index

应用密码学密码算法源代码

       validation and certification of DES equipment, 222
       weak keys, 232, 34
       with independent subkeys, 241
Data Encryption Algorithm (DEA). See Data Encryption Standard
Data Encryption Standard  (DES), 221
       brute-force attack, 130, 35, 195
       introduction, 12
       substitution boxes, 228
Data Exchange Key (DEK), 433
Data
       computing with encrypted, 395
       for storage, encrypting, 180, 81
Data integrity check (DIC), 28
Databases
       cryptographic protection, 61
       public-key, 43
       secret keys, 30, 33
Davies, D. W., 414
Davies-Meyer hash function, 338, 39, 340, 41
Deciphering, 8
Declaration of Independence and NewDES, 248
Decoding, 8
Decryption
       decrypting with public-key, 35
       DES, 230
       introduction, 1, 2
       knapsack algorithm, 279, 80
       public-key, 29
Decryption algorithm, 2, 3
Decryption keys, 4
Defense Messaging System (DMS), 269, 313
DeLaurentis, John, 315
Den Boer, Bert, 326, 329, 333
Den Boer and Bosselaer's attacks, 329, 333, 336, 337
Denning, Dorothy, 11
DES standard.  See Data Encryption Standard (DES)
Desmedt, Yvo, 69, 91, 386
Destroying keys, 152
Dictionary attacks, 142, 44
       and salt, 47, 48
Differential cryptanalysis, 237, 238, 40
Diffie, Whitfield, 29, 33, 131, 177, 212, 235, 273
Diffie-Hellman algorithm, 275, 77
       encrypted key exchange (EKE), 379, 80
       extended, 275, 76
       fair cryptosystems, 386, 398, 99
       patents, 276
       with three or more parties, 276
Diffusion, 193
DigiCash, 124
Digital cash
       and perfect crime, 123, 24
       anonymous money orders, 117, 19
       ideal system, 123
       introduction, 117
       protocols in working products, 124
Digital certified mail, 103, 4
Digital Equipment Corporation (DEC)
       DES chip, 231
       SPX protocols, 55, 56
Digital Signature Algorithm (DSA), 304, 14
       criticisms of, 305, 7
       dangers of common modulus, 313
       description of, 307, 8
       digital signatures, 33
       ElGamal encryption with, 310, 11
       introduction, 12
       patents, 313, 14
       precomputations, 309
       prime generation, 309, 10
       reaction to announcement, 305, 7
       RSA encryption with, 311
       security, 311, 13
       speed, 306
       subliminal channels, 313, 390, 92
Digital signatures
       algorithms and terminology, 35, 36
       applications of, 37
       choosing algorithms, 320
       Digital Signature Algorithm (DSA), 304, 14
       ElGamal, 300, 2
       with encryption, 37, 39
       ESIGN, 314, 15
       fail-stop, 69, 70
       Feige-Fiat-Shamir algorithm, 291, 96
       group signatures, 70, 71
       Guillou-Quisquater signature scheme, 297, 99
       identification schemes, 291, 96
       introduction, 31
       key exchange with, 45, 46
       legal issues, 454
       multiple signatures, 36, 296, 298, 99
       Okamoto 92, 316, 17
       Ong-Schnorr-Shamir, 299, 300
       RSA standards, 288
       Schnorr, 302, 4
       signing documents and timestamps, 34
       signing documents with symmetric cryptosystems and arbitrator, 31, 33
       signing documents with public-key cryptography and one-way hash 
functions, 34, 35, 39
       subliminal-free signatures, 68
       undeniable, 7, 68, 69, 392, 95
Digital Signature Standard (DSS), 288, 304
Dining Cryptographers problem, 124
Discrete logarithm problem, 153, 317, 395. See also Logarithms,discrete
Disk file erasure, 183
Distributed convertible undeniable signatures, 395
Distributed key management, 153
Distributed protocols, 64, 65
DoD standard for disk overwrites, 183
Double encryption, 165, 66
DSA.  See Digital Signature Algorithm (DSA)
Durstenfeld, R., 374
Dutchy of Mantua, 10

E-boxes, 227
Eavesdroppers, 4, 22, 24
Ehrsham, W. F., 413
8-bit CFB, 160
Elections, secure
       characteristics of, 105, 109
       cheating, 113, 14
       other voting schemes, 113, 14
       simplistic voting protocols, 105, 6
       voting with blind signatures, 106, 7
       voting with single central facility 109, 10
       voting with two central facilities, 107, 8
       voting without Central Tabulating Facility (CTF), 110, 13
Electronic Codebook mode (ECB), 154, 55, 231
Electronic Frontier foundation (EEF), 438, 446
ElGamal algorithm, 300, 2, 310, 11
       encrypted key exchange (EKE), 379
       subliminal channel, 388, 89
ElGamal, Taher, 276, 290
Elliptic curve cryptosystems, 317, 318
Elliptic Curve Method (ECM), 211
Enciphering, 8
Encoding, 8
Encrypt, decrypt-encrypt (EDE) mode, 166, 67
Encrypted key exchange (EKE)
       applications, 380, 81
       basic protocol, 378, 79
       Diffie-Hellman, 379, 80
       ElGamal, 379
       RSA implementation, 379
       strengthening, 380
Encryption
       algorithms, 2, 3
       communications networks, 178, 80
       computing with encrypted data, 71, 395
              data for storage, 180, 81
       DES speed, 231
       digital signatures and, 37, 38
       ElGamal algorithm, 301, 2
       ElGamal with DSA, 310, 11
       encrypting with private key, 35
       hardware vs. software, 181, 83
       introduction, 1, 2
       knapsack algorithm, 279
       multiple, 165, 69
       one-time pads, 13, 16
       probabilistic, 406, 8
       public-key, 29
       RSA with DSA, 311
       software and hardware implementations, 148
Encryption keys, 4, 151
End-to-end encryption, 179, 80
Enemy, 4
Enigma rotor device, 11, 364, 365
Entropy and uncertainty, 189, 90
Envelopes, 96
Equipment, DES, 222
Erritt, Michael, 50
Error detection, 148
Error propagation
       block ciphers vs. stream ciphers, 177
       cipher block chaining (CBC) mode, 159, 60
       cipher feedback (CFB) mode, 160, 61
       output feedback (OFB) mode, 162
Error propagation in cypher block chaining (CBC) mode, 159, 60
Errors, self-recovering, 160
Errors, synchronization.  See Error propagation
ESIGN algorithm, 314, 15, 389, 90
       patents, 315
       security, 315
ESPCI, 269
Euclid's algorithm, 200, 1, 202, 3
Euler generalization of Fermat's little theorem, 203
Euler phi function, 203
Euler totient function, 203, 4
EUROCRYPT conference, 91
Example implementations
       Capstone, 437, 38
       Clipper, 437, 38
       IBM secret key management protocol, 413, 14
       ISDN (Integrated Services Digital Network Terminal, 415, 17
       ISO authentication framework, 425, 28
       KERBEROS, 417, 25
       KryptoKnight, 425
       Message Security Protocol (MSP), 436
       MITRENET, 414, 15
       Pretty Good Privacy (PGP), 153, 436, 37
       Privacy-enhanced mail (PEM), 428, 36
Exchanging keys and messages.  See Key exchange
Expansion permutation, 227
Exponential algorithms, 194
Exponentiation modulo p, coin flipping using, 396, 97
Export algorithms, 184, 85, 448, 54
EXPTIME-complete problems, 197

Face-to-face contract signing, 99, 100
Factoring, 211, 13
       algorithms, 211, 13
       modular factoring machines, 212
       security of RSA algorithm and, 282, 85
       square roots modulo N, 213, 289
Fail-stop digital signatures, 69, 70
Fair coin flips, 74, 78
Fair cryptosystems, 82, 83, 386, 398, 99
Fast Elliptic Encryption (FEE), 318
FEAL-N, 249, 52
Fedeal Standards, 221, 222, 338
Feedback
       in cipher block chaining (CBC) mode, 157, 159
       in cipher feedback (CFB) mode, 160, 61
       in output feedback (OFB) mode, 162
Feedforward in cipher block chaining (CBC) mode, 159
Feige, Uriel, 91
Feige-Fiat-Shamir, 291, 96, 392
       enhancements, 294
       Fiat-Shamir signature scheme, 294, 95
       identifications scheme, 292, 94
       improved Fiat-Shamir signature scheme, 295, 96
       N-party identification, 296
       Ohta-Okamoto identification scheme, 296
       patents, 296
       simplified identification scheme, 291, 92
       single accreditation, 292
Feldman, 238
Feldmeier, David, 48
Fermat's little theorem, 203
Fiat, Amos, 91
Fiat, Shamir signature scheme, 294, 95, 392
File erasure, 183
Financial Institution Retail Security Working Group, 221
Fingerprint, 28
Finite field, 209
       discrete logarithms in, 216, 18
FIPS PUBs, 221, 231
Fixed-bit index (FBI), 399
Follett, Robert, 306
Foundations of Computer Science (FOCS) conference, 91
Frankel, Yair, 386
French banking community and RSA, 288
French Direction Generale de la Securite Exterieure (DGSE), 237
Fujioka, A., 318
Functions, one-way, 27, 29

Gait, 162
Galois, Evariste, 210
Galois field, computing in, 209, 10, 276
Garey, Michael, 197
Gaussian integer scheme, 217
Geffe generator, 358, 59
General Services Administration (GSA), 221
Generalized DES (GDES), 243
Generating good keys, 144, 45
Generators, 208, 9, 309, 10
GF(2^n), computing in, 210, 11, 276
Goldreich, Oded, 100
Goldwasser, Shafi, 80, 406
Gollman, D., 363
Gollmann cascade, 360
Goodman-McAuley cryptosystem, 280
Goppa codes, 316
Graham-Shamir knapsack, 280
Graph theory
       graph isomorphism, 88, 89
       Hamiltonian cycles, 87, 88
Greatest common divisor, 200, 1
Greene, J. W., 385
Group signatures, 70, 71
       with trusted arbitrator, 70, 71
Groups
       DES, 234, 36
       double encryption, 166
       IDEA, 266
Guam, P., 317
Gude, M., 370
Guillou, Louis, 85
Guillou-Quisquater algorithm, 297, 99
       identification scheme, 297, 98
       signature scheme, 298
Gutmann, Peter, 271
Gutowitz, Howard, 268

Haber, Stuart, 62, 306, 309
Hamiltonian cycles, 87, 88
Hard problems, 196, 319
Hardware
       DES implementation, 231
       RSA in, 285
Hardware encryption, 148, 181, 82, 263, 64
Harn, Lein, 393
Hastad, J., 287
HAVAL one-way hash function, 336, 37
Hellman, Martin, 29, 33, 131, 166, 167, 217, 236, 273, 277, 385
Herlestam, T., 280
Hill cipher, 10
Hill, I. D., 349
Historic terms, 8
Homophonic substitution cypher, 8, 10
Hybrid cryptographic systems, 177
Hybrid cryptosystems, 31

I/p generator, 363, 64
IBM, 220, 232, 236, 273, 306
IBM secret key management protocol, 413, 14
IDEA, 260, 66, 436
Ideal secrecy, 192
Identification schemes
       Feige-Fiat-Shamir, 291, 96
       Guillou-Quisquater, 297, 98
Imai, H., 270
Increment, 347
Information theory, 189, 93
       approach to stream ciphers, 366, 67
       confusion and diffusion, 193
       entropy and uncertainty, 189, 90
       in practice, 193
       rate of language, 190, 91
       security of cryptosystems, 191
       unicity distance, 192
Information, amount in messages, 189
Ingemarsson, I., 367
Initial chaining value, 159
Initialization Vector
       cipher block chaining (CBC) mode, 158
       cipher feedback mode, 161
       salt, 48
Initializing variable, 158
Insertion attack, stream ciphers, 174
Interactive proofs, 91
Interactive protocols, 86
Interceptors, 4
Interchange Key (IK), 433
Interlock protocol, 44, 45, 49, 51
Interlopers, 4
Internal feedback, 162
International Association of Cryptographic Research (IACR), 445
International Data Encryption Algorithm (IDEA).  See IDEA
International Organization of Standards, 288
Internet, 428, 430.  See also Privacy-enhanced mail (PEM)
Internet Policy Registration Authority (IPRA), 430
Intractable problems, 195, 96
Introducers, 153
Intruders, 4
Inverses in modular arithmetic, 201, 3
IPES (Improved Proposed Encryption Standard), 260
Irreducible polynomials, 210
ISDN (Integrated Services Digital Network Terminal, 415, 17
ISO authentication framework, 425, 28
       certificates, 426
       protocols, 426, 28
Itoh, A., 318

Jacobi symbol, 207, 8, 290
Johnson, David, 197

Kahn, David, 6, 11
Kaliski, Burt, 259
Karn method, 270
Karn, Philip, 48, 270
Kerberos protocol, 55
       credentials, 419, 20
       future, 424, 25
       getting initial ticket, 421
       getting server tickets, 421, 22
       Kerberos model, 417, 18
       licenses, 425
       methodology, 419
       requesting services, 422, 23
       security, 424
       software modules, 418, 19
       version 4, 423, 24
Key Certification Authority, 30
Key distribution
       anonymous, 80, 81
       in large networks, 147
       in MITRENET network, 414, 15
Key Distribution Center (KDC), 30
       session keys from, 42
Key escrow system, 437, 38
Key exchange
       authentication protocols, 51, 56
       COMSET (COMmunications SETup), 377, 78
       with digital signature, 45, 46
       encrypted.  See Encrypted key exchange (EKE)
       interlock protocol, 44, 45, 49, 51
       key and message broadcast, 46, 47, 57
       key and message transmission, 46
       man-in-the-middle attack, 43, 44, 49, 50
       with public-key cryptography, 43
       Shamir's three-pass protocol, 376, 77
       with symmetric cryptography, 42, 43
Key length
       biotechnology, 138, 39
       brute-force attacks, 130, 35
       Chinese Lottery, 137, 38
       DES, 236, 37
       future security, 139
       security of symmetric cryptosystem and, 129
       software crackers, 235, 36
       time and cost estimates for brute-force attack, 130, 35, 195
       viruses, 137
Key management
       distributed, 153
       generating keys, 140, 41, 144, 45
       good keys, 144, 45
       IBM secret-key management protocol, 413, 14
       poor key choices, 142, 44
       reduced keyspaces, 141, 42
       software encryption and, 182, 83
Key notarization, 414
Key transformation, DES, 226
Key-encryption key, 146, 151
Keyboard latency for real random sequence generators, 370
Keys
       and security, 2, 4
       ANSI X9.17 standard, 145
       backup, 149
       complement keys, 234
       compromised, 150
       Data Exchange Key (DEK), 433
       DES with independent subkeys, 241
       destroying, 152
       determining length by counting coincidences, 13
       error detection, 148
       generating good, 144, 45
       generating random, 144.  See also random numbers