This book constitutes the refereed proceedings of the 22nd International Cryptology Conference, CRYPTO 2002, held in Santa Barbara, CA, in August 2002.The 39 revised full papers presented were carefully reviewed and selected from a total of 175 submissions. The papers are organized in topical sections on block ciphers, multi-user oriented cryptosystems, foundations and methodology, security and practical protocols, secure multiparty computation, public key encryption, information theory and secret sharing, cipher design and analysis, elliptic curves and Abelian varieties, authentication, distributed cryptosystems, pseudorandomness, stream ciphers and Boolean functions, commitment schemes, and signature schemes.

This book constitutes the thoroughly refereed post-proceedings of the First International Workshop on Digital Watermarking, IWDW 2002, held in Seoul, Korea in November 2002. The 19 revised full papers presented together with two invited papers were carefully selected during two rounds of reviewing and improvement from 64 submissions. The papers are organized in topical sections on fundamentals, new algorithms, watermarking unusual content, fragile watermarking, robust watermarking, and adaptive watermarking.

This book constitutes the thoroughly refereed post-proceedings of the 8th International Workshop on Fast Software Encryption, FSE 2001, held in Yokohama, Japan in April 2001.The 27 revised full papers presented together with one invited paper were carefully reviewed and selected from 46 submissions. The papers are organized in topical sections on cryptanalysis of block ciphers, hash functions and Boolean functions, modes of operation, cryptanalysis of stream ciphers, pseudo-randomness, and design and evaluation.

For more than the last three decades, the security of software systems has been an important area of computer science, yet it is a rather recent general recognition that technologies for software security are highly needed. This book assesses the state of the art in software and systems security by presenting a carefully arranged selection of revised invited and reviewed papers. It covers basic aspects and recently developed topics such as security of pervasive computing, peer-to-peer systems and autonomous distributed agents, secure software circulation, compilers for fail-safe C language, construction of secure mail systems, type systems and multiset rewriting systems for security protocols, and privacy issues as well.

Inference control in statistical databases, also known as statistical disclosure limitation or statistical confidentiality, is about finding tradeoffs to the tension between the increasing societal need for accurate statistical data and the legal and ethical obligation to protect privacy of individuals and enterprises which are the source of data for producing statistics. Techniques used by intruders to make inferences compromising privacy increasingly draw on data mining, record linkage, knowledge discovery, and data analysis and thus statistical inference control becomes an integral part of computer science.This coherent state-of-the-art survey presents some of the most recent work in the field. The papers presented together with an introduction are organized in topical sections on tabular data protection, microdata protection, and software and user case studies.

This book constitutes the refereed proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2002, held in Amsterdam, The Netherlands, in April/May 2002.The 33 revised full papers presented were carefully reviewed and selected from a total of 122 submissions. The papers are organized in topical sections on cryptanalysis, public-key encryption, information theory and new models, implementational analysis, stream ciphers, digital signatures, key exchange, modes of operation, traitor tracing and id-based encryption, multiparty and multicast, and symmetric cryptology.

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Security and Privacy in Digital Rights Management, DRM 2001, held during the ACM CCS-8 Conference in Philadelphia, PA, USA, in November 2001.The 14 revised full papers presented were carefully reviewed and selected from 50 submissions. The papers are organized in topical sections on renewability, fuzzy hashing, cryptographic techniques and fingerprinting, privacy and architectures, software tamper resistance, cryptanalysis, and economic and legal aspects.

This book constitutes the refereed proceedings of the 21st International Conference on Computer Safety, Reliability and Security, SAFECOMP 2002, held in Catania, Italy in September 2002.The 27 revised papers presented together with 3 keynote presentations were carefully reviewed and selected from 69 submissions. The papers are organized in topical sections on human-computer system dependability, human factors, security, dependability assessment, application of formal methods, reliability assessment, design for dependability, and safety assessment.

This volume continues the tradition established in 2001 of publishing the c- tributions presented at the Cryptographers' Track (CT-RSA) of the yearly RSA Security Conference in Springer-Verlag's Lecture Notes in Computer Science series. With 14 parallel tracks and many thousands of participants, the RSA - curity Conference is the largest e-security and cryptography conference. In this setting, the Cryptographers' Track presents the latest scienti?c developments. The program committee considered 49 papers and selected 20 for presen- tion. One paper was withdrawn by the authors. The program also included two invited talks by Ron Rivest ("Micropayments Revisited" - joint work with Silvio Micali) and by Victor Shoup ("The Bumpy Road from Cryptographic Theory to Practice"). Each paper was reviewed by at least three program committee members; paperswrittenbyprogramcommitteemembersreceivedsixreviews.Theauthors of accepted papers made a substantial e?ort to take into account the comments intheversionsubmittedtotheseproceedings.Inalimitednumberofcases, these revisions were checked by members of the program committee. I would like to thank the 20 members of the program committee who helped to maintain the rigorous scienti?c standards to which the Cryptographers' Track aims to adhere. They wrote thoughtful reviews and contributed to long disc- sions; more than 400 Kbyte of comments were accumulated. Many of them - tended the program committee meeting, while they could have been enjoying the sunny beaches of Santa Barbara.

This book constitutes the refereed proceedings of the First NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, held in Tucson, AZ, USA in June 2003. The 24 revised full papers and 16 revised short papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on data management and data mining, deception detection, analytical techniques, for crime detection, visualization, knowledge management and adoption, collaborative systems and methodologies, and monitoring and surveillance.

This book constitutes the thoroughly refereed post-proceedings of the 8th International Workshop on Selected Areas in Cryptology, SAC 2001, held in Toronto, Ontario, Canada in August 2001.The 25 revised full papers presented together with the abstracts of two invited talks were carefully reviewed and selected during two rounds of refereeing and revision. The papers are organized in topical sections on cryptanalysis, Boolean functions, Rijndael, elliptic curves and efficient implementation, public key systems, and protocols and MAC.

This book constitutes the refereed proceedings of the 8th International IMA Conference on Cryptography and Coding held in Cirencester, UK in December 2001. The 33 revised full papers presented together with four invited papers were carefully reviewed and selected from numerous submissions. Among the topics covered are mathematical bounds, statistical decoding schemes for error-correcting codes, multifunctional and multiple access communication systems, low density parity check codes, iterative coding, authentication, key recovery attacks, stream cipher design, analysis of ECIES algorithms, and lattice bases attacks on IP based protocols.

This book constitutes the refereed proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2001, held in Gold Coast, Australia in December 2001.The 33 revised full papers presented together with an invited paper were carefully reviewed and selected from 153 submissions. The papers are organized in topical sections on lattice based cryptography, human identification, practical public key cryptography, cryptography based on coding theory, block ciphers, provable security, threshold cryptography, two-party protocols, zero knowledge, cryptographic building blocks, elliptic curve cryptography, and anonymity.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Information Hiding Workshop, IHW 2001, held in Pittsburgh, PA, USA, in April 2001.The 29 revised full papers presented were carefully selected during two rounds of reviewing and revision. All current issues in information hiding are addressed including watermarking and fingerprinting of digitial audio, still image and video; anonymous communications; steganography and subliminal channels; covert channels; and database inference channels.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2003, CT-RSA 2003, held in San Francisco, CA, USA, in April 2003. The 26 revised full papers presented together with abstracts of 2 invited talks were carefully reviewed and selected from 97 submissions. The papers are organized in topical sections on key self-protection, message authentication, digital signatures, pairing based cryptography, multivariate and lattice problems, cryptographic architectures, new RSA-based cryptosystems, chosen-ciphertext security, broadcast encryption and PRF sharing, authentication structures, elliptic curves and pairings, threshold cryptography, and implementation issues.

This book constitutes the thoroughly refereed post-proceedings of the 9th International Workshop on Fast Software Encryption, FSE 2002, held in Leuven, Belgium in February 2002.The 21 revised full papers presented were carefully reviewed and selected from 70 submissions. The papers are organized in topical sections on blook cipher cryptoanalysis, integral cryptoanalysis, block cipher theory, stream cipher design, stream cipher cryptanalysis, and odds and ends.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a speci?c aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don t insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying threadtakesplaceduringthediscussionsattheworkshopitself.Theonlyground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a ?nished piece of work. Whentheparticipantsmeet, wetrytofocusthediscussionsupontheconc- tual issues which emerge. Security protocols link naturally to many other areas of Computer Science, and deep water can be reached very quickly. Afterwards, we invite participants to re-draft their position papers in a way which exposes the emergent issues but leaves open the way to their further development. We also prepare written transcripts of the recorded discussions. These are edited (in some cases very heavily) to illustrate the way in which the di?erent arguments and perspectives have interacted. We publish these proceedings as an invitation to the research community. Although many interesting results ?rst see the light of day in a volume of our proceedings, laying claim to these is not our primary purpose of publication. Rather, we bring our discussions and insights to a wider audience in order to suggest new lines of investigation which the community may fruitfully pursue."

This book constitutes the thoroughly refereed post-proceedings of the 4th International Conference on Financial Cryptography, FC 2000, held in Anguilla, British West Indies, in February 2000.The 21 revised full papers presented together with two invited papers and two tool summaries were carefully reviewed and selected from 68 submissions. The papers are organized in topical sections on digitial rights management, payment systems, finanical cryptography tools, electronic postcards, abusers of systems, financial cryptopolicies and issues, anonymity, and systems architecture.

This book constitutes the refereed proceedings of the 21st Annual International Cryptology Conference, CRYPTO 2001, held in Santa Barbara, CA, USA in August 2001. The 33 revised full papers presented were carefully reviewed and selected from a total of 156 submissions. The papers are organized in topical sections on foundations, traitor tracing, multi-party computation, two-party computation, elliptic curves, OAEP, encryption and authentication, signature schemes, protocols, cryptanalysis, applications of group theory and coding theory, broadcast and secret sharing, and soundness and zero-knowledge.

This book constitutes the refereed proceedings of the Second International Conference on Research in Smart Cards, E-smart 2001, held in Cannes, France, in September 2001. The 20 revised full papers presented were carefully reviewed and selected from 38 submissions. Among the topics addressed are biometrics, cryptography and electronic signatures on smart card security, formal methods for smart card evaluation and certification, architectures for multi-applications and secure open platforms, and middleware for smart cards and novel applications of smart cards.

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

This book constitutes the thoroughly refereed post-proceedings of the 9th International Workshop on Security Protocols held in Cambridge, UK in April 2001.The 13 revised full papers presented together with transcriptions of the discussions following the presentations have gone through two rounds of reviewing, revision, and selection. Also included are abstracts and transcriptions of invited presentations and topically focused discussions. Among the topics addressed are mobile computing and security, denial of service, authentication, Internet protocols, timing attacks, PIM security, security engineering, non-repudiation, trust management, access control policies, and Bluetooth security.

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

EUROCRYPT 2001, the 20th annual Eurocrypt conference, was sponsored by the IACR, the International Association for Cryptologic Research, see http://www. iacr. org/, this year in cooperation with the Austrian Computer - ciety (OCG). The General Chair, Reinhard Posch, was responsible for local or- nization, and registration was handled by the IACR Secretariat at the University of California, Santa Barbara. In addition to the papers contained in these proceedings, we were pleased that the conference program also included a presentation by the 2001 IACR d- tinguished lecturer, Andrew Odlyzko, on "Economics and Cryptography" and an invited talk by Silvio Micali, "Zero Knowledge Has Come of Age. " Furthermore, there was the rump session for presentations of recent results and other (p- sibly satirical) topics of interest to the crypto community, which Jean-Jacques Quisquater kindly agreed to run. The Program Committee received 155 submissions and selected 33 papers for presentation; one of them was withdrawn by the authors. The review process was therefore a delicate and challenging task for the committee members, and I wish to thank them for all the e?ort they spent on it. Each committee member was responsible for the review of at least 20 submissions, so each paper was carefully evaluated by at least three reviewers, and submissions with a program committee member as a (co-)author by at least six.

TheInternationalWorkshoponPracticeandTheoryinPublicKeyCryptog- phyPKC2002washeldattheMaisondelaChimie,situatedintheverycenter ofParis,FrancefromFebruary12to14,2002. ThePKCseriesofconferences yearlyrepresentsinternationalresearchandthelatestachievementsinthearea ofpublickeycryptography,coveringawidespectrumoftopics,fromcryptos- temstoprotocols,implementationtechniquesorcryptanalysis. Afterbeingheld infoursuccessiveyearsinpaci?c-asiancountries,PKC2002experiencedforthe ?rsttimeaEuropeanlocation,thusshowingitsabilitytoreachaneverwider audiencefromboththeindustrialcommunityandacademia. Weareverygratefultothe19membersoftheProgramCommitteefortheir hardande?cientworkinproducingsuchahighqualityprogram. Inresponseto thecallforpapersofPKC2002,69paperswereelectronicallyreceivedfrom13 di?erentcountriesthroughoutEurope,America,andtheFarEast. Allsubm- sionswerereviewedbyatleastthreemembersoftheprogramcommittee,who eventuallyselectedthe26papersthatappearintheseproceedings. Inaddition to this program, we were honored to welcome Prof. Bart Preneel who kindly acceptedtogivethisyear'sinvitedtalk. Theprogramcommitteegratefully- knowledgesthehelpofalargenumberofcolleagueswhoreviewedsubmissionsin theirareaofexpertise:MasayukiAbe,SeigoArita,OlivierBaudron,MihirB- lare,EmmanuelBresson,EricBrier,MathieuCiet,AlessandroCon?itti,Jean- S'ebastienCoron,RogerFischlin,Pierre-AlainFouque,MattFranklin,Rosario Genarro,MarcGirault,LouisGranboulan,GoichiroHanaoka,DarrelHank- son, Eliane Jaulmes, Ari Juels, Jinho Kim, Marcos Kiwi, Kazukuni Kobara, Francois Koeune, Byoungcheon Lee, A. K. Lenstra, Pierre Loidreau, Wenbo Mao, Gwenaelle Martinet, Yi Mu, Phong Nguyen, Satoshi Obana, Guillaume Poupard,YasuyukiSakai,HideoShimizu,TomShrimpton,RonSteinfeld,K- suyukiTakashima,HuaxiongWang,andYujiWatanabe. JulienBrouchier- servesspecialthanksforskillfullymaintainingtheprogramcommittee'swebsite andpatientlyhelpingoutduringtherefereeingprocess. Finally,wewishtothankalltheauthorswhocommittedtheirtimebys- mitting papers (including those whose submissions were not successful), thus makingthisconferencepossible,aswellastheparticipants,organizers,andc- tributorsfromaroundtheworldfortheirkindsupport. December2001 DavidNaccache,PascalPaillier PKC2002 FifthInternationalWorkshop onPracticeandTheory inPublicKeyCryptography MaisondelaChimie,Paris,France February12-14,2002 ProgramCommittee DavidNaccache(ProgramChair)...Gemplus,France DanielBleichenbacher...BellLabs,LucentTechnologies,USA YvoDesmedt ...FloridaStateUniversity,USA MarcFischlin...Goethe-UniversityofFrankfurt,Germany ShaiHalevi...IBMT. J. WatsonResearchCenter,USA MarkusJakobsson ...RSALaboratories,USA AntoineJoux...DCSSI,France BurtKaliski ...RSALaboratories,USA KwangjoKim ...InformationandCommunicationsUniversity,Korea EyalKushilevitz...Technion,Israel PascalPaillier...Gemplus,France ' DavidPointcheval ...EcoleNormaleSup'erieure,France Jean-JacquesQuisquater...Universit'eCatholiquedeLouvain,Belgium PhillipRogaway ...UCDavis,USA KazueSako...NECCorporation,Japan BruceSchneier...CounterpaneInternetSecurity,USA JunjiShikata...UniversityofTokyo,Japan IgorShparlinski ...MacquarieUniversity,Australia MotiYung ...Certco,USA JianyingZhou...OracleCorporation,USA TableofContents EncryptionSchemes NewSemanticallySecurePublic-KeyCryptosystemsfromtheRSA-Primitive 1 KouichiSakurai(KyushuUniversity,Japan),TsuyoshiTakagi (TechnischeUniversit. atDarmstadt,Germany) OptimalChosen-CiphertextSecureEncryption ofArbitrary-LengthMessages...17 Jean-S' ebastien Coron (Gemplus, France), Helena Handschuh (Gemplus,France),MarcJoye(Gemplus,France),PascalPaillier ' (Gemplus,France),DavidPointcheval(EcoleNormaleSup' erieure,France), ChristopheTymen(Gemplus,France) OnSu?cientRandomnessforSecurePublic-KeyCryptosystems...34 Takeshi Koshiba (Fujitsu Laboratories Ltd, Japan) Multi-recipientPublic-KeyEncryptionwithShortenedCiphertext...48 Kaoru Kurosawa (Ibaraki University, Japan) SignatureSchemes E?cientandUnconditionallySecureDigitalSignatures andaSecurityAnalysisofaMultireceiverAuthenticationCode...64 GoichiroHanaoka(UniversityofTokyo,Japan),JunjiShikata (University of Tokyo, Japan), Yuliang Zheng (UNC Charlotte, USA), HidekiImai(UniversityofTokyo,Japan) FormalProofsfortheSecurityofSigncryption...80 JoonsangBaek(MonashUniversity,Australia),RonSteinfeld(Monash University,Australia),YuliangZheng(UNCCharlotte,USA) AProvablySecureRestrictivePartiallyBlindSignatureScheme...99 GregMaitland(QueenslandUniversityofTechnology,Australia), ColinBoyd(QueenslandUniversityofTechnology,Australia) ProtocolsI M+1-stPriceAuctionUsingHomomorphicEncryption...1 15 Masayuki Abe (NTT ISP Labs, Japan), Koutarou Suzuki (NTT ISP Labs,Japan) Client/ServerTradeo?sforOnlineElections...125 Ivan Damg? ard (Aarhus University, Denmark), Mads Jurik (Aarhus University,Denmark) X TableofContents Self-tallyingElectionsandPerfectBallotSecrecy...141 AggelosKiayias(GraduateCenter,CUNY,USA),MotiYung(CertCo, USA) ProtocolsII E?cient1-Out-nObliviousTransferSchemes...159 Wen-GueyTzeng(NationalChiaoTungUniversity,Taiwan) LinearCodeImpliesPublic-KeyTraitorTracing...