Thomas Page (2009) The application of hash chains and hash structures to cryptography.
Full text access: Open
In this thesis we study how hash chains and other hash structures can be used in various cryptographic applications. In particular we focus on the applications of entity authentication, signatures and key establishment. We study recursive application of hash functions to create hash chains, hash trees and other hash structures. We collate all these to form a catalogue of structures that we apply to various cryptographic applications. We study existing work on authentication and create many entity authentication schemes based on structures from our catalogue. We present a novel algorithm to find efficient signature schemes from any given hash structure. We study some suggestions for suitable hash structures and define a particular scalable hash structure complete with a simple message to signature map that is the most efficient such scheme of which we know. We explore k-time signature schemes and identify two new properties, which we call perforated and porous. We look at the application of hash structures to key establishment schemes. We compare the existing schemes and make improvements on many. We present a new key establishment scheme, and show a link between certain k-time signatures and certain key establishment schemes. We look at the other applications of hash structures, and suggest areas in which our catalogue could be used for further development.
This is a Published version This version's date is: 04/08/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/a2b9ffc2-30cc-1c4a-7d3d-f018a511be21/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] S. G. Akl and P. D. Taylor. Cryptographic solution to a problem ofaccess control in a hierarchy. ACM TOCS, 1(3):239–248, 1983.
[2] R. Anderson. The classification of hash functions. In IMA Conferencein Cryptography and Coding, pages 83–94, 1993.
[3] A. Babenhauserheide. Phex 3.0.0 released. Website from 7th June2009. http://www.phex.org/mambo/content/view/80/58/.
[4] M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions formessage authentication. In Advances in Cryptology, CRYPTO ’96,LNCS, volume 1109, pages 1–15, 1996.
[5] M. Bellare and P. Rogaway. Random oracles are practical: a paradigmfor designing efficient protocols. In CCS 93, ACM, pages 62–73, 1993.
[6] M. Bellare and P. Rogaway. The exact security of digital signatures –how to sign with RSA and Rabin. In Advances in Cryptology, EUROCRYPT’96, LNCS, volume 1070, pages 399–416, 1996.
[7] F. Bergadano, D. Cavagnino, and B. Crispo. Chained stream authentication.In SAC ’00, LNCS, volume 2012, pages 144–157, 2001.
[8] D. J. Bernstein. The Salsa20 stream cipher. In SKEW ’05, ECRYPT,2005. http://www.ecrypt.eu.org/stream/salsa20p2.html.
[9] K. Bicakci and N. Baykal. Infinite length hash chains and their applications.In WETICE ’02, IEEE, pages 57–61, 2002.
[10] D. Bleichenbacher and U. M. Maurer. Directed acyclic graphs, one-wayfunctions and digital signatures. In Advances in Cryptology, CRYPTO’94, LNCS, volume 839, pages 75–82, 1994.
[11] D. Bleichenbacher and U. M. Maurer. On the efficiency of one-time digitalsignatures. In Advances in Cryptology, ASIACRYPT ’96, LNCS,volume 1163, pages 145–158, 1996.
[12] D. Bleichenbacher and U. M. Maurer. Optimal tree-based one-timedigital signature schemes. In STACS ’96, LNCS, volume 1046, pages363–374, 1996.
[13] R. Blom. An optimal class of symmetric key generation systems. InAdvances in Cryptology, EUROCRYPT ’84, LNCS, volume 209, pages335–338, 1985.
[14] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, andM. Yung. Perfectly-secure key distribution for dynamic conferences.In Advances in Cryptology, CRYPTO ’92, LNCS, volume 740, pages471–486, 1993.
[15] C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment.Springer, 2003.
[16] P. G. Bradford and O. V. Gavrylyako. Hash chains with diminishingranges for sensors. In ICPPW ’04, IEEE, pages 77–83, 2004.
[17] F. Brandt. Cryptographic protocols for secure second-price auctions.In CIA ’01, LNAI, volume 2182, pages 154–165, 2001.
[18] C. Bron and J. Kerbosch. Algorithm 457: finding all cliques of anundirected graph. Communications of the ACM, 16(9):575–577, 1973.
[19] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas.Multicast security: A taxonomy and some efficient constructions. InINFOCOM ’99, IEEE, volume 2, pages 708–716, 1999.BIBLIOGRAPHY 216
[20] R. Canetti, T. Malkin, and K. Nissim. Efficient communication-storagetradeoffs for multicast encryption. In Advances in Cryptology, EUROCRYPT’99, LNCS, volume 1592, pages 459–474, 1999.
[21] I. Chang, R. Engel, D. Kandlur, D. Pendarakis, and D. Saha. Key managementfor secure internet multicast using boolean function minimizationtechniques. In INFOCOM ’99, IEEE, volume 2, pages 689–698,1999.
[22] S. Chang and M. Dworkin. Workshop report: The first cryptographichash workshop. Technical report, National Institute of Standardsand Technology, Information Technology Laboratory, NationalInstitute of Standards and Technology, Gaithersburg, MD 20899,2005. http://www.csrc.nist.gov/pki/HashWorkshop/2005/HashWshop2005 Report.pdf.
[23] J. Crampton, K. Martin, and P. Wild. An exposition of key assignmentschemes. Unpublished manuscript, 2005.
[24] J. Crampton, K. Martin, and P. Wild. On key assignment for hierarchicalaccess control. In CSFW ’06, IEEE, pages 98–111, 2006.
[25] I. B. Damg°ard. Collision free hash functions and public key signatureschemes. In Advances in Cryptology, EUROCRYPT ’87, LNCS, volume304, 1987.
[26] I. B. Damg°ard. The application of claw free functions in cryptography.PhD thesis, Aarhus University, Mathematical Institute, 1988.
[27] D. W. Davies and W. L. Price. The Application of Digital SignaturesBased on Public Key Cryptosystems. National Physical Laboratory,1980.
[28] D. W. Davies and W. L. Price. Security for computer networks: An introductionto data security in teleprocessing and electronic funds transfer.John Wiley & Sons, Ltd., 1984.
[29] H. Delfs and H. Knebl. Introduction to Cryptography: principles andapplications. Springer, 2002.
[30] D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols.Communications of the ACM, 24(8):533–536, 1981.
[31] A. Dent and Mitchell C. User’s Guide To Cryptography And Standards.Artech House Publishers, 2004.
[32] R. Di Pietro, A. Durante, L. V. Mancini, and V. Patil. Short paper:Practically unbounded one-way chains for authentication with backwardsecrecy. In SECURECOMM ’05, IEEE, pages 400–402, 2005.
[33] R. Di Pietro, A. Durante, L. V. Mancini, and V. Patil. Addressingthe shortcomings of one-way chains. In ASIACCS ’06, ACM, pages289–296, 2006.
[34] W. Diffie and M. Hellman. New directions in cryptography. IEEETransactions on Information Theory, 22(6):644–654, 1976.
[35] W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authenticationand authenticated key exchanges. Designs, Codes and Cryptography,2(2):107–125, 1992.
[36] A. Evans Jr., W. Kantrowitz, and E. Weiss. A user authenticationscheme not requiring secrecy in the computer. Communications of theACM, 17(8):437–442, 1974.
[37] S. Even. A protocol for signing contracts. SIGACT News, ACM,15(1):34–39, 1983.
[38] W. Feller. An Introduction to Probability Theory and Its Applications.Wiley, third edition, 1968.
[39] A. Fiat and M. Naor. Broadcast encryption. In Advances in Cryptology,CRYPTO ’93, LNCS, volume 773, pages 480–491, 1994.
[40] P. Flajolet and A. M. Odlyzko. Random mapping statistics. In Advancesin Cryptology, EUROCRYPT ’89, LNCS, volume 434, pages329–354, 1990.
[41] L. Gong. Variations on the themes of message freshness and replayor the difficulty in devising formal methods to analyze cryptographicprotocols. In CSFW ’93, IEEE, pages 131–136, 1993.
[42] V. Goyal. Construction and traversal of hash chain with public links.Cryptology ePrint Archive, Report 2004/371, 2004. http://eprint.iacr.org/2004/371.
[43] V. Goyal. How to re-initialize a hash chain. Cryptology ePrint Archive,Report 2004/097, 2004. http://eprint.iacr.org/2004/097.
[44] B. Groza and T. Dragomir. On the use of one-way chain based authenticationprotocols in secure control systems. In ARES ’07, IEEE,pages 1214–1221, 2007.
[45] E. Gudes. The design of a cryptography based secure file system. IEEETransactions on Software Engineering, 6(5):411–420, 1980.
[46] Z. Gutterman, B. Pinkas, and T. Reinman. Analysis of the linux randomnumber generator. In SP ’06, IEEE, pages 371–385, 2006.
[47] N. Haller. The S/KEY one-time password system. In Proceedings of theSymposium on Network and Distributed System Security, ISOC, pages151–157, 1994.
[48] N. Haller, C. Metz, P. Nesser, and M. Straw. Requests for comments:2289, a one-time password system. The Internet Engineering TaskForce, February 1998. ftp://ftp.rfc-editor.org/in-notes/rfc2289.txt.
[49] L. Harn and W. Hsin. On the security of wireless network access withenhancements. In WiSe ’03, ACM, pages 88–95, 2003.
[50] R. Hauser, M. Steiner, and M. Waidner. Micro-payments based oniKP. In SECURICOM ’96, pages 67–82, 1996.
[51] M. E. Hellman. A cryptanalytic time-memory trade off. IEEE Transactionson Information Theory, 26:401–406, 1980.
[52] K. Hong, S. Jung, and F. S. Wu. A hash-chain based authenticationscheme for fast handover in wireless network. In WISA ’05, LNCS,volume 3786, pages 96–107, 2006.
[53] Y. Hu, D. Johnson, and A. Perrig. Sead: Secure efficient distancevector routing for mobile wireless ad hoc networks. In WMCSA ’02,IEEE, pages 3–13, 2002.
[54] Y. Hu, A. Perrig, and D. Johnson. Packet leashes: A defense againstwormhole attacks in wireless ad hoc networks. In INFOCOM ’03,IEEE, volume 3, pages 1976–1986, 2003.
[55] Y. C. Hu, M. Jakobsson, and A. Perrig. Efficient constructions for onewayhash chains. In ACNS ’05, LNCS, volume 3531, pages 423–441,2005.
[56] R. Impagliazzo and S. Rudich. Limits on the provable consequences ofone-way permutations. In STOC ’89, ACM, pages 44–61, 1989.
[57] ISO/IEC. ISO/IEC 9798-4, Information Technology – Security Techniques– Entity Authentication – Part 4: Mechanisms Using a CryptographicCheck Function. 1999.
[58] M. Joye and S. Yen. One-way cross-trees and their applications. InPKC ’02, LNCS, volume 2274, pages 346–356, 2002.
[59] R. M. Karp. Reducibility among combinatorial problems. In Complexityof Computer Computations, pages 85–103. Plenum Press, 1972.
[60] E. Kim, H. Kim, and K. Park. Provisioning protected resource sharingin multi-hop wireless networks. Cryptology ePrint Archive, Report2006/382, 2006. http://eprint.iacr.org/2006/382.
[61] Y. Kim, A. Perrig, and G. Tsudik. Simple and fault-tolerant key agreementfor dynamic collaborative groups. In CCS ’00, ACM, pages 235–244, 2000.
[62] J. Kohl and C. Neuman. Requests for comments: 1510, the Kerberosnetwork authentication service (V5). The Internet EngineeringTask Force, September 1993. ftp://ftp.rfc-editor.org/in-notes/rfc1510.txt.
[63] H. Kurnio, R. Safavi-Naini, and H. Wang. A secure re-keying schemewith key recovery property. In ACISP ’02, LNCS, volume 2384, pages40–55, 2002.
[64] X. Lai and J. L. Massey. Hash functions based on block ciphers. InAdvances in Cryptology, EUROCRYPT ’92, LNCS, volume 658, pages55–70, 1993.
[65] K. Lam and T. Beth. Timely authentication in distributed systems. InESORICS 92, LNCS, volume 648, pages 293–303, 1992.
[66] K. Lam and D. Gollmann. Freshness assurance of authentication protocols.In ESORICS 92, LNCS, volume 648, pages 261–272, 1992.
[67] L. Lamport. Time, clocks and the ordering of events in a distributedsystem. Communications of the ACM, 21(7):558–565, 1978.
[68] L. Lamport. Constructing digital signatures from a one-way function.Technical report, CSL-98, SRI International, October 1979.
[69] L. Lamport. Password authentication with insecure communication.Communications of the ACM, 24(11):770–772, 1981.
[70] J. Lee and D. Stinson. Tree based key distribution patterns. SAC ’05,LNCS, 3897:189–204, 2006.
[71] S. Lee, H. Kim, and K. Chung. Hash based secure sensor networkprogramming method without public key cryptography. In WSW ’06,ACM, 2006.
[72] T. Leighton and S. Micali. Large provably fast and secure digital signatureschemes based on secure hash functions, 1993. U.S. Patent No.5,432,852.
[73] Limegroup. Hash tree - limewire consolidated api. Website from7th June 2009. http://www.limewire.org/nightly/javadocs/com/limegroup/gnutella/tigertree/HashTree.html.
[74] I. Lin, M. Hwang, and C. Chang. The general pay-word: A micropaymentscheme based on n-dimension one-way hash chain. Designs,Codes and Cryptography, 36(1):53–67, 2005.
[75] H. Lipmaa, N. Asokan, and V. Niemi. Secure Vickrey auctions withoutthreshold trust. In FC ’02, LNCS, volume 2357, pages 87–101, 2003.
[76] D. Liu and P. Ning. Efficient distribution of key chain commitments forbroadcast authentication in distributed sensor networks. In NDSS ’03,ISOC, 2003.
[77] D. Liu, P. Ning, and K. Sun. Efficient self-healing group key distributionwith revocation capability. In CCS ’03, ACM, pages 231–240,2003.
[78] W. Mao. Modern Cryptography: Theory and Practice. Prentice HallPTR, first edition, 2003.
[79] K. M. Martin. The combinatorics of cryptographic key establishment.Surveys in Combinatorics, CUP, pages 223–273, 2007.
[80] P. Mcafee and J. Mcmillan. Auctions and bidding. Journal of EconomicLiterature, 25(2):699–738, 1987.
[81] E. J. McCluskey. Minimization of boolean functions. The Bell SystemTechnical Journal, 35(5):1417–1444, November 1956.
[82] D. A. McGrew and A. T. Sherman. Key establishment in large dynamicgroups using one-way function trees. IEEE Transactions on SoftwareEngineering, 29(5):444–458, 2003.
[83] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook ofApplied Cryptography. CRC, October 1996. http://www.cacr.math.uwaterloo.ca/hac/.
[84] R. C. Merkle. Secrecy, Authentication, and Public Key Systems. PhDthesis, Stanford University, 1979.
[85] R. C. Merkle. A digital signature based on a conventional encryptionfunction. In Advances in Cryptology, CRYPTO ’87, LNCS, volume293, pages 369–378, 1988.
[86] R. C. Merkle. One way hash functions and DES. In Advances inCryptology, CRYPTO ’89, LNCS, volume 435, pages 428–446, 1989.
[87] C. Mitchell and F. Piper. Key storage in secure networks. DiscreteApplied Mathematics, 21(3):215–228, 1988.
[88] R. A. Mollin. An Introduction to Cryptography. CRC Press, Inc., 2000.
[89] R. Morris and K. Thompson. Password security: A case history. Communicationsof the ACM, 22(11):594–597, 1979.
[90] M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions andmechanism design. In EC ’99, ACM, pages 129–139, 1999.
[91] M. Naor and M. Yung. Universal one-way hash functions and theircryptographic applications. In STOC ’89, ACM, pages 33–43, 1989.
[92] National Institute of Standards and Technology. NIST’s policy onhash functions. Website from 31st July 2008. http://csrc.nist.gov/groups/ST/hash/policy.html.
[93] National Institute of Standards and Technology. Digital signature standard.Technical Report 186, Federal Information Processing StandardsPublications, May 1994.
[94] National institute of standards and technology. FIPS 180-2, secure hashstandard, Federal Information Processing Standard (FIPS), publication180-2. Technical report, Department of Commerce, August 2002.BIBLIOGRAPHY 223
[95] National Institute of Standards and Technology. Announcing requestfor candidate algorithm nominations for a new cryptographic hash algorithm(SHA-3) family. Technical report, Department of Commerce,November 2007.
[96] J. Nechvatal and S. Chang. Workshop report: The second cryptographichash workshop. Technical report, National Institute ofStandards and Technology, Information Technology Laboratory, NationalInstitute of Standards and Technology, Gaithersburg, MD20899, 2006. http://www.csrc.nist.gov/pki/HashWorkshop/2006/SecondHashWshop2006Report.pdf.
[97] P. Oechslin. Making a faster cryptanalytic time-memory trade-off. InAdvances in Cryptology, CRYPTO ’03, LNCS, volume 2729, pages617–630, 2003.
[98] T. Okamoto. Provably secure and practical identification schemes andcorresponding signature schemes. In Advances in Cryptology, CRYPTO’92, LNCS, volume 740, pages 31–53, 1993.
[99] K. Omote and A. Miyaji. An anonymous aution protocol with a singlenon-trusted center using binary trees. In ISW ’00, LNCS, volume 1975,pages 108–120, 2000.
[100] C. Padr´o, I. Gracia, S. M. Mollev´ı, and P. Morillo. Linear key predistributionschemes. Designs, Codes and Cryptography, 25(3):281–298,2002.
[101] H. Pagnia, H. Vogt, and F. Gartner. Fair exchange. The ComputerJournal, OUP, 46(1):55–75, 2003.
[102] V. Patil and R. Shyamasundar. e-coupons: An efficient, secure anddelegable micro-payment system. Information Systems Frontiers, 7(4–5):371–389, 2005.
[103] T. P. Pedersen. Electronic payments of small amounts. In SecurityProtocols ’96, LNCS, volume 1189, pages 59–68, 1996.
[104] A. Perrig. The BiBa one-time signature and broadcast authenticationprotocol. In CCS ’01, ACM, pages 28–37, 2001.
[105] A. Perrig, R. Canetti, J. D. Tygar, and D. Song. Efficient authenticationand signing of multicast streams over lossy channels. In SP ’00,IEEE, pages 56–73, 2000.
[106] A. Perrig, D. Song, and J. D. Tygar. ELK, a new protocol for efficientlarge-group key distribution. In SP ’01, IEEE. IEEE Computer Society,2001.
[107] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler. Spins:security protocols for sensor networks. Wireless Networks, 8(5):521–534, September 2002.
[108] J. Pieprzyk, H. Wang, and C. Xing. Multiple-time signature schemesagainst adaptive chosen message attacks. In SAC ’03, LNCS, volume3006, pages 88–100, 2004.
[109] J. M. Pollard. A Monte Carlo method for factorization. BIT NumericalMathematics, 15(3):331–334, 1975.
[110] N. Prakobpol and Y. Permpoontanalarp. Multi-dimensional hash chainfor sealed-bid auction. In WISA ’03, LNCS, volume 2908, pages 257–271, 2004.
[111] B. Preneel. Analysis and design of cryptographic hash functions. PhDthesis, Katholieke Universiteit Leuven, Belgium, 1993.
[112] B. Preneel and P. C. van Oorschot. On the security of iterated messageauthentication codes. IEEE Transactions on Information Theory,45(1):188–199, 1999.
[113] J. Proos and C. Zalka. Shor’s discrete logarithm quantum algorithmfor elliptic curves. Quantum Information and Computation, 3:317–344,2003.
[114] M. O. Rabin. Digitalized signatures. Foundations of Secure Computation,Academic Press, pages 155–166, 1978.
[115] M. Ramkumar and N. Memon. An efficient key predistribution schemefor ad hoc network security. IEEE Journal on Selected Areas in Communications,23(3):611–621, 2005.
[116] M. Ramkumar and N. Memon. A hierarchical key predistributionscheme. In EIT ’05, IEEE, 2005.
[117] K. C. Reddy and Divya Nalla. Identity based authenticated group keyagreement protocol. In Advances in Cryptology, INDOCRYPT ’02,LNCS, volume 2551, pages 215–233, 2002.
[118] L. Reyzin and N. Reyzin. Better than BiBa: Short one-time signatureswith fast signing and verifying. In ACISP ’02, LNCS, volume 2384,pages 144–153, 2002.
[119] R. L. Rivest and A. Shamir. PayWord and MicroMint: Two simplemicropayment schemes. In 1996 International Workshop on SecurityProtocols, LNCS, volume 1189, pages 69–87, 1997.
[120] R. L. Rivest, A. Shamir, and D. A. Wagner. Time-lock puzzles andtimed-release crypto. Technical Report MIT/LCS/TR-684, MassachusettsInstitute of Technology, 1996.
[121] P. Rogaway. Formalizing human ignorance collision-resistant hashingwithout the keys. In Progress in Cryptology, VIETCRYPT ’06, LNCS,volume 4341, pages 211–228, 2006.
[122] P. Rogaway and T. Shrimpton. Cryptographic hash-function basics:Definitions, implications, and separations for preimage resistance,second-preimage resistance, and collision resistance. In FSE ’04, LNCS,volume 3017, pages 371–388, 2004.
[123] T. Sandholm. Issues in computational Vickrey auctions. IJEC,4(3):107–129, 2000.
[124] R. S. Sandhu. Cryptographic implementation of a tree hierarchy foraccess control. Information Processing Letters, 27(2):95–98, 1988.
[125] C. E. Shannon. A mathematical theory of communication. Bell SystemTechnical Journal, 27:379–423 and 623–656, 1948.
[126] P. W. Shor. Polynomial-time algorithms for prime factorization anddiscrete logarithms on a quantum computer. SIAM Journal on Computing,26(5):1484–1509, 1997.
[127] G. J. Simmons. Contemporary Cryptology: The Science of InformationIntegrity. IEEE, 1994.
[128] D. R. Simon. Finding collisions on a one-way street: Can secure hashfunctions be based on general assumptions? In Advances in Cryptology,EUROCRYPT ’98, LNCS, volume 1403, pages 334–345, 1998.
[129] W. Simpson. Requests for Comments: 1994, PPP Challenge HandshakeAuthentication Protocol (CHAP). The Internet Engineering TaskForce, August 1996. ftp://ftp.rfc-editor.org/in-notes/rfc1994.txt.
[130] N. P. Smart. An identity based authenticated key agreement protocolbased on the Weil pairing. Cryptology ePrint Archive, 2001. http://eprint.iacr.org/2001/111.
[131] W. R. Speirs II and S. S. Wagstaff Jr. Dynamic cryptographic hashfunctions. Cryptology ePrint Archive, Report 2006/477, 2006. http://eprint.iacr.org/2006/477.
[132] E. Sperner. Ein Satz ¨uber Untermengen einer endlichen Menge. MathematischeZeitschrift, 27(1):544–548, 1928.
[133] J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean.Self-healing key distribution with revocation. In SP ’02, IEEE. IEEEComputer Society, 2002.
[134] D. Stinson. Cryptography: Theory and Practice. Chapman &Hall/CRC, second edition, 2002.
[135] S. G. Stubblebine and P. F. Syverson. Fair on-line auctions withoutspecial trusted parties. In FC ’99, LNCS, volume 1648, pages 230–240,1999.
[136] K. Suzuki, K. Kobayashi, and H. Morita. Efficient sealed-bid auctionusing hash chain. In ICISC ’00, LNCS, volume 2015, pages 183–191,2001.
[137] T. Tedrick. Fair exchange of secrets. In Advances in Cryptology,CRYPTO ’84, LNCS, volume 196, pages 434–438, 1985.
[138] W. Trappe and L. C. Washington. Introduction to Cryptography withCoding Theory. Prentice Hall, second edition, 2005.
[139] J. Trevathan. Electronic auctions literature review. Unpublished manuscript,2005. http://www.cs.jcu.edu.au/jarrod/lit.ps.
[140] “USR56K”. DC++ FAQ / Direct Connect FAQ - What is TTH (TigerTree Hashing) (#9677). Website from 1st August 2008. http://www.dslreports.com/faq/9677.
[141] H. C. A. van Tilborg. Encyclopedia of Cryptography and Security.Springer-Verlag New York, Inc., 2005.
[142] S. Vaudenay. One-time identification with low memory. In EUROCODE’92, CISM, pages 217–228, 1992.
[143] W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders.Journal of Finance, 16(1):8–37, 1961.
[144] D. Wallner, E. Harder, and R. Agee. Requests for comments: 2627,key management for multicast: Issues and architectures. The InternetEngineering Task Force, June 1999. ftp://ftp.rfc-editor.org/in-notes/rfc2627.txt.
[145] X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1.In Advances in Cryptology, CRYPTO ’05, LNCS, volume 3621, pages17–36, 2005.
[146] X. Wang and H. Yu. How to break MD5 and other hash functions.In Advances in Cryptology, EUROCRYPT ’05, LNCS, volume 3494,pages 19–35, 2005.
[147] Wikipedia. Random oracle — Wikipedia, the free encyclopedia.Website, 2006. http://en.wikipedia.org/w/index.php?title=Randomoracle&oldid=78563553.
[148] Wikipedia. Cryptographic hash function — Wikipedia, the free encyclopedia.Website, 2007. http://en.wikipedia.org/w/index.php?title=Cryptographic hash function&oldid=100480738.
[149] Wikipedia. International standard book number — Wikipedia, the freeencyclopedia. Website, 2008. http://en.wikipedia.org/w/index.php?title=International Standard Book Number&oldid=229141685.
[150] Wikipedia. Depth-first search — Wikipedia, the free encyclopedia.Website, 2009. http://en.wikipedia.org/w/index.php?title=Depth-first search&oldid=293976442.
[151] Wikipedia. Hash function — Wikipedia, the free encyclopedia.Website, 2009. http://en.wikipedia.org/w/index.php?title=Hashfunction&oldid=291989208.
[152] Wikipedia. Hash tree — Wikipedia, the free encyclopedia.Website, 2009. http://en.wikipedia.org/w/index.php?title=Hashtree&oldid=288106653.
[153] M. V. Wilkes. Time-Sharing Computer Systems. Elsevier Science Ltd,1968.
[154] C. K. Wong, M. Gouda, and S. S. Lam. Secure group communicationsusing key graphs. IEEE/ACM Transactions on Networking, 8(1):16–30, 2000.
[155] X9F – Data & Information Security. Public Key Cryptography: TheElliptical Curve Digital Signature Algorithm (ECDSA). Technical report,Accredited Standards Committee, 2005.
[156] C. Yang and C. Li. Access control in a hierarchy using one-way hashfunctions. Computers & Security, 23(8):659–664, December 2004.
[157] Y. Zheng, T. Hardjono, and J. Seberry. New solutions to the problemof access control in a hierarchy. Technical report, Department of ComputerScience, University of Wollongong, 1993. http://www.sis.uncc.edu/yzheng/publications/files/uow-cs-report-93-02.pdf.
[158] S. Zhong. A practical key management scheme for access control ina user hierarchy. Computers and Security, 21(8):750–759, November2002. http://www.cse.buffalo.edu/szhong/papers/hier.pdf.
[159] L. Zhou and C. V. Ravishankar. A fault localized scheme for falsereport filtering in sensor networks. In ICPS ’05, IEEE, pages 59–68,2005.
[160] G. Zorn. Requests for comments: 2759, Microsoft PPP CHAP Extensions,Version 2. The Internet Engineering Task Force, January 2000.ftp://ftp.rfc-editor.org/in-notes/rfc2759.txt.