TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'Halluin,G. Bijnens,V. Rijmen,andB. Preneel OntheSecurityofthe128-bitBlockCipherDEAL...60 S. Lucks CryptanalysisofaReducedVersionoftheBlockCipherE2...71 M. MatsuiandT. Tokita OntheDecorrelatedFastCipher(DFC)andItsTheory...81 L. R. KnudsenandV. Rijmen RemotelyKeyedEncryption ScrambleAll,EncryptSmall...95 M. Jakobsson,J. P. Stern,andM. Yung AcceleratedRemotelyKeyedEncryption...112 S. Lucks AnalysisofBlockCiphersI MissintheMiddleAttacksonIDEAandKhufu...124 E. Biham,A. Biryukov,andA. Shamir ModnCryptanalysis,withApplicationsagainstRC5PandM6...139 J. Kelsey,B. Schneier,andD. Wagner TheBoomerangAttack...156 D. Wagner Miscellaneous TowardsMakingLuby-Racko CiphersOptimalandPractical ...171 S. Patel,Z. Ramzan,andG. S. Sundaram ANewCharacterizationofAlmostBentFunctions...186 A. Canteaut,P. Charpin,andH. Dobbertin ImprimitivePermutationGroupsandTrapdoorsinIteratedBlockCiphers. 201 K. G. Paterson VIII TableofContents ModesofOperation OntheSecurityofDoubleand2-KeyTripleModesofOperation...215 H. HandschuhandB. Preneel OntheConstructionofVariable-Input-LengthCiphers...231 M. BellareandP. Rogaway AnalysisofBlockCiphersII SlideAttacks...245 A. BiryukovandD. Wagner OntheSecurityofCS-Cipher...260 S. Vaudenay InterpolationAttacksoftheBlockCipher:SNAKE...275 S. Moriai,T. Shimoyama,andT. Kaneko StreamCiphers High-SpeedPseudorandomNumberGenerationwithSmallMemory...290 W. Aiello,S. Rajagopalan,andR. Venkatesan SOBERCryptanalysis...305 D. BleichenbacherandS. Patel AuthorIndex...317 ImprovedAnalysisof SomeSimpli edVariantsofRC6 1 2 1 1 ScottContini ,RonaldL. Rivest ,M. J. B. Robshaw ,andYiqunLisaYin 1 RSALaboratories,2955CampusDrive SanMateo,CA94403,USA fscontini,matt,yiqung@rsa. com 2 M. I. T. LaboratoryforComputerScience,545TechnologySquare Cambridge,MA02139,USA rivest@theory. lcs. mit.

If you think Bitcoin is just an alternative currency for geeks, it's time to think again. Grokking Bitcoin opens up this powerful distributed ledger system, exploring the technology that enables applications both for Bitcoin-based financial transactions and using the blockchain for registering physical property ownership.

With this fully illustrated, easy-to-read guide, you'll finally understand how Bitcoin works, how you can use it, and why you can trust the blockchain.

Grokking Bitcoin explains why Bitcoin’s supporters trust it so deeply, and why you can too. This approachable book will introduce you to Bitcoin’s groundbreaking technology, which is the key to this world-changing system. This illustrated, easy-to-read guide prepares you for a new way of thinking with easy-to-follow diagrams and exercises. You’ll discover how Bitcoin mining works, how to accept Bitcoin, how to participate in the Bitcoin network, and how to set up a digital wallet.

The4thAustralasianConferenceonInformationSecurityandPrivacywasheld attheUniversityofWollongong, Australia. Theconferencewassponsoredby theCentreforComputerSecurityResearch, UniversityofWollongong, andthe AustralianComputerSociety. Theaimoftheconferencewastobringtogether peopleworkingindi erentareasofcomputer, communication, andinformation securityfromuniversities, industry, andgovernmentinstitutions. Theconference gavetheparticipantsanopportunitytodiscussthelatestdevelopmentsinthe quicklygrowingareaofinformationsecurityandprivacy. Theprogramcommitteeaccepted26papersfrom53submitted. Fromthose accepted, thirteen papers were from Australia, two each from Belgium and China, andoneeachfromAustria, Belarus, France, India, Japan, Korea, Sin- pore, theUSA, andYugoslavia. Conferencesessionscoveredthefollowingtopics: accesscontrolandsecuritymodels, networksecurity, Booleanfunctions, group communication, cryptanalysis, keymanagementsystems, electroniccommerce, signatureschemes, RSAcryptosystems, andoddsandends. We would like to thank the members of the program committee who - nerouslyspenttheirtimereadingandevaluatingthepapers. Wewouldalsolike tothankmembersoftheorganisingcommitteeand, inparticular, ChrisCh- nes, HosseinGhodosi, MarcGysin, Tiang-BingXia, Cheng-XinQu, SanYeow Lee, YejingWang, Hua-XiongWang, Chih-HungLi, WillySusilo, ChintanShah, Je reyHorton, andGhulamRasoolChaudhryfortheircontinuousandtireless e ortinorganisingtheconference. Finally, wewouldliketothanktheauthorsof allthesubmittedpapers, especiallytheacceptedones, andalltheparticipants whomadetheconferenceasuccessfulevent. February1999 JosefPieprzyk ReiSafavi-Naini JenniferSeberry FOURTHAUSTRALASIANCONFERENCE ONINFORMATIONSECURITY ANDPRIVACY ACISP 99 Sponsoredby CenterforComputerSecurityResearch UniversityofWollongong, Australia and AustralianComputerSociety GeneralChair: JenniferSeberry UniversityofWollongong ProgramCo-Chairs: JosefPieprzyk UniversityofWollongong ReiSafavi-Naini UniversityofWollongong ProgramCommittee: ColinBoyd QueenslandUniversityofTechnology, Australia LawrieBrown AustralianDefenceForceAcademy, Australia BillCaelli QueenslandUniversityofTechnology, Australia EdDawson QueenslandUniversityofTechnology, Australia CunshengDing NationalUniversityofSingapore, Singapore DieterGollmann MicrosoftResearch, UK YongfeiHan Gemplus, Singapore ThomasHardjono BayNetworks, US ErlandJonsson ChalmersUniversity, Sweden SveinKnapskog UniversityofTrondheim, Norway KeithMartin KatholiekeUniversiteitLeuven, Belgium CathyMeadows NavalResearchLaboratory, US KaisaNyberg NokiaResearchCenter, Finland Choon-SikPark ElectronicsandTelecommunicationResearchInstitute, Korea DingyiPei AcademiaSinica, China SteveRoberts WithamPtyLtd, Australia ConferenceOrganization VII GregRose Qualcomm, Australia RaviSandhu GeorgeMasonUniversity, US Sta ordTavares Queen sUniversity, Canada VijayVaradharajan WesternSydneyUniversity, Australia YuliangZheng MonashUniversity, Australia Referees N. Asokan ZhangJiang DingyiPei YunBai ErlandJonsson JosefPieprzyk SimonBlackburn SveinKnapskog VincentRijmen ColinBoyd HuLei SteveRoberts LawrieBrown LeszekMaciaszek GregRose BillCaelli KeithMartin ReiSafavi-Naini EdDawson CathyMeadows RaviSandhu CunshengDing BillMillan RajanShankaran GaryGaskell QiMing Sta ordTavares JanuszGetta Sang-JaeMoon VijayVaradharajan DieterGollmann YiMu Kapaleeswaran MarcGysin KennyNguyen Viswanathan YongfeiHan KaisaNyberg ChuanWu ThomasHardjono Choon-SikPark YuliangZheng. TableofContents BooleanFunctions BooleanFunctionDesignUsingHillClimbingMethods WilliamMillan, AndrewClark, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 EnumerationofCorrelationImmuneBooleanFunctions SubhamoyMaitraandPalashSarkar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 OntheSymmetricPropertyofHomogeneousBooleanFunctions ChengxinQu, JenniferSeberry, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . . 26 KeyManagement PubliclyVeri ableKeyEscrowwithLimitedTimeSpan KapaliViswanathan, ColinBoyd, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . 36 AcceleratingKeyEstablishmentProtocolsforMobileCommunication SeungwonLee, Seong-MinHong, HyunsooYoon, andYookunCho. . . . . . . . . 51 ConferenceKeyAgreementfromSecretSharing Chih-HungLiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Cryptanalysis Onm-PermutationProtectionSchemeAgainstModi cationAttack W. W. FungandJ. W. Gray, III. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 InversionAttackandBranching JovanDj. Golic, AndrewClark, andEdDawson . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Signatures Fail-StopThresholdSignatureSchemesBasedonEllipticCurves WillySusilo, ReiSafavi-Naini, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . 103 DivertibleZero-KnowledgeProofofPolynomialRelationsand BlindGroupSignature KhanhQuocNguyen, YiMu, andVijayVaradharajan. . . . . . . . . . . . . . . . . . . . 117 RepudiationofCheatingandNon-repudiationof Zhang sProxySignatureSchemes HosseinGhodosiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 X TableofContents RSACryptosystems OntheSecurityofanRSABasedEncryptionScheme SigunaMul ]ler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 GeneralisedCyclingAttacksonRSAandStrongRSAPrimes MarcGysinandJenniferSeberry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 RSAAccelerationwithFieldProgrammableGateArrays AlexanderTiountchikandElenaTrichina. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 GroupCryptography ChangingThresholdsintheAbsenceofSecureChannels KeithM. Martin, JosefPieprzyk, ReiSafavi-Naini, andHuaxiongWang . 177 ASelf-Certi edGroup-OrientedCryptosystemWithoutaCombiner ShahrokhSaeedniaandHosseinGhodosi . . . . . . . . . . . . . . . . . . . .

This book constitutes the refereed proceedings of the 1998 International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT '98, held in Espoo, Finland, in May/June 1998.
The book presents 44 revised full papers selected from a total of 161 submissions. The papers are organized in sections on distributed cryptography, complexity, cryptanalysis of block ciphers, computational algorithms, paradigms for symmetric systems, public key cryptosystems, multi-party computation, digital signatures, Boolean functions, combinatorial design and analysis, elliptic curve systems, and electronic commerce and payment.

This volume constitutes the strictly refereed post-workshop proceedings of the Fourth International Workshop on Fast Software Encryption, FSE'97, held in Haifa, Israel, in January 1997.
The 23 full papers presented were carefully selected from 44 submissions and revised for inclusion in the book. Also contained is a summary of a panel discussion. The papers are organized in sections on cryptanalysis, blockciphers, stream ciphers, message authentication codes, modes of operation, and fast software encryption. Particular emphasis is placed on applicability and implementation issues of fast cryptography.

This book constitutes the refereed proceedings of the 17th Annual International Cryptology Conference, CRYPTO'97, held in Santa Barbara, California, USA, in August 1997 under the sponsorship of the International Association for Cryptologic Research (IACR).
The volume presents 35 revised full papers selected from 160 submissions received. Also included are two invited presentations. The papers are organized in sections on complexity theory, cryptographic primitives, lattice-based cryptography, digital signatures, cryptanalysis of public-key cryptosystems, information theory, elliptic curve implementation, number-theoretic systems, distributed cryptography, hash functions, cryptanalysis of secret-key cryptosystems.

This book constitutes the refereed proceedings of the Second Australasian Conference on Information Security and Privacy, ACISP'97, held in Sydney, NSW, Australia, in July 1997.
The 20 revised full papers presented were carefully selected for inclusion in the proceedings. The book is divided into sections on security models and access control, network security, secure hardware and implementation issues, cryptographic functions and ciphers, authentication codes and secret sharing systems, cryptanalysis, key escrow, security protocols and key management, and applications.

Fast Software Encryption (FSE) is an annual research workshop devoted to the promotion of research on classical encryption algorithms and related cryp- graphic primitives such as hash functions. When public key cryptography started to receive wide attention in the 1980s, the much older and more basic art of secret key cryptography was sidelined at many research conferences. This motivated Ross Anderson to organise the rst FSE in Cambridge, England in December 1993; subsequent workshops followed at Leuven, Belgium (December 1994), Cambridge again (February 1996), and Haifa, Israel (January 1997). These proceedings contain the papers due to be presented at the fth FSE workshop in March 1998 at the Hotel du Louvre in Paris. This event is organized by the Ecole Normale Superieure and the Centre National pour la Recherche S- enti que (CNRS) in cooperation with the International Association for Cryp- logic Research (IACR), and has attracted the kind support of Gemplus and Microsoft, the world leaders in smart cards and software { two domains very closely connected to our research concerns.

This book constitutes the strictly refereed post-workshop proceedings of the 5th International Workshop on Security Protocols, held in Paris, France, in April 1997. The 17 revised full papers presented address all current aspects of security protocols. Among the topics covered are secure distribution of knowledge, electronic voting systems, secure Internet transactions, digital signatures, key exchange, cryprographic protocols, authentication, threshold systems, secret sharing, ect.

EUROCRYEVr '97, the 15th annual EUROCRYPT conference on the theory and application of cryptographic techniques, was organized and sponsored by the International Association for Cryptologic Research (IACR). The IACR organizes two series of international conferences each year, the EUROCRYPT meeting in Europe and CRWTO in the United States. The history of EUROCRYFT started 15 years ago in Germany with the Burg Feuerstein Workshop (see Springer LNCS 149 for the proceedings). It was due to Thomas Beth's initiative and hard work that the 76 participants from 14 countries gathered in Burg Feuerstein for the first open meeting in Europe devoted to modem cryptography. I am proud to have been one of the participants and still fondly remember my first encounters with some of the celebrities in cryptography. Since those early days the conference has been held in a different location in Europe each year (Udine, Paris, Linz, Linkoping, Amsterdam, Davos, Houthalen, Aarhus, Brighton, Balantonfiired, Lofthus, Perugia, Saint-Malo, Saragossa) and it has enjoyed a steady growth, Since the second conference (Udine, 1983) the IACR has been involved, since the Paris meeting in 1984, the name EUROCRYPT has been used. For its 15th anniversary, EUROCRYPT finally returned to Germany. The scientific program for EUROCRYPT '97 was put together by a 18-member program committee whch considered 104 high-quality submissions. These proceedings contain the revised versions of the 34 papers that were accepted for presentation. In addition, there were two invited talks by Ernst Bovelander and by Gerhard Frey.

This book constitutes the refereed proceedings of the 6th International Conference on Cryptography and Coding held at the Institute of Mathematics and its Applications (IMA) in Cirencester, UK, in December 1997. The 35 revised full papers presented emphasize the links and commonality between the underlying mathematical bases and algorithmic foundations of cryptography, error control coding and digital signal processing devices available today. Besides classical crypto topics, other issues concerning information transmission and processing are addressed, such as multiple-access coding, image processing, synchronization and sequence design.

The contributions to this book are the invited papers presented at the fifth annual Safety-critical Systems Symposium. They cover a broad spectrum of issues affecting safety, from a philosophical appraisal to technology transfer, from requirements analysis to assessment, from formal methods to artificial intelligence and psychological aspects. They touch on a number of industry sectors, but are restricted to none, for the essence of the event is the transfer of lessons and technologies between sectors. All address practical issues and of fer useful information and advice. Contributions from industrial authors provide evidence of both safety con sciousness and safety professionalism in industry. Smith's on safety analysis in air traffic control and Rivett's on assessment in the automotive industry are informative on current practice; Frith's thoughtful paper on artificial intelli gence in safety-critical systems reflects an understanding of questions which need to be resolved; Tomlinson's, Alvery's and Canning's papers report on collaborative projects, the first on results which emphasise the importance of human factors in system development, the second on the development and trial of a comprehensive tool set, and the third on experience in achieving tech nology transfer - something which is crucial to increasing safety."

This book constitutes the refereed proceedings of the First International Conference on Information and Communication Security, ICICS '97, held in Beijing, China in November 1997.
The 37 revised full papers presented were selected from a total of 87 submissions. Also included are 11 short papers. The book is divided in sections on theoretical foundations of security, secret sharing, network security, authentication and identification, Boolean functions and stream ciphers, security evaluation, signatures, public key systems, cryptanalysis of public key systems, subliminal channels, key recovery, intellectual property protection, protocols, and electronic commerce.

This book constitutes the strictly refereed post-workshop proceedings of the First International Workshop on Information Hiding, held in Cambridge, UK, in May/June 1996, within the research programme in computer security, cryptology and coding theory organized by the volume editor at the Isaac Newton Institute in Cambridge.
Work on information hiding has been carried out over the last few years within different research communities, mostly unaware of each other's existence. The 26 papers presented define the state of the art and lay the foundation for a common terminology. This workshop is very likely to be seen at some point as one of those landmark events that mark the birth of a new scientific discipline.

This book constitutes the thoroughly refereed post-conference proceedings of the First Australiasian Conference on Information Security and Privacy, ACISP '96, held in Wollongong, NSW, Australia, in June 1996.
The volume includes revised full versions of the 26 refereed papers accepted for presentation at the conference; also included are three invited contributions. The papers are organized in topical sections on authentication, secret sharing, encryption and cryptographic functions, authentication protocols, stream ciphers, access control, security models and intrusion detection, threshold cryptography, and hashing.

The safe and secure operation ofcomputer systems continues to be the major issue in many applications where there is a threat to people, the environment, investment or goodwill. Such applications include medical devices, railway signalling, energy distribution, vehicle control and monitoring, air traffic control, industrial process control, telecommunications systemsand manyothers. This book represents the proceedings of the 16th International Conference on Computer Safety, Reliability and Security, held in York, UK, 7-10 September 1997. The conference reviews the state ofthe art, experience and new trends in the areas of computer safety, reliability and security. It forms a platform for technology transfer between academia, industry and research institutions. In an expanding world-wide market for safe, secure and reliable computer systems SAFECOMP 97 provides an opportunity for technical developers, users and legislators to exchange and review the experience, to consider the best technologies now available and to identify the skills and technologies required for the future. The papers were carefully selected by the Conference International Programme Committee. The authors of the papers come from twelve different countries. The subjects covered include safe software, safety cases, management & development, security, human factors, guidelines standards & certification, applications & industrial experience, formal methods & models andvalidation, verification and testing. SAFECOMP '97 continues the successful series of SAFECOMP conferences first held in 1979 in Stuttgart. SAFECOMP is organised by the European Workshop on Industrial Computer Systems, Technical Committee 7 on Safety, Security and Reliability (EWICS TC7).

This book constitutes the strictly refereed proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security, ASIACRYPT '96, held in Kyongju, Korea, in November 1996.
The 31 revised full papers presented together with three invited contributions were carefully selected from a total of 124 submissions. The papers are organized in topical sections on discrete log based systems, efficient algorithms, hash functions and block cyphers, cryptographic protocols, signature and identification, visual secret sharing, key distribution, Boolean functions, electronic cash, special signatures, stream ciphers, and hard problems.

Safety and Reliability of Software Based Systems contains papers, presented at the twelfth annual workshop organised by the Centre for Software Reliability. Contributions come from different industries in many countries, and provide discussion and cross-fertilisation of ideas relevant to systems whose safety and/or reliability are of paramount concern.
This book discusses safety cases and their varying roles in different industries; using measurement to improve reliability and safety of software-based systems; latest developments in managing, developing and assessing software intensive systems where reliability and/or safety are important considerations; and practical experiences of others in industry.

This book constitutes the refereed proceedings of the 4th European Symposium on Research in Computer Security, ESORICS '96, held in Rome, Italy, in September 1996 in conjunction with the 1996 Italian National Computer Conference, AICA '96.
The 21 revised full papers presented in the book were carefully selected from 58 submissions. They are organized in sections on electronic commerce, advanced access control models for database systems, distributed systems, security issues for mobile computing, network security, theoretical foundations of security, and secure database architectures.

Crypto '96, the Sixteenth Annual Crypto Conference, is sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and P- vacy and the Computer Science Department of the University of California at Santa Barbara (UCSB). It takes place at UCSB from August 18 to 22, 1996. The General Chair, Richard Graveman, is responsible for local organization and registration. The scientific program was organized by the 16-member Program C- mittee. We considered 115 papers. (An additional 15 submissions had to be summarily rejected because of lateness or major noncompliance with the c- ditions in the Call for Papers.) Of these, 30 were accepted for presentation. In addition, there will be five invited talks by Ernest Brickell. Andrew Clark, Whitfield Diffie, Ronald Rivest, and Cliff Stoll. A Rump Session will be chaired by Stuart Haber. These proceedings contain the revised versions of the 30 contributed talks. least three com- The submitted version of each paper was examined by at mittee members and/or outside experts, and their comments were taken into account in the revisions. However, the authors (and not the committee) bear full responsibility for the content of their papers.

There is now a serious discussion taking place about the moment at which human beings will be surpassed and replaced by the machine. On the one hand we are designing machines which embed more and more human intelligence, but at the same time we are in danger of becoming more and more like machines. In these circumstances, we all need to consider: * What can we do? * What should we do? * What are the alternatives of doing it? This book is about the human-centred alternative of designing systems and technologies. This alternative is rooted in the European tradition of human-centredness which emphasises the symbiosis of human capabilities and machine capacity. The human-centred tra dition celebrates the diversity of human skill and ingenuity and provides an alternative to the 'mechanistic' paradigm of 'one best way', the 'sameness of science' and the 'dream of the exact language'. This alternative vision has its origin in the founding European human-centred movements of the 1970s. These include the British movement of Socially Useful Technology, the Scandinavian move ment of Democratic Participation, and the German movement of Humanisation of Work and Technology. The present volume brings together various strands of human-centred systems philosophy which span the conceptual richness and cultural diversity of the human-centred movements. The core ideas of human-centredness include human-machine symbiosis, the tacit dimension of knowl edge, the system as a tool rather than a machine, dialogue, partici pation, social shaping and usability.

The Commission of the European Union, through its Fourth Framework R&D programme is committed to the development of the Information Society. There is no doubt that there will be many radical changes in all aspects of society caused by the far-reaching impact of continuing advances in information and communi cation technologies. Many of these changes cannot be predicted, but that uncer tainty must not stop us from moving forward. The challenge is to ensure that these technologies are put to use in the most beneficial manner, taking fully into account the rich cultural and linguistic backgrounds within the peoples of Europe. We have a duty to ensure that the ultimate end-users of the technology are involved in the development and application of that technology to help shape its use. Without this active involvement, designers will not understand the individual and organisational requirements of the users, and the users will not understand the impact and applicability of the new technology. Failure on either account will lead to a sense of resentment on the part of the users and a lost opportunity to improve the quality of human life. The work, sponsored by the Human Comfort & Security sub-domain of the ESPRIT programme, has a central part to play in the creation of the Information Society, lying as it does at the interface between the technology and the user."

This book, based on the author's Ph.D. thesis, was selected during the 1995 GI Doctoral Dissertation Competition as the winning thesis in the foundations-of-informatics track.
Securing integrity for digital communications in the age of global electronic information exchange and electronic commerce is vital to democratic societies and a central technical challenge for cryptologists. As core contribution to advancing the state of the art, the author develops the new class of digital fail-stop signatures. This monograph is self-contained regarding the historical background and cryptographic primitives used. For the first time, a general and sophisticated framework is introduced in which innovative fail-stop signatures are systematically presented and evaluated, from theoretical foundations to engineering aspects.

This book constitutes the refereed proceedings of the 5th IMA Conference on Cryptography and Coding, held in Cirencester, UK in December 1995.
The volume presents 22 full revised papers selected from 48 submissions together with five invited full papers and three abstracts on the mathematical theory and practice of cryptography and coding; continuing advances in these strongly related areas are crucial for the security and reliability of data communication, processing, and storage. Among the topics addressed are linear codes, error-correcting codes, decoding, key distribution, authentication, hash functions, block ciphers, cryptanalysis, and electronic cash.

Recent and well-publicised disasters have highlighted the fact that organisations of all kinds - from healthcare to aerospace - are critically dependent on Information Technology systems. The prevention of catastrophic I.T. failure is now an essential part of management.
In this thought-provoking guide for executives and managers Richard Ennals argues that the critical factor is not technology, but people and communication.