Advances in cryptology-EUROCRYPT '99 : International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999 : proceedings

EUROCRYPT '99, the seventeenth annual Eurocrypt Conference, was sp- soredbytheInternationalAssociationforCryptologicResearch(IACR),inco- erationwiththeGroupofCryptologywithintheUnionofCzechMathematicians and Physicists. The GeneralChair,JaroslavHruby, wasresponsiblefor the ov- allorganizationoftheconferenceinthebeautiful cityofPrague. Letmemention that it was a pleasure to work together: although we were in di erent locations, we managed to stay in close contact and maintain a smooth organization of the conference. The Program Committee, consisting of 21 members, considered 120 papers and selected 32 for presentation. In addition, Ross Anderson kindly agreed to chairthetraditionalrumpsessionforinformalshortpresentationsofnewresults. These proceedings include the revised versions of the 32 papers accepted by the Program Committee. These papers were selected on the basis of originality, quality, and relevance to cryptography. As a result, they should give a proper picture of how the eld is evolving. Revisions were not checked and the authors bear full responsibility for the contents of their papers. The selection of papers was a di cult and challenging task. Eachsubmission was refereed by at least three reviewers and most had four reports or more. I wish to thank the program committee members, who did an excellent job. In addition, I gratefully acknowledge the help of a large number of colleagues who reviewed submissions in their areas of expertise.

Cryptanalysis I.- Cryptanalysis of RSA with Private Key d Less than N 0.292.- Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials.- Hash Functions.- Software Performance of Universal Hash Functions.- Foundations I.- Lower Bounds for Oblivious Transfer Reductions.- On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions.- Conditional Oblivious Transfer and Timed-Release Encryption.- Public Key.- An Efficient threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack (Extended Abstract).- Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes.- Secure Hash-and-Sign Signatures Without the Random Oracle.- Watermarking and Fingerprinting.- A Note on the Limits of Collusion-Resistant Watermarks.- Coin-Based Anonymous Fingerprinting.- Elliptic Curve.- On the Performance of Hyperelliptic Cryptosystems.- Fast Elliptic Curve Algorithm Combining Frobenius Map and Table Reference to Adapt to Higher Characteristic.- Comparing the MOV and FR Reductions in Elliptic Curve Cryptography.- New Schemes.- Unbalanced Oil and Vinegar Signature Schemes.- Public-Key Cryptosystems Based on Composite Degree Residuosity Classes.- New Public Key Cryptosystems Based on the Dependent-RSA Problems.- Block Ciphers.- Resistance Against General Iterated Attacks.- XOR and Non-XOR Differential Probabilities.- S-boxes with Controllable Nonlinearity.- Distributed Cryptography.- Secure Distributed Key Generation for Discrete-Log Based Cryptosystems.- Efficient Multiparty Computations Secure Against an Adaptive Adversary.- Distributed Pseudo-random Functions and KDCs.- Cryptanalysis II.- Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes.- Cryptanalysis of an Identification Scheme Based on the Permuted Perceptron Problem.- Tools from Related areas.- An Analysis of Exponentiation Based on Formal Languages.- Dealing Necessary and Sufficient Numbers of Cards for Sharing a One-Bit Secret Key (Extended Abstract).- Foundations IIz.- Computationally Private Information Retrieval with Polylogarithmic Communication.- On the Concurrent Composition of Zero-Knowledge Proofs.- Pseudorandom Function Tribe Ensembles Based on One-Way Permutations: Improvements and Applications.- Broadcast and Multicast.- Secure Communication in Broadcast Channels: The Answer to Franklin and Wright's Question.- Efficient Communication-Storage Tradeoffs for Multicast Encryption.