validation and certification of DES equipment, 222       weak keys, 232, 34       with independent subkeys, 241Data Encryption Algorithm (DEA). See Data Encryption StandardData Encryption Standard  (DES), 221       brute-force attack, 130, 35, 195       introduction, 12       substitution boxes, 228Data Exchange Key (DEK), 433Data       computing with encrypted, 395       for storage, encrypting, 180, 81Data integrity check (DIC), 28Databases       cryptographic protection, 61       public-key, 43       secret keys, 30, 33Davies, D. W., 414Davies-Meyer hash function, 338, 39, 340, 41Deciphering, 8Declaration of Independence and NewDES, 248Decoding, 8Decryption       decrypting with public-key, 35       DES, 230       introduction, 1, 2       knapsack algorithm, 279, 80       public-key, 29Decryption algorithm, 2, 3Decryption keys, 4Defense Messaging System (DMS), 269, 313DeLaurentis, John, 315Den Boer, Bert, 326, 329, 333Den Boer and Bosselaer's attacks, 329, 333, 336, 337Denning, Dorothy, 11DES standard.  See Data Encryption Standard (DES)Desmedt, Yvo, 69, 91, 386Destroying keys, 152Dictionary attacks, 142, 44       and salt, 47, 48Differential cryptanalysis, 237, 238, 40Diffie, Whitfield, 29, 33, 131, 177, 212, 235, 273Diffie-Hellman algorithm, 275, 77       encrypted key exchange (EKE), 379, 80       extended, 275, 76       fair cryptosystems, 386, 398, 99       patents, 276       with three or more parties, 276Diffusion, 193DigiCash, 124Digital cash       and perfect crime, 123, 24       anonymous money orders, 117, 19       ideal system, 123       introduction, 117       protocols in working products, 124Digital certified mail, 103, 4Digital Equipment Corporation (DEC)       DES chip, 231       SPX protocols, 55, 56Digital Signature Algorithm (DSA), 304, 14       criticisms of, 305, 7       dangers of common modulus, 313       description of, 307, 8       digital signatures, 33       ElGamal encryption with, 310, 11       introduction, 12       patents, 313, 14       precomputations, 309       prime generation, 309, 10       reaction to announcement, 305, 7       RSA encryption with, 311       security, 311, 13       speed, 306       subliminal channels, 313, 390, 92Digital signatures       algorithms and terminology, 35, 36       applications of, 37       choosing algorithms, 320       Digital Signature Algorithm (DSA), 304, 14       ElGamal, 300, 2       with encryption, 37, 39       ESIGN, 314, 15       fail-stop, 69, 70       Feige-Fiat-Shamir algorithm, 291, 96       group signatures, 70, 71       Guillou-Quisquater signature scheme, 297, 99       identification schemes, 291, 96       introduction, 31       key exchange with, 45, 46       legal issues, 454       multiple signatures, 36, 296, 298, 99       Okamoto 92, 316, 17       Ong-Schnorr-Shamir, 299, 300       RSA standards, 288       Schnorr, 302, 4       signing documents and timestamps, 34       signing documents with symmetric cryptosystems and arbitrator, 31, 33       signing documents with public-key cryptography and one-way hash functions, 34, 35, 39       subliminal-free signatures, 68       undeniable, 7, 68, 69, 392, 95Digital Signature Standard (DSS), 288, 304Dining Cryptographers problem, 124Discrete logarithm problem, 153, 317, 395. See also Logarithms,discreteDisk file erasure, 183Distributed convertible undeniable signatures, 395Distributed key management, 153Distributed protocols, 64, 65DoD standard for disk overwrites, 183Double encryption, 165, 66DSA.  See Digital Signature Algorithm (DSA)Durstenfeld, R., 374Dutchy of Mantua, 10E-boxes, 227Eavesdroppers, 4, 22, 24Ehrsham, W. F., 4138-bit CFB, 160Elections, secure       characteristics of, 105, 109       cheating, 113, 14       other voting schemes, 113, 14       simplistic voting protocols, 105, 6       voting with blind signatures, 106, 7       voting with single central facility 109, 10       voting with two central facilities, 107, 8       voting without Central Tabulating Facility (CTF), 110, 13Electronic Codebook mode (ECB), 154, 55, 231Electronic Frontier foundation (EEF), 438, 446ElGamal algorithm, 300, 2, 310, 11       encrypted key exchange (EKE), 379       subliminal channel, 388, 89ElGamal, Taher, 276, 290Elliptic curve cryptosystems, 317, 318Elliptic Curve Method (ECM), 211Enciphering, 8Encoding, 8Encrypt, decrypt-encrypt (EDE) mode, 166, 67Encrypted key exchange (EKE)       applications, 380, 81       basic protocol, 378, 79       Diffie-Hellman, 379, 80       ElGamal, 379       RSA implementation, 379       strengthening, 380Encryption       algorithms, 2, 3       communications networks, 178, 80       computing with encrypted data, 71, 395              data for storage, 180, 81       DES speed, 231       digital signatures and, 37, 38       ElGamal algorithm, 301, 2       ElGamal with DSA, 310, 11       encrypting with private key, 35       hardware vs. software, 181, 83       introduction, 1, 2       knapsack algorithm, 279       multiple, 165, 69       one-time pads, 13, 16       probabilistic, 406, 8       public-key, 29       RSA with DSA, 311       software and hardware implementations, 148Encryption keys, 4, 151End-to-end encryption, 179, 80Enemy, 4Enigma rotor device, 11, 364, 365Entropy and uncertainty, 189, 90Envelopes, 96Equipment, DES, 222Erritt, Michael, 50Error detection, 148Error propagation       block ciphers vs. stream ciphers, 177       cipher block chaining (CBC) mode, 159, 60       cipher feedback (CFB) mode, 160, 61       output feedback (OFB) mode, 162Error propagation in cypher block chaining (CBC) mode, 159, 60Errors, self-recovering, 160Errors, synchronization.  See Error propagationESIGN algorithm, 314, 15, 389, 90       patents, 315       security, 315ESPCI, 269Euclid's algorithm, 200, 1, 202, 3Euler generalization of Fermat's little theorem, 203Euler phi function, 203Euler totient function, 203, 4EUROCRYPT conference, 91Example implementations       Capstone, 437, 38       Clipper, 437, 38       IBM secret key management protocol, 413, 14       ISDN (Integrated Services Digital Network Terminal, 415, 17       ISO authentication framework, 425, 28       KERBEROS, 417, 25       KryptoKnight, 425       Message Security Protocol (MSP), 436       MITRENET, 414, 15       Pretty Good Privacy (PGP), 153, 436, 37       Privacy-enhanced mail (PEM), 428, 36Exchanging keys and messages.  See Key exchangeExpansion permutation, 227Exponential algorithms, 194Exponentiation modulo p, coin flipping using, 396, 97Export algorithms, 184, 85, 448, 54EXPTIME-complete problems, 197Face-to-face contract signing, 99, 100Factoring, 211, 13       algorithms, 211, 13       modular factoring machines, 212       security of RSA algorithm and, 282, 85       square roots modulo N, 213, 289Fail-stop digital signatures, 69, 70Fair coin flips, 74, 78Fair cryptosystems, 82, 83, 386, 398, 99Fast Elliptic Encryption (FEE), 318FEAL-N, 249, 52Fedeal Standards, 221, 222, 338Feedback       in cipher block chaining (CBC) mode, 157, 159       in cipher feedback (CFB) mode, 160, 61       in output feedback (OFB) mode, 162Feedforward in cipher block chaining (CBC) mode, 159Feige, Uriel, 91Feige-Fiat-Shamir, 291, 96, 392       enhancements, 294       Fiat-Shamir signature scheme, 294, 95       identifications scheme, 292, 94       improved Fiat-Shamir signature scheme, 295, 96       N-party identification, 296       Ohta-Okamoto identification scheme, 296       patents, 296       simplified identification scheme, 291, 92       single accreditation, 292Feldman, 238Feldmeier, David, 48Fermat's little theorem, 203Fiat, Amos, 91Fiat, Shamir signature scheme, 294, 95, 392File erasure, 183Financial Institution Retail Security Working Group, 221Fingerprint, 28Finite field, 209       discrete logarithms in, 216, 18FIPS PUBs, 221, 231Fixed-bit index (FBI), 399Follett, Robert, 306Foundations of Computer Science (FOCS) conference, 91Frankel, Yair, 386French banking community and RSA, 288French Direction Generale de la Securite Exterieure (DGSE), 237Fujioka, A., 318Functions, one-way, 27, 29Gait, 162Galois, Evariste, 210Galois field, computing in, 209, 10, 276Garey, Michael, 197Gaussian integer scheme, 217Geffe generator, 358, 59General Services Administration (GSA), 221Generalized DES (GDES), 243Generating good keys, 144, 45Generators, 208, 9, 309, 10GF(2^n), computing in, 210, 11, 276Goldreich, Oded, 100Goldwasser, Shafi, 80, 406Gollman, D., 363Gollmann cascade, 360Goodman-McAuley cryptosystem, 280Goppa codes, 316Graham-Shamir knapsack, 280Graph theory       graph isomorphism, 88, 89       Hamiltonian cycles, 87, 88Greatest common divisor, 200, 1Greene, J. W., 385Group signatures, 70, 71       with trusted arbitrator, 70, 71Groups       DES, 234, 36       double encryption, 166       IDEA, 266Guam, P., 317Gude, M., 370Guillou, Louis, 85Guillou-Quisquater algorithm, 297, 99       identification scheme, 297, 98       signature scheme, 298Gutmann, Peter, 271Gutowitz, Howard, 268Haber, Stuart, 62, 306, 309Hamiltonian cycles, 87, 88Hard problems, 196, 319Hardware       DES implementation, 231       RSA in, 285Hardware encryption, 148, 181, 82, 263, 64Harn, Lein, 393Hastad, J., 287HAVAL one-way hash function, 336, 37Hellman, Martin, 29, 33, 131, 166, 167, 217, 236, 273, 277, 385Herlestam, T., 280Hill cipher, 10Hill, I. D., 349Historic terms, 8Homophonic substitution cypher, 8, 10Hybrid cryptographic systems, 177Hybrid cryptosystems, 31I/p generator, 363, 64IBM, 220, 232, 236, 273, 306IBM secret key management protocol, 413, 14IDEA, 260, 66, 436Ideal secrecy, 192Identification schemes       Feige-Fiat-Shamir, 291, 96       Guillou-Quisquater, 297, 98Imai, H., 270Increment, 347Information theory, 189, 93       approach to stream ciphers, 366, 67       confusion and diffusion, 193       entropy and uncertainty, 189, 90       in practice, 193       rate of language, 190, 91       security of cryptosystems, 191       unicity distance, 192Information, amount in messages, 189Ingemarsson, I., 367Initial chaining value, 159Initialization Vector       cipher block chaining (CBC) mode, 158       cipher feedback mode, 161       salt, 48Initializing variable, 158Insertion attack, stream ciphers, 174Interactive proofs, 91Interactive protocols, 86Interceptors, 4Interchange Key (IK), 433Interlock protocol, 44, 45, 49, 51Interlopers, 4Internal feedback, 162International Association of Cryptographic Research (IACR), 445International Data Encryption Algorithm (IDEA).  See IDEAInternational Organization of Standards, 288Internet, 428, 430.  See also Privacy-enhanced mail (PEM)Internet Policy Registration Authority (IPRA), 430Intractable problems, 195, 96Introducers, 153Intruders, 4Inverses in modular arithmetic, 201, 3IPES (Improved Proposed Encryption Standard), 260Irreducible polynomials, 210ISDN (Integrated Services Digital Network Terminal, 415, 17ISO authentication framework, 425, 28       certificates, 426       protocols, 426, 28Itoh, A., 318Jacobi symbol, 207, 8, 290Johnson, David, 197Kahn, David, 6, 11Kaliski, Burt, 259Karn method, 270Karn, Philip, 48, 270Kerberos protocol, 55       credentials, 419, 20       future, 424, 25       getting initial ticket, 421       getting server tickets, 421, 22       Kerberos model, 417, 18       licenses, 425       methodology, 419       requesting services, 422, 23       security, 424       software modules, 418, 19       version 4, 423, 24Key Certification Authority, 30Key distribution       anonymous, 80, 81       in large networks, 147       in MITRENET network, 414, 15Key Distribution Center (KDC), 30       session keys from, 42Key escrow system, 437, 38Key exchange       authentication protocols, 51, 56       COMSET (COMmunications SETup), 377, 78       with digital signature, 45, 46       encrypted.  See Encrypted key exchange (EKE)       interlock protocol, 44, 45, 49, 51       key and message broadcast, 46, 47, 57       key and message transmission, 46       man-in-the-middle attack, 43, 44, 49, 50       with public-key cryptography, 43       Shamir's three-pass protocol, 376, 77       with symmetric cryptography, 42, 43Key length       biotechnology, 138, 39       brute-force attacks, 130, 35       Chinese Lottery, 137, 38       DES, 236, 37       future security, 139       security of symmetric cryptosystem and, 129       software crackers, 235, 36       time and cost estimates for brute-force attack, 130, 35, 195       viruses, 137Key management       distributed, 153       generating keys, 140, 41, 144, 45       good keys, 144, 45       IBM secret-key management protocol, 413, 14       poor key choices, 142, 44       reduced keyspaces, 141, 42       software encryption and, 182, 83Key notarization, 414Key transformation, DES, 226Key-encryption key, 146, 151Keyboard latency for real random sequence generators, 370Keys       and security, 2, 4       ANSI X9.17 standard, 145       backup, 149       complement keys, 234       compromised, 150       Data Exchange Key (DEK), 433       DES with independent subkeys, 241       destroying, 152       determining length by counting coincidences, 13       error detection, 148       generating good, 144, 45       generating random, 144.  See also random numbers