References

fip01

Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, 2001. URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

gcm07

NIST special publication 800-38d: recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. November 2007. URL: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf.

ABP+

Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering, and Jacob Schuldt. On the security of RC4 in TLS and WPA. URL: http://www.isg.rhul.ac.uk/tls/.

AV96

Ross Anderson and Serge Vaudenay. Minding your p’s and q’s. In In Advances in Cryptology - ASIACRYPT’96, LNCS 1163, 26–35. Springer-Verlag, 1996. URL: http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf.

BK12

Elaine Barker and John Kelsey. Nist special publication 800-90a recommendation for random number generation using deterministic random bit generators. 2012. URL: http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf.

Bel06

Mihir Bellare. New proofs for NMAC and HMAC: security without collision-resistance. 2006. URL: http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html.

BCK96

Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Keying hash functions for message authentication. In 1–15. Springer-Verlag, 1996. URL: http://www.ssrc.ucsc.edu/PaperArchive/bellare-lncs96.pdf.

BN07

Mihir Bellare and Chanathip Namprempre. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. 2007. URL: http://cseweb.ucsd.edu/~mihir/papers/oem.pdf.

BR95

Mihir Bellare and Phillip Rogaway. Optimal Asymmetric Encryption – How to encrypt with RSA. Advances in Cryptology - EUROCRYPT ‘94 - Lecture Notes in Computer Science, 1995. URL: http://www-cse.ucsd.edu/users/mihir/papers/oae.pdf.

Ber

D. J. Bernstein. Snuffle 2005: the Salsa20 encryption function. URL: http://cr.yp.to/snuffle.html#speed.

BDK+09

Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir. Key recovery attacks of practical complexity on AES variants with up to 10 rounds. Cryptology ePrint Archive, Report 2009/374, 2009. URL: http://eprint.iacr.org/2009/374.

BK09

Alex Biryukov and Dmitry Khovratovich. Related-key cryptanalysis of the full AES-192 and AES-256. Cryptology ePrint Archive, Report 2009/317, 2009. URL: http://eprint.iacr.org/2009/317.

BHK+

John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. RFC 4418: UMAC: Message Authentication Code using Universal Hashing. URL: https://www.ietf.org/rfc/rfc4418.txt.

BHK+99

John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. UMAC: Fast and Secure Message Authentication. 1999. URL: http://www.cs.ucdavis.edu/~rogaway/papers/umac-full.pdf.

Bon99

Dan Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46:203–213, 1999. URL: http://crypto.stanford.edu/dabo/papers/RSA-survey.pdf.

BGB04

Nikita Borisov, Ian Goldberg, and Eric Brewer. Off-the-record communication, or, why not to use PGP. WPES ‘04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, 2004. URL: https://otr.cypherpunks.ca/otr-wpes.pdf.

BGjosteen07

Daniel R. L. Brown and Kristian Gjøsteen. A security analysis of the nist sp 800-90 elliptic curve random number generator. Cryptology ePrint Archive, Report 2007/048, 2007. URL: http://eprint.iacr.org/2007/048.pdf.

DR02

Joan Daemen and Vincent Rijmen. The design of Rijndael: AES — the Advanced Encryption Standard. Spring­er-Ver­lag, 2002. ISBN 3-540-42580-2.

Dai

Wei Dai. Crypto++ 5.6.0 benchmarks. URL: http://www.cryptopp.com/benchmarks.html.

dBB93

Bert den Boer and Antoon Bosselaers. Collisions for the compression function of MD5. In Tor Helleseth, editor, Advances in Cryptology - EUROCRYPT 1993, volume 765 of Lecture Notes in Computer Science, 293–304. Lofthus,N, 1993. URL: https://www.cosic.esat.kuleuven.be/publications/article-143.pdf.

DR

T. Dierks and E. Rescorla. RFC 5246: the transport layer security (TLS) protocol, version 1.2. URL: https://tools.ietf.org/html/rfc5246.

ECR

ECRYPT. Measurements of SHA-3 finalists, indexed by machine. URL: https://bench.cr.yp.to/results-sha3.html.

FS99

Niels Ferguson and Bruce Schneier. A cryptographic evaluation of ipsec. 1999. URL: https://www.schneier.com/paper-ipsec.pdf.

FMS01

Scott Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling algorithm of RC4. In 1–24. 2001. URL: http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps.

Gmb08

SciEngines GmbH. Break DES in less than a single day. 2008. URL: http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html.

HJB

J. Hodges, C. Jackson, and A. Barth. RFC 6797: http strict transport security (HSTS). URL: https://tools.ietf.org/html/rfc6797.

Hol

S. Hollenbeck. RFC 3749: transport layer security protocol compression methods. URL: https://tools.ietf.org/html/rfc3749.

Hou

R. Housley. RFC 5652: cryptographic message syntax (CMS). URL: https://tools.ietf.org/html/rfc5652#section-6.3.

Hua

Sinan Huang. Hardware evaluation of SHA-3 candidates. URL: https://theses.lib.vt.edu/theses/available/etd-05172011-141328/unrestricted/Huang_S_T_2011.pdf.

JY02

Marc Joye and Sung-Ming Yen. The montgomery powering ladder. 2002. URL: http://cr.yp.to/bib/2003/joye-ladder.pdf.

Kle08

Andreas Klein. Attacks on the RC4 stream cipher. Des. Codes Cryptography, 48(3):269–286, September 2008. URL: http://cage.ugent.be/~klein/papers/RC4-en.pdf, doi:10.1007/s10623-008-9206-6.

Kra01

Hugo Krawczyk. The order of encryption and authentication for protecting communications (or: how secure is SSL?). 2001. URL: http://www.iacr.org/archive/crypto2001/21390309.pdf.

Kra10

Hugo Krawczyk. Cryptographic extraction and key derivation: the HKDF scheme. Cryptology ePrint Archive, Report 2010/264, 2010. URL: http://eprint.iacr.org/2010/264.

KE

Hugo Krawczyk and Pasi Eronen. RFC 5869: HMAC-based extract-and-expand key derivation function (HKDF). URL: https://tools.ietf.org/html/rfc5869.

Lab

RSA Laboratories. What key size should be used? URL: http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/key-size.htm.

LWdW05

Arjen Lenstra, Xiaoyun Wang, and Benne de Weger. Colliding x.509 certificates. Cryptology ePrint Archive, Report 2005/067, 2005. URL: http://eprint.iacr.org/2005/067.

Mar11

Moxie Marlinspike. The cryptographic doom principle. 2011. URL: http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/.

MWES06

Joshua Mason, Kathryn Watkins, Jason Eisner, and Adam Stubblefield. A natural language approach to automated cryptanalysis of two-time pads. In Proceedings of the 13th ACM conference on Computer and Communications Security, CCS ‘06, 235–244. New York, NY, USA, 2006. ACM. URL: http://www.cs.jhu.edu/~jason/papers/mason+al.ccs06.pdf, doi:10.1145/1180405.1180435.

MHMP13

Elke De Mulder, Michael Hutter, Mark E. Marson, and Peter Pearson. Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA. Cryptology ePrint Archive, Report 2013/346, 2013. URL: http://eprint.iacr.org/2013/346.pdf.

NS00

Phong Q. Nguyen and Igor E. Shparlinski. The insecurity of the Digital Signature Algorithm with partially known nonces. Journal of Cryptology, 15:151–176, 2000. URL: ftp://ftp.ens.fr/pub/dmi/users/pnguyen/PubDSA.ps.gz.

Rog

Philip Rogaway. OCB - An Authenticated-Encryption Scheme - Licensing. URL: http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm.

SS08

Somitra Kumar Sanadhya and Palash Sarkar. New collision attacks against up to 24-step SHA-2. 2008. URL: http://eprint.iacr.org/2008/270.

SS06

Berry Schoenmakers and Andrey Sidorenko. Cryptanalysis of the dual elliptic curve pseudorandom generator. 2006. URL: http://www.cosic.esat.kuleuven.be/wissec2006/papers/21.pdf.

SBK+

Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. The first collision for full SHA-1. URL: https://shattered.it/static/shattered.pdf.

SKP15

Marc Stevens, Pierre Karpman, and Thomas Peyrin. Freestart collision for full SHA-1. Cryptology ePrint Archive, Report 2015/967, 2015. URL: http://eprint.iacr.org/2015/967.

TP

S. Turner and T. Polk. RFC 6176: prohibiting secure sockets layer (SSL) version 2.0. URL: https://tools.ietf.org/html/rfc6176.

Vau

Serge Vaudenay. Security flaws induced by CBC padding applications to SSL, IPSec, WTLS… URL: http://www.iacr.org/cryptodb/archive/2002/EUROCRYPT/2850/2850.pdf.

WFLY04

Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199, 2004. URL: http://eprint.iacr.org/2004/199.

WYW+09

Xiaoyun Wang, Hongbo Yu, Wei Wang, Haina Zhang, and Tao Zhan. Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, volume 5479 of Lecture Notes in Computer Science, 121–133. 2009. URL: http://www.iacr.org/archive/eurocrypt2009/54790122/54790122.pdf, doi:10.1007/978-3-642-01001-9_7.

InstitutefStandardsTechnology

National Institute for Standards and Technology. Sp800-57: recommendation for key management – part 1: general (revised). URL: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf.