From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Handbook of Applied Cryptography

PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Random graphs

Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

/pdf/differential-power-analysis-4t7fjmuc7b.pdf

Differential Power Analysis

We study two families of error-correcting codes defined in terms of very sparse matrices "MN" (MacKay-Neal (1995)) codes are recently invented, and "Gallager codes" were first investigated in 1962, but appear to have been largely forgotten, in spite of their excellent properties The decoding of both codes can be tackled with a practical sum-product algorithm We prove that these codes are "very good", in that sequences of codes exist which, when optimally decoded, achieve information rates up to the Shannon limit This result holds not only for the binary-symmetric channel but also for any channel with symmetric stationary ergodic noise We give experimental results for binary-symmetric channels and Gaussian channels demonstrating that practical performance substantially better than that of standard convolutional and concatenated codes can be achieved; indeed, the performance of Gallager codes is almost as close to the Shannon limit as that of turbo codes

/pdf/good-error-correcting-codes-based-on-very-sparse-matrices-3kdz0lhhm4.pdf

Good error-correcting codes based on very sparse matrices

This report describes in detail the policy background, the systems that are being built, the problems with them, and the legal situation in the UK. An appendix looks at Europe, and examines in particular detail how France and Germany have dealt with these issues. Our report concludes with three suggested regulatory action strategies for the Commissioner: one minimal strategy in which he tackles only the clear breaches of the law, one moderate strategy in which he seeks to educate departments and agencies and guide them towards best practice, and finally a vigorous option in which he would seek to bring UK data protection practice in these areas more in line with normal practice in Europe, and indeed with our obligations under European law.

Children's Databases - Safety and Privacy

As security protocols are used to authenticate more transactions, they end up being relied on in legal proceedings. Designers often fail to anticipate this. Here we show how the EMV protocol – the dominant card payment system worldwide – does not produce adequate evidence for resolving disputes. We propose five principles for designing systems to produce robust evidence. We apply these principles to other systems such as Bitcoin, electronic banking and phone payment apps. We finally propose specific modifications to EMV that could allow disputes to be resolved more efficiently and fairly.

/pdf/security-protocols-and-evidence-where-many-payment-systems-1gl2y1r5vb.pdf

Security Protocols and Evidence: Where Many Payment Systems Fail

Software Defined Networks (SDN) aim to deconstruct current routers into a small number of controllers, which are general purpose machines, and a large number of switches that contain programmable forwarding engines. The vision is that, instead of the ad-hoc mechanisms used in current routers, we can build programmable networks using proper computer science abstractions. This technology is now at the startup stage, and is being deployed in the data centres of large web service firms.

/pdf/authentication-for-resilience-the-case-of-sdn-1yn0dja00f.pdf

Authentication for Resilience: The Case of SDN

The author shows an easy way to construct weak keys for RSA. Furthermore, it appears to be hard to tell that these keys are weak without knowledge of a secret. This emphasises the general proposition that key generation requires extremely careful attention when designing, certifying and purchasing cryptographic systems.

Practical RSA trapdoor

Serpent should be chosen because it is the most secure of the AES finalists. Not only does it have ample safety margin, but its simple structure enables us to be sure that none of the currently known attacks will work. It is also simple to check that an implementation is correct. Although Serpent is not as fast as the other finalists on the 200 MHz Pentium machine used for round 1 benchmarking, this disadvantage largely disappears when we consider the likely platforms and applications of the 21st century. In hardware, for example, Serpent has easily the best performance, while on IA64 it’s second.

Ross Anderson

Papers

Children's Databases - Safety and Privacy

Security Protocols and Evidence: Where Many Payment Systems Fail

Authentication for Resilience: The Case of SDN

Practical RSA trapdoor

The Case for Serpent