## Advances in Cryptology - CRYPTO '98: 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23-27, 1998, ProceedingsThis book constitutes the refereed proceedings of the 18th Annual International Cryptology Conference, CRYPTO'98, held in Santa Barbara, California, USA, in August 1998. The book presents 33 revised full papers selected from a total of 144 submissions received. Also included are two invited presentations. The papers are organized in topical sections on chosen ciphertext security, cryptanalysis of hash functions and block ciphers, distributed cryptography, zero knowledge, and implementation. |

### What people are saying - Write a review

We haven't found any reviews in the usual places.

### Contents

Chosen Ciphertext Attacks Against Protocols | 1 |

are listed in Section 4 We then analyze the vulnerability | 2 |

We also call a ciphertext c PKCS conforming if its | 3 |

Assume that the attacker wants to find m cd | 4 |

max a mm | 5 |

randomly chosen integer the first two bytes are 00 and | 6 |

In particular M will contain about p intervals If i | 7 |

43 A Timing Attack | 9 |

Cryptanalysis of Block Ciphers | 212 |

n ir 4 | 220 |

Cryptanalysis of the AjtaiDwork Cryptosystem | 223 |

E | 238 |

Since y2 yK are good ciphertexts | 242 |

Cryptanalysis of the Chor_Rivest Cryptosystem | 243 |

n + | 244 |

QxgPd n | 246 |

7 Conclusion | 11 |

A Practical Public Key Cryptosystem Provably | 13 |

arbitrary group G Suppose the strings we need to hash | 24 |

Relations Among Notions of Security for | 26 |

NMCPA NMCCA1 NMCCA2 | 28 |

Cryptography and the Internet | 46 |

Differential Collisions in SHA0 | 56 |

Subscripts denote the perturbed bit of the state | 61 |

nicely As can be seen on Table 3 this happen | 65 |

would imply an elementary probability of 126 per perturbation and | 66 |

From Differential Cryptanalysis to | 72 |

A Simplified Approach to | 89 |

The backup of a value will not be a single | 93 |

44 Proof of Robust Threshold RSA Protocol | 99 |

New Efficient and Secure Protocols for Verifiable | 105 |

Trading Correctness for Privacy | 121 |

Fast Digital Identity Revocation | 137 |

SelfDelegation with Controlled Propagation | 153 |

Identity Escrow | 169 |

Generalized Birthday Attacks on Unbalanced | 186 |

Mi1w | 196 |

Quadratic Relation of S_box and Its Application | 200 |

Cryptanalysis | 257 |

ManytoOne Trapdoor Functions | 283 |

Authentication Enhanced Security and Error | 299 |

An Efficient Discrete Log Pseudo Random | 304 |

Fast RSAType Cryptosystem Modulo?? | 318 |

An Elliptic Curve Implementation of the Finite | 327 |

Quantum Bit Commitment | 338 |

On Concrete Security Treatment of Signatures | 354 |

and | 366 |

Building PRFs from PRPs | 370 |

On the Existence of | 408 |

456 | 456 |

The Solution | 458 |

5 Sieving | 463 |

Optimal Extension Fields for Fast Arithmetic in | 472 |

Time_Stamping with Binary Linking Schemes | 486 |

Threshold Traitor Tracing | 502 |

Springer | |

Lecture Notes in Computer Science | |

L Polkowski A Skowron Eds Rough Sets | |

### Common terms and phrases

addition Advances adversary algorithm allows applications assume assumption attack bits block bound called certificate chooses chosen cipher ciphertext commitment communication complexity compute consider construction cryptography Cryptology cryptosystem curve decryption defined definition denote described discrete distinguish distribution efficient element encryption equations escrow example exists factor field function give given hard holds identification identity input integer known least Lemma length linear method multiplication Note obtain one-way oracle output pairs perform permutation plaintext players polynomial possible prime probability problem Proceedings produce proof protocol prove pseudo-random public key queries random reduction relations result round running satisfies scheme Science secret key sends share signature simulator standard Step Theorem threshold time-stamps trapdoor valid vector verifier zero-knowledge