This book constitutes the refereed proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2001, held in Cheju Island, Korea in February 2001.The 30 revised full papers presented were carefully reviewed and selected from 67 submissions. The papers address all current issues in public key cryptography, ranging from mathematical foundations to implementation issues.

This book constitutes the refereed proceedings of the First International Conference on Cryptology in India, INDOCRYPT 2000, held in Calcutta, India in December 2000. The 25 revised full papers presented were carefully reviewed and selected from a total of 54 submissions. The book offers topical sections on stream ciphers and Boolean functions, cryptoanalysis: stream ciphers, cryptanalysis: block ciphers, electronic cash and multiparty computation, digital signatures, elliptic curves, fast arithmetic, cryptographic protocols, and block cipher and public key cryptography.

This book constitutes the thoroughly refereed post-proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2000, held in Worcester, MA, USA in August 2000. The 25 revised full papers presented together with two invited contributions were carefully reviewed and selected from 51 submissions. The papers are organized in topical sections on implementation of elliptic curve cryptosystems, power and timing analysis attacks, hardware implementation of block ciphers, hardware architectures, power analysis attacks, arithmetic architectures, physical security and cryptanalysis, and new schemes and algorithms.

The third International Workshop on Information Security was held at the U- versity of Wollongong, Australia. The conference was sponsored by the Centre for Computer Security Research, University of Wollongong. The main themes of the conference were the newly emerging issues of Information Security. Mul- media copyright protection and security aspects of e-commerce were two topics that clearly re?ect the focus of the conference. Protection of the copyright of electronic documents seems to be driven by strong practical demand from the industry for new, e cient and secure solutions. Although e-commerce is already booming, it has not reached its full potential in terms of new, e cient and secure e-commerce protocols with added properties. There were 63 papers submitted to the conference. The program committee accepted 23. Of those accepted, six papers were from Australia, ve from Japan, two each from Spain, Germany and the USA, and one each from Finland and Sweden. Four papers were co-authored by international teams from Canada and China, Korea and Australia, Taiwan and Australia, and Belgium, France and Germany, respectively. Final versions of the accepted papers were gathered using computing and other resources of the Institute of Mathematics, Polish Academy of Sciences, Warsaw, Poland. We are especially grateful to Jerzy Urbanowicz and Andrzej Pokrzywa for their help during preparation of the proceedings.

ASIACRYPT 2000 was the sixth annual ASIACRYPT conference. It was sp- sored by the International Association for Cryptologic Research (IACR) in - operation with the Institute of Electronics, Information, and Communication Engineers (IEICE). The ?rst conference with the name ASIACRYPT took place in 1991, and the series of ASIACRYPT conferences were held in 1994, 1996, 1998, and 1999, in cooperation with IACR. ASIACRYPT 2000 was the ?rst conference in the series to be sponsored by IACR. The conference received 140 submissions (1 submission was withdrawn by the authors later), and the program committee selected 45 of these for presen- tion. Extended abstracts of the revised versions of these papers are included in these proceedings. The program also included two invited lectures by Thomas Berson (Cryptography Everywhere: IACR Distinguished Lecture) and Hideki Imai (CRYPTREC Project - Cryptographic Evaluation Project for the Japanese Electronic Government). Abstracts of these talks are included in these proce- ings. The conference program also included its traditional "rump session" of short, informal or impromptu presentations, kindly chaired by Moti Yung. Those p- sentations are not re?ected in these proceedings. The selection of the program was a challenging task as many high quality submissions were received. The program committee worked very hard to evaluate the papers with respect to quality, originality, and relevance to cryptography. I am extremely grateful to the program committee members for their en- mous investment of time and e?ort in the di?cult and delicate process of review and selection.

WelcometoRotterdamandtotheInternationalConferenceSafecomp2000,on thereliability,safetyandsecurityofcriticalcomputerapplications. Thisalready marksthe19thyearoftheconference,showingtheundiminishedinterestthe topicelicitsfrombothacademiaandindustry. Safecomphasproventobean excellentplacetomeetandhavediscussions,andwehopethistrendcontinues thisyear. Peopleandorganisationsdependmoreandmoreonthefunctioningofc- puters. Whetherinhouseholdequipment,telecommunicationsystems,o?ce- plications,banking,peoplemovers,processcontrolormedicalsystems,theoft- embeddedcomputersubsystemsaremeanttoletthehostingsystemrealiseits intendedfunctions. Theassuranceofproperfunctioningofcomputersin- pendableapplicationsisfarfromobvious. Themillenniumstartedwiththebug andthefullendorsementoftheframeworkstandardIEC61508. Thevariety ofdependablecomputerapplicationsincreasesdaily,andsodoesthevarietyof risksrelatedtotheseapplications. Theassessmentoftheserisksthereforeneeds re?ectionandpossiblynewapproaches. Thisyear'sSafecompprovidesabroad mixofpapersontheseissues,onprogressmadeindi?erentapplicationdomains andonemergingchallenges. Oneofthespecialtopicsthisyearistransportandinfrastructure. Onewould behardpressedto?ndabetterplacetodiscussthisthaninRotterdam. The reliability,safetyandsecurityofcomputersisofprominentimportancetoRott- dam,asafewexamplesillustrate. Itsharbourdependsonthereliablefunctioning ofcontainerhandlingsystems,onthesafefunctioningofitsradarsystems,and, asofrecently,onthesafeandreliablefunctioningoftheenormousstormsurge barrieratHoekvanHolland. AnewtopicforSafecompis medicalsystems. Theseprogressivelydepend on-embedded-programmableelectronicsystems. Experienceshowsthatthe medicalworldlacksthemethodsforapplyingthesesystemssafelyandreliably. Wewelcomeagroupofpeoplereadytodiscussthistopic,andhope,bydoing so,tocontributetothis?eldofapplicationsofsafe,reliableandsecuresystems. SoftwareprocessimprovementalsorepresentsaspecialtopicofSafecomp 2000. Itprovedtobethemostfruitfulofthethreeintermsofsubmittedpapers. Thereweremanycontributionsfromahostofcountries,whichhadtobespread amongstdi?erentsessiontopics. WewishtothanktheInternationalProgramCommittee'smembers,41in total,fortheire?ortsinreviewingthepapersandfortheirvaluableadvicein organisingthisconference. Wearealsogratefulfortheircontributiontod- tributingcallsforpapersandannouncements. Withouttheirhelptheburdenof organisingthisconferencewouldhavebeenmuchgreater. VI Preface Finally,letusonceagainwelcomeyoutoRotterdam,atrulyinternational cityandhometopeopleofmanynationalities. Wehopeyoutakethetimenot onlytoenjoythisconference,butalsoto?ndyourwayaroundthecity,sinceit surelyhasmuchtoo?er. FloorKoornneef MeinevanderMeulen Table of Contents InvitedPaper TheTenMostPowerfulPrinciplesforQualityin(Softwareand) SoftwareOrganizationsforDependableSystems...1 TomGilb Veri?cationandValidation EmpiricalAssessmentofSoftwareOn-LineDiagnostics UsingFaultInjection...14 JohnNapier,JohnMayandGordonHughes Speeding-UpFaultInjectionCampaignsinVHDLModels...27 B. Parrotta,M. Rebaudengo,M. SonzaReordaandM. Violante Speci?cationandVeri?cationofaSafetyShellwithStatechartsand ExtendedTimedGraphs...37 JanvanKatwijk,HansToetenel,Abd-El-KaderSahraoui,EricAnderson andJanuszZalewski ValidationofControlSystemSpeci?cationswithAbstractPlantModels...53 WenhuiZhang AConstantPerturbationMethodforEvaluation ofStructuralDiversityinMultiversionSoftware...63 LupingChen,JohnMayandGordonHughes ExpertError:TheCaseofTrouble-ShootinginElectronics...74 DenisBesnard TheSafetyManagementofData-DrivenSafety-RelatedSystems ...86 A. G. Faulkner,P. A. Bennett,R. H. Pierce,I. H. A. Johnston andN. Storey SoftwareSupportforIncidentReportingSystems inSafety-CriticalApplications...96 ChrisJohnson SoftwareProcessImprovement ADependability-ExplicitModelfortheDevelopment ofComputingSystems...107 MohamedKaan iche,Jean-ClaudeLaprieandJean-PaulBlanquart VIII Table ofContents DerivingQuanti?edSafetyRequirementsinComplexSystems ...117 PeterA. Lindsay,JohnA. McDermidandDavidJ. Tombs ImprovingSoftwareDevelopmentbyUsing SafeObjectOrientedDevelopment:OTCD...131 XavierM'ehautandPierreMor'ere ASafetyLicensablePESforSIL4Applications...141 WolfgangA. Halang,PeterVogrinandMatja?zColnari?c SafetyandSecurityIssuesinElectricPowerIndustry ...151 ? Zdzis lawZurakowski DependabilityofComputerControlSystemsinPowerPlants ...165 Cl'audiaAlmeida,AlbertoArazo,YvesCrouzetandKaramaKanoun AMethodofAnalysisofFaultTreeswithTimeDependencies ...176 JanMagottandPawe lSkrobanek Formal Methods AFormalMethodsCaseStudy:UsingLight-WeightVDM fortheDevelopmentofaSecuritySystemModule...187 GeorgDroschl,WalterKuhn,GeraldSonneckandMichaelThuswald FormalMethods:TheProblemIsEducation...198 ThierryScheurer FormalMethodsDi?usion:PastLessonsandFutureProspects...211 R. Bloom?eld,D. Craigen,F. Koob,M. UllmannandS. Wittmann InvitedPaper SafeTech:AControlOrientedViewpoint...227 MaartenSteinbuch SafetyGuidelines,StandardsandCerti?cation DerivationofSafetyTargetsfortheRandomFailure ofProgrammableVehicleBasedSystems...240 RichardEvansandJonathanMo?ett IEC61508-ASuitableBasisfortheCerti?cation ofSafety-CriticalTransport-InfrastructureSystems??...250 DerekFowlerandPhilBennett Table of Contents IX HardwareAspects AnApproachtoSoftwareAssistedRecovery fromHardwareTransientFaultsforRealTimeSystems...264 D. BasuandR. Paramasivam ProgrammableElectronicSystemDesign&Veri?cationUtilizingDFM...275 MichelHoutermans,GeorgeApostolakis,AarnoutBrombacher andDimitriosKarydas SIMATICS7-400F/FH:Safety-RelatedProgrammableLogicController...286 AndreasSchenk SafetyAssessmentI AssessmentoftheReliabilityofFault-TolerantSoftware: ABayesianApproach...294 BevLittlewood,PeterPopovandLorenzoStrigini EstimatingDependabilityofProgrammableSystemsUsingBBNs...309 BjornAxelGran,GustavDahll,SiegfriedEisinger,EivindJ. Lund, JanGerhardNorstrom,PeterStrockaandBrittJ. Ystanes DesignforSafety ImprovementsinProcessControlDependability throughInternetSecurityTechnology...321 FerdinandJ. Dafelmair ASurveyonSafety-CriticalMulticastNetworking ...333 JamesS. PascoeandR. J. Loader InvitedPaper CausalReasoningaboutAircraftAccidents...344 PeterB. Ladkin Transport&Infrastructure ControllingRequirementsEvolution:AnAvionicsCaseStudy...361 StuartAndersonandMassimoFelici HAZOPAnalysisofFormalModels ofSafety-CriticalInteractiveSystems...

Since 1998, RAID has established its reputation as the main event in research on intrusion detection, both in Europe and the United States. Every year, RAID gathers researchers, security vendors and security practitioners to listen to the most recent research results in the area as well as experiments and deployment issues. This year, RAID has grown one step further to establish itself as a well-known event in the security community, with the publication of hardcopy proceedings. RAID 2000 received 26 paper submissions from 10 countries and 3 continents. The program committee selected 14 papers for publication and examined 6 of them for presentation. In addition RAID 2000 received 30 extended abstracts proposals; 15 of these extended abstracts were accepted for presentation. - tended abstracts are available on the website of the RAID symposium series, http: //www.raid-symposium.org/. We would like to thank the technical p- gram committee for the help we received in reviewing the papers, as well as all the authors for their participation and submissions, even for those rejected. As in previous RAID symposiums, the program alternates between fun- mental research issues, such as newtechnologies for intrusion detection, and more practical issues linked to the deployment and operation of intrusion det- tion systems in a real environment. Five sessions have been devoted to intrusion detection technology, including modeling, data mining and advanced techniques

Crypto2000wasthe20thAnnualCryptoconference. Itwassponsoredbythe InternationalAssociationforCryptologicResearch(IACR)incooperationwith theIEEEComputerSocietyTechnicalCommitteeonSecurityandPrivacyand theComputerScienceDepartmentoftheUniversityofCaliforniaatSantaB- bara. Theconferencereceived120submissions,andtheprogramcommittee- lected32oftheseforpresentation. Extendedabstractsofrevisedversionsof thesepapersareintheseproceedings. Theauthorsbearfullresponsibilityfor thecontentsoftheirpapers. Theconferenceprogramincludedtwoinvitedlectures. DonCoppersmith's presentation"ThedevelopmentofDES"recordedhisinvolvementwithoneof themostimportantcryptographicdevelopmentsever,namelytheDataEncr- tionStandard,andwasparticularlyaptgiventheimminentselectionofthe AdvancedEncryptionStandard. Mart'?nAbadi'spresentation"Tamingthe- versary"wasaboutbridgingthegapbetweenusefulbutperhapssimplisticthreat abstractionsandrigorousadversarialmodels,orperhaps,evenmoregenerally, betweenviewpointsofthesecurityandcryptographycommunities. Anabstract correspondingtoMart'?n'stalkisincludedintheseproceedings. Theconferenceprogramalsoincludeditstraditional"rumpsession"ofshort, informalorimpromptupresentations,chairedthistimebyStuartHaber. These presentationsarenotre?ectedintheseproceedings. Anelectronicsubmissionprocesswasavailableandrecommended,butforthe ?rsttimeusedawebinterfaceratherthanemail. (Perhapsasaresult,therewere nohardcopysubmissions. )Thesubmissionreviewprocesshadthreephases. In the?rstphase,programcommitteememberscompiledreports(assistedattheir discretionbysub-refereesoftheirchoice,butwithoutinteractionwithother programcommitteemembers)andenteredthem,viawebforms,intoweb-review softwarerunningatUCSD. Inthesecondphase,committeemembersusedthe softwaretobrowseeachother'sreports,discuss,andupdatetheirownreports. Lastlytherewasaprogramcommitteemeetingtodiscussthedi?cultcases. Iamextremelygratefultotheprogramcommitteemembersfortheiren- mousinvestmentoftime,e?ort,andadrenalineinthedi?cultanddelicate processofreviewandselection. (Alistofprogramcommitteemembersands- refereestheyinvokedcanbefoundonsucceedingpagesofthisvolume. )Ialso thanktheauthorsofsubmittedpapers-inequalmeasureregardlessofwhether theirpaperswereacceptedornot-fortheirsubmissions. Itistheworkofthis bodyofresearchersthatmakesthisconferencepossible. IthankRebeccaWrightforhostingtheprogramcommitteemeetingatthe AT&TbuildinginNewYorkCityandmanagingthelocalarrangements,and RanCanettifororganizingthepost-PC-meetingdinnerwithhischaracteristic gastronomicandoenophilic?air. VI Preface Theweb-reviewsoftwareweusedwaswrittenforEurocrypt2000byWim MoreauandJorisClaessensunderthedirectionofEurocrypt2000programchair BartPreneel,andIthankthemforallowingustodeploytheirusefulandcolorful tool. IammostgratefultoChanathipNamprempre(aka. Meaw)whoprovided systems,logistical,andmoralsupportfortheentireCrypto2000process. She wrotethesoftwarefortheweb-basedsubmissions,adaptedandranthew- reviewsoftwareatUCSD,andcompiledthe?nalabstractsintotheproceedings youseehere. ShetypesfasterthanIspeak. IamgratefultoHugoKrawczykforhisinsightandadvice,providedovera longperiodoftimewithhisusualcombinationofhonestyandcharm,andto himandotherpastprogramcommitteechairs,mostnotablyMichaelWiener andBartPreneel,forrepliestothehostofquestionsIposedduringthep- cess. InadditionIreceivedusefuladvicefrommanymembersofourcommunity includingSilvioMicali,TalRabin,RonRivest,PhilRogaway,andAdiShamir. FinallythankstoMattFranklinwhoasgeneralchairwasinchargeofthelocal organizationand?nances,and,ontheIACRside,toChristianCachin,Kevin McCurley,andPaulVanOorschot. ChairingaCryptoprogramcommitteeisalearningprocess. Ihavecometo appreciateevenmorethanbeforethequalityandvarietyofworkinour?eld, andIhopethepapersinthisvolumecontributefurthertoitsdevelopment. June2000 MihirBellare ProgramChair,Crypto2000 CRYPTO2000 August20-24,2000,SantaBarbara,California,USA Sponsoredbythe InternationalAssociationforCryptologicResearch(IACR) incooperationwith IEEEComputerSocietyTechnicalCommitteeonSecurityandPrivacy, ComputerScienceDepartment,UniversityofCalifornia,SantaBarbara GeneralChair MatthewFranklin,XeroxPaloAltoResearchCenter,USA ProgramChair MihirBellare,UniversityofCalifornia,SanDiego,USA ProgramCommittee AlexBiryukov...WeizmannInstituteofScience,Israel DanBoneh...StanfordUniversity,USA ChristianCachin...IBMResearch,Switzerland RanCanetti...IBMResearch,USA RonaldCramer...ETHZurich,Switzerland YairFrankel...CertCo,USA ShaiHalevi...IBMResearch,USA ArjenLenstra...Citibank,USA MitsuruMatsui...MitsubishiElectricCorporation,Japan PaulVanOorschot...EntrustTechnologies,Canada BartPreneel...KatholiekeUniversiteitLeuven,Belgium PhillipRogaway. ..UniversityofCalifornia,Davis,USA VictorShoup...IBMZurich,Switzerland JessicaStaddon...BellLabsResearch,PaloAlto,USA JacquesStern...EcoleNormaleSup'erieure,France DougStinson...UniversityofWaterloo,Canada SalilVadhan...MassachusettsInstituteofTechnology,USA DavidWagner...UniversityofCalifornia,Berkeley,USA RebeccaWright...AT&TLaboratoriesResearch,USA Advisorymembers MichaelWiener(Crypto1999programchair). . EntrustTechnologies,Canada JoeKilian(Crypto2001programchair)...Intermemory,USA VIII Organization Sub-Referees BillAiello,JeeheaAn,OlivierBaudron,DonBeaver,JoshBenaloh,JohnBlack, SimonBlackburn,AlexandraBoldyreva,NikitaBorisov,VictorBoyko,Jan- menisch,SureshChari,ScottContini,DonCoppersmith,ClaudeCr'epeau,Ivan Damg?ard,AnandDesai,GiovanniDiCrescenzo,YevgeniyDodis,Matthias Fitzi,MattFranklin,RosarioGennaro,GuangGong,LuisGranboulan,Nick Howgrave-Graham,RussellImpagliazzo,YuvalIshai,MarkusJakobsson,Stas Jarecki,ThomasJohansson,CharanjitJutla,JoeKilian,EyalKushilevitz,Moses Liskov,StefanLucks,AnnaLysyanskaya,PhilipMacKenzie,SubhamoyMaitra, TalMalkin,BarbaraMasucci,AlfredMenezes,DanieleMicciancio,SaraMiner, IliaMironov,MoniNaor,PhongNguyen,RafailOstrovsky,ErezPetrank,Birgit P?tzmann,BennyPinkas,DavidPointcheval,GuillaumePoupard,TalRabin, CharlieRacko? ,Zul?karRamzan,OmerReingold,LeoReyzin,PankajRohatgi, AmitSahai,LouisSalvail,ClausSchnorr,MikeSemanko,BobSilverman,Joe Silverman,DanSimon,NigelSmart,BenSmeets,AdamSmith,MartinStrauss, GaneshSundaram,SergeVaudenay,FrederikVercauteren,BernhardvonSt- gel,RuizhongWei,SusanneGudrunWetzel,ColinWilliams,StefanWolf,Felix Wu,YiqunLisaYin,AmirYoussef,RobertZuccherato TableofContents XTRandNTRU TheXTRPublicKeySystem...1 ArjenK. Lenstra,EricR. Verheul AChosen-CiphertextAttackagainstNTRU...20 ' ElianeJaulmes,AntoineJoux PrivacyforDatabases PrivacyPreservingDataMining ...36 YehudaLindell,BennyPinkas ReducingtheServersComputationinPrivateInformationRetrieval: PIRwithPreprocessing...55 AmosBeimel,YuvalIshai,TalMalkin SecureDistributedComputationandApplications ParallelReducibilityforInformation-TheoreticallySecureComputation...74 YevgeniyDodis,SilvioMicali OptimisticFairSecureComputation...93 ChristianCachin,JanCamenisch ACryptographicSolutiontoaGameTheoreticProblem...112 YevgeniyDodis,ShaiHalevi,TalRabin AlgebraicCryptosystems Di?erentialFaultAttacksonEllipticCurveCryptosystems...131 IngridBiehl,BerndMeyer,VolkerMul ..ler QuantumPublic-KeyCryptosystems ...1 47 TatsuakiOkamoto,KeisukeTanaka,ShigenoriUchiyama NewPublic-KeyCryptosystemUsingBraidGroups ...166 KiHyoungKo,SangJinLee,JungHeeCheon,JaeWooHan, Ju-sungKang,ChoonsikPark MessageAuthentication KeyRecoveryandForgeryAttacksontheMacDESMACAlgorithm ...184 DonCoppersmith,LarsR. Knudsen,ChrisJ. Mitchell X TableofContents CBCMACsforArbitrary-LengthMessages:TheThree-KeyConstructions 197 JohnBlack,PhillipRogaway L-collisionAttacksagainstRandomizedMACs...216 MichaelSemanko DigitalSignatures OntheExactSecurityofFullDomainHash...229 Jean-S' ebastienCoron TimedCommitments...236 DanBoneh,MoniNaor APracticalandProvably SecureCoalition-ResistantGroupSignatureScheme...255 GiuseppeAteniese,JanCamenisch,MarcJoye,GeneTsudik ProvablySecurePartiallyBlindSignatures...271 MasayukiAbe,TatsuakiOkamoto Cryptanalysis n WeaknessesintheSL (IF )HashingScheme...287 2 2 RainerSteinwandt,MarkusGrassl,WilliGeiselmann,ThomasBeth FastCorrelationAttacksthroughReconstructionofLinearPolynomials . . 300 ThomasJohansson,FredrikJ.. onsson TraitorTracingandBroadcastEncryption SequentialTraitorTracing...

Some years ago, businesses could choose whether to migrate to electronic commerce, however, today it seems they have no choice. Predictions indicate that companies that do not make the necessary changes will be overrun by competition and ultimately fail. Therefore, we see more and more companies undergoing tremendous transformationin order to adapt to the new business paradigm. At the same time new companies are being established. One thing these companies have in common is the increased dependency on security technology. The invention of electronic commerce has changed the role of - curity technologies from being merely a protector to being also an enabler of electronic commerce, and it is clear that the development of security techn- ogy is a key enabler in the growth and deployment of electronic commerce. This has been recognised at European level (European Union 1997e). The launch of a comprehensive EU policy in the area of security in open networksisfairlyrecentwiththeadoptionofaCommunicationoncryptog- phy inOctober 1997(EuropeanUnion1997c). A veryimportantcomplement and support to the European policy is the European Commission s contri- tion to overcometechnological barriers by giving special importance to R&D (Research and Development) activities. The SEMPER project was launched in September 1995 and was funded partly by the European Community within the Advanced Communication Technologies and Services (ACTS) speci?c research programme part of the Fourth Framework Program (1994-1998). In this book the SEMPER project team presents in a coherent, integrated, and readable form the issues - dressed, themotivationfortheworkcarriedout, andthekeyresultsobtained. SEMPER is an innovative project in several aspects."

This volume constitutes the thoroughly refereed post-proceedings of the Third International Conference on Smart Card Research and Advanced Applications, CARDIS'98, held in Louvain-la-Neuve, Belgium in September 1998. The 35 revised full papers presented were carefully reviewed and updated for inclusion in this book. All current aspects of smart card research and applications development are addressed, in particular: Java cards, electronic commerce, efficiency, security (including cryptographic algorithms, cryptographic protocols, and authentication), and architecture.

This book constitutes the refereed proceedings of the 4th International Algorithmic Number Theory Symposium, ANTS-IV, held in Leiden, The Netherlands, in July 2000.The book presents 36 contributed papers which have gone through a thorough round of reviewing, selection and revision. Also included are 4 invited survey papers. Among the topics addressed are gcd algorithms, primality, factoring, sieve methods, cryptography, linear algebra, lattices, algebraic number fields, class groups and fields, elliptic curves, polynomials, function fields, and power sums.

ACISP 2000, the Fifth Australasian Conference on Information Security and Privacy, was held in Brisbane, Australia, 10-12 July, 2000. The conference was sponsored by the Information Security Research Centre at Queensland Univ- sity of Technology, the Australian Computer Society, Telstra, Boeing Australia Limited, SecureGate Limited, and RSA Security Pty Ltd. We are grateful to all these organizations for their support of the conference. The conference brought together researchers, designers, implementors, and users of information security systems. The aim of the conference is to have a series of technical refereed and invited papers to discuss all di?erent aspects of information security. The program committee invited seven distinguished sp- kers: Mike Burmester, G. R. Blakley, Bob Blakley, Brian Denehy, Roger Lyle, John Snare, and Alan Underwood. Mike Burmester from Royal Holloway C- lege, UniversityofLondonpresentedapaperentitled"ASurveyofKeyDistri- tion"; G. R. Blakley from Texas A&M University and Bob Blakley from the IBM Tivoli Security Business Unit presented a paper entitled "All Sail, No Anchor, I: Cryptography, Risk, and e-Commerce"; Brian Denehy from SecureGate Limited presented a paper entitled "Secure Networks or Network Security - Approaches toBoth";RogerLylefromStandardsAustraliaandJohnSnarefromTelstrap- sented a paper entitled "Perspectives on Australia's New Information Security Management Standard"; and Alan Underwood from the Australian Computer Societypresentedapaperentitled"ProfessionalEthicsinaSecurityandPrivacy Context - The Perspective of a National Computing Society." There were 81 technical papers submitted to the conference from an int- national authorship. These papers were refereed by the program committee and 37 papers were accepted for the conference.

This book constitutes the refereed proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2000, held in Bruges, Belgium, in May 2000. The 39 revised full papers presented were carefully selected from a total of 150 submissions during a highly competitive reviewing process. The book is divided in topical sections of factoring and discrete logarithm, digital signatures, private information retrieval, key management protocols, threshold cryptography, public-key encryption, quantum cryptography, multi-party computation and information theory, zero-knowledge, symmetric cryptography, Boolean functions and hardware, voting schemes, and stream ciphers and block ciphers.

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

The 2nd International Conference on Information Security and Cryptology (ICISC)wassponsored bythe KoreaInstituteofInformationSecurityandCr- tology(KIISC). It took place at Korea University, Seoul, Korea, December 9-10, 1999. Jong In Lee of Korea University was responsible for the organization. The call for papers brought 61 papers from 10 countries on four continents. As in the last year the review process was totally blind. The informationabout - thors or their a?liationwas not given to Technical Program Committee (TPC) members. Each TPC member was random-coded and did not even know who wasreviewing which paper. The 23 TPC members ?nallyselected 20 top-quality papers for presentation at ICISC 1999 together with one invited talk. Serge Vaudenay gave an invited talk on "Provable Security for Conventional Crypt- raphy." Many people contributed to ICISC'99. First of all I would like to thank all the authorswho submitted papers. I amgrateful to the TPC members fortheirhard workreviewing the papers andthe OrganizationCommittee members for all the supporting activities which made ICISC'99 a success. I would like to thank the Ministry of Information and Communication of Korea (MIC) which ?nancially sponsored ICISC'99. Special thanks go to Pil Joong Lee and Heung Youl Youm who helped me during the wholeprocess of preparation for the conference. Last, but notleast, I thank my students, KyuMan Ko, SungkyuChie, andChan Yoon Jung.

This book constitutes the thoroughly refereed post-workshop proceedings of the Third International Workshop on Information Hiding, IH'99, held in Dresden, Germany, in September/October 1999.The 33 revised full papers presented were carefully reviewed and selected from a total of 68 submissions. The dominating topic, dealt with in various contexts, is watermarking. The papers are organized in sections on fundamentals of steganography, paradigms and examples, beyond symmetric steganography; watermarking: proving ownership, detection and decoding, embedding techniques, new designs and applications, improving robustness, software protection; separating private and public information; and stego-engineering.

ThePKC2000conferencewasheldattheMelbourneExhibitionCentre, Victoria, Australia, January 18-20, 2000. It was the third conference in the international workshop series dedicated to practice and theory in public key cryptography. The program committee of the conference received 70 full submissions from around the world, of which 31 were selected for presentation. All submissions were reviewed by experts in the relevant areas. The program committee consisted of 19 experts in cryptography and data se- rity drawn from the international research community, these being Chin-Chen Chang (National Chung Cheng University, Taiwan), Claude Cr epeau (McGill University, Canada), Ed Dawson (Queensland University of Technology, A- tralia), Yvo Desmedt (Florida State University, USA), Hideki Imai (Co-chair, UniversityofTokyo, Japan), MarkusJakobsson(BellLabs, USA), KwangjoKim (Information and Communications University, Korea), Arjen Lenstra (Citibank, USA), TsutomuMatsumoto(YokohamaNationalUniversity, Japan), DavidN- cache (Gemplus, France), Eiji Okamoto (University of Wisconsin-Milwaukee, USA), TatsuakiOkamoto(NTTLabs, Japan), JosefPieprzyk(UniversityofW- longong, Australia), Jean-Jacques Quisquater (Universit e Catholique de L- vain, Belgium), Nigel Smart (HP Labs Bristol, UK), Vijay Varadharajan (U- versity of Western Sydney, Australia), Serge Vaudenay (Ecole Polytechnique F ed erale de Lausanne, Switzerland), Moti Yung (CertCo, USA), and Yuliang Zheng (Co-chair, Monash University, Australia). Members of the committee spent numerous hours in reviewing the submissions and providing advice and comments on the selection of paper

The IMA conferences onCryptographyandCoding arenotonly a blend of these two aspects of information theory, but a blend of mathematics and engineering and of theoretical results and applications. The papers in this book show that the1999conferencewasnoexception. Indeed, weagainsawthemathematics- derlyingcryptographyanderrorcorrectingcodingbeing appliedto otheraspects ofcommunications, andwe alsosawclassicalmathematicalconcepts nding new applications in communications theory. As usual the conference was held at the Royal Agricultural College, Cirencester, shortly before Christmas - this time 20-22 December 1999. The papers appear in this book in the order in which they were presented, grouped into sessions, eachsessionbeginning with an invited paper. Theseinvited papers were intended to re?ect the invitees' views on the future of their subject - or more accurately where they intended to take it. Indeed the focus of the conf- encewas thefutureofcryptographyandcoding as seenthroughtheeyes ofyoung researchers. The r st group of papers is concerned with mathematical bounds, concepts, and constructions that form a common thread running through error corre- ing coding theory, cryptography, and codes for multiple access schemes. This is followed by a group of papers from a conference session concerned with app- cations. The papers range over various topics from arithmetic coding for data compression and encryption, through image coding, biometrics for authenti- tion, and access to broadcast channels, to photographic signatures for secure identi cation. The third set of papers deals with theoretical aspects of error c- recting coding, including graph and trellis decoding, turbo codes, convolution codes and low complexity soft decision decoding of Reed Solomon codes.

Leading researchers in the field of coding theory and cryptography present their newest findings, published here for the first time following a presentation at the International Conference on Coding Theory, Cryptography and Related Areas. The authors include Tom Hoeholdt, Henning Stichtenoth, and Horacio Tapia-Recillas.

The CQRE [Secure] conference provides a new international forum giving a close-up view on information security in the context of rapidly evolving economic processes. The unprecedented reliance on computer technology has transformed the previous technical side-issue "information security" to a management problem requiring decisions of strategic importance. Thus one of the main goals of the conference is to provide a platform for both technical specialists as well as decision makers from government, industry, commercial, and academic communities. The target of CQRE is to promote and stimulate dialogue between managers and experts, which seems to be necessary for providing secure information systems in the next millennium. Therefore CQRE consists of two parts: Part I mainly focuses on strategic issues of information security, while the focus of Part II is more technical in nature. This volume of the conference proceedings consists of the reviewed and invited contributions of the second part. The program committee considered 46 papers and selected only 15 for full presentation. For the participants' convenience we have also included the notes of the invited lectures and short workshop talks in this volume.

Asiacrypt'99 was held in Singapore on 14-18 November 1999. Asiacrypt is one of the major events in the cryptology research community. Asiacrypt'99, the ?fth annual Asiacrypt conference, was sponsored by the Asiacrypt Steering Comm- tee and the Centre for Systems Security of the National University of Singapore, and in cooperation with the International Association for Cryptology Research. As the Program Co-Chairs of Asiacrypt'99, we are extremely honored to or- nize this event, which showcases the state-of-the-art development of cryptology research at the conclusion of this millennium. This year, a total of 96 research papers were submitted to Asiacrypt'99. The portfolio of country of origin of submissions serves as a good indicator of the - ternational reputation of the conference. Countries from which submissions or- inated include: Australia, Belgium, China, Estonia, France, Germany, Greece, India, Iran, Japan, Korea, Norway, Russia, Saudi Arabia, Switzerland, Sin- pore, Spain, Taiwan, Thailand, The Netherlands, Turkey, Ukraine, UK, USA and Yugoslavia. Through a stringent refereeing process by the Program C- mittee, 31 papers of outstanding quality were accepted and are included in the conference proceedings. Accepted papers were authored by researchers from the following countries: Australia, Belgium, France, Germany, India, Japan, China, Singapore, Switzerland, Taiwan, The Netherlands, UK, and USA.

This book constitutes the refereed proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, CHES'99, held in Worcester, MA, USA in August 1999. The 27 revised papers presented together with three invited contributions were carefully reviewed and selected from 42 submissions. The papers are organized in sections on cryptographic hardware, hardware architectures, smartcards and embedded systems, arithmetic algorithms, power attacks, true random numbers, cryptographic algorithms on FPGAs, elliptic curve implementations, new cryptographic schemes and modes of operation.

ICICS 99, the Second International Conference on Information and C- munication Security, was held in Sydney, Australia, 9-11 November 1999. The conference was sponsored by the Distributed System and Network Security - search Unit, University of Western Sydney, Nepean, the Australian Computer Society, IEEE Computer Chapter (NSW), and Harvey World Travel. I am g- teful to all these organizations for their support of the conference. The conference brought together researchers, designers, implementors and users of information security systems and technologies. A range of aspects was addressed from security theory and modeling to system and protocol designs and implementations to applications and management. The conference con- sted of a series of refereed technical papers and invited technical presentations. The program committee invited two distinguished key note speakers. The ?rst keynote speech by Doug McGowan, a Senior Manager from Hewlett-Packard, USA, discussed cryptography in an international setting. Doug described the current status of international cryptography and explored possible future trends and new technologies. The second keynote speech was delivered by Sushil Ja- dia of George Mason University, USA. Sushil s talk addressed the protection of critical information systems. He discussed issues and methods for survivability of systems under malicious attacks and proposed a fault-tolerance based - proach. The conference also hosted a panel on the currently much debated topic of Internet censorship. The panel addressed the issue of censorship from various viewpoints namely legal, industrial, governmental and technical."

The 1999 International Information Security Workshop, ISW'99, was held on Monash University's Malaysia Campus, which is about 20km to the south west of downtown Kuala Lumpur, November 6-7, 1999. ISW'99soughtadi erentgoalfromitspredecessor, ISW'97, heldinIshikawa, Japan, whose proceedings were published as Volume 1396 of Springer Verlag's LNCS series. The focus of ISW'99 wason the following emerging areasof imp- tance in information security: multimedia watermarking, electronic cash, secure software components and mobile agents, and protection of software. Theprogramcommitteereceived38fullsubmissionsfrom12countriesand- gions: Australia, China, France, Germany, Hong Kong, Japan, Korea, Malaysia, Singapore, Spain, Taiwan, and USA, and selected 23 of them for presentation. Among the 23 presentations, 19 were regular talks and the remaining 4 were short talks. Each submission was reviewed by at least two expert referees. We are grateful to the members of the program committee for reviewing and selecting papers in a very short period of time. Their comments helped the authors improve the n al version of their papers. Our thanks also go to Patrick McDaniel, Masaji Kawahara, and Yasuhiro Ohtaki who assisted in reviewing papers. In addition, we would like to thank all the authors, including those whose submissions were not accepted, for their contribution to the success of this workshop. The workshop was organized with the help of local committee members, - cluding Cheang Kok Soon, Hiew Pang Leang, Lily Leong, and Robin Pollard.

The third Financial Cryptography conference was held in February 1999, once again at Anguilla in the British West Indies. The number of attendees continues to increase from year to year, as do the number and quality of the technical submissions. The Program Committee did a great job selecting the technical program. I thank them for all of their eo rt's. We were helped by a number of outside reviewers, including Mart n Abadi, Gerrit Bleumer, Drew Dean, Anand Desai, Mariusz Jakubowski, Andrew Odlyzko, David Pointcheval, Guillaume Poupard, Zul kar Ramzan, Aleta Ricciardi, Dan Simon, Jessica Staddon, Venkie Venka- san, Avishai Wool, and Francis Zane. I apologize for any omissions. Adi Shamir gave an excellent invited talk that forecast the future of crypt- raphy and electronic commerce. On-line certic ate revocation was the subject of a panel led by Michael Myers, following up on the success of his panel on the same topic at last year's conference. Joan Feigenbaum moderated a lively panel on fair use, intellectual property, and the information economy, and I thank her for pulling together from that discussion a paper for these proceedings. A s- cessful Rump Session allowed participants to present new results in an informal setting, superbly chaired by Avi Rubin.