NESSIE security report y

[1]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[2]  Sean Murphy,et al.  Pairs and triplets of DES S-boxes , 2004, Journal of Cryptology.

[3]  Lars R. Knudsen,et al.  Provable security against a differential attack , 1994, Journal of Cryptology.

[4]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[5]  Håvard Raddum Cryptanalysis of IDEA-X/2 , 2003, FSE.

[6]  Magnus Daum,et al.  On the Security of HFE, HFEv- and Quartz , 2003, Public Key Cryptography.

[7]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[8]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[9]  Alexander W. Dent,et al.  Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model , 2002, ASIACRYPT.

[10]  Louis Granboulan,et al.  Short Signatures in the Random Oracle Model , 2002, ASIACRYPT.

[11]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[12]  Steven D. Galbraith,et al.  Public key signatures in the multi-user setting , 2002, Inf. Process. Lett..

[13]  Louis Granboulan How to Repair ESIGN , 2002, SCN.

[14]  Yevgeniy Dodis,et al.  On the Power of Claw-Free Permutations , 2002, SCN.

[15]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[16]  Jacques Stern,et al.  Flaws in Applying Proof Methodologies to Signature Schemes , 2002, CRYPTO.

[17]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[18]  Hüseyin Demirci Square-like Attacks on Reduced Rounds of IDEA , 2002, Selected Areas in Cryptography.

[19]  Philip Hawkes,et al.  Guess-and-Determine Attacks on SNOW , 2002, Selected Areas in Cryptography.

[20]  Vlastimil Klíma,et al.  Further Results and Considerations on Side Channel Attacks on RSA , 2002, CHES.

[21]  Peter Ebinger,et al.  Factoring N = pq with the Elliptic Curve Method , 2002, ANTS.

[22]  William Millan,et al.  Strengthening the Key Schedule of the AES , 2002, ACISP.

[23]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[24]  Marine Minier,et al.  Cryptanalysis of SFLASH , 2002, EUROCRYPT.

[25]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[26]  Thomas Johansson,et al.  A fast correlation attack on LILI-128 , 2002, Inf. Process. Lett..

[27]  Willi Meier,et al.  Solving Underdefined Systems of Multivariate Quadratic Equations , 2002, Public Key Cryptography.

[28]  Ralph Wernsdorf,et al.  The Round Functions of RIJNDAEL Generate the Alternating Group , 2002, FSE.

[29]  Ulrich Kühn,et al.  Improved Cryptanalysis of MISTY1 , 2002, FSE.

[30]  Takeshi Koshiba,et al.  Multiple Linear Cryptanalysis of a Reduced Round RC6 , 2002, FSE.

[31]  Sangwoo Park,et al.  On the Security of CAMELLIA against the Square Attack , 2002, FSE.

[32]  Marcus Schafheutle,et al.  Linearity Properties of the SOBER-t32 Key Loading , 2002, FSE.

[33]  Taizo Shirai,et al.  Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[34]  Thomas Johansson,et al.  Distinguishing Attacks on SOBER-t16 and t32 , 2002, FSE.

[35]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[36]  Eli Biham,et al.  NESSIE Phase I: Selection of Primitives † , 2002 .

[37]  Jakob Jonsson,et al.  An OAEP Variant With a Tight Security Proof , 2002, IACR Cryptol. ePrint Arch..

[38]  Louis Granboulan PECDSA. How to build a DL-based digital signature scheme with the best proven security , 2002, IACR Cryptol. ePrint Arch..

[39]  Amr M. Youssef,et al.  On Some Algebraic Structures in the AES Round Function , 2002, IACR Cryptol. ePrint Arch..

[40]  Alexander W. Dent An evaluation of EPOC-2 ⁄ , 2002 .

[41]  Lars R. Knudsen Non-random properties of reduced-round Whirlpool ⁄ NES/DOC/UIB/WP5/016/2 , 2002 .

[42]  Sean Murphy Comments on the Security of the AES and the XSL Technique , 2002 .

[43]  William Millan,et al.  On Linear Redundancy in the AES S-Box , 2002, IACR Cryptol. ePrint Arch..

[44]  Philip Hawkes,et al.  On the Applicability of Distinguishing Attacks Against Stream Ciphers , 2002, IACR Cryptol. ePrint Arch..

[45]  Jean-Sébastien Coron,et al.  Optimal Security Proofs for PSS and Other Signature Schemes , 2002, EUROCRYPT.

[46]  Nigel P. Smart The Exact Security of ECIES in the Generic Group Model , 2001, IMACC.

[47]  Vincent Rijmen,et al.  The Wide Trail Design Strategy , 2001, IMACC.

[48]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[49]  Hisayoshi Sato,et al.  Design and Analysis of Fast Provably Secure Public-Key Cryptosystems Based on a Modular Squaring , 2001, ICISC.

[50]  Yeping He,et al.  Square Attack on Reduced Camellia Cipher , 2001, ICICS.

[51]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[52]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[53]  Niels Ferguson,et al.  A Simple Algebraic Representation of Rijndael , 2001, Selected Areas in Cryptography.

[54]  Henk Meijer,et al.  Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael , 2001, Selected Areas in Cryptography.

[55]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[56]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[57]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[58]  Marc Joye,et al.  Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[59]  Ulrich Kühn,et al.  Cryptanalysis of Reduced-Round MISTY , 2001, EUROCRYPT.

[60]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[61]  Matthew J. B. Robshaw,et al.  Analysis of SHA-1 in Encryption Mode , 2001, CT-RSA.

[62]  Kazuhiro Yokoyama,et al.  The Block Cipher SC2000 , 2001, FSE.

[63]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[64]  Stefan Lucks,et al.  Bias in the LEVIATHAN Stream Cipher , 2001, FSE.

[65]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[66]  Vincent Rijmen,et al.  Linear Frameworks for Block Ciphers , 2001, Des. Codes Cryptogr..

[67]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..

[68]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[69]  Eli Biham,et al.  Security Evaluation of NESSIE First Phase y , 2001 .

[70]  Vincent Rijmen,et al.  Obervations on Hierocrypt-3/L1 key scheduling algorithms , 2001 .

[71]  Pankaj Rohatgi,et al.  EMpowering Side-Channel Attacks , 2001, IACR Cryptology ePrint Archive.

[72]  Hideo Shimizu,et al.  Security Assessment of Hierocrypt and Rijndael against the Differential and Linear Cryptanalysis (Extended Abstract) , 2001, IACR Cryptol. ePrint Arch..

[73]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[74]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[75]  Paulo S. L. M. Barreto,et al.  SQUARE Attacks on Reduced-Round PES and IDEA Block Ciphers , 2001, IACR Cryptol. ePrint Arch..

[76]  Lars R. Knudsen,et al.  Attacks on Block Ciphers of Low Algebraic Degree , 2001, Journal of Cryptology.

[77]  Louis Granboulan RSA hybrid encryption schemes , 2001, IACR Cryptol. ePrint Arch..

[78]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[79]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[80]  Toshinobu Kaneko,et al.  On the Strength of KASUMI without FL Functions against Higher Order Differential Attack , 2000, ICISC.

[81]  Marc Fischlin,et al.  A Note on Security Proofs in the Generic Model , 2000, ASIACRYPT.

[82]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[83]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[84]  Willi Meier,et al.  Correlations in RC6 with a Reduced Number of Rounds , 2000, FSE.

[85]  Amr M. Youssef,et al.  On the Interpolation Attacks on Block Ciphers , 2000, FSE.

[86]  Antoine Joux,et al.  A Statistical Attack on RC6 , 2000, FSE.

[87]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[88]  Scott A. Vanstone,et al.  Postal Revenue Collection in the Digital Age , 2000, Financial Cryptography.

[89]  Jacques Stern,et al.  Signing on a Postcard , 2000, Financial Cryptography.

[90]  Ernest F. Brickell,et al.  Design Validations for Discrete Logarithm Based Signature Schemes , 2000, Public Key Cryptography.

[91]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[92]  Robert D. Silverman A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths RSA Labs bulletin , 2000 .

[93]  Victor Shoup,et al.  ACE: The Advanced Cryptographic Engine , 2000, IACR Cryptol. ePrint Arch..

[94]  Stefan Lucks,et al.  Attacking Seven Rounds of Rijndael under 192-bit and 256-bit Keys , 2000, AES Candidate Conference.

[95]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[96]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[97]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[98]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[99]  Hans-Georg Rück On the discrete logarithm in the divisor class group of curves , 1999, Math. Comput..

[100]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[101]  Bruce Schneier,et al.  Mod n Cryptanalysis, with Applications Against RC5P and M6 , 1999, FSE.

[102]  Serge Vaudenay,et al.  On the Security of CS-Cipher , 1999, FSE.

[103]  Joos Vandewalle,et al.  Linear Cryptanalysis of RC5 and RC6 , 1999, FSE.

[104]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[105]  D. Boneh,et al.  Factoring N = pr q for large r , 1999 .

[106]  A. Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem , 1999 .

[107]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[108]  J. Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[109]  Sean Murphy An Analysis of SAFER , 1998, Journal of Cryptology.

[110]  Thomas Jakobson,et al.  Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree , 1998, CRYPTO.

[111]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[112]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[113]  Philip Hawkes,et al.  Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[114]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[115]  Jacques Stern,et al.  CS-Cipher , 1998, FSE.

[116]  Stefan Lucks,et al.  Attacking Triple Encryption , 1998, FSE.

[117]  Hans Dobbertin,et al.  Cryptanalysis of MD4 , 1996, Journal of Cryptology.

[118]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[119]  Vincent Rijmen,et al.  On Weaknesses of Non–surjective Round Functions , 1997, Des. Codes Cryptogr..

[120]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[121]  Madhu Sudan,et al.  Decoding of Reed Solomon Codes beyond the Error-Correction Bound , 1997, J. Complex..

[122]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[123]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[124]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA (Extended Abstract) , 1997 .

[125]  Atsuko Miyaji A Message Recovery Signature Scheme Equivalent to DSA over Elliptic Curves , 1996, ASIACRYPT.

[126]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[127]  Ivan Damgård,et al.  New Generation of Secure and Practical RSA-Based Signatures , 1996, CRYPTO.

[128]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[129]  Paul C. van Oorschot,et al.  Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude , 1996, CRYPTO.

[130]  Serge Vaudenay,et al.  Hidden Collisions on DSS , 1996, CRYPTO.

[131]  Matthew J. B. Robshaw,et al.  Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[132]  Bart Preneel,et al.  On the Security of Two MAC Algorithms , 1996, EUROCRYPT.

[133]  E. Okamoto,et al.  Faster factoring of integers of a special form , 1996 .

[134]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[135]  Serge Vaudenay,et al.  An experiment on DES statistical cryptanalysis , 1996, CCS '96.

[136]  Lars R. Knudsen,et al.  A Key-schedule Weakness in SAFER K-64 , 1995, CRYPTO.

[137]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[138]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[139]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[140]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[141]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[142]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[143]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[144]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[145]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1996, Des. Codes Cryptogr..

[146]  Serge Vaudenay,et al.  Black Box Cryptanalysis of Hash Networks Based on Multipermutations , 1994, EUROCRYPT.

[147]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[148]  J. Massey,et al.  Communications and Cryptography: Two Sides of One Tapestry , 1994 .

[149]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[150]  Willi Meier,et al.  On the Security of the IDEA Block Cipher , 1994, EUROCRYPT.

[151]  Joos Vandewalle,et al.  Weak Keys for IDEA , 1994, CRYPTO.

[152]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[153]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[154]  Ronald L. Rivest,et al.  Responses to NIST's proposal , 1992, CACM.

[155]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[156]  Mike Burmester,et al.  An Almost-Constant Round Interactive Zero-Knowledge Proof , 1992, Inf. Process. Lett..

[157]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[158]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[159]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[160]  Michael J. Wiener Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1989, EUROCRYPT.

[161]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[162]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[163]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[164]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[165]  B. Buchberger,et al.  Grobner Bases : An Algorithmic Method in Polynomial Ideal Theory , 1985 .

[166]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[167]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[168]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[169]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[170]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[171]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[172]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..