A, ( (A,B,RA)) EK EK 1 (2) Áoá âû÷ècëÿeò K1 è K2 ïo èìeíè Aëècû. Oí pacøèôpoâûâaeò cooáùeíèe, yáeæäaeòcÿ, ÷òo A è B ïpaâèëü íû, çaòeì øèôpyeò íeçaøèôpoâaííyþ âòopyþ ïoëoâèíy cooáùeíèÿ Aëècû êëþ÷oì K2.
(A,B,RA) EK Áoá íe ïocûëaeò ýòo cooáùeíèe Aëèce, 56 áèòoâ øèôpoòeêcòa còaíoâÿòcÿ êëþ÷oì K3. Áoá ïocûëaeò Aëèce câoe èìÿ, ee èìÿ è cëy÷aéíoe ÷ècëo, RB, øèôpyÿ èx c ïoìoùüþ DES: cía÷aëa êëþ÷oì K3, çaòeì K1.
( (B,A,RB)) EK EK 1 (3) Aëèca aíaëoãè÷íûì oápaçoì âû÷ècëÿeò K3 è pacøèôpoâûâaeò cooáùeíèe Áoáa, yáeæäaÿcü, ÷òo A è B ïpa âèëüíû, çaòeì øèôpyeò íeçaøèôpoâaííyþ âòopyþ ïoëoâèíy cooáùeíèÿ Áoáa êëþ÷oì K3.
EK (EK (K,U,C)) s F U KU ââoäèòcÿ â ìèêpocxeìû Clipper ïpè èçãoòoâëeíèè. Ýòoò êëþ÷ çaòeì paçäeëÿeòcÿ (cì. paçäeë 3.5) è xpa íèòcÿ â äâyx áaçax äaííûx ycëoâío âpy÷eííûx êëþ÷eé, oxpaíÿeìûx äâyìÿ paçëè÷íûìè y÷peæäeíèÿìè.
×òoáû Eâa ìoãëa èçâëe÷ü Ks èç LEAF, oía äoëæía cía÷aëa pacøèôpoâaòü LEAF êëþ÷oì KF è ïoëy÷èòü U.
Çaòeì oía äoëæía ïoëy÷èòü ïocòaíoâëeíèe cyäa äëÿ êaæäoão èç y÷peæäeíèé ycëoâíoão âpy÷eíèÿ, êaæäoe èç ê o òopûx âoçâpaùaeò ïoëoâèíy KU äëÿ äaííoão U. Eâa âûïoëíÿeò XOR oáeèx ïoëoâèí è ïoëy÷aeò KU, çaòeì oía ècïoëüçyeò KU äëÿ ïoëy÷eíèÿ Ks, è Ks - äëÿ ïoäcëyøèâaíèÿ paçãoâopa.
NCSC èçäaë öeëyþ cepèþ êíèã ïo êoìïüþòepíoé áeçoïacíocòè, èíoãäa íaçûâaeìyþ Paäyãoé êíèã (âce oá ëoæêè èìeþò paçëè÷íûe öâeòa). Haïpèìep, Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria [1146] (Èíòepïpeòaöèÿ êpèòepèeâ oöeíêè äoâepeííûx êoìïüþòepíûx cècòeì â oòíoøeíèè äoâepeííûx ceòeé), èíoãäa íaçûâaeìaÿ Êpacíoé êíèãoé, òoëêyeò ïoëoæeíèÿ Opaíæeâoé êíèãè ïo oòíoøeíèþ ê ceòÿì è ceòeâoìy oáopyäoâaíèþ. Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria [1147] (Èíòepïpeòaöèÿ êpèòepèeâ oöeíêè äoâepeííûx êoìïüþòepíûx cècòeì â oòí o øeíèè cècòeì yïpaâëeíèÿ áaçaìè äaííûx) - ÿ äaæe íe ïûòaþcü oïècaòü öâeò oáëoæêè - äeëaeò òo æe caìoe äëÿ áaç äaííûx. Ceãoäíÿ cyùecòâyeò câûøe 30 òaêèx êíèã, öâeò oáëoæeê íeêoòopûx èç íèx oòâpaòèòeëeí.
Ça ïoëíûì êoìïëeêòoì Paäyãè êíèã oápaùaéòecü ïo aäpecy Director, National Security Agency, INFOSEC Awareness, Attention: C81, 9800 Savage Road, Fort George G. Meade, MD 2,0755-6000;
25.3 Haöèoíaëüíûé èícòèòyò còaíäapòoâ è òexíèêè NIST - ýòo Haöèoíaëüíûé èícòèòyò còaíäapòoâ è òexíèêè (National Institute of Standards and Technology ), ïoäpaçäeëeíèe Mèíècòepcòâa òopãoâëè CØA. Paíee oí íaçûâaëcÿ Haöèoíaëüíûì áþpo còaíäapòoâ ( NBS, Na tional Bureau of Standards) è èçìeíèë èìÿ â 1988 ãoäy. C ïoìoùüþ câoeé Ëaáopaòopèè êoìïüþòepíûx cècòeì (Computer Systems Laboratory, CSL), NIST ïpoäâèãaë oòêpûòûe còaíäapòû âçaèìoäeécòâèÿ, êoòopûe, êaê oí í a äeÿëcÿ, ycêopÿò paçâèòèe ocíoâaííûx ía êoìïüþòepax oòpacëÿx ïpoìûøëeííocòè. Ê íacòoÿùeìy âpeìeíè NIST âûïycòèë còaíäapòû è pyêoâoäcòâa, êoòopûe, êaê oí c÷èòaeò, áyäyò ïpèíÿòû âceìè êoìïüþòepíûìè cècòeìaìè Coeäèíeííûx Øòaòoâ. Oôèöèaëüíûe còaíäapòû oïyáëèêoâaíû êaê èçäaíèÿ FIPS (Ôeäepaëüíûe còaíäapòû oá paáoòêè èíôopìaöèè.
Ecëè âaì íyæíû êoïèè ëþáoão èç FIPS (èëè äpyãèx èçäaíèé NIST), câÿæèòecü c Haöèoíaëüíoé cëyæáoé òex íè÷ecêoé èíôopìaöèè Mèíècòepcòâa òopãoâëè CØA - National Technical Information Service (NTIS), U.S. De partment of Commerce, 5285 Port Royal Road, Springfield, VA 22161;
(703) 487-4650;
èëè ïoceòèòe go pher://csrc.ncsl.nist.go* Êoãäa â 1987 ãoäy Êoíãpecc ïpèíÿë Aêò o êoìïüþòepíoé áeçoïacíocòè ( Computer Security Act), NIST áûë yïoëíoìo÷eí oïpeäeëÿòü còaíäapòû, oáecïe÷èâaþùèe áeçoïacíocòü âaæíoé, ío íe ceêpeòíoé èíôopìaöèè â ïp a âèòeëücòâeííûx êoìïüþòepíûx. (Ceêpeòíaÿ èíôopìaöèÿ è äaííûe peäyïpeæäaþùeé ïoïpaâêè íaxoäÿòcÿ â côepe þpècäèêöèè NSA.) Aêò paçpeøaeò NIST â xoäe oöeíêè ïpeäëaãaeìûx òexíè÷ecêèx còaíäapòoâ coòpyäí è ÷aòü c äpyãèìè ïpaâèòeëücòâeííûìè opãaíèçaöèÿìè è ÷acòíûìè ïpeäïpèÿòèÿìè.
NIST èçäaeò còaíäapòû êpèïòoãpaôè÷ecêèx ôyíêöèé. Opãaíèçaöèè ïpaâèòeëücòâa CØA oáÿçaíû ècïoëüç o âaòü èx äëÿ âaæíoé, ío íeceêpeòíoé èíôopìaöèè. ×acòo ýòè còaíäapòû ïpèíèìaþòcÿ è ÷acòíûì ceêòopoì. NIST âûïycòèë DES, DSS, SHS è EES.
Bce ýòè aëãopèòìû paçpaáoòaíû c íeêoòopoé ïoìoùüþ NSA, ía÷èíaÿ oò aíaëèça DES äo ïpoeêòèpoâaíèÿ DSS, SHS è aëãopèòìa Skipjack â EES. Heêoòopûe êpèòèêyþò NIST ça òo, ÷òo NSA â áoëüøoé còeïeíè ìoæeò êoíòpoëèpoâaòü ýòè còaíäapòû, xoòÿ èíòepecû NSA ìoãyò íe coâïaäaòü c èíòepecaìè NIST. Heÿcío, êaê äeécò âèòeëüío NSA ìoæeò ïoâëèÿòü ía ïpoeêòèpoâaíèe è paçpaáoòêy aëãopèòìoâ. Ho ïpè oãpaíè÷eíèÿx ía ïepcoíaë, áþäæeò è pecypcû NIST ïpèâëe÷eíèe NSA êaæeòcÿ paçyìíûì. NSA oáëaäaeò áoëüøèìè âoçìoæíocòÿìè, âêë þ ÷aÿ ëy÷øyþ â ìèpe êoìïüþòepíûe cpeäcòâa.
Oôèöèaëüíûé "Meìopaíäyì o âçaèìoïoíèìaíèè" ( "Memorandum of Understanding", MOU) ìeæäy äâyìÿ op ãaíèçaöèÿìè ãëacèò:
MEMOPAHÄÓM O BÇAÈMOOHÈMAHÈÈ MEÆÄÓ ÄÈPEÊTOPOM HAÖÈOHAËÜHOO ÈHCTÈTÓTA CTAHÄA P TOB È TEXHÈÊÈ È ÄÈPEÊTOPOM AEHTCTBA HAÖÈOHAËÜHOÉ ÁEÇOACHOCTÈ OTHOCÈTEËÜHO PÈMEH E HÈß ÓÁËÈ×HOO ÇAÊOHA 100- Coçíaâaÿ, ÷òo:
A. B cooòâeòcòâèè c paçäeëoì 2 Aêòa o êoìïüþòepíoé áeçoïacíocòè oò 1987 ãoäa (yáëè÷íûé çaêoí 100-235), (Aêò), ía Haöèoíaëüíûé èícòèòyò còaíäapòoâ è òexíèêè (NIST) êaê ÷acòü Ôeäepaëüíoão ïpaâèòeëücòâa âoçëaãaeòcÿ oòâeòcòâeííocòü ça:
1. Paçpaáoòêy òexíè÷ecêèx, aäìèíècòpaòèâíûx, ôèçè÷ecêèx còaíäapòoâ, còaíäapòoâ yïpaâëeíèÿ è pyêoâoäcòâ äëÿ peíò a áeëüíûx áeçoïacíocòè è çaùèùeííocòè âaæíoé èíôopìaöèè Ôeäepaëüíûx êoìïüþòepíûx cè còeì, oïpeäeëeííûx â Aêòe;
B. B cooòâeòcòâèè c paçäeëoì 2 Aêòa NIST oáÿçaí paáoòaòü â òecíoì âçaèìoäeécòâèè c äpyãèìè opãaíèçaöèÿìè, âêëþ÷aÿ NSA, oáecïe÷èâaÿ:
1. Maêcèìaëüíoe ècïoëüçoâaíèe âcex cyùecòâyþùèx è ïëaíèpyeìûx ïpoãpaìì, ìaòepèaëoâ, èccëeäoâaíèé è oò÷eòoâ, ê a caþùèxcÿ áeçoïacíocòè è çaùèùeííocòè êoìïüþòepíûx cècòeì, ÷òoáû èçáeæaòü íeäyæíoão è äopoãoão äyáëèpoâaíèÿ paáoò ;
è, 2. Ýòè còaíäapòû, paçpaáoòaííûe NIST â cooòâeòcòâèè c Aêòoì, â ìaêcèìaëüío âoçìoæíoé còeïeíè äoëæíû áûòü coãë a coâaíû è coâìecòèìû co còaíäapòaìè è ïpoöeäypaìè, paçpaáoòaííûìè äëÿ çaùèòû ceêpeòíoé èíôopìaöèè â Ôeäepaëüíûx êoìïüþòepíûx cècòeìax.
C. B cooòâeòcòâèè c Aêòoì â oáÿçaííocòè Mèíècòpa òopãoâëè, êoòopûe oí ïepeïopy÷aeò NIST, âxoäèò íaçía÷eíèe ÷ëeíoâ Êoícyëüòaòèâíoão êoìèòeòa ïo áeçoïacíocòè è çaùèùeííocòè êoìïüþòepíûx cècòeì ( Computer System Security and Privacy Advisory Board), ïo êpaéíeé ìepe ÷ëeía, ïpeäcòaâëÿ þùeão NSA.
1. Oáecïe÷èâaòü NIST òexíè÷ecêèìè pyêoâoäcòâaìè ïo äoâepeííûì òexíoëoãèÿì, áeçoïacíocòè òeëeêoììyíèêaöèé è èäeíòèôèêaöèè ëè÷íocòè, êoòopûe ìoãyò áûòü ècïoëüçoâaíû â peíòaáeëüíûx cècòeìax çaùèòû âaæíûx êoìïüþòepíûx äa í íûx.
2. poâoäèòü èëè èíèöèèpoâaòü èccëeäoâaòeëücêèe è ïpoeêòíûe ïpoãpaììû ïo äoâepeííûì òexíoëoãèÿì, áeçoïacíocòè òeëeêoììyíèêaöèé, êpèïòoãpaôè÷ecêèì ìeòoäaì è ìeòoäaì èäeíòèôèêaöèè ëè÷íocòè.
3. o ïpocüáaì NIST oêaçûâaòü ïoìoùü â oòíoøeíèè âcex âoïpocoâ, câÿçaííûx c êpèïòoãpaôè÷ecêèìè aëãopèòìaìè è êpèïòoãpaôè÷ecêèìè ìeòoäaìè, âêëþ÷aÿ èccëeäoâaíèÿ, oöeíêy paçpaáoòêè, oäoápeíèe, ío íe oãpaíè÷èâaÿcü ýòèìè äeécòâè ÿ ìè.
4. Ócòaíaâëèâaòü còaíäapòû è oäoápÿòü èçäeëèÿ äëÿ ïpèìeíeíèÿ â áeçoïacíûx cècòeìax, oxâaòûâaeìûx 10 USC paçäeë 2315 (oïpaâêa Óopíepa).
5. o òpeáoâaíèþ ôeäepaëüíûx opãaíèçaöèé, èx ïoäpÿä÷èêoâ è äpyãèx ôèíaícèpyeìûx ïpaâèòeëücòâoì cyáúeêòoâ ïp o âoäèòü oöeíêy âoçìoæíocòè âpaæecêoé paçâeäûâaòeëüíoé äeÿòeëüíocòè â oòíoøeíèè ôeäepaëüíûx èíôopìaöèoííûx cècòeì, a òaêæe oáecïe÷èâaòü òexíè÷ecêoe coäeécòâèe è peêoìeíäoâaòü èçäeëèÿ, oäoápeííûe äëÿ ïpèìeíeíèÿ â áeçoïacíûx cècòeìax, ÷òoáû ïpoòèâocòoÿòü òaêoé yãpoçe.
III. NIST è NSA áyäyò:
1. Êoopäèíèpoâaòü câoè ïëaíû ïo oáecïe÷eíèþ áeçoïacíocòè è çaùèùeííocòè êoìïüþòepíûx cècòeì, ça êoòopûe NIST è NSA íecyò oòâeòcòâeííocòü â cooòâeòcòâèè c paçäeëoì 6(b) Aêòa.
/ïoäïècaío/ PÝÉMOHÄ. ÄÆ. ÊAMMEP Ècïoëíèòeëüíûé Äèpeêòop, Haöèoíaëüíûé èícòèòyò còaíäapòoâ è òexíèêè, 24 ìapòa 1989 ãoäa Ó. O. CTÜÞÄMEH Bèöe-aäìèpaë, BMC CØA, Äèpeêòop, Aãeíòcòâo íaöèoíaëüíoé áeçoïacíocòè, 23 ìapòa 1989 ãoäa 25.4 RSA Data Security, Inc.
RSA Data Security, Inc. (RSADSI) áûëa ocíoâaía â 1982 ãoäy äëÿ paçpaáoòêè, ëèöeíçèpoâaíèÿ è êoììep÷ e cêoão ècïoëüçoâaíèÿ ïaòeíòa RSA. Ó êoìïaíèè ecòü pÿä êoììep÷ecêèx ïpoäyêòoâ, âêëþ÷aÿ oòäeëüíûé ïaêeò áeçoïacíocòè ýëeêòpoííoé ïo÷òû, è paçëè÷íûe êpèïòoãpaôè÷ecêèe áèáëèoòeêè (äocòyïíûe â âèäe ècxoäíûx òeêcòoâ èëè oáúeêòíoão êoäa). RSADSI òaêæe ïpeäëaãaeò ía pûíêe cèììeòpè÷íûe aëãopèòìû RC2 è RC4 (cì.
paçäeë 11.8). RSA Laboratories, èccëeäoâaòeëücêaÿ ëaáopaòopèÿ, câÿçaííaÿ c RSADSI, âûïoëíÿeò ôyíäaìeíòaëü íûe êpèïòoãpaôè÷ecêèe èccëeäoâaíèÿ è oêaçûâaeò êoícyëüòaöèoííûe ycëyãè.
pè çaèíòepecoâaííocòè â ëèöeíçèÿx èëè ïpoäyêòax íyæío oápaùaòücÿ ê äèpeêòopy ïo ïpoäaæaì ( Director of Sales, RSA Data Security, Inc., 100 Marine Parkway, Redwood City, CA 94065;
(415) 595-8782;
ôaêc: (415) 595 1873).
25.5 PUBLIC KEY PARTNERS ÿòü ïaòeíòoâ, ïepe÷ècëeííûx â 22-é, ïpèíaäëeæaò Public Key Partners (PKP) èç Caííèâýéëa (Sunnyvale), Êaëèôopíèÿ, ïapòíepcòây RSADSI è Care-Kahn, Inc. - poäèòeëücêoé êoìïaíèè Cylink. (RSADSI ïoëy÷aeò ïpoöeíòoâ ïpèáûëè, a Care-Kahn 35 ïpoöeíòoâ.) PKP yòâepæäaeò, ÷òo ýòè ïaòeíòû è 4218582 ocoáeíío ïpèìe íèìû êo âceì cnocoáaì ucnoëüçoâaíuÿ êpèïòoãpaôèè c oòêpûòûìè êëþ÷aìè.
25.6 Meæäyíapoäíaÿ accoöèaöèÿ êpèïòoëoãè÷ecêèx èccëeäoâaíèé Meæäyíapoäíaÿ accoöèaöèÿ êpèïòoëoãè÷ecêèx èccëeäoâaíèé ( International Association for Cryptologic R e search, IACR) - ýòo âceìèpíaÿ êpèïòoãpaôè÷ecêaÿ èccëeäoâaòeëücêaÿ opãaíèçaöèÿ. Ee öeëüþ ÿâëÿeòcÿ paçâèòèe òeopèè è ïpaêòèêè êpèïòoëoãèè è câÿçaííûx oáëacòeé. Ee ÷ëeíoì ìoæeò còaòü ëþáoé. Accoöèaöèÿ âûcòyïaeò cïoícopoì äâyx eæeãoäíûx êoíôepeíöèé, Crypto (ïpoâoäèòcÿ â aâãycòe â Caíòa-Áapáape ) è Eurocrypt (ïpoâoäèòcÿ â â Eâpoïe), è eæeêâapòaëüío èçäaeò The Journal of Cryptology è IACR Newsletter.
Aäpec øòaá-êâapòèpû IACR ìeíÿeòcÿ âìecòe co cìeíoé ïpeçèäeíòa. Teêyùèé aäpec: IACR Business Office, Aarhus Science Park, Custav Wieds Vej 10, DK-8000 Aarhus C, Denmark.
25.7 Oöeíêa ïpèìèòèâoâ öeëocòíocòè RACE (RIPE) poãpaììa èccëeäoâaíèÿ è paçâèòèÿ ïepeäoâûx cpeäcòâ câÿçè â Eâpoïe ( Research and Development in Ad vanced Communication Technologies in Europe, RACE) áûëa èíèöèèpoâaía Eâpoïeécêèì cooáùecòâoì äëÿ ïo ä äepæêè ïpeäâapèòeëüíoé ïpopaáoòêè òeëeêoììyíèêaöèoííûx còaíäapòoâ è òexíoëoãèé, ïoääepæèâaþùèx È í òeãpèpoâaííûe âûcoêocêopocòíûe cpeäcòâa câÿçè ( Integrated Broadband Communication, IBC). B êa÷ecòâe ÷acòè ýòoé paáoòû RACE y÷peäèëo êoícopöèyì äëÿ Oöeíêè ïpèìèòèâoâ öeëocòíocòè RACE (RACE Integrity Primitives Evaluation, RIPE), ÷òoáû coápaòü â oäío öeëoe ïaêeò òexíoëoãèé, cooòâeòcòâyþùèx âoçìoæíûì òpeáoâaíèÿì ê áeçoïacíocòè IBC.
Ôaêò peãècòpaöèè aëãopèòìa íè÷eão íe ãoâopèò o eão êa÷ecòâe. Peãècòpaöèÿ íe ÿâëÿeòcÿ è oäoápeíèeì aëã o pèòìa ISO/IEC, oía ïpocòo ïoêaçûâaeò, ÷òo oäía èç íaöèoíaëüíûx opãaíèçaöèé xo÷eò çapeãècòpèpoâaòü aëã o pèòì, íeçaâècèìo oò êpèòepèeâ, ècïoëüçyeìûx äaííoé opãaíèçaöèeé.
Meíÿ íe âïe÷aòëèëa ýòa èäeÿ. Peãècòpaöèÿ ìeøaeò ïpoöeccy còaíäapòèçaöèè. Bìecòo òoão, ÷òoáû ïpèíÿòü íe cêoëüêo aëãopèòìoâ, ISO peãècòpèpyeò ëþáoé aëãopèòì. pè òaêoì êoíòpoëe ìoæío çapeãècòpèpoâaòü âce, ÷òo yãoäío, è äaëee c ïoëíûì ïpaâoì coïpoâoæäaòü câoé aëãopèòì çây÷íoé äoáaâêoé "Çapeãècòpèpoâaí ISO/IEC 9979 ". B ëþáoì cëy÷ae peecòp âeäeò National Computer Centre Ltd., Oxford Road, Manchester, MI 7ED, United Kingdom.
Taáë. 25-4.
Çapeãècòpèpoâaííûe aëãopèòìû ISO/IEC Peãècòpaöèoííûé íoìep Haçâaíèe 0001 B-CRYPT 0002 IDEA 0003 LUC 25.10 Ïpoôeccèoíaëüíûe è ïpoìûøëeííûe ãpyïïû, a òaêæe ãpyïïû çaùèòí è êoâ ãpaæäaícêèx câoáoä Èíôopìaöuoííûé öeímp no ýëeêmpoííoé maéíe ëu÷íocmu (EPIC) Èíôopìaöèoííûé öeíòp ïo ýëeêòpoííoé òaéíe ëè÷íocòè ( Electronic Privacy Information Center, EPIC) áûë y÷peæäeí â 1994 ãoäy äëÿ ïpèâëe÷eíèÿ oáùecòâeííoão âíèìaíèÿ ê âoçíèêaþùèì âoïpocaì òaéí ëè÷íocòè, câ ÿ çaííûì c Haöèoíaëüíoé èíôopìaöèoííoé èíôpacòpyêòypoé, òaêèx êaê ìèêpocxeìû Clipper, ïpeäëoæeíèÿ ïo öèôpoâoé òeëeôoíèè, íaöèoíaëüíûe cècòeìû èäeíòèôèêaöèoííûx íoìepoâ, òaéíû ècòopèé áoëeçíè è ïpoäaæa câeäeíèé o ïoòpeáèòeëÿx. EPIC âeäeò cyäeáíûe ïpoöeccû, cïoícèpyeò êoíôepeíöèè, ïyáëèêyeò oò÷eòû, èçäaeò EPIC Alert è ïpoâoäèò êaìïaíèè ïo âoïpocaì òaéíû ëè÷íocòè. Æeëaþùèe ïpècoeäèíèòücÿ ìoãyò oápaòèòücÿ ïo aäpecy Anyone interested in joining should contact Electronic Privacy Information Center, 666 Pennsylvania Avenue SE, Suite 301, Washington, D.C. 20003 (202,) 544-9240;
ôaêc: (202) 547-5482;
Internet: info@epic.org.
Ôoíä ýëeêmpoííoão ôpoímupa (EFF) Ôoíä ýëeêòpoííoão ôpoíòèpa (Electronic Frontier Foundation, EFF) ïocâÿòèë ceáÿ çaùèòe ãpaæäaícêèx ïpaâ â êèáepïpocòpaícòâe. Paccìaòpèâaÿ êpèïòoãpaôè÷ecêyþ ïoëèòèêy CØA, EFF c÷èòaeò, ÷òo èíôopìaöèÿ è äocòyï ê êpèïòoãpaôèè ÿâëÿþòcÿ ôyíäaìeíòaëüíûìè ïpaâaìè, è ïoýòoìy c íèx äoëæíû áûòü cíÿòû ïpaâèòeëücòâeííûe oãpaíè÷eíèÿ. Ôoíä opãaíèçoâaë paáo÷yþ ãpyïïy ïo öèôpoâoé áeçoïacíocòè è òaéíe ëè÷íocòè (Digital Privacy and Security Working Croup), êoòopaÿ ÿâëÿeòcÿ êoaëèöèeé 50 opãaíèçaöèé. pyïïa ïpoòèâoäeécòâyeò çaêoíy o öèôpoâoé òeëeôoíèè è èíèöèaòèâe Clipper. EFF òaêæe coäeécòâyeò âeäeíèþ ïpoöeccoâ ïpoòèâ êoíòpoëÿ ça ýê c ïopòoì êpèïòoãpaôèè [143]. Æeëaþùèe ïpècoeäèíèòücÿ ê EFF ìoãyò câÿçaòücÿ c Electronic Frontier Foundation, 1001 C Street NW, Suite 950E, Washington, D.C. 20001;
(202) 347 5400, ôaêc: (202) 393-5509;
Internet:
eff@eff.org.
Accoöuaöuÿ no âû÷ucëumeëüíoé mexíuêe (ACM) Accoöèaöèÿ ïo âû÷ècëèòeëüíoé òexíèêe ( Association for Computing Machinery, ACM) - ýòo ìeæäyíapoäíaÿ êoìïüþòepíaÿ ïpoìûøëeííaÿ opãaíèçaöèÿ. B 1994 ãoäy Êoìèòeò oáùecòâeííoé ïoëèòèêè ACM CØA ïpeäcòa âèë ïpeêpacíûé oò÷eò o êpèïòoãpaôè÷ecêoé ïoëèòèêe CØA [935]. Eão còoèò ïpo÷èòaòü êaæäoìy, êòo èíòepec y eòcÿ ïoëèòèêoé â êpèïòoãpaôèè. Eão ìoæío ïoëy÷èòü c ïoìoùüþ aíoíèìíoão ftp c info.acm.org â /reports/acm.
crypt_study/acm_crypto_study.ps.
Èícmumym uíæeíepoâ no ýëeêmpu÷ecmây u paäuoýëeêmpoíuêe (IEEE) Èícòèòyò èíæeíepoâ ïo ýëeêòpè÷ecòây è paäèoýëeêòpoíèêe ( Institute of Electrical and Electronics Engineers, IEEE) - ýòo äpyãaÿ ïpoôeccèoíaëüíaÿ opãaíèçaöèÿ. Oòäeëeíèe â CØA èçy÷aeò âoïpocû, câÿçaííûe c òaéíoé ëè÷íocòè, âêëþ÷aÿ êpèïòoãpaôè÷ecêyþ ïoëèòèêy, èäeíòèôèêaöèoííûe íoìepa, è çaùèòa òaéí â Internet, è paç paáaòûâaeò cooòâeòcòâyþùèe peêoìeíäaöèè.
Accoöuaöuÿ npouçâoäumeëeé npoãpaììíoão oáecne÷eíuÿ (SPA) Accoöèaöèÿ ïpoèçâoäèòeëeé ïpoãpaììíoão oáecïe÷eíèÿ ( Software Publishers Association, SPA) - ýòo òopãoâaÿ accoöèaöèÿ, â êoòopyþ âxoäÿò câûøe 1000 êoìïaíèé, paçpaáaòûâaþùèx ïpoãpaììíoe oáecïe÷eíèe äëÿ ïepc o íaëüíûx êoìïaíèé. Oíè âûcòyïaþò ça ocëaáëeíèe ýêcïopòíoão êoíòpoëÿ â êpèïòoãpaôèè è ïoääepæèâaþò ïep e ÷eíü êoììep÷ecêè äocòyïíûx çapyáeæíûx ïpoäyêòoâ.
(8) C ïoìoùüþ ôyíäaìeíòaëüíûx èccëeäoâaíèé â íayêe è òexíèêe â aêêpeäèòoâaííûx âûcøèx y÷eáíûx çaâeäeíèÿx CØA, ãäe ïoëy÷eííaÿ èíôopìaöèÿ oáû÷ío ïyáëèêyeòcÿ è øèpoêo pacïpocòpaíÿeòcÿ â íay÷íoì cooáùecòâe. Ôyíäaìeíòaëü íûìè íaçûâaþòcÿ áaçoâûe è ïpèêëaäíûe èccëeäoâaíèÿ â íayêe è òexíèêe, êoãäa ïoëy÷eííaÿ èíôopìaöèÿ oáû÷ío ïyáëèêye ò cÿ è øèpoêo pacïpocòpaíÿeòcÿ â íay÷íoì cooáùecòâe â oòëè÷èe oò èccëeäoâaíèé, peçyëüòaòû êoòopûx íe paçãëaøaþòcÿ èç-ça ïpaâ coácòâeííocòè èëè oïpeäeëeííoão êoíòpoëÿ äocòyïa è pacïpocòpaíeíèÿ ïpaâèòeëücòâoì CØA. Óíèâepcèòeòcêèe èccëe äoâaíèÿ íe c÷èòaþòcÿ ôyíäaìeíòaëüíûìè, ecëè :
(i) Óíèâepcèòeò èëè eão èccëeäoâaòeëè coãëaøaþòcÿ c äpyãèìè oãpaíè÷eíèÿìè ía ïyáëèêaöèþ íay÷ío-òexíè÷ecêoé è í ôopìaöèè, ïoëy÷eííoé â peçyëüòaòe paáoòû íaä ïpoeêòoì, èëè (ii) Èccëeäoâaíèÿ ôèíaícèpyþòcÿ ïpaâèòeëücòâoì CØA, a äocòyï ê peçyëüòaòaì èccëeäoâaíèé è èx pacïpocòpaíeíèe í a xoäèòcÿ oãpaíè÷eíû c öeëüþ çaùèòû èíôopìaöèè.
§ 120.17 Ýêcïopò.
oä ýêcïopòoì ïoíèìaeòcÿ:
(1) epeäa÷a èëè âûâoç cpeäcòâ oáopoíû ça ïpeäeëû Coeäèíeííûx Øòaòoâ ëþáûì cïocoáoì, êpoìe ïyòeøecòâèÿ ça ïp e äeëû Coeäèíeííûx Øòaòoâ ëèöa, ÷üè ëè÷íûe çíaíèÿ âêëþ÷aþò òexíè÷ecêèe äaííûe ;
èëè (2) epeäa÷a èíocòpaííoìy ëèöy ïpaâ peãècòpaöèè, yïpaâëeíèÿ èëè coácòâeííocòè ía ëþáoé caìoëeò, cyäío èëè cïyò íèê, ïpècyòcòâyþùèé â epe÷íe âoopyæeíèé CØA, â Coeäèíeííûx Øòaòax èëè ça èx ïpeäeëaìè ;
Mýòò Áëeéç Hüþ-Éopê References 1. ABA Bank Card Standard, "Management and Use of Personal Information Numbers, " Aids from ABA, Catalog no. 207213, American Bankers Association, 1979.
2. ABA Document 4.3, "Key Management Standard," American Bankers Association, 1980.
3. M. Abadi, J. Feigenbaum, and J. Kilian, "On Hiding Information from an Oracle," Proceedings of the 19th ACM Symposium on the Theory of Computing, 1987, pp. 195-203.
4. M. Abadi, J. Feigenbaum, and J. Kilian, "On Hiding Information from an Oracle," Journal of Computer and System Sciences, v.39, n.1, Aug 1989, pp.21-50.
5. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols," Research Report 125, Digital Equipment Corp Systems Research Center, Jun 1994.
6. C.M. Adams, "On Immunity Against Biham and Shamir's Differential Cryptanalysis,' " Information Processing Letters, v. 41, 14 Fob 1992, pp. 77-80.
7. C.M. Adams, "Simple and Effective Key Scheduling for Symmetric Ciphers, " Workshop on Selected Areas in Cryptography Workshop Record, Kingston, Ontario, 5-6 May 1994, pp.129-133.
8. C.M. Adams and H. Mailer, "Security Related Comments Regarding McEliece's Public-Key Cryptosystem, " Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 224-230.
9. C.M. Adams and S.E. Tavares, "The Structured Design of Cryptographically Good SBoxes," journal of Cryptology v. 3, n. 1, 1990, pp. 27-41.
10. C.M. Adams and S.E. Tavares, "Designing S-Boxes for Ciphers Resistant to Differential Cryptanalysis," Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography Rome, Italy, 15-16 Feh 1993, pp. 181-190.
11. W. Adams and D. Shanks, "Strong Primality Tests That Are Not Sufficient, " Mathematics of Computation, v. 39, 1982, pp. 255-300.
12. W.W Adams and L.J. Goldstein, Introduction to Number Theory, Englewood Cliffs, N.J.:
Prentice-Hall, 1976.
13. B.S. Adiga and P. Shankar, "Modified LuLee Cryptosystem," Electronics Letters, v 21, n. 18, 29 Aug 1985, pp. 794-795.
14. L.M. Adleman, "A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography," Proceedings of the IEEE 20th Annual Symposium of Foundations of Computer Science, 1979, pp.55-60.
15. L.M. Adleman, "On Breaking Generalized Knapsack Public Key Cryptosystems, " Proceedings of the 15th ACM Symposium on Theory of Computing, 1983, pp. 402412.
16. L.M. Adleman, "Factoring Numbers Using Singular Integers," Proceedings of the 23rd Annual ACM Symposium on the Theory of Computing, 1991, pp. 64 71.
17. L.M. Adleman, "Molecular Computation of Solutions to Combinatorial Problems," Science, v.
266, n. 11, Nov 1994, p. 1021.
18. L.M. Adleman, D. Estes, and K. McCurley, "Solving Bivariate Quadratic Congruences in Random Polynomial Time," Mathematics of Computation, v. 48, n. 177, Jan 1987, pp. 17 28.
19. L.M. Adleman, C. Pomerance, and R.S. Rumeley, "On Distinguishing Prime Numbers from Composite Numbers, " Annals of Mathematics, v. 117, n. 1, 1983, pp. 173-206.
20. L.M. Adleman and R.L. Rivest, "How to Break the Lu-Lee {COMSAT) Public-Key Cryptosystem, " MIT Laboratory for Computer Science, Jul 1979.
21. G.B. Agnew, "Random Sources for Cryptographic Systems, " Advances in Cryptology EUROCRYPT '8 7 Proceedings, Springer-Verlag, 1988, pp. 77-81.
22. G.B. Agnew, R.C. Mullin, I.M. Onyszchuk, and S.A. Vanstone, "An Implementation for a Fast Public-Key Cryptosystem," Journal of Cryptology, v. 3, n. 2, 1991, pp. 63-79.
23. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "A Fast Elliptic Curve Cryptosystem," Advances in Cryptology EUROCRYPT '89 Proceedings, Spnnger-Verlag, 1990, pp. 706 708.
24. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "Improved Digital Signature Scheme Based on Discrete Exponentiation, " Electronics Letters, v. 26, n. 14, 5 Jul 1990, pp. 1024 1025.
25. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "On the Development of a Fast Elliptic Curve Cryptosystem," Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 26. G.B. Agnew, R.C. Mullin, and S.A. Vanstone, "An Implementation of Elliptic Curve Cryptosystems over F:155," IEEE Selected Areas of Communications, v. 11, n. 5, Jun 1993, pp. 804-813.
27. A. Aho, J. Hopcroft, and J. Ullman. The 40. Design and Analysis of Computer Algorithms, Addison-Wesley, 1974.
28. S.G. Akl, "Digital Signatures: A Tutorial Survey." Computer, v. 16, n. 2, Feb 1983, pp. 15-24.
29. S.G. Akl, "On the Security of Compressed Encodings," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 209-230.
30. S.G. Akl and H. Meijer, "A Fast Pseudo-Random Permutation Generator with Applications to Cryptology," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 269-275.
31. M. Alabbadi and S.B. Wicker, "Security of Xinmei Digital Signature Scheme," Electronics Letters, v. 28, n. 9, 23 Apr 1992, pp. 890-89 1.
32. M. Alabbadi and S.B. Wicker, "Digital Signature Schemes Based on Error-Correcting Codes," Proceedings of the 1993 IEEE-ISIT, IEEE Press, 1993, p. 199.
33. M. Alabbadi and S.B. Wicker, "Cryptanalysis of the Harn and Wang Modification of the Xinmei Digital Signature Scheme, " Electronics Letters, v. 28, n. 18, 27 Aug 1992, pp.
1756-1758.
34. K. Alagappan and J. Tardo, "SPX Guide: Prototype Public Key Authentication Service, " Digital Equipment Corp.. May 1991.
35. W. Alexi, B.-Z. Chor, O. Goldreich, and C.R Schnorr, "RSA and Rabin Functions: Certain Parts Are as Hard as the Whole," Proceedings of the 25th IEEE Symposium on the Foundations of Computer Science, 1984, pp. 449-457.
36. W. Alexi, B.-Z. Chor, O. Goldreich, and C.R Schnorr, "RSA and Rabin Functions: Certain Parts are as Hard as the Whole," SIAM 1ournal on Computing, v. 17, n. 2, Apr 1988, pp.
194 209.
37. Ameritech Mobile Communications et al., "Cellular Digital Packet Data System Specifications:
Part 406: Airlink Security," CDPD Industry Input Coordinator. Costa Mesa, Calif.. Jul 1993.
38. H.R. Amirazizi, E.D. Karnin, and J.M. Reyneri, "Compact Knapsacks are Polynomial Solvable," ACM SIGACT News, v.15, 1983, pp. 20-22.
39. R.J. Anderson, "Solving a Class of Stream Ciphers," Cryptologia, v. 14, n. 3, Jul 1990, pp.
285-288.
40. R.J. Anderson, "A Second Generation Electronic Wallet," ESORICS 92, Proceedings of the Second European Symposium on Research in Computer Security, Springer 54. Verlag, 1992, pp. 411 418.
41. R.J. Anderson, "Faster Attack on Certain Stream Ciphers, " Electronics Letters, v. 29, n. 15, 22 Jul 1993, pp. 1322-1323.
42. R.J. Anderson! "Derived Sequence Attacks on Stream Ciphers, " presented at the rump session of CRYPTO '93, Aug 1993.
43. R.J. Anderson, "Why Cryptosystems Fail," lst ACM Conference on Computer and Communications Security ACM Press, 1993, pp. 215-227.
44. R.J. Anderson, "Why Cryptosystems Fail," Communications of the ACM, v. 37, n. 11, Nov 1994, pp. 32 40.
45. R.J. Anderson, "On Fibonacci Keystream 58. Generators, " K. U. Lezzven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
46. R.J. Anderson, "Searching for the Optimum Correlation Attack, " K. U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995. to appear.
47. R.J. Anderson and T.M.A. Lomas, "Fortifying Key Negotiation Schemes with Poorly Chosen Passwords," Electronics Letters, v. 30, n. 13, 23 Jun 1994, pp. 1040-1041.
48. R.J. Anderson and R. Needham, "Robustness Principles for Public Key Protocols," Advances in Cryptology CRYPTO '95 Proceedings, Springer-Verlag, 1995, to appear, 49. D. Andleman and J. Reeds, "On the Cryptanalysis of Rotor Machines and Substitution Permutation Networks," IEEE Trans actions on Information Theory, v. IT-28, n. 4, Jul 1982, pp. 578-584.
50. ANSI X3.92, "American National Standard for Data Encryption Algorithm (DEA )," Ameriean National Standards Institute, 1981.
51. ANSI X3.105, "American National Standard for Information Systems Data Link Encryption, " Ameriean National Standards Institute, 1983.
52. ANSI X3.106, "American National Standard for Information Systems Data Encryption Algorithm Modes of Operation," Ameriean National Standards Institute, 1 983.
53. ANSI X9.8, "American National Standard for Personal Information Number (PIN ) Management and Security, " American Bankers Association, 1982.
54. ANSI X9.9 (Revised, "American National Standard for Financial Institution Message Authentication (Wholesales), " American Bankers Association, 1986.
55. ANSI X9.17 (Revised. "American National Standard for Financial Institution Key Management (Wholesales)" American Bankers Assoeiation, 1985.
56. ANSI X9.19, "American National Standard for Retail Message Authentication," Ameriean Bankers Assoeiation, 1985.
57. ANSI X9.23, "American National Standard for Financial Institution Message Encryption, " American Bankers Assoeiation, 1988.
58. ANSI X9.24, "Draft Proposed Ameriean National Standard for Retail Key Management," Ameriean Bankers Assoeiation, 1988.
59. ANSI X9.26 (Revised). "American National Standard for Financial Institution Sign-On Authentication for Wholesale Financial Transaction," American Bankers Association, 1990.
60. ANSI X9.30, "Working Draft: Public Key Cryptography Using irreversible Algorithms for the Financial Services Industry''' Ameriean Bankers Association, Aug 1994.
61. ANSI X9.31, "Working Draft: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry," Ameriean Bankers Association, Mar 1993.
62. K. Aoki and K. Ohta, "Differential-Linear Cryptanalysis of FEAL-8," Proceedings of the 1995 Symposium on Cryptography and Information Security (SCIS by), Innyama, Japan, 24-27 Jan 1995, pp. A3.4.1-11. (In Japanese) 63. K. Araki and T. Sekine, "On the Conspiracy Problem of the Generalized Tanaka's Cryptosystem," IEICE Transactions, v. E74, n. 8, Aug 1991, pp. 2176-2178.
64. S. Araki, K. Aoki, and K. Ohta, "The Best Linear Expression Search for FEAL," Pro ceedings of the 1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24-27 Jan 1995, pp. A4.4.1-10.
65. C. Asmuth and J. Bloom, "A Modular Approach to Key Safeguarding," IE EE Transactions on Information Theory, v. IT- 29, n. 2, Mar 1983, pp. 208 210.
66. D. Atkins, M. Graff, A.K. Lenstra, and RC. Leyland, "The Magic Words are Squeamish Ossifrage, " Advances in Cryptology ASIA CRYPT '94 Proceedings, Springer- Verlag, 1995, pp. 263-277.
67. AT&T, "T7001 Random Number Generator," Data Sheet, Aug 1986.
68. AT<, "ATTEST Readying New Spy-Proof Phone for Big Military and Civilian Markets," The Report on ATTEST, 2 Jun 1986, pp. 6-7.
69. AT&T, "T7002/T7003 Bit Slice Multiplier," product announcement, 1987.
71. Y. Aumann and U. Feige, "On Message Proof Systems with Known Space Verifiers," Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 85-99.
72. R.G. Ayoub, An Introduction to the Theory of Numbers, Providence, Rl: American Mathematical Society, 1963.
73. A. Aziz and W. Diffie, "Privacy and Authentication for Wireless Local Area Networks," IEEE Personal Communications, v. l, n. 1, 1994, pp. 25-31.
74. A. Bahreman and J.D. Tygar, "Certified Electronic Mail," Proceedings of the Internet Society 1994 Workshop on Network and Distributed System Secunty, The Internet Society, 1994, pp. 3-19.
75. D. Balenson, "Automated Distribution of Cryptographic Keys Using the Financial Institution Key Management Standard, " IEEE Communications Magazine, v. 23, n. 9.
Sep 1985, pp. 41-46.
76. D. Balenson, "Privacy Enhancement for Internet Electronic Mail: Part 111: Algo 91.
rithms, Modes, and Identifiers, " RFC 1423, Feb 1993.
77. D. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker, "A New Approach to Software Key Escrow Encryption," TIS Report #520, Trusted Information Systems, Aug 78. R. Ball, Mathematical Recreations and Essays, New York: MacMillan, 1960.
79. J. Bamford, The Puzzle Palace, Boston: 93. Houghton Mifflin, 1982.
80. J. Bamford and W. Madsen, The Puzzle Palace, Second Edition, Penguin Books, 1995.
81. S.K. Banerjee, "High Speed Implementa- tion of DES," Computers ed Security, v. l, 1982, pp. 261-267.
82. Z. Baodong, "MC-Veiled Linear Transform Public Key Cryptosystem," Acta Electron- ica Sinica, v. 20, n. 4, Apt 1992, pp. 21-24. {In Chinese 83. P.H. Bardell, "Analysis of Cellular Automata Used as Pseudorandom Pattern Generators," Proceedings of 1990 Interna- tional Test Conference, pp. 762-768.
84. T. Baritaud, H. Gilbert, and M. Girault, "FFT Hashing is not Collision-Free, " Advances in Cryptology EUR OCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 35-44.
85. C. Barker, "An Industry Perspective of the CCEP, " 2nd Annual AIAA Computer Security Conference Proceedings, 1986.
86. W.G. Barker, Cryptanalysis of the Hagelin Cryptograph, Aegean Park Press, 1977.
87. R Barrett, "Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor," Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1987, pp 311-323.
88. T.C. Bartee and D.l. Schneider, "Computation with Finite Fields," Information and Control, v. 6, n. 2, Jun 1963, pp. 79-98.
89. U. Baum and S. Blackburn, "Clock Controlled Pseudorandom Generators on Finite Groups," K.U Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
90. K.R. Bauer, T.A. Bersen, and R.J. Feiertag, "A Key Distribution Protocol Using Event Markers," ACM Transactions on Computer Systems, v. 1, n. 3, 1983, pp. 249-255.
91. F. Bauspiess and F. Damm, "Requirements for Cryptographic Hash Functions," Com puters Security, v. l l, n. 5, Sep 1992, pp. 427 437.
92. D. Bayer, S. Haber, and W.S. Stornetta, "Improving the Efficiency and Reliability of Digital Time-Stamping, " Sequences '91: Methods in Communication, Security, and Computer Science, Springer-Verlag, 1992, pp. 329-334.
93. R. Bayer and J.K. Metzger, "On the Encipherment of Search Trees and Random Access Files," ACM Transactions on Data base Systems, v. l, n. 1, Mar 1976, pp. 37-52.
94. M. Beale and M.F. Monaghan, "Encrytion Using Random Boolean Functions," Cryp tography and Coding, H.J. Beker and F.C. Piper, eds., Oxford: Clarendon Press, 1989, pp. 219-230.
95. P. Beauchemin and G. Brassard, "A Gener- alization of Hellman's Extension to Shannon's Approach to Cryptography," lournal of Cryptology, v. 1, n. 2, 1988, pp. 129-132.
96. R Beauchemin, G. Brassard, C. Crepeau, C. Goutier, and C. Pomerance, "The Generation of Random Numbers that are Probably Prime, " Journal of Cryptology, v. 1, n. 1, 1988, pp.
53-64.
97. D. Beaver, J. Feigenbaum, and V Shoup, "Fliding Instances in Zero-Knowledge Proofs, " Advances in Cryptology CR YPTO '90 Proceedings, Springer-Verlag, 1991, pp. 326 338.
98. H. Beker, J. Friend, and P. Halliden, "Simplifying Key Management in Electronic Funds Transfcr Points of Sale Systems," Electronics Letters, v. 19, n. 12, Jun 1983, pp. 442 444.
99. H. Beker and F. Piper, Cipher Systems: The Protection of Communications, London:
Northwood Books, 1982.
100. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Mathematical Foundations, " Report ESD-TR-73-275, MITRE Corp., 1973.
101. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: A Mathematical Model," Report MTR-2547, MITRE Corp., 1973.
102. D.E. Bell and L.J. LaPadula, "Secure Computer Systems: A Refinement of the Mathematical Model," Report ESD-TR-73-278, MITRE Corp., 1974.
103. D.E. Bell and L.J. LaPadula. "Secure Com- puter Systems: Unified Exposition and Multics Interpretation," Report ESD-TR- 75-306, MITRE Corp., 1976.
104. M. Bellare and S. Goldwasser, "New Paradigms for Digital Signatures and Message Authentication Based on Non-interactive Zero Knowledge Proofs, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 194-211.
105. M. Bellare and S. Micali, "Non-interactive Oblivious Transfer and Applications, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp.547-557.
106. M. Bellare, S. Micali, and R. Ostrovsky, "Perfect Zero-Knowledge in Constant Rounds," Proceedings of the 22nd ACM Symposium on the Theory of Computing, 1990, pp. 482 493.
107. S.M. Bellovin, "A Preliminary Technical Analysis of Clipper and Skipjack," unpublished manuscript, 20 Apr 1993.
108. S.M. Bellovin and M. Merritt, "Limitations of the Kerberos Protocol, " Winter USENIX Conference Proceedings, USENIX Association, 1991, pp. 253-267.
109. S.M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks," Pro ceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp. 72-84.
110. S.M. Bellovin and M. Merritt, "An Attack on the Interlock Protocol When Used for Authentication, " IEEE Transactions on Information Theory, v. 40, n. 1, Jan 1994, pp.
273-275.
111. S.M. Bellovin and M. Merritt, "Cryptographic Protocol for Secure Communications, " U.S.
Patent #5,241,599, 31 Aug 93.
112. J. Ben-Aroya and E. Biham, "Differential Cryptanalysis of Lucifer, " Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 187-199.
113. J.C. Benaloh, "Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols," Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, 213-222.
114. J.C. Benaloh, "Secret Sharing Homorphisms: Keeping Shares of a Secret Secret, " Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987. pp. 251-260.
116. J.C. Benaloh and M. de Mare, "One-Way Accumulators: A Decentralized Alternative to Digital Signatures," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer Verlag, 1994, pp. 274 285.
117. J.C. Benaloh and D. Tuinstra, "Receipt Free Secret Ballot Elections," Proceedings of the 26th ACM Symposium on the Theory of Computing, 1994, pp. 544-553.
118. J.C. Benaloh and M. Yung, "Distributing the Power of a Government to Enhance the Privacy of Voters, " Proceedings of the 130. 5th ACM Symposium on the Principles in Distributed Computing, 1986, pp. 52-62.
119. A. Bender and G. Castagnoli, "On the Implementation of Elliptic Curve Cryptosystems, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 186-192.
120. S. Bengio, G. Brassard, Y.G. Desmedt, C. Goutier, and J.-J. Quisquater, "Secure Implementation of Identification Systems, " Journal of Cryptology, v. 4, n. 3, 1991, pp.
175-184.
121. C.H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, "Experimental Quantum Cryptography, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 253-265.
122. C.H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, "Experimental Quantum Cryptography, "Journal of Cryptology, v. 5, n. 1, 1992, pp. 3-28.
123. C.H. Bennett and G. Brassard, "Quantum Cryptography: Public Key Distribution and Coin Tossing, " Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Banjalore, India, Dec 1984, pp. 175-179.
124. C.H. Bennett and G. Brassard, "An Update on Quantum Cryptography," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 475-480.
125. C.H. Bennett and G. Brassard, "Quantum Public-Key Distribution System, " IBM Technical Disclosure Bulletin, v. 28, 1985, pp. 3153-3163.
126. C.H. Bennett and G. Brassard, "Quantum Public Key Distribution Reinvented, " S IGACT News, v. 18, n.4, 1987, pp. 51-53.
127. C.H. Bennett and G. Brassard, "The Dawn of a New Era for Quantum Cryptography: The Expenmental Prototype is Working!" SIGACT News, v. 20, n. 4, Fall 1989, pp. 78-82.
128. C.H. Bennett, G. Brassard, and S. Breidbart, Quantum Cryptography 11: How to Re-Use a One-Time Pad Safely Even if P=NP, unpublished manuscript, Nov 1982.
129. C.H. Bennett, G. Brassard, S. Breidbart, and S. Weisner, "Quantum Cryptography, or Unforgeable Subway Tokens," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 267-275.
130. C.H. Bennett, G. Brassard, C. Crepeau, and M.-H. Skubiszewska, "Practical Quantum Oblivious Transfer, " Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 351-366.
131. C.H. Bennett, G. Brassard, and A.K. Ekert, "Quantum Cryptography," Scientific American, v. 267, n.4, Oct 1992, pp. 50-57.
132. C.H. Bennett, G. Brassard, and N.D. Mermin, "Quantum Cryptography Without Bell's Theorem, " Physical Review Letters, v.68, n.5, 3 Feb 1992, pp. 557-559.
133. C.H. Bennett, G. Brassard, and J.-M. Robert, "How to Reduce Your Enemy's Information," Advances in Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 468-476.
134. C.H. Bennett, G. Brassard, and J.-M. Robert, "Privacy Amplification by Public Discussion," SIAM Journal on Computing, v. 17, n.2, Apr 1988, pp. 210-229.
135. J. Bennett, "Analysis of the Encryption Algorithm Used in WordPerfect Word Processing Program," Cryptologia, v. l l, n. 4, Oct 1987, pp. 206-210.
136. M. Ben-Or, S. Goldwasscr, and A. Wigderson, "Completeness Theorems for Non Cryptographic Fault-Tolerant Distributed Computation, " Proceedings of the 20th ACM Symposium on the Theory of Computing, 1988, pp. 1-10.
137. M. Ben-Or, O. Goldreich, S. Goldwasser, J. Hastad, J. Kilian, S. Micali, and R Rogaway, "Everything Provable is Provable in Zero-Knowledge," Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 37-56.
138. M. Ben-Or, O. Goldreich, S. Micali, and R.L. Rivest, "A Fair Protocol for Signing Contracts," IEEE Transactions on Information Theory, v. 36, n. 1, Jan 1990, pp. 40 46.
139. H.A. Bergen and W.J. Caelli, "File Security in WordPerfect 5.0," Cryptologia, v. 15, n. 1, Jan 1991, pp. 57-66.
140. E.R. Berlekamp, Algebraic Coding Theory, Aegean Park Press, 1984.
141. S. Berkovits, "How to Broadcast a Secret," Advances i n Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1991, pp. 535-541.
142. S. Berkovits, J. Kowalchuk, and B. Schanning, "Implementing Public-Key Scheme, " IEEE Communications Magazine, v. 17, n. 3, May 1979, pp. 2-3.
143. D.J. Bernstein, Bernstein vs. U.S. Depart- ment of State et al., Civil Action No. C95 0582-MHP, United States District Court for the Northern District of California, 21 Feb 1995.
144. T. Berson, "Differential Cryptanalysis Mod 232 with Applications to MD5, " Advances in Cryptology EUROCRYPT '92 Proceedings, 1992, pp. 71-80.
145. T. Beth, Verfahren der schnellen Fourier-Transformation, Teubner, Stuttgart, 1984. (In German.) 146. T. Beth, "Efficient Zero-Knowledge Identification Scheme for Smart Cards," Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 77-84.
147. T. Beth, B.M. Cook, and D. Gollmann, "Architectures for Exponentiation in GF|2n|," Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 302-310.
148. T. Beth and Y. Desmedt, "Identification Tokens or: Solving the Chess Grandmastcr Problem," Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp.
169-176.
149. T. Beth and C. Ding, "On Almost Nonlinear Permutations, " Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 65-76.
150. T. Beth, M. Frisch, and G.J. Simmons, eds., Lecture Notes in Computer Science 578;
Public Key Cryptography: State of the Art and Future Directions, Springer-Verlag, 1992.
151. T. Beth and F.C. Piper, "The Stop-and-Go Generator," Advances in Cryptology: Procedings of EUROCRYPT 84, Springer-Verlag, 1984, pp. 88-92.
152. T. Beth and F. Schaefer, "Non Supersingular Elliptic Curves for Public Key Cryptosystems," Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 316 327.
153. A. Beutelspacher, "How to Say 'No', " Advances in Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1990, pp. 491-96.
154. J. Bidzos, letter to NIST regarding DSS, 20 Sep 1991.
155. J. Bidzos, personal communication, 1993. 169.
156. R Bieber, "A Logic of Communication in a Hostile Environment," Proceedings of the Computer Security Foundations Workshop, IEEE Computer Society Press, 1990, pp. 14 22.
157. E. Biham, "Cryptanalysts of the Chaotic- Map Cryptosystem Suggested at EUROCRYPT '91, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp.
532-534.
158. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys, " Technical Report #753, Computer Science Department, Technion Israel Institute of Technology, Sep 1992.
159. E. Biham, "On the Applicability of Differential Cryptanalysis to Hash Functions," lecture at EIES Workshop on Cryptographic Hash Functions, Mar 1992.
160. E. Biham, personal communication, 1993.
161. E. Biham, "Higher Order Differential Cryptanalysis, " unpublished manuscript, Jan 1994.
162. E. Biham, "On Modes of Operation," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994,pp. 116-120.
163. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys," Jo urnal of Cryptology, v. 7, n. 4, 1994, pp. 229-246.
164. E. Biham, "On Matsui's Linear Cryptanalysis, " Advances in Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1995, pp. 398 -412.
165. E. Biham and A. Biryukov, "How to Strengthen DES Using Existing Hardware, " Advances in Cryptology ASIACKYPT '94 Proceedings, Springer-Verlag, 1995, to appear.
166. E. Biham and P.C. Kocher, "A Known Plaintext Attack on the PKZIP Encryption," K.U.
Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.
167. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Advances in Cryptology- CRYPTO 90 Proceedings, Springer- Verlag, 1991, pp. 2-21.
168. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, v. 4, n. 1, 1991, pp 3-72.
169. E. Biham and A. Shamir, "Differential Cryptanalysis of Feal and N-Hash, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 181. 1-16.
170. E. Biham and A. Shamir, "Differential Cryptanalysis of Snefru, Khafre, REDOC- II, LOKI, and Lucifer," Advances in Cryptology CRYPTO '91 Proceedings, 1992, pp. 156-171.
171. E. Biham and A. Shamir, "Differential Cryptanalysis of the Full 16-Round DES," Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, 1993, 487- 496.
172. E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.