[1]

Beker, H., and F. Piper,

*Cipher Systems: The Protection of Communications*, Wiley, New York, 1982.

Google Scholar[2]

Bovey, J. D., An approximate probability distribution for the order of elements of the symmetric group,

*Bulletin of the London Mathematical Society*,

**12** (1980), 41–46.

Google Scholar[3]

Bovey, J., and A. Williamson, The probability of generating the symmetric group,

*Bulletin of the London Mathematical Society*,

**10** (1978), 91–96.

Google Scholar[4]

Brent, R. P., Analysis of some new cycle-finding and factorization algorithms, Technical Report, Department of Computer Science, Australian National University (1979).

[5]

Carmichael, R. D.,

*Introduction to the Theory of Groups of Finite Order*, Dover, New York, 1956.

Google Scholar[6]

Chandra, A. K., Efficient compilation of linear recursive programs, Technical Report STAN-CS-72-282, Computer Science Department, Stanford University (April 1972).

[7]

Chor, B.-Z.,

*Two Issues in Public-Key Cryptography: RSA Bit Security and a New Knapsack Type Cryptosystem*, MIT Press, Cambridge, MA, 1985.

Google Scholar[8]

Coppersmith, D., and E. Grossman, Generators for certain alternating groups with applications to cryptology,

*Siam Journal on Applied Mathematics*,

**29** (1975), 624–627.

Google Scholar[9]

Davies, D. W., Some regular properties of the DES, in [55] A. T. Sherman, eds., *Advances in Cryptology: Proceedings of Crypto* 82, Plenum, New York, 1983., 89–96.

[10]

Davies, D. W., and G. I. P. Parkin, The average size of the key stream in output feedback encipherment, in [59] Beth, T., ed., *Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein*, *Germany, March 29–April* 2,1982, Springer-Verlag, Berlin, 263–279.

[11]

Davies, D. W., and G. I. P. Parkin, The average size of the key stream in output feedback mode, in [55] A. T. Sherman, eds., *Advances in Cryptology: Proceedings of Crypto* 82, Plenum, New York, 1983., 97–98.

[12]

Davies, D. W., and W. L. Price,

*Security for Computer Networks: An Introduction to Data Security in Teleprocessing and Electronic Funds Transfer*, Wiley, Chichester, 1984.

Google Scholar[13]

Davio, M. Y. Desmedt, J. Goubert, F. Hoornaert, and J.-J. Quisquater, Efficient hardware and software implementations for the DES, in [56] Blakley, G. R., and D. Chaum, eds., *Advances in Cryptology: Proceedings of Crypto* 84, Springer-Verlag, New York, 1985, 144–146.

[14]

Diffie, W. and M. E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard,

*Computer*,

**10** (1977), 74–84.

PubMedGoogle Scholar[15]

Diffie, W., and M. E. Hellman, Privacy and authentication: an introduction to cryptography,

*Proceedings of the IEEE*,

**67** (1979), 397–427.

Google Scholar[16]

Dixon, J. D., The probability of generating the symmetric group,

*Math Zentrum*,

**110** (1969), 199–205.

Google Scholar[17]

Feldman, F., A new spectral test for nonrandomness and the DES, *IEEE Transactions on Software Engineering*, to appear.

[18]

Feller, W.,

*An Introduction to Probability Theory and Its Applications*, vol. I, Wiley, New York, 1968.

Google Scholar[19]

Gaines, H. F.,

*Cryptanalysis: A Study of Ciphers and Their Solution*, Dover, New York, 1956.

Google Scholar[20]

Gait, J., A new nonlinear pseudorandom number generator,

*IEEE Transactions on Software Engineering*,

**3** (1977), 359–363.

Google Scholar[21]

Goldreich, O., DES-like functions can generate the alternating group,

*IEEE Transactions on Information Theory*,

**29**(1983), 863–865.

Google Scholar[22]

Good, I. J.,

*The Estimation of Probabilities: An Essay on Modern Bayesian Methods*, MIT Press, Cambridge, MA, 1965.

Google Scholar[23]

Harris, B., Probability distributions related to random mappings,

*Annals of Mathematical Statistics*,

**31**(1959), 1045–1062.

Google Scholar[24]

Hellman, M. E., R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, and P. Schweitzer, Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard, Technical Report SEL 76-042, Information Systems Laboratory, Stanford University (November 1976).

[25]

Hellman, M. E., A cryptanalytic time-memory tradeoff,

*IEEE Transactions on Information Theory*,

**26** (1980), 401–406.

Google Scholar[26]

Hellman, M. E., and J. M. Reyneri, Distribution of drainage in the DES, in [55] Chaum, D., R. L. Rivest, and A. T. Sherman, eds., *Advances in Cryptology: Proceedings of Crypto* 82, Plenum, New York, 1983., 129–131.

[27]

Hinsdale, J. K., Implementing the Sedgewick-Szymanski cycle detection algorithm, B.Sc. thesis, Department of EECS, MIT (February 1985).

[28]

Jueneman, R. R., Analysis of certain aspects of output-feedback mode, in [55] Chaum, D., R. L. Rivest, and A. T. Sherman, eds., *Advances in Cryptology: Proceedings of Crypto* 82, Plenum, New York, 1983., 99–127.

[29]

Kaliski, B. S. Jr., Design and reliability of custom hardware for DES cycling experiments, M.Sc. thesis, Department of EECS, MIT (January 1987).

[30]

Kaliski, B. S. Jr., R. L. Rivest, and A. T. Sherman, Is the Data Encryption Standard a group?, in [60] Pichler, F., ed., *Advances in Cryptology: Proceedings of Eurocrypt* 85, Springer-Verlag, Berlin, 1986., 81–95.

[31]

Kaliski, B. S., R. L. Rivest, and A. T. Sherman, Is the Data Encryption Standard a pure cipher? (Results of more cycling experiments on DES), in [57] Williams, H. C., ed., *Advances in Cryptology: Proceedings of Crypto* 85, Springer-Verlag, New York, 1986., 212–226.

[32]

Knuth, D. E.,

*The Art of Computer Programming*, vol. II:

*Seminumerical algorithms*, Addison-Wesley, Reading, MA, 1981.

Google Scholar[33]

Knuth, D. E.,

*The Art of Computer Programming*, vol. III:

*Sorting and searching*, Addison-Wesley, Reading, MA, 1973.

Google Scholar[34]

Kolata, G., Codes go public, *Boston Globe* (September 30,1985), **44**.

[35]

Lenstra, H. W. Jr., Factoring integers with elliptic curves, *Annals of Mathematics*, to appear.

[36]

Longo, G., ed.,

*Secure Digital Communications*, Springer-Verlag, Vienna, 1983.

Google Scholar[37]

Merkle, R. C., and M. E. Hellman, On the security of multiple encryption,

*Communications of the Association for Computing Machinery*,

**24** (July 1981), 465–467.

Google Scholar[38]

Meyer, C. H., and S. M. Matyas,

*Cryptology: A New Dimension in Computer Data Security*, Wiley, New York, 1982.

Google Scholar[39]

Moore, J. H., and G. J. Simmons, Cycle structure of the DES with weak and semi-weak keys, in [58] Odlyzko, A., ed., *Advances in Cryptology: Proceedings of Crypto* 86, Springer-Verlag, New York, 1987., 3–32.

[40]

Osteyee, D. B., and I. J. Good,

*Information, Weight of Evidence, the Singularity Between Probability Measures and Signal Detection*, Springer-Verlag, Berlin, 1974.

Google Scholar[41]

Pollard, J. M., A Monte Carlo method for factorization,

*Bit*,

**15** (1975), 331–334.

Google Scholar[42]

Pomerance, C., Analysis and comparison of some integer factoring algorithms, in *Computational Methods in Number Theory*, H. W. Lenstra Jr., and R. Tijdeman, eds., Math. Centrum Tract 154, Amsterdam, 1982, 89–139.

[43]

Purdom, P. W., Jr., and C. A. Brown,

*The Analysis of Algorithms*, Holt, Rinehart, and Winston, New York, 1985.

Google Scholar[44]

Purdom, P. W., and J. H. Williams, Cycle length in a random function,

*Transactions of the American Mathematical Society*,

**133** (1968), 547–551.

Google Scholar[45]

Rivest, R., A. Shamir, and L. Adleman, On digital signatures and public-key cryptosystems,

*Communications of the Association of Computing Machinery*,

**21** (1978), 120–126.

Google Scholar[46]

Rotman, J. J.,

*The Theory of Groups: An Introduction*, Allyn and Bacon, Boston, 1978.

Google Scholar[47]

Sattler, J., and C. P. Schnorr, Generating random walks in groups, unpublished manuscript (October 1983).

[48]

Shannon, C. E., Communication theory of secrecy systems,

*Bell System Technical Journal*,

**28** (1949), 656–715.

Google Scholar[49]

Sedgewick, R. T. G. Szymanski, and A. C. Yao, The complexity of finding cycles in periodic functions,

*Siam Journal on Computing*,

**11** (1982), 376–390.

Google Scholar[50]

Shepp, L. A., and S. P. Lloyd, Ordered cycle lengths in a random permutation,

*Transactions of the American Mathematical Society*,

**121** (1966), 340–357.

Google Scholar[51]

Sherman, A. T., Cryptology and VLSI (a two-part dissertation): I. Detecting and exploiting algebraic weaknesses in cryptosystems. **II.** Algorithms for placing modules on a custom VLSI chip, Technical Report TR-381, MIT Laboratory for Computer Science (October 1986).

[52]

Tuchman, W. L., talk presented at the National Computer Conference (June 1978).

[53]

Wielandt, H.,

*Finite Permutation Groups*, Academic Press, New York 1964.

Google Scholar[54]

*Data Ciphering Processors Am*, 9518, Am9568, AmZ8068 *Technical Manual*, Advanced Micro Device Inc., Sunnyvale, CA (1984).

[55]

Chaum, D., R. L. Rivest, and A. T. Sherman, eds.,

*Advances in Cryptology: Proceedings of Crypto* 82, Plenum, New York, 1983.

Google Scholar[56]

Blakley, G. R., and D. Chaum, eds.,

*Advances in Cryptology: Proceedings of Crypto* 84, Springer-Verlag, New York, 1985.

Google Scholar[57]

Williams, H. C., ed.,

*Advances in Cryptology: Proceedings of Crypto* 85, Springer-Verlag, New York, 1986.

Google Scholar[58]

Odlyzko, A., ed.,

*Advances in Cryptology: Proceedings of Crypto* 86, Springer-Verlag, New York, 1987.

Google Scholar[59]

Beth, T., ed.,

*Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein*,

*Germany, March 29–April* 2,1982, Springer-Verlag, Berlin, 1983.

Google Scholar[60]

Pichler, F., ed.,

*Advances in Cryptology: Proceedings of Eurocrypt* 85, Springer-Verlag, Berlin, 1986.

Google Scholar[61]

*Data Encryption Standard*, Federal Information Processing Standards Publications 46, National Bureau of Standards, U.S. Department of Commerce, Washington, DC (January 15, 1977).

Google Scholar [62]

*DES Modes of Operation*, Federal Information Processing Standards Publication 81, National Bureau of Standards, U.S. Department of Commerce, Washington, DC (December 1980).

Google Scholar [63]

*IBM Personal Computer Technical Reference*, Bocaraton, FL (July 1982).

[64]

Unclassified summary: involvement of NSA in the development of the Data Encryption Standard, Staff Report of the Senate Select Committee on Intelligence, United States Senate (April 1978).