. 1
( 5 .)



>>

Index
A af¬ne invariant, 53 authentication code, 21
af¬ne scheme, 21 authentication header, 310
A5/1, 1 AG-code, 22 authentication provider, 283
AAA, 555 aggressive mode, 312 authentication scheme, 34
AAC, 198, 200 AGM method, 190 authentication server, 329
AAR, 200 AH, 310 authentication token, 23
AB, 127 Alberti encryption, 8 authenticator, 282, 329
ABA digital signature guidelines, 2 Alberti table, 8 authenticity, 11, 12, 118, 285
Abelian, 244 alert message, 548 Authenticode, 658, 660, 661
Abreast Davies-Meyer, 263 algebraic attack, 224 authorization, 2, 26, 27
absence of communication attack, 384 algebraic degree, 53, 83, 223 authorization algebra, 594
absolute indicator, 55 algebraic-geometry codes, 22 authorization architecture, 23“26
abundance of communication attack, algebraic normal form, 53, 83 authorization management, 26, 27
384 algebraic number ¬eld, 430 authorization policy, 25, 26, 27
abuse-free protocol, 215 all-or-nothing encryption, 209 authorizer, 463
Abwehr, 117 allowed, 544 auto-correlation, 27
access control, 2“6 almost bent function, 127, 416 autokey, 323
access control list, 3, 4, 595 almost perfect nonlinear function, 127, automated teller machine, 394, 482
access control model, 3, 462, 463 375 automatic clearing house, 176
access control policy, 2, 25, 462 almost perfect zero-knowledge, 671 automatic template analysis, 171
access management, 283 alphabet, 9“10 availability, 27“28
access matrix model, 3 alternating step generator, 78 avalanche, 598, 602
access structure, 7, 544, 545, 611 American Bar Association, 2
accumulator, 617, 618 B
ampli¬ed boomerang attack, 56, 150
ACE-KEM, 410, 411 ANF, 53
ACH, 176 baby“step giant“step method, 165
anomalous binary curves, 187
ACL, 3, 4, 595 backward security, 248
anomaly, 299
A-code, 22 backwards mixing, 369
anonym, 476, 477
acquirer, 7, 181 balance property, 373
anonymity, 10“11, 489, 490
acrostics, 118 balanced, 55, 82, 105
anonymity set, 10
active adversary, 399 base, 240
anonymous network, 384
active cryptanalysis, 113, 568 base key, 324
anonymous remailer, 384
active eavesdropper, 169 basic constraints extension, 635
ANSI, 64, 487, 530, 556, 626
active penetration test, 456 basic Merkle-Hellman scheme, 334, 335
APN function, 375
ActiveX, 660 basis, 345
APPEL, 479
adaptive adversary, 399, 612 Bass-O-Matic, 467
appendix, 158
adaptive chosen ciphertext attack, BCH code, 125, 126
application cryptogram, 200
7 BDH, 275
ARQC, 198, 200
adaptive chosen plaintext and Beaufort encryption, 29
AS, 329
ciphertext attack, 7 Beaufort table, 29
ASN1, 669
adaptive chosen plaintext attack, 8 bent function, 375, 416
associated data, 579
addition chain, 235 Berlekamp“Massey algorithm,
associativity, 243, 524
addition problem, 92 29“30
asymmetric cryptosystem, 11, 325,
addition sequence, 236 Berlekamp Q matrix, 30
489
addition“subtraction chain, 236 B´ zout, 536
e
asymmetric proxy encryption, 489
additive inverse, 524 BGMW method, 233
asymmetric proxy signature scheme,
additive knapsack, 333 bigram, 601
490
additonal decryption key, 468 bigram substitution, 601
asymmetric watermarking, 656
address spoo¬ng, 144, 232 bilinear Dif¬e-Hellman problem, 275
asymptotic security, 93
A-distance, 22 bill of lading, 52
asynchronous self-synchronizing
Adleman-Pomerance-Rumely primality binary alphabet, 9
stream cipher, 559
proving algorithm, 474 binary Euclidean algorithm, 31“32
ATM, 394, 482
admissible change of variables, 184 binary exponentiation, 32
attribute, 11, 25
Advanced Encryption Standard (AES), binary ¬eld, 227
attribute certi¬cate, 11
520“24 binary gcd algorithm, 31
attribute management, 11
advantage, 161 binder, 580
auctioneer role, 462
adversary, 399 binomial distribution, 33“34
auditing, 283
adversary structure, 7 biometric identi¬cation, 111
authenticated encryption (OCB,
advisary simulator, 419 biometrics, 34“36
IAPM, XCBC), 11“19
AE, 11, 12, 13, 18, 19 bipartite substitution, 601
authenticated encryption with
AEAD, 12, 19 birthday attack, 259
associated data, 12, 14
AES, 408, 409, 410, 411, 412, 520“24 birthday paradox, 36“37, 292
authenticated key exchange, 596
af¬ne equivalent, 53 bit, 9
authentication, 21“22, 23, 24, 310
af¬ne functions, 53 bit tracing, 572, 573
authentication authority, 273, 630, 631




673
674 Index


bitslice, 564 CCIT2, 66 closest vector problem, 79
B/L, 52 CCM, 16, 17 closure, 243, 524
black-box attack, 258 CCR, 139 closure alert, 548
black-box tracing, 623 CDA, 198 closure attack, 132
black list, 669 CDH, 140, 275, 276 CMA, 546, 547
blind signature, 37“38 CDMA, 560 CMAC, 63, 64
blind watermarking, 655 centralized system, 177 CMP, 52
blinding factor, 40 CEPS-standard, 66“67, 77, 181, 362, CMS, 592
blinding techniques, 39“40 482 CMVP, 228
block, 601 certi¬cate, 67 coalition, 225, 621
block cipher, 41“46, 601 certi¬cate authority, 70 Cock™s identity based cryptosystem, 274
block code, 124 certi¬cate extension, 634 code, 21, 124, 545
Block Korkine-Zolotarev reduction, 347, certi¬cate management, 68 codebook attack, 80
569 certi¬cate of primality, 68 code-division-multiple-access, 560
Blow¬sh, 48, 638 certi¬cate policy, 628, 629, 635 codeword, 124
BLS short digital signatures, 49 certi¬cate policy statements, 2 Cohen-Lenstra-Bosma algorithm, 474,
Bluetooth, 169 Certi¬cate Practice Statement, 107 475
Blum“Blum“Shub pseudorandom certi¬cate revocation, 68“70 collision, 364
bit generator, 50, 486 certi¬cate revocation list, 68, 618 collision attack, 80, 364, 405
Blum“Goldwasser public key certi¬cation, 616 collision freeness, 257
encryption system, 51 certi¬cation authority, 70, 421, 631, collision intractible, 257
Blum integer, 50 637, 669 collision resistance, 81
Blum prime, 501 certi¬ed mail, 71 Collision-Resistant Hash Function
Bolero.net, 52 CFB, 389 (CRHF), 257
bombs, 343 CFRAC, 291, 294 collusion attack, 225
Boneh-Durfee attack, 666 CGI, 664 combination generator, 82
Boneh-Franklin identity based chaf¬ng and winnowing, 72 combined data authentication, 198
cryptosystems, 273, 275, 276 chaining attack, 259 combined modes, 389
boolean functions, 52“55 chaining variable, 63, 258, 364 combiner, 607
boomerang attack, 55“56, 150 chair, 245 commit phase, 83
boundary, 229 challenge covertext, 160 commitment, 83“85, 418
BPP, 95 challenge“response protocol, 73, Common Criteria, 86“88, 229, 552
braid group, 244 286, 542 Common Electronic Purse
branch number, 523 channel, 160 Speci¬cations, 66“67, 181
Brickell low density attack, 338 characteristic, 152, 227 common reference string, 414
Brickell Merkle-Hellman attack, 335, characteristic polynomial, 356, 373, 561 communication channel
336, 337 Chaum blind signature scheme, 74 anonymity, 88
bridge certi¬cation authority, 632 Chaum-van Antwerpen undeniable communication complexity, 245
broadcast encryption, 56“59 signature scheme, 641 commutative group, 244
brute force attack, 114 Chinese Remainder Theorem, 75 commutativity, 524
Burmester-Desmedt protocol, 246 chord-and-tangent rule, 184 COMP128, 367
butter¬‚y algorithm, 54 Chor-Rivest cryptosystem, 337, 338 complementary circulating register, 139
buyer role, 462 chosen ciphertext attack, 42, 76, 114 complementary slide, 587
byte, 9 chosen message attack, 160 complementation property, 130
chosen one-out-of-two, 445 complete mediation property, 2, 4
C chosen plaintext and ciphertext completeness, 297, 298
attack, 77 complexity class, 92
CA, 70 chosen plaintext attack, 42, 76, 114, complexity spectrum, 415
Caesar cipher, 61 160 composite, 470, 484
Camellia, 61, 410, 411 chosen related key, 518 composite residuosity assumption, 453
Canadian Trusted Computer Product Cipher Block Chaining, 386 compression function, 102, 136, 258,
Evaluation Criteria, 552 Cipher FeedBack, 389 260, 364, 524, 525
canonical S-expressions, 594, 595 cipher suite, 548 compromise, 113
capabilities, 4, 109 cipher system, 119 compromising emanations, 89
capability list, 4 ciphertext, 119, 568 Compton effect, 503
Capstone, 327, 586 ciphertext ciphertext compromise, 113 computable function, 399
captured agent trust, 181 ciphertext only attack, 42, 77, 114 computational complexity, 92“97
card issuer, 564 ciphertext stealing, 387 computational Dif¬e Hellman, 140, 275
cardholder CA, 564 claimant, 272 computational security, 551
Carmichael number, 221, 291, 436, 473 classical cryptosystem, 324, 603 computational soundness, 297
cascade cipher, 401, 480 claw-free, 77 computational zero-knowledge, 671
cascading revocation, 4 claw-resistant, 77 computationally secure steganography,
CAST, 62“63, 518 clearance level, 6 161
CBC, 386 client hello, 549 computationally sound proof system,
CBC-MAC and variants, 63“65, 365 Clipper, 327, 586, 606 297
CC, 229 CLIP-scheme, 77 computer virus, 627
CCA2, 108, 109 clock-controlled generator, 77 concealment, 580
Index 675


concrete security, 93 cryptographic module validation delegated path discovery, 69
concurrent zero-knowledge, 672 program, 228 delegated path validation, 69
conditional correlation attack, 224 cryptographic protocol, 482 delegation, 4, 595
conditional entropy, 289 cryptography, 118 Della Porta™s maxim, 371
conference key, 244 cryptology, 118“19 DEM, 411
conference keying, 244 cryptosystem, 119 DEMA, 171
con¬dentiality, 118, 174, 176, 310, CRYPTREC, 119“23 denary alphabet, 9
489 CSEXP, 595 deniable encryption, 142
con¬rmer signature, 145 CS-Lite, 108 denial-of-service, 137, 143, 232, 233,
con¬rming operation, 641 CSP, 229, 456 300, 505
confusion, 41, 602 CSS, 100 density, 334
congruence class, 391 CTCPEC, 552 depth, 114
conjugate, 125 CTR, 388 derivative, 55, 481
connection polynomial, 356 cue, 118 derived key, 144
consumable credentials, 110 customer acquirer, 564 Derived Test Requirements, 230
containing, 100 cut-and-choose protocol, 123 DES, 129“33
Content Protection for Recordable CVP, 79 designated combiner, 612
Media, 57 CWC, 18 designated con¬rmer signature, 145
content scrambling system, 100 cyclic, 240 Desmedt-Vandewalle-Govaerts
continued fraction method, 291, 294 cyclic codes, 124“27 knapsack, 335
contract signing, 97 cyclic codes with two zeros, 127 DES-X, 146
contrast, 652 cyclic group, 244 DFA, 219
control vector, 98 cyclic Reed“Muller code, 125 DHP, 154
conventional cryptosystem, 324, 603 cycling attacks against RSA, 293 dictionary, 147
conversation, 671 cyclotomic coset, 125 dictionary attack (1), 147
convertible undeniable signature, 642 cyclotomy method, 474 dictionary attack (2), 147, 171, 454
cookies, 665 cyptanalysis, 113“16 difference distribution table, 148
copy generation control, 99 Cyrillic alphabet, 9 difference set, 224
copy marking, 100 differential characteristic, 152
D
copy protection, 99“102 differential cryptanalysis, 44,
copy right protection, 655 147“51
data authentication, 21
Core Messaging Platform, 52 differential electromagnetic analysis,
data encapsulation mechanism, 411
core rounds, 369 171
Data Encryption Standard (DES),
Corporate Message Recovery, 468 differential fault analysis, 219
129“33
correcting-block attack, 102, 259 differential“linear attack, 152
data key, 326
correlation attack for stream differential membership test, 656, 657
data masking, 576
ciphers, 103“4 differential power analysis, 152,
data origin authentication, 361
correlation-immune and resilient 171, 302, 572, 573
data remanence, 135
Boolean functions, 104, 105“6 Dif¬e“Hellman key agreement, 154
Data Seal, 367
correlation immunity order, 83, 104, 105 Dif¬e“Hellman problem, 154
Davies attack, 132
Counter Mode, 388 diffusion, 41, 602
Davies“Meyer, 136, 260, 262, 263
counterfeiting, 174, 176 digital identity, 282
DC Network, 137“38
cover signal, 655 digital millenium copyright act, 101
DCR, 453
covert channel, 106 digital rights management system, 101,
DDA, 198
covertext, 159 520
DDH, 108, 140
CPRM, 57 digital signature, 158
de Bruijn graph, 139
CPS, Certi¬cate Practice digital signature algorithm, 158
de Bruijn sequence, 138“40
Statement, 107 digital signature guidelines, 421
de Viaris attack, 115
CR, 453 digital signature scheme, 158, 201,
deception, 519
Cramer“Shoup public key scheme, 527
decimation, 373, 374, 570
108 Digital Signature Standard, 158“59
deciphering, 202
credentials, 109“12, 281, 463 digital steganography, 159“63
decision function, 2
CRHF, 257, 643 digital versatile disk, 656
decisional composite residuosity
cribs, 343 digital video disk, 656
assumption, 453
Critical Security Parameters, 228, 229, digraphic substitution, 601
decisional Dif¬e-Hellmann
456 direct cross-certi¬cation, 632
problem, 140
CRL (CRLS), 68, 595, 618 direct inversion, 309

. 1
( 5 .)



>>