>
B
:= !"#$%&'()*+,-./0123456789;<>A?@CDRoot EntrypYx `M?$JSRV_SummaryInformation2DocumentViewStyles&$DocumentEditStyles&<j
!"#%&'()*+,-./0123456789:;=>?@ABCDEFGHIKLMNPQRSTUVWXYZ[\]^_`bcefghiklmnopqrstvxyz{|}0@1QW0
"Reference Papers1\Ob
Security Center100000
1\ObeBf
<@*
1MRVfeeBf
B321MRVfe
Security Center 1feVpe1gB}0000eBf
?=1gB}0000
Security Center10000Vpe1MRVpS7ReBf
1MRVpS7R
1}}ƖBf;|
1(u}000
1000pe1000000
T
Ref704.doc100000000
T
dX:\crypto\fSbSUOYTO\7EBlQ\Cryptrec0705\Ref704.doc1O>y
T
1000100000000)NRtcA4 P[Ech;̞cշ;c5~_Ğc&e#|cȠc RtRt;=2-z:F=::@U;w!
@ r
$1@01 @12@02 @22 3@03 @33 4@04 @44 5@05 @55 6@06 @6q6 7@07 @77 8@08 @88 9@09 @99 @0|4hd,?Bd/hd,?@@@@@@@@@@@@@g/d+ Ad, pO@@@@@@@@@@@@@,d- G ,{,z{,{{,{4}
V.). {9}..
{9}.{10}.)
(
)
jnjnjnjnjnjnjnjnjn jn
jnjnjn
jn
SsmgV.01TextV.01
0
NoteKSsmgV.01DocumentTextWFootnoteJ0TextLayoutStyle OxFont
aSsmgV.01VTextV.01&Reference Papers
[S1] Biryukov, Shamir, "Wagner: Real Time Cryptanalysis of A5/1 on a PC," FSE2000
[S2] Canteaut, Filiol, "Ciphertext Only Reconstruction of Stream Ciphers based on Combination Generator," FSE2000
[S3] Chepyzhov, Johansson, Smeets, "A simple algorithm for fast correlation attacks on stream ciphers," FSE2000
[S4] Ding, "The Differential Cryptanalysis and Design of Natural Stream Ciphers," Fast Software Encryption, Cambridge Security Workshop, December 1993, LNCS 809
[S5] Ding, Xiao, Sham, "The Stability Theory of Stream Ciphers," LNCS 561
[S6] Johansson, Jonsson, "Fast correlation attacks based on Turbo code techniques," CRYPTO'99, August 99, 19th Annual International Cryptology Conference, LNCS 1666
[S7] Fossorier, Mihaljevic, Imai, "Critical Noise for Convergence of Iterative Probabilistic Decoding with Belief Propagation in Cryptographic Applications," LNCS 1719.
[S8] Golic, "Linear Cryptanalysis of Stream Ciphers," Fast Software Encryption, Second International Workshop, December 1994, LNCS 1008.
[S9] Johansson, Jonsson, "Improved Fast Correlation Attacks in Stream Ciphers via Convolutional codes," EUROCRYPT'99, International Conference on the Theory and Application of Cryptographic Techniques, May 1999, LNCS 1592
[S10] Meier, Staffelbach, "Correlation Properties of Comniners with Memory in Stream Ciphers," Journal of Cryptology 5(1992)
[S11] Palit, Roy, "Cryptanalysis of LFSR-Encrypted Codes with Unknown Combining," LNCS 1716
[S12] Ruppel, "Correlation Immunity and Summation Generator," CRYPTO'85 Proceedings, August 85, LNCS 218.
[S13] Sigenthalar, "Decrypting a class of Ciphers using Ciphertext only," IEEE C-34.
[S14] Tanaka, Ohishi, Kaneko, "An Optimized Linear Attack on Pseudorandom Generators using a Non-Linear Combiner, Information Security," First International Workshop, ISW'97 Proceedings, September 1997, LNCS 1396
[S15] Zeng, Huang, "On the Linear Syndrome Method in Cryptanalysis," CRYPTO'88 Proceedings, August 1988, LNCS 403.
[S16] Zeng, Yang, Rao, "On the Linear Consistency Test in cryptanalysis and its applications," CRYPTO'89 Proceedings, August 89, LNCS 435.
[S17] Zeng, Yang, Rao, "An improved Linear Syndrome Algorithm in Cryptanalysis with Applications," CRYPTO'90 Proceedings, August 90, LNCS 537.
[S18] Zeng, Yang, Wei, Rao, "Pseudorandom Bit Generators in Stream-Cipher Cryptography," IEEE Computer Feb-1991
[B1] L.R. Knudsen, "Practically Secure Fesitel Ciphers," 1st Fast Software Encryption(1993), LNCS 809, pp.211-221, Springer-Verlag, 1994.
[B2] M.E. Hellman, "A Cryptanalytic Time-Memory Trade-Off," IEEE Trans. On Information Theory,26(4), pp.401-406,1980.
[B3] E. Biham, A. Shamir, "Differential Cryptanalysis of DES-Like Cryptosystems," Journal of Cryptology, 4(1), pp.3-72, 1991.
[B4] L.R. Knudsen, T.A. Berson, "Truncated Differentials of SAFER," 3rd Fast Software Encryption(1996), LNCS 1039, pp.15-25, Springer-Verlag, 1996.
[B5] S. Lucks, "On the Security of the 128-Bit Block Cipher DEAL," 6th Fast Software Encryption(1999), LNCS 1636pp.60-69, Springer-Verlag, 1999
[B6] D. Wagner, "The Boomerang Attack," 6th Fast Software Encryption(1999), LNCS 1636pp.156-170, Springer-Verlag, 1999
[B7] M. Matsui, "Linear Cryptanalysis Method for DES Cipher," EUROCRYPT'93, LNCS 765, pp.386-397, Springer-Verlag, 1994.
[B8] P. Hawkes, "Differential-Linear Week Key Class of IDEA," EUROCRYPT'98, LNCS 1403, pp.112-126, Springer-Verlag, 1994.
[B9] M. Tanaka, T. Hamaide, K. Hisamatsu and T. Kaneko, "Linear cryptanalysis by Linear Sieve Method," IECE Transactions on Fundamentals of Electronics, Communications and Computer Science, E81-A(1), pp.82-87, 1998.
[B10] L.R. Knudsen, "Truncated and Higher Order Differentials," 2nd Fast Software Encryption(1996), LNCS 1008, pp.196-211, Springer-Verlag, 1995.
[B11] T. Jakobsen and L.R. Knudsen, " The Interpolation Attack on Block Ciphers," 4th Fast Software Encryption(1997), LNCS 1267, pp.28-40, Springer-Verlag, 1997.
[B12] E. Biham, A. Biryukov, N. Ferguson, L.R. Knudsen, B. Schneier, A. Shamir, "Cryptanalysis of Magenta," 2nd AES Conference, pp. 182-183, 1999.
[B13] A. Biryukov, D. Wanger, "Slide Attacks," 6th Fast Software Encryption(1999), LNCS 1636, pp.245-259, Springer-Verlag, 1999.
[B14] E. Biham, "New Type of Cryptanalytic Attacks Using Related Keys," EUROCRYPTO'93 LNCS 765, pp.398-409, Springer-Verlag, 1993.
[B15] C. Harpes, J.L. Massey, "Partitioning Cryptanalysis," FSE'97, LNCS 1267, pp.13-27, Springer-Verlag, 1997.
[B16] J. Kelsey, B. Schneier, and D. Wagner, "Mod n Cryptanalysis, with Applications against RC5P and M6," FSE'99, LNCS1636, pp.139-155, Springer-Verlag, 1999.
[B17] V. Rijmen, B. Preneel and E.D. Win, "On Weaknesses of Non-surjective Round Functions," Designs, Codes and Cryptography, 12, pp.253-266, 1997.
[B18] J.Daemen and V. Rijmen, "Resistance against Implementaion Attacks: A Comparative Study of the AES Proposals," 2nd AES Conference, pp.122-133, 1999.
[B19] P. Kocher, "Timing Attackes on Implementations of Diffe-Hellman, RSA, DSS, and Other systems," CRYPTO'96, LNCS 1109, pp.104-113, Springer-Verlag, 1996.
[B20] TAO Research Project on Info-communication Security, "Technical Report on Design, Analysis and Use of Block Ciphers," Telecommunications Advancements Organization of Japan, 2000 (in Japanese).
[H1] H.Dobbertin, "Crypanalyasis of MD4," Fast software encryption,Springer-Verlag, 1996, pp.53-69[H2] H.Dobbertin, "The status of MD5 after recent attack," CryptoBytes, 2(2), Sep., 1996, pp.1.-6[H3] F. Chabaud and A. Joux, "Differential Collisions in SHA-0," Advances in Cryptology-Crypto'94, Springer-Verlag,pp.56-71[H4] B.den Boer and A, Bosselaersm " An attack on the last two rounds of MD4," Advances in Cryptology-Crypto'91, Springer-Verlag, pp.194-203[H5] E.Biham, and A.Shamir, Differential cryptanalysis of the Data encryption Standard, Springer-Verlag, 1993[H6] M. Bellare, J.Kilian, and P.Rogaway, " The security of cipher blocks chaining," Advances in Cryptology-Crypto'94, Springer-Verlag, pp.341-358
[H7] Preneel and Knudsen, Hash Functions Based on Block Ciphers and Quaternary Codes, Advances in Cryptology - Proc. AsiaCrypt'96, LNCS 1163, pp. 77-90, Springer Verlag, 1996.
[H8] B. Preneel and P.C. van Oorschot and Knudsen, "MDx-MAC and building fast MACs from hash functions," Advances in Cryptology, Proceedings Crypto'95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 1-14.
[R1] Ruppel: Analysis and Design of stream ciphers, Springer-Verlag, Berlin,1986
[R2] Niederreiter: "The probabilistic theory of liner complexity", Advances in Cryptology-EUROCRYPTO '88 (LNCS 330), 191-209, 1988
[R3] Niederreiter: "A combinatorial approach to probabilistic results on the liner-complexity profile of random sequences", Journal of Cryptology, 2(1990), 105-112
[R4] Niederreiter: "Keystream sequences with a good linear complexity profile for every starting point", Advances in Cryptology-EUROCRYPTO '89 (LNCS 433), 523-532,1990
[R5] Niederreiter: "The linear complexity profile and the jump complexity of keystream sequences", Advances in Cryptology-EUROCRYPTO '90 (LNCS 473), 174-188, 1991
[R6] Jansen and Boekee: "On the significance of the directed asyclic word graph in cryptology", Advances in Cryptology-AUSCRYPTO '90 (LNCS 453), 318-326,1990
[R7] Jansen and Boekee: "The shortest feedback shift register that can generate a given sequence", Advances in cryptology-CRYPTO '89 (LNCS 435), 90-99, 1990
[R8] Ziv and Lempel: "On the complexity of finite sequences", IEEE Transactions on Information Theory, 22(1976), 75-81
[R9] Erdmann: "Empirical tests of binary keystreams", Master's thesis, Department of Mathematics, Royal Holloway and Bedford New College, University of London, 1992
[R10] Kolmogorov: "Three approaches to the definition of the concept 'quantity of information'", Problemy Peredachi Informatsii, 1(1965), 3-11
[R11] Chaitin: "On the length of programs for computing finite binary sequences", Journal of the association for Computing Machinery, 13(1996), 547-569
[R12] Meier and Staffelbach: "Fast atacks on certin stream ciphers", Journal of Cryptography, 1(1989), 159-176
[R13] Chepyzhov and Smeets, "On a fast correlation attack on certain stream ciphers", Advances in Cryptography-EUROCRYPTO '91 (LNCS 547), 176-185,1991
[R14] Coppersmith, Krawczyk, and Mansour, "The shrinking generator", Advances in Cryptography-CRYPTO '93 (LNCS 773), 22,39,1994
[R15] Rubin, "Decrypting a stream cipher based on J-K flip-flops", IEEE Transaction on computers, 28(1979), 483-487
[R16] Zeng, Yang, and Rao, "On the linearsyndrome algorithm in cryptanalysis with applications", Advanves in Cryptology-CRYPTO '90 (LNCS 537), 34-37,1991
[R17] Siegenthaler, "Decrypting a class of stream cipher using ciphertext only", IEEE Transactions on Computers, 34(1985), 81-85
[R18] Golic, "Correlation via linear sequential circuit approximation of combiners with memory", Advances in Cryptology-EUROCRYPT '92 (LNCS 658), 113-123, 1993
[R19] Siegenthaler, "Cryptanalysts representation of nonlinear filtered ML-sequences", Advances in Cryptology-EUROCRYPTO '85 (LNCS 219), 103-110, 1986
[R20] Ding, "The differential cryptanalysis and design of natural stream ciphers", R. Anderson, editor, Fast Software Encryption, Cambridge Security Workshop (LNCS 809), 101-115, Springer-Verlag
[R21] Zeng, Yang, and Rao, "On the linear consistency test (LCT) in cryptanalysis with applications", Advances in Cryptology-CRYPTO '89 (LNCS 435), 164-174,1990
[R22] Massey and Rueppel, "Linear ciphers and random sequence generators with multiple clocks", Advances in Cryptology-Preceedings of EUROCRYPT 84 (LNCS 209), 74-87, 1985
[R23] Gunther, "Alternating step generators controlled by de Bruijn sequence", Adnances in Cryptology-EUROCRYPT '87 (LNCS 304), 5-14, 1988
[R24] Zivkovic, "An algorithm for the initial state reconstruction of the clock-contorolled shift register", IEEE Transactions on information Theory, 37(1991), 1488-1490
PpnHk22
5{ZhSqn922
Lt|D22
Kuwx@22
MR22
Kl22
"nt22
!a`zlOum~rU5VV
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUUUAk=0000PP^<ddPk=0000
k=0000EFontV.01-3 fgjnCenturyjnOh+'0N`|
ꑾY 10/9/8 Reference PapersSecurity Center@@*<@B32SummaryInformation(d~LineMarkjPaperMarkuLPageMark
wSecurity Center2@@X:\crypto\ÍZp]ψ\vJ\Cryptrec0705\Ref704.doc $JR TRLJTQOTP9RO=N/FH"UJS8O$P;O@J&U5K+R,MGLDL+L-L.QH?R@RPPCS.H;O!HRQCKOQMPL+8+TM/O>N U>OSNO;QO4MORI
MHSKRKS$RNR=RFPLKQ/T RHQ0SMHJVNRONKO<JV
0#rrrrrXr9lrrrr$Gr;rrrrXrt|rrrrHkrv rrrrXrrrrrlr0rrrrXrrrrrr@rrrrVDA_DOC`
JSRV_SegmentInformation2~PDocumentViewStylesDocumentEditStylesjDocumentTextWFootnote0TextLayoutStylexFontSummaryInformation~LineMarkPaperMarkLPageMark