Inference control in statistical databases, also known as statistical disclosure limitation or statistical confidentiality, is about finding tradeoffs to the tension between the increasing societal need for accurate statistical data and the legal and ethical obligation to protect privacy of individuals and enterprises which are the source of data for producing statistics. Techniques used by intruders to make inferences compromising privacy increasingly draw on data mining, record linkage, knowledge discovery, and data analysis and thus statistical inference control becomes an integral part of computer science.This coherent state-of-the-art survey presents some of the most recent work in the field. The papers presented together with an introduction are organized in topical sections on tabular data protection, microdata protection, and software and user case studies.

This book constitutes the refereed proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2002, held in Amsterdam, The Netherlands, in April/May 2002.The 33 revised full papers presented were carefully reviewed and selected from a total of 122 submissions. The papers are organized in topical sections on cryptanalysis, public-key encryption, information theory and new models, implementational analysis, stream ciphers, digital signatures, key exchange, modes of operation, traitor tracing and id-based encryption, multiparty and multicast, and symmetric cryptology.

For more than the last three decades, the security of software systems has been an important area of computer science, yet it is a rather recent general recognition that technologies for software security are highly needed. This book assesses the state of the art in software and systems security by presenting a carefully arranged selection of revised invited and reviewed papers. It covers basic aspects and recently developed topics such as security of pervasive computing, peer-to-peer systems and autonomous distributed agents, secure software circulation, compilers for fail-safe C language, construction of secure mail systems, type systems and multiset rewriting systems for security protocols, and privacy issues as well.

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Security and Privacy in Digital Rights Management, DRM 2001, held during the ACM CCS-8 Conference in Philadelphia, PA, USA, in November 2001.The 14 revised full papers presented were carefully reviewed and selected from 50 submissions. The papers are organized in topical sections on renewability, fuzzy hashing, cryptographic techniques and fingerprinting, privacy and architectures, software tamper resistance, cryptanalysis, and economic and legal aspects.

This volume continues the tradition established in 2001 of publishing the c- tributions presented at the Cryptographers' Track (CT-RSA) of the yearly RSA Security Conference in Springer-Verlag's Lecture Notes in Computer Science series. With 14 parallel tracks and many thousands of participants, the RSA - curity Conference is the largest e-security and cryptography conference. In this setting, the Cryptographers' Track presents the latest scienti?c developments. The program committee considered 49 papers and selected 20 for presen- tion. One paper was withdrawn by the authors. The program also included two invited talks by Ron Rivest ("Micropayments Revisited" - joint work with Silvio Micali) and by Victor Shoup ("The Bumpy Road from Cryptographic Theory to Practice"). Each paper was reviewed by at least three program committee members; paperswrittenbyprogramcommitteemembersreceivedsixreviews.Theauthors of accepted papers made a substantial e?ort to take into account the comments intheversionsubmittedtotheseproceedings.Inalimitednumberofcases, these revisions were checked by members of the program committee. I would like to thank the 20 members of the program committee who helped to maintain the rigorous scienti?c standards to which the Cryptographers' Track aims to adhere. They wrote thoughtful reviews and contributed to long disc- sions; more than 400 Kbyte of comments were accumulated. Many of them - tended the program committee meeting, while they could have been enjoying the sunny beaches of Santa Barbara.

This book constitutes the refereed proceedings of the 21st International Conference on Computer Safety, Reliability and Security, SAFECOMP 2002, held in Catania, Italy in September 2002.The 27 revised papers presented together with 3 keynote presentations were carefully reviewed and selected from 69 submissions. The papers are organized in topical sections on human-computer system dependability, human factors, security, dependability assessment, application of formal methods, reliability assessment, design for dependability, and safety assessment.

This book constitutes the thoroughly refereed post-proceedings of the 8th International Workshop on Selected Areas in Cryptology, SAC 2001, held in Toronto, Ontario, Canada in August 2001.The 25 revised full papers presented together with the abstracts of two invited talks were carefully reviewed and selected during two rounds of refereeing and revision. The papers are organized in topical sections on cryptanalysis, Boolean functions, Rijndael, elliptic curves and efficient implementation, public key systems, and protocols and MAC.

This book constitutes the refereed proceedings of the 8th International IMA Conference on Cryptography and Coding held in Cirencester, UK in December 2001. The 33 revised full papers presented together with four invited papers were carefully reviewed and selected from numerous submissions. Among the topics covered are mathematical bounds, statistical decoding schemes for error-correcting codes, multifunctional and multiple access communication systems, low density parity check codes, iterative coding, authentication, key recovery attacks, stream cipher design, analysis of ECIES algorithms, and lattice bases attacks on IP based protocols.

This book constitutes the refereed proceedings of the Second International Conference in Cryptology in India, INDOCRYPT 2001, held in Chennai, India in December 2001. The 31 revised full papers presented together with an invited survey were carefully reviewed and selected from 77 submissions. The papers are organized in topical sections on hashing, algebraic schemes, elliptic curves, coding theory, applications, cryptanalysis, distributed cryptography, Boolean functions, digitial signatures, and shift registers.

This book constitutes the refereed proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2001, held in Gold Coast, Australia in December 2001.The 33 revised full papers presented together with an invited paper were carefully reviewed and selected from 153 submissions. The papers are organized in topical sections on lattice based cryptography, human identification, practical public key cryptography, cryptography based on coding theory, block ciphers, provable security, threshold cryptography, two-party protocols, zero knowledge, cryptographic building blocks, elliptic curve cryptography, and anonymity.

Security is a rapidly growing area of computer science, with direct and increasing relevance to real life applications such as Internet transactions, electronic commerce, information protection, network and systems integrity, etc. This volume presents thoroughly revised versions of lectures given by leading security researchers during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, held in Bertinoro, Italy in September. Mathematical Models of Computer Security (Peter Y.A. Ryan); The Logic of Authentication Protocols (Paul Syversen and Iliano Cervesato); Access Control: Policies, Models, and Mechanisms (Pierangela Samarati and Sabrina de Capitani di Vimercati); Security Goals: Packet Trajectories and Strand Spaces (Joshua D. Guttman); Notes on Nominal Calculi for Security and Mobility (Andrew D. Gordon); Classification of Security Properties (Riccardo Focardi and Roberto Gorrieri).

This book constitutes the thoroughly refereed post-proceedings of the 4th International Information Hiding Workshop, IHW 2001, held in Pittsburgh, PA, USA, in April 2001.The 29 revised full papers presented were carefully selected during two rounds of reviewing and revision. All current issues in information hiding are addressed including watermarking and fingerprinting of digitial audio, still image and video; anonymous communications; steganography and subliminal channels; covert channels; and database inference channels.

This book constitutes the refereed proceedings of the Third International Conference on Information and Communications Security, ICICS 2001, held in Xian, China in November 2001.The 56 revised full papers presented were carefully reviewed and selected from a total of 134 submissions. The complete spectrum of information and communications security is covered including theoretical foundations, secret sharing, network security, authentication and identification, Boolean functions and stream ciphers, security evaluation, digital signatures, block ciphers and public-key systems, information hiding, security protocols, and cryptanalysis.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a speci?c aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don t insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying threadtakesplaceduringthediscussionsattheworkshopitself.Theonlyground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a ?nished piece of work. Whentheparticipantsmeet, wetrytofocusthediscussionsupontheconc- tual issues which emerge. Security protocols link naturally to many other areas of Computer Science, and deep water can be reached very quickly. Afterwards, we invite participants to re-draft their position papers in a way which exposes the emergent issues but leaves open the way to their further development. We also prepare written transcripts of the recorded discussions. These are edited (in some cases very heavily) to illustrate the way in which the di?erent arguments and perspectives have interacted. We publish these proceedings as an invitation to the research community. Although many interesting results ?rst see the light of day in a volume of our proceedings, laying claim to these is not our primary purpose of publication. Rather, we bring our discussions and insights to a wider audience in order to suggest new lines of investigation which the community may fruitfully pursue."

This book constitutes the thoroughly refereed post-proceedings of the 9th International Workshop on Fast Software Encryption, FSE 2002, held in Leuven, Belgium in February 2002.The 21 revised full papers presented were carefully reviewed and selected from 70 submissions. The papers are organized in topical sections on blook cipher cryptoanalysis, integral cryptoanalysis, block cipher theory, stream cipher design, stream cipher cryptanalysis, and odds and ends.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Conference on Financial Cryptography, FC 2000, held in Anguilla, British West Indies, in February 2000.The 21 revised full papers presented together with two invited papers and two tool summaries were carefully reviewed and selected from 68 submissions. The papers are organized in topical sections on digitial rights management, payment systems, finanical cryptography tools, electronic postcards, abusers of systems, financial cryptopolicies and issues, anonymity, and systems architecture.

This book constitutes the thoroughly refereed post-proceedings of the International Conference on Cryptography and Lattices, CaLC 2001, held in Providence, RI, USA in March 2001. The 14 revised full papers presented together with an overview paper were carefully reviewed and selected for inclusion in the book. All current aspects of lattices and lattice reduction in cryptography, both for cryptographic construction and cryptographic analysis, are addressed.

This book constitutes the refereed proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, RAID 2001, held in Davis, CA, USA, in October 2001.The 12 revised full papers presented were carefully reviewed and selected from a total of 55 submissions. The papers are organized in sections on logging, cooperation, anomaly detection, intrusion tolerance, legal aspects and specification-based IDS.

This book constitutes the refereed proceedings of the 21st Annual International Cryptology Conference, CRYPTO 2001, held in Santa Barbara, CA, USA in August 2001. The 33 revised full papers presented were carefully reviewed and selected from a total of 156 submissions. The papers are organized in topical sections on foundations, traitor tracing, multi-party computation, two-party computation, elliptic curves, OAEP, encryption and authentication, signature schemes, protocols, cryptanalysis, applications of group theory and coding theory, broadcast and secret sharing, and soundness and zero-knowledge.

This book constitutes the refereed proceedings of the Second International Conference on Research in Smart Cards, E-smart 2001, held in Cannes, France, in September 2001. The 20 revised full papers presented were carefully reviewed and selected from 38 submissions. Among the topics addressed are biometrics, cryptography and electronic signatures on smart card security, formal methods for smart card evaluation and certification, architectures for multi-applications and secure open platforms, and middleware for smart cards and novel applications of smart cards.

This book constitutes the thoroughly refereed post-proceedings of the Third International Workshop on Cryptoanalysis Hardware and Embedded Systems, CHES 2001, held in Paris, France in Mai 2001. The 31 revised full papers presented were carefully reviewed and selected from 66 submissions. The papers are organized in topical sections on side channel attacks, Rijndael hardware implementation, random number generators, elliptic curve algorithms, arithmetic architectures, cryptanalysis, embedded implementations of ciphers, and side channel attacks on elliptic curve cryptosystems.

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

EUROCRYPT 2001, the 20th annual Eurocrypt conference, was sponsored by the IACR, the International Association for Cryptologic Research, see http://www. iacr. org/, this year in cooperation with the Austrian Computer - ciety (OCG). The General Chair, Reinhard Posch, was responsible for local or- nization, and registration was handled by the IACR Secretariat at the University of California, Santa Barbara. In addition to the papers contained in these proceedings, we were pleased that the conference program also included a presentation by the 2001 IACR d- tinguished lecturer, Andrew Odlyzko, on "Economics and Cryptography" and an invited talk by Silvio Micali, "Zero Knowledge Has Come of Age. " Furthermore, there was the rump session for presentations of recent results and other (p- sibly satirical) topics of interest to the crypto community, which Jean-Jacques Quisquater kindly agreed to run. The Program Committee received 155 submissions and selected 33 papers for presentation; one of them was withdrawn by the authors. The review process was therefore a delicate and challenging task for the committee members, and I wish to thank them for all the e?ort they spent on it. Each committee member was responsible for the review of at least 20 submissions, so each paper was carefully evaluated by at least three reviewers, and submissions with a program committee member as a (co-)author by at least six.

TheInternationalWorkshoponPracticeandTheoryinPublicKeyCryptog- phyPKC2002washeldattheMaisondelaChimie,situatedintheverycenter ofParis,FrancefromFebruary12to14,2002. ThePKCseriesofconferences yearlyrepresentsinternationalresearchandthelatestachievementsinthearea ofpublickeycryptography,coveringawidespectrumoftopics,fromcryptos- temstoprotocols,implementationtechniquesorcryptanalysis. Afterbeingheld infoursuccessiveyearsinpaci?c-asiancountries,PKC2002experiencedforthe ?rsttimeaEuropeanlocation,thusshowingitsabilitytoreachaneverwider audiencefromboththeindustrialcommunityandacademia. Weareverygratefultothe19membersoftheProgramCommitteefortheir hardande?cientworkinproducingsuchahighqualityprogram. Inresponseto thecallforpapersofPKC2002,69paperswereelectronicallyreceivedfrom13 di?erentcountriesthroughoutEurope,America,andtheFarEast. Allsubm- sionswerereviewedbyatleastthreemembersoftheprogramcommittee,who eventuallyselectedthe26papersthatappearintheseproceedings. Inaddition to this program, we were honored to welcome Prof. Bart Preneel who kindly acceptedtogivethisyear'sinvitedtalk. Theprogramcommitteegratefully- knowledgesthehelpofalargenumberofcolleagueswhoreviewedsubmissionsin theirareaofexpertise:MasayukiAbe,SeigoArita,OlivierBaudron,MihirB- lare,EmmanuelBresson,EricBrier,MathieuCiet,AlessandroCon?itti,Jean- S'ebastienCoron,RogerFischlin,Pierre-AlainFouque,MattFranklin,Rosario Genarro,MarcGirault,LouisGranboulan,GoichiroHanaoka,DarrelHank- son, Eliane Jaulmes, Ari Juels, Jinho Kim, Marcos Kiwi, Kazukuni Kobara, Francois Koeune, Byoungcheon Lee, A. K. Lenstra, Pierre Loidreau, Wenbo Mao, Gwenaelle Martinet, Yi Mu, Phong Nguyen, Satoshi Obana, Guillaume Poupard,YasuyukiSakai,HideoShimizu,TomShrimpton,RonSteinfeld,K- suyukiTakashima,HuaxiongWang,andYujiWatanabe. JulienBrouchier- servesspecialthanksforskillfullymaintainingtheprogramcommittee'swebsite andpatientlyhelpingoutduringtherefereeingprocess. Finally,wewishtothankalltheauthorswhocommittedtheirtimebys- mitting papers (including those whose submissions were not successful), thus makingthisconferencepossible,aswellastheparticipants,organizers,andc- tributorsfromaroundtheworldfortheirkindsupport. December2001 DavidNaccache,PascalPaillier PKC2002 FifthInternationalWorkshop onPracticeandTheory inPublicKeyCryptography MaisondelaChimie,Paris,France February12-14,2002 ProgramCommittee DavidNaccache(ProgramChair)...Gemplus,France DanielBleichenbacher...BellLabs,LucentTechnologies,USA YvoDesmedt ...FloridaStateUniversity,USA MarcFischlin...Goethe-UniversityofFrankfurt,Germany ShaiHalevi...IBMT. J. WatsonResearchCenter,USA MarkusJakobsson ...RSALaboratories,USA AntoineJoux...DCSSI,France BurtKaliski ...RSALaboratories,USA KwangjoKim ...InformationandCommunicationsUniversity,Korea EyalKushilevitz...Technion,Israel PascalPaillier...Gemplus,France ' DavidPointcheval ...EcoleNormaleSup'erieure,France Jean-JacquesQuisquater...Universit'eCatholiquedeLouvain,Belgium PhillipRogaway ...UCDavis,USA KazueSako...NECCorporation,Japan BruceSchneier...CounterpaneInternetSecurity,USA JunjiShikata...UniversityofTokyo,Japan IgorShparlinski ...MacquarieUniversity,Australia MotiYung ...Certco,USA JianyingZhou...OracleCorporation,USA TableofContents EncryptionSchemes NewSemanticallySecurePublic-KeyCryptosystemsfromtheRSA-Primitive 1 KouichiSakurai(KyushuUniversity,Japan),TsuyoshiTakagi (TechnischeUniversit. atDarmstadt,Germany) OptimalChosen-CiphertextSecureEncryption ofArbitrary-LengthMessages...17 Jean-S' ebastien Coron (Gemplus, France), Helena Handschuh (Gemplus,France),MarcJoye(Gemplus,France),PascalPaillier ' (Gemplus,France),DavidPointcheval(EcoleNormaleSup' erieure,France), ChristopheTymen(Gemplus,France) OnSu?cientRandomnessforSecurePublic-KeyCryptosystems...34 Takeshi Koshiba (Fujitsu Laboratories Ltd, Japan) Multi-recipientPublic-KeyEncryptionwithShortenedCiphertext...48 Kaoru Kurosawa (Ibaraki University, Japan) SignatureSchemes E?cientandUnconditionallySecureDigitalSignatures andaSecurityAnalysisofaMultireceiverAuthenticationCode...64 GoichiroHanaoka(UniversityofTokyo,Japan),JunjiShikata (University of Tokyo, Japan), Yuliang Zheng (UNC Charlotte, USA), HidekiImai(UniversityofTokyo,Japan) FormalProofsfortheSecurityofSigncryption...80 JoonsangBaek(MonashUniversity,Australia),RonSteinfeld(Monash University,Australia),YuliangZheng(UNCCharlotte,USA) AProvablySecureRestrictivePartiallyBlindSignatureScheme...99 GregMaitland(QueenslandUniversityofTechnology,Australia), ColinBoyd(QueenslandUniversityofTechnology,Australia) ProtocolsI M+1-stPriceAuctionUsingHomomorphicEncryption...1 15 Masayuki Abe (NTT ISP Labs, Japan), Koutarou Suzuki (NTT ISP Labs,Japan) Client/ServerTradeo?sforOnlineElections...125 Ivan Damg? ard (Aarhus University, Denmark), Mads Jurik (Aarhus University,Denmark) X TableofContents Self-tallyingElectionsandPerfectBallotSecrecy...141 AggelosKiayias(GraduateCenter,CUNY,USA),MotiYung(CertCo, USA) ProtocolsII E?cient1-Out-nObliviousTransferSchemes...159 Wen-GueyTzeng(NationalChiaoTungUniversity,Taiwan) LinearCodeImpliesPublic-KeyTraitorTracing...