The IMA conferences onCryptographyandCoding arenotonly a blend of these two aspects of information theory, but a blend of mathematics and engineering and of theoretical results and applications. The papers in this book show that the1999conferencewasnoexception. Indeed, weagainsawthemathematics- derlyingcryptographyanderrorcorrectingcodingbeing appliedto otheraspects ofcommunications, andwe alsosawclassicalmathematicalconcepts nding new applications in communications theory. As usual the conference was held at the Royal Agricultural College, Cirencester, shortly before Christmas - this time 20-22 December 1999. The papers appear in this book in the order in which they were presented, grouped into sessions, eachsessionbeginning with an invited paper. Theseinvited papers were intended to re?ect the invitees' views on the future of their subject - or more accurately where they intended to take it. Indeed the focus of the conf- encewas thefutureofcryptographyandcoding as seenthroughtheeyes ofyoung researchers. The r st group of papers is concerned with mathematical bounds, concepts, and constructions that form a common thread running through error corre- ing coding theory, cryptography, and codes for multiple access schemes. This is followed by a group of papers from a conference session concerned with app- cations. The papers range over various topics from arithmetic coding for data compression and encryption, through image coding, biometrics for authenti- tion, and access to broadcast channels, to photographic signatures for secure identi cation. The third set of papers deals with theoretical aspects of error c- recting coding, including graph and trellis decoding, turbo codes, convolution codes and low complexity soft decision decoding of Reed Solomon codes.

This book constitutes the refereed proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, CHES'99, held in Worcester, MA, USA in August 1999. The 27 revised papers presented together with three invited contributions were carefully reviewed and selected from 42 submissions. The papers are organized in sections on cryptographic hardware, hardware architectures, smartcards and embedded systems, arithmetic algorithms, power attacks, true random numbers, cryptographic algorithms on FPGAs, elliptic curve implementations, new cryptographic schemes and modes of operation.

This book constitutes the refereed proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2000, held in Bruges, Belgium, in May 2000. The 39 revised full papers presented were carefully selected from a total of 150 submissions during a highly competitive reviewing process. The book is divided in topical sections of factoring and discrete logarithm, digital signatures, private information retrieval, key management protocols, threshold cryptography, public-key encryption, quantum cryptography, multi-party computation and information theory, zero-knowledge, symmetric cryptography, Boolean functions and hardware, voting schemes, and stream ciphers and block ciphers.

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

ICICS 99, the Second International Conference on Information and C- munication Security, was held in Sydney, Australia, 9-11 November 1999. The conference was sponsored by the Distributed System and Network Security - search Unit, University of Western Sydney, Nepean, the Australian Computer Society, IEEE Computer Chapter (NSW), and Harvey World Travel. I am g- teful to all these organizations for their support of the conference. The conference brought together researchers, designers, implementors and users of information security systems and technologies. A range of aspects was addressed from security theory and modeling to system and protocol designs and implementations to applications and management. The conference con- sted of a series of refereed technical papers and invited technical presentations. The program committee invited two distinguished key note speakers. The ?rst keynote speech by Doug McGowan, a Senior Manager from Hewlett-Packard, USA, discussed cryptography in an international setting. Doug described the current status of international cryptography and explored possible future trends and new technologies. The second keynote speech was delivered by Sushil Ja- dia of George Mason University, USA. Sushil s talk addressed the protection of critical information systems. He discussed issues and methods for survivability of systems under malicious attacks and proposed a fault-tolerance based - proach. The conference also hosted a panel on the currently much debated topic of Internet censorship. The panel addressed the issue of censorship from various viewpoints namely legal, industrial, governmental and technical."

Asiacrypt'99 was held in Singapore on 14-18 November 1999. Asiacrypt is one of the major events in the cryptology research community. Asiacrypt'99, the ?fth annual Asiacrypt conference, was sponsored by the Asiacrypt Steering Comm- tee and the Centre for Systems Security of the National University of Singapore, and in cooperation with the International Association for Cryptology Research. As the Program Co-Chairs of Asiacrypt'99, we are extremely honored to or- nize this event, which showcases the state-of-the-art development of cryptology research at the conclusion of this millennium. This year, a total of 96 research papers were submitted to Asiacrypt'99. The portfolio of country of origin of submissions serves as a good indicator of the - ternational reputation of the conference. Countries from which submissions or- inated include: Australia, Belgium, China, Estonia, France, Germany, Greece, India, Iran, Japan, Korea, Norway, Russia, Saudi Arabia, Switzerland, Sin- pore, Spain, Taiwan, Thailand, The Netherlands, Turkey, Ukraine, UK, USA and Yugoslavia. Through a stringent refereeing process by the Program C- mittee, 31 papers of outstanding quality were accepted and are included in the conference proceedings. Accepted papers were authored by researchers from the following countries: Australia, Belgium, France, Germany, India, Japan, China, Singapore, Switzerland, Taiwan, The Netherlands, UK, and USA.

This book constitutes the refereed proceedings of the 4th International Algorithmic Number Theory Symposium, ANTS-IV, held in Leiden, The Netherlands, in July 2000.The book presents 36 contributed papers which have gone through a thorough round of reviewing, selection and revision. Also included are 4 invited survey papers. Among the topics addressed are gcd algorithms, primality, factoring, sieve methods, cryptography, linear algebra, lattices, algebraic number fields, class groups and fields, elliptic curves, polynomials, function fields, and power sums.

The third Financial Cryptography conference was held in February 1999, once again at Anguilla in the British West Indies. The number of attendees continues to increase from year to year, as do the number and quality of the technical submissions. The Program Committee did a great job selecting the technical program. I thank them for all of their eo rt's. We were helped by a number of outside reviewers, including Mart n Abadi, Gerrit Bleumer, Drew Dean, Anand Desai, Mariusz Jakubowski, Andrew Odlyzko, David Pointcheval, Guillaume Poupard, Zul kar Ramzan, Aleta Ricciardi, Dan Simon, Jessica Staddon, Venkie Venka- san, Avishai Wool, and Francis Zane. I apologize for any omissions. Adi Shamir gave an excellent invited talk that forecast the future of crypt- raphy and electronic commerce. On-line certic ate revocation was the subject of a panel led by Michael Myers, following up on the success of his panel on the same topic at last year's conference. Joan Feigenbaum moderated a lively panel on fair use, intellectual property, and the information economy, and I thank her for pulling together from that discussion a paper for these proceedings. A s- cessful Rump Session allowed participants to present new results in an informal setting, superbly chaired by Avi Rubin.

Crypto '99, the Nineteenth Annual Crypto Conference, was sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department, University of California, Santa Barbara (UCSB). The General Chair, Donald Beaver, was responsible for local organization and registration. The Program Committee considered 167 papers and selected 38 for presentation. This year's conference program also included two invited lectures. I was pleased to include in the program UeliM aurer's presentation "Information Theoretic Cryptography" and Martin Hellman's presentation "The Evolution of Public Key Cryptography." The program also incorporated the traditional Rump Session for informal short presentations of new results, run by Stuart Haber. These proceedings include the revised versions of the 38 papers accepted by the Program Committee. These papers were selected from all the submissions to the conference based on originality, quality, and relevance to the field of cryptology. Revisions were not checked, and the authors bear full responsibility for the contents of their papers.

Large-scale open distributed systems provide an infrastructure for assembling global applications on the basis of software and hardware components originating from multiple sources. Open systems rely on publicly available standards to permit heterogeneous components to interact. The Internet is the archetype of a large-scale open distributed system; standards such as HTTP, HTML, and XML, together with the widespread adoption of the Java language, are the cornerstones of many distributed systems. This book surveys security in large-scale open distributed systems by presenting several classic papers and a variety of carefully reviewed contributions giving the results of new research and development. Part I provides background requirements and deals with fundamental issues in trust, programming, and mobile computations in large-scale open distributed systems. Part II contains descriptions of general concepts, and Part III presents papers detailing implementations of security concepts.

This book contains selected papers presented at the First NASA International Conference on Quantum Computing and Quantum Communications, QCQC'98, held in Palm Springs, California, USA in February 1998.As the record of the first large-scale meeting entirely devoted to quantum computing and communications, this book is a unique survey of the state-of-the-art in the area. The 43 carefully reviewed papers are organized in topical sections on entanglement and quantum algorithms, quantum cryptography, quantum copying and quantum information theory, quantum error correction and fault-tolerant quantum computing, and embodiments of quantum computers.

TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'TheFastSoftwareEncryptionWorkshop1999isthesixthinaseriesofworkshops startinginCambridgeinDecember1993. TheworkshopwasorganizedbyGeneralChairWilliamWolfowicz,Fon- zioneU. Bordoni,andProgrammeChairLarsKnudsen,UniversityofBergen, Norway,incooperationwithSecurteam,asfaraslocalarrangementswerec- cerned. TheworkshopwasheldMarch24-26,1999inRome,Italy. Theworkshopconcentratedonallaspectsoffastsecretkeyciphers,inc- dingthedesignandcryptanalysisofblockandstreamciphers,aswellashash functions. Therewere51submissions,allofthemsubmittedelectronically. Ones- missionwaslaterwithdrawnbytheauthors,and22paperswereselectedfor presentation. Allsubmissionswerecarefullyreviewedbyatleast4committee members. Attheworkshop,preliminaryversionsofall22papersweredistri- tedtoallattendees. Aftertheworkshoptherewasa nalreviewingprocesswith additionalcommentstotheauthors. Ithasbeenachallengeformetochairthecommitteeofthisworkshop,andit isapleasuretothankallthemembersoftheprogrammecommitteefortheirhard work. Thecommitteethisyearconsistedof,inalphabeticorder,RossAnd- son(Cambridge,UK),EliBiham(Technion,Israel),DonCoppersmith(IBM, USA), Cunsheng Ding (Singapore), Dieter Gollmann (Microsoft, UK), James Massey (Denmark), Mitsuru Matsui (Mitsubishi, Japan), Bart Preneel (K. U. Leuven, Belgium), Bruce Schneier (Counterpane, USA), and Serge Vaudenay (ENS,France). ItisagreatpleasuretothankWilliamWolfowiczfororganisingtheworkshop. Also,itisapleasuretothankSecurteamforthelogisticsandTelsyandSunfor supportingtheconference. Finally,abigthankyoutoallsubmittingauthorsfor theircontributions,andtoallattendees(approximately165)oftheworkshop. Finally, I would like to thank Vincent Rijmen for his technical assistance in preparingtheseproceedings. April1999 LarsKnudsen TableofContents AdvancedEncryptionStandard ImprovedAnalysisofSomeSimpli edVariantsofRC6 ...1 S. Contini,R. L. Rivest,M. J. B. Robshaw,andY. L. Yin LinearCryptanalysisofRC5andRC6...16 J. Borst,B. Preneel,andJ. Vandewalle ARevisedVersionofCRYPTON:CRYPTONV1. 0...31 C. H. Lim AttackonSixRoundsofCRYPTON...46 C. D'Halluin,G. Bijnens,V. Rijmen,andB. Preneel OntheSecurityofthe128-bitBlockCipherDEAL...60 S. Lucks CryptanalysisofaReducedVersionoftheBlockCipherE2...71 M. MatsuiandT. Tokita OntheDecorrelatedFastCipher(DFC)andItsTheory...81 L. R. KnudsenandV. Rijmen RemotelyKeyedEncryption ScrambleAll,EncryptSmall...95 M. Jakobsson,J. P. Stern,andM. Yung AcceleratedRemotelyKeyedEncryption...112 S. Lucks AnalysisofBlockCiphersI MissintheMiddleAttacksonIDEAandKhufu...124 E. Biham,A. Biryukov,andA. Shamir ModnCryptanalysis,withApplicationsagainstRC5PandM6...139 J. Kelsey,B. Schneier,andD. Wagner TheBoomerangAttack...156 D. Wagner Miscellaneous TowardsMakingLuby-Racko CiphersOptimalandPractical ...171 S. Patel,Z. Ramzan,andG. S. Sundaram ANewCharacterizationofAlmostBentFunctions...186 A. Canteaut,P. Charpin,andH. Dobbertin ImprimitivePermutationGroupsandTrapdoorsinIteratedBlockCiphers. 201 K. G. Paterson VIII TableofContents ModesofOperation OntheSecurityofDoubleand2-KeyTripleModesofOperation...215 H. HandschuhandB. Preneel OntheConstructionofVariable-Input-LengthCiphers...231 M. BellareandP. Rogaway AnalysisofBlockCiphersII SlideAttacks...245 A. BiryukovandD. Wagner OntheSecurityofCS-Cipher...260 S. Vaudenay InterpolationAttacksoftheBlockCipher:SNAKE...275 S. Moriai,T. Shimoyama,andT. Kaneko StreamCiphers High-SpeedPseudorandomNumberGenerationwithSmallMemory...290 W. Aiello,S. Rajagopalan,andR. Venkatesan SOBERCryptanalysis...305 D. BleichenbacherandS. Patel AuthorIndex...317 ImprovedAnalysisof SomeSimpli edVariantsofRC6 1 2 1 1 ScottContini ,RonaldL. Rivest ,M. J. B. Robshaw ,andYiqunLisaYin 1 RSALaboratories,2955CampusDrive SanMateo,CA94403,USA fscontini,matt,yiqung@rsa. com 2 M. I. T. LaboratoryforComputerScience,545TechnologySquare Cambridge,MA02139,USA rivest@theory. lcs. mit.

The4thAustralasianConferenceonInformationSecurityandPrivacywasheld attheUniversityofWollongong, Australia. Theconferencewassponsoredby theCentreforComputerSecurityResearch, UniversityofWollongong, andthe AustralianComputerSociety. Theaimoftheconferencewastobringtogether peopleworkingindi erentareasofcomputer, communication, andinformation securityfromuniversities, industry, andgovernmentinstitutions. Theconference gavetheparticipantsanopportunitytodiscussthelatestdevelopmentsinthe quicklygrowingareaofinformationsecurityandprivacy. Theprogramcommitteeaccepted26papersfrom53submitted. Fromthose accepted, thirteen papers were from Australia, two each from Belgium and China, andoneeachfromAustria, Belarus, France, India, Japan, Korea, Sin- pore, theUSA, andYugoslavia. Conferencesessionscoveredthefollowingtopics: accesscontrolandsecuritymodels, networksecurity, Booleanfunctions, group communication, cryptanalysis, keymanagementsystems, electroniccommerce, signatureschemes, RSAcryptosystems, andoddsandends. We would like to thank the members of the program committee who - nerouslyspenttheirtimereadingandevaluatingthepapers. Wewouldalsolike tothankmembersoftheorganisingcommitteeand, inparticular, ChrisCh- nes, HosseinGhodosi, MarcGysin, Tiang-BingXia, Cheng-XinQu, SanYeow Lee, YejingWang, Hua-XiongWang, Chih-HungLi, WillySusilo, ChintanShah, Je reyHorton, andGhulamRasoolChaudhryfortheircontinuousandtireless e ortinorganisingtheconference. Finally, wewouldliketothanktheauthorsof allthesubmittedpapers, especiallytheacceptedones, andalltheparticipants whomadetheconferenceasuccessfulevent. February1999 JosefPieprzyk ReiSafavi-Naini JenniferSeberry FOURTHAUSTRALASIANCONFERENCE ONINFORMATIONSECURITY ANDPRIVACY ACISP 99 Sponsoredby CenterforComputerSecurityResearch UniversityofWollongong, Australia and AustralianComputerSociety GeneralChair: JenniferSeberry UniversityofWollongong ProgramCo-Chairs: JosefPieprzyk UniversityofWollongong ReiSafavi-Naini UniversityofWollongong ProgramCommittee: ColinBoyd QueenslandUniversityofTechnology, Australia LawrieBrown AustralianDefenceForceAcademy, Australia BillCaelli QueenslandUniversityofTechnology, Australia EdDawson QueenslandUniversityofTechnology, Australia CunshengDing NationalUniversityofSingapore, Singapore DieterGollmann MicrosoftResearch, UK YongfeiHan Gemplus, Singapore ThomasHardjono BayNetworks, US ErlandJonsson ChalmersUniversity, Sweden SveinKnapskog UniversityofTrondheim, Norway KeithMartin KatholiekeUniversiteitLeuven, Belgium CathyMeadows NavalResearchLaboratory, US KaisaNyberg NokiaResearchCenter, Finland Choon-SikPark ElectronicsandTelecommunicationResearchInstitute, Korea DingyiPei AcademiaSinica, China SteveRoberts WithamPtyLtd, Australia ConferenceOrganization VII GregRose Qualcomm, Australia RaviSandhu GeorgeMasonUniversity, US Sta ordTavares Queen sUniversity, Canada VijayVaradharajan WesternSydneyUniversity, Australia YuliangZheng MonashUniversity, Australia Referees N. Asokan ZhangJiang DingyiPei YunBai ErlandJonsson JosefPieprzyk SimonBlackburn SveinKnapskog VincentRijmen ColinBoyd HuLei SteveRoberts LawrieBrown LeszekMaciaszek GregRose BillCaelli KeithMartin ReiSafavi-Naini EdDawson CathyMeadows RaviSandhu CunshengDing BillMillan RajanShankaran GaryGaskell QiMing Sta ordTavares JanuszGetta Sang-JaeMoon VijayVaradharajan DieterGollmann YiMu Kapaleeswaran MarcGysin KennyNguyen Viswanathan YongfeiHan KaisaNyberg ChuanWu ThomasHardjono Choon-SikPark YuliangZheng. TableofContents BooleanFunctions BooleanFunctionDesignUsingHillClimbingMethods WilliamMillan, AndrewClark, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 EnumerationofCorrelationImmuneBooleanFunctions SubhamoyMaitraandPalashSarkar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 OntheSymmetricPropertyofHomogeneousBooleanFunctions ChengxinQu, JenniferSeberry, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . . 26 KeyManagement PubliclyVeri ableKeyEscrowwithLimitedTimeSpan KapaliViswanathan, ColinBoyd, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . 36 AcceleratingKeyEstablishmentProtocolsforMobileCommunication SeungwonLee, Seong-MinHong, HyunsooYoon, andYookunCho. . . . . . . . . 51 ConferenceKeyAgreementfromSecretSharing Chih-HungLiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Cryptanalysis Onm-PermutationProtectionSchemeAgainstModi cationAttack W. W. FungandJ. W. Gray, III. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 InversionAttackandBranching JovanDj. Golic, AndrewClark, andEdDawson . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Signatures Fail-StopThresholdSignatureSchemesBasedonEllipticCurves WillySusilo, ReiSafavi-Naini, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . 103 DivertibleZero-KnowledgeProofofPolynomialRelationsand BlindGroupSignature KhanhQuocNguyen, YiMu, andVijayVaradharajan. . . . . . . . . . . . . . . . . . . . 117 RepudiationofCheatingandNon-repudiationof Zhang sProxySignatureSchemes HosseinGhodosiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 X TableofContents RSACryptosystems OntheSecurityofanRSABasedEncryptionScheme SigunaMul ]ler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 GeneralisedCyclingAttacksonRSAandStrongRSAPrimes MarcGysinandJenniferSeberry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 RSAAccelerationwithFieldProgrammableGateArrays AlexanderTiountchikandElenaTrichina. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 GroupCryptography ChangingThresholdsintheAbsenceofSecureChannels KeithM. Martin, JosefPieprzyk, ReiSafavi-Naini, andHuaxiongWang . 177 ASelf-Certi edGroup-OrientedCryptosystemWithoutaCombiner ShahrokhSaeedniaandHosseinGhodosi . . . . . . . . . . . . . . . . . . . .

This book constitutes the thoroughly refereed post-workshop proceedings of the 6th International Workshop on Security Protocols held in Cambridge, UK in April 1998.
The 15 revised papers presented as position statements are followed by transcripts of the discussions between the authors and the audience. Also included is a report on the final panel discussion on future directions in security protocols research and developments. Thus the volume reflects the lively interaction at the workshop. The papers are devoted to the interrelations between trust and delegation, exploring the implications and effects of these upon such issues as authorization, security policy, and cryptosystems and component design.

EUROCRYPT '99, the seventeenth annual Eurocrypt Conference, was sp- soredbytheInternationalAssociationforCryptologicResearch(IACR), inco- erationwiththeGroupofCryptologywithintheUnionofCzechMathematicians and Physicists. The GeneralChair, JaroslavHruby, wasresponsiblefor the ov- allorganizationoftheconferenceinthebeautiful cityofPrague. Letmemention that it was a pleasure to work together: although we were in di erent locations, we managed to stay in close contact and maintain a smooth organization of the conference. The Program Committee, consisting of 21 members, considered 120 papers and selected 32 for presentation. In addition, Ross Anderson kindly agreed to chairthetraditionalrumpsessionforinformalshortpresentationsofnewresults. These proceedings include the revised versions of the 32 papers accepted by the Program Committee. These papers were selected on the basis of originality, quality, and relevance to cryptography. As a result, they should give a proper picture of how the eld is evolving. Revisions were not checked and the authors bear full responsibility for the contents of their papers. The selection of papers was a di cult and challenging task. Eachsubmission was refereed by at least three reviewers and most had four reports or more. I wish to thank the program committee members, who did an excellent job. In addition, I gratefully acknowledge the help of a large number of colleagues who reviewed submissions in their areas of expertise.

This book constitutes the refereed proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, PKC'99, held in Kamakura, Japan in March 1999. The 25 revised full papers presented were carefully reviewed and selected from a total of 61 submissions. The volume reports most recent research results on all relevant aspects in public key cryptography. Among the topics covered are digital signatures, anonymous finger printing, message authentication, digital payment, key escrow, RSA systems, hash functions, decision oracles, random numbers, finite field computations, pay-per-view-systems, and electronic commerce.

The 1999 International Information Security Workshop, ISW'99, was held on Monash University's Malaysia Campus, which is about 20km to the south west of downtown Kuala Lumpur, November 6-7, 1999. ISW'99soughtadi erentgoalfromitspredecessor, ISW'97, heldinIshikawa, Japan, whose proceedings were published as Volume 1396 of Springer Verlag's LNCS series. The focus of ISW'99 wason the following emerging areasof imp- tance in information security: multimedia watermarking, electronic cash, secure software components and mobile agents, and protection of software. Theprogramcommitteereceived38fullsubmissionsfrom12countriesand- gions: Australia, China, France, Germany, Hong Kong, Japan, Korea, Malaysia, Singapore, Spain, Taiwan, and USA, and selected 23 of them for presentation. Among the 23 presentations, 19 were regular talks and the remaining 4 were short talks. Each submission was reviewed by at least two expert referees. We are grateful to the members of the program committee for reviewing and selecting papers in a very short period of time. Their comments helped the authors improve the n al version of their papers. Our thanks also go to Patrick McDaniel, Masaji Kawahara, and Yasuhiro Ohtaki who assisted in reviewing papers. In addition, we would like to thank all the authors, including those whose submissions were not accepted, for their contribution to the success of this workshop. The workshop was organized with the help of local committee members, - cluding Cheang Kok Soon, Hiew Pang Leang, Lily Leong, and Robin Pollard.

The Department of Electrical Engineering-ESAT at the Katholieke Universiteit Leuven regularly runs a course on the state of the art and evolution of computer security and industrial cryptography. The rst course took place in 1983, the second in 1989, and since then the course has been a biennial event. The course is intended for both researchers and practitioners from industry and government. It covers the basic principles as well as the most recent - velopments. Our own interests mean that the course emphasizes cryptography, but we also ensure that the most important topics in computer security are covered. We try to strike a good balance between basic theory and real-life - plications, between mathematical background and judicial aspects, and between recent technical developments and standardization issues. Perhaps the greatest strength of the course is the creation of an environment that enables dialogue between people from diverse professions and backgrounds. In 1993, we published the formal proceedings of the course in the Lecture Notes in Computer Science series (Volume 741). Since the el d of cryptography has advanced considerably during the interim period, there is a clear need to publish a new edition. Since 1993, several excellent textbooks and handbooks on cryptology have been published and the need for introductory-level papers has decreased. The growth of the main conferences in cryptology (Eurocrypt, Crypto, and Asiacrypt) shows that interest in the eld is increasing

The mid-1990ssaw an exciting convergenceof a number of dieren t information protection technologies, whose theme was the hiding (as opposed to encryption) of information. Copyright marking schemes are about hiding either copyright notices or individual serial numbers imperceptibly in digital audio and video, as a component in intellectual property protection systems; anonymous c- munication is another area of rapid growth, with people designing systems for electronic cash, digital elections, and privacy in mobile communications; se- rity researchers are also interested in 'stray' communication channels, such as those which arise via shared resourcesin operating systems or the physical le- age of information through radio frequency emissions; and n ally, many workers in these elds drew inspiration from 'classical' hidden communication methods such as steganography and spread-spectrum radio. The rst international workshop on this new emergent discipline of inf- mation hiding was organised by Ross Anderson and held at the Isaac Newton Institute, Cambridge, from the 30th May to the 1st June 1996, and was judged by attendees to be a successful and signi cant event. In addition to a number of research papers, we had invited talks from David Kahn on the history of steganography and from Gus Simmons on the history of subliminal channels. We also had a number of discussion sessions, culminating in a series of votes on common terms and de nitions. These papers and talks, together with minutes of the discussion, can be found in the proceedings, which are published in this series as Volume 1174.

Computers and their interactions are becoming the characteristic features of our time: Many people believe that the industrial age is going over into the information age. In the same way as life of the beginning of this century was dominated by machines, factories, streets and railways, the starting century will be characterised by computers and their networks. This change naturally affects also the institutions and the installations our lives depend upon: power plants, including nuclear ones, chemical plants, mechanically working factories, cars, railways and medical equipment; they all depend on computers and their connections. In some cases it is not human life that may be endangered by computer failure, but large investments; e. g. if a whole plant interrupts its production for a long time. In addition to loss of life and property one must not neglect public opinion, which is very critical in many countries against major technical defects. The related computer technology, its hardware, software and production process differ between standard applications and safety related ones: In the safety case it is normally not only the manufacturers and the customers that are involved, but a third party, usually an assessor, who is taking care of the public interest on behalf of a state authority. Usually safety engineers are in a better position than their colleagues from the conventional side, as they may spend more time and money on a particular task and use better equipment.

This book constitutes the refereed proceedings of the 5th European Symposium on Research in Computer Security, ESORICS 98, held in Louvain-la-Neuve, Belgium, in September 1998.
The 24 revised full papers presented were carefully reviewed and selected from a total of 57 submissions. The papers provide current results from research and development in design and specification of security policies, access control modelling and protocol analysis, mobile systems and anonymity, Java and mobile code, watermarking, intrusion detection and prevention, and specific threads.

This book constitutes the refereed proceedings of the Third Australasian Conference on Information Security and Privacy, ACISP'98, held in Brisbane, Australia, in Kuly 1998.
The volume presents 35 revised full papers selected from a total of 66 submissions; also included are two invited contributions. The book is divided in sections on network security, block ciphers, stream ciphers, authorization codes and Boolean functions, software security and electronic commerce, public key cryptography, hardware, access control, protocols, secret sharing, and digital signatures.

This book constitutes the refereed proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography, PKC'98, held in Pacifico Yokohama, Japan, in February 1998.
The volume presents four invited contributions together with 18 revised full papers selected from 30 submissions. The papers address all current issues in research and design in the area including digital signature schemes, digital payment systems, electronic commerce, cryptographic protocols, as well as foundational issues like integer factorization, elliptic curve aspects, hash functions, finite fields, etc.

This book constitutes the thoroughly refereed post-workshop proceedings of the 5th Annual International Workshop on Selected Areas in Cryptography, SAC '98, held in Kingston, Ontario, Canada in August 1998.
The 26 revised full papers presented together with two invited papers were carefully selected from 39 submissions after two rounds of reviewing and revision. The book is divided in topical sections on designs of secret key cryptosystems, randomness and computational issues, analysis of secret key cryptosystems, cryptographic systems, design and implementation of secret key cryptosystems, and attacks on secret key cryptosystems.

In July 1998, a summer school in cryptology and data security was organized atthecomputersciencedepartmentofAarhusUniversity, Denmark.Thistook place as a part of a series of summer schools organized by the European Edu- tional Forum, an organizationconsisting of the researchcenters TUCS (Finland), IPA(Holland)andBRICS(Denmark, Aarhus).Thelocalorganizingcommittee consisted of Jan Camenisch, Janne Christensen, Ivan Damga? ard (chair), Karen Moller, andLouisSalvail.ThesummerschoolwassupportedbytheEuropean Union. Modern cryptology is an extremely fast growing ?eld and is of fundamental importance in very diverse areas, from theoretical complexity theory to practical electroniccommerceontheInternet.Wethereforesetouttoorganizeaschool that would enable young researchers and students to obtain an overview of some mainareas, coveringboththeoreticalandpracticaltopics.Itisfairtosaythat the school was a success, both in terms of attendance (136 participants from over20countries)andintermsofcontents.Itisapleasuretothankallofthe speakers for their cooperation and the high quality of their presentations. A total of 13 speakers gave talks: Mihir Bellare, University of California, San Diego; Gilles Brassard, University of Montreal; David Chaum, DigiCash; Ronald Cramer, ETH Zur ] ich; Ivan Damg? ard, BRICS; Burt Kaliski, RSA Inc.; Lars Knudsen, Bergen University; Peter Landrock, Cryptomathic; Kevin Mc- Curley, IBM Research, Almaden; Torben Pedersen, Cryptomathic; Bart Preneel, Leuven University; Louis Salvail, BRICS; Stefan Wolf, ETH Zur ] ich.