The CQRE [Secure] conference provides a new international forum giving a close-up view on information security in the context of rapidly evolving economic processes. The unprecedented reliance on computer technology has transformed the previous technical side-issue "information security" to a management problem requiring decisions of strategic importance. Thus one of the main goals of the conference is to provide a platform for both technical specialists as well as decision makers from government, industry, commercial, and academic communities. The target of CQRE is to promote and stimulate dialogue between managers and experts, which seems to be necessary for providing secure information systems in the next millennium. Therefore CQRE consists of two parts: Part I mainly focuses on strategic issues of information security, while the focus of Part II is more technical in nature. This volume of the conference proceedings consists of the reviewed and invited contributions of the second part. The program committee considered 46 papers and selected only 15 for full presentation. For the participants' convenience we have also included the notes of the invited lectures and short workshop talks in this volume.

This book constitutes the refereed proceedings of the Third Australasian Conference on Information Security and Privacy, ACISP'98, held in Brisbane, Australia, in Kuly 1998.
The volume presents 35 revised full papers selected from a total of 66 submissions; also included are two invited contributions. The book is divided in sections on network security, block ciphers, stream ciphers, authorization codes and Boolean functions, software security and electronic commerce, public key cryptography, hardware, access control, protocols, secret sharing, and digital signatures.

This book constitutes the refereed proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography, PKC'98, held in Pacifico Yokohama, Japan, in February 1998.
The volume presents four invited contributions together with 18 revised full papers selected from 30 submissions. The papers address all current issues in research and design in the area including digital signature schemes, digital payment systems, electronic commerce, cryptographic protocols, as well as foundational issues like integer factorization, elliptic curve aspects, hash functions, finite fields, etc.

Asiacrypt'99 was held in Singapore on 14-18 November 1999. Asiacrypt is one of the major events in the cryptology research community. Asiacrypt'99, the ?fth annual Asiacrypt conference, was sponsored by the Asiacrypt Steering Comm- tee and the Centre for Systems Security of the National University of Singapore, and in cooperation with the International Association for Cryptology Research. As the Program Co-Chairs of Asiacrypt'99, we are extremely honored to or- nize this event, which showcases the state-of-the-art development of cryptology research at the conclusion of this millennium. This year, a total of 96 research papers were submitted to Asiacrypt'99. The portfolio of country of origin of submissions serves as a good indicator of the - ternational reputation of the conference. Countries from which submissions or- inated include: Australia, Belgium, China, Estonia, France, Germany, Greece, India, Iran, Japan, Korea, Norway, Russia, Saudi Arabia, Switzerland, Sin- pore, Spain, Taiwan, Thailand, The Netherlands, Turkey, Ukraine, UK, USA and Yugoslavia. Through a stringent refereeing process by the Program C- mittee, 31 papers of outstanding quality were accepted and are included in the conference proceedings. Accepted papers were authored by researchers from the following countries: Australia, Belgium, France, Germany, India, Japan, China, Singapore, Switzerland, Taiwan, The Netherlands, UK, and USA.

This book constitutes the thoroughly refereed post-workshop proceedings of the 5th Annual International Workshop on Selected Areas in Cryptography, SAC '98, held in Kingston, Ontario, Canada in August 1998.
The 26 revised full papers presented together with two invited papers were carefully selected from 39 submissions after two rounds of reviewing and revision. The book is divided in topical sections on designs of secret key cryptosystems, randomness and computational issues, analysis of secret key cryptosystems, cryptographic systems, design and implementation of secret key cryptosystems, and attacks on secret key cryptosystems.

In July 1998, a summer school in cryptology and data security was organized atthecomputersciencedepartmentofAarhusUniversity, Denmark.Thistook place as a part of a series of summer schools organized by the European Edu- tional Forum, an organizationconsisting of the researchcenters TUCS (Finland), IPA(Holland)andBRICS(Denmark, Aarhus).Thelocalorganizingcommittee consisted of Jan Camenisch, Janne Christensen, Ivan Damga? ard (chair), Karen Moller, andLouisSalvail.ThesummerschoolwassupportedbytheEuropean Union. Modern cryptology is an extremely fast growing ?eld and is of fundamental importance in very diverse areas, from theoretical complexity theory to practical electroniccommerceontheInternet.Wethereforesetouttoorganizeaschool that would enable young researchers and students to obtain an overview of some mainareas, coveringboththeoreticalandpracticaltopics.Itisfairtosaythat the school was a success, both in terms of attendance (136 participants from over20countries)andintermsofcontents.Itisapleasuretothankallofthe speakers for their cooperation and the high quality of their presentations. A total of 13 speakers gave talks: Mihir Bellare, University of California, San Diego; Gilles Brassard, University of Montreal; David Chaum, DigiCash; Ronald Cramer, ETH Zur ] ich; Ivan Damg? ard, BRICS; Burt Kaliski, RSA Inc.; Lars Knudsen, Bergen University; Peter Landrock, Cryptomathic; Kevin Mc- Curley, IBM Research, Almaden; Torben Pedersen, Cryptomathic; Bart Preneel, Leuven University; Louis Salvail, BRICS; Stefan Wolf, ETH Zur ] ich.

Crypto '99, the Nineteenth Annual Crypto Conference, was sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department, University of California, Santa Barbara (UCSB). The General Chair, Donald Beaver, was responsible for local organization and registration. The Program Committee considered 167 papers and selected 38 for presentation. This year's conference program also included two invited lectures. I was pleased to include in the program UeliM aurer's presentation "Information Theoretic Cryptography" and Martin Hellman's presentation "The Evolution of Public Key Cryptography." The program also incorporated the traditional Rump Session for informal short presentations of new results, run by Stuart Haber. These proceedings include the revised versions of the 38 papers accepted by the Program Committee. These papers were selected from all the submissions to the conference based on originality, quality, and relevance to the field of cryptology. Revisions were not checked, and the authors bear full responsibility for the contents of their papers.

TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'Halluin,G. Bijnens,V. Rijmen,andB. Preneel OntheSecurityofthe128-bitBlockCipherDEAL...60 S. Lucks CryptanalysisofaReducedVersionoftheBlockCipherE2...71 M. MatsuiandT. Tokita OntheDecorrelatedFastCipher(DFC)andItsTheory...81 L. R. KnudsenandV. Rijmen RemotelyKeyedEncryption ScrambleAll,EncryptSmall...95 M. Jakobsson,J. P. Stern,andM. Yung AcceleratedRemotelyKeyedEncryption...112 S. Lucks AnalysisofBlockCiphersI MissintheMiddleAttacksonIDEAandKhufu...124 E. Biham,A. Biryukov,andA. Shamir ModnCryptanalysis,withApplicationsagainstRC5PandM6...139 J. Kelsey,B. Schneier,andD. Wagner TheBoomerangAttack...156 D. Wagner Miscellaneous TowardsMakingLuby-Racko CiphersOptimalandPractical ...171 S. Patel,Z. Ramzan,andG. S. Sundaram ANewCharacterizationofAlmostBentFunctions...186 A. Canteaut,P. Charpin,andH. Dobbertin ImprimitivePermutationGroupsandTrapdoorsinIteratedBlockCiphers. 201 K. G. Paterson VIII TableofContents ModesofOperation OntheSecurityofDoubleand2-KeyTripleModesofOperation...215 H. HandschuhandB. Preneel OntheConstructionofVariable-Input-LengthCiphers...231 M. BellareandP. Rogaway AnalysisofBlockCiphersII SlideAttacks...245 A. BiryukovandD. Wagner OntheSecurityofCS-Cipher...260 S. Vaudenay InterpolationAttacksoftheBlockCipher:SNAKE...275 S. Moriai,T. Shimoyama,andT. Kaneko StreamCiphers High-SpeedPseudorandomNumberGenerationwithSmallMemory...290 W. Aiello,S. Rajagopalan,andR. Venkatesan SOBERCryptanalysis...305 D. BleichenbacherandS. Patel AuthorIndex...317 ImprovedAnalysisof SomeSimpli edVariantsofRC6 1 2 1 1 ScottContini ,RonaldL. Rivest ,M. J. B. Robshaw ,andYiqunLisaYin 1 RSALaboratories,2955CampusDrive SanMateo,CA94403,USA fscontini,matt,yiqung@rsa. com 2 M. I. T. LaboratoryforComputerScience,545TechnologySquare Cambridge,MA02139,USA rivest@theory. lcs. mit.

The4thAustralasianConferenceonInformationSecurityandPrivacywasheld attheUniversityofWollongong, Australia. Theconferencewassponsoredby theCentreforComputerSecurityResearch, UniversityofWollongong, andthe AustralianComputerSociety. Theaimoftheconferencewastobringtogether peopleworkingindi erentareasofcomputer, communication, andinformation securityfromuniversities, industry, andgovernmentinstitutions. Theconference gavetheparticipantsanopportunitytodiscussthelatestdevelopmentsinthe quicklygrowingareaofinformationsecurityandprivacy. Theprogramcommitteeaccepted26papersfrom53submitted. Fromthose accepted, thirteen papers were from Australia, two each from Belgium and China, andoneeachfromAustria, Belarus, France, India, Japan, Korea, Sin- pore, theUSA, andYugoslavia. Conferencesessionscoveredthefollowingtopics: accesscontrolandsecuritymodels, networksecurity, Booleanfunctions, group communication, cryptanalysis, keymanagementsystems, electroniccommerce, signatureschemes, RSAcryptosystems, andoddsandends. We would like to thank the members of the program committee who - nerouslyspenttheirtimereadingandevaluatingthepapers. Wewouldalsolike tothankmembersoftheorganisingcommitteeand, inparticular, ChrisCh- nes, HosseinGhodosi, MarcGysin, Tiang-BingXia, Cheng-XinQu, SanYeow Lee, YejingWang, Hua-XiongWang, Chih-HungLi, WillySusilo, ChintanShah, Je reyHorton, andGhulamRasoolChaudhryfortheircontinuousandtireless e ortinorganisingtheconference. Finally, wewouldliketothanktheauthorsof allthesubmittedpapers, especiallytheacceptedones, andalltheparticipants whomadetheconferenceasuccessfulevent. February1999 JosefPieprzyk ReiSafavi-Naini JenniferSeberry FOURTHAUSTRALASIANCONFERENCE ONINFORMATIONSECURITY ANDPRIVACY ACISP 99 Sponsoredby CenterforComputerSecurityResearch UniversityofWollongong, Australia and AustralianComputerSociety GeneralChair: JenniferSeberry UniversityofWollongong ProgramCo-Chairs: JosefPieprzyk UniversityofWollongong ReiSafavi-Naini UniversityofWollongong ProgramCommittee: ColinBoyd QueenslandUniversityofTechnology, Australia LawrieBrown AustralianDefenceForceAcademy, Australia BillCaelli QueenslandUniversityofTechnology, Australia EdDawson QueenslandUniversityofTechnology, Australia CunshengDing NationalUniversityofSingapore, Singapore DieterGollmann MicrosoftResearch, UK YongfeiHan Gemplus, Singapore ThomasHardjono BayNetworks, US ErlandJonsson ChalmersUniversity, Sweden SveinKnapskog UniversityofTrondheim, Norway KeithMartin KatholiekeUniversiteitLeuven, Belgium CathyMeadows NavalResearchLaboratory, US KaisaNyberg NokiaResearchCenter, Finland Choon-SikPark ElectronicsandTelecommunicationResearchInstitute, Korea DingyiPei AcademiaSinica, China SteveRoberts WithamPtyLtd, Australia ConferenceOrganization VII GregRose Qualcomm, Australia RaviSandhu GeorgeMasonUniversity, US Sta ordTavares Queen sUniversity, Canada VijayVaradharajan WesternSydneyUniversity, Australia YuliangZheng MonashUniversity, Australia Referees N. Asokan ZhangJiang DingyiPei YunBai ErlandJonsson JosefPieprzyk SimonBlackburn SveinKnapskog VincentRijmen ColinBoyd HuLei SteveRoberts LawrieBrown LeszekMaciaszek GregRose BillCaelli KeithMartin ReiSafavi-Naini EdDawson CathyMeadows RaviSandhu CunshengDing BillMillan RajanShankaran GaryGaskell QiMing Sta ordTavares JanuszGetta Sang-JaeMoon VijayVaradharajan DieterGollmann YiMu Kapaleeswaran MarcGysin KennyNguyen Viswanathan YongfeiHan KaisaNyberg ChuanWu ThomasHardjono Choon-SikPark YuliangZheng. TableofContents BooleanFunctions BooleanFunctionDesignUsingHillClimbingMethods WilliamMillan, AndrewClark, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 EnumerationofCorrelationImmuneBooleanFunctions SubhamoyMaitraandPalashSarkar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 OntheSymmetricPropertyofHomogeneousBooleanFunctions ChengxinQu, JenniferSeberry, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . . 26 KeyManagement PubliclyVeri ableKeyEscrowwithLimitedTimeSpan KapaliViswanathan, ColinBoyd, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . 36 AcceleratingKeyEstablishmentProtocolsforMobileCommunication SeungwonLee, Seong-MinHong, HyunsooYoon, andYookunCho. . . . . . . . . 51 ConferenceKeyAgreementfromSecretSharing Chih-HungLiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Cryptanalysis Onm-PermutationProtectionSchemeAgainstModi cationAttack W. W. FungandJ. W. Gray, III. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 InversionAttackandBranching JovanDj. Golic, AndrewClark, andEdDawson . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Signatures Fail-StopThresholdSignatureSchemesBasedonEllipticCurves WillySusilo, ReiSafavi-Naini, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . 103 DivertibleZero-KnowledgeProofofPolynomialRelationsand BlindGroupSignature KhanhQuocNguyen, YiMu, andVijayVaradharajan. . . . . . . . . . . . . . . . . . . . 117 RepudiationofCheatingandNon-repudiationof Zhang sProxySignatureSchemes HosseinGhodosiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 X TableofContents RSACryptosystems OntheSecurityofanRSABasedEncryptionScheme SigunaMul ]ler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 GeneralisedCyclingAttacksonRSAandStrongRSAPrimes MarcGysinandJenniferSeberry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 RSAAccelerationwithFieldProgrammableGateArrays AlexanderTiountchikandElenaTrichina. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 GroupCryptography ChangingThresholdsintheAbsenceofSecureChannels KeithM. Martin, JosefPieprzyk, ReiSafavi-Naini, andHuaxiongWang . 177 ASelf-Certi edGroup-OrientedCryptosystemWithoutaCombiner ShahrokhSaeedniaandHosseinGhodosi . . . . . . . . . . . . . . . . . . . .

This book constitutes the refereed proceedings of the 1998 International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT '98, held in Espoo, Finland, in May/June 1998.
The book presents 44 revised full papers selected from a total of 161 submissions. The papers are organized in sections on distributed cryptography, complexity, cryptanalysis of block ciphers, computational algorithms, paradigms for symmetric systems, public key cryptosystems, multi-party computation, digital signatures, Boolean functions, combinatorial design and analysis, elliptic curve systems, and electronic commerce and payment.

This volume constitutes the strictly refereed post-workshop proceedings of the Fourth International Workshop on Fast Software Encryption, FSE'97, held in Haifa, Israel, in January 1997.
The 23 full papers presented were carefully selected from 44 submissions and revised for inclusion in the book. Also contained is a summary of a panel discussion. The papers are organized in sections on cryptanalysis, blockciphers, stream ciphers, message authentication codes, modes of operation, and fast software encryption. Particular emphasis is placed on applicability and implementation issues of fast cryptography.

This book constitutes the refereed proceedings of the 17th Annual International Cryptology Conference, CRYPTO'97, held in Santa Barbara, California, USA, in August 1997 under the sponsorship of the International Association for Cryptologic Research (IACR).
The volume presents 35 revised full papers selected from 160 submissions received. Also included are two invited presentations. The papers are organized in sections on complexity theory, cryptographic primitives, lattice-based cryptography, digital signatures, cryptanalysis of public-key cryptosystems, information theory, elliptic curve implementation, number-theoretic systems, distributed cryptography, hash functions, cryptanalysis of secret-key cryptosystems.

This book constitutes the refereed proceedings of the Second Australasian Conference on Information Security and Privacy, ACISP'97, held in Sydney, NSW, Australia, in July 1997.
The 20 revised full papers presented were carefully selected for inclusion in the proceedings. The book is divided into sections on security models and access control, network security, secure hardware and implementation issues, cryptographic functions and ciphers, authentication codes and secret sharing systems, cryptanalysis, key escrow, security protocols and key management, and applications.

Fast Software Encryption (FSE) is an annual research workshop devoted to the promotion of research on classical encryption algorithms and related cryp- graphic primitives such as hash functions. When public key cryptography started to receive wide attention in the 1980s, the much older and more basic art of secret key cryptography was sidelined at many research conferences. This motivated Ross Anderson to organise the rst FSE in Cambridge, England in December 1993; subsequent workshops followed at Leuven, Belgium (December 1994), Cambridge again (February 1996), and Haifa, Israel (January 1997). These proceedings contain the papers due to be presented at the fth FSE workshop in March 1998 at the Hotel du Louvre in Paris. This event is organized by the Ecole Normale Superieure and the Centre National pour la Recherche S- enti que (CNRS) in cooperation with the International Association for Cryp- logic Research (IACR), and has attracted the kind support of Gemplus and Microsoft, the world leaders in smart cards and software { two domains very closely connected to our research concerns.

This book constitutes the strictly refereed post-workshop proceedings of the 5th International Workshop on Security Protocols, held in Paris, France, in April 1997. The 17 revised full papers presented address all current aspects of security protocols. Among the topics covered are secure distribution of knowledge, electronic voting systems, secure Internet transactions, digital signatures, key exchange, cryprographic protocols, authentication, threshold systems, secret sharing, ect.

EUROCRYEVr '97, the 15th annual EUROCRYPT conference on the theory and application of cryptographic techniques, was organized and sponsored by the International Association for Cryptologic Research (IACR). The IACR organizes two series of international conferences each year, the EUROCRYPT meeting in Europe and CRWTO in the United States. The history of EUROCRYFT started 15 years ago in Germany with the Burg Feuerstein Workshop (see Springer LNCS 149 for the proceedings). It was due to Thomas Beth's initiative and hard work that the 76 participants from 14 countries gathered in Burg Feuerstein for the first open meeting in Europe devoted to modem cryptography. I am proud to have been one of the participants and still fondly remember my first encounters with some of the celebrities in cryptography. Since those early days the conference has been held in a different location in Europe each year (Udine, Paris, Linz, Linkoping, Amsterdam, Davos, Houthalen, Aarhus, Brighton, Balantonfiired, Lofthus, Perugia, Saint-Malo, Saragossa) and it has enjoyed a steady growth, Since the second conference (Udine, 1983) the IACR has been involved, since the Paris meeting in 1984, the name EUROCRYPT has been used. For its 15th anniversary, EUROCRYPT finally returned to Germany. The scientific program for EUROCRYPT '97 was put together by a 18-member program committee whch considered 104 high-quality submissions. These proceedings contain the revised versions of the 34 papers that were accepted for presentation. In addition, there were two invited talks by Ernst Bovelander and by Gerhard Frey.

This book constitutes the refereed proceedings of the 6th International Conference on Cryptography and Coding held at the Institute of Mathematics and its Applications (IMA) in Cirencester, UK, in December 1997. The 35 revised full papers presented emphasize the links and commonality between the underlying mathematical bases and algorithmic foundations of cryptography, error control coding and digital signal processing devices available today. Besides classical crypto topics, other issues concerning information transmission and processing are addressed, such as multiple-access coding, image processing, synchronization and sequence design.

The contributions to this book are the invited papers presented at the fifth annual Safety-critical Systems Symposium. They cover a broad spectrum of issues affecting safety, from a philosophical appraisal to technology transfer, from requirements analysis to assessment, from formal methods to artificial intelligence and psychological aspects. They touch on a number of industry sectors, but are restricted to none, for the essence of the event is the transfer of lessons and technologies between sectors. All address practical issues and of fer useful information and advice. Contributions from industrial authors provide evidence of both safety con sciousness and safety professionalism in industry. Smith's on safety analysis in air traffic control and Rivett's on assessment in the automotive industry are informative on current practice; Frith's thoughtful paper on artificial intelli gence in safety-critical systems reflects an understanding of questions which need to be resolved; Tomlinson's, Alvery's and Canning's papers report on collaborative projects, the first on results which emphasise the importance of human factors in system development, the second on the development and trial of a comprehensive tool set, and the third on experience in achieving tech nology transfer - something which is crucial to increasing safety."

This book constitutes the refereed proceedings of the First International Conference on Information and Communication Security, ICICS '97, held in Beijing, China in November 1997.
The 37 revised full papers presented were selected from a total of 87 submissions. Also included are 11 short papers. The book is divided in sections on theoretical foundations of security, secret sharing, network security, authentication and identification, Boolean functions and stream ciphers, security evaluation, signatures, public key systems, cryptanalysis of public key systems, subliminal channels, key recovery, intellectual property protection, protocols, and electronic commerce.

This book constitutes the strictly refereed post-workshop proceedings of the First International Workshop on Information Hiding, held in Cambridge, UK, in May/June 1996, within the research programme in computer security, cryptology and coding theory organized by the volume editor at the Isaac Newton Institute in Cambridge.
Work on information hiding has been carried out over the last few years within different research communities, mostly unaware of each other's existence. The 26 papers presented define the state of the art and lay the foundation for a common terminology. This workshop is very likely to be seen at some point as one of those landmark events that mark the birth of a new scientific discipline.

This book constitutes the thoroughly refereed post-conference proceedings of the First Australiasian Conference on Information Security and Privacy, ACISP '96, held in Wollongong, NSW, Australia, in June 1996.
The volume includes revised full versions of the 26 refereed papers accepted for presentation at the conference; also included are three invited contributions. The papers are organized in topical sections on authentication, secret sharing, encryption and cryptographic functions, authentication protocols, stream ciphers, access control, security models and intrusion detection, threshold cryptography, and hashing.

The safe and secure operation ofcomputer systems continues to be the major issue in many applications where there is a threat to people, the environment, investment or goodwill. Such applications include medical devices, railway signalling, energy distribution, vehicle control and monitoring, air traffic control, industrial process control, telecommunications systemsand manyothers. This book represents the proceedings of the 16th International Conference on Computer Safety, Reliability and Security, held in York, UK, 7-10 September 1997. The conference reviews the state ofthe art, experience and new trends in the areas of computer safety, reliability and security. It forms a platform for technology transfer between academia, industry and research institutions. In an expanding world-wide market for safe, secure and reliable computer systems SAFECOMP 97 provides an opportunity for technical developers, users and legislators to exchange and review the experience, to consider the best technologies now available and to identify the skills and technologies required for the future. The papers were carefully selected by the Conference International Programme Committee. The authors of the papers come from twelve different countries. The subjects covered include safe software, safety cases, management & development, security, human factors, guidelines standards & certification, applications & industrial experience, formal methods & models andvalidation, verification and testing. SAFECOMP '97 continues the successful series of SAFECOMP conferences first held in 1979 in Stuttgart. SAFECOMP is organised by the European Workshop on Industrial Computer Systems, Technical Committee 7 on Safety, Security and Reliability (EWICS TC7).

This book constitutes the strictly refereed proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT '96, held in Kyongju, Korea, in November 1996.
The 31 revised full papers presented together with three invited contributions were carefully selected from a total of 124 submissions. The papers are organized in topical sections on discrete log based systems, efficient algorithms, hash functions and block cyphers, cryptographic protocols, signature and identification, visual secret sharing, key distribution, Boolean functions, electronic cash, special signatures, stream ciphers, and hard problems.

Safety and Reliability of Software Based Systems contains papers, presented at the twelfth annual workshop organised by the Centre for Software Reliability. Contributions come from different industries in many countries, and provide discussion and cross-fertilisation of ideas relevant to systems whose safety and/or reliability are of paramount concern.
This book discusses safety cases and their varying roles in different industries; using measurement to improve reliability and safety of software-based systems; latest developments in managing, developing and assessing software intensive systems where reliability and/or safety are important considerations; and practical experiences of others in industry.

This book constitutes the refereed proceedings of the 4th European Symposium on Research in Computer Security, ESORICS '96, held in Rome, Italy, in September 1996 in conjunction with the 1996 Italian National Computer Conference, AICA '96.
The 21 revised full papers presented in the book were carefully selected from 58 submissions. They are organized in sections on electronic commerce, advanced access control models for database systems, distributed systems, security issues for mobile computing, network security, theoretical foundations of security, and secure database architectures.