References¶
| [fip01] | Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, 2001. URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. |
| [gcm07] | NIST special publication 800-38d: recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. November 2007. URL: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf. |
| [ABP+] | Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering, and Jacob Schuldt. On the security of RC4 in TLS and WPA. URL: http://www.isg.rhul.ac.uk/tls/. |
| [AV96] | Ross Anderson and Serge Vaudenay. Minding your p’s and q’s. In In Advances in Cryptology - ASIACRYPT’96, LNCS 1163, 26–35. Springer-Verlag, 1996. URL: http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf. |
| [Bel06] | Mihir Bellare. New proofs for NMAC and HMAC: security without collision-resistance. 2006. URL: http://cseweb.ucsd.edu/~mihir/papers/hmac-new.html. |
| [BN07] | Mihir Bellare and Chanathip Namprempre. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. 2007. URL: http://cseweb.ucsd.edu/~mihir/papers/oem.pdf. |
| [BR95] | Mihir Bellare and Phillip Rogaway. Optimal Asymmetric Encryption – How to encrypt with RSA. Advances in Cryptology - EUROCRYPT ‘94 - Lecture Notes in Computer Science, 1995. URL: http://www-cse.ucsd.edu/users/mihir/papers/oae.pdf. |
| [Ber] | D. J. Bernstein. Snuffle 2005: the Salsa20 encryption function. URL: http://cr.yp.to/snuffle.html#speed. |
| [BDK+09] | Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir. Key recovery attacks of practical complexity on AES variants with up to 10 rounds. Cryptology ePrint Archive, Report 2009/374, 2009. URL: http://eprint.iacr.org/2009/374. |
| [BK09] | Alex Biryukov and Dmitry Khovratovich. Related-key cryptanalysis of the full AES-192 and AES-256. Cryptology ePrint Archive, Report 2009/317, 2009. URL: http://eprint.iacr.org/2009/317. |
| [BHK+] | John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. RFC 4418: UMAC: Message Authentication Code using Universal Hashing. URL: https://www.ietf.org/rfc/rfc4418.txt. |
| [BHK+99] | John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. UMAC: Fast and Secure Message Authentication. 1999. URL: http://www.cs.ucdavis.edu/~rogaway/papers/umac-full.pdf. |
| [Bon99] | Dan Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46:203–213, 1999. URL: http://crypto.stanford.edu/dabo/papers/RSA-survey.pdf. |
| [BGB04] | Nikita Borisov, Ian Goldberg, and Eric Brewer. Off-the-record communication, or, why not to use PGP. WPES ‘04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, 2004. URL: https://otr.cypherpunks.ca/otr-wpes.pdf. |
| [BGjosteen07] | Daniel R. L. Brown and Kristian Gjøsteen. A security analysis of the nist sp 800-90 elliptic curve random number generator. Cryptology ePrint Archive, Report 2007/048, 2007. URL: http://eprint.iacr.org/2007/048.pdf. |
| [DR02] | Joan Daemen and Vincent Rijmen. The design of Rijndael: AES — the Advanced Encryption Standard. Springer-Verlag, 2002. ISBN 3-540-42580-2. |
| [Dai] | Wei Dai. Crypto++ 5.6.0 benchmarks. URL: http://www.cryptopp.com/benchmarks.html. |
| [dBB93] | Bert den Boer and Antoon Bosselaers. Collisions for the compression function of MD5. In Tor Helleseth, editor, Advances in Cryptology - EUROCRYPT 1993, volume 765 of Lecture Notes in Computer Science, 293–304. Lofthus,N, 1993. URL: https://www.cosic.esat.kuleuven.be/publications/article-143.pdf. |
| [DR] | T. Dierks and E. Rescorla. RFC 5246: the transport layer security (TLS) protocol, version 1.2. URL: https://tools.ietf.org/html/rfc5246. |
| [ECR] | ECRYPT. Measurements of SHA-3 finalists, indexed by machine. URL: https://bench.cr.yp.to/results-sha3.html. |
| [FS99] | Niels Ferguson and Bruce Schneier. A cryptographic evaluation of ipsec. 1999. URL: https://www.schneier.com/paper-ipsec.pdf. |
| [FMS01] | Scott Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling algorithm of RC4. In 1–24. 2001. URL: http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps. |
| [Gmb08] | SciEngines GmbH. Break DES in less than a single day. 2008. URL: http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html. |
| [HJB] | J. Hodges, C. Jackson, and A. Barth. RFC 6797: http strict transport security (HSTS). URL: https://tools.ietf.org/html/rfc6797. |
| [Hol] | S. Hollenbeck. RFC 3749: transport layer security protocol compression methods. URL: https://tools.ietf.org/html/rfc3749. |
| [Hou] | R. Housley. RFC 5652: cryptographic message syntax (CMS). URL: https://tools.ietf.org/html/rfc5652#section-6.3. |
| [Hua] | Sinan Huang. Hardware evaluation of SHA-3 candidates. URL: https://theses.lib.vt.edu/theses/available/etd-05172011-141328/unrestricted/Huang_S_T_2011.pdf. |
| [JY02] | Marc Joye and Sung-Ming Yen. The montgomery powering ladder. 2002. URL: http://cr.yp.to/bib/2003/joye-ladder.pdf. |
| [Kle08] | Andreas Klein. Attacks on the RC4 stream cipher. Des. Codes Cryptography, 48(3):269–286, September 2008. URL: http://cage.ugent.be/~klein/papers/RC4-en.pdf, doi:10.1007/s10623-008-9206-6. |
| [Kra01] | Hugo Krawczyk. The order of encryption and authentication for protecting communications (or: how secure is SSL?). 2001. URL: http://www.iacr.org/archive/crypto2001/21390309.pdf. |
| [Kra10] | Hugo Krawczyk. Cryptographic extraction and key derivation: the HKDF scheme. Cryptology ePrint Archive, Report 2010/264, 2010. URL: http://eprint.iacr.org/2010/264. |
| [KE] | Hugo Krawczyk and Pasi Eronen. RFC 5869: HMAC-based extract-and-expand key derivation function (HKDF). URL: https://tools.ietf.org/html/rfc5869. |
| [Lab] | RSA Laboratories. What key size should be used? URL: http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/key-size.htm. |
| [LWdW05] | Arjen Lenstra, Xiaoyun Wang, and Benne de Weger. Colliding x.509 certificates. Cryptology ePrint Archive, Report 2005/067, 2005. URL: http://eprint.iacr.org/2005/067. |
| [Mar11] | Moxie Marlinspike. The cryptographic doom principle. 2011. URL: http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/. |
| [MWES06] | Joshua Mason, Kathryn Watkins, Jason Eisner, and Adam Stubblefield. A natural language approach to automated cryptanalysis of two-time pads. In Proceedings of the 13th ACM conference on Computer and Communications Security, CCS ‘06, 235–244. New York, NY, USA, 2006. ACM. URL: http://www.cs.jhu.edu/~jason/papers/mason+al.ccs06.pdf, doi:10.1145/1180405.1180435. |
| [MHMP13] | Elke De Mulder, Michael Hutter, Mark E. Marson, and Peter Pearson. Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA. Cryptology ePrint Archive, Report 2013/346, 2013. URL: http://eprint.iacr.org/2013/346.pdf. |
| [NS00] | Phong Q. Nguyen and Igor E. Shparlinski. The insecurity of the Digital Signature Algorithm with partially known nonces. Journal of Cryptology, 15:151–176, 2000. URL: ftp://ftp.ens.fr/pub/dmi/users/pnguyen/PubDSA.ps.gz. |
| [Rog] | Philip Rogaway. OCB - An Authenticated-Encryption Scheme - Licensing. URL: http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm. |
| [SS08] | Somitra Kumar Sanadhya and Palash Sarkar. New collision attacks against up to 24-step SHA-2. 2008. URL: http://eprint.iacr.org/2008/270. |
| [SS06] | Berry Schoenmakers and Andrey Sidorenko. Cryptanalysis of the dual elliptic curve pseudorandom generator. 2006. URL: http://www.cosic.esat.kuleuven.be/wissec2006/papers/21.pdf. |
| [SBK+] | Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. The first collision for full SHA-1. URL: https://shattered.it/static/shattered.pdf. |
| [SKP15] | Marc Stevens, Pierre Karpman, and Thomas Peyrin. Freestart collision for full SHA-1. Cryptology ePrint Archive, Report 2015/967, 2015. URL: http://eprint.iacr.org/2015/967. |
| [TP] | S. Turner and T. Polk. RFC 6176: prohibiting secure sockets layer (SSL) version 2.0. URL: https://tools.ietf.org/html/rfc6176. |
| [Vau] | Serge Vaudenay. Security flaws induced by CBC padding applications to SSL, IPSec, WTLS… URL: http://www.iacr.org/cryptodb/archive/2002/EUROCRYPT/2850/2850.pdf. |
| [WYW+09] | Xiaoyun Wang, Hongbo Yu, Wei Wang, Haina Zhang, and Tao Zhan. Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, volume 5479 of Lecture Notes in Computer Science, 121–133. 2009. URL: http://www.iacr.org/archive/eurocrypt2009/54790122/54790122.pdf, doi:10.1007/978-3-642-01001-9_7. |
| [InstitutefStandardsTechnology] | National Institute for Standards and Technology. Sp800-57: recommendation for key management – part 1: general (revised). URL: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf. |