Bücher der Reihe Security and Cryptology

SAC 2004 was the eleventh in a series of annual workshops on Selected Areas in Cryptography. This was the second time that the workshop was hosted by the University of Waterloo, Ontario, with previous workshops being held at Queen'sUniversityinKingston(1994,1996,1998and1999),CarletonUniversity in Ottawa (1995, 1997 and 2003), the Fields Institute in Toronto (2001) and Memorial University of Newfoundland in St. John's (2002). The primary intent of the workshop was to provide a relaxed atmosphere in which researchers in cryptography could present and discuss new work on selected areas of current interest. This year's themes for SAC were: - Design and analysis of symmetric key cryptosystems. - Primitives for symmetric key cryptography, including block and stream - phers, hash functions, and MAC algorithms. - E?cient implementation of cryptographic systems in public and symmetric key cryptography. - Cryptographic solutions for mobile (web) services. A record of 117 papers were submitted for consideration by the program committee. After an extensive review process, 25 papers were accepted for p- sentation at the workshop (two of these papers were merged). Unfortunately, many good papers could not be accommodated this year. These proceedings contain the revised versions of the 24 accepted papers. The revised versions were not subsequently checked for correctness. Also, we were very fortunate to have two invited speakers at SAC 2004. * Eli Biham arranged for some breaking news in his talk on "e;New Results on SHA-0 and SHA-1."e; This talk was designated as the Sta?ord Tavares L- ture.

The inaugural Information Security Practice and Experience Conference (ISPEC) was held on April 11-14, 2005, in Singapore. As applications of information security technologies become pervasive, - sues pertaining to their deployment and operation are becoming increasingly important. ISPEC is intended to be an annual conference that brings together researchers and practitioners to provide a con?uence of new information se- rity technologies, their applications and their integration with IT systems in various vertical sectors. The Program Committee consisted of leading experts in the areas of information security, information systems, and domain experts in applications of IT in vertical business segments. The topics of the conference covered security applications and case studies, access control, network security, data security, secure architectures, and cryp- graphic techniques. Emphasis was placed on the application of security research to meet practical user requirements, both in the paper selection process and in the invited speeches. Acceptance into the conference proceedings was very competitive. The Call for Papers attracted more than 120 submissions, out of which the Program Committee selected only 35 papers for inclusion in the proceedings. Thisconferencewasmadepossibleonlythroughthecontributionsfrommany individuals and organizations. We would like to thank all the authors who s- mitted papers. We also gratefully acknowledge the members of the Program Committee and the external reviewers, for the time and e?ort they put into reviewing the submissions. Special thanks are due to Ying Qiu for managing the website for paper s- mission,reviewandnoti?cation.PatriciaLohwaskindenoughtoarrangeforthe conference venue, and took care of the administration in running the conference.

These are the proceedings of the 24th Annual IACR Eurocrypt Conference. The conference was sponsored by the International Association for Cryptologic Research(IACR;seewww.iacr.org),thisyearincooperationwiththeComputer Science Department of the University of Aarhus, Denmark. As General Chair, Ivan Damg? ard was responsible for local organization. TheEurocrypt2005ProgramCommittee(PC)consistedof30internationally renowned experts. Their names and a?liations are listed on pages VII and VIII of these proceedings. By the November 15, 2004 submission deadline the PC had received a total of 190 submissions via the IACR Electronic Submission Server. The subsequent selection process was divided into two phases, as usual. In the review phase each submission was carefully scrutinized by at least three independent reviewers, and the review reports, often extensive, were committed to the IACR Web Review System. These were taken as the starting point for the PC-wideWeb-baseddiscussionphase.Duringthisphase,additionalreportswere provided as needed, and the PC eventually had some 700 reports at its disposal. In addition, the discussions generated more than 850 messages, all posted in the system. During the entire PC phase, which started in August 2003 with my earliest invitations to PC members and which continued until March 2005, more than 1000 email messages were communicated. Moreover, the PC received much appreciated assistance from a large body of external reviewers. Their names are listed on page VIII of these proceedings.

The 9th International Conference on Financial Cryptography and Data Security (FC 2005) was held in the Commonwealth of Dominica from February 28 to March 3, 2005. This conference, organized by the International Financial Cryptography Association (IFCA), continues to be the premier international forum for research, exploration, and debate regarding security in the context of finance and commerce. The conference title and scope was expanded this year to cover all aspects of securing transactions and systems. The goal is to build an interdisciplinary meeting, bringing together cryptographers, data-security specialists, business and economy researchers, as well as economists, IT professionals, implementers, and policy makers. We think that this goal was met this year. The conference received 90 submissions and 24 papers were accepted, 22 in the Research track and 2 in the Systems and Applications track. In addition, the conference featured two distinguished invited speakers, Bezalel Gavish and Lynne Coventry, and two interesting panel sessions, one on phishing and the other on economics and information security. Also, for the first time, some of the papers that were judged to be very strong but did not make the final program were selected for special invitation to our Works in Progress (Rump) Session that took place on Wednesday evening. Three papers were highlighted in this forum this year, and short versions of the papers are included here. As always, other conference attendees were also invited to make presentations during the rump session, and the evening lived up to its colorful reputation.

The Seventh International Conference on Information and Communications - curity,ICICS2005,washeldinBeijing,China,10-13December2005. TheICICS conference series is an established forum for exchanging new research ideas and development results in the areas of information security and applied crypt- raphy. The ?rst event began here in Beijing in 1997. Since then the conference series has been interleaving its venues in China and the rest of the world: ICICS 1997 in Beijing, China; ICICS 1999 in Sydney, Australia; ICICS 2001 in Xi'an, China; ICICS 2002 in Singapore; ICICS 2003 in Hohhot City, China; and ICICS 2004 in Malaga, Spain. The conference proceedings of the past events have - ways been published by Springer in the Lecture Notes in Computer Science series, with volume numbers, respectively: LNCS 1334,LNCS 1726,LNCS 2229, LNCS 2513, LNCS 2836, and LNCS 3269. ICICS 2005 was sponsored by the Chinese Academy of Sciences (CAS); the Beijing Natural Science Foundation of China under Grant No. 4052016; the National Natural Science Foundation of China under Grants No. 60083007 and No. 60573042;the NationalGrandFundamentalResearch973ProgramofChina under Grant No. G1999035802, and Hewlett-Packard Laboratories, China. The conference was organized and hosted by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conference series has been to o?er the attendees the opportunity to discuss the latest developments in theoretical and practical - pects of information and communications security.

This book constitutes the refereed proceedings of the International Conference on Emerging Trends in Information and Communication Security, ETRICS 2006, held in Freiburg, Germany, in June 2006. The book presents 36 revised full papers, organized in topical sections on multilateral security; security in service-oriented computing, secure mobile applications; enterprise privacy; privacy, identity, and anonymity; security engineering; security policies; security protocols; intrusion detection; and cryptographic security.

The First International Conference on Digital Rights Management: Technology, Issues, Challenges and Systems (DRMTICS - pronounced 'dramatics'), took place in Sydney, Australia on 31st October - 2nd November, 2005. It was or- nized by the Centre for Information Security of the University of Wollongong and in cooperation with the International Association of Cryptologic Research (IACR) and IEEE Computer Society's Task Force on Information Assurance. DRMTICS isan internationalconferenceseriesthat coversthe areaof digital rights management, including research advancements of an applied and theor- ical nature. The goal is to have a broad coverage of the ?eld and related issues and subjects as the area evolves. Since the Internet and the computing infr- tructure has turned into a marketplace for content where information goods of various kinds are exchanged, this area is expected to grow and be part of the ongoing evolution of the information society. The DRM area is a unique blend of many diverse disciplines that include mathematics and cryptography, legal and social aspects, signal processing and watermarking, game theory, infor- tion theory, software and systems design and business analysis, and DRMTICS attempts to cover as much ground as possible, and to cover new results that will further spur new investigations on the foundations and practices of DRM. We hope that this ?rst conference marks the beginning of a fruitful and useful series of future conferences. This year, the conference received 57 submissions out of which 26 were - cepted for presentation after a rigorous refereeing process.

The Conference on Security and Cryptography for Networks 2006 (SCN 2006) was held in Maiori, Italy, on September 6-8, 2006. The conference was the ?fth in the SCN series, and this year marked a change in its name (the former name was Security in Communication Networks). The name change meant to better describe the scope of the conference while preserving the SCN acronym. This year for the ?rst time we had the proceedings volume ready at the conference. We feel thatthe SCN conferencehas maturedandthat it has becomea tradition to hold it regularly in the beautiful setting of the Amal?tan coast as a biennial event. Theconferencebroughttogetherresearchersinthe?eldsofcryptographyand security in order to foster the extension of cooperation and exchange of ideas among them, aiming at assuring safety and trustworthiness of communication networks. The topics covered by the conference this year included: foundations of distributed systems security, signatures schemes, block ciphers, anonymity, e-commerce, public key encryption and key exchange, secret sharing, symmetric and public key cryptanalysis, randomness, authentication. The international Program Committee consisted of 24 members who are top experts in the conference ?elds. We received 81 submissions amongst which 24 papers were selected for presentation at the conference. These proceedings - clude the extended abstract versions of the 24 accepted papers and the short abstract of the invited talk by Ivan Damg? ard.

This book constitutes the refereed proceedings of the 11th European Symposium on Research in Computer Security, ESORICS 2006. The 32 revised full papers presented were carefully reviewed and selected from 160 submissions. ESORICS is confirmed as the European research event in computer security; it presents original research contributions, case studies and implementation experiences addressing any aspect of computer security - in theory, mechanisms, applications, or practical experience.

This book constitutes the thoroughly refereed post-proceedings of the 10th International Conference on Financial Cryptography and Data Security, FC 2006, held in Anguilla, British West Indies in February/March 2006. The 19 revised full papers and six revised short papers presented were carefully reviewed and selected from 64 submissions. The papers are organized in topical sections.