References

If you steal from one author, it’s plagiarism; if you steal from many, it’s research.

—Wilson Mizner

Literature is the question minus the answer.

—Roland Barthes

Everything that can be invented, has been invented.

—Charles H. Duell, 1899

[1] Adkins, W. A. and S. H. Weintraub (1992). Algebra: An Approach via Module Theory. Graduate Texts in Mathematics, 136. New York: Springer.

[2] Adleman, L. M., J. DeMarrais and M.-D. A. Huang (1994). “A Subexponential Algorithm for Discrete Logarithms over the Rational Subgroup of the Jacobians of Large Genus Hyperelliptic Curves over Finite Fields”, Algorithmic Number Theory—ANTS-I, Lecture Notes in Computer Science, 877. pp. 28–40. Berlin/Heidelberg: Springer.

[3] Adleman, L. M. and M.-D. A. Huang (1992). “Primality Testing and Two Dimensional Abelian Varieties over Finite Fields”, Lecture Notes in Mathematics, 1512. Berlin: Springer.

[4] Adleman, L. M., C. Pomerance and R. S. Rumely (1983). “On Distinguishing Prime Numbers from Composite Numbers”, Annals of Mathematics, 117: 173–206.

[5] Agarwal, M., N. Kayal and N. Saxena (2002), “Primes Is in P” [online document]. Available at http://www.cse.iitk.ac.in/users/manindra/algebra/primality_v6.pdf (October 2008).

[6] * Ahlfors, L. V. (1966). Complex Analysis. New York: McGraw-Hill.

[7] * Aho, A. V., J. E. Hopcroft and J. D. Ullman (1974). The Designs and Analysis of Algorithms. Reading, Massachusetts: Addison-Wesley.

[8] * Aho, A. V., J. E. Hopcroft and J. D. Ullman (1983). Data Structues and Algorithms. Reading, Massachusetts: Addison-Wesley.

[9] Aigner, M. and E. Oswald (2007), “Power Analysis Tutorial” [online document]. Available at http://www.iaik.tugraz.at/content/research/implementation_attacks/introduction_to_impa/dpa_tutorial.pdf (October 2008).

[10] Akkar, M.-L., R. Bevan, P. Dischamp and D. Moyart (2000). “Power Analysis, What Is Now Possible”, Advances in Cryptology—ASIACRYPT 2000, Lecture Notes in Computer Science, 1976. pp. 489–502. Berlin/Heidelberg: Springer.

[11] Anderson, R. and M. Kuhn (1997). “Low Cost Attacks on Tamper Resistant Devices”, Security Protocols—5th International Workshop, Lecture Notes in Computer Science, 1361. pp. 125–136. Berlin/Heidelberg: Springer.

[12] * Apostol, T. M. (1976). Introduction to Analytic Number Theory. Undergraduate Texts in Mathematics. New York: Springer.

[13] Arnold, V. I. (1999). “Polymathematics: Is Mathematics a Single Science or a Set of Arts?”, in V. Arnold, M. Atiyah, P. Lax and B. Mazur (eds.), Mathematics: Frontiers and Perspectives, pp. 403–416. Providence, Rhode Island: American Mathematical Society.

[14] Atiyah, M. F. and I. G. MacDonald (1969). Introduction to Commutative Algebra. Reading, Massachusetts: Addison-Wesley.

[15] Aumüller, C., P. Bier, W. Fischer, P. Hofreiter and J.-P. Seifert (2002), “Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures” [online document]. Available at http://eprint.iacr.org/2002/073 (October 2008).

[16] Balasubramanian, R. and N. Koblitz (1998). “The Improbability that an Elliptic Curve has Subexponential Discrete Log Problem under the Menezes-Okamoto Vanstone Algorithm”, Journal of Cryptology, 11: 141–145.

[17] Bao, F., R. H. Deng, Y. Han, A. B. Jeng, A. D. Narasimhalu, T.-H. Ngair (1997). “Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults”, Security Protocols—5th International Workshop, Lecture Notes in Computer Science, 1361. pp. 115–124. Berlin/Heidelberg: Springer.

[18] Bellare, M. and P. Rogaway (1995). “Optimal Asymmetric Encryption—How to Encrypt with RSA”, Advances in Cryptology—EUROCRYPT ’94, Lecture Notes in Computer Science, 950. pp. 92–111. Berlin/Heidelberg: Springer. A revised version is available at http://www-cse.ucsd.edu/users/mihir/papers/oaep.html (October 2008).

[19] Bellare, M. and P. Rogaway (1996). “The Exact Security of Digital Signatures: How to Sign with RSA and Rabin”, Advances in Cryptology—EUROCRYPT ’96, Lecture Notes in Computer Science, 1070. pp. 399–416. Berlin/Heidelberg: Springer. A revised version is available at http://www-cse.ucsd.edu/users/mihir/papers/exactsigs.html (October 2008).

[20] Bennett, C. H. and G. Brassard (1984). “Quantum Cryptography: Public Key Distribution and Coin Tossing”, pp. 175–179. Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, December.

[21] Berlekamp, E. R. (1968). Algebraic Coding Theory. New York: McGraw-Hill.

[22] Biham, E. and A. Shamir (1997). “Differential Fault Analysis of Secret Key Cryptosystems”, Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science, 1294. pp. 513–528. Berlin/Heidelberg: Springer.

[23] Blake, I. F., R. Fuji-Hara, R. C. Mullin and S. A. Vanstone (1984). “Computing Logarithms in Finite Fields of Characteristic Two”, SIAM Journal of Algebraic and Discrete Methods, 5: 276–285.

[24] Blake, I. F., G. Seroussi and N. P. Smart (1999). Elliptic Curves in Cryptography. Cambridge: Cambridge University Press.

[25] Blom, R. (1985). “An Optimal Class of Symmetric Key Generation Systems”, Advances in Cryptology—EUROCRYPT ’84, Lecture Notes in Computer Science, 209. pp. 335–338. Berlin/Heidelberg: Springer.

[26] Blum, L., M. Blum, and M. Shub (1986). “A Simple Unpredictable Pseudo-Random Number Generator”, SIAM Journal on Computing, 15: 364–383.

[27] Blum, M. and S. Goldwasser (1985). “An Efficient Probabilistic Public Key Encryption Scheme Which Hides All Partial Information”, Advances in Cryptology—CRYPTO ’84, Lecture Notes in Computer Science, 196. pp. 289–299. Berlin/Heidelberg: Springer.

[28] Blundo, C., A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M. Yung (1993). “Perfectly-Secure Key Distribution for Dynamic Conferences”, Advances in Cryptology—CRYPTO ’92, Lecture Notes in Computer Science, 740. pp. 471–486. Berlin/Heidelberg: Springer.

[29] Boneh, D. (1999). “Twenty Years of Attacks on the RSA Cryptosystem”, Notices of the American Mathematical Society, 46 (2): 203–213.

[30] Boneh, D., R. A. DeMillo and R. J. Lipton (1997). “On the Importance of Checking Cryptographic Protocols for Faults”, Advances in Cryptology—EUROCRYPT ’97, Lecture Notes in Computer Science, 1233. pp. 37–51. Berlin/Heidelberg: Springer.

[31] Boneh, D., R. A. DeMillo and R. J. Lipton (2001). “On the Importance of Eliminating Errors in Cryptographic Computations”, Journal of Cryptology, 14 (2): 101–119.

[32] Boneh, D. and G. Durfee (1999). “Cryptanalysis of RSA with Private Key d Less Than N^0.292”, Advances in Cryptology—EUROCRYPT ’99, Lecture Notes in Computer Science, 1592. pp. 1–11. Berlin/Heidelberg: Springer.

[33] Boneh, D., G. Durfee and Y. Frankel (1998). “Exposing an RSA Private Key Given a Small Fraction of Its Bits”, Advances in Cryptology—ASIACRYPT ’98, Lecture Notes in Computer Science, 1514. pp. 25–34. Berlin/Heidelberg: Springer.

[34] Boneh, D. and M. K. Franklin (2001). “Identity-based Encryption from the Weil Pairing”, Advances in Cryptology—CRYPTO 2001, Lecture Notes in Computer Science, 2139. pp. 213–229. Berlin/Heidelberg: Springer.

[35] Boneh, D. and M. K. Franklin (2003). “Identity-based Encryption from the Weil Pairing”, SIAM Journal of Computing, (32) 3: 586–615.

[36] Bressoud, D. M. (1989). Factorization and Primality Testing. Undergraduate Texts in Mathematics. New York: Springer.

[37] * Buchmann, J. A. (2004). Introduction to Cryptography. Undergraduate Texts in Mathematics. New York: Springer.

[38] Buchmann, J. A. et al. (2004), “The Number Field Cryptography Project” [online document]. Available at http://www.informatik.tu-darmstadt.de/TI/Forschung/nfc.html (October 2008).

[39] Buchmann, J. A. and S. Hamdy (2001). “A Survey on IQ Cryptography”. Technical report TI-4/01, TU Darmstadt, Fachbereich Informatik.

[40] Buchmann, J. A. and D. Weber (2000). “Discrete Logarithms: Recent Progress”, in J. Buchmann, T. Hoeholdt, H. Stichtenoth and H. Tapia-Recillas (eds.), Coding Theory, Cryptography and Related Areas, pp. 42–56. Proceedings of an International Conference on Coding Theory, Cryptography and Related Areas, Guanajuato, Mexico, April 1998.

[41] Buhler, J., H. W. Lenstra and C. Pomerance (1993). “Factoring Integers with the Number Field Sieve”, in A. K. Lenstra and H. W. Lenstra (eds.), The Development of the Number Field Sieve, Lecture Notes in Mathematics, 1554. pp. 50–94. Berlin: Springer.

[42] * Burton, D. M. (1998). Elementary Number Theory, 4th ed. New York: McGraw-Hill.

[43] Cantor, D. G. (1994). “On the Analogue of Division Polynomials for Hyperelliptic Curves”, Journal für die reine und angewandte Mathematik, 447: 91–145.

[44] Chan, H., A. Perrig and D. Song (2003). “Random Key Predistribution Schemes for Sensor Networks”, pp. 197–213. Proeedings of the 24th IEEE Symposium on Research in Security and Privacy, Berkeley, California, 11–14 May.

[45] Chari, S., C. S. Jutla, J. R. Rao, and P. Rohatgi (1999). “Towards Sound Approaches to Counteract Power-Analysis Attacks”, Advances in Cryptology—CRYPTO ’99, Lecture Notes in Computer Science, 1666. pp. 398–412. Berlin/Heidelberg: Springer.

[46] Charlap, L. S. and R. Coley (1990). “An Elementary Introduction to Elliptic Curves II”, CCR Expository Report 34.

[47] Charlap, L. S. and D. P. Robbins (1988). “An Elementary Introduction to Elliptic Curves”, CRD Expository Report 31.

[48] Chaum, D. (1983). “Blind Signatures for Untraceable Payments”, Advances in Cryptology—CRYPTO ’82. pp. 199–203. New York: Plenum Press.

[49] Chaum, D. (1985). “Security Without Identification: Transaction System to Make Big Brother Obsolete”, Communications of the ACM, 28 (10): 1030–1044.

[50] Chaum, D. (1989). “Privacy Protected Payments: Unconditional Payer and/or Payee Untraceability”, Smart Card 2000: The Future of IC Cards, pp. 69–93. Amsterdam: North-Holland.

[51] Chaum, D. (1990). “Zero-Knowledge Undeniable Signatures”, Advances in Cryptology—CRYPTO ’90, Lecture Notes in Computer Science, 473. pp. 458–464. Berlin/Heidelberg: Springer.

[52] Chaum, D. and H. van Antwerpen (1989). “Undeniable Signatures”, Advances in Cryptology—CRYPTO ’89, Lecture Notes in Computer Science, 435. pp. 212–217. Berlin/Heidelberg: Springer.

[53] Chaum, D., E. van Heijst and B. Pfitzmann (1991). “Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer”, Advances in Cryptology—CRYPTO ’91, Lecture Notes in Computer Science, 576. pp. 470–484. Berlin/Heidelberg: Springer.

[54] Chor, B. and R. L. Rivest (1988). “A Knapsack Type Cryptosystem Based on Arithmetic in Finite Fields”, IEEE Transactions on Information Theory, 34: 901–909.

[55] Clavier, C., J.-S. Coron and N. Dabbous (2000). “Differential Power Analysis in the Presence of Hardware Countermeasures”, Cryptographic Hardware and Embedded Systems—CHES 2000, Lecture Notes in Computer Science, 1965. pp. 252–263. Berlin/Heidelberg: Springer.

[56] Cohen, H. (1993). A Course in Computational Algebraic Number Theory. Graduate Texts in Mathematics, 138. New York: Springer.

[57] Coppersmith, D. (1984). “Fast Evaluation of Logarithms in Fields of Characteristic Two”, IEEE Transactions on Information Theory, 30: 587–594.

[58] Coppersmith, D. (1994). “Solving Homogeneous Equations over GF[2] via Block Wiedemann Algorithm”, Mathematics of Computation, 62: 333–350.

[59] Coppersmith, D., A. M. Odlyzko and R. Schroeppel (1986). “Discrete Logarithms in GF (p)”, Algorithmica, 1: 1–15.

[60] Coppersmith, D. and S. Winograd (1982). “On the Asymptotic Complexity of Matrix Multiplication”, SIAM Journal of Computing, 11 (3): 472–492.

[61] * Cormen, T. H., C. E. Lieserson, R. L. Rivest and C. Stein (2001). Introduction to Algorithms, 2nd ed. Cambridge, Massachusetts: MIT Press.

[62] Coron, J.-S. (1999). “Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems”, Cryptographic Hardware and Embedded Systems—CHES 1999, Lecture Notes in Computer Science, 1965. pp. 292–302. Berlin/Heidelberg: Springer.

[63] Coron, J.-S., L. Goubin (2000). “On Boolean and Arithmetic Masking Against Differential Power Analysis”, Cryptographic Hardware and Embedded Systems—CHES 2000, Lecture Notes in Computer Science, 1965. pp. 231–237. Berlin/Heidelberg: Springer.

[64] Coster, M. J., A. Joux, B. A. LaMacchia, A. M. Odlyzko, C. P. Schnorr and J. Stern (1992). “Improved Low-Density Subset Sum Algorithms”, Computational Complexity, 2: 111–128.

[65] Coster, M. J., B. A. LaMacchia, A. M. Odlyzko and C. P. Schnorr (1991). “An Improved Low-Density Subset Sum Algorithm”, Advances in Cryptology—EUROCRYPT ’91, Lecture Notes in Computer Science, 547. pp. 54–67. Berlin/Heidelberg: Springer.

[66] Courtois, N. (2003). “Fast Algebraic Attacks on Stream Ciphers with Linear Feedback”, Advances in Cryptology—CRYPTO 2003, Lecture Notes in Computer Science, 2729. pp. 177–194. Berlin/Heidelberg: Springer.

[67] Courtois, N. and W. Meier (2003). “Algebraic Attacks on Stream Ciphers with Linear Feedback”, Advances in Cryptology—EUROCRYPT 2003, Lecture Notes in Computer Science, 2656. pp. 345–359. Berlin/Heidelberg: Springer.

[68] Courtois, N. and J. Pieprzyk (2003). “Cryptanalysis of Block Ciphers with Overdefined Systems of Equations”, Advances in Cryptology—ASIACRYPT 2002, Lecture Notes in Computer Science, 2501. pp. 267–287. Berlin/Heidelberg: Springer.

[69] Crandall, R. and C. Pomerance (2001). Prime Numbers: A Computational Perspective. New York: Springer.

[70] Crépeau, C. and A. Slakmon (2003). “Simple Backdoors for RSA Key Generation”, Topics in Cryptology—CT-RSA 2003, Lecture Notes in Computer Science, 2612. pp. 403–416. Berlin/Heidelberg: Springer.

[71] Daemen, J. and V. Rijmen (2002). The Design of Rijndael: AES—The Advanced Encryption Standard. New York: Springer.

[72] Das, A. (1999). Galois Field Computations: Implementation of a Library and a Study of the Discrete Logarithm Problem [dissertation]. Bangalore, India: Indian Institute of Science.

[73] Das, A. and C. E. Veni Madhavan (1999). “Performance Comparison of Linear Sieve and Cubic Sieve Algorithms for Discrete Logarithms over Prime Fields”, Algorithms and Computation, ISAAC ’99, Lecture Notes in Computer Science, 1741. pp. 295–306. Berlin/Heidelberg: Springer.

[74] * Delfs, H. and H. Knebl (2007). Introduction to Cryptography: Principles and Applications, 2nd ed. Berlin and New York: Springer.

[75] Deutsch, D. (1985). “Quantum Theory, the Church-Turing Principle and the Universal Quantum Computer”. Proceedings of the Royal Society of London, Series A, 400. pp. 97–117.

[76] Deutsch, D. (1998). The Fabric of Reality: The Science of Parallel Universes—and Its Implications. London: Penguin.

[77] Dhem, J.-F., F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater and J.-L. Willems (2000). “A Practical Implementation of the Timing Attack”, in J.-J. Quisquater and B. Schneier (eds.), Smart Card: Research and Applications, Lecture Notes in Computer Science, 1820. Proceedings of the Third Working Conference on Smart Card Research and Advanced Applications—CARDIS ’98, Louvain-la-Neuve, Belgium, 14–16 September 1998. Springer.

[78] Diffie, W. and M. Hellman (1976). “New Directions in Cryptography”, IEEE Transactions on Information Theory, 22: 644–654.

[79] Du, W., J. Deng, Y. S. Han and P. K. Varshney (2003). “Establishing Pairwise Keys in Distributed Sensor Networks”, pp. 42–51. Proceedings of the 10th ACM Conference on Computer and Communication Security, Washington D.C., USA, 27–30 October.

[80] Du, W., J. Deng, Y. S. Han, S. Chen and P. K. Varshney (2004). “A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge”. Proceedings of IEEE INFOCOM 2004, Hong Kong, 7–11 March.

[81] * Dummit, D. and R. Foote (2004). Abstract Algebra, 3rd ed. Somerset, New Jersey: John Wiley & Sons.

[82] Durfee, G. and P. Q. Nguyen (2000). “Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt ’99”, Advances in Cryptology—ASIACRYPT 2000, Lecture Notes in Computer Science, 1976. pp. 30–44. Berlin/Heidelberg: Springer.

[83] Dusart, P. (1999). “The kth Prime Is Greater than k(ln k+ln ln k–1) for k > 2”, Mathematics of Computation, 68: 411–415.

[84] ElGamal, T. (1985). “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”, IEEE Transactions on Information Theory, 31: 469–472.

[85] Elkies, N. D. (1998). “Elliptic and Modular Curves over Finite Fields and Related Computational Issues”, AMS/IP Studies in Advanced Mathematics, 7: 21–76.

[86] Enge, A. (1999). “Computing Discrete Logarithms in High-Genus Hyperelliptic Jacobians in Provably Subexponential Time”. Technical report CORR 99-04, University of Waterloo, Canada.

[87] Enge, A. and P. Gaudry (2002). “A General Framework for Subexponential Discrete Logarithm Algorithms”, Acta Arithmetica, 102 (1): 83–103.

[88] Eschenauer, L. and V. D. Gligor (2002). “A Key-Management Scheme for Distributed Sensor Networks”. Proceedings of the 9th ACM Conference on Computer and Communication Security, pp. 41–47. Washington D.C., USA, 18–22 November.

[89] * Esmonde, J. and M. Ram Murty (1999). Problems in Algebraic Number Theory. Graduate Texts in Mathematics, 190. New York: Springer.

[90] Fiat, A. and A. Shamir (1987). “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”, Advances in Cryptology—CRYPTO ’86, Lecture Notes in Computer Science, 263. pp. 186–194. Berlin/Heidelberg: Springer.

[91] Feige, U., A. Fiat, and A. Shamir (1988). “Zero-Knowledge Proofs of Identity”, Journal of Cryptology, 1: 77–94.

[92] * Feller, W. (1966). Introduction to Probability Theory and Its Applications, 3rd ed. New York: John Wiley & Sons.

[93] Ferguson, N., J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner and D. Whiting (2000). “Improved Cryptanalysis of Rijndael”, Fast Software Encryption—FSE 2000, Lecture Notes in Computer Science, 1978. pp. 213–230. Berlin/Heidelberg: Springer.

[94] Fouquet, M., P. Gaudry and R. Harley (2000). “An Extension of Satoh’s Algorithm and Its Implementation”, Journal of Ramanujan Mathematical Society, 15: 281–318.

[95] Fouquet, M., P. Gaudry and R. Harley (2001). “Finding Secure Curves with the Satoh-FGH Algorithm and an Early-Abort Strategy”, Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science, 2045. Berlin/Heidelberg: Springer.

[96] * Fraleigh, J. B. (1998). A First Course in Abstract Algebra, 6th ed. Reading, Massachusetts: Addison-Wesley.

[97] Fujisaki, E., T. Kobayashi, H. Morita, H. Oguro, T. Okamoto, S. Okazaki, D. Pointcheval and S. Uchiyama (1999). “EPOC: Efficient Probabilistic Public-Key Encryption”, contribution to IEEE P1363a.

[98] Fujisaki, E., T. Okamoto, D. Pointcheval, J. Stern (2001). “RSA-OAEP is Secure under the RSA Assumption”, Advances in Cryptology—CRYPTO 2001, Lecture Notes in Computer Science, 2139. pp. 260–274. Berlin/Heidelberg: Springer.

[99] Fulton, W. (1969). Algebraic Curves. Mathematics Lecture Notes Series. New York: W. A. Benjamin.

[100] Galbraith, S. D. (2003). “Weil Descent of Jacobians”, Discrete Applied Mathematics, 128 (1): 165–180.

[101] Galbraith, S. D., F. Hess and N. P. Smart (2002). “Extending the GHS Weil Descent Attack”, Advances in Cryptology—EUROCRYPT 2002, Lecture Notes in Computer Science, 2332. pp. 29–44. Berlin/Heidelberg: Springer.

[102] Galbraith, S. D., W. Mao, and K. G. Paterson (2002). “RSA-based Undeniable Signatures for General Moduli”, Topics in Cryptology—CT-RSA 2002, Lecture Notes in Computer Science, 2271. pp. 200–217. Berlin/Heidelberg: Springer.

[103] Gathen, J. von zur and J. Gerhard (1999). Modern Computer Algebra. Cambridge: Cambridge University Press.

[104] Gathen, J. von zur and V. Shoup (1992). “Computing Frobenius Maps and Factoring Polynomials”, pp. 97–105. Proceedings of the 24th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada.

[105] Gaudry, P. (2000). “An Algorithm for Solving the Discrete Log Problem on Hyperelliptic Curves”, Advances in Cryptology—EUROCRYPT 2000, Lecture Notes in Computer Science, 1807. pp. 19–34. Berlin/Heidelberg: Springer.

[106] Gaudry, P. and R. Harley (2000). “Counting Points on Hyperelliptic Curves over Finite Fields”, Algorithmic Number Theory—ANTS-IV, Lecture Notes in Computer Science, 1838. pp. 313–332. Berlin/Heidelberg: Springer.

[107] Gaudry, P., F. Hess and N. P. Smart (2002). “Constructive and Destructive Facets of Weil Descent on Elliptic Curves”, Journal of Cryptology, 15 (1): 19–46.

[108] Geddes, K. O., S. R. Czapor and G. Labahn (1992). Algorithms for Computer Algebra. Boston: Kluwer Academic Publishers.

[109] Gennaro, R., H. Krawczyk and T. Rabin (2000). “RSA-based Undeniable Signatures”, Journal of Cryptology, 13 (4): 397–416.

[110] Gentry, C., J. Jonsson, M. Szydlo and J. Stern (2001). “Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001”, Advances in Cryptology—ASIACRYPT 2001, Lecture Notes in Computer Science, 2248. pp. 1–20. Berlin/Heidelberg: Springer.

[111] Gentry, C. and M. Szydlo (2002). “Cryptanalysis of the NTRU Signature Scheme”, Advances in Cryptology—EUROCRYPT ’02, Lecture Notes in Computer Science, 2332. pp. 299–320. Berlin/Heidelberg: Springer.

[112] Gilbert, H. and M. Minier (2000). “A Collision Attack on Seven Rounds of Rijndael”, pp. 230–241. Proceedings of the 3rd AES Conference, NIST, New York, April 2000.

[113] * Goldreich, O. (2001). Foundations of Cryptography, Volume 1: Basic Tools. Cambridge: Cambridge University Press.

[114] * Goldreich, O. (2004). Foundations of Cryptography, Volume 2: Basic Applications. Cambridge: Cambridge University Press.

[115] Goldreich, O., S. Goldwasser and S. Halevi (1997). “Public-key Cryptosystems from Lattice Reduction Problems”, Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science, 1294. pp. 112–131. Berlin/Heidelberg: Springer.

[116] Goldwasser, S. and J. Kilian (1986). “Almost All Primes Can Be Quickly Certified”, pp. 316–329. Prodeedings of the 18th Annual ACM Symposium on Theory of Computing, Berkeley, California.

[117] Goldwasser, S. and S. Micali (1984). “Probabilistic Encryption”, Journal of Computer and Systems Sciences, 28: 270–299.

[118] Gordon, D. M. (1985). “Strong Primes are Easy to Find”, Advances in Cryptology—EUROCRYPT ’84, Lecture Notes in Computer Science, 209. pp. 216–223. Berlin/Heidelberg: Springer.

[119] Gordon, D. M. (1993). “Discrete Logarithms in GF (p) Using the Number Field Sieve”, SIAM Journal of Discrete Mathematics, 6: 124–138.

[120] Gordon, D. M. and K. S. McCurley (1992). “Massively Parallel Computation of Discrete Logarithms”, Advances in Cryptology—CRYPTO ’92, Lecture Notes in Computer Science, 740. pp. 312–323. Berlin/Heidelberg: Springer.

[121] Grinstead, C. M. and J. L. Snell (1997). Introduction to Probability, 2nd revised ed. Providence, Rhode Island: American Mathematical Society. The book is also available at http://www.dartmouth.edu/~chance/book.html (October 2008).

[122] Guillou, L. C. and J.-J. Quisquater (1988). “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Trasmission and Memory”, Advances in Cryptology—EUROCRYPT ’88, Lecture Notes in Computer Science, 330. pp. 123–128. Berlin/Heidelberg: Springer.

[123] Hankerson, D., A. J. Menezes and S. Vanstone (2004). Guide to Elliptic Curve Cryptography. New York: Springer.

[124] Hartshorne, R. (1977). Algebraic Geometry. Graduate Texts in Mathematics, 52. New York, Heidelberg and Berlin: Springer.

[125] * Herstein, I. N. (1975). Topics in Algebra. New York: John Wiley & Sons.

[126] Hess, F., G. Seroussi and N. P. Smart (2000). “Two Topics in Hyperelliptic Cryptography”. HP Labs technical report HPL-2000-118.

[127] * Hoffman, K. and R. Kunze (1971). Linear Algebra. Englewood Cliffs, New Jersey: Prentice-Hall.

[128] Hoffstein, J., N. Howgrave-Graham, J. Pipher, J. H. Silverman and W. White (2003). “NTRUSign: Digital Signatures Using the NTRU Lattice”, Topics in Cryptology—CT-RSA 2003, Lecture Notes in Computer Science, 2612. pp. 122–140. Berlin/Heidelberg: Springer.

[129] Hoffstein, J., N. Howgrave-Graham, J. Pipher, J. H. Silverman and W. White (2005). “Performance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign”, Workshop on Mathematical Problems and Techniques in Cryptology, Barcelona, Spain, June 2005. Also available at http://www.ntru.com/cryptolab/articles.htm (October 2008).

[130] Hoffstein, J., J. Pipher and J. H. Silverman (1998). “NTRU: A Ring-Based Public Key Cryptosystem”, Algorithmic Number Theory—ANTS-III, Lecture Notes in Computer Science, 1423. pp. 267–288. Berlin/Heidelberg: Springer.

[131] Hoffstein, J., J. Pipher and J. H. Silverman (2001). “NSS: An NTRU Lattice-Based Signature Scheme”, Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science, 2045. pp. 211–228. Berlin/Heidelberg: Springer.

[132] Horster, P., M. Michels and H. Petersen (1994). “Meta-ElGamal Signature Schemes”. Technical report TR-94-5-F, Department of Computer Science, Teschnische Universität, Chemnitz-Zwickau.

[133] * Hungerford, T. W. (1974). Algebra, 5th ed. Graduate Texts in Mathematics, 73. Berlin: Springer.

[134] IEEE (2008), “Standard Specifications for Public-Key Cryptography” [online document]. Available at http://grouper.ieee.org/groups/1363/index.html (October 2008).

[135] IETF (2008), “The Internet Engineering Task Force” [online document]. Available at http://www.ietf.org/ (October 2008).

[136] * Ireland, K. and M. Rosen (1990). A Classical Introduction to Modern Number Theory. Graduate Texts in Mathematics, 84. New York: Springer.

[137] Izu, T., B. Möller and T. Takagi (2002). “Improved Elliptic Curve Multiplication Methods Resistant Against Side Channel Attacks”, Progress in Cryptology—INDOCRYPT 2002, Lecture Notes in Computer Science, 2551. pp. 296–313. Berlin/Heidelberg: Springer.

[138] Izu, T. and T. Takagi (2002). “A Fast Parallel Elliptic Curve Multiplication Resistant Against Side Channel Attacks”, Public Key Cryptography—PKC 2002, Lecture Notes in Computer Science, 2274. pp. 280–296. Berlin/Heidelberg: Springer. An improved version of this paper is published as the technical report CORR 2002-03 of the Centre for Applied Cryptographic Research, University of Waterloo, Canada, and is available at http://www.cacr.math.uwaterloo.ca/ (October 2008).

[139] Jacobson, M. J., N. Koblitz, J. H. Silverman, A. Stein and E. Teske (2000). “Analysis of the Xedni Calculus Attack”, Design, Codes and Cryptography, 20: 41–64.

[140] Janusz, G. J. (1995). Algebraic Number Fields. Providence, Rhode Island: American Mathematical Society.

[141] Johnson, D. and A. Menezes (1999). “The Elliptic Curve Digitial Signature Algorithm (ECDSA)”. Technical report CORR 99-34, Department of Combinatorics and Optimization, University of Waterloo, Canada. Also published in International Journal on Information Security (2001), 1: 36–63.

[142] Joye, M., A. K. Lenstra and J.-J. Quisquater (1999). “Chinese Remaindering Based Cryptosystems in the Presence of Faults”, Journal of Cryptology, 12 (4): 241–246.

[143] Kaltofen, E. and V. Shoup (1995). “Subquadratic-Time Factoring of Polynomials over Finite Fields”, pp. 398–406. Proceedings of the 27th Annual ACM Symposium on Theory of Computing, Las Vegas, Nevada.

[144] Kampkötter, W. (1991). Explizite Gleichungen für Jacobishe Varietäten hyperelliptischer Kurven [dissertation]. Essen: Gesamthochschule.

[145] Katz, J. and Y. Lindell (2007). Introduction to Modern Cryptography. Boca Raton, Florida; London and New York: CRC Press.

[146] Kaye, P. and C. Zalka (2004), “Optimized Quantum Implementation of Elliptic Curve Arithmetic over Binary Fields” [online document]. Available at http://arxiv.org/abs/quant-ph/0407095 (October 2008).

[147] * Knuth, D. E. (1997). The Art of Computer Programming, Volume 2: Seminumerical Algorithms. Reading, Massachusetts: Addison-Wesley.

[148] Ko, K. H., S. J. Lee, J. H. Cheon, J. W. Han, J. S. Kang and C. S. Park (2000). “New Public-Key Cryptosystem Using Braid Groups”, Advances in Cryptology—CRYPTO 2000, Lecture Notes in Computer Science, 1880. pp. 166–183. Berlin/Heidelberg: Springer.

[149] Koblitz, N. (1984). p-adic Numbers, p-adic Analysis, and Zeta-Functions, 2nd ed. Graduate Texts in Mathematics, 58. New York, Heidelberg and Berlin: Springer.

[150] Koblitz, N. (1987). “Elliptic Curve Cryptosystems”, Mathematics of Computation, 48: 203–209.

[151] Koblitz, N. (1989). “Hyperelliptic Cryptosystems”, Journal of Cryptology, 1: 139–150.

[152] Koblitz, N. (1993). Introduction to Elliptic Curves and Modular Forms, 2nd ed. Graduate Texts in Mathematics, 97. Berlin: Springer.

[153] * Koblitz, N. (1994). A Course in Number Theory and Cryptography, 2nd ed. New York:Springer.

[154] Koblitz, N. (1998). Algebraic Aspects of Cryptography. New York: Springer.

[155] Kocher, P. C. (1996). “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Advances in Cryptology—CRYPTO ’96, Lecture Notes in Computer Science, 1109. pp. 104–113. Berlin/Heidelberg: Springer.

[156] Kocher, P. C., J. Jaffe and B. Jun (1999). “Differential Power Analysis”, Advances in Cryptology—CRYPTO ’99, Lecture Notes in Computer Science, 1666. pp. 388–397. Berlin/Heidelberg: Springer.

[157] Lagarias, J. C. and A. M. Odlyzko (1985). “Solving Low-Density Subset Sum Problems”, Journal of ACM, 32: 229–246.

[158] LaMacchia, B. A. and A. M. Odlyzko (1991a). “Computation of Discrete Logarithms in Prime Fields”, Designs, Codes and Cryptography, 1: 46–62.

[159] LaMacchia, B. A. and A. M. Odlyzko (1991b). “Solving Large Sparse Linear Systems over Finite Fields”, Advances in Cryptology—CRYPTO ’90, Lecture Notes in Computer Science, 537. pp. 109–133. Berlin/Heidelberg: Springer.

[160] Lang, S. (1994). Algebraic Number Theory. Graduate Texts in Mathematics, 110. New York: Springer.

[161] Law, L., A. Menezes, A. Qu, J. Solinas and S. Vanstone (1998). “An Efficient Protocol for Authenticated Key Agreement”. Technical report CORR 98-05, Department of Combinatorics and Optimization, University of Waterloo, Canada.

[162] Lehmer, D. H. and R. E. Powers (1931). “On Factoring Large Numbers”, Bulletin of the AMS, 37: 770–776.

[163] Lenstra, A. K., E. Tromer, A. Shamir, W. Kortsmit, B. Dodson, J. Hughes and P. Leyland (2003). “Factoring Estimates for a 1024-Bit RSA Modulus”, Advances in Cryptology—ASIACRYPT 2003, Lecture Notes in Computer Science, 2894. pp. 55–74. Berlin/Heidelberg: Springer.

[164] Lenstra, A. K. and H. W. Lenstra (1990). “Algorithms in Number Theory”, in J. van Leeuwen (ed.), Handbook of Theoretical Computer Science, Volume A, pp. 675–715, Amsterdam: Elsevier.

[165] Lenstra, A. K. and H. W. Lenstra (ed.) (1993). The Development of the Number Field Sieve. Lecture Notes in Mathematics, 1554. Berlin: Springer.

[166] Lenstra, A. K., H. W. Lenstra and L. Lovasz (1982). “Factoring Polynomials with Rational Coefficients”, Mathematische Annalen, 261: 515–534.

[167] Lenstra, A. K., H. W. Lenstra, M. S. Manasse and J. M. Pollard (1990). “The Number Field Sieve”, pp. 564–572. Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, 13–17 May.

[168] Lenstra, A. K. and A. Shamir (2000). “Analysis and Optimization of the TWINKLE Factoring Device”, Advances in Cryptology—EUROCRYPT 2000, Lecture Notes in Computer Science, 1807. pp. 35–52. Berlin/Heidelberg: Springer.

[169] Lenstra, A. K., A. Shamir, J. Tomlinson and E. Tromer (2002). “Analysis of Bernstein’s Factorization Circuit”, Advances in Cryptology—ASIACRYPT 2002, Lecture Notes in Computer Science, 2501. pp. 1–26. Berlin/Heidelberg: Springer.

[170] Lenstra, A. K. and E. R. Verheul (2000a). “The XTR Public Key System”, Advances in Cryptology—CRYPTO 2000, Lecture Notes in Computer Science, 1880. pp. 1–20. Berlin/Heidelberg: Springer.

[171] Lenstra, A. K. and E. R. Verheul (2000b). “Key Improvements to XTR”, Advances in Cryptology—ASIACRYPT 2000, Lecture Notes in Computer Science, 1976. pp. 220–233. Berlin/Heidelberg: Springer.

[172] Lenstra, A. K. and E. R. Verheul (2001a). “An Overview of the XTR Public Key System”, pp. 151–180. Proceedings of the Public Key Cryptography and Computational Number Theory Conference, Warsaw, Poland, 2000. Berlin: Verlages Walter de Gruyter.

[173] Lenstra, A. K. and E. R. Verheul (2001b). “Fast Irreducibility and Subgroup Membership Testing in XTR”, Public Key Cryptography—PKC 2001, Lecture Notes in Computer Science, 1992. pp. 73–86. Berlin/Heidelberg: Springer.

[174] Lenstra, H. W. (1987). “Factoring Integers with Elliptic Curves”, Annals of Mathematics, 126: 649–673.

[175] Lenstra, H. W. and C. Pomerance (2005), “Primality Testing with Gaussian Periods” [online document]. Available at http://www.math.dartmouth.edu/~carlp/PDF/complexity12.pdf (October 2008).

[176] Lercier, R. (1997). “Finding Good Random Elliptic Curves for Cryptosystems Defined over “, Advances in Cryptology—EUROCRYPT ’97, Lecture Notes in Computer Science, 1233. pp. 379–392. Berlin/Heidelberg: Springer.

[177] Lercier, R. and D. Lubicz (2003). “Counting Points on Elliptic Curves over Finite Fields of Small Characteristic in Quasi Quadratic Time”, Advances in Cryptology—EUROCRYPT 2003, Lecture Notes in Computer Science, 2656. pp. 360–373. Berlin/Heidelberg: Springer.

[178] Libert, B. and J.-J. Quisquater (2003), “New Identity Based Signcryption Schemes from Pairings” [online document]. Available at http://eprint.iacr.org/2003/023/ (October 2008).

[179] Lidl, R. and H. Niederreiter (1984). Finite Fields, Encyclopedia of Mathematics and Its Applications, 20. Cambridge: Cambridge University Press.

[180] Lidl, R. and H. Niederreiter (1994). Introduction to Finite Fields and Their Applications. Cambridge: Cambridge University Press.

[181] Liu, D. and P. Ning (2003a). “Establishing Pairwise Keys in Distributed Sensor Networks”, pp. 52–61. Proceedings of the 10th ACM Conference on Computer and Communication Security, Washington D.C., USA, October 2003.

[182] Liu, D. and P. Ning (2003b). “Location-Based Pairwise Key Establishments for Static Sensor Networks”, pp. 72–82. Proceedings of the 1st ACM Workshop on Security in Ad Hoc and Sensor Networks, Fairfax, Virginia, 31 October 2003.

[183] Liu, D., P. Ning and R. Li (2005). “Establishing Pairwise Keys in Distributed Sensor Networks”, ACM Transactions on Information and System Security, (8) 1: 41–77.

[184] Lucks, S. (2000). “Attacking Seven Rounds of Rijndael Under 192-bit and 256-bit Keys”, pp. 215–229. Proceedings of the 3rd Advanced Encryption Standard Candidate conference, New York, April 2000.

[185] Malone-Lee, J. (2002), “Identity-Based Signcryption” [online document]. Available at http://eprint.iacr.org/2002/098/ (October 2008).

[186] Mao, W. (2001). “New Zero-Knowledge Undeniable Signatures—Forgery of Signature Equivalent to Factor-isation”. Hewlett-Packard technical report HPL-2201-36.

[187] Mao, W. and K. G. Paterson (2000). “Convertible Undeniable Standard RSA Signatures”. Hewlett-Packard technical report HPL-2000-148.

[188] Matsumoto, T. and H. Imai (1988). “Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption”, Advances in Cryptology—EUROCRYPT ’88, Lecture Notes in Computer Science, 330. pp. 419–453. Berlin/Heidelberg: Springer.

[189] McCurley, K. S. (1990). “The Discrete Logarithm Problem”, in C. Pomerance and S. Goldwasser (eds.), Cryptology and Computational Number Theory: American Mathematical Society Short Course, Boulder, Colorado, 6–7 August 1989. Proceedings of Symposia in Applied Mathematics, 42. pp. 49–74. Providence, Rhode Island: American Mathematical Society.

[190] McEliece, R. J. (1978). “A Public-Key Cryptosystem Based on Algebraic Coding Theory”. DSN progress report 42–44, Jet Propulsion Laboratory, California Institute of Technology, pp. 114–116.

[191] Menezes, A. J. (ed.) (1993). Applications of Finite Fields. Boston: Kluwer Academic Publishers.

[192] Menezes, A. J. (1993). Elliptic Curve Public Key Cryptosystems. The Springer International Series in Engineering and Computer Science, 234. Springer. Available at http://books.google.co.in/books?id=bIb54ShKS68C (October 2008).

[193] Menezes, A. J., T. Okamoto and S. Vanstone (1993). “Reducing Elliptic Curve Logarithms to a Finite Field”, IEEE Transactions on Information Theory, 39: 1639–1646.

[194] Menezes, A. J., P. van Oorschot and S. Vanstone (1997). Handbook of Applied Cryptography. Boca Raton, Florida: CRC Press.

[195] Menezes, A. J., Y. Wu and R. Zuccherato (1996). “An Elementary Introduction to Hyperelliptic Curves”. CACR technical report CORR 96-19, University of Waterloo, Canada.

[196] Merkle, R. C. amd M. E. Hellman (1978). “Hiding Information and Signatures in Trapdoor Knapsacks”, IEEE Transactions on Information Theory, 24 (5): 525–530.

[197] Mermin, N. D. (2003). “From Cbits to Qbits: Teaching Computer Scientists Quantum Mechanics”, American Journal of Physics, 71: 23–30.

[198] Mermin, N. D. (2006), “Phys481-681-CS483 Lecture Notes and Homework Assignments” [online document]. Available at http://people.ccmr.cornell.edu/~mermin/qcomp/CS483.html (October 2008).

[199] Messerges, T. S. (2000). “Securing the AES Finalists Against Power Analysis Attacks”, Fast Software Encryption—FSE 2000, Lecture Notes in Computer Science, 1978. pp. 150–164. Berlin/Heidelberg: Springer.

[200] Messerges, T. S., E. A. Dabbish and R. H. Sloan (1999). “Power Analysis Attacks of Modular Exponentiation in Smartcards”, Cryptographic Hardware and Embedded Systems—CHES 1999, Lecture Notes in Computer Science, 1717. pp. 144–157. Berlin/Heidelberg: Springer.

[201] Messerges, T. S., E. A. Dabbish and R. H. Sloan (2002). “Examining Smart-Card Security Under the Threat of Power Analysis Attacks”, IEEE Transactions on Computers, 51 (4): 541–552.

[202] Michels, M. and M. Stadler (1997). “Efficient Convertible Undeniable Signature Schemes”, pp. 231–244. Proceedings of the 4th International Workshop on Selected Areas in Cryptography, Ottawa, Canada.

[203] Mignotte, M. (1992). Mathematics for Computer Algebra. New York: Springer.

[204] Miller, G. L. (1976). “Riemann’s Hypothesis and Tests for Primality”, Journal of Computer and System Sciences, 13: 300–317.

[205] Miller, V. (1986). “Uses of Elliptic Curves in Cryptography”, Advances in Cryptology—CRYPTO ’85, Lecture Notes in Computer Science, 18. pp. 417–426. Berlin/Heidelberg: Springer.

[206] Möller, B. (2001). “Securing Elliptic Curve Point Multiplication Against Side-Channel Attacks”, Information Security Conference, Lecture Notes in Computer Science, 2200. pp. 324–334. Berlin/Heidelberg: Springer.

[207] Mollin, R. A. (1998). Fundamental Number Theory with Applications. Boca Raton, Florida: Chapman & Hall/CRC.

[208] Mollin, R. A. (1999). Algebraic Number Theory. Boca Raton, Florida: Chapman & Hall/CRC.

[209] Mollin, R. A. (2001). An Introduction to Cryptography. Boca Raton, Florida: Chapman & Hall/CRC.

[210] Montgomery, P. L. (1985). “Modular Multiplication Without Trial Division”, Mathematics of Computation, 44: 519–521.

[211] Montgomery, P. L. (1994). “A Survey of Modern Integer Factorization Algorithms”, CWI Quarterly, 7 (4): 337–366.

[212] Montgomery, P. L. (1995). “A Block Lanczos Algorithm for Finding Dependencies over GF(2)”, Advances in Cryptology—EUROCRYPT ’95, Lecture Notes in Computer Science, 921. pp. 106–120. Berlin/Heidelberg: Springer.

[213] Morrison, M. A. and J. Brillhart (1975). “A Method of Factoring and a Factorization of F₇”, Mathematics of Computation, 29: 183–205.

[214] * Motwani, R. and P. Raghavan (1995). Randomized Algorithms. Cambridge: Cambridge University Press.

[215] Muir, J. A. (2001). Techniques of Side Channel Cryptanalysis [dissertation]. Canada: University of Waterloo. Available at http://www.uwspace.uwaterloo.ca/bitstream/10012/1098/1/jamuir2001.pdf (October 2008).

[216] Neukirch, J. (1999). Algebraic Number Theory. Berlin and Heidelberg: Springer.

[217] Nguyen, P. Q. (2006), “A Note on the Security of NTRUSign” [online document]. Available at http://eprint.iacr.org/2006/387 (October 2008).

[218] * Nielsen, M. A. and I. L. Chuang (2000). Quantum Computation and Quantum Information. Cambridge: Cambridge University Press.

[219] NIST (2001), “Advanced Encryption Standard” [online document]. Available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (October 2008).

[220] NIST (2006), “Digital Signature Standard (DSS)” [online document]. Available at http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS-186-3%20_March2006.pdf (October 2008).

[221] NIST (2007a), “Federal Information Processing Standards” [online document]. Available at http://csrc.nist.gov/publications/PubsFIPS.html (October 2008).

[222] NIST (2007b), “Secure Hash Standard (SHS)” [online document]. Available at http://csrc.nist.gov/publications/drafts/fips_180-3/draft_fips-180-3_June-08-2007.pdf (October 2008).

[223] Nyberg, K. and R. A. Rueppel (1993). “A New Signature Scheme Based on the DSA Giving Message Recovery”, pp. 58–61. Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, 3–5 November.

[224] Nyberg, K. and R. A. Rueppel (1995). “Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem”, Advances in Cryptology—EUROCRYPT ’94, Lecture Notes in Computer Science, 950. pp. 182–193. Berlin/Heidelberg: Springer.

[225] Odlyzko, A. M. (1985). “Discrete Logarithms and Their Cryptographic Significance”, Advances in Cryptology—EUROCRYPT ’84, Lecture Notes in Computer Science, 209. pp. 224–314. Berlin/Heidelberg: Springer.

[226] Odlyzko, A. M. (2000). “Discrete Logarithms: The Past and the Future”, Designs, Codes and Cryptography, 19: 129–145.

[227] Okamoto, T. (1992). “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes”, Advances in Cryptology—CRYPTO ’92, Lecture Notes in Computer Science, 740. pp. 31–53. Berlin/Heidelberg: Springer.

[228] Okamoto, T., E. Fujisaki and H. Morita (1998). “TSH-ESIGN: Efficient Digital Signature Scheme Using Trisection Size Hash”, submission to IEEE P1363a.

[229] Papadimitriou, C. H. (1994). Computational Complexity. Reading, Massachusetts: Addison-Wesley.

[230] Park, S., T. Kim, Y. An and D. Won (1995). “A Provably Entrusted Undeniable Signature”, pp. 644–648. IEEE Singapore International Conference on Network/International Conference on Information Engineering (SICON/ICIE ’95).

[231] Patarin, J. (1995). “Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt’88”, Advances in Cryptology—CRYPTO ’95, Lecture Notes in Computer Science, 963. pp. 248–261. Berlin/Heidelberg: Springer.

[232] Patarin, J. (1996). “Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms”, Advances in Cryptology—EUROCRYPT ’96, Lecture Notes in Computer Science, 1070. pp. 33–48. Berlin/Heidelberg: Springer.

[233] Pirsig, R. M. (1974). Zen and the Art of Motorcycle Maintenance: An Inquiry into Values. London: Bodley Head.

[234] Pohlig, S. and M. Hellman (1978). “An Improved Algorithm for Computing Logarithms over GF (p) and its Cryptographic Significance”, IEEE Transactions on Information Theory, 24: 106–110.

[235] Pohst, M. and H. Zassenhaus (1989). Algorithmic Algebraic Number Theory, Encyclopaedia of Mathematics and Its Applications, 30. Cambridge: Cambridge University Press.

[236] Pointcheval, D. and J. Stern (1996). “Provably Secure Blind Signature Schemes”, Advances in Cryptology—ASIACRYPT ’96, Lecture Notes in Computer Science, 1163. pp. 252–265. Berlin/Heidelberg: Springer.

[237] Pointcheval, D. and J. Stern (2000). “Security Arguments for Digital Signatures and Blind Signatures”, Journal of Cryptology, 13 (3): 361–396.

[238] Pollard, J. M. (1974). “Theorems on Factorization and Primality Testing”, Proceedings of the Cambridge Philosophical Society, 76 (2): 521–528.

[239] Pollard, J. M. (1975). “A Monte Carlo Method for Factorization”, BIT, 15 (3): 331–334.

[240] Pollard, J. M. (1993). “Factoring with Cubic Integers”, in A. K. Lenstra and H. W. Lenstra (eds.), The Development of the Number Field Sieve, Lecture Notes in Mathematics, 1554. pp. 4–10. Berlin: Springer.

[241] Pomerance, C. (1985). “The Quadratic Sieve Factoring Algorithm”, Advances in Cryptology—EUROCRYPT ’84, Lecture Notes in Computer Science, 209. pp. 169–182. Berlin/Heidelberg: Springer.

[242] Pomerance, C. (2008). “Elementary Thoughts on Discrete Logarithms”, pp. 385–396. in J. P. Buhler and P. Stevenhagen (eds.), Surveys in Algorithmic Number Theory, Publications of the Research Institute for Mathematical Sciences, 44. New York: Cambridge University Press.

[243] Preskill, J. (1998). “Quantum Computing: Pro and Con”, Proceedings of the Royal Society of London, A454:469–486.

[244] Preskill, J. (2007), “Course Information for Quantum Computation” [online document]. Available at http://theory.caltech.edu/people/preskill/ph219/ (October 2008).

[245] Proos, J. and C. Zalka (2004), “Shor’s Discrete Logarithm Quantum Algorithm for Elliptic Curves” [online document]. Available at http://arxiv.org/abs/quant-ph/0301141 (October 2008).

[246] Rabin, M. O. (1979). “Digitalized Signatures and Public-Key Functions as Intractable as Factorization”. Technical report MIT/LCS/TR-212, MIT Laboratory for Computer Science, Massachusetts.

[247] Rabin, M. O. (1980a). “Probabilistic Algorithms in Finite Fields”, SIAM Journal of Computing, 9: 273–280.

[248] Rabin, M. O. (1980b). “Probabilistic Algorithm for Testing Primality”, Journal of Number Theory, 12: 128–138.

[249] Ram Murty, M. (2001). Problems in Analytic Number Theory. New York: Springer.

[250] Raymond, J.-F. and A. Stiglic (2000), “Security Issues in the Diffie-Hellman Key Agreement Protocol” [online document]. Available at http://crypto.cs.mcgill.ca/~stiglic/Papers/dhfull.pdf (October 2008).

[251] Ribenboim, P. (2001). Classical Theory of Algebraic Numbers. Universitext. New York: Springer.

[252] Rivest, R. L., A. Shamir, and L. M. Adleman (1978). “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, 2: 120–126.

[253] Rosser, J. and J. Schoenfield (1962). “Approximate Formulas for Some Functions of Prime Numbers”, Illinois Journal of Mathematics, 6: 64–94.

[254] RSA Security Inc. (2008), “Public-Key Cryptography Standards” [online document]. Available at http://www.rsa.com/rsalabs/node.asp?id=2124 (October 2008).

[255] Sakurai, J. J. (1994). Modern Quantum Mechanics. Revised by San-Fu Tuan, Reading, Massachusetts: Addison-Wesley.

[256] Satoh, T. (2000). “The Canonical Lift of an Ordinary Elliptic Curve over a Finite Field and Its Point Counting”, Journal of Ramanujan Mathematical Society, 15: 247–270.

[257] Satoh, T. and K. Araki (1998). “Fermat Quotients and the Polynomial Time Discrete Log Algorithm for Anomalous Elliptic Curves”, Commentarii Mathematici Universitatis Sancti Pauli, 47: 81–92.

[258] Schiff, L. I. (1968). Quantum Mechanics, 3rd ed. New York: McGraw-Hill.

[259] Schindler, W., F. Koeune and J.-J. Quisquater (2001). “Unleashing the Full Power of Timing Attack”. Technical report CG-2001/3, Université Catholique de Louvain, Belgium. Available at http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.23.6622.

[260] Schirokauer, O. (1993). “Discrete Logarithms and Local Units”, Philosophical Transactions of the Royal Society of London, Series A, 345: 409–423.

[261] Schirokauer, O., D. Weber, and T. Denny (1996). “Discrete Logarithms: The Effectiveness of the Index Calculus Method”, Algorithmic Number Theory—ANTS-II, Lecture Notes in Computer Science, 1122. pp. 337–361. Berlin/Heidelberg: Springer.

[262] * Schneier, B. (2006). Applied Cryptography, 2nd ed. New York: John Wiley & Sons.

[263] Schnorr, C. P. (1991). “Efficient Signature Generation for Smart Cards”, Journal of Cryptology, 4: 161–174.

[264] Schoof, R. (1995). “Counting Points on Elliptic Curves over Finite Fields”, Journal de Théorie des Nombres de Bourdeaux, 7: 219-254.

[265] Semaev, I. A. (1998). “Evaluation of Discrete Logarithms on Some Elliptic Curves”, Mathematics of Computation, 67: 353–356.

[266] Shamir, A. (1984). “A Polynomial-Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem”, IEEE Transactions on Information Theory, 30: 699–704.

[267] Shamir, A. (1984). “Identity-Based Cryptosystems and Signature Schemes”, Advances in Cryptology—CRYPTO ’84, Lecture Notes in Computer Science, 196. pp. 47–53. Berlin/Heidelberg: Springer.

[268] Shamir, A. (1997). “How to Check Modular Exponentiation”, presented at the rump session of Advances in Cryptology—EUROCRYPT ’97, May.

[269] Shamir, A. (1999). “Factoring Large Numbers with the TWINKLE Device”, Cryptographic Hardware and Embedded Systems—CHES ’99, Lecture Notes in Computer Science, 1717. pp. 2–12. Berlin/Heidelberg: Springer.

[270] Shamir, A. and E. Tromer (2003). “Factoring Large Numbers with the TWIRL Device”, Advances in Cryptology—CRYPTO 2003, Lecture Notes in Computer Science, 2729. pp. 1–26. Berlin/Heidelberg: Springer.

[271] Shor, P. W. (1997). “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer”, SIAM Journal of Computing, 26: 1484–1509.

[272] Shoup, V. (1990). “On the Deterministic Complexity of Factoring Polynomials over Finite Fields”, Information Processing Letters, 33: 261–267.

[273] Shparlinski, I. E. (1991). “On Some Problems in the Theory of Finite Fields”, Russian Mathematical Surveys, 46 (1): 199–240.

[274] Shparlinski, I. E. (1992). Computational and Algorithmic Problems in Finite Fields, Mathematics and its Applications, 88. Kluwer Academic Publishers.

[275] * Silverman, J. H. (1986). The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, 106. Berlin and New York: Springer.

[276] Silverman, J. H. (1994). Advanced Topics in the Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, 151. New York: Springer.

[277] Silverman, J. H. (2000). “The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem”, Design, Codes and Cryptography, 20: 5–40.

[278] Silverman, J. H. and J. Suzuki (1998). “Elliptic Curve Discrete Logarithms and the Index Calculus”, Advances in Cryptology—ASIACRYPT ’98, Lecture Notes in Computer Science, 1514. pp. 110–125. Berlin/Heidelberg: Springer.

[279] Silverman, R. D. (1987). “The Multiple Polynomial Quadratic Sieve”, Mathematics of Computation, 48: 329–339.

[280] * Sipser, M. (1997). Introduction to the Theory of Computation, 2nd ed. Boston: PWS Publishing Company.

[281] B. Skjernaa (2003). “Satoh’s Algorithm in Characteristic 2”, Mathematics of Computation, 72: 477–487.

[282] Smart, N. P. (1999). “The Discrete Logarithm Problem on Elliptic Curves of Trace One”, Journal of Cryptology, 12: 193–196.

[283] Smart, N. P. (2002). Cryptography: An Introduction. New York: McGraw-Hill. The 2nd edition of this book is available online at http://www.cs.bris.ac.uk/~nigel/Crypto_Book/ (October 2008).

[284] Smith, P. J. (1993). “LUC Public-Key Encryption: A Secure Alternative to RSA”, Dr. Dobb’s Journal, 18 (1): 44–49.

[285] Smith, P. J. and M. J. J. Lennon (1993). “LUC: A New Public Key System”, IFIP Transactions, A 37. pp. 103–117. Proceedings of the IFIP TC11, 9th International Conference on Information Security. Computer Security. Amsterdam: North-Holland Co.

[286] Smith, P. J. and C. Skinner (1995). “A Public-Key Cryptosystem and Digital Signature System Based on the Lucas Function Analogue to Discrete Logarithms”, Advances in Cryptology—ASIACRYPT ’94, Lecture Notes in Computer Science, 917. pp. 357–364. Berlin/Heidelberg: Springer.

[287] Solovay, R. and V. Strassen (1977). “A Fast Monte Carlo Test for Primality”, SIAM Journal of Computing, 6: 84–86.

[288] * Stallings, W. (2006). Cryptography and Network Security, 4th ed. Upper Saddle River, New Jersey: Prentice-Hall.

[289] Stam, M. and A. K. Lenstra (2001). “Speeding up XTR”, Advances in Cryptology—ASIACRYPT 2001, Lecture Notes in Computer Science, 2248. pp. 125–143. Berlin/Heidelberg: Springer.

[290] Stein, A. and E. Teske (2005). “Optimized Baby Step-Giant Step Methods”, Journal of Ramanujan Mathematical Society, 20 (1): 27–58.

[291] * Stinson, D. (2005). Cryptography: Theory and Practice, 3rd ed. Boca Raton, Florida: CRC Press.

[292] Strassen, V. (1969). “Gaussian Elimination Is not Optimal”, Numerische Mathematik, 13: 354–356.

[293] Stucki, D., N. Gisin, O. Guinnard, G. Ribordy and H. Zbinden (2002). “Quantum Key Distribution over 67 km with a Plug & Play System”, New Journal of Physics, 4: 41.1–41.8.

[294] Sun, H.-M., W.-C. Yang and C.-S. Laih (1999). “On the Design of RSA with Short Secret Exponent”, Advances in Cryptology—ASIACRYPT ’99, Lecture Notes in Computer Science, 1716. pp. 150–164. Berlin/Heidelberg: Springer.

[295] Swade, D. (2000). The Cogwheel Brain: Charles Babbage and the Quest to Build the First Computer. London: Little, Brown and Company.

[296] Trappe, W. and L. C. Washington (2006). Introduction to Cryptography with Coding Theory, 2nd ed. Upper Saddle River: Prentice-Hall.

[297] Verheul, E. R. (2001). “Evidence that XTR is More Secure than Supersingular Elliptic Curve Cryptosystems”, Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science, 2045. pp. 195–210. Berlin/Heidelberg: Springer.

[298] Washington, L. C. (2003). Elliptic Curves: Number Theory and Cryptography. Boca Raton, Florida: Chapman & Hall/CRC.

[299] Weber, D. (1996). “Computing Discrete Logarithms with the General Number Field Sieve”, Algorithmic Number Theory—ANTS-II, Lecture Notes in Computer Science, 1122. pp. 337–361. Berlin/Heidelberg: Springer.

[300] Weber, D. (1998). “Computing Discrete Logarithms with Quadratic Number Rings”, Advances in Cryptology—EUROCRYPT ’98, Lecture Notes in Computer Science, 1403. pp. 171–183. Berlin/Heidelberg: Springer.

[301] Weber, D. and T. Denny (1998). “The Solution of McCurley’s Discrete Log Challenge”, Advances in Cryptology—CRYPTO ’98, Lecture Notes in Computer Science, 1462. pp. 458–471. Berlin/Heidelberg: Springer.

[302] Western, A. E. and J. C. P. Miller (1968). “Tables of Indices and Primitive Roots”, Royal Mathematical Tables, 9, Cambridge: Cambridge University Press.

[303] Wiedemann, D. H. (1986). “Solving Sparse Linear Equations over Finite Fields”, IEEE Transactions on Information Theory, 32: 54–62.

[304] Wiener, M. J. (1990). “Cryptanalysis of Short RSA Secret Exponents”, IEEE Transactions on Information Theory, 36: 553–558.

[305] Williams, H. C. (1982). “A p + 1 Method for Factoring”, Mathematics of Computation, 39 (159): 225–234.

[306] Yang, L. T. and R. P. Brent (2001). “The Parallel Improved Lanczos Method for Integer Factorization over Finite Fields for Public Key Cryptosystems”, pp. 106–114. Proceedings of the ICPP Workshops 2001, Valencia, Spain, 3–7 September.

[307] Young, A. and M. Yung (1996). “The Dark Side of “Black-Box” Cryptography, or: Should We Trust Capstone?”, Advances in Cryptology—CRYPTO ’96, Lecture Notes in Computer Science, 1109. pp. 89–103. Berlin/Heidelberg: Springer.

[308] Young, A. and M. Yung (1997a). “Kleptography: Using Cryptography Against Cryptography”, Advances in Cryptology—EUROCRYPT ’97, Lecture Notes in Computer Science, 1233. pp. 62–74. Berlin/Heidelberg: Springer.

[309] Young, A. and M. Yung (1997b). “The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems”, Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science, 1294. pp. 264–276. Berlin/Heidelberg: Springer.

[310] Zheng, Y. (1997). “Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption)”, Advances in Cryptology—CRYPTO ’97, Lecture Notes in Computer Science, 1294. pp. 165–179. Berlin/Heidelberg: Springer.

[311] Zheng, Y. (1998a). “Signcryption and Its Applications in Efficient Public Key Solutions”, 1997 Information Security Workshop ISW ’97, Lecture Notes in Computer Science, 1397. pp. 291–312. Berlin/Heidelberg: Springer.

[312] Zheng, Y. (1998b). “Shortened Digital Signature, Signcryption, and Compact and Unforgeable Key Agreement Schemes”, contribution to IEEE P1363 Standard for Public Key Cryptography.

[313] Zheng, Y. and H. Imai (1998a). “Efficient Signcryption Schemes on Elliptic Curves”. Proceedings of the IFIP 14th International Information Security Conference IFIP/SEC ’98, Vienna, Austria, September 1998. Chapman & Hall.

[314] Zheng, Y. and H. Imai (1998b). “How to Construct Efficient Signcryption Schemes on Elliptic Curves”, Information Processing Letters, 68: 227–233.

[315] Zheng, Y. and T. Matsumoto (1996). “Breaking Smartcard Implementations of ElGamal Signatures and Its Variants”, presented at the rump session of Advances in Cryptology—ASIACRYPT ’96. Available at http://www.sis.uncc.edu/~yzheng/publications/ (October 2008).

[316] * Zuckerman, H. S., H. L. Montgomery, I. M. Niven and A. Niven (1991). An Introduction to the Theory of Numbers. New York: John Wiley & Sons.

Books marked by stars have Asian editions (at the time of writing this book).