[Adrian et al.] Adrian et al., "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice," https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf.

[Agrawal et al.] M. Agrawal, N. Kayal, and N. Saxena, “PRIMES is in P,” Annals of Math. 160 (2004), 781–793.

[Alford et al.] W. R. Alford, A. Granville, and C. Pomerance, “On the difficulty of finding reliable witnesses,” Algorithmic Number Theory, Lecture Notes in Computer Science 877, Springer-Verlag, 1994, pp. 1–16.

[Alford et al. 2] W. R. Alford, A. Granville, and C. Pomerance, “There are infinitely many Carmichael numbers,” Annals of Math. 139 (1994), 703–722.

[Atkins et al.] D. Atkins, M. Graff, A. Lenstra, P. Leyland, “The magic words are squeamish ossifrage,” Advances in Cryptology – ASIACRYPT ’94, Lecture Notes in Computer Science 917, Springer-Verlag, 1995, pp. 263–277.

[Aumasson] J-P. Aumasson, Serious Cryptography: A Practical Introduction to Modern Encryption, No Starch Press, 2017.

[Bard] G. Bard, Sage for Undergraduates, Amer. Math. Soc., 2015.

[Bauer] C.Bauer, Secret History: The Story of Cryptology, CRC Press, 2013.

[Beker-Piper] H. Beker and F. Piper, Cipher Systems: The Protection of Communications, Wiley-Interscience, 1982.

[Bellare et al.] M. Bellare, R. Canetti, and H. Krawczyk, “Keying Hash Functions for Message Authentication,” Advances in Cryptology (Crypto 96 Proceedings), Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.

[Bellare-Rogaway] M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, ACM Press, New York, 1993, pp. 62–73.

[Bellare-Rogaway2] M. Bellare and P. Rogaway, “Optimal asymmetric encryption,” Advances in Cryptology – EUROCRYPT ’94, Lecture Notes in Computer Science 950, Springer-Verlag, 1995, pp. 92–111.

[Berlekamp] E. Berlekamp, Algebraic Coding Theory, McGraw-Hill, 1968.

[Bernstein et al.] Post-Quantum Cryptography, Bernstein, Daniel J., Buchmann, Johannes, Dahmen, Erik (Eds.), Springer-Verlag, 2009.

[Bitcoin] bitcoin, https://bitcoin.org/en/

[Blake et al.] I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography, Cambridge University Press, 1999.

[Blom] R. Blom, “An optimal class of symmetric key generation schemes,” Advances in Cryptology – EUROCRYPT’84, Lecture Notes in Computer Science 209, Springer-Verlag, 1985, pp. 335–338.

[Blum-Blum-Shub] L. Blum, M. Blum, and M. Shub, “A simple unpredictable pseudo-random number generator,” SIAM Journal of Computing 15(2) (1986), 364–383.

[Boneh] D. Boneh, “Twenty years of attacks on the RSA cryptosystem,” Amer. Math. Soc. Notices 46 (1999), 203–213.

[Boneh et al.] D. Boneh, G. Durfee, and Y. Frankel, “An attack on RSA given a fraction of the private key bits,” Advances in Cryptology – ASIACRYPT ’98, Lecture Notes in Computer Science 1514, Springer-Verlag, 1998, pp. 25–34.

[Boneh-Franklin] D. Boneh and M. Franklin, “Identity based encryption from the Weil pairing,” Advances in Cryptology – CRYPTO ’01, Lecture Notes in Computer Science 2139, Springer-Verlag, 2001, pp. 213–229.

[Boneh-Joux-Nguyen] D. Boneh, A. Joux, P. Nguyen, “Why textbook ElGamal and RSA encryption are insecure,” Advances in Cryptology – ASIACRYPT ’00, Lecture Notes in Computer Science 1976, Springer-Verlag, 2000, pp. 30–43.

[Brands] S. Brands, “Untraceable off-line cash in wallets with observers,” Advances in Cryptology – CRYPTO’93, Lecture Notes in Computer Science 773, Springer-Verlag, 1994, pp. 302–318.

[Campbell-Wiener] K. Campbell and M. Wiener, “DES is not a group,” Advances in Cryptology – CRYPTO ’92, Lecture Notes in Computer Science 740, Springer-Verlag, 1993, pp. 512–520.

[Canetti et al.] R. Canetti, O. Goldreich, and S. Halevi, “The random oracle methodology, revisited,” Proceedings of the thirtieth annual ACM symposium on theory of computing, ACM Press, 1998, pp. 209–218.

[Chabaud] F. Chabaud, “On the security of some cryptosystems based on error-correcting codes,” Advances in Cryptology – EUROCRYPT’94, Lecture Notes in Computer Science 950, Springer-Verlag, 1995, pp. 131–139.

[Chaum et al.] D. Chaum, E. van Heijst, and B. Pfitzmann, “Cryptographically strong undeniable signatures, unconditionally secure for the signer,” Advances in Cryptology – CRYPTO ’91, Lecture Notes in Computer Science 576, Springer-Verlag, 1992, pp. 470–484.

[Cohen] H. Cohen, A Course in Computational Number Theory, Springer-Verlag, 1993.

[Coppersmith1] D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks,” IBM Journal of Research and Development, vol. 38, no. 3, May 1994, pp. 243–250.

[Coppersmith2] D. Coppersmith, “Small solutions to polynomial equations, and low exponent RSA vulnerabilities,” J. Cryptology 10 (1997), 233–260.

[Cover-Thomas] T. Cover and J. Thomas, Elements of Information Theory, Wiley Series in Telecommunications, 1991.

[Crandall-Pomerance] R. Crandall and C. Pomerance, Prime Numbers, a Computational Perspective, Springer-Telos, 2000.

[Crosby et al.] Crosby, S. A., Wallach, D. S., and Riedi, R. H. “Opportunities and limits of remote timing attacks,” ACM Trans. Inf. Syst. Secur. 12, 3, Article 17 (January 2009), 29 pages.

[Damgård et al.] I. Damgård, P. Landrock, and C. Pomerance, “Average case error estimates for the strong probable prime test,” Mathematics of Computation 61 (1993), 177–194.

[Dawson-Nielsen] E. Dawson and L. Nielsen, “Automated Cryptanalysis of XOR Plaintext Strings,” Cryptologia 20 (1996), 165–181.

[Diffie-Hellman] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. in Information Theory, 22 (1976), 644–654.

[Diffie-Hellman2] W. Diffie and M. Hellman, “Exhaustive cryptanalysis of the NBS data encryption standard,” Computer 10(6) (June 1977), 74–84

[Ekert-Josza] A. Ekert and R. Jozsa, “Quantum computation and Shor’s factoring algorithm,” Reviews of Modern Physics, 68 (1996), 733–753.

[FIPS 186-2] FIPS 186-2, Digital signature standard (DSS), Federal Information Processing Standards Publication 186, U.S. Dept. of Commerce/National Institute of Standards and Technology, 2000.

[FIPS 202] FIPS PUB 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, Federal Information Processing Standards Publication 202, U.S. Dept. of Commerce/National Institute of Standards and Technology, 2015, available at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf.

[Ferguson-Schneier] N. Ferguson and B. Schneier, Practical Cryptography, Wiley, 2003.

[Fortune-Merritt] S. Fortune and M. Merritt, “Poker Protocols,” Advances in Cryptology – CRYPTO’84, Lecture Notes in Computer Science 196, Springer-Verlag, 1985, pp. 454–464.

[Gaines] H. Gaines, Cryptanalysis, Dover Publications, 1956.

[Gallager] R. G. Gallager, Information Theory and Reliable Communication, Wiley, 1969.

[Genkin et al.] D. Genkin, A. Shamir, and E. Tromer, “RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis,” December 18, 2013, available at www.cs.tau.ac.il/∼tromer/papers/acoustic-20131218.pdf

[Gilmore] Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, Electronic Frontier Foundation, J. Gilmore (editor), O’Reilly and Associates, 1998.

[Girault et al.] M. Girault, R. Cohen, and M. Campana, “A generalized birthday attack,” Advances in Cryptology – EUROCRYPT’88, Lecture Notes in Computer Science 330, Springer-Verlag, 1988, pp. 129–156.

[Goldreich1] O. Goldreich, Foundations of Cryptography: Volume 1, Basic Tools, Cambridge University Press, 2001.

[Goldreich2] O. Goldreich, Foundations of Cryptography: Volume 2, Basic Applications, Cambridge University Press, 2004.

[Golomb] S. Golomb, Shift Register Sequences, 2nd ed., Aegean Park Press, 1982.

[Hankerson et al.] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography, Springer-Verlag, 2004.

[Hardy-Wright] G. Hardy and E. Wright, An Introduction to the Theory of Numbers. Fifth edition, Oxford University Press, 1979.

[Heninger et al.] N. Heninger, Z. Durumeric, E. Wustrow, J. A. Halderman, “Mining your $P\text{s}$ and $Q\text{s}$: Detection of widespread weak key in network devices,” Proc. 21st USENIX Security Symposium, Aug. 2012; available at https://factorable.net.

[HIP] R. Moskowitz and P. Nikander, “Host Identity Protocol (HIP) Architecture,” May 2006; available at https://tools.ietf.org/html/rfc4423

[Joux] A. Joux, “Multicollisions in iterated hash functions. Application to cascaded constructions,” Advances in Cryptology – CRYPTO 2004, Lecture Notes in Computer Science 3152, Springer, 2004, pp. 306–316.

[Kahn] D. Kahn, The Codebreakers, 2nd ed., Scribner, 1996.

[Kaufman et al.] C. Kaufman, R. Perlman, M. Speciner, Private Communication in a Public World. Second edition, Prentice Hall PTR, 2002.

[Kilian-Rogaway] J. Kilian and P. Rogaway, “How to protect DES against exhaustive key search (an analysis of DESX),” J. Cryptology 14 (2001), 17–35.

[Koblitz] N. Koblitz, Algebraic Aspects of Cryptography, Springer-Verlag, 1998.

[Kocher] P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” Advances in Cryptology – CRYPTO ’96, Lecture Notes in Computer Science 1109, Springer, 1996, pp. 104–113.

[Kocher et al.] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Advances in Cryptology – CRYPTO ’99, Lecture Notes in Computer Science 1666, Springer, 1999, pp. 388–397.

[Konikoff-Toplosky] J. Konikoff and S. Toplosky, “Analysis of Simplified DES Algorithms,” Cryptologia 34 (2010), 211–224.

[Kozaczuk] W. Kozaczuk, Enigma: How the German Machine Cipher Was Broken, and How It Was Read by the Allies in World War Two; edited and translated by Christopher Kasparek, Arms and Armour Press, London, 1984.

[KraftW] J. Kraft and L. Washington, An Introduction to Number Theory with Cryptography, CRC Press, 2018.

[Lenstra et al.] A. Lenstra, X. Wang, B. de Weger, “Colliding X.509 certificates,” preprint, 2005.

[Lenstra2012 et al.] A. K. Lenstra, J. P. Hughes, M. Augier, J. W. Bos, T. Kleinjung, and C. Wachter, “Ron was wrong, Whit is right,” https://eprint.iacr.org/2012/064.pdf.

[Lin-Costello] S. Lin and D. J. Costello, Jr., Error Control Coding: Fundamentals and Applications, Prentice Hall, 1983.

[MacWilliams-Sloane] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes, North-Holland, 1977.

[Mantin-Shamir] I. Mantin and A. Shamir, “A practical attack on broadcast RC4,” In: FSE 2001, 2001.

[Mao] W. Mao, Modern Cryptography: Theory and Practice, Prentice Hall PTR, 2004.

[Matsui] M. Matsui,“Linear cryptanalysis method for DES cipher,” Advances in Cryptology – EUROCRYPT’93, Lecture Notes in Computer Science 765, Springer-Verlag, 1994, pp. 386–397.

[Menezes et al.] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.

[Merkle-Hellman] R. Merkle and M. Hellman, “On the security of multiple encryption,” Comm. of the ACM 24 (1981), 465–467.

[Mikle] O. Mikle, “Practical Attacks on Digital Signatures Using MD5 Message Digest,” Cryptology ePrint Archive, Report 2004/356, http://eprint.iacr.org/2004/356, 2nd December 2004.

[Nakamoto] S. Nakamoto, ”Bitcoin: A Peer-to-peer Electronic Cash System,” available at https://bitcoin.org/bitcoin.pdf

[Narayanan et al.] A. Narayanan, J. Bonneau, E. Felten, A. Miller, S. Goldfeder, Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction (with a preface by Jeremy Clark), Princeton University Press 2016.

[Nelson-Gailly] M. Nelson and J.-L. Gailly, The Data Compression Book, M&T Books, 1996.

[Nguyen-Stern] P. Nguyen and J. Stern, “The two faces of lattices in cryptology,” Cryptography and Lattices, International Conference, CaLC 2001, Lecture Notes in Computer Science 2146, Springer-Verlag, 2001, pp. 146–180.

[Niven et al.] I. Niven, H. Zuckerman, and H. Montgomery, An Introduction to the Theory of Numbers, Fifth ed., John Wiley & Sons, Inc., New York, 1991.

[Okamoto-Ohta] T. Okamoto and K. Ohta, “Universal electronic cash,” Advances in Cryptology – CRYPTO’91, Lecture Notes in Computer Science 576, Springer-Verlag, 1992, pp. 324–337.

[Pfleeger-Pfleeger] C. Pfleeger, S. Pfleeger, Security in Computing. Third edition, Prentice Hall PTR, 2002.

[Pomerance] C. Pomerance, “A tale of two sieves,” Notices Amer. Math. Soc. 43 (1996), no. 12, 1473–1485.

[Quisquater et al.] J.-J. Quisquater and L. Guillou, “How to explain zero-knowledge protocols to your children,” Advances in Cryptology – CRYPTO ’89, Lecture Notes in Computer Science 435, Springer-Verlag, 1990, pp. 628–631.

[Rieffel-Polak] E. Rieffel and W. Polak, “An Introduction to Quantum Computing for Non-Physicists,” available at xxx.lanl.gov/abs/quant-ph/9809016.

[Rosen] K. Rosen, Elementary Number Theory and its Applications. Fourth edition, Addison-Wesley, Reading, MA, 2000.

[Schneier] B. Schneier, Applied Cryptography, 2nd ed., John Wiley, 1996.

[Shannon1] C. Shannon, “Communication theory of secrecy systems,” Bell Systems Technical Journal 28 (1949), 656–715.

[Shannon2] C. Shannon, “A mathematical theory of communication,” Bell Systems Technical Journal, 27 (1948), 379–423, 623–656.

[Shoup] V. Shoup, “OAEP Reconsidered,” CRYPTO 2001 (J. Killian (ed.)), Springer LNCS 2139, Springer-Verlag Berlin Heidelberg, 2001, pp. 239–259.

[Stallings] W. Stallings, Cryptography and Network Security: Principles and Practice, 3rd ed., Prentice Hall, 2002.

[Stevens et al.] M. Stevens, E. Bursztein, P. Karpman, A. Albertini, Y. Markov, “The first collision for full SHA-1,” https://shattered.io/static/shattered.pdf.

[Stinson] D. Stinson, Cryptography: Theory and Practice. Second edition, Chapman & Hall/CRC Press, 2002.

[Stinson1] D. Stinson, Cryptography: Theory and Practice, CRC Press, 1995.

[Thompson] T. Thompson, From Error-Correcting Codes through Sphere Packings to Simple Groups, Carus Mathematical Monographs, number 21, Mathematical Assoc. of America, 1983.

[van der Lubbe] J. van der Lubbe, Basic Methods of Cryptography, Cambridge University Press, 1998.

[van Oorschot-Wiener] P. van Oorschot and M. Wiener, “A known-plaintext attack on two-key triple encryption,” Advances in Cryptology – EUROCRYPT ’90, Lecture Notes in Computer Science 473, Springer-Verlag, 1991, pp. 318–325.

[Wang et al.] X. Wang, D. Feng, X. Lai, H. Yu, “Collisions for hash functions MD-4, MD-5, HAVAL-128, RIPEMD,” preprint, 2004.

[Wang et al. 2] X. Wang, Y. Yin, H. Yu, “Finding collisions in the full SHA1,” to appear in CRYPTO 2005.

[Washington] L. Washington, Elliptic Curves: Number Theory and Cryptography, Chapman & Hall/CRC Press, 2003.

[Welsh] D. Welsh, Codes and Cryptography, Oxford, 1988.

[Wicker] S. Wicker, Error Control Systems for Digital Communication and Storage, Prentice Hall, 1995.

[Wiener] M. Wiener, “Cryptanalysis of short RSA secret exponents,” IEEE Trans. Inform. Theory, 36 (1990), 553–558.

[Williams] H. Williams, Edouard Lucas and Primality Testing, Wiley-Interscience, 1998.

[Wu1] T. Wu, “The secure remote password protocol,” In: Proc. of the Internet Society Network and Distributed Security Symposium, 97–111, March 1998.

[Wu2] T. Wu, “SRP-6: Improvements and refinements to the Secure Remote Password protocol,” 2002; available through http://srp.stanford.edu/design.html