakobsson (1999)(Correct)
By introducing novel methods for robust protocol design, to substitute for costly zero-knowledge schemes, we are able to produce a mixing scheme with significantly lower costs of operation than all pr... / as output a permuted list of encryptions of the same plaintext br list needs to know only the encryption algorithm and the public key s
118.1 Differential Power Analysis - Kocher, Jaffe, Jun (1999)(Correct)
Cryptosystem designers frequently assume that secrets will
be manipulated in closed, reliable computing environments. Unfortunately,
actual computers and microchips leak information about the oper... / and third rounds of a DES encryption operation. Many details of the br of its widespread use the Data Encryption Standard DES will be examined
118.1 A Cautionary Note Regarding Evaluation of AES Candidates on.. - Chari, Jutla, Rao, Rohatgi (1999)(Correct)
NIST has considered the performance of AES candidates on smart-cards as an important
selection criterion and many submitters have highlighted the compactness and efficiency
of their submission on lo... / from only independent block encryptions to fully recover the -bit br bytes would be available to the encryption algorithm. On that basis the
116.1 Reasoning about Belief in Cryptographic Protocols - Gong, Needham, Yahalom (1990)(Correct)
Abstract. Analysis methods for cryptographic protocols
have often focused on information leakage rather
than on seeing whether a protocol meets its goals. Many
protocols, however, fall far short of me... / formulae shared secrets and encryption keys are denoted as S and K br Gamma K conventional encryption and decryption e.g. DES It
115.9 On The Computational Power of DNA - Boneh, Dunworth, Lipton, Sgall (1995)(Correct)
We show how DNA based computers can be used to solve the satisfiability problem for boolean circuits. Furthermore, we show how DNA computers can solve optimization problems directly without first solv... / Czech Republic the Data Encryption Standard DES could be broken
114.8 Adaptive Fraud Detection - Fawcett, Foster (1997)(Correct)
One method for detecting fraud is to check for suspicious changes in user behavior. This paper describes the automatic design of user profiling methods for the purpose of fraud detection, using a se... / reliable and secure private-key encryption method that imposes no
114.8 Securing Distance-Vector Routing Protocols - Smith, Murthy, Garcia-Luna-Aceves (1997)(Correct)
We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the ... / of countermeasures include encryption of network traffic to provide br vulnerabilities are primarily encryption and digital signatures. We now
114.8 Public Watermarks and Resistance to Tampering - Cox, Linnartz (1997)(Correct)
Public watermarks allow embedded signals to be extracted
from audio and video content for a variety of
purposes. One application is for copyright control,
where it is envisaged that digital video reco... / be prevented by a combination of encryption and watermarking. For example br the private use of cryptographic encryption is outlawed The copyrighted
114.2 Security Protocols and their Properties - Abadi (2000)(Correct)
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper discusses those specifications, emphasizing authenticity a... / and the other is used for encryptions and for signature br The braces represent the encryption operation in this case using a
114.2 Secure Group Communication in Asynchronous Networks with Failures.. - Yair Amir (2000)(Correct)
Increasing popularity and diversity of collaborative applications prompts the need for highly secure and reliable
communication platforms for dynamic peer groups. Security mechanisms for such groups t... / greater than that of conventional encryption public key encryption can be br encryption public key encryption can be used to secure
114.2 Kronos: A Scalable Group Re-Keying Approach for Secure Multicast - Setia, Koussih, Jajodia (2000)(Correct)
In this paper, we describe a novel approach to scalable group re-keying for secure multicast. Our
approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate... / generates the same traffic encryption key at fixed intervals and br a single group-wide traffic encryption key the sub-group manager is no
114.2 Exposure-Resilient Functions and All-Or-Nothing Transforms - Canetti, Dodis, Halevi, Kushilevitz, .. (2000)(Correct)
In this work, we study the problem of partial key exposure. Standard cryptographic definitions and
constructions do not guarantee any security even if a tiny fraction of the secret key is compromised... / useful and complex actions from encryption and decryption to identification br and making fixed-blocksize encryption schemes more efficient For
114.2 On The Limits of Steganography - Anderson, Petitcolas (1998)(Correct)
In this paper, we seek to clarify what steganography is and
what it can do. We contrast it with the related disciplines of cryptography
and traffic security, present a unified terminology agreed at ... / to restrict the availability of encryption services have motivated people br the th Workshop on Fast Software Encryption . The Newton
110.6 A Survey of Fast Exponentiation Methods - Gordon (1997)(Correct)
Public-key cryptographic systems often involve raising elements of
some group (e.g. GF(2
n
), Z=NZ, or elliptic curves) to large powers.
An important question is how fast this exponentiation can be ... / In the RSA cryptosystem encryption and decryption are accomplished
110.6 Proactive RSA - Frankel, Gemmell, MacKenzie, Yung (1997)(Correct)
Distributed threshold protocols that incorporate proactive
maintenance can tolerate a very strong "mobile adversary." This adversary
may corrupt all participants throughout the lifetime of the syste... / is kept private. The RSA encryption function is public defined for br used for secure probabilistic encryption GM L which emulates a
110.6 MAGMA: An Agent-Based Virtual Market for Electronic Commerce - Tsvetovatyy, Gini, Mobasher.. (1997)(Correct)
In this paper, we propose an architecture for an agent-based virtual market that includes all elements required for simulating a real market. These elements include a communication infrastructure, mec... / bank need to include a layer of encryption as well as other safeguards br usually achieved through encryption data integrity data sent as
110.6 A Fast New DES Implementation in Software - Biham (1997)(Correct)
In this paper we describe a fast new DES implementation.
This implementation is about five times faster than the fastest known
DES implementation on a (64-bit) Alpha computer, and about three
times ... / about instructions for the encryption of each DES block. Conversion br instructions per block and thus encryption of standard representations with
110.6 Java Security: Present and Near Future - Gong (1997)(Correct)
Windowing Toolkit, a package for building GUIs in
Java
bytecode verifier Mechanism to verify that Java language constraints are satisfied
by the class bytecode
class loader Mechanism to dynamically ... / and thus cannot include strong encryption technology. The Java br loader manager Nonexportable encryption extension Signature
109.0 Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible.. - Biham, Biryukov, Shamir (1999)(Correct)
In this paper we present a new cryptanalytic technique, based on impossible differentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than... / property that after rounds of encryption the outputs have some other br may be to distinguish whether an encryption black box is a -round
109.0 Compiler Techniques for Code Compression - Debray, Evans, Muth (1999)(Correct)
In recent years there has been an increasing trend towards the incorporation of computers into a variety of devices where the amount of memory available is limited. This makes it desirable to try and ... / software in such devices such as encryption software in telephones or
108.8 Markov Ciphers and Differential Cryptanalysis - Lai, Massey, Murphy (1991)(Correct)
This paper considers the security of iterated block ciphers against the differential cryptanalysis
introduced by Biham and Shamir. Differential cryptanalysis is a chosen-plaintext attack on
secret-key... / r times e.g.the -round Data Encryption Standard DES It is shown br of difference the Proposed Encryption Standard PES of Lai and
108.5 Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints - Dwork, Sahai (1998)(Correct)
An interactive proof system (or argument) (P;V ) is concurrent zero-knowledge if whenever the prover engages in polynomially many concurrent executions of (P;V ), with (possibly distinct) colluding po... / a semantically secure public-key encryption scheme. By limiting the use of br is semantically secure The encryptions must be uniquely decodable so
107.2 Watermarking Digital Images for Copyright Protection - Ruanaidh, Dowling, Boland (1996)(Correct)
A watermark is an invisible mark placed on an image that can be detected when the image is compared with the original. This mark is designed to identify both the source of an image as well as its in... / is required. Public key encryption systems such as the RSA br can be inspected or used. Once encryption is removed the document can be
107.2 Formal Verification of Cryptographic Protocols: A Survey - Meadows (1995)(Correct)
In this paper we give a survey of the state of the art in the application of formal methods to the analysis of cryptographic protocols. We attempt to outline some of the major threads of research in t... / perform any operation such as encryption that is available to legitimate br is to be kept secret such as encryption keys belonging to honest users
106.3 Abstracting Interaction Patterns: A Programming Paradigm for Open.. - Agha (1997)(Correct)
ing Interaction Patterns: A Programming Paradigm for Open Distributed Systems Gul A. Agha Open Systems Laboratory Department of Computer Science, 1304 W. Springfield Avenue, University of Illinois at ... / for each actor to implement the encryption and decryption. What we would br do is simply define a module for encryption decryption and compose it with
105.8 A Proposal for a New Block Encryption Standard - Lai, Massey (1991)(Correct)
A new secret-key block cipher is proposed as a candidate for a new encryption standard.
In the proposed cipher, the plaintext and the ciphertext are 64 bit blocks,
while the secret key is 128 bit long... / A Proposal for a New Block Encryption Standard Xuejia Lai and James br proposed as a candidate for a new encryption standard. In the proposed
103.0 Protecting Poorly Chosen Secrets from Guessing Attacks - Gong, Lomas, Needham, Saltzer (1993)(Correct)
In a security system that allows people to choose their own passwords, those people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. In... / message using the password as the encryption key and experimenting br of user acceptability an encryption key is derived algorithmically
102.8 Combinatorial Properties and Constructions of Traceability Schemes.. - Stinson, Wei (1998)(Correct)
In this paper, we investigate combinatorial properties and constructions of two recent
topics of cryptographic interest, namely frameproof codes for digital fingerprinting, and
traceability schemes fo... / schemes for broadcast encryption. We first give combinatorial br schemes for broadcast encryption were defined by Chor Fiat and
102.1 A Software-Optimized Encryption Algorithm - Rogaway, Coppersmith (1997)(Correct)
We describe a software-efficient encryption algorithm named
SEAL 3.0. Computational cost on a 32-bit processor is about 5 elementary
machine instructions per byte of text. The cipher is a pseudoran... / A Software-Optimized Encryption Algorithm Phillip Rogaway br We describe a software-efficient encryption algorithm named SEAL . .
101.4 How to Protect DES Against Exhaustive Key Search - Kilian, Rogaway (1996)(Correct)
The block cipher DESX is defined by DESX k:k1:k2 (x) = k2 \Phi DES k (k1 \Phi x), where \Phi denotes
bitwise exclusive-or. This construction was first suggested by Rivest as a computationallycheap
way... / problem. Specifically triple-DES encryption decryption requires multiple DES br requires multiple DES encryptions decryptions. This paper
101.0 Proxy-Based Authorization and Accounting for Distributed Systems - Neuman (1993)(Correct)
Despite recent widespread interest in the secure authentication
of principals across computer networks
there has been considerably less discussion of distributed
mechanisms to support authorization an... / proxies relies on the use of encryption-based authentication of the br restrictions and establishing an encryption or integrity key to
100.0 Lattice Reduction in Cryptology: An Update - Nguyen, Stern (2000)(Correct)
Lattices are regular arrangements of points in space, whose
study appeared in the 19th century in both number theory and crystallography.
The goal of lattice reduction is to find useful representa... / some of those schemes offered encryption decryption rates asymptotically br and can attain very high encryption decryption rates. But basically
100.0 Mix and Match: Secure Function Evaluation via Ciphertexts (Extended.. - Jakobsson, Juels (2000)(Correct)
We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instea... / In their scheme the underlying encryption scheme is a special variant of br the basis for our constructions. Encryption in the El Gamal cipher takes
100.0 Publius: A robust, tamper-evident, censorship-resistant web.. - Waldman, Rubin, Cranor (2000)(Correct)
We describe a system that we have designed and implemented for publishing content on the web. Our publishing scheme has the property that it is very difficult for any adversary to censor or modify the... / called mixes that use a layered encryption technique to encode the path br an onion that specifies the encryption algorithms and keys to be used
100.0 Implementing a Distributed Firewall - Ioannidis, Keromytis, Bellovin, Smith (2000)(Correct)
Conventional firewalls rely on topology restrictions and controlled network entry points to enforce traffic filtering. Furthermore, a firewall cannot filter traffic it does not see, so, effectively, e... / exists. End-to-end encryption can also be a threat to rewalls br do ltering. Allowing end-to-end encryption through a rewall implies
100.0 A Comparative Study of Performance of AES Final Candidates Using FPGAs - Dandalis, Prasanna, Rolim (2000)(Correct)
In this paper we study and compare the performance
of FPGA-based implementations of the #ve #-
nal AES candidates #MARS, RC6, Rijndael, Serpent,
and Two#sh#. FPGAs seem to match extremely well
with th... / operation e.g. CBC CFB where encryption results of each block are fed br each block are fed backinto the encryption of the current block
98.9 A Cryptographic File System for Unix - Blaze (1993)(Correct)
Although cryptographic techniques areplaying an increasingly
important role in modern computing system security,userlevel
tools for encrypting file data arecumbersome and suffer
from a number of inher... / File System CFS pushes encryption services into the file system br of CFS under Unix. Encryption techniques for file system-level
98.5 Two-bit gates are universal for quantum computation - Di Vincenzo (1995)(Correct)
A proof is given, which relies on the commutator algebra of the unitary Lie groups, that quantum gates operating on just two bits at a time are sufficient to construct a general quantum circuit. The b... / of certain popular data encryption schemes the absolute