An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Dustin Moody, Gorjan Alagic, Daniel C. Apon, David A. Cooper, Quynh H. Dang, John M. Kelsey, Yi-Kai Liu, Carl A. Miller, Rene C. Peralta, Ray A. Perlner, Angela Y. Robinson, Daniel C. Smith-Tone, Jacob Alperin-Sheriff
The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public, competition
John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra
We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict
We discuss the development of a new format for beacons-- servers which provide a sequence of digitally signed and hash-chained public random numbers on a fixed
Meltem Sonmez Turan, Elaine B. Barker, John M. Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle
This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any
This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security
Kristen Greene, John M. Kelsey, Joshua M. Franklin
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically
John M. Kelsey, Kerry A. McKay, Meltem Sonmez Turan
Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in
This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions
Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, Pierre-Alain Fouque, Jonathan J. Hoch, John M. Kelsey, Adi Shamir, Sebastien Zimmer
In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various
Kristen Greene, Joshua M. Franklin, John M. Kelsey
Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically
Meltem Sonmez Turan, John M. Kelsey, Kerry A. McKay
Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization
Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3
Dong H. Chang, Morris J. Dworkin, Seokhie Hong, John M. Kelsey, Mridul Nandi
The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent
Meltem Sonmez Turan, Ray A. Perlner, Lawrence E. Bassham, William E. Burr, Dong H. Chang, Shu-jen H. Chang, Morris J. Dworkin, John M. Kelsey, Souradyuti Paul, Rene C. Peralta
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3
Electronic poll books make the process of verifying that a voter is authorized to vote and issuing her a ballot faster and more convenient. However, they also
Stefan Popoveniuc, John M. Kelsey, Andrew R. Regenscheid, Poorvi Vora
The term end-to-end verifiability has been used over the past several years to describe multiple voting system proposals. The term has, however, never been
Praveen Gauruvarum, John M. Kelsey, L. Knudsen, S. Thomsen
We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a
John M. Kelsey, Andrew R. Regenscheid, Tal Moran, David Chaum
In this paper, we develop methods for constructing vote-buying/coercion attacks on end-to-end voting systems, and describe vote-buying/coercion attacks on three
Elena Andreeva, Charles Bouillaguet , Orr Dunkelman, John M. Kelsey
In this paper we present new attack techniques to analyze the structure of hash functions that are not based on the classical Merkle-Damgaard construction. We
Andrew R. Regenscheid, Ray A. Perlner, Shu-jen H. Chang, John M. Kelsey, Mridul Nandi, Souradyuti Paul
The National Institute of Standards and Technology is in the process of selecting a new cryptographic hash algorithm through a public competition. The new hash
We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and
Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan J. Hoch, John M. Kelsey, Adi Shamir, Sebastien Zimmer
We develop a new generic long-message second preimage attack, based on combining the techniques in the second preimage attacks of Dean {Dean99} and Kelsey and