Newsgroups: sci.crypt,comp.security.misc,alt.securitySubject: APPLIED CRYPTOGRAPHY - Electronic Version of IndexMessage-ID: <CGoB9q.Cyx@chinet.chinet.com>From: schneier@chinet.chinet.com (Bruce Schneier)Date: Thu, 18 Nov 1993 05:58:37 GMTOrganization: Chinet - Public Access UNIXLines: 1747Attached is the index to my book, Applied Cryptography.  Please feel free todistribute it at will in electronic form.  Permission is not given to printthe index out; for that you have to buy the book.  I would appreciate it ifthis index were placed on various crypto ftp sites around the world.Bruce******************************************************************************APPLIED CRYPTOGRAPHY INDEXcopyright 1994 by John Wiley & Sons.  Permission is granted only to copy anddistribute this index electronically.Abreast Davies-Meyer hash function, 343Accreditation, single, 292Active attacks, 25Active cheaters, 25Adaptive-chosen-plaintext attack, 5ADFGVX cipher, 10Adjudicator, 23, 24Adleman, Leonard, 12, 282Advanced threshold schemes, 385, 86Adversaries, 4Agnew, G. B., 370Algebraic coding theory, 316Algorithms       and ciphers, 2, 3       breakable, 7       choosing, 183, 85, 272, 320       complexity of, 194, 95       for export, 184, 85, 448, 54       introduction, 2, 3       multiple and multiple encryption, 168       public, 183, 84       restricted, 2       secure, 7       security of symmetric cryptosystem and, 129, 30       strong, 7       types of, mathematically defined, 194       unconditionally secure, 7All or nothing disclosure of secrets (ANDOS)       introduction, 83, 84       multiple parties buying from single seller, 399, 401       voting with single central facility, 109Alternating stop-and-go generator, 360, 61American Bankers Association, 221American National Standards Institute (ANSI).  See ANSI.Anderson, Ross, 360Anonymous key distribution, 80, 81Anonymous messages       broadcasting, 124, 26       Dining Cryptographers problem, 124       multiparty unconditionally secure protocols, 126Anonymous money orders, 117, 19ANSI standards, DES, 221, 22ANSI X9.17 key generation, 145Arbitrated       protocols, 21, 23       solutions, 62, 63       timestamping services, 62Arbitrators       computer, 23       difference between adjudicators and, 24       group signatures with trusted, 70, 71       role of, 21, 23       signing documents with symmetric cryptosystems and, 31, 33       simultaneous contract signing with, 99       simultaneous contract signing without, (face-to-face), 99, 100       simultaneous contract signing without, (not face-to-face), 100, 1       simultaneous contract signing without, (using cryptography),101, 3Ascom-Tech AG, 266Asmuth-Bloom, 385Athena project, 417, 425AT&T, 370Attacks.  See also Authentication; Cryptanalysis       active, 25       against DES, 234, 238, 39       against poker protocols, 80       against proof-of-identity protocols, 49       against protocols, 24, 25       against public-key cryptography, 30, 31, 274       attackers, 4       birthday attack, 295, 322       block replay, 155, 57       brute-force, 130, 35       chosen-ciphertext attack, 274, 75, 286, 87       common modulus attack against RSA, 287       Den Boer and Bosselaer's attacks, 329, 333, 336, 337       dictionary, 142, 44       dictionary, and salt, 47, 48       digital signatures and encryption, 38       foiling resend, 39       insertion attack, stream ciphers, 174       introduction, 4       low exponent attack against RSA, 287, 88       man-in-the-middle attack, 43, 44, 50       meet-in-the-middle attack, 166       passive, 25       reduced keyspaces and, 141, 42       software-only brute-force, 135, 36       time and cost estimates for brute-force attack, 130, 35, 195       types of, 5, 6       viruses, 137Authentication       dictionary attacks and salt, 47, 48       Feige-Fiat-Shamir algorithm, 291, 96       introduction, 47       key exchange and, 51, 56       mutual, using interlock protocol, 49, 51       Schnorr algorithm, 303       SKID, 51       user identification with public-key cryptography, 48, 49Authenticators, 419Avalanche effect, 227, 245Backup keys, 149Banks and digital cash, 117, 24Bardell, Paul, 363Battisa, Leon, 10Beaufort cipher, 10Bellcore, 306Bell Laboratories, 237Bell-Northern Research, 415Bellovin, Steve, 50, 378, 380, 424Bennett, Charles, 408, 410Ben-Or, Michael, 100Berkovitz, Shimshon, 382Berson, Tom, 333Beth-Piper stop-and-go generators, 359, 60Beth, Thomas, 301Biases and correlations, generated sequences, 371, 72Biham, E., 234, 237, 238, 240, 244, 247, 249, 252, 253, 259, 260,       264, 268, 272, 324, 326, 329Bilateral stop-and-go generator, 361Biotechnology and brute-force attacks, 138, 39Birthday attacks, 322, 23       Fiat-Shamir signature scheme, 294, 96Bishop, Matthew, 429Bit commitment, 71, 74       blobs, 74       using one-way functions, 73       using pseudo-random sequence generators, 73, 74       using symmetric cryptography, 72Blakley, G. R., 60, 384Blind signatures       algorithm, 403, 4       completely, 94, 95       cut-and-choose technique, 95, 96       envelopes, 96       introduction, 93, 94       voting with, 106, 7Blobs, bit commitment, 74Block algorithms.  See Algorithms, blockBlock chaining (BC) mode, 163Block cipher MAC, 345Block cipher modes       block chaining (BC) mode, 163       block replay, 155, 57       choosing, 164, 65       cipher block chaining (CBC) mode, 157, 60, 231       cipher block chaining of plaintext difference (CBCPD), 164       cipher feedback (CFB) mode, 160, 61, 231       counter mode, 163       Electronic Codebook mode (ECB), 154, 55, 231       error propagation, 159, 60, 161, 162       framing, 160       Initialization vector, 48, 158, 161, 162       output feedback (OFB) mode, 162, 231       output feedback with a non-linear function (OFBNLF), 164       padding, 158, 59       plaintext block chaining (PCB) mode, 164       plaintext feedback (PFB) mode, 164       propagating cipher block chaining (PCBC) mode, 163, 64       self-recovering errors, 160Block ciphers       CA-1.1, 268, 69       DES as,  224       DES, overview and outline, 224       FEAL-N, 249, 52       IDEA, 260, 266, 436         introduction, 3       Khufu and Khafre, 257, 59       LOKI, 255, 57       Lucifer, 220, 236, 244, 45       Madryga, 245, 47       MMB, 266, 68       NewDES, 247, 49       RC2 and RC4, 259, 60       REDOC, 252, 55       Skipjack, 269, 70, 437       stereotyped beginnings and endings, 155       using as stream ciphers, 175, 76       vs. stream ciphers, 176, 77Blocks       introduction, 3       length, doubling via multiple encryption, 167, 69       replay, 155, 57       size for computer analysis, 3Bloom, J., 385Blum integers, 208, 397, 98Blum, Manuel, 75, 87, 91, 407Blum-Mitcali generator, 365BlumBlumShub (BBS) generator, 365, 66, 407Boolean circuit, 117Bosselaers, A., 329, 333Boyar, Joan, 349Boyd, Colin, 56Branstead, Dennis, 223Brassard, Giles, 74, 408, 410Breakable algorithms and work factor, 7Brickell, Ernie, 304, 315British Telecom, 410Broadcast interactive proofs, 91Broadcasting       keys and messages, 46, 47, 57       anonymous messages, 124, 26       secrets, 381, 83Brute-force attack, 130, 35, 195       biotechnology, 138, 39       Chinese Lottery, 137       software crackers, 135, 36       software only, 135, 36       time and cost estimates for brute-force attacks, 130, 35, 195       viruses, 137Burmester, Mike, 91CA-1.1, 268, 69Cade algorithm, 318Cash, Digital.  See Digital CashCCITT X.508 public-key protocol, 153CD-ROM applications, 15Cellular automata (CA), 268, 317, 337Cellular automaton generator, 363Central Legitimization Agency (CLA), 107Central Tabulating Facility (CTF), 105Certificates, 153, 426, 430Certification Authorities (CAs), 426, 430Certifying authority (CA), 153, 426Chaining variables, 330Chaining, 157, 60Chambers, W. G., 362Chaum, David, 68, 70, 114, 392, 393, 403, 404Cheaters       passive and active, 25       secret sharing with, 60, 386, 87Cheating       secure elections, 113, 14       with digital cash, 117, 24       with digital signatures, 36, 37Chess grandmaster problem, 91, 93Chinese Lottery, 137, 38Chinese remainder theorem, 204, 5Chips       and random noise, 370       Clipper and Capstone, 181, 269, 436, 437, 38       DES chip, 231       RSA, 281, 288Chor-Rivest knapsack, 280, 81Chosen-ciphertext attack, 5, 6, 274, 75, 286, 87Chosen-plaintext attack, 5, 274Cipher block chaining (CBC) mode, 157, 60       DES, 231       error propagation, 159, 60       initialization vector, 158       padding, 158, 59Cipher block chaining of plaintext difference (CBCPD), 164Cipher feedback (CFB) mode, 160, 61       DES, 231       error propagation, 161       self-synchronous stream ciphers, 174, 75Cipherpunks, 445Ciphers       and algorithms, 2, 3       blocks.  See Block ciphers       historic term, 8       stream.  See Stream ciphers       substitution, 8, 10, 193       transposition, 10Ciphertext, 1, 2Ciphertext pairs, 238Ciphertext-only attack, 5Civil War, American, 10Cleartext, 1-2Clock pulse, 351Clocks, computer for real random sequence generators, 369, 70Codes.  See also Cryptanalysis       historic term, 8       PURPLE, Japanese diplomatic, 6       q-code cryptosystems, 8Coefficients, solving for, 203Coin flipping       Dining Cryptographers problem, 124, 26       fair coin flips, 74, 78, 395, 98       into well, 77       key generation using, 78       using Blum integers, 397, 98       using exponentiation modulo p, 396, 97       using one-way functions, 75, 76       using public-key cryptography, 76, 77       using square roots, 396Commercial COMSEC Endorsement Program (CCEP), 223Common modulus attack on RSA, 287Communications       ANSI standards, 221, 22       protocols, purpose of, 20, 21       using public-key cryptography, 29, 31       using symmetric cryptography, 26, 27Communications networks, encrypting, 178, 80       end-to-end encryption, 179, 80       link-by-link encryption, 178, 79, 180       traffic-flow security, 178Company, example, 21Complement keys, 234Complexity classes of problems, 196, 97Complexity theory, 193, 98       algorithms, 194, 95, 319       computational complexity, 193       NP, complete problems, 197, 98, 277       problems, 195, 97       stream ciphers, 365, 66Compression permutation, 227Compromised keys, 150Computational complexity, 193Computer analysis       adjudicated protocols, 24       arbitrators, 23       block size for, 3       processors for brute-force attack, 131, 34       pseudo-random sequence generation, 15, 39, 41       software-only brute force attacks, 135, 36       XOR algorithm, 12, 13Computer communications.  See CommunicationsComputer Professionals for Social Responsibility (CPSR), 438,446, 47Computer Security Act of 1987, 221, 304, 441Computing with encrypted data, 71, 395Computationally secure algorithm, 7COMSET (COMmunications SETup), 377, 78Confirmation messages, 37, 38Confusion, 193Connell, Charles, 249Continued Fraction Algorithm, 211Contract signing.  See Signing contracts, simultaneouslyContraction functions, 28Convertible undeniable signatures, 393, 95Cook, S. A., 197Coppersmith, Don, 80, 240, 341Cost estimates for brute-force attack, 130, 35, 195Counter mode, 163, 172, 173Crime and digital cash, 123crypt(1), 364CRYPT(3), 242Crypt Breakers Workbench (CBW), 364Cryptanalysis       differential, 237, 238, 40       introduction, 1, 4, 7       linear, 241       of FEAL, 251, 52       of IDEA, 264       of LOKI, 255, 56       of Madryga, 247       of N-Hash, 326, 28       of NewDES, 248, 49       related-key, 240, 41       Snefru one-way hash function, 324, 25Cryptanalysts, 1Cryptech, Inc., 255CRYPTO conference, 91Cryptographers, 1Cryptographic facility, 414Cryptographic protection of databases, 61Cryptographic protocols, 20Cryptographically secure pseudo-random sequence generators (CSPRSGs), 356Cryptography       definition, 1       hybrid systems, 177       implementations.  See Example implementations       large numbers used in, 15, 16       quantum, 408, 10       relativized, 192       simultaneous contract signing without arbitrator, 101, 3Cryptologists, 1Cryptology, 1Cryptosystems       introduction, 4              security, 7, 191Cubic algorithms, 194Cusick, Thomas, 253Cut and choose technique, 85, 86       blind signatures and, 95, 96Damgard, Ivan, 337Damm, Arvid Gerhard, 11Data authentication code (DAC), 28Data Encryption Standard (DES)       adoption of, 221, 22       algorithm, overview and outline, 224       alternate S-boxes, 242       attacks against, 234, 238, 39       avalanche criteria, 227       complement keys, 234       compression permutation, 227       CRYPT(3), 242       decrypting, 230       development of, 219, 21       differential cryptanalysis, 237, 238, 40       E-boxes, 227       encryption speed, 231       expansion permutation, 227, 28       final permutation, 230       FIPS PUBs, 221       generalized (GDES), 243       hardware and software implementations of, 231       in 1987, 222, 23       in 1992, 223, 24       initial permutation, 26       key length, 236, 37       key transformation, 226, 27       linear cryptanalysis, 241       modes of, 231       multiple, 241       non-group benefits, 234, 45       P-box permutation, 230       permuted choice, 227       related-key cryptanalysis, 240, 41       rounds, 224, 237       S-boxes, 228, 29, 237, 38       security, 232       speed, compared to RSA, 286       straight permutation, 230