935. L. Lamport, "Password Identification with Insecure Communications," Communications of the ACM, v. 24, n. 11, Nov 1981, pp. 770-772.

936. S. Landau, "Zero-Knowledge and the Department of Defense," Notices of the American Mathematical Society, v. 35, n. 1, Jan 1988, pp. 5-12.

937. S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D. Mikker, P. Neumann, and D. Sobel, "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy," Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM), Association for Computing Machinery, Jun 1994.

938. S.K. Langford and M.E. Hellman, "Cryptanalysis of DES," presented at 1994 RSA Data Security conference, Redwood Shores, CA, 12-14 Jan 1994.

939. D. Lapidot and A. Shamir, "Publicly Verifiable Non-Interactive Zero-Knowledge Proofs, " Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 353-365.

940. A.V. Le. S.M. Matyas, D.B. Johnson, and J.D. Wilkins, "A Public-Key Extension to the Common Cryptographic Architecture, " IBM Systems Journal, v. 32, n. 3, 1993, pp. 461 485.

941. P. L'Ecuyer, "Efficient and Portable Combined Random Number Generators, " Communications of the ACM, v. 31, n. 6, Jun 1988, pp. 742-749, 774.

942. R L'Ecuyer, "Random Numbers for Simulation," Communications of the ACM, v. 33, n. 10, Oct 1990, pp. 85-97.

943. P.J. Lee and E.E Brickcll, "An Observation on the Security of McEliece's Public-Key Cryptosystem," Advances in Cryptology EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 275-280.

944. S. Lee, S. Sung, and K. Kim, "An Efficient Method to Find the Linear Expressions for Linear Cryptanalysis," Proceedings of the 1995 Korea- Japan Workshop on Information Security and Cryptography, Inuyama, Japan, 24-26 Jan 1995, pp. 183-190.

945. D.J. Lehmann, "On Primality Tests, " SIAM lournal on Computing, v. 11, n. 2, May 1982, pp. 374-375.

946. T. Leighton, "Failsafe Key Escrow Systems, " Technical Memo 483, MIT Laboratory for Computer Science, Aug 1994.

947. A. Lcmpel and M. Cohn, "Maximal Families of Bent Sequences," IEEE Transactions on Information 'Fheory, v. IT-28, n. 6, Nov 963. 1982, pp. 865-868.

948. A. K. Lenstra. " Factoring Multivariate Polynomials Over Finite Fields," Journal of Computer System Science, v. 30, n. 2, 964. Apr 1985, pp. 235 -248.

949. A.K. Lenstra, personal communication, 1995.

950. A.K. Lenstra and S. Haber, letter to NIST Regarding DSS, 26 Nov 1991.

951, A.K. Lcnstra, H.W. Lenstra Jr., and L.Lovacz, "Factoring Polynomials with Rational Coefficients," Mathematische Annalen, v. 261, n. 4, 1982, pp. 515-534.

952. A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard, "The Number Field Sieve," Proceedings of the 22nd ACM Symposium on the Theory of Computing, 1990, pp. 574-672.

953. A.K. Lenstra and H.W. Lenstra, Jr., eds., Lecture Notes in Mathematics 1554: The 967.

Development of the Number Field Sieve, Springer-Verlag, 1993.

954. A.K. Lenstra, H.W. Lcnstra, Jr., M.S. Manasse, and J.M. Pollard' "The Factorization of the Ninth Fermat Number," Mathematics of Computation. v. 61, n. 203, 1993, pp. 319-349.

955. A.K. Lenstra and M.S. Manasse, "Factoring by Electronic Mail," Advances in Cryptology EUROCRYPT '89 Proceedings, Springcr-Verlag, 1990, pp. 355-371.

956. A.K. Lenstra and M.S. Manasse, "Factoring with Two Large Primes," Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 72-82.

957. H.W. Lenstra Jr. "Elliptic Curves and N umber-Theoretic Algorithms, " Report 86-19, Mathematisch Instituut, Universiteit van Amsterdam, 1986.

958. H.W. Lenstra Jr. "On the Chor-Rivest Knapsack Cryptosystem, " Journal of Cryptology, v. 3, n. 3, 1991, pp. 149-155.

959. W.J. LeVequc, Fundamentals of Number Theory, Addison-Wesley. 1 977.

960. L.A. Levin, "One-Way Functions and Pseudo-Randolll Generators." Proceedi ngs of the 17th ACM Symposium on Theory of Computing, 1985, pp. 363-365.

961. Lexar Corporation, "An Evaluation of thc DES," Scp 1976.

962. D.-X. Li, "Cryptanalysts of Public-Kcy Distribution Systcms Based on Dickson Polynomials," Electronics Letters, v. 27, n. 3, 1991, pp. 228-229.

963. F. -X. Li, "How to Break Okamoto's Cryptosystems by Continued Fraction Algorithm," ASIACRYPT '91 Abstracts, 1991, pp. 285-289.

964. Y.X. Li and X.M. Wang, "A Coins Authcntication and Encryption Schemc Bascd on Algebraic Coding Theory," Applied Algebra, Algebraic Algonthms and Error Correcting Codes 9, Springer-Vcrlag, 1991, pp. 241-245.

965. R. Lidl, G.L. Mullen, and G. Turwald, Pitman Monographs and Surveys in Pure and Applied Mathematics 65: Dickson Polynomials, London: Longman Scicntific and Technical, 1993.

966. R. Lidl and W.B. Muller, "Permutation Polynomials in RSA-Cryptosystems, " Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 293-301.

967. R. Lidl and W.B. Mullcr, "Generalizations of the Fibonacci Pseudoprimes Test," Discrete Mathematics, v. 92, 1991, pp. 211-220.

968. R. Lidl and W.B. Muller, "Primality Testing with Lucas Functions," Advances in Cryptology A USCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 539-542.

969. R. Lidl, W.B. Muller, and A. Oswald, "Some Remarks on Strong Fibonacci Pscudoprimes," Applicable Algebra in Engineering, Communication and Computing, v. 1, n. 1, 1990, pp.

59 65.

970. R. Lidl and H. Niederreiter, "Finite Fields," Encyclopedia of Mathematics and its Application.s, v. 20, Addison-Wesley, 1983.

971. R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Applicatio ns. London:

Cambridge Univcrsity Press, 1986.

972. K. Lieberherr, "Unifonn Complexity and Digital Signaturcs," Theoretical Computer Science, v. 16, n. 1, Oct 1981, pp. Y9-] 10.

973. C.H. Lim and RJ. Lee, "A Practical Electronic Cash System for Smart Cards," Proceedings of the 1993 Korea-Japan Workshop on Informatio n Security and Cryptography Seoul, Korea, 24-26 Oct 1993, pp. 34-47.

974. C.H. Lim and P.J. Lee, "Security of interactive RSA Batch Verification," Electronics Letters, v. 30, n. 19, 15 Sep 1994, pp. 1592-1593.

975. H.-Y. Lin and L. Harn, "A Generalized Secret Sharing Scheme with Cheater Detection," Advances in Cryptology ASIACRYPT '91 Proceedings, Springer -Verlag, 1993, pp. 149 158.

976. M.-C. Lin, T.-C. Chang, and H.-L. Fu, "Information Rate of McEliece's Public key Cryptosystem," Electronics Letters, v. 990. 26, n. 1, 4 Jan 1990, pp. 16-18.

977. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment and Authentication Procedures, " RFC 989, Feb 1987.

978. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment and Authentication Procedures, " RFC 1040, Jan 1988.

979. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I Message Encipher ment and Authentication Procedures, " RFC 1113, Aug 1989.

980. J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part III Algorithms, Modes, and Identifiers," RFC 1115, Aug 1989.

981. J. Linn, " Privacy Enhancement for Internet Electronic Mail: Part I Message Encipherment and Authentication Procedures, " RFC 1421, Feb 1993.

982. S. Lloyd, "Counting Binary Functions with Certain Cryptographic Properties, " Journal of Cryptology, v. 5, n. 2, 1992, pp. 107-131.

983. T.M.A. Lomas, "Collision-Freedom, Considered Harmful, or How to Boot a Computer," Proceedings of the 1995 Korea-Japan Workshop on Information Security and Cryptography, Inuyama, Japan, 24-26 Jan 1995, pp. 35-42.

984. T.M.A. Lomas and M. Roe, "Forging a Clipper Message, " Communications of the ACM, v.

37, n. 12, 1994, p. 12.

985. D.L. Long, "The Security of Bits in the Discrete Logarithm, " Ph.D. dissertation, Princeton University, Jan 1984.

986. D.L. Long and A. Wigderson, "How Discrete Is the Discrete Log," Proceedings of the 15th Annual ACM Syposium on the Theory of Computing, Apr 1983.

987. D. Longlcy and S. Rigby, "An Automatic Search for Security Flaws in Key Management Schemes," Computers and Security v. 11, n. 1, Jan 1992. pp. 75-89.

988. S.H. Low, N.F. Maxemchuk, and S. Paul, "Anonymous Credit Cards," Proceedings of the 2nd Annual ACM Conference on Computer and Communications Security, ACM Press, 1994, pp. 108-117.

989. J.H. Loxton, D.S.P Khoo, G.J. Bird, and J. Seberry, "A Cubic RSA Code Equivalent to Factorization," Journal of Cryptology, v. 5, n. 2, 1992, pp. 139-150.

990. S.C. Lu and L.N. Lee, "A Simple and Effective Public-Key Cryptosystem," COMSAT Technical Review, 1979, pp. 15-24.

991. M. Luby, S. Micali and C. Rackoff, "How to Simultaneously Exchange a Secret Bit by Flipping a Symmetrically-Biased Coin, " Proceedings of the 24nd Annual Symposium on the Foundations of Computer Science, 1983, pp. 11-22.

992. M. Luby and C. Rackoff, "How to Construct Pseudo-Random Permutations from Pseudorandom Functions," SIAM lournal on Computing, Apr 1988, pp. 373-386.

993. F. Luccio and S. Mazzone, "A Cryptosystem for Multiple Communications, " Information Processing Letters, v. 10, 1980, pp. 180-183.

994. V Luchangco and K. Koyama, "An Attack on an ID-Based Key Sharing System, Proceedings of the 1993 Korea-Japan Workshop on Information Security and Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 262-271.

995. D.J.C. MacKay, "A Free Energy Minimization Framework for Inferring the State of a Shift Register Given the Noisy Output Sequence, " K. U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.

996. M.D. MacLaren and G. Marsaglia, "Uniform Random Number Generators," Journal of the ACM v. 12, n. 1, Jan 1965, pp. 83-89.

997. D. MacMillan, "Single Chip Encrypts Data at 14M b/s," Electronics, v. 54, n. 12, 16 June 1981, pp. 161-165.

998. R. Madhavan and L.E. Peppard, "A Multiprocessor GaAs RSA Cryptosystem," Proceedings CCVLSI-89: Canadian Conference on Very Large Scale Integration, Vancouver, BC, Canada, 22-24 Oct 1989, pp. 115-122.

999. W.E. Madryga, "A High Performance Encryption Algorithm," Computer Secu rity: A Global Challenge, Elsevier Science Publishers, 1984, pp. 557-570.

1000. M. Mambo, A. Nishikawa, S. Tsujii, and E. Okamoto, "Efficient Secure Broadcast Communication System," Proceedings of the 1993 Korea- Japan Workshop on Information Security and Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 23 -33.

1001. M. Mambo, K. Usuda, and E. Okamoto, "Proxy Signatures," Proceedings of the Sympusium on Cryptography and Information Secunty (SCIS 95), Inuyama, Japan, 24- Jan 1995, pp. B1.1.1-17.

1002. W. Mao and C. Boyd, "Towards Formal Analysis of Security Protocols," Proceedings of the Computer Security Foundations Workshop Vl, IEEE Computer Society Press, 1993, pp.

147-158.

1003. G. Marsaglia and T.A. Bray, "On-Line Random Number Generators and their Use in Combinations, " Communications of the ACM, v. 11, n. 11, Nov 1968, p. 757-759.

1004. K.M. Martin, "Untrustworthy Participants in Perfect Secret Sharing Schemes," Cryptography and Coding 111, M.J. Ganley, ed., Oxford: Clarendon Press, 1993, pp.

255-264.

1005. J.L. Massey, "Shift-Register Synthesis and BCH Decoding," IEEE Transactions on Information Theory, v. IT-15, n. 1, Jan 1969, pp. 122-127.

1006. J.L. Massey, "Cryptography and System Theory," Proceedings of the 24th Allerton Conference on Communication, Control, and Computers, 1-3 Oct 1986, pp. 1-8.

1007. J.L. Massey, "An Introduction to Contemporary Cryptology, " Proceedings of the IEEE, v. 76, n. 5., May 1988, pp. 533-549.

1008. J.L. Massey, "Contemporary Cryptology: An Introduction," in Contemporary Cryptology:

The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 1-39.

1009. J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1-17.

1010. J.L. Massey, "SAFER K-64: One Year Later," K. U. Leuven Workshop on Crypto graphic Algorithms, Springer-Verlag, 1995, to appear.

1011. J.L. Massey and I. Ingemarsson, "The Rip Van Winkle Cipher A Simple and Provably Computationally Secure Cipher with a Finite Key," IEEE International Symposium on Information Theory, Brighton, UK, May 1985.

1012. J.L. Massey and X. Lai, "Device for Converting a Digital Block and the Use Thereof, " International Patent PCT/ CH91/00117, 28 Nov 1991.

1013. J.L. Massey and X. Lai, "Device for the Conversion of a Digital Block and Usc of Same," U.S. Patent #5,214,703, 25 May 1993.

1014. J.L. Massey and R.A. Rueppel, "Linear Ciphers and Random Sequence Generators with Multiple Clocks, " Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer Verlag, 1985, pp. 74-87.

1015. M. Matsui, "Linear Cryptanalysis Method for DES Cipher, " Advances in C ryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 386-397.

1016. M. Matsui, "Linear Cryptanalysis of DES Cipher," Proceedings of the 1993 Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28-30 Jan 1993, pp.

3C.1-14. (In Japanese.) 1017. M. Matsui, "Linear Cryptanalysis Method for DES Cipher " Proceedings of the Symposium on Cryptography and Information Security (SCIS 94), Lake Biwa, Japan, 27 29 Jan 1994, pp. 4A.1-11. (In Japanese.) 1018. M. Matsui, "On Correlation Between the Order of the S-Boxes and the Strength of DES," Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-V erlag, 1995, to appear.

1019. M. Matsui, "The First Experimental Cryptanalysis of thc Data Encryption Standard," Advances in Cryptology CRYPTO ' 94 Proceedings, Springer -Verlag, 1994, pp. 1-11.

1020. M. Matsui and A. Yamagishi, "A New Method for Known Plaintext Attack of FEAL Cipher," Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 81 -91.

1021. T. Matsumoto and H. Imai, "A Class of Asymmetric Crypto-Systems Based on Polynomials Over Finite Rings, " IEEE International Symposium on Information Theory, 1983, pp. 131-132.

1022. T. Matsumoto and H. Imai, "On the Key Production System: A Practical Solution to the Key Distribution Problem,'' Advances in Cryptology CRYPTO '87 Proceedings, Springer Verlag, 1988, pp. 185-193.

1023. T. Matsumoto and H. Imai, "On the Security of Some Key Sharing Schemes (Part 2)," IEICE Japan, Technical Report, ISEC90-28, 1990.

1024. S.M. Matyas, "Digital Signatures. An Overview, " Computer Networks, v. 3, n.2, Apr 1979, pp. 87-94.

1025. S.M. Matyas, "Key Handling with Control Vectors," IBM Systems journal, v. 30, n. 2, 1991, pp. 151-174.

1026. S.M. Matyas, A.V. Le. and D.G. Abraham, "A Key Management Scheme Based on Control Vectors," IBM Systems journal, v.30, n. 2, 1991, pp. 175-191.

1027. S.M. Matyas and C.H. Meyer, "Generation, Distribution, and Installation of Cryptographic Keys," IBM Systems Journal, v. 17, n. 2, 1978, pp. 126-137.

1028. S.M. Matyas, C.H. Meyer, and J. Oseas, "Generating Strong One-Way Functions with Cryptographic Algorithm, " IBM Technical Disclosure Bulletin, v. 27, n. 10A, Mar 1985, pp. 5658-5659.

1029. U.M. Maurer, "Provable Security in Cryptography," Ph.D. dissertation, ETH No. 9260, Swiss Federal Institute of Technology, Zurich, 1990.

1030. U.M. Maurer, "A Provable-Secure Strongly-Randomized Cipher," Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 361-373.

1031. U.M. Maurer, "A Universal Statistical Test for Random Bit Generators, " Advances in Cryptology CRYPTO '90, Proceedings, Springer-Verlag, 1991, pp. 409-420.

1032. U.M. Maurer, "A Universal Statistical Test for Random Bit Generators," Journal of Cryptology, v. 5, n. 2, 1992, pp. 89-106.

1033. U.M. Maurer and J.L. Massey, "Cascade Ciphers: The Importance of Being First," Journal of Cryptology, v. 6, n. 1, 1993, pp. 55-61.

1034. U.M. Maurer and J.L. Massey, "Perfect Local Randomness in Pseudo-Random Sequences, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 110-112.

1035. U.M. Maurer and Y. Yacobi, "Non interactive Public Key Cryptography, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 498-507.

1036. G. Mayhew, "A Low Cost, High Speed Encryption System and Method," Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, 1994, pp. 147-154.

1037. G. Mayhew, R. Frazee, and M. Bianco, "The Kinetic Protection Device, " Proceedings of the 15th National Computer Security Conference, NIST, 1994, pp. 147-154.

1038. K.S. McCurley, "A Key Distribution System Equivalent to Factoring," Journal of Cryptology, v. 1, n. 2, 1988, pp. 95-106.

1039. K.S. McCurley, "The Discrete Logarithm Problem," Cryptography and Computational Number Theory (Proceedings of the Symposium on Applied Mathematics ), American Mathematics Society, 1990, pp. 49-74.

1040. K.S. McCurley, open letter from the Sandia National Laboratories on the DSA of the NIST, 7 Nov 1991.

1041. R.J. McEliece, "A Public-Key Cryptosystem Based on Algebraic Coding Theory," Deep Space Network Progress Report 42-44, Jet Propulsion Laboratory, California Institute of Technology, 1978, pp. 114-116.

1042. R.J. McEliece, Finite Fields for Computer Scientists and Engineers, Boston: Kluwer Academic Publishers, 1987.

1043. P. McMahon, "SESAME V2 Public Key and Authorization Extensions to Kerberos, " Proceedings of the Internet Society 1Y95 Symposium on Network and Distributed Systems Security, IEEE Computer Society Press, 1995, pp. 114-131.

1044. C.A. Meadows, "A System for the Specification and Analysis of Key Management Protocols," Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp. 182-195.

1045. C.A. Meadows, "Applying Formal Methods to the Analysis of a Key Management Protocol," Journal of Computer Security. v. I, n. 1, 1992,pp.5-35.

1046. C.A. Meadows, "A Model of Computation for the NRL Protocol Analyzer, " Proceedings of the Computer Security Foundations Workshop VII, IEEE Computer Society Press, 1994, pp. 84-89.

1047. C.A. Meadows, "Formal Verification of Cryptographic Protocols: A Survey," Advances in Cryptology ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 133-150.

1048. G. Medvinsky and B.C. Neuman, "Net Cash: A Design for Practical Electronic Currency on the Internet," Proceedings of the 1st Annual ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 102-106.

1049. G. Medvinsky and B.C. Neuman, "Electronic Currency for the Internet," Electro nic Markets, v 3, n. 9/10, Oct 1993, pp. 23-24.

1050. W. Meier, "On the Security of the IDEA Block Cipher," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer -Verlag, 1994, pp. 371-385.

1051. W. Meier and O. Staffelbach, "Fast Correlation Attacks on Stream Ciphers," Journal of Cryptology v I n. 3, 1989, pp. 159-176.

1052. W. Meier and O. Staffelbach, "Analysis of Pseudo Random Sequences Generated by Cellular Automata, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer Verlag, 1991, pp. 186-199.

1053. W. Meier and O. Staffelbach, "Correlation Properties of Combiners with Memory in Stream Ciphers, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer Verlag, 1991, pp. 204-213.

1054. W. Meier and O. Staffelbach, "Correlation Properties of Combiners with Memory in Stream Ciphers, " Journal of Cryptology, v. 5, n. 1, 1992, pp. 67-86.

1055. W. Meier and O. Staffelbach, "The Self -Shrinking Generator," Communications and Cryptography: Two Sides of One Tapestry R.E. Blahut et al., eds., Kluwer Adademic Publishers, 1994, pp. 287-295.

1056. J. Meijers, "Algebraic-Coded Cryptosystems," Master's thesis, Technical University Eindhoven, 1990.

1057. J. Meijers and J. van Tilburg, "On the Rao -Nam Private-Key Cryptosystem Using Linear Codes," International Symposium on Information Theory, Budapest, Hun gary, 1991.

1058. J. Meijers and J. van Tilburg, "An Improved 5T-Attack on the Rao-Nam Private-Key Cryptosystem," International Conference on Finite Fields, Coding Theory, and Advances in Communications and Computing, Las Vegas, NV, 1991.

1059. A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Pub lishers, 1993.

1060. A. Menezes, ed., Applications of Finite Fields, Kluwer Academic Publishers, 1993.

1061. A. Menezes and S.A. Vanstone, "Elliptic Curve Cryptosystems and Their Implementations," Journal of Cryptology, v. 6, n. 4, 1993, pp. 209-224.

1062. A. Menezes and S.A. Vanstone, "The Implementation of Elliptic Curve Cryptosystems, " Advances in Cryptology AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 2-13.

1063. R. Menicocci, "Short Gollmann Cascade Generators May Be Insecure," Codes and Ciphers, Institute of Mathematics and its Applications, 1995, pp. 281-297.

1064. R.C. Merkle, "Secure Communication Over Insecure Channels," Communications of the ACM, v. 21, n. 4, 1978, pp. 294-299.

1065. R.C. Merkle, "Secrecy, Authentication, and Public Key Systems," Ph.D. dissertation, Stanford University, 1979.

1066. R.C. Merkle, "Method of Providing Digital Signatures," U.S. Patent #4,309,569, 5 Jan 1067. R.C. Merkle, "A Digital Signature Based on a Conventional Encryption Function," Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 369-378.

1068. R.C. Merkle, "A Certified Digital Signature," Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1990, pp. 218-238.

1069. R.C. Merkle, "One Way Hash Functions and DES, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 428 446.

1070. R.C. Merkle, "A Fast Software One-Way Hash Function," Journal of Cryptology, v. 3, n.

1, 1990, pp. 43-58.

1071. R.C. Merkle, "Fast Software Encryption Functions, " Advances in Cryptology CRYPTO '90, Proceedings, Springer-Verlag, 1991, pp. 476-501.

1072. R.C. Merkle, "Method and Apparatus for Data Encryption," U.S. Patent #5,003,597, Mar 1991.

1073. R.C. Merkle, personal communication, 1993.

1074. R.C. Merkle and M. Hellman, "Hiding information and Signatures in Trapdoor Knapsacks," IEEE Transactions on Information Theory, v. 24, n. 5, Sep 1978, pp. 525 530.

1075. R.C. Merkle and M. Hellman, "On the Security of Multiple Encryption," Communications of the ACM, v. 24, n. 7, 1981, pp. 465 -467.

1076. M. Merritt, "Cryptographic Protocols," Ph.D. dissertation, Georgia Institute of Technology, GIT-ICS-83/6, Feb 1983.

1077. M. Merritt, "Towards a Theory of Cryptographic Systems: A Critique of Crypto Complexity," Distributed Computing and Cryptograph y, J. Feigenbaum and M. Merritt, eds., American Mathematical Society, 1991, pp. 203-212.

1078. C.H. Meyer, "Ciphertext/Plaintext and Ciphertext/Key Dependencies vs. Number of Rounds for Data Encryption Standard," AFIPS Conference Proceedings, 47, 1978, pp.

1119-1126.

1079. C.H. Meyer, "Cryptography A State of the Art. Review, " Proceedings of CompEuro '89, VLSI and Computer Peripherals, 3rd Annual European Computer Conference, IEEE Press, 1989, pp. 150-154.

1080. C.H. Meyer and S.M. Matyas, Cryptography: A New Dimension in Computer Data Security, New York: John Wiley & Sons, 1982.

1081. C.H. Meyer and M. Schilling, "Secure Program Load with Manipulation Detection Code, " Proceedings of Securicom '88, 1988, pp. 111-130.

1082. C.H. Meyer and W.L. Tuchman, "Pseudo -Random Codes Can Be Cracked, " Electronic Design, v. 23, Nov 1972.

1083. C.H. Meyer and W.L. Tuchman, "Design Considerations for Cryptography, " Proceedings of the NCC, v. 42, Montvale, NJ: AFIPS Press, Nov 1979, pp. 594-597.

1084. S. Micali, "Fair Public-Key Cryptosystems, " Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1993, pp. 113-138.

1085. S. Micali, "Fair Cryptosystems," MIT/LCS/TR-579.b, MIT Laboratory for Computer Science, Nov 1993.

1086. S. Micali, "Fair Cryptosystems and Methods for Use," U.S. Patent #5,276,737, 4 Jan 1994.

1087. S. Micali, "Fair Cryptosystems and Methods for Use," U.S. Patent #5,315,658, 24 May 1994.

1088. S. Micali and A. Shamir, "An Improvemcnt on the Fiat-Shamir Identification and Signature Scheme," Advances in Cryptollgy CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp.

244-247.

1089. M.J. Mihajlevic, "A Correlation Attack on the Binary Sequence Generators with Time Varying Output Function, " Advances in Cryptology ASIACRYPT'94, Proceedings, Springer-Verlag, 1995, pp. 67-79.

1090. M.J. Mihajlevic and J.D. Golic, "A Fast Iterative Algorithm for a Shift Register Internal State Reconstruction Given the Noisy Output Sequence, " Advances in Cryptology AUSCRYPT '90 Proceedings, Springer-Verlag, 1990, pp. 165-175.

1091. M.J. Mihajlevic and J.D. Golic, "Convergence of a Bayesian Iterative Error-Correction Procedure to a Noisy Shift Register Sequence," Advances in Cryptology, EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 124-137.

1092. J.K. Millen, S.C. Clark, and S.B. Freedman, "The Interrogator: Protocol Security Analysis," IEEE Transactions on Software Engineering, v. SE-13, n.2, Feb 1987, pp.274 288.

1093. G.L. Miller, "Riemann's Hypothesis and Tests for Primality," Journal of Computer Systems Science, v. 13, n. 3, Dec 1976, pp. 300-317.

1094. S.R Miller, B.C. Neuman, J.I. Schiller, and J.H. Saltzer, "Section E.2.1: Kerberos Authentication and Authorization System," MIT Project Athena, Dec 1987.

1095. V.S. Miller, "Use of Elliptic Curves in Cryptography, " Advances in Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 417-426.

1096. M. Minsky, Computation: Finite and Infinite Machines, Englewood Cliffs, NJ: Prentice Hall, 1967.

1097. C.J. Mitchell, "Authenticating Multi-Cast Internet Electronic Mail Messages Using a Bidirectional MAC Is Insecure, " draft manuscript, 1990.

1098. C.J. Mitchell, "Enumerating Boolean Functions of Cryptographic Significance," Journal of Cryptology, v. 2, n. 3, 1990, pp. 155-170.

1099. C.J. Mitchell, F. Piper, and P. Wild, "Digital Signatures, " Contemporary Cryptology:

The Science of Information Integtity, G.J. Simmons, ed., IEEE Press, 1991, pp. 325-378.

1100. C.J. Mitchell, M. Walker, and D. Rush, "CCITT/ISO Standards for Secure Messagc Handling," IEEE Journal on Selected Areas in Communications, v. 7, n. 4, May 1989, pp. 517 524.

1101. S. Miyaguchi, "Fast Encryption Algorithm for the RSA Cryptographic System," Proceedings of Compcon 82, IEEE Press, pp. 1115. 672-678.

1102. S. Miyaguchi, "The FEAL-8 Cryptosystem and Call for Attack, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 624-627.

1103. S. Miyaguchi, "Expansion of the FEAL Cipher," NTT Review, v. 2, n. 6, Nov 1990.

1104. S. Miyaguchi, "The FEAL Cipher Family,'' Advances in Cryptology CKYPTO ' Proceedings, Springer-Verlag, 1991, pp. 627-638.

1105. S. Miyaguchi, K. Ohta, and M. Iwata, " 128- bit Hash Function IN-Hashl," Proceedings of SECURICOM '90, 1990, pp. 127-137.

1106. S. Miyaguchi, K. Ohta, and M. Iwata, " 128- bit Hash Function (N-Hash)," NTT Review, v. 2, n. 6, Nov 1990, pp. 128-132.

1107. S. Miyaguchi, K. Ohta, and M. Iwata, "Confirmation that Some Hash Functions Are Not Collision Free," Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 326-343.

1108. S. Miyaguchi, A. Shiraishi, and A. Shimizu, "Fast Data Encipherment Algorithm FEAL-8," Review of tile Electrical Communication Laboratories, v. 36, n. 4, 1988.

1109. H. Miyano, "Differential Cryptanalysis on CALC and Its Evaluation," Proceedings of the 1992 Symposium on Cryptography and Information Security ISCIS 92, Tateshina, Japan, 2-4 Apt 1992, pp. 7B.1-8.

1110. R. Molva, G. Tsudik, E. van Hcrreweghen, and S. Zatti, "KryptoKnight Authentication and Key Distribution System," Proceedings of European Symposium on Research in completer Security, Toulouse, France, Nov 1992.

1111. P.L. Montgomery, "Modular Multiplication without Trial Division," Mathematics of computation, v. 44, n. 170, 1985, pp. 51Y-521.

1112. RL. Montgomery, "Speeding the Pollard and Elliptic Curve Methods of Factorization," Mathematics of Computation, v.48, n. 177, Jan 19R7, pp. 243-264.

1113. P.L. Montgomery and R. Silverman, "An FFT Extension to the p- l Factoring Algorithm," Mathematics of Computation, v. 54, n. 190, 1990, pp. 839-854.

1114. J.H. Moore, "Protocol Failures in Cryptosystems," Proceedings of the IEEE, v. 76, n. 5, May 1988.

1115. J.H. Moore, "Protocol Failures in Cryptosystems," in Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 541-558.

1116. J.H. Moore and G.J. Simmons, "Cycle Structure of the DES with Weak and Semi -Weak Keys, " Advances in Cryptology CRYPTO '86 Proceedings, SpringerVerlag, 1987, pp. 3 32.

1117. T. Moriyasu, M. Moriai, and M. Kasahara, "Nonlinear Pseudorandom Number Generator with Dynamic Structure and Its Properties," Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS 94), Biwako, Japan, 27-29 Jan 1994, pp.

8A.l-ll.

1118. R. Morris, "The Data Encryption Standard Retrospective and Prospects," IEEE Communications Magazine, v. 16, n. 6, Nov 1978, pp. 11-14.

1119. R. Morris, remarks at the 1993 Cambridge Protocols Workshop, 1993.

1120. R. Morris, N.J.A. Sloane, and A.D. Wyner, "Assessment of the NBS Proposed Data Encryption Standard," Cryptologia, v. 1, n. 3, Jul 1977, pp. 281-2 91.

1121. R. Morris and K. Thompson, "Password Security: A Case History," Communications of the ACM, v. 22, n. 11, Nov 1979, pp. 594-597.

1122. S.B. Morris, "Escrow Encryption," lecture at MIT Laboratory for Computer Science, Jun 1994.

1123. M.N. Morrison and J. Brillhart, "A Method of Factoring and the Factorization of F7," Mathematics of Computation, v. 29, n. 129, Jan 1975, pp. 183-205.

1124. L.E. Moser, "A Logic of Knowlcdgc and Belief for Reasoning About Computer Security, "Proceedings of the Computer Security Foundations Workshop 11, IEEE Computer Society Press, 1989, pp. S7 63.

1125. Motorola Government Electronics Division, Advanced Techniques i n Network security' Scottsdale, AZ, 1977.

1126. W.B. Muller, "Polynomial Functions in Modern Cryptology," contrib utions to General Algebra 3: Proceedings of the Vienna Conference, Vienna: Verlag H older-Pichler Tempsky' 1985, pp. 7-32.

1127. W.B. Muller and W. Nobauer, "Some Remarks on Public-Key Cryptography, " Studia Scientiarum Mathematicarum Hungarica, v. 16, 1981, pp. 71-76.

1128. W.B. Muller and W. Nobauer, "Cryptanalysis of the Dickson Scheme," Advances in Cryptology EUROCRYPT '85 Proceedings, Springer-Verlag, 1986, pp. 50-61.

1129. C. Muller-Scholer, "A Microprocessor-Based Cryptoprocessor," IEEE Micro, Oct 1983, pp. 5-15.

1130. R.C. Mullin, E. Nemeth, and N. Weidenhofer, "Will Public Kcy Cryptosystems Live Up to Their Expectations? HEP Implementation of the Discrete Log Codebreaker," ICPP 85, pp.

193-196.

1131. Y. Murakami and S. Kasahara, "An ID-Based Key Distribution Scheme, " IEICE Japan, Technical Report, ISEC90-26, 1990.

1132. S. Murphy, "The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts, " Journal of Cryptology, v. 2, n. 3, 1990, pp. 145-154.

1133. E.D. Mycrs, "STU-III Multilevel Secure Computer Interface," Proceedings of the Tenth Annual Computer Security Applications Conference, IEEE Computer Society Press, 1994, pp. 170-179.

1134. D. Naccache, "Can O.S.S. be Repaired ? Proposal for a New Practical Signature Scheme," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 233-239.

1135. D. Naccache, D. M'Raihi, D. Raphacli, and S. Vaudenay, "Can D.S.A. be Improved:

Complexity Trade-Offs with the Digital Signature Standard, " Advances in Cryptology EUKOCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.

1136. Y. Nakao, T. Kaneko, K. Koyama, and R. Terada, "A Study on the Security of RDES Cryptosystem against Linear Cryptanalysis," Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24 -27 Jan 1995, pp. 163-172.

1137. M. Naor, "Bit Commitmcnt Using Pseudo-Randomness," Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 128-136.

1138. M. Naor and M. Yung, "Universal One-Way Hash Functions and Their Cryptographic Application," Proceedings of the 21stAnnual ACM Symposium on the Theory of Computing, 1989, pp. 33 43.

1139. National Bureau of Standards, "Report of the Workshop on Estimation of Significant Advances in Computer Technology, " NBSIR 76-1189, National Bureau of Standards, U.S. Department of Commercc, 21-22 Sep 1976, Dec 1977.

1140. National Bureau of Standards, NBS FIPS PUB 46, "Data Encryption Standard, " National Bureau of Standards, U.S. Department of Commerce, Jan 1977.

1141. National Bureau of Standards, NBS FIPS PUB 46-1, "Data Encryption Standard," U.S.

Department of Commerce, Jan 1988.

1142. National Bureau of Standards, NBS FIPS PUB 74, "Guidelines for Implementing and Using the NBS Data Encryption Standard, " U.S. Department of Commerce, Apr 1981.

1143. National Bureau of Standards, NBS FIPS PUB 81, "DES Modes of Operation," U.S.

Department of Commerce, Dec 1980.

1144. National Bureau of Standards, NBS FIPS PUB 112, "Password Usage," U.S. Department of Commerce, May 1985.

1145. National Bureau of Standards, NBS FIPS PUB 113, "Computer Data Authentication," U.S.

Department of Commerce, May 1985.

1146. National Computer Security Center, "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria," NCSC-TG-005 Version 1, Jul 1987.

1147. National Computer Security Centcr, "Trusted Datahase Management System Interpretation of the Trusted Computer System Evaluation Criteria, " NCSC-TG-021 Version 1, Apr 1 991.

1148. National Computer Security Center, "A Guide to Understanding Data Rememberance in Automated Information Systems," NCSC-TG-025 Version 2, Sep 1991.

1149. National Institute of Standards and Technology, NIST FIPS PUB XX, "Digital Signature Standard," U.S. Department of Commcrce, DRAFT, 19 Aug 1991.

1150. National Institute of Standards and Technology, NIST FIPS PUB 46-2, "Data Encryption Standard," U.S. Department of Commcrcc, Dec 93.

1151. National Institute of Standards and Technology, NIST FIPS PUB 171, "Key Management Using X9.17," U.S. Departmcnt of Commcrce, Apr 92.

1152. National Institute of Standards and Technology, NIST FIPS PUB 180, "Secure Hash Standard, " U.S. Department of Commerce, May 93.

1153. National Institute of Standards and Technology, NIST FIPS PUB 185, "Escrowed Encryption Standard," U.S. Department of Commerce, Feb 94.

1154. National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature Standard, " U.S. Department of Commerce, May 1994.

1155. National Institute of Standards and Technology," Clipper Chip Technology," 30 Apr 1993.

1156. National Institute of Standards and Technology," Capstone Chip Technology," 30 Apr 1993.

1157. J. Nechvatal, "Public Key Cryptography, " NIST Special Publication 800-2, National Institute of Standards and Technology, U.S. Department of Commerce, Apr 1991.

1158. l. Nechvatal, "Public Key Cryptography," Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1992, pp. 177-288.

1159. R.M. Needham and M.D. Schroeder, "Using Encryption for Authentication in Large Networks of Computers," Communications of the ACM, v. 21, n. 12, Dec 1978, pp. 993 999.

1160. R.M. Ncedham and M.D. Schroeder, "Authentication Revisited," Operating Systems Review, v. 21, n. 1, 1987, p. 7.

1161. D.M. Nessett, "A Critique of the Burrows, Abadi, and Needham Logic," Operating System Review, v. 20, n. 2, Apr 1990, pp. 35-38.

1162. B.C. Ncuman and S. Stubblebine, "A Note on the Use of Timestamps as Nonces, " Operating Systems Review, v. 27, n. 2, Apr 1993, pp. 10-14.

1163. B.C. Neuman and T. Ts'o, "Kerberos: An Authentication Service for Computer Networks," IEEE Communications Magazine, v. 32, n. 9, Sep 1994, pp. 33-38.

1164. L. Neuwirth, "Statement of Lee Nenwirth of Cylink on HR145," submitted to congressional committees considering HR145, Feb 1987.

1165. D.B. Newman, Jr. and R.L. Pickholtz, "Cryptography in the Private Sector," IEEE Communications Magazine, v. 24, n. 8, Aug 1986, pp.7-10.

1166. H. Niederreiter, "A Public-Key Cryptosystem Based on Shift Register Sequences," Advances in Cryptology EZJROCRYPT '85 Proceedings, Springer-Verlag, 1986, pp. 35 39.

1167. H. Niederreiter, "Knapsack-Type Cryptosystems and Algebraic Coding Theory," Problems of Control and Information Theory, v. 15, n. 2, 1986, pp. 159-166.

1168. H. Niederreiter, "The Linear Complexity Profile and the Jump Complexity of Keystream Sequences, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 174-188.

1169. V. Niemi, "A New Trapdoor in Knapsacks," Advances in Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1991, pp. 405 -411.

1170. V. Niemi and A. Renvall, "How to Prevent Buying of Voters in Computer Elections," Advances in Cryptology ASIACRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 164 170.

1171. I. Niven and H.A. Zuckerman, An Introduction to the Theory of Numbers, New York:

John Wiley & Sons, 1972.

1172. R. Nobauer, "Cryptanalysts of the Redei Scheme," Contributions to General Algebra 3:

Proceedings of the Vienna Conference, Verlag Holder-Pichler-Tempsky, Vienna, 1985, pp.

255-264.

1173. R. Nobauer, "Cryptanalysts of a Public- Key Cryptosystem Based on Dickson-Polynomials," Mathematica Slovaca, v. 38, n. 4, 1988, pp. 309-323.

1174. K. Nogochi, H. Ashiya, Y. Sano, and T. Kaneko, "A Study on Differential Attack of MBAL Cryptosystem," Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS' 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 14B.1-7. (In Japanese.) 1175. H. Nurmi, A. Salomaa, and L. Santean, "Secret Ballot Elections in Computer Networks," Computers & Security, v. 10, 1991, pp. 553-560.

1176. K. Nyberg, "Construction of Bent Functions and Difference Sets," Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 151-160.

1177. K. Nyberg, "Perfect Nonlinear S-Boxes," Advances in Cryptology EUROCRYPT ' Proceedings. Springcr-Verlag, 1991, pp. 378-386.

1178. K. Nyberg, "On the Construction of Highly Nonlinear Permutations, " Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag 1991, pp. 92-98.

1179. K. Nyberg, "Differentially Uniform Mappings for Cryptography," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 55-64.

1180. K. Nyberg, "Provable Security against Differential Cryptanalysis," presented at the rump session of Eurocrypt '94, May 1994.

1181. K. Nyberg and L.R. Knudsen, "Provable Secu rity against Differential Cryptanalysis," Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 566-574.

1182. K. Nyberg and L.R. Knudsen, "Provable Security against Differential Cryptanalysis," Journal of Cryptology, v. 8, n. 1, 1995, pp. 27-37.

1183. K. Nyberg and R.A. Rueppel, "A New Signature Scheme Based on the DSA Giving Message Recovery," 1st ACM Conference on Computer and Communications Secu rity, ACM Press, 1993, pp. 58-61.

1184. K. Nyberg and R.A. Rueppel, "Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem," Advances in Cryptology EUROCRYPT '94 Proceedings, Spnnger-Verlag, 1995, to appear.

1185. L. O'Connor, "Enumerating Nondegenerate Permutations," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 368-377.

1186. L. O'Connor, "On the Distribution of Characteristics in Bijective Mappings, " Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 360-370.

1187. L. O'Connor, "On the Distribution of Characteristics in Composite Permutations, " Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 403-412.

1188. L. O'Connor and A. Klapper, "Algebraic Nonlinearity and Its Application to Cryp tography," Journal of Cryptology, v. 7, n.3, 1994, pp. 133-151.

1189. A. Odlyzko, "Discrete Logarithms in Finite Fields and Their Cryptographic Sig nificance," Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp.

224-314.

1190. A. Odlyzko, "Progress in Integer Factorization and Discrete Logarithms, " unpublished manuscript, Feb 1995.

1191. Office of Technology Assessment, U.S. Congress, "Defending Secrets, Sharing Data:

New Locks and Keys for Electronic Communication, " OTA-CIT-310, Washington, D.C.:

U.S. Government Printing Office, Oct 1987.

1192. B. O'Higgins, W. Diffie, L. Strawczynski, and R. de Hoog, "Encryption and ISDN a Natural Fit," Proceedings of the 1987 International Switching Symposium. 1987, pp. 863 869.

1193. Y. Ohnishi, "A Study on Data Security," Master's thesis, Tohuku University, Japan, 1988.

(In Japanese.) 1194. K. Ohta, "A Secure and Efficient Encrypted Broadcast Communication System Using a Public Master Key," Transactions of the Institute of Electronics, Information, and Communication Engineers, v. J70-D, n. 8, Aug 1987, pp. 1616-1624.

1195. K. Ohta, "An Electrical Voting Scheme Using a Single Administrator, " IEICE Sp ring National Convention, A-294, 1988, v. 1, p. 296. (In Japanese.) 1196. K. Ohta, "Identity-based Authentication Schemes Using the RSA Cryptosystem," Transactions of the Institute of Electronics, Information, and Communication Engineers, v.

J72D-II, n. 8, Aug 1989, pp. 612-620.

1197. K. Ohta and M. Matsui, "Differential Attack on Message Authentication Codes," Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 200-223.

1198. K. Ohta and T. Okamoto, "Practical Extension of Fiat-Shamir Scheme," Electronics Letters, v. 24, n. 15, 1988, pp. 955-956.

1199. K. Ohta and T. Okamoto, "A Modification of the Fiat-Shamir Scheme," Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 232-243.

1200. K. Ohta and T. Okamoto, "A Digital Multisignature Scheme Bascd on the Fiat-Shamir Scheme, " Advances in Cryptology ASIA CRYPT '91 Rroceedillys, Springer-Verlag, 1993, pp. 139-148.

1201. K. Ohta, T. Okamoto and K. Koyama, "Membership Authentication for Hierarchy Multigroups Using thc Extended Fiat - Shamir Scheme, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 446-457.

1202. E. Okamoto and K. Tanaka, "Key Distribution Based on Identification Information, " IEEE journal on Selected Areas in Com- munication, v. 7, n. 4, May 1989, pp. 481-4 90.

1203. T. Okamoto, "Fast Public-Key Cryptosystems Using Congruent Polynomial Equa tions, " Electronics Letters, v. 22, n. 11, 1986, pp. 581-582.

1204. T. Okamoto, "Modification of a Public -Kcy Cryptosystem," Electronics Letters, v. 23, n.

16, 1987, pp. 814-81S.

1205. T. Okamoto, "A Fast Signature Scheme Based on Congruential Polynomial Operations," IEEE Transactions on Information Theory, v. 36, n. 1, 1990, pp. 47-53.

1206. T. Okamoto, "Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes, " Advances in Cryptology CRYPTO '92 Proceedings, Springer Verlag, 1993, pp. 31-53.

1207. T. Okamoto, A. Fujioka, and E. Fujisaki, "An Efficient Digital Signature Scheme Based on Elliptic Curve over the Ring Z/p" Advances in Cryptology CRYPTO '92 Proceeding.s, Springer-Verlag, 1993, pp. 54-65.

1208. T. Okamoto, S. Miyaguchi, A. Shiraishi, and T. Kawoaka, "Signed Document Transmission System," U.S. Patent #4,625,076, 25 Nov 1986.

1209. T. Okamoto and K. Ohta, ``Disposablc Zero-Knowlcdge Authentication and Their Applications to Untraceable Electronic Cash," Advances in Cryptology CRYPT O ' Proceedings, Springer-Verlag, 1990, pp. 134-149.

1210. T. Okamoto and K. Ohta, "How to Utilize the Randomness of zero-Knowlcdgc Proofs," Advances in Cryptology CRYPTO '90 Proceedings, Springcr-Verlag, 1991, pp. 456 475.

1211. T. Okamoto and K. Ohta, "Universal Electronic Cash," Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 324-337.

1212. T. Okamoto and K. Ohta, "Survey of Digital Signature Schemes, " Proceedings of the Third Symposium on State and Progress of Research in Cryptography, Fon dazone Ugo Bordoni, Rome, 1993, pp. 17-29.

1213. T. Okamoto and K. Ohta, "Designated Confirmer Signatures Using Trapdoor Functions," Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 16B.l-ll.

1214. T. Okamoto and K. Sakurai, "Efficient Algorithms for the Construction of Hyper-elliptic Cryptosystems," Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 267 278.

1215. T. Okamoto and A.Shiraishi, "A Fast Signature Scheme Based on Quadratic Inequalities," Proceedings of the 1985 Symposium on Security and Privacy, IEEE, Apr 1985, pp. 123 132.

1216. J.D. Olsen, R.A. Scholtz, and L. Welch, "Bent Function Sequences," IEEE Transactions on Information Theory, v. IT-28, n. 6, Nov 1982, pp. 858-864.

1217. H. Ong and C.P Schnorr, "Signatures through Approximate Representations by Quadratic Forms," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984.

1218. H. Ong and C.R Schnorr, "Fast Signature Generation with a Fiat Shamir-Like Scheme," Advances in Cryptology EUKOCKYPT '9() Proceedings, Springer-Verlag, 1991, pp. 432 440.

1219. H. Ong, C.R Schnorr, and A. Shamir, "An Efficient Signature Scheme Based on Polynomial Equations, " Proceedings of the 16th Annual Symposium on the Theory of Computing, 1984, pp. 208 216.

1220. H. Ong, C.P. Schnorr, and A. Shamir, "Efficient Signature Schemes Based on Polynomial Equations," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 37-46.

1221. Open Shop Information Services, OSIS Security Aspects, OS1.S European Working Group, WGI, final report, Oct 1985.

1222. G.A. Orton, M.R Roy, PA. Scott, L.E. Peppard, and S.E. Tavares, "VLSI Implementa tion of Public-Key Encryption Algorithms, " Advances in Cryptology CRYPTO '86 Proceedings, Springcr-Verlag, 1987, pp. 277-301.

1223. H. Orup, E. Svendsen, and E. Anclreasen, "VICTOR An Efficient RSA Hardware Implementation," Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 245-252.

1224. D. Otway and O. Rees, "Efficient and Timely Mutual Authentication'" Operating Systems Review, v. 21, n. 1, 1987, pp. 8-10.

1225. G. Pagels-Fick, " Implementation Issues for Master Key Distribution and Protected Keyload Procedures, " Computers and Security: A Global Challenge, Proceedings of IFIP/SEC '83, North Holland: Elsevier Science Publishers, 1984, pp. 381-390.

1227. C.S. Park, "Improving Code Rate of McEliece's Public-key Cryptosystem, " Electronics Letters, v. 25, n. 21, 12 Oct 1989, pp. 1466-1467.

1228. S. Park, Y. Kim, S. Lee, and K. Kim, "Attacks on Tanaka's Non-interactive Key Sharing Scheme," Proceedings of the 1995 Symposium on Cryptography and Information Security (SCIS 95), Inuyama, Japan, 24-27 Jan 1995, pp. B3.4.1-4.

1229. S.J. Park, K.H. Lee, and D.H. Won, "An Entrusted Undeniable Signature, " Proceedings of the 1995 Iapan-Korea Workshop on Information Secunty and Cryptography, Inuyama, Japan, 24-27 Jan 1995, pp. 120-126.

1230. S.J. Park, K.H. Lee, and D.H. Won, "A Practical Group Signature," Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, Inuyama, Japan, 24-27 Jan 1995, pp. 127-133.

1231. S.K. Park and K.W. Miller, "Random Number Generators: Good Ones Are Hard to Find," Communications of the ACM, v. 31, n. 10, Oct 1988, pp. 1192-1201.

1232. J. Patarin, "How to Find and Avoid Collisions for the Knapsack Hash Function," Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag 1994, pp. 305-317.

1233. W. Patterson, Mathematical Cryptology for Computer Scientists and Mathematicians, Totowa, N.J.: Rowman & Littlefield, 1987.

1234. W.H. Payne, "Public Key Cryptography Is Easy to Break," William H. Payne, unpublished manuscript, 16 Oct 90.

1235. T.R Pederson, "Distributed Provers with Applications to Undeniable Signatures, " Advances in Cryptology EUROCRYPT '91 Proceedings, Springer-Verlag 1991, pp. 221 242.

1236. S. Peleg and A. Rosenfield, "Breaking Substitution Ciphers Using a Relaxation Algorithm " Communications of the ACM, v. 22, n. 11, Nov 1979, pp. 598-605.

1237. R. Peralta, "Simultaneous Security of Bits in the Discrete Log " Advances in Cryptology EUROCRYPT '85, Springer-Verlag, 1986, pp. 62-72.

1238. I. Peterson, "Monte Carlo Physics: A Cautionary Lesson," Science News, v. 142, n. 25, Dec 1992, p. 422.

1239. B. Pfitzmann, "Fail-Stop Signatures: Principles and Applications," Proceedings of COMPUSEC '91, Eighth World Conference on Computer Security, Audit, and Control, Elsevier Science Publishers, 1991, pp. 125-134.

1240. B. Pfitzmann and M. Waidner, "Formal Aspects of Fail-Stop Signatures," Fakultat fur Informatik, University Karlsruhe, Report 22/90, 1990.

1241. B. Pfitzmann and M. Waidner, "Fail-Stop Signatures and Their Application, " Securicom '91,1991, pp. 145-160.

1242. B. Pfitzmann and M. Waidner, "Unconditional Concealment with Cryptographic Ruggedness," VIS '91 Verlassliche Informationsysteme Proceedings, Darmstadt, Germany, 13-15 March 1991, pp. 3-2-320. (In German.) 1243. B. Pfitzmann and M. Waidner, "How to Break and Repair a 'Provably Secure' Untraceable Payment System," Advances in Cryptology CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. 338-350.

1245. S.J.D. Phoenix and RD. Townsend, "Quantum Cryptography and Secure Optical Communication," BT Technology Journal, v. 11, n. 2, Apr 1993, pp. 65-75.

1246. J. Pieprzyk, "On Public-Key Cryptosystems Built Using Polynomial Rings, " Advances in Cryptology EUROCRYPT '85, Springer-Verlag 1986, pp. 73-80.

1247. J. Pieprzyk, "Error Propagation Property and Applications in Cryptography, " IKE Proceedings-E, Computers and Digital Techniques, v. 136, n. 4, Jul 1989, pp. 262-270.

1248. D. Pinkas, T. Parker, and R Kaijser, "SESAME: An Introduction," Issue 1.2, Bull, JCL, and SNI, Sep 1993.

1249. F. Piper, "Stream Ciphers," Elektrotechnic und Maschinenbau, v. 104, n. 12, 1987, pp.

564-668.

1250. V.S. Pless, "Encryption Schemes for Computer Confidentiality," IEEE Transactions on Computing, v. C-26, n. 11, Nov 1977, pp. 1133-1136.

1251. J.B. Plumstead, "Inferring a Sequence Generated by a Linear Congruence," Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 1982, pp. 153-159.

1252. R. Poet, "The Design of Special Purposc Hardware to Factor Large Integers, " Computer Physics Communications, v. 37, 1985, pp. 337-341.

1253. S.C. Pohlig and M.E. Hellman, "An Improved Algorithm for Computing Logarithms in GF(p) and Its Cryptographic Significance," IEEE Transactions on Information Theory, v.

24, n. 1, Jan 1978, pp. 106-111.

1254. J.M. Pollard. "A Monte Carlo Method for Factorization," BIT v. 15, 1975, pp.331-334.

1255. J.M. Pollard and C.P. Schnorr, "An Efficient Solution of the Congruence x+ky= m (mod n)" IEEE Transactions on Infor- mation Theory, v. IT-33, n. 5, Sep 1987, pp. 702-709.

1256. C. Pomerance, "Recent Developments in Primality Testing," The Mathematical Intelligencer, v. 3, n. 3, 1981, pp. 97-105.

1257. C. Pomerance, "The Quadratic Sieve Factoring Algorithm," Advances in Cryptology:

Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, 169-182.

1258. C. Pomerance, "Fast, Rigorous Factorization and Discrete Logarithm Algorithms,'' Discrete Algorithms and Complexity, New York: Academic Press, 1987, pp. 119-143.

1259. C. Pomerance, I W. Smith, and R. Tuler, "A Pipe-Line Architecture for Factoring Large Integers with the Quadratic Sieve Algorithm," SIAM lournal on Computing, v.17, n.2, Apr l988, pp. 387-403.

1260. G.J. Popek and C.S. Kline, "Encryption and Secure Computer Networks," ACM Computing Surveys, v 11, n. 4, Dec 1979, pp. 331-356.

1261. F. Pratt, Secret and Urgent, Blue Ribbon Books, 1942.

1262. B. Preneel, "Analysis and Design of Cryptographic Hash Functions, " Ph.D. dissertation, Katholieke Universiteit Leuven, Jan 1993.

1263. B. Preneel, "Differential Cryptanalysis of Hash Functions Based on Block Ciphers, " Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993, pp. 183-188.

1264. B. Preneel, "Cryptographic Hash Functions," European Transactions on Telecommunications, v 5, n. 4, Jul/Aug 1994, pp. 431 -448.

1265. B. Preneel, personal communication, 1995.

1266. B. Preneel, A. Bosselaers, R. Govaerts, and J. Vandewalle, "Collision-Free Hash Functions Based on Block Cipher Algorithms," Proceedings of the 1989 Carnahan Conference on Security Technology 1989, pp. 203-210.

1267. B. Preneel, R. Govaerts, and J. Vandewalle, "An Attack on Two Hash Functions by Zheng-Matsumoto-Imai, " Advances in Cryptology ASIACRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 535-538.

1268. B. Preneel, R. Govaerts, and J. Vandewalle, "Hash Functions Based on Block Ciphers: A Synthetic Approach, " Advances in Cryptology CRYPTO '93 Proceedings, Springer Verlag, 1994, pp.368-378.

1269. B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, "Cryptanalysts of the CFB mode of the DES with a Reduced Number of Rounds," Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1994, pp. 212-223.

1270. B. Preneel and V. Rijmen, "On Using Maximum Likelihood to Optimize Recent Cryptanalytic Techniques, " presented at the rump session of EUROCRYPT '94, May 1994.

1271. B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle, "Propagation Characteristics of Boolean Functions, " Advances in Cryptology EUROCRYPT '90 Proceedings, Springer-Verlag, 1991, pp. 161-173.

1272. W.H. Press, B.R Flannery, S.A. Teukolsky, and W.T. Vetterling, Numerical Recipes in C: The Art of Scientific Computing, Cambridge University Press, 1988.

1273. W. Price, "Key Management for Data Encipherment, " Security: Proceedings of IFIP/SEC '83, North Holland: Elsevier SciencePublishers 1983.

1274. G.R Purdy, "A High-Security Log-in Proce dure," communications of the ACM, v 17, n. 8, Aug 1974, pp. 442-445.

1275. J.-J. Quisquater, "Announcing the Smart -Card with RSA Capability, " Proceedings of the Conference: IC Cards and Applications, Today and Tomorrow, Amsterdam, 1989.

1276. J.-J. Quisquater and C. Couvreur, "Fast Decipherment Algorithm for RSA Public Key Cryptosystem," Electronic Letters, v. 18, 1982, pp. 155-168.

1277. J.-J. Quisquater and J.-R Delescaille, "Other Cycling Tests for DES," Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 255-256.

1278. J.-J. Quisquater and Y.G. Desmedt, "Chinese Lotto as an Exhaustive Code-Breaking Machine," Computer. v. 24, n. 11, Nov 1991, pp. 14-22.

1279. J.-J. Quisquater and M. Girault, "2p-bit Hash Functions Using e-bit Symmetric Block Cipher Algorithms, Advances in Cryptology EUROCRYPT '89 Proceedings, Springer Verlag, 1990, pp. 102-109.

1280. J.-J. Quisquater and L.C. Guillou, "Des Procedes d'Authentification Bases sur une Publication de Problemes Complexes et Personnalises dont les Solutions Maintenues Secretes Constituent autant d'Accreditations, " Proceedings of SECURICOM '89: 7th Worldwide Congress on Computer and Communications Security and Protection, Societe d'Edition et d'Organisation d'Expositions Professionnelles, 1989, pp. 149-158. (In French.) 1281. J.-J., Myriam, Muriel, and Michael Quisquater;

L., Marie Annick, Gaid, Anna, Gwenole, and Soazig Guillou;

and T. Berson, "How to Explain Zero-Knowledge Protocols to Your Children," Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag 1990, pp.

628-631.

1282. M.O. Rabin, "Digital Signatures," Foundations of Secure Communication, New York:

Academic Press, 1978, pp. 155-168.

1283. M.O. Rabin, "Digital Signatures and Public-Key Functions as Intractable as Factorization, " MIT Laboratory for Computer Science, Technical Report, MlT/LCS/TR 212, Jan 1979.

1284. M.O. Rabin, "Probabilistic Algorithm for Testing Primality," Journal of Number Theory, v.

12, n. 1, Feb 1980, pp. 128-138.

1285. M.O. Rabin, "Probabilistic Algorithms in Finite Fields," SIAM Journal on Computing, v.9, n.2, May 1980, pp.273-280.

1286. M.O. Rabin, "How to Exchange Secrets by Oblivious Transfer," Technical Memo TR 81, Aiken Computer Laboratory, Harvard University, 1981.

1287. M.O. Rabin, "Fingerprinting by Random Polynomials, " Technical Report TR15-81, Center for Research in Computing Technology, Harvard University, 1981.

1288. T. Rabin and M. Ben-Or, "Verifiable Secret Sharing and Multiparty Protocols with Honest Majority," Proceedings of the 21st ACM Symposium on the Theory of Computing, 1989, pp. 73-85.

1289. RAND Corporation, A Million Random Digits with 100,000 Normal Deviates, Glencoe, IL: Free Press Publishers, 1955.

1290. T.R.N. Rao, "Cryposystems Using Algebraic Codes," International Conference on Computer Systems and Signal Processing, Bangalore, India, Dec 1984.

1291. T.R.N. Rao, "On Struit-Tilburg Cryptanalysis of Rao-Nam Scheme," Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 458-460.

1292. T.R.N. Rao and K.H. Nam, "Private-Key Algebraic-Coded Cryptosystems, " Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp.35-48.

1293. T.R.N. Rao and K.H. Nam, "Private-Key Algebraic-Code Encryptions," IEEE Transactions on Information Theory, v. 35, n. 4, Jul 1989, pp. 829-833.

1294. J.A. Reeds, "Cracking Random Number Generator," Cryptologia, v. 1, n. 1, Jan 1977, pp.

20-26.

1295. J.A. Reeds, "Cracking a Multiplicative Congruential Encryption Algorithm, " in Information Linkage Between Applied Mathematics and Industry, P.C.C. Wang, ed., Academic Press, 1979, pp. 467 472.

1296. J.A. Reeds, "Solution of Challenge Cipher," Cryptologia, v. 3, n. 2, Apr 1979, pp. 83-95.

1297. J.A. Reeds and J.L. Manferdelli, "DES Has No Per Round Linear Factors," Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 377-389.

1298. J.A. Reeds and N.J.A. Sloane, "Shift Register Synthesis (Modulo m)," SIAM Journal on Computing, v. 14, n. 3, Aug 1985, pp. 505-513.

1299. J.A. Reeds and P.J. Weinberger, "File Security and the UNIX Crypt Command, " AT &T Technical Journal, v. 63, n. 8, Oct 1984, pp. 1673-1683.

1300. T. Renji, "On Finite Automaton One-Key Cryptosystems," Fast Software Encryption, Cambridge Security Workshop Proceed ings, Springer-Verlag, 1994, pp. 135-148.

1301. T. Renji and C. Shihua, "A Finite Automaton Public Key Cryptosystems and Digital Signature, " Chinese Journal of Computers, v. 8, 1985, pp. 401 -409. (In Chinese.) 1302. T. Renji and C. Shihua, "Two Varieties of Finite Automaton Public Key Cryptosystems and Digital Signature, " Journal of Computer Science and Tecnology, v. 1, 1986, pp. 9-18.

(In Chinese.) 1303. T. Renji and C. Shihua, "An Implementation of Identity-based Cryptosystems and Signature Schemes by Finite Automaton Public Key Cryptosystems," Advances in Cryptology CHINACRYPT '92, Bejing: Science Press, 1992, pp.87-104. (In Chinese.) 1304. T. Renji and C. Shihua, "Note on Finite Automaton Public Key Cryptosystems, " CHINACRYPT '94, Xidian, China, 11-15 Nov 1994, pp. 76-80.

1305. Research and Development in Advanced Communication Technologies in Europe, RIPE Integrity Primitives: Final Report of RACE Integrity Primitives Evaluation (R1040), RACE, June 1992.

1306. J.M. Reyneri and E.D. Karnin, "Coin Flipping by Telephone," IEEE Transactions on Information Theory, v. IT-30, n. 5, Sep 1984, pp. 775-776.

1307. P. Ribenboim, The Book of Prime Number Records, Springer-Verlag, 1988.

1308. P. Ribenboim, The Little Book of Big Primes, Springer-Verlag, 1991.

1309. M. Richter, "Fin Rauschgenerator zur Gewinnung won quasi-idealen Zufallszahlen fur die stochastische Simulation," Ph.D. dissertation, Aachen University of Technology, 1992.

(In German.) 1310. R.F. Rieden, J.B. Snyder, R.J. Widman, and W.J. Barnard, "A Two-Chip Implementation of the RSA Public Encryption Algorithm," Proceedings of GOMAC (Government Microcircuit Applications Conference), Nov 1982, pp. 24 27.

1311. H. Riesel, Prime Numbers and Computer Methods for Factorization, Boston: Birkhauscr, 1985.

1312. K. Rihaczek, "Data Interchange and Legal Security Signature Surrogates," Computers & Security, v. 13, n. 4, Sep 1994, pp. 287-293.

1313. V. Rilmen and B. Preneel, "Improved Characteristics for Differential Cryptanalysis of Hash Functions Based on Block Ciphers," K.U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.

1314. R.L. Rivest, "A Description of a Single-Chip Implementation of the RSA Cipher, " LAMBDA Magazine, v. 1, n. 3, Fall 1980, pp. 14-18.

1315. R.L. Rivest, "Statistical Analysis of the Hagelin Cryptograph," Cryptologia, v. 5, n. 1, Jan 1981, pp. 27-32.

1316. R.L. Rivest, "A Short Report on the RSA Chip, " Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, p. 327.

1317. R.L. Rivest, "RSA Chips (Past/Present/ Future), " Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer- Verlag, 1985, pp. 159-168.

1318. R.L. Rivest, "The MD4 Message Digest Algorithm," RFC 1186, Oct 1990.

1319. R.L. Rivest, "The MD4 Message Digest Algorithm," Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 303-311.

1320. R.L. Rivest, "The RC4 Encryption Algorithm, " RSA Data Security, Inc., Mar 1992.

1323. R.L. Rivest, "Dr. Ron Rivest on the Difficulty of Factoring," Ciphertext: The RSA Newsletter, v. 1, n. 1, Fall 1993, pp. 6, 8.

1324. R.L. Rivest, "The RC5 Encryption Algorithm," Dr. Dobb's Journal, v. 20, n. 1, Jan 95, pp.

146-148.

1325. R.L. Rivest, "The RC5 Encryption Algorithm, " K. U. Leuven Workshop on CryptographicAlgorithms, Springer-Verlag, 1995, to appear.

1326. R.L. Rivest, M.E. Hcllman, J.C. Anderson, and J.W. Lyons, "Responses to NIST's Proposal," Communications of the ACM, v. 35, n. 7, Jul 1992, pp. 41-54.

1327. R.L. Rivest and A. Shamir, "How to Expose an Eavesdropper," Communications of the ACM, v.27, n.4, Apr 1984, pp.393-395.

1328. R.L. Rivest, A. Shamir, and L.M. Adleman, "A Method for Obtaining Digital Signatures and Publie-Key Cryptosystems," Communications of the ACM, v. 21, n. 2, Fe b 1978, pp.

120-126.

1329. R.L. Rivest, A. Shamir, and L.M. Adlcman, "On Digital Signatures and Public Key Cryptosystems," MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.

1330. R.L. Rivest, A. Shamir, and L.M. Adleman, "Cryptographic Communications System and Method," U.S. Patent #4,405,829, 20 Sep 1983.

1331. M.J.B. Robshaw, "Implementations of the Search for Pseudo-Collisions in MD5, " Technical Report TR-103, Version 2.0, RSA Laboratories, Nov 1993.

1332. M.J.B. Robshaw, "The Final Report of RACE 1040: A Technical Summary," Technical Report TR-9001, Version 1.0, RSA Laboratories, Jul 1993.

1333. M.J.B. Robshaw, "On Evaluating the Linear Complexity of a Sequence of Least Period 2n,", Designs, Codes and Cryptography, v. 4, n. 3, 1994, pp. 263-269.

1338. M.J.B. Robshaw, personal communication, 1995.

1339. M. Roe, "Reverse Engineering of an EES Device," K. U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.

1340. P. Rogaway and D. Coppersmith, "A Software-Oriented Encryption Algorithm, " Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 56-63.

1341. H.L. Rogers, "An Overview of the Cand-ware Program, " Proceedings of the 3rd Annual Symposium on Physical/Electronic Security, Armed Forces Communications and Electronics Association, paper 31, Aug 1987.

1342. J. Rompel, "One-Way Functions Are Necessary and Sufficient for Secure Signatures," Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, 1990, pp.

387-394.

1343. T. Rosati, "A High Speed Data Encryption Processor for Public Key Cryptography, " Proceedings of the IEEE Custom Integrated Circuits Conference, 1989, pp. 12.3.1-12.3.5.

1344. O.S. Rothaus, ''On Bent'Functions,'' Journal of Combinational Theory Series A, v. 20, n. 3, 1976, pp. 300-305.

1345. RSA Laboratories, "PKCS #1: RSA Encryption Standard," version 1.5, Nov 1993.

1346. RSA Laboratories, "PKCS #3: Diffie -Hellman Key-Agreement Standard, " version 1.4, Nov 1993.

1347. RSA Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5, Nov 1993.

1348. RSA Laboratories, "PKCS #6: Extended-Certificate Syntax Standard," version 1.5, Nov 1993.

1349. RSA Laboratories, "PKCS #7: Cryptographic Message Syntax Standard," version 1.5, Nov 1993.

1350. RSA Laboratories, "PKCS #8: Private Key Information Syntax Standard, " version 1.2, Nov 1993.

1351. RSA Laboratories, "PKCS #9: Selected Attribute Types," version 1.1, Nov 1993.

1352. RSA Laboratories, "PKCS #10: Certification Request Syntax Standard, " version 1.0, Nov 1993.

1354. RSA Laboratories, "PKCS #12: Public Key User Information Syntax Standard," version 1.0, 1995.

1355. A.D. Rubin and P. Honeyman, "Formal Methods for the Analysis of Authentication Protocols," draft manuscript, 1994.

1356. F. Rubin, "Decrypting a Stream Cipher Based on J-K Flip-Flops, " IEEE Transactions on Computing. v. C-28, n. 7, Jul l 97Y, pp. 483 487.

1357. R.A. Rueppel, Analysis and Design of Stream Ciphers, Springer-Verlag, 1986.

1358. R.A. Rueppel, "Correlation Immunity and the Summation Combiner," Advances in Cryptology EUROCRYPT '85, Springer-Verlag, 1986, pp. 260-272.

1359. R.A. Rueppel, "When Shift Registers Clock Themselves," Advances in Cryptology EUROCRYPT '87 Proceedings, Springer-Verlag, 1987, pp. 53-64.

1360. R.A. Rueppel, "Security Models and Notions for Stream Ciphers," Cryptography and Coding 11, C. Mitchell, ed., Oxford: Clarendon Press, 1992, pp. 213 230.

1361. R.A. Rueppel, "On the Security of Schnorr's Pseudo-Random Sequence Generator," Advances in Cryptology EUROCRYPT 89 Proceedings, Springer-Verlag, 1990, pp. 423 428.

1362. R.A. Rueppel, "Stream Ciphers," Contemporary Cryptology: The Science of Information Integrity, G.J. Simmons, ed., IEEE Press, 1 992, pp. 65-134.

1363. R.A. Rueppel and J.L. Massey, "The Knapsack as a Nonlinear Function," IEEE International Symposium on Information Theory, Brighton, UK, May 1985.

1364. R. A. Rueppel and O. J. Staffelbaeh, " Products of Linear Recurring Sequences with Maximum Complexity, " IEEE Transactions on Information Theory, v. IT-33, n. 1, Jan 1987, pp. 124-131.

1365. D. Russell and G.T. Gangemi, Computer Security Basics, O'Reilly and Associates, Inc., 1991.

1366. S. Russell and P. Craig, "Privacy Enhanced Mail Modules for ELM," Proceedings of the Internet Society 1994 Workshop on Network and Distributed System Security, The Internet Society, 1994, pp. 21-34.

1367. D.F.H. Sadok and J. Kelner, "Privacy Enhanced Mail Design and Implementation Perspectives," Computer Communications Review, v. 24, n. 3, Jul 1994, pp. 38 -46.

1368. K Sakano, "Digital Signatures with User Flexible Reliability," Proceedings of the Symposium on Cryptography and Information Security (SCIS 93), Shuzenji, Japan, 28- Jan 1993, pp. 5C.1-8.

1369. K. Sakano, C. Park, and K. Kunsawa, ''Threshold Undeniable Signature Scheme,'' Proceedings of the 1993 Korea Japan Workshop on Information Security and Cryptography, Seoul, Korea, 24-26 Oct 1993, pp. 184-193.

1370. K. Sako, "Electronic Voting Schemes Allowing Open Objection to the Tally," Transactions of the Institute of Electron ics, Information, and Communication Engineers, v. E77-A, n. 1, 1994, pp. 24-30.

1371. K. Sako and J. Kilian, "Secure Voting Using Partially Compatible Homomorphisms," Advances ill Cryptology CRYPTO '94 Proceedings, Springer-Verlag, 1994, p. 411-424.

1372. K. Sako and J. Kilian, "Receipt-Free Mix-Type Voting Scheme A Practical Solution to the Implementation of a Voting Booth," Advances in Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1'995, pp. 393 -403.

1373. A. Salomaa, Public-Key Cryptography, Springer-Verlag, 1990.

1374. A. Salomaa and L. Santean, "Secret Selling of Secrets with Many Buyers," ETACS Bulletin, v. 42, 1990, pp. 178-186.

1375. M. Santha and U.V Vazirani, "Generating Quasi-Random Sequences from Slightly Random Sources," Proceedings of the 25th Annual Symposium on the Fo undations of Computer Science, 1984, pp. 434-440.

1376. M. Santha and U.V Vazirani, "Generating Quasi-Random Sequences from Slightly Random Sources, " 70lzrnal of Computer and System Sciences, v.33, 1986, pp. 75-87.

1377. S. Saryazdi, "An Extension to EIGamal Public Key Cryptosystem with a New Signature Scheme," Proceedings of the 1990 Bilkent International Conference O n New Trends in Communication, Control, and Signal Processing, North Holland: Elsevier Science Publishers, 1990, pp. 195-198.

1378. J.E. Savage, "Some Simple Self- Synchronizing Digital Data Scramblers." Bell System Technical Journal, v. 46, n. 2, Feb 1967, pp. 448 -487.

1379. B.P Sehanning, "Applying Public Key Distribution to Local Area Networks, " Computers & Security, v. 1, n. 3, Nov 1982, pp. 268-274.

1380. B.P Schanning, S.A. Powers, and J. Kowalchuk, "MEMO: Privacy and Authentication for the Automated Office, " Proceethngs of the 5th Conference on Local Computer Networks, IEEE Press, 1980, pp. 21-30.

1381. L. Schaumuller-Bichl, "Zur Analyse des Data Encryption Standard und Synthese Verwandter Chiffriersysteme," Ph.D. dissertation, Linz University, May 1981. (In German. ) 1382. Sehaumuller-Bichl, "On the Design and Analysis of New Cipher Systems Related to the DES," Technical Report, Linz University, 1983.

1383. A. Scherbius, "Ciphering Machine," U.S. Patent #1,657,411, 24 Jan 1928.

1384. J.I. Schiller, "Secure Distributed Computing," Scientific American, v. 271, n.5, Nov 1994, pp. 72-76.

1385. R. Schlafly, "Complaint Against Exclusive Federal Patent License," Civil Action File No.

C-93 20450, United States District Court for the Northern District of California.

1386. B. Schneier, "One-Way Hash Functions," Dr. Dobb's journal, v. 16, n. 9, Sep 1991, pp.

148-151.

1387. B. Schneier, "Data Guardians," MacWorld, v. 10, n. 2, Feb 1993, pp. 145-151.

1388. B. Schneier, "Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)," Fast Software Encryption, Cambridge Secunty Workshop Proceedings, Springer-Verlag, 1994, pp. 191-204.

1389. B. Schneier, "The Blowfish Encryption Algorithm," Dr. Dobb's Journal, v. 19, n. 4, Apr 1994, pp. 38-40.

1390. B. Schneier. Protect Your Macintosh, Peachpit Press, 1994.

1391. B. Schneier, "Designing Encryption Algorithms for Real People, " Proceedings of the ACM SIGSAC New Secunty Paradigms Workshop, IEEE Computer Society Press, 1994, pp. 63-71.

1392. B. Schneier, "A Primer on Authentication and Digital Signatures," Computer Secu rity lournal, v. 10, n. 2, 1994, pp. 38-40.

1393. B. Schneier, "The GOST Encryption Algorithm," Dr. Dobb's journal, v. 20, n. 1, Jan 95, pp. 123-124.

1394. B. Schneier, E-Mail Security (with POP and SEM) New York: John Wiley & Sons, 1995.

1395. C.P Schnorr, "On the Construction of Random Number Generators and Random Function Generators," Advances in Cryptology EUROCRYPT '88 Proceedings, Springer Verlag, 1988, pp. 225-232.

1396. C.P Schnorr, "Efficient Signature General tion for Smart Cards," Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 239-252.

1397. C.P. Schnorr, "Efficient Signature Generation for Smart Cards," Journal of Cryptology,v.4,n.3, 1991,pp. 161-174.

1398. C.P Schnorr, "Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data Exchange System," U.S. Patent #4,995,082, 19 Feb 1991.

1399. C.P. Schnorr, "An Efficient Cryptographic Hash Function, " presented at the rump session of CRYPTO '91, Aug 1991.

1400. C.P. Schnorr, "FFT-Hash II, Efficient Cryptographic Hashing, " Advances in Cryptology EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 45-54.

1401. C.P. Schnorr and W. Alexi, "RSA-bits are 0.5 + E Secure," Advances in Cryptology:

Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp. 113-126.

1402. C.R Schnorr and S. Vaudenay, "Parallel FFT-Hashing," Fast Software Encryption, Cambridge Secunty Workshop Proceedings, Springer-Verlag, 1994, pp. 149-156.

1403. C.P. Schnorr and S. Vaudenay, "Black Box Cryptanalysis of Hash Networks Based on Multipermutations, " Advances in Cryptology EUROCRYPT '94 Proceedings, Springer Verlag, 1995, to appear.

1404. W. Schwartau, Information Warfare: Chaos on the Electronic Superhighway, New York:

Thunders Mouth Press, 1994.

1405. R. Scott, "Wide Open Encryption Design Offers Flexible Implementations," Cryptologia, v.

9, n. 1, Jan 1985, pp. 75-90.

1406. J. Seberry, "A Subliminal Channel in Codes for Authentication without Secrecy, " Ars Combinatorica, v. 19A, 1985, pp. 337-342.

1407. J. Seberry and J. Pieprzyk, Cryptography: An Introduction to Computer Security, Englewood Cliffs, N.l.: Prentice-Hall, 1989.

1408. J. Seberry, X.-M. Zhang, and Y. Zheng, "Nonlinearly Balanced Boolean Functions and Their Propagation Characteristics, " Advances in Cryptology EUROCRYPT ' Proceedings, Springer-Verlag, 1994, pp. 49-60.

1409. H. Sedlack, "The RSA Cryptography Processor: The First High Speed One-Chip Solution, " Advances in Cryptology EUROCRYPT '87 Proceedings, Springer- Verlag, 1988, pp.

95-105.

1410. H. Sedlack and U. Golze, "An RSA Cryptography Processor," Microprocessing and Microprogramming, v. 18, 1986, pp. 583-590.

1411. E.S. Selmer, Linear Recurrence over Finite Field, University of Bergen, Norway, 1966.

1412. J.O. Shallit, "On the Worst Case of Three Algorithms for Computing the Jacobi Symbol," Journal of Symbolic Computation, v. 10, n. 6, Dec 1990, pp. 593-610.

1413. A. Shamir, "A Fast Signature Scheme,'' MIT Laboratory for Computer Science, Technical Memorandum, MIT/LCS/TM 107, Massachusetts Institute of Technology, Jul 1978.

1414. A. Shamir, "How to Share a Secret," Communications of the ACM, v. 24, n. 11, Nov 1979, pp. 612-613.

1415. A. Shamir, "On the Cryptocomplexity of Knapsack Systems, " Proceedings of the 11th ACM Symposium on the Theory of Computing, 1979, pp. 118-129.

1416. A. Shamir, "The Cryptographic Security of Compact Knapsacks, " MIT Library for Computer Science, Technical Memorandum, MIT/LCS/TM164, Massachusetts Institute of Technology, 1980.

1417. A. Shamir, "On the Generation of Cryptographically Strong Pseudo-Random Sequences, " Lecture Notes in Computer Science 8th International Colloquium On Automata, Languages, and Programming, Springer-Verlag, 1981.

1418. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle -Hellman Cryptosystem," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 279-288.

1419. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem, " Proceedings of the 23rd IEEE Sym posium on the Foundations of Computer Science, 1982,pp. 145-152.

1420. A. Shamir, "On the Generation of Cryptographically Strong Pseudo-Ranclom Sequences," ACM Transactions on Computer Systems, v. 1, n. l, Fe b 1983, pp. 38-44.

1421. A. Shamir, "A Polynomial Time Algorithm for Breaking the Basic Merkle Hellman Cryptosystem, " IEEE Transactions on Information Theory, v. IT-30, n. 5, Sep 1984, pp.

699-704.

1422. A. Shamir, "Identity-Based Cryptosystems and Signature Schemes, " Advances in Cryptology: Proceedings of CRYPTO '84. Springer-Verlag, 1985, pp. 47-53.

1423. A. Shamir, "On the Security of OES," Advances in Cryptology C RYPTO ' Proceedings, Springer-Verlag, 1986, pp. 280-281.

1424. A. Shamir, lecture at SECURICOM '89.

1425. A. Shamir, "Efficient Signature Schemes Based on Birational Permutations," Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 1-12.

1426. A. Shamir, personal communication, 1993.

1427. A. Shamir and A. Fiat, "Method, Apparatus and Article for Identification and Signature," U.S. Patent #4,748,668, 31 May 1988.

1428. A. Shamir and R. Zippel, "On the Security of the Merkle-Hellman Cryptographic Scheme," IEEE Transactions on Information Theory, v. 26, n. 3, May 1980, pp. 339-340.

1429. M. Shand, R Bertin, and J. Vuillemin, "Hardware Speedups in Long Integer Multiplication," Proceedings of the 2nd Annual ACM Symposium on Parallel Algorithms and Architectures, 1990, pp. 138-145.

1430. D. Shanks, Solved and Unsolved Problems in Number Theory, Washington D.C.: Spartan, 1962.

1431. C.E. Shannon, "A Mathematical Theory of Communication," Bell System Technical Journal. v. 27, n. 4, 1948, pp. 379-423, 623-656.

1432. C.E. Shannon, "Communication Theory of Secrecy Systems," Bell System Technical Journal. v. 28, n. 4, 1949, pp. 656- 1433. C.E. Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and A.D.

Wyner, eds., New York: IEEE Press, 1993.

1434. C.E. Shannon, "Predication and Entropy in Printed English," Bell System Technical journal, v. 30, n. 1, 1951, pp. 50-64.

1435. A. Shimizu and S. Miyaguchi, "Fast Data Encipherment Algorithm FEAL," Transactions of IEICE of Japan, v. J70-1, n. 7, Jul 87, pp. 1413-1423. (In Japanese.) 1436. A. Shimizu and S. Miyaguchi, "Fast Data Encipherment Algorithm FEAL, " Advances in Cryptology EUROCRYPT 87 Proceedings, Springer-Vcrlag, 1988, pp. 267-278.

1437. A. Shimizu and S. Miyaguchi, "FEAL Fast Data Encipherment Algorithm," Systems and Computers in Japan, v. 19, n. 7, 1988, pp. 20-34, 104-106.

1438. A. Shimizu and S. Miyaguchi, "Data Randomization Equipment," U.S. Patent #4,850,019, 18 Jul 1989.

1439. M. Shimada, "Another Practical Public key Cryptosystem, " Electronics Letters, v. 28, n.

23, 5 Nov 1992, pp. 2146-2147.

1440. K. Shirriff, personal communication, 1993.

1441. H. Shizuya, T. Itoh, and K. Sakurai, "On the Complexity of Hyperelliptic Discrete Logarithm Problem," Advances in Cryptology EUROCRYPT '91 Proceedings, Springer Verlag, 1991, pp. 337-351.

1442. Z. Shmuley, "Composite Diffie-Hellman Publie-Key Generating Systems Are Hard to Break," Computer Science Department, Technion, Haifa, Israel, Technical Report 356, Feb 1985.

1443. PW. Shor, "Algorithms for Quantum Computation: Discrete Log and Factoring," Proceedings of the 35th Symposium on Foundations of Computer Science, 1994, pp. 124 134.

1444. L. Shroyer, letter to NIST regarding DSS, 17 Feb 1992.

1445. C. Shu. T. Matsumoto, and H. Imai, "A Multi-Purpose Proof System, Transactions of the Institute of Electronics, Information, and Communication Engineers, v. E75-A, n. 6, Jun 1992, pp. 735-743.

1446. E.H. Sibley, "Random Number Generators: Good Ones Are Hard to Find," Communications of the ACM, v. 31, n. l0, Oct 1988, pp. 1192-1201.

1447. VM. Sidenikov and S.O. Shestakov, "On Encryption Based on Generalized Reed Solomon Codes," Diskretnaya Math, v. 4, 1992, pp. 57-63. (In Russian.) 1448. V.M. Sidenikov and S.O. Shestakov, "On Insecurity of Cryptosystems Based on Generalized Reed-Solomon Codes, " unpublished manuscript, 1992.

1449. D.P Sidbu, "Authentication Protocols for Computer Networks, " Computer Networks and ISDN Systems, v. 11, n. 4, Apr 1986, pp. 297-310.

1450. T. Siegenthaler, "Gorrelation-Immunity of Nonlinear Combining Functions for Cryptographic Applications, " IEEE Transactions on Information Theory, v. IT-30, n. 5, Sep 1984, pp. 776-780.

1451. T. Siegenthaler, "Decrypting a Class of Stream Ciphers Using Ciphcrtext Only," IEEE Transactions on Computing, v. C-34, Jan 1 985, pp. 81-85.

1452. T. Siegenthaler, "Cryptanalyst's Rcpresentation of Nonlinearity Filtered ml-sequenccs," Advances in Cryptology EUROCRYYT '85, Springer-Verlag, 1986, pp. 103-110.

1453. R.D. Silverman, "The Multiple Polynomial Quadratie Sieve," Mathematics of Compu tation, v. 48, n. 177, Jan 1987, pp. 329-339.

1454. G.J. Simmons, "Authentication without Secrecy: A Secure Communication Pro blem Uniquely Solvable by Asymmetric Encryption Techniques, " Proceedings of IEEE EASCON '79, 1979, pp. 661-662.

1455. G.J. Simmons, "Some Number Theoretic Questions Arising in Asymmetric Encryption Techniques," Annual Meeting of the Ame rican Mathematical.Society, AMS Abstract 763.94.1, 1979, pp. 136-151.

1456. G.J. Simmons, "High Speed Arithmetic Using Redundant Number Systems," Pro ceedings of the National Telecommunications Conference, 1980, pp. 49.3.1 -49.3.2.

1457. G.J. Simmons, "A 'Weak' Privacy Protocol Using the RSA Cryptosystem," Cryptologia, v.7, n,2, Apr 1983, pp.180-182.

1458. G.J. Simmons, "The Prisoner's Problem and the Subliminal Channel," Advances in Cryptology: Proceedings of CRYPTO '83, Plenum Press, 1984, pp. 51-67.

1459. G.J. Simmons, "The Subliminal Channel and Digital Signatures," Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp. 364-378.

1460. G.J. Simmons, "A Secure Subliminal Channel?," Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1986, pp. 33 -41.

1462. G.J. Simmons, "How to 'Really' Share a Secret, " Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1990, pp. 390 448.

1463. G.J. Simmons, "Prepositioned Secret Sharing Schemes and/or Shared Control Schemes, " Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 436 467.

1464. G.J. Simmons, "Geometric Shares Secret and/or Shared Control Schemes, " Advances in Cryptology CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 216-241.

1465. G.J. Simmons, ed., Contemporary Cryptology: The Science o f information Integrity, IEEE Press, 1992.

1466. G.J. Simmons, "An Introduction to Shared Secret and/or Shared Control Schemes and Their Application, " in Contemporary Cryptology: The Science of Information Integrity G.J. Simmons, ed., IEEE Press, 1992, pp. 441 -497.

1467. G.J. Simmons, "How to Insure that Data Acquired to Verify Treaty Compliance Are Trustworthy," in Contemporary Cryptology: The Science of Information Integrity, G.J.

Simmons, ed., IEEE Press, 1992, pp. 615-630.

1468. G.J. Simmons, "The Subliminal Channels of the U.S. Digital Signature Algorithm (DSA)," Proceedings of the Third Symposium on: State and Progress of Research in Cryptography, Rome: Fondazone Ugo Bordoni, 1993, pp. 35-54.

1469. G.J. Simmons, "Subliminal Communica tion is Easy Using the USA, " Advances in Cryptology EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 218-232.

1470. G.J. Simmons, "An Introduction to the Mathematics of Trust in Security Protocols," Proceedings: Computer Security Foundations Workshop VI, IEEE Computer Society Press, 1993, pp. 121-127.

1471. G.J. Simmons, "Protocols that Ensure Fairness," Codes and Ciphers, Institute of Mathematics and its Applications, 1995, pp. 383-394.

1472. G.J. Simmons, "Cryptanalysts and Protocol Failures," Communications of the ACM, v.37, n.11, Nov 1994, pp.56-65.

1473. G.J. Simmons, "Subliminal Channels: Past and Present, " European Transactions on Telecommuncations, v. 4, n. 4, Jul/Aug 1994, pp. 459-473.

1474. G.J. Simmons and M.J. Norris, How to Cipher Fast Using Redundant Number Systems, SAND-80-1886, Sandia National Laboratories, Aug 1980.

1475. A. Sinkov, Elementary Cryptanalysis, Mathematical Association of America, 1966.

1476. R. Siromoney and L. Matthew, "A Public Key Cryptosystem Based on Lyndon Words," Information Processing Letters, v. 35, n. 1, 15 Jun 1990, pp. 33-36.

1477. B. Smeets, "A Note on Sequences Generated by Clock-Controlled Shift Registers," Advances in Cryptology EUKOCRYPT '85, Springer-Vcrlag, 1986, pp. 40 42.

1478. M.E. Smid, "A Key Notarization System for Computer Networks, " NBS Special Report 500-54, U.S. Department of Commerce, Oct 1979.

1479. M.E. Smid, "The DSS and the SHS," Federal Digital Signature Applications Symposium, Rockville, MD, 17-18 Feb 1993.

1480. M.E. Smid and D.K. Branstad, "The Data Encryption Standard: Past and Future, " Proceedings of the IEEE, v. 76, n. 5., May 1988, pp. 550-559.

1481. M.E. Smid and D.K. Branstad, "The Data Encryption Standard: Past and Future," in Contemporary Cryptology: The Science of Information Integrity, G. L. Simmons, ed., IEEE Press, 1992, pp. 43-64.

1482. J.L. Smith, "The Design of Lucifer, A Cryptographic Device for Data Communications, " IBM Research Report RC3326, 1971.

1483. J.L. Smith, "Recirculating Block Cipher Cryptographic System," U.S. Patent #3,796,830, 12 Mar 1974.

1484. J.L. Smith, W.A. Notz, and P.R. Osseck, "An Experimental Application of Cryptography to a Remotely Accessed Data System," Proceedings of the ACM Annual Conference, Aug 1972, pp. 282-290.

1485. K. Smith, "Watch Out Hackers, Public Encryption Chips Are Coming," Electronics Week, 20 May 1985, pp. 30-31.

1486. R Smith, "LUC Public-Key Encryption," Dr. Dobb's journal, v. 18, n. l, Jan 1993, pp. 44 49.

1487. P. Smith and M. Lennon, "LUC: A New Public Key System," Proceedings of the Ninth International Conference on Infor- mation Security, IFlP/Sec 1993, North Holland:

Elsevier Science Publishers, 1993, pp. 91-111.

1488. E. Snekkenes, "Exploring the BAN Approach to Protocol Analysis," Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991, pp.

171-181.

1489. B. Snow, "Multiple Independent Binary Bit Stream Generator," U.S. Patent #5,237,615, 17 Aug 1993.

1490. R. Solovay and V. Strassen, "A Fast Monte-Carlo Test for Primality, " SIAM journal on Computing, v. 6, Mar 1977, pp. 84-85;

erratum in ibid, v. 7, 1978, p. 118.

1491. T. Sorimachi, T. Tokita, and M. Matsui, "On a Cipher Evaluation Method Based on Differential Cryptanalysis," Proceedings of the 1994 Symposium on Cryptography and Information Security (SCIS 94), Lake Biwa, Japan, 27-29 Jan 1994, pp. 4C.l-9. (In Japanese.) 1492. A. Sorkin, "Lucifer, a Cryptographic Algorithm," Cryptologia, v. 8, n. 1, Jan 1984, pp. 22 41.

1493. W. Stallings, "Kerberos Keeps the Ethernet Secure, " Data Communications, Oct 1994, pp.

103-111.

1494. W. Stallings, Network and Internetwork Secunty, Englewood Cliffs, N.J.: Prentice Hall, 1995.

1495. W. Stallings, Protect Your Privacy: A Guide for POP Users, Englewood Cliffs, N. J.:

Prentice-Hall, 1995.

1496. Standards Association of Australia, "Australian Standard 2805.4 1985: Electronic Funds Transfer Requirements for Interfaces: Part 4 Message Authentication, " SAA, North Sydney, NSW, 1985.

1497. Standards Association of Australia, "Australian Standard 2805.5 1985: Electronic Funds Transfer Requirements for Interfaces: Part 5 Data Encipherment Algorithm," SAA, North Sydney, NSW, 1985.

1498. Standards Association of Australia, "Australian Standard 2805.5.3: Electronic Data Transfer Requirements for Interfaces: Part 5.3 Data Encipherment Algorithm 2," SAA, North Sydney, NSW, 1992.

1499. J.G. Steiner, B.C. Neuman, and J. J. Schiller, "Kerberos: An Authentication Service for Open Network Systems," USENIX Conference Proceedings, Feb 1988, pp. 191-202.

1500. J. Stern, "Secret Linear Congruential Generators Are Not Cryptographically Secure," Proceedings of the 28th Symposium on Foundations of Computer Science, 1987, pp. 421 426.

1501. J. Stern, "A New Identification Scheme Based on Syndrome Decoding," Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 13-21.

1502. A. Stevens, "Hacks, Spooks, and Data Encryption," Dr. Dobb's journal, v. 15, n. 9, Sep 1990, pp. 127-134, 147-149.

1503. R. Struik, "On the Rao-Nam Private-Key Cryptosystem Using Non-Linear Codes," IEEE 1991 Symposium on Information Theory, Budapest, Hungary, 1991.

1504. R. Struik and J. van Tilburg, "The Rao- Nam Scheme Is insecure against a Chosen Plaintext Attack, " Advances in Ctyptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 445-457.

1505. S.G. Stubblebine and V.G. Gligor, "Protecting the Integrity of Privacy-Enhanced Mail with DES-Based Authentication Codes," Proceedings of the Privacy and Secunty Research Group 1993 Workshop on Network and Distributed System Security, The Internet Society, 1993, pp. 75-80.

1506. R. Sugarman, "On Foiling Computer Crime," IEEE Spectrum, v. 16, n. 7, Jul 79, pp.31 32.

1507. H.N. Sun and T. Hwang, "Public-key ID- Based Cryptosystem," Proceedings of the 25th Annual 1991 IEEE International Carnahan Conference on Security Technology, Taipei, Taiwan, 1 -3 Oct 1991, pp. 142-144.

1508. RF. Syverson, "Formal Semantics for Logics of Computer Protocols, " Proceedings of the Computer Secunty Foundations Workshop III, IEEE Computer Society Press, 1990, pp.

32 41.

1509. RF. Syverson, "The Use of Logic in the Analysis of Cryptographic Protocols," Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991,pp. 156-170.

1510. RF. Syverson, "Knowledge, Belief, and Semantics in the Analysis of Cryptographic Protocols," journal of Computer Security, v. 1, n. 3, 1992, pp. 317-334.

1511. RF. Syverson, "Adding Time to a Logic Authentication," 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 97-106.

1512. RF. Syverson and C.A. Meadows, "A Logical Language for Specifying Cryptographic Protocol Requirements, " Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, 1993, pp. 14 -28.

1513. RE Syverson and C.A. Meadows, "Formal Requirements for Key Distribution Proto cols," Advances in Cryptology EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear.

1514. RF. Syverson and RC. van Oorschot, "On Unifying Some Cryptographic Protocol Logics," Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy, 1994, pp. 165-177.

1515. H. Tanaka, "A Realization Scheme for the Identity-Based Cryptosystem," Advances in Cryptology CRYPTO '87 Proceedings, Springer-Verlag, 1988, pp. 340-349.

1516. H. Tanaka, "A Realization Scheme for the Identity- based Cryptosystem," Electronics and communications in Japan, Part 3 (Fundamental Electronic Science), v. 73, n. 5, May 1990, pp. 1-7.

1517. H. Tanaka, "Identity-Based Noninteractive Common-Key Generation and Its Application to Cryptosystems," Transactions of the Institute of Electronics, Information, and Communication Engineers, v. J75-A, n. 4, Apr 1992, pp. 796-800.

1518. J. Tardo and K. Alagappan, "SPX: Global Authentication Using Public Key Certificates," Proceedings of the 1991 IEEE Computer Society symposiLlm on Security and Privacy, 1991, pp. 232-244.

1519. J. Tardo, K. Alagappan, and R. Pitkin, "Public Key Based Authentication Using Internet Certificates, " USENIX Security 11 Workshop Proceedings, 1990, pp. 121-123.

1520. A. Tardy-Corfdir and H. Gilbert, "A Known Plaintext Attack of FEAL-4 and FEAL-6, " Advances in Cryptology CRYPTO'91 Proceedings, Springer-Verlag, 1992, pp. 172- 182.

IS21. M. Tatebayashi, N. Matsuzaki, and D.B. Newman, "Key Distribution Protocol for Digital Mobile Communication System," Advances in Cryptology CRYPTO '89 Proceedings, Springcr-Verlag, 1990, pp..324- 333.

1522. M. Taylor, "Implementing Privacy Enhanced Mail on VMS," Proceedings of the Privacy and Security Research Group 1993 Workshop o n Network and Distributed System Security, The Internet Society, 1993, pp. 63-68.

1523. R. Taylor, "An Integrity Cheek Value Algorithm for Stream Ciphers," Advances in Cryptology CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 40-48.

1524. T. Tedrick "Fair Exchange of Secrets, " Advances in Cryptology: Proceedings of CRYPTO '84, Springer-Verlag, 1985, pp. 434- 448.

1525. R. Terada and P.G. Pinheiro, "How to Strengthen FEAL against Differential Cryptanalysis, " Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, Innyama, Japan, 24-27 Jan 1995, pp. 153-162.

1526. J.-P. Tillich and G. Nemor, "Hashing with Sly," Advances in Cryptology CRYPTO ' Proceedings, Springer-Verlag, 1994, pp. 40 49.

1527. T. Tokita, T. Sorimachi, and M. Matsui, "An Efficient Search Algorithm for the Best Expression on Linear Cryptanalysis." IEICE Japan, Technical Report, ISEC93-97, 1994.

1528. M. Tompa and F. Woll, "Random Self Reducibility and Zero-Knowledge Interactive Proofs of Possession of Information," Proceedings of the 28th IEEE Sy mposium on the Foundations of Computer Science, 1987, pp. 472-482.

1529. M. Tompa and H. Woll, "How to Share a Secret with Cheaters," journal of Cryptology, v. 1, n. 2, 1988, pp. 133-138.

1530. M.-J. Toussaint, "Verification of Cryptographic Protocols, " Ph.D. dissertation, Universite de Liege, 1991.

1531. M.-J. Toussaint, "Deriving the Complete Knowledge of Participants in Cryptographic Protocols," Advances in Cryptology CRYPTO '91 Proceedings, SpringerVerlag, 1992, pp. 24-43.

1532. M.-J. Toussaint, "Separating the Specification and Implementation Phases in Cryptology," ESORICS 92, Proceedings of the Second European Symposium on Research in Computer Security, Springcr-Verlag, 1992, pp. 77-101.

1533. P.D. Townsend, J.G. Rarity, and RR. Tapstcr, "Enhanced Single Photon Fringe Visibility in a 10 km-Long Prototype Quantum Cryptography Channel," Electronics Letters, v. 28, n. 14, S Jul 1993, pp. 1534. S.A. Tretter, "Properties of PN2 Sequences," IEEE Transactions on Information Theory, v. IT-20, n. 2, Mar 1974, pp. 295-297.

1535 H. Truman, "Memorandum for: The Secretary of State, The Secretary of Defensc," A 20707 5/4/54/OSO, NSA TS CONTL. NO 73- 00405, 24 Oct 1952.

1536. Y.W. Tsai and T. Hwang, "ID Based Public Key Cryptosystem Based on Okamoto and Tanaka's ID Based Onc-Way Communications Scheme," Electronics Letters, v. 26, n. 10, 1 May 1990, pp. 666- 668.

1537. G. Tsudik, "Message Authentication with One-Way Hash Functions," ACM Comp uter Communications Review, v. 22, n. 5, 1992, pp. 29 - 38.

1560. J. van Tilburg, "Cryptanalysts of the Xinmei Digital Signature Scheme," Electronics Letters, v. 28, n. 20, 24 Sep 1992, pp. 1935-1938.

1561. J. van Tilburg, "Two Chosen-Plaintext Attacks on the Li Wang Joing Authentication and Encryption Scheme, " Applied Algebra, Algebraic Algorithms and Error Correcting Codes 10, Springer-Verlag, 1993, pp. 332-343.

1562. J. van Tilburg, "Security-Analysis of a Class of Cryptosystems Based on Linear Error Correcting Codes, " Ph.D. dissertation, Technical University Eindhoven, 1994.

1563. A. Vandemeulebroecke, E. Vanzieleghem, T. Denayer, and RG. Jespers, "A Single Chip 1024 Bits RSA Processor," Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp. 219-236.

1564. J. Vanderwalle, D. Chaum, W. Fumy, C. Jansen, P. Landroek, and G. Roelofsen, "A European Call for Cryptographic Algorithms: RIPE;

RACE Integrity Primitives Evaluation, " Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, pp.

267-271.

1565. V. Varadharajan, "Verification of Network Security Protocols," Computers and Security, v.

8, n. 8, Aug 1989, pp. 693-708.

1566. V. Varadharajan, "Use of a Formal Description Technique in the Specification of Authentication Protocols, " Computer Standards and Interfaces, v. 9, 1990, pp. 203-215.

1567. S. Vaudenay, "FFT-Hash-II Is not Yet Collision-Free," Advances in Cryptology CRYPTO '92 Proceedings, Springer-Verlag, pp. 587-593.

1568. S. Vaudenay, "Differential Cryptanalysis of Blowfish, " unpublished manuscript, 1995.

1569. U.V. Vazirani and V.V. Vazirani, "Trapdoor Pseudo-Random Number Generators with Applications to Protocol Design, " Proceedings of the 24th IEEE Symposium on the Foundations of Computer Science, 1983, pp. 23-30.

1570. U.V. Vazirani and V.V. Vazirani, "Efficient and Secure Pseudo-Random Number Generation," Proceedings of the 25th IEEE Symposium on the Foundations of Computer Science, 1984, pp. 458 463.

1571. U.V. Vazirani and V.V. Vazirani, "Efficient and Secure Pseudo-Random Number Generation," Advances in Cryptology: Proceedings of CR YP TO '84, Springer -Verlag, 1985, pp. 193-202.

1572. I. Verbauwhede, F. Hoornaert, J. Vanderwalle, and H. De Man, "ASIC Cryptographical Processor Based on DES," Euro ASIC '91 Proceedings, 1991, pp. 2 92-295.

1573. I. Verbanwhede, F. Hoornaert, J. Vanderwalle, H. De Man, and R. Govaerts, "Security Considerations in the Design and Implementation of a New DES Chip, " Advances in Cryptology EUROCRYPT '87 Proceedings, Springcr-Verlag, 1988, pp. 287-300.

1574. R. Vogel, "On the Linear Complexity of Caseaded Sequences," Advances in Cryptology:

Proceedings oi EUROCRYPT 84, Springer-Verlag, 1985, pp. 99- 109.

1575. S. von Solms and D. Naccache, "On Blind Signatures and Perfect Crimes," Computers & Security, v. 11, 1992, pp. 581-583.

1576. V.L. Voydock and S.T. Kent, "Security Meehanisms in High-Level Networks, " ACM Computing Surveys, v. 15, n. 2, Jun 1983, pp. 135-171.

1577. N.R. Wagner, RS. Putter, and M.R. Cain, "Large-Scale Randomization Techniques," Advances in Cryptology CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 393 -404.

1578. M. Waidner and B. Pfitzmann, "The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability," Advances in Cryptology EUROCRYPT '89 Proceedings, Springer-Verlag, 1990, p. 690.

1579. S.T. Walker, "Software Key Escrow A Better Solution for Law Enforcement's Needs ?" TIS Report #533, Trusted Information Systems, Aug 1994.

1580. S.T. Walker, "Thoughts on Key Eserow Acceptability, " TIS Report #534D, Trusted Information Systems, Nov 1994.

1581. S.T. Walker, S.B. Lipner, C.M. Ellison, D.K. Branstad, and D.M. Balenson, "Commercial Key Escrow Something for Everyone Now and for the Future," TIS Report #541, Trusted Information Systems, Jan 1995.

1582. M.Z. Wang and J.L. Massey, "The Characteristics of All Binary Sequences with Perfect Linear Complexity Profiles," Abstracts of Papers, EUROCRYPT '86. 20-22 May 1986.

1583. E.J. Watson, "Primitive Polynomials (Mod 2 )," Mathematics of Computation, v. 16, 1962, p. 368.

1584. P. Wayner, "Mimic Functions," Cryptologia, v. 16, n. 3, Jul 1992, pp. 193-214.

1585. P. Wayner, "Mimic Functions and Tractability, " draft manuscript, 1993.

1586. A.F. Webster and S.E. Tavares, "On the Design of S-Boxes," Advances in Cryptology CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 523-534.

1587. G. Welchman, The Hut Six Story: Breaking the Enigma Codes, New York: McGraw-Hill, 1982.

1588. A.L. Wells Jr., "A Polynomial Form for Logarithms Modulo a Prime," IEEE Transactions on Information Theory Nov 1984, pp. 845-846.

1589. D.J. Wheeler, "A Bulk Data Encryption Algorithm," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 127-134.

1590. D.J. Wheeler, personal communication, 1994.

1591. D.J. Wheeler and R. Needham, "A Large Block DES-Like Algorithm," Technical Report 35S, "Two Cryptographic Notes," Computer Laboratory, University of Cambridge, Dec 1994, pp. 1-3.

1592. D.J. Wheeler and R. Needham, "TEA, A Tiny Encryption Algorithm, " Technical Report 355, "Two Cryptographic Notes," Computer Laboratory, University of Cambridge, Dee 1994, pp. 1-3.

1593. S.R. White, "Covert Distributed Processing with Computer Viruses, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 616-619.

1594. White House, Office of the Press Secretary, "Statement by the Press Secretary," 16 Apr 1993.

1595. B.A. Wichman and I.D. Hill, "An Efficient and Portable Pseudo-Random Number Generator," Applied Statistics, v. 31, 1982, pp. 188-190.

1596. M.J. Wiener, "Cryptanalysts of Short RSA Secret Exponents," IEEE Transactions on Information Theory, v. 36, n. 3, May 1990, pp. 553-5.58.

1597. M.J. Wiener, "Efficient DES Key Search." presented at the rump session of CRYPTO '93, Aug 1993.

1598. M.J. Wiener, "Efficient DES Key Search," TR-244, School of Computer Science, Car leton University, May 1994.

1599. M.V. Wilkes, Time-Sharing Computer Systems, New York: American Elsevier, 1968.

1600. E.A. Williams, An Invitation to Cryptograms, New York: Simon and Schuster, 1959.

1601. H.C. Williams, "A Modification of the RSA Public-Key Encryption Procedure, " IEEE Transactions on Information Theory, v. IT-26, n. 6, Nov 1980, pp. 726-729.

1602. H.C. Williams, "An Overview of Factoring," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 71-80.

1603. H.C. Williams, "Some Public-Key Crypto-Functions as Intractable as Factorization, " Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, pp. 66-70.

1604. H.C. Williams, "Some Public-Key Crypto-Functions as Intractable as Factorization," Cryptologia, v. 9, n. 3, Jul 1985, pp. 223-237.

1605. H.C. Williams "An M3 Public-Key Encryption Scheme," Advances in Cryptology CRYPTO 85, Springer-Verlag, 1986, pp. 358-368.

1606. R.S. Winternitz, "Producing One-Way Hash Functions from DES," Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203-207.

1607. R.S. Winternitz, "A Secure One-Way Hash Function Built from DES," Proceedings of the 1984 Symposium on Security and Privacy, 1984, pp. 88-90.

1608. S. Wolfram, "Random Sequence Generation by Cellular Automata," Advances in Applied Mathematics, v. 7, 1986, pp. 123-164.

1609. S. Wolfram, "Cryptography with Cellular Automata, " Advances in Cryptology CRYPTO '85 Proceedings, SpringerVerl ag, 1986, pp. 429 -432.

1610. T.Y.C. Woo and S.S. Lam, "Authentication for Distributed Systems," Computer, v. 25, n. 1, Jan 1992, pp. 39-52.

1611. T.Y.C. Woo and S.S. Lam, "'Authentication Revisited," Computer, v. 25, n.3, Mar 1992, p. 10.

1612. T.Y.C. Woo and S.S. Lam, "A Semantic Model for Authentication Protocols," Procee dings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy 1993, pp. 178-194.

1614. M.C. Wood, "Method of Cryptographically 1628. Transforming Electronic Digital Data from One Form to Another," U.S. Patent #5,003,596, 26 Mar 1991.

1615. M. C. Wood, personal communication, 1993.

1616. C.K. Wu and X.M. Wang, "Determination of the True Value of the Euler Totient Function in the RSA Cryptosystem from a Set of Possibilities," Electronics Letters, v. 29, n. 1, 7 Jan 1993, pp. 84-85.

1617. M.C. Wunderlich, "Recent Advances in the Design and Implementation of Large Integer Factorization Algorithms, " Proceedings of 1983 Symposium on Security and Privacy, IEEE Computer Society Press, 1983, pp. 67-71.

1619. Y.Y. Xian, "New Public Key Distribution System," Electronics Letters, v. 23, n. 11, 1987, pp. 560-561.

1620. L.D. Xing and L.G. Sheng, "Cryptanalysts of New Modified Lu-Lee Cryptosystems," Electronics Letters, v. 26, n. 19, 13 Sep 1990, p. 1601-1602.

1621. W. Xinmei, "Digital Signature Scheme Based on Error-Correcting Codes, " Electronics Letters, v. 26, n. 13, 21 Jun 1990, p. 1634. 898-899.

1622. S.B. Xu, INK. He, and X.M. Wang, "An Implementation of the GSM General Data Encryption Algorithm A5, " CHINACRYPT '94, Xidian, China, 11-15 Nov 1994, pp. 287 291. (In Chinese.) 1623. M. Yagisawa, "A New Method for Realizing Public-Key Cryptosystem," Cryptologia, v. 9, n. 4, Oct 1985, pp. 360-380.

1625. C.H. Yang and H. Morita, "An Efficient Modular-Multiplication Algorithm for Smart-Card Software Implementation, " IEICE Japan, Technical Report, ISEC91-58, 1991.

1626. J.H. Yang, K.C. Zeng, and Q.B. Di, "On the Construction of Large S-Boxcs, " CHINACRYPT'94, Xidian, China, 11-15 Nov 1994, pp. 24-32. (In Chinese.) 1627. A.C.-C. Yao, "Protocols for Securc Computations, " Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 1982, pp. 160 -164.

1628. B. Yee, "Using Secure Coprocessors, " Ph.D. dissertation, School of Computer Science, Carnegie Mellon University, May 1994.

1629. S.-M. Yen, "Design and Computation of Public Key Cryptosystems," Ph. D. dissertation, National Cheng Hung University, Apr 1994.

1630. S.-M. Yen and C.-S. Lai, "New Digital Signature Scheme Based on the Discrete Logarithm," Electronics Letters, v. 29, n. 12, 1993, pp. 1120-1121.

1631. K. Yin and K. Peterson, "A Single-Chip VLSI Implementation of the Discrete Exponential Public-Key Distribution System, " IBM Systems journal, v. 15, n. 1, 1982, pp. 102-116.

1632. K. Yiu and K. Peterson, "A Single-Chip VLSI Implementation of the Discrete Exponential Public-Key Distribution System," Proceedings of Government Microcircuit Applications Conference, 1982, pp. 18-23.

1633. H.Y. Youm, S.L. Lee, and M.Y. Rhee, "Practical Protocols for Electronic Cash," Proceedings of the 1993 Korea-Japan Workshop on Information Security and Cryptography Seoul, Korea, 24-26 Oct 1993, pp. 10-22.

1634. M. Yung, "Cryptoprotocols: Subscriptions to a Public Key, the Secret Blocking, and the Multi-Player Mental Poker Game, " Advances in Cryptology: Proceedings of CRYPTO 84, Springer-Verlag, 1985, 439-453.

1635. G. Yuval, "How to Swindle Rabin," Cryptologia, v. 3, n. 3, Jul 1979, pp. 187-190.

1636. K.C. Zeng and M. Huang, "On the Linear Syndrome Method in Cryptanalysis, " Advances in Cryptology CRYPTO '88 Proceedings, Springer-Verlag, 1990, pp. 469-478.

1637. K.C. Zeng, M. Huang, and T.R.N. Rao, "An Improved Linear Algorithm in Cryptanalysis with Applications, " Advances in Cryptology CRYPT O '90 Proceedings, Springer-Verlag, 1991, pp. 34-47.

1638. K.C. Zeng, C.-H. Yang, and T.R.N. Rao, "On the Linear Consistency Test ILCTl in Cryptanalysis with Applications," Advances in Cryptology CRYPT O '89 Proceedings, Springer-Verlag, 1990, pp. 164-174.

1639. K.C. Zeng, C.-H. Yang, L. Wei, and T. R.N. Rao, "Pseudorandom Bit Generators in Stream-Cipher Cryptography, " IEEE Computer, v. 24, n. 2, Feb libel, pp. 5-17.

1640. M. Zhang, S.E. Tavares, and L.L. Campbell, "Information Leakage of Boolean Functions and Its Relationship to Other Cryptographic Criteria," Proceedings of the 2nd Annual ACM Conference on Computer and Communications Security, ACM Press, 1994, pp.

156-165.

1641. M. Zhang and G. Xiao, "A Modified Dcsign Criterion for Stream Ciphers," CHINACRYPT'94, Xidian, China, 11-15 Nov 1994, pp. 201-209. (In Chinese.) 1642. Y. Zheng, T. Matsumoto, and H. Imai, "Duality between two Cryptographic Primitives," Papers of Technical Group for Information Security, IEICE of Japan, Mar 1989, pp. 47-57.

1643. Y. Zhcng, T. Matsumoto, and H. Imai, "Impossibility and Optimality Results in Constructing Pseudorandom Permutations," Advances in Cryptology EURO CRYPT ' Proceedings, Springer-Verlag. 1990, pp. 412-422.

1644. Y. Zheng, T. Matsumoto, and H. Imai, "On the Construction of Block Ciphers Provably Sccurc and Not Relying on Any Unproved Hypotheses, " Advances in Cryptology CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 461-480.

1645. Y. Zheng, T. Matsumoto, and H. Imai, "Duality hctwccn two Cryptographic Primitives," Proceedings of the 8th International Conference on Applied Algebra. Algebraic Algorithms and Error-Correcting Codes, Springer-Verlag, 1991, pp. 379-390.

1646. Y. Zheng, J. Pieprzyk, and J. Seberry, "HAVAL A One-Way Hashing Algorithm with Variable Length of Output, " Advances in Crytology AUSCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 83-104.

1647. N. Zierler, "Linear Recurring Sequences," Journal Soc. Indust. Appl. Math., v. 7, n 1, Mar 1959, pp. 31 48.

1648. N. Zierler, "Primitive Trinomials Whose Degree Is a M ersenne Exponent," Information and Control, v. 15, 1969, pp. 67-69.

1649. N. Zierler and J. Brillhart, "On Primitive Trinomials (mod 2)," Information and Control, v. 13, n. 6, Dec 1968, pp. 541-544.

1650. N. Zicrlcr and W.H. Mills, "Products of Linear Recurring Scqucnces," Journal of Algebra, v. 27, n. 1, Oct 1973, pp. 147-157.

1651. C. Zimmer, "Perfect Gibberish," Discover, v. 13, n. 12, Dec 1992, pp. 92-99.

1652. P. Zimmermann, The Official PGP User's Guide, Boston: MIT Press, 1995.

1653. P. Zimmermann, PGP Source Code and Internals, Boston: MIT Press, 1995.