Экспорт и импорт криптографии за рубежом 5 страница

75. D. Balenson, '*Automated Distribution of Cryptographic Keys Using the Financial Institution Key Management Standard," IEEE Communications Magazine, v. 23, n. 9, Sep 1985, pp. 41-46.

76. D. Balenson, "Privacy Enhancement for Internet Electronic Mail: Part Ill: Algorithms, Modes, and Identifiers, " RFC 1423, Feb 1993.

77. D. Balenson, C.M. Ellison, S.B. Lipner, and S.T. Walker, "A New Approach to Software Key Escrow Encryption," TIS Report #520, Trusted Information Systems, Aug 94.

78. R. Ball, Mathematical Recreations and Essays, New York: MaeMillan, 1960.

79. J Bamford, The Puzzle Palace, Boston: HoughtonMifflin, 1982.

80. 1. Bamford and W Madsen, The Puzzle Palace, Second Edition, Penguin Books, 1995.

81. S.K. Banerjee, "High Speed Implementation of DES" Computers q) Security, v. I, 1982.pp.261-267.

82. Z. Baodong, "MC-Veiled Linear Transform Public Key Cryptosystem" Acta Electron- ica Sinica, v. M, n. 4, Apr 1992, pp. 21-24. (In Chinese.)

83. PH. Bardell, "Analysis of Cellular Automata Used as Pseudorandom Pattern Generators," Proceedings of 1990 International Test Conference, pp. 762-768.

84. T. Baritaud, H. Gilbert, and M. Cirault, "FFT Hashing is not Collision-Free," Advances in Cryptology-EUROCRYPT '92 Proceedings, Springer-Verlag, 1993, pp. 35-44.

85. C. Barker, "An Industry Perspective of the CCEP," 2nd Annual AIAA Computer Security Conference Proceedings, 1986.

86. W.C. Barker, Cryptanalysis of the Hagelin Cryptograph, Aegean Park Press, 1977.

87. P. Barrett, "Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor," Advances in Cryptology- CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 311-323.

88. T.C. Bartee and D.l. Schneider, "Computation with Finite Fields," Information and Control, v. 6, n. I, Jun 1963, pp. 79-98.

89. U. Baum and S. Blackburn, "Clock- Controlled Pseudorandom Generators on Finite Groups," K.U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.

90. K.R. Bauer, T.A. Bersen, and R.J. Feiertag, "A Key Distribution Protocol Using Event Markers," ACM Transactions on Computer Systems, v. I, n. 3, 1983, pp. 249-255.

91. F. Bauspiess and F. Damm, "Requirements for Cryptographic Hash Functions," Computers q) Security, v. I I, n. 5, Sep 1992, pp. 427-437.

92. D. Bayer, S. Haber, and WS. Stornetta, "Improving the Efficiency and Reliability of Digital Time-Stamping," Sequences '91: Methods in Communication, Security, and Computer Science, Springer-Verlag, 1992, pp. 329-334.

93. R. Bayer and J.K. Metzger, "On the Enci- pherment of Search Trees and Random Access Files," ACM Transactions on Database Systems, v. I, n. I, Mar 1976, pp. 37-52.

94. M. Beale and M.F. Monaghan, "Encrytion Using Random Boolean Functions," Cryptography and Ceding, H.l. Beker and F.C. Piper, eds., Oxford: Clarendon Press, 1989, pp. 219-230.

95. P. Beauchemin and C. Brassard, "A Generalization of Hellman's Extension to Shan- non's Approach to Cryptography," Journal ofCryptology, v. I, n. I, 1988, pp. 129-132.

96. P. Beauchemin, C. Brassard, C. Cr6peau, C. Goutier, and C. Pomerance, "The Generation of Random Numbers that are Probably Prime," Journal of Cryptology, v. I, n. I, 1988, pp.'53-64.

97. D. Beaver, I. Feigenbaum, and V. Shoup, "Hiding Instances in Zero-Knowledge Proofs," Advances in Cryptology- CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 326-338.

98. H. Beker, I. Friend, and P. Halliden, "Simplifying Key Management in Electronic Funds Transfer Points of Sale Systems," Electronics Letters, v. 19, n. 12, Jun 1983, pp. 442-444.

99. H. Beker and F. Piper, Cipher Systems: The Protection of Communications, London: Northwood Books, 1982. 100. D.E. Bell and L.T. LaPadula, "Secure Computer Systems: Mathematical Foundations," Report ESD-TR-73-275, MITRE Corp., 1973.

101. D.E. Bell and L.*. LaPadula, "Secure Computer Systems: A Mathematical Model," Report MTR-2547, MITRE Corp., 1973. 102. D.E. Bell and L.l. LaPadula, "Secure Computer Systems: A Refinement of the Mathematical Model," Report ESD-TR-73-278, MITRE Corp., 1974.

103. D.E. Bell and L.l. LaPadula, "Secure Computer Systems: Unified Exposition and Multics Interpretation," Report ESD-TR- 75-306, MITRE Corp., 1976.

104. M. Bellare and S. Coldwasser, "New Paradigms for Digital Signatures and Message Authentication Based on Non- Interactive Zero Knowledge Proofs," Advances in Cryptology-CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 194-21 1.

105. M. Bellare and S. Micali, "Non-Interactive Oblivious Transfer and Applications," Advances in Cryptology-CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 547-557.

106. M. Bellare, S. Micali, and R. Ostrovsky, "Perfect Zero-Knowledge in Constant Rounds," Proceedings of the 22th ACM Symposium on the Theory of Computing, 1990, pp. 482-493.

107. S.M. Bellovin, "A Preliminary Technical Analysis of Clipper and Skipjack," unpublished manuscript, 20 Apr 1993.

108. S.M. Bellovin and M. Merritt, "Limitations of the Kerberos Protocol," Winter 1991 USENIX Conference Proceedings, USENIX Association, 1991, pp. 253-267.

109. S.M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks," Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp. 72-84.

110. S.M. Bellovin and M. Merritt, "An Attack on the Interlock Protocol When Used for Authentication," IEEE Transactions on Information Theory, v. 40, n. I, Jan 1994, pp. 273-275.

111. S.M. Bellovin and M. Merritt, "Crypto- graphic Protocol for Secure Communications," U.S. Patent #5.241.599, 31 Aug 93.

112. 1. Ben-Aroya and E. Biham, "Differential Cryptanalysis of Lucifer," Advances in Cryptology-CRYPTS '93 Proceedings, Springer-Verlag, 1994.pp. 187-199.

113. i.e. Benaloh, "Cryptographic Capsules: A Disjunctive Primitive for Interactive Protocols," Advances in Cryptology- CRYPTO '86 Proceedings, Springer-Verlag, 1987, 213-222.

114. *.C. Benalob, "Secret Sharing Homor- phisms: Keeping Shares of a Secret Secret," Advances in Cryptology-CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 251-260.

115. i.e. Benalob, "Verifiable Secret-Ballot Elections," Ph.D. dissertation, Yale University, YALEU/DCS/TR-561, Dec 1987.

116. i.e. Benalob and M. de Mare, "One-Way Accumulators: A Decentralized Alternative to Digital Signatures," Advances in Cryptology-EUROCRYPT '93 Proceedings. Springer-Verlag, 1994, pp. 274-285.

117. J.C. Benalob and D. Tuinstra, "Receipt- Free Secret Ballot Elections," Proceedings of the 26th ACM Symposium on the Theory of Computing, 1994, pp. 544-553.

118. i.e. Benalob and M. Yung, "Distributing the Power of a Government to Enhance the Privacy of Voters," Proceedings of the Sth ACM Symposium on the Principles ill Distributed Computing, 1986, pp. 52-62.

119. A. Bender and C. Castagnoll, "On the Implementation of Elliptic Curve Cryp- tosystems" Advances in Clyptology- CRYPTO '89 Proceedings, Springer-Verlag, 1990, pp. 186-192.

120. S. Bengio, C. Brassard, Y.C. Desmedt, C. Goutier, and J.-J. Quisquater, "Secure Implementation of Identification Systems," Jouraal of Cryptology, v. 4, n. 3, 1991, pp. 175-184.

121. C.H. Bennett, F. Bessette, C. Brassard, L. Salvail, and J. Smolin, "Experimental Quantum Cryptography," Advances in Cryptolosy-EVROCRYPT '90 Proceedings. Springer-Verlag, 1991, pp. 253-265.

122. C.H. Bennett, 7. Bessette, C. Brassard, L. Salvail, and I. Smolin, "Experimental Quantum Cryptography," Joumal of Cryp- tology, v. 5, n. I, 1992, pp. 3-28.

123. C.H. Bennett and C. Brassard, "Quantum Cryptography: Public Key Distribution and Coin Tossing," Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Banjalore, India, Dec 1984, pp. 175-179.

124. C.H. Bennett and C. Brassard, "An Update on Quantum Cryptography," Advances in Cryptology: Proceedings of CRYPTS 84, Springer-Verlag, 1985, pp. 475-480.

125. C.H. Bennett and C. Brassard, "Quantum Public-Key Distribution System," IBM Technical Disclosure Bulletin, v. 28, 1985, pp. 3153*163.

126. C.H. Bennett and C. Brassard, "Quantum Public Key Distribution Reinvented," SICACTNews, v. 18, n. 4, 1987, pp. 51-53.

127. C.H. Bennett and C. Brassard, "The Dawn of a New Era for Quantum Cryptography: The Experimental Prototype is Working!" SICACTNews, v. M, n. 4, Fall 1989, pp. 78-82.

128. C.H. Bennett, C. Brassard, and S. Breidbart, Quantum Cryptography 11: How to Reuse a One-Time Pad Safely Even ifP*NP, unpublished manuscript, Nov 1982.

129. C.H. Bennett, C. Brassard, S. Breidbart, and S. Weisner, "Quantum Cryptography, or Unforgeable Subway Tokens," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 267-275.

130. C.H. Bennett, C. Brassard, C. Crepeau, and M.-H. Skublszewska, "Practical Quantum Oblivious Transfer," Advances in Cryptol- ogy-CRYPTO '91 Proceedings, Springer- Verlag, 1992, pp. 351-366.

131. C.H. Bennett, C. Brassard, and A.K. Ekert. "Quantum Cryptography," Scientific American, v. m, n. 4, Oct 1992, pp. 50-57.

132. C.H. Bennett, G. Brassard, and N.D. Mer- min, "Quantum Cryptography Without Bell's Theorem," Physical Review Letters, v. 68, n. 5, 3 Feb 1992, pp. 557-559.

133. C.H. Bennett, G. Brassard, and 1.-M. Robert, "How to Reduce Your Enemy's Information," Advances in Cryptology- CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 468-476.

134. C.H. Bennett, C. Brassard, and 1.-M. Robert, "Privacy Amplification by Public Discussion," SIAMfournal on Computing, v. 17, n. 2, Apr 1988, pp. 210-229.

135. 1. Bennett, "Analysis of the Encryption Algorithm Used in WordPerfect Word Processing Program," Cryptologia, v. 11, n. 4, Oct 1987. pp. 206-210.

136. M. Ben-Or, S. Coldwasser, and A. Wigder- son, "Completeness Theorems for Non- Cryptographic Fault-Tolerant Distributed Computation," Proceedings of the Mth ACM Symposium on the Theory of Computing, 1988, pp. 1-10.

137. M. Ben-Or, 0. Coldreich, S. Coldwasser, I. Hastad, ). Kilian, S. Micali, and R Rag- away, "Everything Provable is Provable in Zero-Knowledge," Advances in Cryptol- ogy-CRYPTO '88 Proceedings, Springer- Verlag, 1990, pp. 37-56.

138. M. Ben-Or, 0. Goldreich, S. Micali, and R.L. Rivest, "A Fair Protocol for Signing Contracts," IEEE Transactions oa Information Theory, v. 36, n. I, Jan 1990, pp. 40*6.

139. H.A. Bergen and WJ. Caelli, "File Security in WordPerfect 5.0," Cryptologia, v. 15, n. I, Jan 1991, pp. 57-66.

140. E.R. Berklecamp, Algebraic Ceding Theory, Aegean Park Press, 1984. 141. S. Berkovitz, "How to Broadcast a Secret," Advances in Cryptology-EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 535-541.

142. S. Berkovitz, J. Kowalchuk, and B. Schan- ning, "Implementing Public-Key Scheme," IEEE Communications Magazine, v. 17, n. 3, May 1979, pp. 2-3.

143. D.J. Bernstein, Bernstein vs. U.S. Department of State et al., Civil Action No. C95- 0582-MHP, United States District Court for the Northern District of California, 21 Feb 1995.

144. T. Berson, "Differential Cryptanalysis Mod 2" with Applications to MD5," Advances in Cryptology-EUROCRYPT '92 Proceedings, 1992. pp. 71-80.

145. T. Beth, Verfataeri der schaellen Fourier- Transformation, Teubner, Stuttgart, 1984. lln German.)

146. T. Beth, "Efficient Zero-Knowledge Identification Scheme for Smart Cards," Advances in Cryptology-EVROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 77-84.

147. T. Beth, B.M. Cook, and D. GoUmann, "Architectures for Exponentiation in CFj2")," Advances in Cryptology- CRYPTO '86 Proceedings, Springer-Verlag, 1987, pp. 30MIO.

148. T. Both and Y. Desmedt, "Identification Tokens-or: Solving the Chess Crandmas- ter Problem," Advances in Cryptology- CRYPTO '90 Proceedings, Springer-Verlag, 1991, pp. 169-176.

149. T. Beth and C. Ding, "On Almost Nonlin- ear Permutations," Advances in Cryp- tology-EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 65-76.

150. T. Both, M. Frisch, and G.l. Simmons, eds., Lecture Notes in Computer Science 578; Public Key Cryptography: State of the Art and Future Directions, Springer-Verlag, 1992.

151. T Both and F.C. Piper, "The Stop-and-Co Generator," Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer- Verlag, 1984, pp. 88-92.

152. T Beth and F. Schaefer, "Non Supersingular Elliptic Curves for Public Key Cryptosys- tems," Advances in Cryptology-EURO- CRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 316-327.

153. A. Beutelspacher, "How to Say 'No'" Advances in Cryptology-EUROCRYPT '89 Proceedings. Springer-Verlag, 1990, pp. 491-496.

154. J. Bidzos, letter to NIST regarding DSS, 20 Sep 1991.

155. ). Bidzos, personal communication, 1993. 156. P. Bieber, "A Logic of Communication in a Hostile Environment," Proceedings of the Computer Security Foundations Workshop Ill, IEEE Computer Society Press, 1990, pp. 14-22.

157. E. Biham, "Cryptanalysis of the Chaotic- Map Cryptosystem Suggested at EURO- CRYPT '91," Advances in Cryptology- EUROCRYPT '91 Proceedings, Springer- Verlag, 1991, pp. 532-534.

158. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys," Technical Report #753, Computer Science Department, Techmon-Israel Institute of Technology, Sep 1992.

159. E. Biham, "On the Applicability of Differential Cryptanalysis to Hash Functions," lecture at EIES Workshop on Crypto- graphic Hash Functions, Mar 1992.

160. E. Biham, personal communication, 1993. 161. E. Biham, "Higher Order Differential Cryptanalysis," unpublished manuscript, ran 1994.

162. E. Biham, "On Modes of Operation," Past Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 116-120.

163. E. Biham, "New Types of Cryptanalytic Attacks Using Related Keys," Journal of Cryptology, v. 7, n. 4, 1994, pp. 229-246. 164. E. Biham, "On Matsui's Linear Cryptanal- ysis," Advances in Cryptology-EURO- CRYPT '94 Proceedings, Springer-Verlag, 1995, pp. 398-412.

165. E. Biham and A. Biryukov, "How to Strengthen DES Using Existing Hardware," Advances in Cryptology- ASIACRYPT '94 Proceedings, Springer- Verlag, 1995, to appear.

166. E. Biham and RC. Kocher, "A Known Plaintext Attack on the PKZIP Encryption," K.U. Leuven Workshop on Crypto- graphic Algorithms, Springer-Verlag, 1995, to appear.

167. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Advances in Cryptol- ogy-CRYPTO '90 Proceedings, Springer- Verlag, 1991, pp. 2-21.

168. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, V. 4, n. I, 1991, pp 3-72.

169. E. Biham and A. Shamir, "Differential Cryptanalysis of Foal and N-Hash," Advances m Cryptology-EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 1-16.

170. E. Blham and A. Shamlr, "Differential Cryptanalysls of Sllefru, Khafre, REDOC- 11, LOKI, and Lucifer," Advances in Clyp- tology-CRYPTO '91 Proceedings, 1992, pp. 156-171.

171. E. Blham and A. Shanur, "Differential Cryptanalysls of the Full 16-Round DES," Advances in Cryptology-CRYPTS '92 Proceedings, Springer-Verlag, 1993, 487- 496.

172. E. Biham and A. Sharnlr, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.

173. R. Bird, I. Copal, A. Herzberg, 7. Janson, S. Kutten, R. Molva, and M. Yung, "Systematic Design of Two-Party Authentication Protocols," Advances in Cryptology- CRYPTO '91 Proceedings, Spa-inger-Verlag, 1992, pp. 44-61.

174. R. Bird, I. Copal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, "Systematic Design of a Family of Attack-Resistant Authentication Protocols," IEEE foumal of Selected Areas in Communication, to appear.

175. R. Bird, I. Copal, A. Herzberg, I' lanson, S. Kutten, R. Molva, and M. Yung, "A Modular Family of Secure Protocols for Authentication and Key Distribution." IEEE/ACM Transactions on Networking, to appear. I 76. M. Bishop, "An Application for a Fast Data Encryption Standard Implementation," Computing Systems, v. I, n. 3, 1988, pp. 221-254.

177. M. Bishop, "Privacy-Enhanced Electronic Mail," Distributed Computing and Cryptography,). Feigenbaum and M. Merritt, eds., American Mathematical Society, 1991, pp. 93-106.

178. M. Bishop, "Privacy-Enhanced Electronic Mail," Internetworking: Research and Experience, v. I, n. 4, Dec 1991, pp. I 99-233.

179. M. Bishop, "Recent Changes to Privacy Enhanced Electronic Mail," Internetwolk- ing: Research and Experience, v. 4, n. I, Mar 1993, pp. 47-59.

180. l.F. Blake, R. Fuji-Ham, R.C. Mullin, and S.A. Vanstone, "Computing Logarithms in Finite Fields of Characteristic Two," SIAM fournal on Algebraic Discrete Methods, v. 5, 1984. pp. 276-285.

181. LF. Blake, R.C. Mullin, and S.A. Vanstone, "Computing Logarithms in GF (2") " Advances in Cryptology: Proceedings of CRYPTS 84, Springer-Verlag, 1985, pp 73-82.

182. C.R. Blakley, "Safeguarding Cryptographic Keys," Proceedings of the Natioaal Computer Conference, 1979, American Federation of Information Processing Societies, v. 48,'979,pp.242-268.

183. C.R. Blakley, "One-Time Pads are' Key Safeguarding Schemes, Not Cryptosys- tems-Fast Key Safeguarding Schemes (Threshold Schemes) Exist," Proceedings of the 1980 Symposium on Security and Privacy, IEEE Computer Society, Apr 1980, pp.108-113.

184. C.R. Blakley and I. Borosh, "Rivest- Shamir-Adleman Public Key Cryptosys- tems Do Not Always Conceal Messages," Computers find Mathematics with Applications, v. 5, n. 3, l979, pp. 169-178.

185. C.R. Blakley and C. Meadows, "A Database Encryption Scheme which Allows the Computation of Statistics Using Encrypted Data," Proceedings of the 1985 Symposium on Security and Privacy, IEEE Computer Society, Apr 1985, pp. 116-122.

186. M. Blaze, "A Cryptographic File System for UNIX," lst ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 9-16.

187. M. Blaze, "Protocol Failure in the Escrowed Encryption Standard," 2ndACM Conference on Computer and Communications Security, ACM Press, 1994, pp. 59-67.

188. M. Blaze, "Key Management in an Encrypting File System," Proceedings of the Summer 94 USENIX Conference, USENIX Association, 1994, pp. 27-35.

189. M. Blaze and B. Schneier, "The MacCuffin Block Cipher Algorithm," K.U. Leuven Workshop on Cryptographic Algorithms, Springer-Verlag, 1995, to appear.

190. U. Blocher and M. Dichtl, "Fish: A Fast Software Stream Cipher," Fast Softwale Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 41-44.

191. R. Blom, "Non-Public Key Distribution," Advances in Cryptology: Proceedings of Crypto 82, Plenum Press, 1983, pp. 231-236.

192. K.l. Blow and S.J.D. Phoenix, "On a Fundamental Theorem of Ouantum Cryptography," Joumal of Modem Optics, v. 40, n. I, Tan 1993, pp. 33*6.

193. L. Blum, M. Blum, and M. Shub, "A Simple Unpredictable Pseudo-Random Number Generator," SIAM Journal on Computing, v. 15, n. 2, 1986, pp. 364-383.

194. M. Blum, "Coin Flipping by Telephone; A Protocol for Solving Impossible Problems," Proceeding* o* tae 24th IEEE Computer Conference (CompCon), 1982, pp. 133-137.

195. M. Blum, "How to Exchange (Secret) Keys," ACM Transactions on Computer Systems, v. I, n. I, May 1983, pp. 175-193.

196. M. Blum, "How to Prove a Theorem So No One Else Can Claim It," Proceedings o* the International Congress of Mathematicians, Berkeley, CA, 1986, pp. 1444-1451.

197. M. Blum, A. De Santis, S. Micali, and C. Persiano, "Noninteractive Zero-Knowledge," SIAM fournal on Computing, v. 20, n. 6, Dec 1991. pp. 1084-1118.

198. M.Blum,RFeldman,andS.Micali,"Non- Interactive Zero-Knowledge and Its Applications," Proceedings of the 20th ACM Symposium on Theory of Computing, 1988, pp. 103-112..

199. M. Blum and S. Coldwasser, "An ancient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information," Advances in Cryptology: Proceedings of CRYPTS 84, Springer-Verlag, 1985, pp. 289-299.

200. M. Blum and S. Micali, "How to Generate Cryptographically-Strong Sequences of Pseudo-Random Bits," SIAM Journal on Computing, v. 13, n. 4, Nov 1984, pp. 850-864.

201. B. den Boer, "Cryptanalysis of F.E.A.L.," *dl*ances In Cryptology-EUROCRYPT '88 Proceedings, Springer-Verlag, 1988, pp. 293-300.

202. B. den Boer and A. Bosselaers. "An Attack on the Last Two Rounds of MD4," Advances in Cryptology-CRYPTO '91 Proceedings, Springer-Verlag, 1992, pp. I 94-203.

203. B. den Boer and A. Bosselaers, "Collisions for the Compression Function of MD5," Advances in Cryptology-EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 293-304.

204. J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mi01snes, F. Muller, T. Ped- ersen, B. Pfitzmann, P. de Rooi), B. Schoen- makers, M. Schunter, L. VaUee, and M. Waidner, "Digital Payment Systems in the ESPRIT Project CAFE," Securicoal 94, Paris, France, 2-6 Tan 1994, pp. 35-45.

205. T.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mj01snes, F. Muller, T. Ped- ersen, B. Pfitzmann, P. de Rooij, B. Schoen- makers, M. Schunter, L. VaUee, and M. Waidner, "The ESPRIT Project CAFE- High Security Digital Payment System," Computer Security-*OOTC5 94, Springer-Verlag, 1994, pp. 217-230.

206. D.T. Bond, "Practical Primality Testing," Proceedings o* IEE International Conference on Secure Communications Systems, 22-23 Feb 1984, pp. 50-53.

207. H. Bonnenberg, Secure Testing o* VSLI Cryptographic Equipment, Series in Microelectronics, Vol. 25, Konstanz: Har- tungCorreVerlag, 1993.

208. H. Bonnenberg, A. Curiger, N. Felber, H. Kaeslin, and X. Lai, "VLSI Implementation of a New Block Cipher," Proceedings of the IEEE International Conference on Computer Design: VLSI in Computers and Processors (ICCD 91), Oct 1991, pp. 510-513.

209. K.S. Booth, "Authentication of Signatures Using Public Key Encryption," Communications o*tAe-ACM, v. 24, n. I I. Nov 1981, pp. 772-774.

210. A. Bosselaers, R. Covaerts, and T. Vander- waUe, Advances in Clyptotogy-CBYP'TO '93 Proceedings, Springer-Verlag, 1994, pp. 175-186.

211. D.P. Bovet and P. Crescenzi, totrodlictlon to tAe TAeory o* Comp-texity, Englewood Cliffs, N.J.: Prentice-Hall, 1994.

212. J. Boyar, "Inferring Sequences Produced by a Linear Congruential Generator Missing Low-Order Bits," *rlla.? o* CryptoJogy, v. I, n. 3, 1989, pp. 177-184.

213. T. Boyar, D. Chaum, and I. Darngard, "Convertible Undeniable Signatures," Advances in Cryptotog)*-COTOTO '90 Proceedings, Springer-Verlag, 1991, pp. 189-205.

214. J. Boyal-, K. Friedl, and C. Lund, "Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies," advances In CryptoJ- ogy---ffUfiOCRYP'r '89 Proceedings, Springer-Verlag, 1990.pp. 155-172.

215. J. Boyar, C. Lund, and R. Peralta, "On the Communication Complexity of Zero- Knowledge Proofs," Joumal of Cryptology, v. 6, n. 2, 1993, pp. 65-85.

216. 1. Boyar and R. Peralta, "On the Concrete Complexity of Zero-Knowledge Proofs," Advances in Cryptolosy-CRYPTS '89 Proceedings, Springer-Verlag, 1990, pp. 507-525.

217. C. Boyd, "Some Applications of Multiple Key Ciphers," Advances in Clyptology- EUROCRYPT '88 Ptoceedings, Springer- Verlag, 1988, pp. 455-467.

218. C. Boyd, "Digital Multisignatures," Clyp- tography and Codlag, H.l. Bekel and F.C. Piper, eds., Oxford: Clarendon Press, 1989, pp. 241-246.

219. C. Boyd, "A New Multiple Key Cipher and an Improved Voting Scheme, " Advances in Cryptology-EUROCRYPT '89 Ptoceed- ings, Springer-Verlag, 1990, pp. 617-625. 220. C. Boyd, "Multisignatures Revisited," Cryptography and Coding Ill, M.l. Canley, ed., Oxford: Clarendon Press, 1993, pp. 21-30.

221. C. Boyd and W. Mao, "On the Limitation of BAN Logic," Advances in Cryptology- EUROCRYPT '93 Proceedings, Springer- Verlag, 1994, pp. 240-247.

222. C. Boyd and W. Mao, "Designing Secure Key Exchange Protocols," Computer Secu- rity-ESORICS 94, Springer-Verlag, 1994, pp. 217-230.

223. B.0. Brachtl, D. Coppersmith, M.M. Hyden, S.M. Matyas, C.H. Meyer, J. Oseas, S. Pilpel, and M. Schilling, "Data Authentication Using Modification Detection Codes Based on a Public One Way Function," U.S. Patent #4.908.861. 13 Mar 1990.

224. 1. Brandt, 1.6. Damgird, P. Landrock, and T. Pederson, "Zero-Knowledge Authentication Scheme with Secret Key Exchange," Advances in Clyptology-CRYPTO '88, Springer-Verlag, 1990, pp. 583-588.

225. S.A. Brands, "An Efficient Off-Line Electronic Cash System Based on the Representation Problem," Report CS-R9323, Computer Science/Department of Algorithms and Architecture, CWI, Mar 1993. 226. S.A. Brands, "Untraceable Off-line Cash in Wallet with Observers," Advances in Cryptology-CRYPTS '93, Springer- Verlag, 1994, pp. 302-318.

227. S.A. Brands, "Electronic Cash on the Intel- net," Proceedings of the Internet Society 1995 Symposium on Network and Distributed Systems Security, IEEE Compute? Society Press 1995, pp 64-84.

228. D.K. Branstad, "Hellman's Data Does Not Support His Conclusion," IEEE Spectrum v.16.n.7.Jull979.p.39.

229. D.K. Branstad, J. Gait, and S. Katzke, "Report on the Workshop on Cryptography in Support of Computer Security," NBSIR 77-1291, National Bureau of Standards, Sep 21-22, 1976, September 1977. 230. C. Brassard, "A Note on the Complexity of Cryptography," IEEE Transactions oil Information Theory, v. IT-25, n. 2, Mat 1979, pp. 232-233.

231. C. Brassard, "Relativized Cryptography," Proceedings of the IEEE 20th Annual Symposium on the Foundations of Compute! Science, 1979, pp. 383-391.

232. C. Brassard, "A Time-Euck Tradeoff in Relativized Cryptography," Proceedings of the IEEE 21st Annual Symposium on the Foundations of Computer Science, 1980, pp. 380-386.

233. G. Brassard, "A Time-Luck Tradeoff in Relativized Cryptography," Journal of Computer and System Sciences, v. 22, n. 3, Jun 1981, pp. 280-311.

234. C. Brassard, "An Optimally Secure Rela- tivized Cryptosystem," SIGACT News, v. 15, n. I, 1983, pp. 28*3.

235. C. Brassard, "Relativized Cryptography," IEEE Transactions on Information Theory, v. IT-29, n. 6, Nov 1983, pp. 877-894. 236. C. Brassard, Modern Cryptology: A Tutorial. Springer-Verlag, 1988.

237. C. Brassard, "Quantum Cryptography: A Bibliography," SICACTNews, v. U, n. 3, Oct 1993, pp. 16-20.

238. C. Brassard, D. Chaum, and C. Crepeau, "An Introduction to Minimum Disclosure," CWI Quarterly, v. I. 1988, pp. 3-17.