Notes

References

[1] S. G. Akl and P. D. Taylor. Cryptographic solution to a problem of
access control in a hierarchy. ACM TOCS, 1(3):239–248, 1983.

[2] R. Anderson. The classification of hash functions. In IMA Conference
in Cryptography and Coding, pages 83–94, 1993.

[3] A. Babenhauserheide. Phex 3.0.0 released. Website from 7th June
2009. http://www.phex.org/mambo/content/view/80/58/.

[4] M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for
message authentication. In Advances in Cryptology, CRYPTO ’96,
LNCS, volume 1109, pages 1–15, 1996.

[5] M. Bellare and P. Rogaway. Random oracles are practical: a paradigm
for designing efficient protocols. In CCS 93, ACM, pages 62–73, 1993.

[6] M. Bellare and P. Rogaway. The exact security of digital signatures –
how to sign with RSA and Rabin. In Advances in Cryptology, EUROCRYPT
’96, LNCS, volume 1070, pages 399–416, 1996.

[7] F. Bergadano, D. Cavagnino, and B. Crispo. Chained stream authentication.
In SAC ’00, LNCS, volume 2012, pages 144–157, 2001.

[8] D. J. Bernstein. The Salsa20 stream cipher. In SKEW ’05, ECRYPT,
2005. http://www.ecrypt.eu.org/stream/salsa20p2.html.

[9] K. Bicakci and N. Baykal. Infinite length hash chains and their applications.
In WETICE ’02, IEEE, pages 57–61, 2002.

[10] D. Bleichenbacher and U. M. Maurer. Directed acyclic graphs, one-way
functions and digital signatures. In Advances in Cryptology, CRYPTO
’94, LNCS, volume 839, pages 75–82, 1994.

[11] D. Bleichenbacher and U. M. Maurer. On the efficiency of one-time digital
signatures. In Advances in Cryptology, ASIACRYPT ’96, LNCS,
volume 1163, pages 145–158, 1996.

[12] D. Bleichenbacher and U. M. Maurer. Optimal tree-based one-time
digital signature schemes. In STACS ’96, LNCS, volume 1046, pages
363–374, 1996.

[13] R. Blom. An optimal class of symmetric key generation systems. In
Advances in Cryptology, EUROCRYPT ’84, LNCS, volume 209, pages
335–338, 1985.

[14] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and
M. Yung. Perfectly-secure key distribution for dynamic conferences.
In Advances in Cryptology, CRYPTO ’92, LNCS, volume 740, pages
471–486, 1993.

[15] C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment.
Springer, 2003.

[16] P. G. Bradford and O. V. Gavrylyako. Hash chains with diminishing
ranges for sensors. In ICPPW ’04, IEEE, pages 77–83, 2004.

[17] F. Brandt. Cryptographic protocols for secure second-price auctions.
In CIA ’01, LNAI, volume 2182, pages 154–165, 2001.

[18] C. Bron and J. Kerbosch. Algorithm 457: finding all cliques of an
undirected graph. Communications of the ACM, 16(9):575–577, 1973.

[19] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas.
Multicast security: A taxonomy and some efficient constructions. In
INFOCOM ’99, IEEE, volume 2, pages 708–716, 1999.
BIBLIOGRAPHY 216

[20] R. Canetti, T. Malkin, and K. Nissim. Efficient communication-storage
tradeoffs for multicast encryption. In Advances in Cryptology, EUROCRYPT
’99, LNCS, volume 1592, pages 459–474, 1999.

[21] I. Chang, R. Engel, D. Kandlur, D. Pendarakis, and D. Saha. Key management
for secure internet multicast using boolean function minimization
techniques. In INFOCOM ’99, IEEE, volume 2, pages 689–698,
1999.

[22] S. Chang and M. Dworkin. Workshop report: The first cryptographic
hash workshop. Technical report, National Institute of Standards
and Technology, Information Technology Laboratory, National
Institute of Standards and Technology, Gaithersburg, MD 20899,
2005. http://www.csrc.nist.gov/pki/HashWorkshop/2005/HashWshop
2005 Report.pdf.

[23] J. Crampton, K. Martin, and P. Wild. An exposition of key assignment
schemes. Unpublished manuscript, 2005.

[24] J. Crampton, K. Martin, and P. Wild. On key assignment for hierarchical
access control. In CSFW ’06, IEEE, pages 98–111, 2006.

[25] I. B. Damg°ard. Collision free hash functions and public key signature
schemes. In Advances in Cryptology, EUROCRYPT ’87, LNCS, volume
304, 1987.

[26] I. B. Damg°ard. The application of claw free functions in cryptography.
PhD thesis, Aarhus University, Mathematical Institute, 1988.

[27] D. W. Davies and W. L. Price. The Application of Digital Signatures
Based on Public Key Cryptosystems. National Physical Laboratory,
1980.

[28] D. W. Davies and W. L. Price. Security for computer networks: An introduction
to data security in teleprocessing and electronic funds transfer.
John Wiley & Sons, Ltd., 1984.

[29] H. Delfs and H. Knebl. Introduction to Cryptography: principles and
applications. Springer, 2002.

[30] D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols.
Communications of the ACM, 24(8):533–536, 1981.

[31] A. Dent and Mitchell C. User’s Guide To Cryptography And Standards.
Artech House Publishers, 2004.

[32] R. Di Pietro, A. Durante, L. V. Mancini, and V. Patil. Short paper:
Practically unbounded one-way chains for authentication with backward
secrecy. In SECURECOMM ’05, IEEE, pages 400–402, 2005.

[33] R. Di Pietro, A. Durante, L. V. Mancini, and V. Patil. Addressing
the shortcomings of one-way chains. In ASIACCS ’06, ACM, pages
289–296, 2006.

[34] W. Diffie and M. Hellman. New directions in cryptography. IEEE
Transactions on Information Theory, 22(6):644–654, 1976.

[35] W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authentication
and authenticated key exchanges. Designs, Codes and Cryptography,
2(2):107–125, 1992.

[36] A. Evans Jr., W. Kantrowitz, and E. Weiss. A user authentication
scheme not requiring secrecy in the computer. Communications of the
ACM, 17(8):437–442, 1974.

[37] S. Even. A protocol for signing contracts. SIGACT News, ACM,
15(1):34–39, 1983.

[38] W. Feller. An Introduction to Probability Theory and Its Applications.
Wiley, third edition, 1968.

[39] A. Fiat and M. Naor. Broadcast encryption. In Advances in Cryptology,
CRYPTO ’93, LNCS, volume 773, pages 480–491, 1994.

[40] P. Flajolet and A. M. Odlyzko. Random mapping statistics. In Advances
in Cryptology, EUROCRYPT ’89, LNCS, volume 434, pages
329–354, 1990.

[41] L. Gong. Variations on the themes of message freshness and replay
or the difficulty in devising formal methods to analyze cryptographic
protocols. In CSFW ’93, IEEE, pages 131–136, 1993.

[42] V. Goyal. Construction and traversal of hash chain with public links.
Cryptology ePrint Archive, Report 2004/371, 2004. http://eprint.
iacr.org/2004/371.

[43] V. Goyal. How to re-initialize a hash chain. Cryptology ePrint Archive,
Report 2004/097, 2004. http://eprint.iacr.org/2004/097.

[44] B. Groza and T. Dragomir. On the use of one-way chain based authentication
protocols in secure control systems. In ARES ’07, IEEE,
pages 1214–1221, 2007.

[45] E. Gudes. The design of a cryptography based secure file system. IEEE
Transactions on Software Engineering, 6(5):411–420, 1980.

[46] Z. Gutterman, B. Pinkas, and T. Reinman. Analysis of the linux random
number generator. In SP ’06, IEEE, pages 371–385, 2006.

[47] N. Haller. The S/KEY one-time password system. In Proceedings of the
Symposium on Network and Distributed System Security, ISOC, pages
151–157, 1994.

[48] N. Haller, C. Metz, P. Nesser, and M. Straw. Requests for comments:
2289, a one-time password system. The Internet Engineering Task
Force, February 1998. ftp://ftp.rfc-editor.org/in-notes/rfc2289.
txt.

[49] L. Harn and W. Hsin. On the security of wireless network access with
enhancements. In WiSe ’03, ACM, pages 88–95, 2003.

[50] R. Hauser, M. Steiner, and M. Waidner. Micro-payments based on
iKP. In SECURICOM ’96, pages 67–82, 1996.

[51] M. E. Hellman. A cryptanalytic time-memory trade off. IEEE Transactions
on Information Theory, 26:401–406, 1980.

[52] K. Hong, S. Jung, and F. S. Wu. A hash-chain based authentication
scheme for fast handover in wireless network. In WISA ’05, LNCS,
volume 3786, pages 96–107, 2006.

[53] Y. Hu, D. Johnson, and A. Perrig. Sead: Secure efficient distance
vector routing for mobile wireless ad hoc networks. In WMCSA ’02,
IEEE, pages 3–13, 2002.

[54] Y. Hu, A. Perrig, and D. Johnson. Packet leashes: A defense against
wormhole attacks in wireless ad hoc networks. In INFOCOM ’03,
IEEE, volume 3, pages 1976–1986, 2003.

[55] Y. C. Hu, M. Jakobsson, and A. Perrig. Efficient constructions for oneway
hash chains. In ACNS ’05, LNCS, volume 3531, pages 423–441,
2005.

[56] R. Impagliazzo and S. Rudich. Limits on the provable consequences of
one-way permutations. In STOC ’89, ACM, pages 44–61, 1989.

[57] ISO/IEC. ISO/IEC 9798-4, Information Technology – Security Techniques
– Entity Authentication – Part 4: Mechanisms Using a Cryptographic
Check Function. 1999.

[58] M. Joye and S. Yen. One-way cross-trees and their applications. In
PKC ’02, LNCS, volume 2274, pages 346–356, 2002.

[59] R. M. Karp. Reducibility among combinatorial problems. In Complexity
of Computer Computations, pages 85–103. Plenum Press, 1972.

[60] E. Kim, H. Kim, and K. Park. Provisioning protected resource sharing
in multi-hop wireless networks. Cryptology ePrint Archive, Report
2006/382, 2006. http://eprint.iacr.org/2006/382.

[61] Y. Kim, A. Perrig, and G. Tsudik. Simple and fault-tolerant key agreement
for dynamic collaborative groups. In CCS ’00, ACM, pages 235–
244, 2000.

[62] J. Kohl and C. Neuman. Requests for comments: 1510, the Kerberos
network authentication service (V5). The Internet Engineering
Task Force, September 1993. ftp://ftp.rfc-editor.org/in-notes/
rfc1510.txt.

[63] H. Kurnio, R. Safavi-Naini, and H. Wang. A secure re-keying scheme
with key recovery property. In ACISP ’02, LNCS, volume 2384, pages
40–55, 2002.

[64] X. Lai and J. L. Massey. Hash functions based on block ciphers. In
Advances in Cryptology, EUROCRYPT ’92, LNCS, volume 658, pages
55–70, 1993.

[65] K. Lam and T. Beth. Timely authentication in distributed systems. In
ESORICS 92, LNCS, volume 648, pages 293–303, 1992.

[66] K. Lam and D. Gollmann. Freshness assurance of authentication protocols.
In ESORICS 92, LNCS, volume 648, pages 261–272, 1992.

[67] L. Lamport. Time, clocks and the ordering of events in a distributed
system. Communications of the ACM, 21(7):558–565, 1978.

[68] L. Lamport. Constructing digital signatures from a one-way function.
Technical report, CSL-98, SRI International, October 1979.

[69] L. Lamport. Password authentication with insecure communication.
Communications of the ACM, 24(11):770–772, 1981.

[70] J. Lee and D. Stinson. Tree based key distribution patterns. SAC ’05,
LNCS, 3897:189–204, 2006.

[71] S. Lee, H. Kim, and K. Chung. Hash based secure sensor network
programming method without public key cryptography. In WSW ’06,
ACM, 2006.

[72] T. Leighton and S. Micali. Large provably fast and secure digital signature
schemes based on secure hash functions, 1993. U.S. Patent No.
5,432,852.

[73] Limegroup. Hash tree - limewire consolidated api. Website from
7th June 2009. http://www.limewire.org/nightly/javadocs/com/
limegroup/gnutella/tigertree/HashTree.html.

[74] I. Lin, M. Hwang, and C. Chang. The general pay-word: A micropayment
scheme based on n-dimension one-way hash chain. Designs,
Codes and Cryptography, 36(1):53–67, 2005.

[75] H. Lipmaa, N. Asokan, and V. Niemi. Secure Vickrey auctions without
threshold trust. In FC ’02, LNCS, volume 2357, pages 87–101, 2003.

[76] D. Liu and P. Ning. Efficient distribution of key chain commitments for
broadcast authentication in distributed sensor networks. In NDSS ’03,
ISOC, 2003.

[77] D. Liu, P. Ning, and K. Sun. Efficient self-healing group key distribution
with revocation capability. In CCS ’03, ACM, pages 231–240,
2003.

[78] W. Mao. Modern Cryptography: Theory and Practice. Prentice Hall
PTR, first edition, 2003.

[79] K. M. Martin. The combinatorics of cryptographic key establishment.
Surveys in Combinatorics, CUP, pages 223–273, 2007.

[80] P. Mcafee and J. Mcmillan. Auctions and bidding. Journal of Economic
Literature, 25(2):699–738, 1987.

[81] E. J. McCluskey. Minimization of boolean functions. The Bell System
Technical Journal, 35(5):1417–1444, November 1956.

[82] D. A. McGrew and A. T. Sherman. Key establishment in large dynamic
groups using one-way function trees. IEEE Transactions on Software
Engineering, 29(5):444–458, 2003.

[83] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of
Applied Cryptography. CRC, October 1996. http://www.cacr.math.
uwaterloo.ca/hac/.

[84] R. C. Merkle. Secrecy, Authentication, and Public Key Systems. PhD
thesis, Stanford University, 1979.

[85] R. C. Merkle. A digital signature based on a conventional encryption
function. In Advances in Cryptology, CRYPTO ’87, LNCS, volume
293, pages 369–378, 1988.

[86] R. C. Merkle. One way hash functions and DES. In Advances in
Cryptology, CRYPTO ’89, LNCS, volume 435, pages 428–446, 1989.

[87] C. Mitchell and F. Piper. Key storage in secure networks. Discrete
Applied Mathematics, 21(3):215–228, 1988.

[88] R. A. Mollin. An Introduction to Cryptography. CRC Press, Inc., 2000.

[89] R. Morris and K. Thompson. Password security: A case history. Communications
of the ACM, 22(11):594–597, 1979.

[90] M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions and
mechanism design. In EC ’99, ACM, pages 129–139, 1999.

[91] M. Naor and M. Yung. Universal one-way hash functions and their
cryptographic applications. In STOC ’89, ACM, pages 33–43, 1989.

[92] National Institute of Standards and Technology. NIST’s policy on
hash functions. Website from 31st July 2008. http://csrc.nist.gov/
groups/ST/hash/policy.html.

[93] National Institute of Standards and Technology. Digital signature standard.
Technical Report 186, Federal Information Processing Standards
Publications, May 1994.

[94] National institute of standards and technology. FIPS 180-2, secure hash
standard, Federal Information Processing Standard (FIPS), publication
180-2. Technical report, Department of Commerce, August 2002.
BIBLIOGRAPHY 223

[95] National Institute of Standards and Technology. Announcing request
for candidate algorithm nominations for a new cryptographic hash algorithm
(SHA-3) family. Technical report, Department of Commerce,
November 2007.

[96] J. Nechvatal and S. Chang. Workshop report: The second cryptographic
hash workshop. Technical report, National Institute of
Standards and Technology, Information Technology Laboratory, National
Institute of Standards and Technology, Gaithersburg, MD
20899, 2006. http://www.csrc.nist.gov/pki/HashWorkshop/2006/
SecondHashWshop2006Report.pdf.

[97] P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In
Advances in Cryptology, CRYPTO ’03, LNCS, volume 2729, pages
617–630, 2003.

[98] T. Okamoto. Provably secure and practical identification schemes and
corresponding signature schemes. In Advances in Cryptology, CRYPTO
’92, LNCS, volume 740, pages 31–53, 1993.

[99] K. Omote and A. Miyaji. An anonymous aution protocol with a single
non-trusted center using binary trees. In ISW ’00, LNCS, volume 1975,
pages 108–120, 2000.

[100] C. Padr´o, I. Gracia, S. M. Mollev´ı, and P. Morillo. Linear key predistribution
schemes. Designs, Codes and Cryptography, 25(3):281–298,
2002.

[101] H. Pagnia, H. Vogt, and F. Gartner. Fair exchange. The Computer
Journal, OUP, 46(1):55–75, 2003.

[102] V. Patil and R. Shyamasundar. e-coupons: An efficient, secure and
delegable micro-payment system. Information Systems Frontiers, 7(4–
5):371–389, 2005.

[103] T. P. Pedersen. Electronic payments of small amounts. In Security
Protocols ’96, LNCS, volume 1189, pages 59–68, 1996.

[104] A. Perrig. The BiBa one-time signature and broadcast authentication
protocol. In CCS ’01, ACM, pages 28–37, 2001.

[105] A. Perrig, R. Canetti, J. D. Tygar, and D. Song. Efficient authentication
and signing of multicast streams over lossy channels. In SP ’00,
IEEE, pages 56–73, 2000.

[106] A. Perrig, D. Song, and J. D. Tygar. ELK, a new protocol for efficient
large-group key distribution. In SP ’01, IEEE. IEEE Computer Society,
2001.

[107] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler. Spins:
security protocols for sensor networks. Wireless Networks, 8(5):521–
534, September 2002.

[108] J. Pieprzyk, H. Wang, and C. Xing. Multiple-time signature schemes
against adaptive chosen message attacks. In SAC ’03, LNCS, volume
3006, pages 88–100, 2004.

[109] J. M. Pollard. A Monte Carlo method for factorization. BIT Numerical
Mathematics, 15(3):331–334, 1975.

[110] N. Prakobpol and Y. Permpoontanalarp. Multi-dimensional hash chain
for sealed-bid auction. In WISA ’03, LNCS, volume 2908, pages 257–
271, 2004.

[111] B. Preneel. Analysis and design of cryptographic hash functions. PhD
thesis, Katholieke Universiteit Leuven, Belgium, 1993.

[112] B. Preneel and P. C. van Oorschot. On the security of iterated message
authentication codes. IEEE Transactions on Information Theory,
45(1):188–199, 1999.

[113] J. Proos and C. Zalka. Shor’s discrete logarithm quantum algorithm
for elliptic curves. Quantum Information and Computation, 3:317–344,
2003.

[114] M. O. Rabin. Digitalized signatures. Foundations of Secure Computation,
Academic Press, pages 155–166, 1978.

[115] M. Ramkumar and N. Memon. An efficient key predistribution scheme
for ad hoc network security. IEEE Journal on Selected Areas in Communications,
23(3):611–621, 2005.

[116] M. Ramkumar and N. Memon. A hierarchical key predistribution
scheme. In EIT ’05, IEEE, 2005.

[117] K. C. Reddy and Divya Nalla. Identity based authenticated group key
agreement protocol. In Advances in Cryptology, INDOCRYPT ’02,
LNCS, volume 2551, pages 215–233, 2002.

[118] L. Reyzin and N. Reyzin. Better than BiBa: Short one-time signatures
with fast signing and verifying. In ACISP ’02, LNCS, volume 2384,
pages 144–153, 2002.

[119] R. L. Rivest and A. Shamir. PayWord and MicroMint: Two simple
micropayment schemes. In 1996 International Workshop on Security
Protocols, LNCS, volume 1189, pages 69–87, 1997.

[120] R. L. Rivest, A. Shamir, and D. A. Wagner. Time-lock puzzles and
timed-release crypto. Technical Report MIT/LCS/TR-684, Massachusetts
Institute of Technology, 1996.

[121] P. Rogaway. Formalizing human ignorance collision-resistant hashing
without the keys. In Progress in Cryptology, VIETCRYPT ’06, LNCS,
volume 4341, pages 211–228, 2006.

[122] P. Rogaway and T. Shrimpton. Cryptographic hash-function basics:
Definitions, implications, and separations for preimage resistance,
second-preimage resistance, and collision resistance. In FSE ’04, LNCS,
volume 3017, pages 371–388, 2004.

[123] T. Sandholm. Issues in computational Vickrey auctions. IJEC,
4(3):107–129, 2000.

[124] R. S. Sandhu. Cryptographic implementation of a tree hierarchy for
access control. Information Processing Letters, 27(2):95–98, 1988.

[125] C. E. Shannon. A mathematical theory of communication. Bell System
Technical Journal, 27:379–423 and 623–656, 1948.

[126] P. W. Shor. Polynomial-time algorithms for prime factorization and
discrete logarithms on a quantum computer. SIAM Journal on Computing,
26(5):1484–1509, 1997.

[127] G. J. Simmons. Contemporary Cryptology: The Science of Information
Integrity. IEEE, 1994.

[128] D. R. Simon. Finding collisions on a one-way street: Can secure hash
functions be based on general assumptions? In Advances in Cryptology,
EUROCRYPT ’98, LNCS, volume 1403, pages 334–345, 1998.

[129] W. Simpson. Requests for Comments: 1994, PPP Challenge Handshake
Authentication Protocol (CHAP). The Internet Engineering Task
Force, August 1996. ftp://ftp.rfc-editor.org/in-notes/rfc1994.
txt.

[130] N. P. Smart. An identity based authenticated key agreement protocol
based on the Weil pairing. Cryptology ePrint Archive, 2001. http:
//eprint.iacr.org/2001/111.

[131] W. R. Speirs II and S. S. Wagstaff Jr. Dynamic cryptographic hash
functions. Cryptology ePrint Archive, Report 2006/477, 2006. http:
//eprint.iacr.org/2006/477.

[132] E. Sperner. Ein Satz ¨uber Untermengen einer endlichen Menge. Mathematische
Zeitschrift, 27(1):544–548, 1928.

[133] J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean.
Self-healing key distribution with revocation. In SP ’02, IEEE. IEEE
Computer Society, 2002.

[134] D. Stinson. Cryptography: Theory and Practice. Chapman &
Hall/CRC, second edition, 2002.

[135] S. G. Stubblebine and P. F. Syverson. Fair on-line auctions without
special trusted parties. In FC ’99, LNCS, volume 1648, pages 230–240,
1999.

[136] K. Suzuki, K. Kobayashi, and H. Morita. Efficient sealed-bid auction
using hash chain. In ICISC ’00, LNCS, volume 2015, pages 183–191,
2001.

[137] T. Tedrick. Fair exchange of secrets. In Advances in Cryptology,
CRYPTO ’84, LNCS, volume 196, pages 434–438, 1985.

[138] W. Trappe and L. C. Washington. Introduction to Cryptography with
Coding Theory. Prentice Hall, second edition, 2005.

[139] J. Trevathan. Electronic auctions literature review. Unpublished manuscript,
2005. http://www.cs.jcu.edu.au/jarrod/lit.ps.

[140] “USR56K”. DC++ FAQ / Direct Connect FAQ - What is TTH (Tiger
Tree Hashing) (#9677). Website from 1st August 2008. http://www.
dslreports.com/faq/9677.

[141] H. C. A. van Tilborg. Encyclopedia of Cryptography and Security.
Springer-Verlag New York, Inc., 2005.

[142] S. Vaudenay. One-time identification with low memory. In EUROCODE
’92, CISM, pages 217–228, 1992.

[143] W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders.
Journal of Finance, 16(1):8–37, 1961.

[144] D. Wallner, E. Harder, and R. Agee. Requests for comments: 2627,
key management for multicast: Issues and architectures. The Internet
Engineering Task Force, June 1999. ftp://ftp.rfc-editor.org/
in-notes/rfc2627.txt.

[145] X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1.
In Advances in Cryptology, CRYPTO ’05, LNCS, volume 3621, pages
17–36, 2005.

[146] X. Wang and H. Yu. How to break MD5 and other hash functions.
In Advances in Cryptology, EUROCRYPT ’05, LNCS, volume 3494,
pages 19–35, 2005.

[147] Wikipedia. Random oracle — Wikipedia, the free encyclopedia.
Website, 2006. http://en.wikipedia.org/w/index.php?title=Random
oracle&oldid=78563553.

[148] Wikipedia. Cryptographic hash function — Wikipedia, the free encyclopedia.
Website, 2007. http://en.wikipedia.org/w/index.php?
title=Cryptographic hash function&oldid=100480738.

[149] Wikipedia. International standard book number — Wikipedia, the free
encyclopedia. Website, 2008. http://en.wikipedia.org/w/index.php?
title=International Standard Book Number&oldid=229141685.

[150] Wikipedia. Depth-first search — Wikipedia, the free encyclopedia.
Website, 2009. http://en.wikipedia.org/w/index.php?title=
Depth-first search&oldid=293976442.

[151] Wikipedia. Hash function — Wikipedia, the free encyclopedia.
Website, 2009. http://en.wikipedia.org/w/index.php?title=Hash
function&oldid=291989208.

[152] Wikipedia. Hash tree — Wikipedia, the free encyclopedia.
Website, 2009. http://en.wikipedia.org/w/index.php?title=Hash
tree&oldid=288106653.

[153] M. V. Wilkes. Time-Sharing Computer Systems. Elsevier Science Ltd,
1968.

[154] C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications
using key graphs. IEEE/ACM Transactions on Networking, 8(1):16–
30, 2000.

[155] X9F – Data & Information Security. Public Key Cryptography: The
Elliptical Curve Digital Signature Algorithm (ECDSA). Technical report,
Accredited Standards Committee, 2005.

[156] C. Yang and C. Li. Access control in a hierarchy using one-way hash
functions. Computers & Security, 23(8):659–664, December 2004.

[157] Y. Zheng, T. Hardjono, and J. Seberry. New solutions to the problem
of access control in a hierarchy. Technical report, Department of Computer
Science, University of Wollongong, 1993. http://www.sis.uncc.
edu/yzheng/publications/files/uow-cs-report-93-02.pdf.

[158] S. Zhong. A practical key management scheme for access control in
a user hierarchy. Computers and Security, 21(8):750–759, November
2002. http://www.cse.buffalo.edu/szhong/papers/hier.pdf.

[159] L. Zhou and C. V. Ravishankar. A fault localized scheme for false
report filtering in sensor networks. In ICPS ’05, IEEE, pages 59–68,
2005.

[160] G. Zorn. Requests for comments: 2759, Microsoft PPP CHAP Extensions,
Version 2. The Internet Engineering Task Force, January 2000.
ftp://ftp.rfc-editor.org/in-notes/rfc2759.txt.