<<

. 3
( 5 .)



>>

Kahn™s maxim, 372 Lagrange™s theorem, 537, 598
insider secure, 580
Kappa test, 115 lambda representation, 194
integer factoring, 290“96
Karatsuba algorithm, 319“21, 401, language, 481
integral attack, 405
402 Latin alphabet, 9
integrity, 21, 109, 310, 361
Kasiski™s method, 115 Latin square, 115
integrity-aware cipher block chaining,
KASUMI, 322 lattice, 335, 336, 337, 345
15
KASUMI/MISTY1, 322 lattice-based cryptography, 347“48
integrity-aware parallelizable mode, 15
KCDSA, 195 lattice reduction, 335, 336, 338,
interactive argument, 297
KDC, 328, 637 346“47
interactive proof, 297
KEM, 411 lattice sieve, 432
interactive VSS, 646
Kerberos authentication protocol, lattice sieving, 432
interleaved modes, 389
323, 407 law of quadratic reciprosity, 317
interleaved sliding window
Kerckhoff ™s maxim, 42, 371 Layered Subset Difference, 58
exponentiation, 584
key, 160, 323“25, 568 lchop, 386
internal collision attack, 364
key agreement, 325 lcm, 349
International Telecommunication
key alphabet, 323 LDAP, 553
Union, 669
key authentication, 326 least common multiple, 349
internet engineering task force, 71, 313
key con¬rmation, 326 left-to-right exponentiation, 32, 33, 520,
internet key exchange, 310
key-dependent S-boxes, 133 583, 588, 639
internet protocol, 230, 310
key directive, 324 legal structures, 285
internet security association and key
key distribution center, 328, 637 Legendre symbol, 349
management protocol, 310
key encapsulation mechanism, 411 Lehmer™s Euclidean algorithm, 205
interpolation attack, 298
key encryption key, 326 length, 652
intrusion detection, 299“301, 663
´
key escrow, 327 Lenstra-Lenstra-Lovasz lattice
intrusion detection system, 299
key establishment protocol, 482 reduction, 346
invariance under decimation, 373
key exchange protocol, 326, 482 lexicographical knapsacks, 336
invasive attack, 301“7
key generation algorithm, 158, 160, LFSR, 355“58
inverse, 244
163, 362, 488 license, 99
inverse Fourier relation, 54
key graph, 137 licensee, 463
inversion attack, 307“8
key group, 324 linear approximations, 351
inversion in ¬nite ¬elds, 308“9
key management, 328“32 linear characteristic, 152, 352
invisibility, 145, 641
key mixing, 129 linear code, 124
involution, 130, 221
key negotiation, 324 linear complexity, 29, 139, 349
IP, 230, 310
key phrase, 323 linear complexity pro¬le, 349
IPA, 573
key ranking, 152, 353 linear congruential generator, 350
IPES, 271, 309
key recovery, 327 linear consistency attack, 350
IPsec, 310“13, 362, 554
Index 679


linear cryptanalysis, 44 Maurer™s method, 371, 474 modular addition, 392
linear cryptanalysis for block Maurer™s universal statistical test, 487 modular arithmetic, 391“93, 434, 435
ciphers, 351“53 Maxim Number One, 371 modular exponentiation, 221, 392, 396
linear cryptanalysis for stream maxims, 371 modular inverse, 392
ciphers, 354 maximum correlation, 55 modular multiplication, 392
linear feedback shift register, maximum distance separable code, 126 modular root, 394
355“58 maximum-length linear sequence, modulus, 391, 392, 394
linear hull, 352 372“75 MONDEX-scheme, 181, 362, 394
linear probability, 351 maximum order complexity, 415 monitoring, 458
linear sieve, 291, 295 May attack, 666 monographic substitution, 601
linear SSS, 545 McEliece public key cryptosystem, monomial, 517, 518
linear structure, 55 375“78 monotone, 7, 544
linear substitution, 601 McGrew-Sherman OFT protocol, 248 monotone signature, 238
linear syndrome attack, 358 MD2 hash function, 260 MonPro algorithm, 395
linking, 617 MD4-MD5, 378 Montgomery arithmetic, 394“97
list decoding, 152 MD5 hash function, 378 Montgomery exponentiation, 396
LKH, 58 MDC hash function, 256 Montgomery multiplication, 397
LLL latice reduction algorithm, 335, MDC-2 and MDC-4, 379 Montgomery product, 395
346, 347, 569 MDS code, 126 Montgomery reduction, 395
L-notation, 358 MDx-family, 260 Montgomery representation, 395
local deduction, 43 MDx-MAC, 366 Montgomery squaring, 396, 397
local DoS attack, 143 media access control, 230 Moore™s law, 398
local policy, 463 meet-in-the-middle attack, 258, 381 Morrison-Brillhart method, 293
Local Registration Authority, 330, 518 member pseudonym, 483 MPHPT, 119, 121
logical key hierarchy scheme, 58 membership test, 656 MPQS, 493
longevity, 283, 285 memory size, 224, 307 MQV key agreement scheme, 189
long-lived broadcast encryption, 57 merchant CA, 564 m-resilient, 55, 105
low density knapsack, 336 Merkle tree, 618 m-sequence, 372
LRA, 330, 518 Merkle-Damgard strengthening, 136, MtE, 13
LSD, 58 258, 260, 565 multicast encryption, 538
Luby-Rackoff cipher, 358 Merkle“Hellman dominance, 334 multi-exponentiation, 584
LUC, 599 Merkle“Hellman transformation, 334 multigram property, 373
Lucas-Lehmer primality test, 474 Merkle“Hellman trapdoor, 333 multipartite substitution, 601
Lucas probable prime test, 473 Merkle™s meta-method, 257 multiparty computation, 398“400
Lucifer, 129, 480, 656 Mersenne number, 381, 474 multiple anagramming, 116
Mersenne prime, 381 multiple bits DPA, 171
M message authentication code, 21, 200, multiple encryption, 381, 401, 598
361, 362, 363 multiple polynomial quadratic sieve,
MAA, 361, 366 message authenticaton algorithm, 361, 493
MAC, 6, 13, 200, 201, 230 366 multiplication problem, 92, 96, 401
MAC algorithms, 361“67 message-encrypting key, 324 multiplicative group, 227, 244, 524
MAC guessing attack, 364 message length attack, 384 multiplicative inverse, 392
MacDES, 65, 365 message recovery, 158 multiplicative knapsack, 333
MAC-then-Encrypt, 13 METI, 119, 121 multiplicative secret sharing, 607
MAC-veri¬cation attack, 362 Meyer-Schilling hash functions, 262 multi-precision multiplication,
main mode IPsec, 312 microprobing, 590 401“4
malicious adversary, 399 Miller-Rabin probabilistic multi-precision squaring, 404
malleable, 418 primality test, 291, 382, 436, multi-set attack, 405
malleable encryption scheme, 180 437 multi-signature, 250, 612
mandatory access control, 6 million message attack, 550 mutual identity veri¬cation protocol,
man-in-the-middle attack, 368 MIME, 591, 658 285
manipulation, 458 minimal polynomial, 125, 382
N
Manipulation Detection Code (MDC), minimum distance, 124
256 Minkowski lattice reduction, 346
mark copyrighted content, 99 NAF, 193, 194, 584
Minkowski™s ¬rst theorem, 346, 569
marking assumption, 225 name, 593
MIPS-year, 383
MARS, 368 name constraints extension, 635
miss-in-the-middle attack, 383
MASH functions (Modular naming authority, 273
MISTY1, 322, 410, 411
Arithmetic Secure Hash), 263, Naor“Yung double encryption
misuse, 299
370 paradigm, 109
mix networks, 383
master copy control, 99 narrow-sense envelope, 226
mixed alphabet, 10
master key, 370 National Bureau of Standards, 129
Miyaguchi-Preneel hash function, 261
matching ciphertext attack, 43, 387, NBS, 129
mobile code, 658, 659, 661
389 near prime, 239
modes, 12
matching module, 35 nearest vector problem, 79
modes of operation of a block
Matsui, 351, 352 Needham-Schroeder protocols, 407
cipher, 386“90
Mattson“Solomon polynomial, 127 need-to-know principle, 6
modi¬cation, 458
680 Index


NEMA, 116 off-line electronic payment, 176 partial-domain one-wayness, 444
NESSIE project, 408“12 off-line electronic postage, 177 partial preimage resistance, 257
New European Schemes for Signature, offset codebook, 12, 15, 16 partial signature, 612
Integrity and Encryption, 408“12 OFT protocol, 248 partition number, 531
NFS, 430“33 OMA, 200 partitioning cryptanalysis, 353
Niederreiter encryption scheme, OMAC, 64, 365 passive adversary, 399
413 omega-notation, 447 passive attacks, 161
NIST, 88, 228, 566, 586 one-more forgery, 37, 38, 74, 238 passive cryptanalysis, 113, 568
NIZK, 418 one-time blind signature, 38 passive eavesdropper, 169, 568
NL, 105 one-time key, 324 passive penetration test, 456
NLFSR, 415 one-time pad, 324 password, 285, 453“55
non-adjavent form, 193, 194, 584 one-time password, 446 pastry dough mixing, 601
non-blind watermarking, 655 one-to-one, 333 pattern ¬nding, 115
nonce, 73 one-way accumulator, 618 pay later, 176
non-coincidence exhaustion, 115 one-way function, 94, 446, 485, 625 pay now, 176
non-commutative, 244 one-way function tree protocol, 248 payment authorization, 174, 176
non-cyclic, 244 One-Way Hash Function (OWHF), 257 payment card, 455, 564
non-interactive proofs, 414, 419 one-way permutation, 446 PC, 481, 482
non-interactive zero-knowledge proofs, onion routing, 384 PCR, 139
672 on-line authentication method, 197, 200 PDP, 24, 25, 26, 27
non-invasive attack, 591 on-line CAM, 197, 200 PEM, Privacy Enhanced Mail, 455
non-linear feedback shift register, on-line certi¬cate status protocol, 70, penetration, 458
415 459 penetration testing, 456
non-linearity of Boolean functions, online credentials, 110 PEP, 24
416 online electronic payment, 176 perfect, 544, 567
nonlinearity order, 53 on-line electronic postage, 177 perfect cryptosystem, 290
non-malleability, 417, 560 online mutual authentication, 200 perfect forward secrecy / PFS, 457
non-multiplicativity, 528 O-notation, 447 perfect threshold scheme, 567, 609
nonperiodic key, 323 opaque, 489, 490 perfect zero knowledge, 671
non-repudiation, 71, 97, 214, 420“24 open code, 118 perfectly secure steganography, 161
non-secret key encryption, 424“26 Open PGP, 555 period of a polynomial, 357, 373, 561
non-singular Boolean function, 139 Optimal asymmetric Encryption period of a sequence, 27
non-singular LFSR, 356 Padding, 443, 534 periodic key, 323
non-transferable, 641 optimal authentication scheme, 21 permission, 461, 462
non-transferable credentials, 110 optimal extension ¬elds, 448“50 permitted subtrees, 636
non-transferable signature, 146 optimistic contract signing, 97 permutation, 129, 130, 358, 599
normal base, 313 oracle, 560 permutation matrix, 601
normal-legacy, 408 orange book, 552 person pseudonym, 483
normal pro¬le, 299 order, 357, 393, 450 personal agent trust, 181
NP, 94 OT, 445 personal identi¬cation number
NP-complete, 94 OTP, 324 (PIN), 458
n-residue, 395 outer modes, 389 personalization, 283
NTRU, 348, 427 out-of-phase autocorrelation, 27 PES, 271
null, 601 output feedback, 387 PFS, 457
null cipher, 118 output transformation, 63, 263, 364 PGP, 466
number ¬eld, 430 outsider secure, 580 phase noise source, 512
number ¬eld sieve, 166, 288, 296, overspender detection, 450 physical attacks, 458
430“33 overspending prevention, 450 physical security, 458, 662
number theory, 433“39 OWHF, 257 piling-up lemma, 351
Nyberg-Rueppel signature scheme, PIN, 458
P
440 PIN veri¬cation, 200
PKCS, 443, 459, 528, 530
O P3P, 479 PKG, 273
packet, 519 PKI, 459, 488
OAEP: Optimal Asymmetric padding, 200, 202, 384, 565 PKI Assessment Guidelines, 422
Encryption Padding, 108, 443, PAG, 422 PKIX - Public Key Infrastructure
534 Paillier assumption, 108 (X.509), 69, 459, 553
oblivious transfer, 399, 445 Paillier encryption and signature plaintext, 119, 568
observer, 181 schemes, 453 plaintext awareness, 560
OCB, 12, 15, 16 pairings over elliptic curves, 276 plaintext ciphertext compromise, 113
OCSP, 70, 459 PAP, 24, 26 plaintext plaintext compromise, 113
odd-characteristic extension, 211, 227 parallel composition, 672 platform for privacy preferences project,
OEF, 448“50 parallelized collision search, 165 479
OFB, 386, 387 parity check matrix, 124, 126 playback control, 99
off-line authentication, 197, 198 parity check polynomial, 126 Playfair cipher, 460
off-line CAM, 197, 198 parity check symbols, 127 plug-ins, 658
of¬‚ine credentials, 110 Parseval™s relation, 54 PMAC, 16, 366, 460
Index 681


PN-sequence, 483 private watermarking, 655 pure cryptosystem, 119
Pohlig-Hellman algorithm, 164 privilege, 25, 282, 479 purse, 394
point addition, 185 privilege management, 479
Q
point at in¬nity, 184 PRNG, 485, 486, 487
point doubling, 185 proactive group signature, 455
Q-matrix, 30
point multiplication, 191, 193 proactive password, 455
QS, 493“95
point of sale, 66 proactive threshold cryptography, 609
quadratic complexity, 139
policy, 25, 26, 461 proactive threshold signature, 612
quadratic Frobenius test, 437
Policy Administration Point, 26 probabilistic algorithm, 94
quadratic non-residue, 493
policy constraint, 634 probabilistic primality test, 480
quadratic reciprocity law, 317
policy control, 283 probabilistic public-key
quadratic residue, 493
Policy Decision Point, 24, 25, 26, 27 encryption, 480
Quadratic Residuosity Problem,
Policy Enforcement Point, 24 Probabilistic Signature-Encryption
493
policy mapping, 634 Padding, 582
quadratic sieve, 295, 438, 493“95
policy mapping inhibit indicator, 635 probabilistic signature scheme, 530, 534
quantum cryptography, 495“98
Pollard™s Kangaroo method, 166 probabilistic SSS, 545
quartet, 149
Pollard™s lambda method, 167 probable prime, 470, 472, 480, 485
quaternary alphabet, 9
Pollard™s p-1 method, 292 product cipher, superencryption,
quick mode IPsec, 312
Pollard™s rho method, 165, 292 202, 480
polyalphabetic encryption, 323 proof of knowledge vs proof of
R
polyalphabetic substitution, 323 membership, 481
Polybios square encryption, 464 proofs of membership, 481
RA, 518

<<

. 3
( 5 .)



>>