References

[1] Martin Abadi, Joan Feigenbaum, and Joe Kilian. On hiding information from an oracle. In Proceedings of the 19th ACM Symposium on Theory of Computing, pages 195–203. ACM, 1987.

[2] Martin Abadi, Joan Feigenbaum, and Joe Kilian. On hiding information from an oracle. Journal of Computer and Systems Science, 39 (1):21–50, 1989.

[3] L. M. Adleman. An abstract theory of computer viruses. In S. Gold-wasser, editor, Advances in Cryptology—Crypto '88, pages 354–374. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[4] L. M. Adleman, K. Manders, and G. Miller. On taking roots in finite fields. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science, pages 175–177, 1977.

[5] Manindra Agarwal, Nitin Saxena, and Neeraj Kayal. PRIMES is in P. Preprint, August 6, 2002.

[6] James P. Anderson. Computer security technology planning study. Technical Report ESD–TR–73–51, USAF Electronic Systems Division, Hanscom AFB, October 1972.

[7] R. Anderson, S. Vaudenay, B. Preneel, and K. Nyberg. The Newton Channel. In Workshop on Information Hiding, pages 151–156, 1996.

[8] Ross Anderson and Markus Kuhn. Tamper resistance—a cautionary note. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pages 1–11, November 1996.

[9] Ross Anderson, Harry Manifavas, and Chris Sutherland. A practical electronic cash system, 1995. Available from author: [email protected].

[10] Ross J. Anderson and Markus Kuhn. Low cost attacks on tamper resistant devices. In Security Protocols—Proceedings of the 5th International Workshop, pages 125–136. Springer-Verlag, April 7–9, 1997. Lecture Notes in Computer Science No. 1361.

[11] N. Asokan, Victor Shoup, and Michael Waidner. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications, 18(4):593–610, April 2000.

[12] Eric Bach and Jeffrey Shallit. Algorithmic Number Theory—Volume I: Efficient Algorithms, Chapter 7—Solving Equations over Finite Fields. MIT Press, 1996.

[13] P. Baran. On distributed communications: IX. security, secrecy, and tamper-free considerations. Technical Report RM-3765-PR, The Rand Corp., 1964.

[14] Donald Beaver. Multiparty protocols tolerating half faulty processors. In G. Brassard, editor, Advances in Cryptology—Crypto '89, pages 560–572. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.

[15] Donald Beaver. Efficient multiparty protocols using circuit randomization. In J. Feigenbaum, editor, Advances in Cryptology—Crypto '91, pages 420–432. Springer, 1992. Lecture Notes in Computer Science No. 576.

[16] Donald Beaver and Shafi Goldwasser. Multiparty computation with faulty majority. In G. Brassard, editor, Advances in Cryptology—Crypto '89, pages 589–590. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.

[17] Mihir Bellare, Shafi Goldwasser, and D. Micciancio. Pseudo-random number generation within cryptographic algorithms: the DSS case. In Advances in Cryptology—Crypto '97, pages 277–291. Springer-Verlag, 1997.

[18] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73, 1993.

[19] Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption. In Alfredo De Santis, editor, Advances in Cryptology—Eurocrypt '94, pages 92–111. Springer, 1995. Lecture Notes in Computer Science No. 950.

[20] Michael Ben-Or, Shafi Goldwasser, Joe Kilian, and Avi Wigderson. Multi-prover interactive proofs: How to remove intractability assumptions. In Proceedings of the 20th ACM Symposium on Theory of Computing, pages 113–132. ACM, 1988.

[21] J. Benaloh. Secret sharing homomorphisms: Keeping shares of A secret sharing. In A. M. Odlyzko, editor, Advances in Cryptology—Crypto '86. Springer, 1987. Lecture Notes in Computer Science No.263.

[22] J. Benaloh and J. Leichter. Generalized secret sharing and monotone functions. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 27–36. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[23] Josh C. Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, 1988.

[24] E. Biham. Cryptanalysis of Patarin's 2-round public key system S-Boxes (2R). In Advances in Cryptology—Eurocrypt '00, pages 408–416. Springer-Verlag, 2000.

[25] E. Biham and A. Shamir. A Differential Cryptanalysis of the Data Encryption Standard. Springer–Verlag, 1993.

[26] E. Biham and A. Shamir. Power analysis of the key scheduling of the AES candidates. In Second AES conference, pages 115–121, 1999.

[27] Loyd Blankenship. Gurps Cyberpunk—high-tech low-life roleplaying sourcebook. Steve Jackson Games, 1990.

[28] Matt Blaze. Protocol failure in the escrowed encryption standard. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 59–67. ACM, 1994.

[29] Matt Blaze, Joan Feigenbaum, and F. T. Leighton. Master-key cryptosystems. Technical Report DIMACS: TR 96-02, Center for Discrete Mathematics and Theoretical Computer Science, 1996.

[30] L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudorandom number generator. SIAM Journal on Computing, 15(2):364–383, May 1986.

[31] M. Blum. Coin flipping by telephone: A protocol for solving impossible problems. In Proceedings of the 24th IEEE Computer Conference (CompCon), pages 133–137. IEEE, 1982.

[32] M. Blum, P. Feldman, and S. Micali. Proving security against chosen cyphertext attacks. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 256–268. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[33] Manuel Blum. Coin flipping by telephone. In Allen Gersho, editor, Advances in Cryptology: A Report on Crypto '81, pages 11–15. U.C. Santa Barbara Dept. of Elec. and Computer Eng., 1982. Tech Report 82-04.

[34] D. Boneh and R. Venkatesan. Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In Advances in Cryptology—Crypto '96, pages 129–142. Springer-Verlag, 1996.

[35] Dan Boneh. The decision Diffie–Hellman problem. In Third Algorithmic Number Theory Symposium, pages 48–63, 1998. Lecture Notes in Computer Science No. 1423.

[36] Dan Boneh and Matt Franklin. Identity-based encryption from the Weil pairing. In Advances in Cryptology—Crypto '01, pages 213–229. Springer-Verlag, 2001. Lecture Notes in Computer Science No. 2139.

[37] Stefan Brands. Untraceable off-line cash in wallets with observers. In Douglas R. Stinson, editor, Advances in Cryptology—Crypto '93, pages 302–318. Springer, 1994. Lecture Notes in Computer Science No. 773.

[38] G. Brassard, C. Crépeau, and Jean-Marc Robert. Information theoretic reductions among disclosure problems. In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 168–173. IEEE, 1986.

[39] G. Brassard, C. Crépeau, and Jean-Marc Robert. All-or-nothing disclosure of secrets. In A. M. Odlyzko, editor, Advances in Cryptology—Crypto '86, pages 234–238. Springer-Verlag, 1987. Lecture Notes in Computer Science No. 263.

[40] E. F. Brickell. Some ideal secret sharing schemes. Journal of Computer and Systems Science, 37:156–189, 1988.

[41] E. F. Brickell, D. E. Denning, S. T. Kent, D. P. Maher, and W. Tuchman. Skipjack Review, Interim Report: The Skipjack Algorithm, July 28, 1993.

[42] Ernest F. Brickell and Daniel M. Davenport. On the classification of idea secret sharing schemes. In G. Brassard, editor, Advances in Cryptology—Crypto '89, pages 278–285. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.

[43] John Brunner. The Shockwave Rider. Del Rey, 1975.

[44] J. P. Buhler, H. W. Lenstra, and Carl Pomerance. The development of the number field sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1994.

[45] C. Burwick, D. Coppersmith, E. D'Avignon, R. Gennaro, S. Halevi, C. Jutla, S. Matyas, L. O'Connor, M. Peyravian, D. Safford, and N. Zunic. MARS—A candidate cipher for AES. NIST AES Proposal, June 1998.

[46] Samuel Butler. Erewhon. Indypublish.com, 1872.

[47] Christian Cachin, Jan Camenisch, Joe Kilian, and Joy Muller. One–round secure computation and secure autonomous mobile agents. In U. Montanari, J. P. Rolim, and E. Welzl, editors, Proceedings of the 27th International Colloquium on Automata, Languages, and Programming (ICALP), pages 512–523. Springer, 2000. Lecture Notes in Computer Science No. 1853.

[48] Christian Cachin, Silvio Micali, and Markus Stadler. Computationally private information retrieval with polylogarithmic communication. In J. Stern, editor, Advances in Cryptology—Eurocrypt '99, pages 402–414. Springer–Verlag, 1999. Lecture Notes in Computer Science No. 1592.

[49] J. Camenisch and I. B. Damgård. Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In Advances in Cryptology—Asiacrypt '00, Lecture Notes in Computer Science No. 1976, pages 331–345. Springer-Verlag, 2000.

[50] Jan Camenisch, Ueli Maurer, and Markus Stadler. Digital payment systems with passive anonymity–revoking trustees. In European Symposium on Research in Computer Security (ESORICS), pages 33–43, 1996.

[51] James Cameron. The Terminator, January 1984. Screenplay: Harlan Ellison, James Cameron, Gale Anne Hurd, William Wisher.

[52] R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In Advances in Cryptology—Crypto '97, pages 90–104. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1294.

[53] D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 319–327. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[54] David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24:84–88, February 1981.

[55] David Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology, 1:65–75, 1988.

[56] David Chaum. The spymasters double-agent problem: Multiparty computations secure unconditionally from minorities and cryptographically from majorities. In G. Brassard, editor, Advances in Cryptology-Crypto '89, pages 591–603. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.

[57] David Chaum, Claude Crépeau, and Ivan Damgård. Multiparty unconditionally secure protocols. In Carl Pomerance, editor, Advances in Cryptology—Crypto '87, pages 462–462. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 293.

[58] David Chaum, Ivan B. Damgård, and Jeroen van de Graaf. Multiparty computations ensuring privacy of each party's input and correctness of the result. In Carl Pomerance, editor, Advances in Cryptology—Crypto '87, pages 87–119. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 293.

[59] B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults. In Proceedings of the 26th IEEE Symposium on Foundations of Computer Science, pages 383–395. IEEE, 1985.

[60] Benny Chor and Niv Gilboa. Computationally private information retrieval. In Proceedings of the 29th ACM Symposium on Theory of Computing, pages 304–313. ACM, 1997.

[61] Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. In Proceedings of the 36th IEEE Symposium on Foundations of Computer Science, pages 304–313. IEEE, 1995.

[62] Cristina Cifuentes and Mike Van Emmerik. Recovery of jump table case statements from binary code. Science of Computer Programming, 40:171–188, 2001.

[63] Cristina Cifuentes and Antoine Fraboulet. Intraprocedural static slicing of binary executables. In Proceedings of the IEEE International Conference on Software Maintenance. IEEE, 1997.

[64] Cristina Cifuentes and Doug Simon. Procedure abstraction recovery from binary code. In Proceedings of the Conference on Software Maintenance and Reengineering, pages 55–64, 2000.

[65] Cristina Cifuentes, Doug Simon, and Antoine Fraboulet. Assembly to high–level language translation. In Proceedings of the IEEE International Conference on Software Maintenance, pages 228–237. IEEE, 1998.

[66] Fred Cohen. Computer viruses: theory and experiments. In Proceedings of the 7th DoD/NBS Computer Security Conference, pages 240–263, September 1984.

[67] Fred Cohen. Computer viruses—theory and experiments. In IFIP-TC11 Computers and Security, volume 6, pages 22–35, 1987.

[68] Fred Cohen. A cryptographic checksum for integrity protection in untrusted computer systems. In IFIP-TC11 Computers and Security, volume 6, 1987.

[69] Fred Cohen. Computer Viruses. PhD thesis, University of Southern California, 1988.

[70] Fred Cohen. Implications of computer viruses and current methods of defense. In Peter J. Denning, editor, Computers Under Attack: Intruders, Worms, and Viruses. Addison-Wesley, 1990.

[71] David A. Cooper and Kenneth P. Birman. Preserving privacy in a network of mobile computers. In Proceedings of the 16th IEEE Symposium on Security and Privacy, pages 26–38. IEEE, 1995.

[72] Don Coppersmith. The data encryption standard (DES) and its strength against attacks. Technical Report RC 18613(81421), IBM T.J. Watson Research Center, December 1992.

[73] Don Coppersmith. Finding a small root of a bivariate integer equation; factoring with high bits known. In Ueli Maurer, editor, Advances in Cryptology—Eurocrypt '96, pages 178–189. Springer, 1996. Lecture Notes in Computer Science No. 1233.

[74] Don Coppersmith. Finding a small root of a univariate modular equation. In Ueli Maurer, editor, Advances in Cryptology—Eurocrypt '96, pages 155–165. Springer, 1996. Lecture Notes in Computer Science No. 1233.

[75] Lance Cottrell. Mixmaster & remailer attacks. Available at http://www.obscura.com/~loki/remailer/remailer-essay.html.

[76] Ronald Cramer and Victor Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In Hugo Krawczyk, editor, Advances in Cryptology—Crypto '98, pages 13–25. Springer-Verlag, 1998. Lecture Notes in Computer Science No. 1462.

[77] Claude Crépeau and Alain Slakmon. Simple backdoors for RSA key generation. In Marc Joye, editor, Topics in Cryptology CT-RSA, The Cryptographers' Track at the RSA Conference, pages 403–416. Springer, 2003. Lecture Notes in Computer Science No. 2612.

[78] I. Damgård. Towards practical public key systems secure against chosen ciphertext attacks. In J. Feigenbaum, editor, Advances in Cryptology—Crypto '91, pages 445–456. Springer, 1992. Lecture Notes in Computer Science No. 576.

[79] Ivan Damgård and Mads Jurik. A generalisation, a simplification and some applications of Paillier's probabilistic public-key system. In Kwangjo Kim, editor, Proceedings of the 4th Workshop on Practice and Theory in Public Key Cryptography (PKC), pages 119–136. Springer, February 2001.

[80] DARPA. Workshop on foundations for secure mobile code, March 1997. http://www.cs.nps.navy.mil/research/languages/wkshp.html.

[81] Don Davis, Ross Ihaka, and Philip Fenstermacher. Cryptographic randomness from air turbulence in disk drives. In Yvo G. Desmedt, editor, Advances in Cryptology—Crypto '94, pages 114–120. Springer, 1994. Lecture Notes in Computer Science No. 839.

[82] J. A. Davis and D. B. Holdridge. Factorization using the quadratic sieve algorithm. In D. Chaum, editor, Advances in Cryptology—Crypto '83, pages 103–113. Plenum Press, 1984.

[83] R. DeMillo and M. Merrit. Protocols for data security. IEEE Computer, 16(2):39–50, 1983.

[84] B. denBoer. Diffie-Hillman is as strong as discrete log for certain primes. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 530–539. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[85] Dorothy E. Denning. Cryptography and Data Security, pages 232, 318, Addison-Wesley, 1983.

[86] Dorothy E. Denning. Information Warfare and Security, page 270, Addison-Wesley, 1999.

[87] Peter J. Denning. The science of computing: Computer viruses. American Scientist, 76:236–238, May–June 1988.

[88] Peter J. Denning. The internet worm. In Peter J. Denning, editor, Computers Under Attack: Intruders, Worms, and Viruses. Addison-Wesley, 1989. Reprinted from American Scientist, March-April 1989, pages 126–128.

[89] Y. Desmedt. Abuses in cryptography and how to fight them. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 375–389. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[90] Yvo Desmedt. Simmons' protocol is not free of subliminal channels. In Proceedings of the Computer Security Foundations Workshop, pages 170–175. IEEE Computer Society Press, 1996.

[91] A. K. Dewdney. Computer recreations: In the game called Core War hostile programs engage in a battle of bits. Scientific American, 250(5):14–22, May 1984.

[92] W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22:644–654, November 1976.

[93] Y. Ding-Feng, L. Kwok-Yan, and D. Zong-Duo. Cryptanalysis of the “2R” schemes. In Advances in Cryptology—Crypto '99, pages 315–325. Springer-Verlag, 1999.

[94] H. Dobbertin. Alf Swindles Ann, CryptoBytes (3) 1, Autumn, 1995.

[95] D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proceedings of the 23rd ACM Symposium on Theory of Computing, pages 542–552. ACM, 1991.

[96] Underwood Dudley. Elementary Number Theory, 2nd edition. W. H. Freeman and Co., September 1978.

[97] D. Eastlake, S. Crocker, and J. Schiller. Randomness recommendations for security, December 1994. RFC 1750.

[98] Shimon Even. Algorithmic Combinatorics. Macmillan, New York, 1973.

[99] Joan Feigenbaum. Encrypting problem instances, or, Can you take advantage of someone without having to trust him? In H. C. Williams, editor, Advances in Cryptology—Crypto '85, pages 477–488. Springer-Verlag, 1986. Lecture Notes in Computer Science No. 218.

[100] Joan Feigenbaum and Michael Merritt. Open questions, talk abstracts, and summary of discussions. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, volume 2, pages 1–45. AMS, 1991.

[101] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, pages 427–438. IEEE, 1987.

[102] W. Feller. An Introduction to Probability Theory and its Applications. John Wiley & Sons, Inc., 1957.

[103] Pierre-Alain Fouque, Jacques Stern, and Geert-Jan Wackers. Cryptocomputing with rationals. In Proceedings of the Sixth International Financial Cryptography Conference. Springer-Verlag, March 11–14 2003.

[104] Yair Frankel and Moti Yung. Escrow encryption systems visited: Attacks, analysis and design. In Don Coppersmith, editor, Advances in Cryptology—Crypto '95, pages 222–235. Springer, 1995. Lecture Notes in Computer Science No. 963.

[105] Matthew Franklin. Complexity and Security of Distributed Protocols. PhD thesis, Department of Computer Science, Columbia University, 1994.

[106] Matthew Franklin and Stuart Haber. Joint encryption and message-efficient secure computation. In Douglas R. Stinson, editor, Advances in Cryptology—Crypto '93, pages 266–277. Springer, 1994. Lecture Notes in Computer Science No. 773.

[107] Matthew K. Franklin and Moti Yung. Communication complexity of secure computation (extended abstract). In Proceedings of the 24th ACM Symposium on Theory of Computing, pages 699–710. ACM, 1992.

[108] E. Fujisaki and T. Okamoto. A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In Kaisa Nyberg, editor, Advances in Cryptology—Eurocrypt '98, pages 32–46. Springer-Verlag, 1998. Lecture Notes in Computer Science No. 1403.

[109] E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In J. Kilian, editor, Advances in Cryptology—Crypto '01, volume 2139 of Lecture Notes in Computer Science, pages 260–274. Springer-Verlag, 2001.

[110] T. El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, 1985.

[111] Michael Gilleland. Working with fractions in java—harmonic numbers. Table of the first 100 harmonic numbers. Downloaded from http://www.merriampark.com/fractions.htm.

[112] Ceki Gülcü and Gene Tsudik. Mixing e-mail with Babel. In Symposium on Network and Distributed System Security, pages 2–16. Internet Society, February 1996.

[113] O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, pages 464–479. IEEE, 1984.

[114] O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):792–807, October 1986.

[115] Oded Goldreich. The Foundations of Cryptography, volume 1. Cambridge University Press, June 2001.

[116] Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the 19th ACM Symposium on Theory of Computing, pages 218–229. ACM, 1987.

[117] S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, April 1984.

[118] S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. In Proceedings of the 17th ACM Symposium on Theory of Computing, pages 291–304. ACM, 1985.

[119] P. Golle and D. Boneh. Almost entirely correct mixing with applications to voting. In Proceedings of the 9th ACM conference on Computer and Communications Security, pages 59–68. ACM, 2002.

[120] Philippe Golle, Markus Jakobsson, Ari Juels, and Paul Syverson. Universal Re-encryption for Mixnets. RSA Conference—Cryptographer's Track, 2003.

[121] G. S. Graham and P. J. Denning. Protection—principles and practice. AFIPS Spring Joint Computer Conference, 40:417–429, 1972.

[122] Ronald Graham, Oren Patashnik, and Donald Ervin Knuth. Concrete Mathematics: A Foundation for Computer Science (2nd edition), page 29, Addison-Wesley, 1994.

[123] Roger A. Grimes. Malicious Mobile Code. O'Reilly & Associates, Inc., 2001.

[124] M. Gude. Concept for a high-performance random number generator based on physical random phenomena. Frequenz, 39:187–190, 1985.

[125] L. C. Guillou and J.-J. Quisquater. A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 216–231. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[126] Louis Guillou and Jean-Jacques Quisquater. Efficient digital public-key signature with shadow. In Carl Pomerance, editor, Advances in Cryptology—Crypto '87, pages 223–223. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 293.

[127] Katie Hafner and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster, 1991.

[128] G. H. Hardy and E. M. Wright. An Introduction to the Theory of Numbers, 4th edition. Oxford Clarendon Press, 1975.

[129] David Harley, Robert Slade, and Urs E. Gattiker. Viruses Revealed. Osborne/McGraw-Hill, 2001.

[130] B. Hayes. Anonymous one-time signatures and flexible untraceable electronic cash. In J. Seberry and J. Pieprzyk, editors, Advances in Cryptology—Auscrypt '90, volume 453 of Lecture Notes in Computer Science, pages 294–305. Springer-Verlag, 1990.

[131] A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, and M. Yung. Proactive public key and signature schemes. In Proceedings of the Fourth Annual Conference on Computer and Communications Security, pages 100–110. ACM, 1997.

[132] Greg Hoglund and Gary McGraw. Exploiting Software, Chapter 8: Rootkits, Addison-Wesley, 2004.

[133] Patrick Horster, Markus Michels, and Holger Petersen. Subliminal channels in discrete logarithm based signature schemes and how to avoid them. Technical Report TR-94-13-D, University of Technology Chemnitz-Zwickau, September 1994.

[134] D. A. Huffman. A method for the construction of minimum-redundancy codes. Proceedings of the Institute of Radio Engineers (IRE), 40(9):1098–1101, September 1952.

[135] American National Standards Institute. ANSI X9.17: Financial institution key management (wholesale), 1985. ASC X9 Secretariat—American Bankers Association.

[136] M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS '99). Kluwer, 1999.

[137] Markus Jakobsson. A practical mix. In Kaisa Nyberg, editor, Advances in Cryptology—Eurocrypt '98, pages 448–461. Springer-Verlag, 1998. Lecture Notes in Computer Science No. 1403.

[138] Markus Jakobsson and D. M'Raihi. Mix-based electronic payments. In Stafford E. Tavares and Kenk Meijer, editors, Selected Areas in Cryptography '98, Canada, August 17–18, pages 157–173. Springer, 1999. Lecture Notes in Computer Science No. 1556.

[139] Markus Jakobsson, Elizabeth A. M. Shriver, Bruce Hillyer, and Ari Juels. A practical secure physical random bit generator. In ACM Conference on Computer and Communications Security, pages 103–111. ACM, 1999.

[140] Markus Jakobsson and Moti M. Yung. Revokable and versatile e-money. In Proceedings of the Third Annual ACM Conference on Computer and Communications Security, pages 76–87. ACM, 1996.

[141] N. Johnson, Z. Duric, and S. Jajodia. Information Hiding: Steganography and Watermarking—Attacks and Countermeasures. Kluwer Academic Publishers, 2000.

[142] S. M. Johnson. Generation of permutations by adjacent transpositions. Mathematics of Computation, 17:282–285, 1963.

[143] D. F. Jones. Colossus. Berkeley Pub Group, 1966. Reissue March, 1985.

[144] Antoine Joux. The Weil and Tate pairings as building blocks for public key cryptosystems. In Claus Fieker and David R. Kohel, editors, Proceedings of the Fifth Algorithmic Number Theory Symposium (ANTS), pages 20–32. Springer, 2002. Lecture Notes in Computer Science No. 2369.

[145] M. Joye, P. Paillier, and S. Vaudenay. Generating RSA moduli with predetermined portion. In Ç. K. Koç and Christof Paar, editors, Proceedings of the 2nd Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 340–354. Springer-Verlag, 2000. Lecture Notes in Computer Science No. 1965.

[146] A. Juels and J. Brainard. Client puzzles: A cryptographic defense against connection depletion attacks. In S. Kent, editor, Proceedings of Networks and Distributed Security Systems, pages 151–165. Internet Society, 1999.

[147] A. Juels and J. Guajardo. RSA key generation with verifiable randomness. In D. Naccache and P. Paillier, editors, Proceedings of the 5th Workshop on Practice and Theory in Public Key Cryptography (PKC), pages 357–374. Springer-Verlag, 2002.

[148] A. Juels, M. Jakobsson, E. Shriver, and B. Hillyer. How to turn loaded dice into fair coins. IEEE Transactions on Information Theory, IT-46(3):911–921, 2000.

[149] Benjamin Jun and Paul Kocher. The Intel random number generator, April 22, 1999. White Paper—Downloaded from http://download.intel.com/design/security/rng/CRIwp.pdf (prepared for Intel Corporation).

[150] A. A. Karatsuba and Yu. P. Ofman. Multiplication of multidigit numbers by automata. Physics Doklady, 7:595–596, 1963. Translated from Doklady Akad. Nauk, vol. 145, no. 2, pages 293–294, 1962.

[151] Paul A. Karger and Roger R. Schell. Multics security evaluation: Vulnerability analysis. Technical Report ESD-TR-74-193 volume II, HQ Electronic Systems Division, Hanscom AFB, MA 01731, June 1974.

[152] Jonathan Katz, Steven Myers, and Rafail Ostrovsky. Cryptographic counters and applications to electronic voting. In Birgit Pfitzmann, editor, Advances in Cryptology—Eurocrypt '01, pages 78–92. Springer–Verlag, 2001. Lecture Notes in Computer Science No. 2045.

[153] John Kelsey, Bruce Schneier, and David Wagner. Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES–X, NewDES, RC2, and TEA. In International Conference on Information and Communications Security, pages 233–246, 1997.

[154] Brian W. Kernighan and Dennis M. Ritchie. The C Programming Language, 2nd edition. Prentice Hall Software Series. Prentice Hall, March 1989.

[155] J. Kilian and F. T. Leighton. Fair cryptosystems revisited. In Advances in Cryptology—Crypto '95, pages 208–221. Springer-Verlag, 1995.

[156] N. Koblitz. A Course in Number Theory and Cryptography. Springer-Verlag, New York, 1987.

[157] N. Koblitz. Elliptic curve cryptosytems. Mathematics of Computation, 48(177):203–209, 1987.

[158] N. Koblitz. Constructing elliptic curve cryptosystems in characteristic 2. In A. J. Menezes and S. A. Vanstone, editors, Advances in Cryptology—Crypto '90, pages 156–168. Springer-Verlag, 1991. Lecture Notes in Computer Science No. 537.

[159] Paul C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Neal Koblitz, editor, Advances in Cryptology—Crypto '96, pages 104–113. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1109.

[160] Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology—Crypto '99, pages 388–397. Springer-Verlag, 1999. Lecture Notes in Computer Science No. 1666.

[161] Loren M. Kohnfelder. Towards a practical public-key cryptosystem. B.S. Thesis, supervised by L. Adleman, May 1978.

[162] K. Koyama, U. M. Maurer, T. Okamoto, and S. A. Vanstone. New public–key schemes based on elliptic curves over the ring Z_n. In J. Feigenbaum, editor, Advances in Cryptology—Crypto '91, pages 252–266. Springer, 1992. Lecture Notes in Computer Science No. 576.

[163] D. L. Kreher and D. R. Stinson. Combinatorial Algorithms—Generation, Enumeration, and Search. Encyclopedia of Mathematics and its Applications. CRC Press, 1998.

[164] R. Kumanduri and C. Romero. Number Theory with Computer Applications, Algorithm 9.2.9. Prentice Hall, 1998.

[165] Eyal Kushilevitz and Rafail Ostrovsky. Replication is not needed: Single database, computationally-private information retrieval. In Proceedings of the 38th IEEE Symposium on Foundations of Computer Science, pages 364–373. IEEE, 1997.

[166] J. B. Lacy, D. P. Mitchell, and W. M. Schell. Cryptolib: Cryptography in software. In Proceedings of the 4th USENIX Security Symposium, pages 1–17, 1993.

[167] Butler W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613–615, 1973.

[168] Laurie Law, Susan Sabett, and Jerry Solinas. How to make a mint: the cryptography of anonymous electronic cash. National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 1996.

[169] Sammuel J. Leffler, Marshall Krik McKusick, Michael J. Karels, and John S. Quarterman, editors. The Design and Implementation of the 4.3BSD UNIX Operating System. Addison-Wesley, 1989.

[170] Birgitta Lemmel. The Nobel Medals and the Medal for the Memorial Prize in Economic Sciences. Nobel e-Museum. See http://www.nobel.se/nobel/medals/index.html.

[171] A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse, and J. M. Pollard. The number field sieve. In Proceedings of the 22nd ACM Symposium on Theory of Computing, pages 564–572. ACM, 1990.

[172] Arjen K. Lenstra. Generating RSA moduli with a predetermined portion. In Kazuo Ohta and Dingyi Pei, editors, Advances in Cryptology—Asiacrypt '98, pages 1–10. Springer-Verlag, 1998. Lecture Notes in Computer Science No. 1514.

[173] Scott Lindhurst. An analysis of shanks algorithm for computing square roots in finite fields. In Rajiv Gupta and Kenneth S. Williams, editors, Proceedings of the 5th Conference of the Canadian Number Theory Association (1996), volume 19 of CRM Proceedings and Lecture Notes. American Mathematical Society, August 1999.

[174] Scott Charles Lindhurst. Computing roots in finite fields and groups, with a jaunt through sums of digits—Chapter 3: Extensions of Shanks Algorithm. PhD thesis, University of Wisconsin at Madison, 1997.

[175] R. Lipton. How to cheat at mental poker. In In Proceedings of AMS Short Course on Cryptography, 1981.

[176] Richard Lipton and Tomas Sander. An additively homomorphic encryption scheme or how to introduce a partial trapdoor in the discrete log (submitted for publication), November 1997.

[177] Michael Luby. Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.

[178] R. Duncan Luce and Howard Raiffa. Games and Decisions—Introduction and Critical Survey. Dover Books, 1985.

[179] Kirk Makin. Article written for the Globe and Mail, November 3, 1987.

[180] M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology—Eurocrypt '93, volume 765 of Lecture Notes in Computer Science, pages 386–397. Springer-Verlag, 1994.

[181] Ueli Maurer and Stefan Wolf. Diffie-Hellman oracles. In Advances in Cryptology—Crypto '96, pages 268–282. Springer-Verlag, 1996.

[182] Ueli Maurer and Stefan Wolf. The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms. SIAM Journal on Computing, 28(5):1689–1721, 1999.

[183] Ueli M. Maurer. Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithms. In Yvo G. Desmedt, editor, Advances in Cryptology—Crypto '94, pages 271–281. Springer, 1994. Lecture Notes in Computer Science No. 839.

[184] T. C. May. Section 3.8: Blacknet. In High Noon on the Electronic Frontier, MIT Press, 1996.

[185] John McAfee and Colin Haynes. Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System. St. Martin's Press, 1989.

[186] Declan McCullagh. Crypto-convict won't recant. In Wired News. Wired Digital Inc., April 14, 2000. Jim Bell's quote appears on http://jya.com/ap.htm.

[187] A. Menezes and S. A. Vanstone. The implementation of elliptic curve cryptosystems. In J. Seberry and J. Pieprzyk, editors, Advances in Cryptology—Auscrypt '90, volume 453 of Lecture Notes in Computer Science, pages 2–13. Springer-Verlag, 1990.

[188] A. J. Menezes, editor. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, 1993.

[189] A. J. Menezes and S. A. Vanstone. Elliptic curve cryptosystems and their implementation. Journal of Cryptology, 6:209–224, 1993.

[190] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.

[191] S. Micali and A. Shamir. An improvement of the Fiat-Shamir identification and signature scheme. In S. Goldwasser, editor, Advances in Cryptology—Crypto '88, pages 244–248. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.

[192] Silvio Micali. Fair public-key cryptosystems. In Ernest F. Brickell, editor, Advances in Cryptology—Crypto '92, pages 113–138. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.

[193] Silvio Micali. Guaranteed partial key escrow. Technical Report MIT/LCS/TM-537, MIT Laboratory for Computer Science, September 1995.

[194] Gary L. Miller. Riemann's hypothesis and tests for primality. Journal of Computer and System Sciences, 13(3):300–317, 1976.

[195] Dukjae Moon, Kyungdeok Hwang, Wonil Lee, Sangjin Lee, and Jongin Lim. Impossible differential cryptanalysis of reduced round XTEA and TEA. In Proceedings of the Fast Software Encryption Workshop, pages 49–60, 2002.

[196] David Naccache and Jacques Stern. A new public-key cryptosystem based on higher residues. In ACM Conference on Computer and Communications Security, pages 59–66. ACM, 1998.

[197] Carey Nachenberg. Computer virus-antivirus coevolution. Communications of the ACM, 40(1):46–51, January 1997.

[198] M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st ACM Symposium on Theory of Computing, pages 33–43. ACM, 1989.

[199] Moni Naor and Moti M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attack. In Proceedings of the 22nd ACM Symposium on Theory of Computing, pages 427–437. ACM, 1990.

[200] National Institute of Standards and Technology (NIS). SKIPJACK and KEA algorithm specifications, May 1998. http://csrc.nist.gov/encryption/skipjack-1.pdf, skipjack-2.pdf.

[201] National Institute of Standards and Technology (NIST). Proposed federal information processing standard for secure hash standard. Federal Register, 57(21):3747–3749, January 31, 1992.

[202] National Institute of Standards and Technology (NIST). FIPS Publication 180-1: Secure Hash Standard. Federal Register, April 17, 1995.

[203] National Institute of Standards and Technology (NIST). FIPS Publication 186-2: Digital Signature Standard. Federal Register, January 27, 2000.

[204] National Institute of Standards and Technology (NIST). FIPS Publication 197: Advanced Encryption Standard (AES). Federal Register, November 26, 2001.

[205] Peter G. Neumann. Logic bombs and other system attacks—in Canada. The Risks Digest, 5(63), November 23, 1987.

[206] Peter G. Neumann. IEEE Symposium on Security and Privacy. The Risks Digest, 17(69), February 7, 1996. Reprint of Security & Privacy program by Dale M. Johnson.

[207] Noam Nisan and Amnon Ta-Shma. Extracting randomness: A survey and new constructions. Journal of Computer and System Sciences, 58(1):148–173, 1999.

[208] K. Nyber and R. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. In Journal of Cryptology, volume 8, pages 27–37, 1995.

[209] K. Nyberg and R. Rueppel. Message recovery for signature schemes based on the discrete logarithm problem. In Advances in Cryptology—Eurocrypt '94, pages 182–193. Springer-Verlag, 1994.

[210] National Bureau of Standards. FIPS Publication 46: Announcing the data encryption standard, January 1977.

[211] National Bureau of Standards. Secure hash standard. Technical Report FIPS Publication 180, National Bureau of Standards, 1993.

[212] T. Okamoto and K. Ohta. Universal electronic cash. In J. Feigen–baum, editor, Advances in Cryptology—Crypto '91, pages 324–337. Springer, 1992. Lecture Notes in Computer Science No. 576.

[213] Tatsuaki Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. In Ernest F. Brickell, editor, Advances in Cryptology—Crypto '92, pages 31–53. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.

[214] Tatsuaki Okamoto and Kazuo Ohta. Disposable zero-knowledge authentications and their applications to untraceable electronic cash. In G. Brassard, editor, Advances in Cryptology-Crypto '89, pages 481–497. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.

[215] Rafail Ostrovsky and Moti Yung. How to withstand mobile virus attacks. In Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, pages 51–59. ACM, 1991.

[216] Pascal Paillier. Public–key cryptosystems based on composite degree residue classes. In Jacques Stern, editor, Advances in Cryptology—Eurocrypt '99, pages 223–238. Springer-Verlag, 1999. Lecture Notes in Computer Science No. 1592.

[217] Pascal Paillier and Moti Yung. Self-escrowed public-key infrastructures. In Information Security and Cryptology (ICISC), pages 257–268. Springer, 1999. Lecture Notes in Computer Science No. 1787.

[218] The Symantec Enterprise Papers. Understanding and managing polymorphic viruses, XXX, July 1999. (whitepaper downloaded from http://www.symantec.com/avcenter/whitepapers.html).

[219] Donn B. Parker. Crime by Computer. Charles Scribner's Sons, 1976.

[220] J. Patarin and L. Goubin. Asymmetric cryptography with S-Boxes. In Proceedings of ICICS '97, pages 369–380. Springer, 1997. Lecture Notes in Computer Science No. 1334.

[221] David A. Patterson and John L. Hennessy. Computer Organization & Design—The Hardware/Software Interface. Morgan Kaufmann Publishers Inc., 1994.

[222] Y. Peres. Iterating von Neumann's procedure. The Annals of Statistics, 20(1):590–597, 1992.

[223] H. E. Petersen and R. Turn. System implications of information privacy. Proceedings of the AFIPS Spring Joint Computer Conference, 30:291–300, 1967.

[224] S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory, IT-24(1):106–110, January 1978.

[225] David Pointcheval and Jacques Stern. Security proofs for signature schemes. In U. Maurer, editor, Advances in Cryptology—Eurocrypt '96, pages 387–398. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1070.

[226] David Pointcheval and Jacques Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3):361–396, 2000.

[227] J. M. Pollard. Monte Carlo methods for index computation (mod p). Mathematics of Computation, 32(143):918–924, 1978.

[228] Carl Pomerance. The quadratic sieve factoring algorithm. In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology—Eurocrypt '84, pages 169–182. Springer-Verlag, 1985. Lecture Notes in Computer Science No. 209.

[229] M. Pondsmith, E. Bolme, S. Shirley, A. Swenson, C. Fisk, W. Moss, J. Smith, M. MacDonald, and L. Pondsmith. Night City, 1991. ISBN: 0-937279-11-0, total number of pages: 184.

[230] G. J. Popek and D. A. Farber. A model for verification of data security in operating systems. Communications of the ACM, 21(9):737–749, September 1978.

[231] J. Posegga and G. Karjoth. Mobile agents and telcos' nightmares. Annales des Telecommunications, special issue on communications security, 55:29–41, 2000.

[232] G. Poupard and J. Stern. Fair encryption of RSA keys. In Bart Preneel, editor, Advances in Cryptology—Eurocrypt '00, pages 172–189. Springer, 2000. Lecture Notes in Computer Science No. 1807.

[233] OpenSSL Project. Current version—openssl 0.9.7b, April 10, 2003. Open source toolkit that implements SSL, Transport Layer Security (TLS), and a full featured cryptographic library. OpenSSL is available at http://www.openssl.org.

[234] M. Rabin. Digitalized signatures as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, January 1979.

[235] M. Rabin. Probabilistic algorithms for testing primality. Journal of Number Theory, 12:128–138, 1980.

[236] M. O. Rabin. Digitalized signatures. In Richard A. DeMillo, David P. Dobkin, Anita K. Jones, and Richard J. Lipton, editors, Foundations of Secure Computation, pages 155–168. Academic Press, 1978.

[237] Michael Rabin. Digitalized signatures and public–key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, Laboratory for Computer Science, Massachusetts Institute of Technology, January 1979.

[238] C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Advances in Cryptology—Crypto '91, pages 433–444. Springer, 1992. Lecture Notes in Computer Science No. 576.

[239] Virus Bulletin. Virus Bulletin Ltd., Richard Ford, editor, page 4, March, 1993.

[240] V. Rijmen and B. Preneel. A family of trapdoor ciphers. In E. Biham, editor, Proceedings of the Fast Software Encryption Workshop, pages 139–148. Springer, 1997.

[241] R. L. Rivest. The RC4 Encryption Algorithm (Proprietary). RSA Data Security, Inc., March 12, 1992.

[242] Ronald L. Rivest. The MD4 message digest algorithm. Technical Report MIT/LCS/TM-434, MIT Laboratory for Computer Science, October 1990.

[243] Ronald L. Rivest. The MD5 message-digest algorithm. Internet Request for Comments, April 1992. RFC 1321.

[244] Ronald L. Rivest, Leonard Adleman, and Michael L. Dertouzos. On data banks and privacy homomorphisms. In R. DeMillo, D. Dobkin, A. Jones, and R. Lipton, editors, Foundations of Secure Computation, pages 169–180. Academic Press, 1978.

[245] Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.

[246] M. J. B. Robshaw. Recent proposals to implement Fair Cryptography. Technical Report TR-301, RSA Laboratories, October 1993.

[247] Kenneth H. Rosen. Elementary Number Theory and its Applications, 4th Edition. Addison-Wesley, 2000.

[248] RSA Data Security, Inc. SecurPC for Windows 95 Users Manual, 1997.

[249] RSA Data Security, Inc. PKCS #1: RSA Cryptography Standard, Version 2.1, June 2002.

[250] Tomas Sander and Christian F. Tschudin. Towards mobile cryptography. In Proceedings of the 19th IEEE Symposium on Security and Privacy, pages 215–224. IEEE, May 1998.

[251] Tomas Sander and Christian F. Tschudin. Towards mobile cryptography. Technical Report TR-97-049, ICSI Technical Report, November 22, 19997.

[252] Tomas Sander, Adam L. Young, and Moti M. Yung. Non-interactive cryptocomputing for NC¹. In Proceedings of the 40th IEEE Symposium on Foundations of Computer Science, pages 554–567. IEEE, October 17–19, 1999.

[253] M. Santha and U. V. Vazirani. Generating quasi-random sequences from slightly-random sources. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, pages 434–440. IEEE, 1984.

[254] Joseph Sargent. Colossus: The Forbin Project, 1969. Screenplay: James Bridges.

[255] Stuart Schechter and Michael Smith. How much security is enough to stop a thief? In Proceedings of the Seventh International Financial Cryptography Conference. Springer-Verlag, January 27–30, 2003.

[256] W. L. Schiller. Design of a security kernel for the PDP-11/45. Technical Report ESD-TR-73-294, The MITRE Corporation, December 1973.

[257] Bruce Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, New York, 1993.

[258] Bruce Schneier. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Ross Anderson, editor, Proceedings of the Fast Software Encryption Workshop, pages 191–204. Springer-Verlag, December 1993. Lecture Notes in Computer Science No. 809.

[259] Bruce Schneier. The Blowfish encryption algorithm. Dr. Dobb's Journal, pages 38–40, April 1994.

[260] Bruce Schneier and Niels Ferguson. Practical Cryptography. Wiley, 2003.

[261] Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. The Twofish encryption algorithm, a 128-bit block cipher. Wiley, 1999.

[262] C. P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Advances in Cryptology—Crypto '89, pages 239–252. Springer, 1990. Lecture Notes in Computer Science No. 435.

[263] C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4:161–174, 1991.

[264] Berry Schoenmakers. A simple publicly verifiable secret sharing scheme and its application to electronic voting. In M. Wiener, editor, Advances in Cryptology—Crypto '99, pages 148–164. Springer, 1999. Lecture Notes in Computer Science No. 1666.

[265] Ridley Scott. Alien, May 25, 1979. Screenplay: Dan O'Bannon and Ronald Shusett, Creature Design: H. R. Giger.

[266] Ronen Shaltiel. Recent developments in explicit constructions of extractors. Bulletin of the European Association for Theoretical Computer Science (EATCS), 77:67–95, 2002.

[267] Ronen Shaltiel and Christopher Umans. Simple extractors for all min-entropies and a new pseudo-random generator. In Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, pages 648–657. IEEE, 2001.

[268] A. Shamir and N. van Someren. Playing hide and seek with stored keys. In Financial Cryptography, pages 118–124. Springer-Verlag, 1999. Lecture Notes in Computer Science No. 1648.

[269] Adi Shamir. Identity-based cryptosystems and signature schemes. In G. R. Blakley and D. C. Chaum, editors, Advances in Cryptology—Crypto '84, pages 47–53. Springer, 1985. Lecture Notes in Computer Science No. 196.

[270] C. E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28:657–715, 1949.

[271] John F. Shoch and Jon A. Hupp. The worm programs: Early experience with a distributed computation. Communications of the ACM, 25(3):172–180, 1982.

[272] V. Shoup. OAEP reconsidered. In J. Kilian, editor, Advances in Cryptology—Crypto '01, pages 239–259. Springer-Verlag, 2001.

[273] V. Shoup and J. Camenisch. Practical verifiable encryption and decryption of discrete logarithms. In Advances in Cryptology—Crypto '03. Springer–Verlag, 2003.

[274] Gustavus J. Simmons. The prisoners' problem and the subliminal channel. In D. Chaum, editor, Advances in Cryptology—Crypto '83, pages 51–67. Plenum Press, 1984.

[275] Gustavus J. Simmons. The subliminal channel and digital signatures. In T. Beth, N. Cot, and I. Ingemarsson, editors, Advances in Cryptology—Eurocrypt '84, pages 364–378. Springer-Verlag, 1985. Lecture Notes in Computer Science No. 209.

[276] Gustavus J. Simmons. An introduction to the mathematics of trust in security protocols. In Proceedings of the Computer Security Foundations Workshop, pages 121–127. IEEE Computer Society Press, 1993.

[277] Gustavus J. Simmons. The subliminal channels of the U.S. Digital Signature Algorithm (DSA). In Proceedings of the Third Symposium on State and Progress of Research in Cryptography, pages 35–54, 1993.

[278] Gustavus J. Simmons. Subliminal communication is easy using the dsa. In T. Helleseth, editor, Advances in Cryptology—Eurocrypt '93, pages 218–232. Springer-Verlag, 1993. Lecture Notes in Computer Science No. 0765.

[279] Gustavus J. Simmons. Cryptanalysis and protocol failures. Communications of the ACM, 37(11):56–65, November 1994.

[280] Gustavus J. Simmons. Subliminal channels: Past and Present. IEEE European Transactions on Telecommunication, 5(4):459–473, 1994.

[281] Gustavus J. Simmons. The history of subliminal channels. IEEE Journal on Selected Areas in Communication, 16(4):452–462, May 1998.

[282] Rune Skardhamar. Virus Detection and Elimination. Academic Press, 1996.

[283] Robert Slade. Robert Slade's Guide to Computer Viruses, pages 45, 60, 89, 102, 106–110, 454, Springer-Verlag, 1994.

[284] Miles E. Smid and Dennis K. Branstad. Response to comments of the NIST proposed digital signature standard. In Ernest F. Brickell, editor, Advances in Cryptology—Crypto '92, pages 76–88. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.

[285] IEEE Computer Society. CIPHER. Newsletter of the IEEE Computer Society's TC on Security and Privacy, Ed. Carl Landwehr, Assoc. Ed. Hilarie Orman, Issue 10, November 1, 1995.

[286] R. Solovay and V. Strassen. A fast Monte-Carlo test for primality. SIAM Journal on Computing, 6:84–85, 1977.

[287] Eugene H. Spafford. The internet worm program: An analysis. Technical Report CSD–TR–823, Purdue University Department of Computer Science, 1988.

[288] Eugene H. Spafford. The internet worm: Crisis and aftermath. Communications of the ACM, 32(6):678–687, 1989.

[289] Eugene H. Spafford, Kathleen A. Heaphy, and David J. Ferbrache. A computer virus primer. In Peter J. Denning, editor, Computers Under Attack: Intruders, Worms, and Viruses. Addison–Wesley, 1990.

[290] Michale J. Spier, Thomas N. Hastings, and David N. Cutler. An experimental implementation of the kernel/domain architecture. In Proceedings of the Fourth ACM Symposium on Operating System Principles, pages 8–21. ACM, January 1973.

[291] Markus Stadler. Publicly verifiable secret sharing. In Ueli M. Maurer, editor, Advances in Cryptology—Eurocrypt '96, pages 190–199. Springer, 1996. Lecture Notes in Computer Science No. 1070.

[292] Bruce Sterling. Islands in the Net. Ace Books, March 1989.

[293] Douglas R. Stinson. Cryptography: Theory and Practice, First Edition. CRC Press, 1995.

[294] Cliff Stoll. The Cuckoo's Egg: Tracing a Spy Through the Maze of Computer Espionage. Doubleday, 1989.

[295] P. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous connections and onion routing. In Proceedings of the 18th IEEE Symposium on Security and Privacy, pages 44–54. IEEE, May 1997.

[296] Amnon Ta-Shma. On extracting randomness from weak random sources (extended abstract). In Proceedings of the 28th ACM Symposium on Theory of Computing, pages 276–285. ACM, 1996.

[297] Amnon Ta-Shma, Christopher Umans, and David Zuckerman. Lossless condensers, unbalanced expanders, and extractors. In Proceedings of the 33rd ACM Symposium on Theory of Computing, pages 143–152. ACM, 2001.

[298] Amnon Ta-Shma, David Zuckerman, and Shmuel Safra. Extractors from reed–muller codes. In Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, pages 638–647. IEEE, 2001.

[299] Amnon Ta-Shma, David Zuckerman, and Shmuel Safra. Extractors from reed-muller codes. Electronic Colloquium on Computational Complexity (ECCC), 8(36), 2001.

[300] Ken Thompson. Reflections on Trusting Trust. Communications of the ACM, 27(8), 1984.

[301] H. F. Trotter. ACM Algorithm 115: Perm. Communications of the ACM, 5(8):434–435, August 1962.

[302] Yiannis Tsiounis. Personal Communication, February 2003.

[303] Yiannis Tsiounis. Efficient Electronic Cash: New Notions and Techniques. PhD thesis, Northeastern University, 1997.

[304] Yiannis Tsiounis and Moti M. Yung. On the security of ElGamal-based encryption. In Hideki Imai and Yuliang Zheng, editors, Proceedings of the 1st Workshop on Practice and Theory in Public Key Cryptography (PKC), pages 117–134. Springer, February 1998. Lecture Notes in Computer Science No. 1431.

[305] Albert W. Tucker. On Jargon: The Prisoner's Dilemma, UMAP Journal 1, 101, 1980.

[306] Alan Turing. On computable numbers, with an application to the entscheidungsproblem. Proceedings of the London Mathematical Society, pages 230–265, 1936.

[307] U. V. Vazirani and V. V. Vazirani. Efficient and secure pseudorandom number generation. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, pages 458–463. IEEE, 1984.

[308] G. S. Vernam. Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute for Electrical Engineers, 45:109–115, 1926.

[309] John von Neumann. Various techniques for use in connection with random digits. In von Neumann's Collected Works, volume 5, pages 768–770. Pergamon, 1963.

[310] John von Neumann. (Part One) Transcripts of lectures given at the University of Illinois, Dec. 1949. In A. W. Burks, editor, Theory and Organization of Complicated Automata, pages 29–87. University of Illinois Press, 1966.

[311] Sebastiaan von Solms and David Naccache. On blind signatures and perfect crimes. Computers and Security, 11(6):581–583, October 1992.

[312] B. J. Walker, R. A. Kemmerer, and G. J. Popek. Specification and verification of the UCLA UNIX security kernel. Communications of the ACM, 23(2):118–131, 1980.

[313] Peter Wayner. Digital Cash: Commerce on the Net. Academic Press, 1996.

[314] Michael Weber, Matthew Schmid, David Geyer, and Michael Shatz. A toolkit for detecting and analyzing malicious software. In 18th Annual Computer Security Applications Conference, pages 423–431, December 9–13, 2002.

[315] Ingo Wegener. The Complexity of Boolean Functions. John Wiley and Sons Ltd., 1987.

[316] Rüdiger Weis and Stefan Lucks. All your key bit are belong to us—the true story of black box cryptography. In Proceedings of the 3rd International system administration and networking Conference (SANE), May 27–31, 2002.

[317] David J. Wheeler and Roger M. Needham. TEA, a Tiny Encryption Algorithm. Proceedings of the Fast Software Encryption Workshop, pages 363–366, 1994. Lecture Notes in Computer Science No. 1008.

[318] David J. Wheeler and Roger M. Needham. TEA extensions. Draft technical report, University of Cambridge, downloaded from http://www.cl.cam.ac.uk/ftp/users/djw3/xtea.ps, 1997.

[319] David J. Wheeler and Roger M. Needham. Correction to XTEA. Draft technical report, University of Cambridge, downloaded from http://www.cl.cam.ac.uk/ftp/users/djw3/xxtea.ps, October 1998.

[320] Steve R. White. Covert distributed processing with computer viruses. In G. Brassard, editor, Advances in Cryptology—Crypto '89, pages 616–619. Springer–Verlag, 1990. Lecture Notes in Computer Science No. 435.

[321] Security Controls for Computer Systems. Technical Report R–609, Willis H. Ware, editor, Rand Corp., February 1970. Declassified Oct. 10, 1975 by DARPA.

[322] Sydney Fowler Wright. Automata. DNA Publications (currently), September 1929.

[323] H. Wu, F. Bao, R. Deng, and Q. Ye. Cryptanalysis of Rijmen–Preneel trapdoor ciphers. In Advances in Cryptology—Asiacrypt '98, pages 126–132. Springer, 1998.

[324] Shouhuai Xu and Moti Yung. The dark side of threshold cryptography. In Matt Blaze, editor, Proceedings of the Sixth International Financial Cryptography Conference. Springer, 2002.

[325] A. C. Yao. Protocols for secure computations. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, pages 160–164. IEEE, 1982.

[326] A. C. Yao. How to generate and exchange secrets. In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 162–167. IEEE, 1986.

[327] S. Yau and R. Cheung. Design of self checking software. In IEEE Conference on Reliable Software, pages 450–457, 1975.

[328] Adam Young and Moti Yung. Auto-escrowable and auto-recoverable cryptosystems, 1997. U.S. Patent 6,202,150, issued March 13, 2001, filed May 28, 1997.

[329] Adam L. Young. Found bug in Rabin-Miller probabilistic primality test in OpenSSL. It was fixed in distributions 0.9.6a and later. OpenSSL is available at http://www.openssl.org, 2002.

[330] Adam L. Young. cryptoviruses. Message posted to the sci.crypt newsgroup, [email protected], 1996/05/21.

[331] Adam L. Young. Non-zero sum games and survivable malware. In Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 18–20, 2003. United States Military Academy, West Point, New York.

[332] Adam L. Young and Moti M. Yung. Cryptovirology: Extorsion-based security threats and countermeasures. In Proceedings of the 17th IEEE Symposium on Security and Privacy, pages 129–141. IEEE, May 1996.

[333] Adam L. Young and Moti M. Yung. The dark side of black-box cryptography, or: Should we trust capstone? In Neal Koblitz, editor, Advances in Cryptology—Crypto '96, pages 89–103. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1109.

[334] Adam L. Young and Moti M. Yung. Deniable password snatching: On the possibility of evasive electronic espionage. In Proceedings of the 18th IEEE Symposium on Security and Privacy, pages 224–235. IEEE, May 1997.

[335] Adam L. Young and Moti M. Yung. Kleptography: Using cryptography against cryptography. In Walter Fumy, editor, Advances in Cryptology—Eurocrypt '97, pages 62–74. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1233.

[336] Adam L. Young and Moti M. Yung. The prevalence of kleptographic attacks on discrete-log based cryptosystems. In Burton S. Kaliski, editor, Advances in Cryptology—Crypto '97, pages 264–276. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1294.

[337] Adam L. Young and Moti M. Yung. Auto-recoverable autocertifiable cryptosystems. In Kaisa Nyberg, editor, Advances in Cryptology—Eurocrypt '98, pages 17–31. Springer-Verlag, 1998. Lecture Notes in Computer Science No. 1403.

[338] Adam L. Young and Moti M. Yung. Monkey: Black-box symmetric ciphers designed for monopolizing keys. In Proceedings of the Fast Software Encryption Workshop, pages 122–133. Springer, 1998.

[339] Adam L. Young and Moti M. Yung. Bandwidth-optimal kleptographic attacks. In Ç. K. Koç, D. Naccache, and C. Paar, editors, Proceedings of the 3rd Workshop on Cryptographic Hardware and Embedded Systems (CHES), pages 235–250. Springer, 2001. Lecture Notes in Computer Science No. 2162.

[340] Adam L. Young and Moti M. Yung. Backdoor attacks on black-box ciphers exploiting low-entropy plaintexts. In Eighth Australasian Conference on Information Security and Privacy (ACISP), pages 297–311. Springer-Verlag, 2003. Lecture Notes in Computer Science.

[341] Adam Lucas Young. Kleptography: Using Cryptography Against Cryptography. PhD thesis, Columbia University Graduate School of Arts & Sciences, 2002. Thesis Advisor: Zvi Galil (and Moti M. Yung).

[342] Yuliang Zheng and Jennifer Seberry. Practical approaches to attaining security against adaptively chosen ciphertext attacks. In Ernest F. Brickell, editor, Advances in Cryptology—Crypto '92, pages 292–304. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740.

[343] Philip R. Zimmermann. The Official PGP User's Guide. MIT Press, June 1995.