There are well-known techniques for message authentication using universal hash functions. This approach seems very promising, as it provides schemes that are both efficient and provably secure under reasonable assumptions. This paper contributes to this line of research in two ways. First, it analyzes the basic construction and some variants under more realistic and practical assumptions. Second, it shows how these schemes can be efficiently implemented, and it reports on the results of empirical performance tests that demonstrate that these schemes are competitive with other commonly employed schemes whose security is less well-established. 1 Introduction Message Authentication. Message authentication schemes are an important security tool. As more and more data is being transmitted over networks, the need for secure, high-speed, software-based message authentication is becoming more acute. The setting for message authentication is the following. Two parties A and B agree on a secre...

In this paper we give a randomized O(n log n)-time algorithm for the string matching with don't cares problem. This improves the Fischer-Paterson bound [10] from 1974 and answers the open problem posed (among others) by Weiner [30] and Galil [11]. Using the same technique, we give an O(n log n)-time algorithm for other problems, including subset matching and tree pattern matching [15, 21, 9, 7, 17] and (general) approximate threshold matching [28, 17]. As this bound essentially matches the complexity of computing of the Fast Fourier Transform which is the only known technique for solving problems of this type, it is likely that the algorithms are in fact optimal. Additionally, the technique used for the threshold matching problem can be applied to the on-line version of this problem, in which we are allowed to preprocess the text and require to process the pattern in time sublinear in the text length. This result involves an interesting variant of the Karp-Rabin fingerprint m...

New algorithms are presented for computing the minimal polynomial over a finite field K of a given element in an algebraic extension of K of the form K[ff] or K[ff][fi]. The new algorithms are explicit and can be implemented rather easily in terms of polynomial multiplication, and are much more efficient than other algorithms in the literature. 1 Introduction In this paper, we consider the problem of computing the minimal polynomial over a finite field K of a given element oe in an algebraic extension of K of the form K[ff] or K[ff][fi]. The minimal polynomial of oe is defined to be the unique monic polynomial OE oe=K 2 K[x] of least degree such that OE oe=K (oe) = 0. In the first case, we assume that the ring K[ff] is given as K[x]=(f) where f 2 K[x] is a monic polynomial of degree n, and that elements in K[ff] are represented in the natural way as elements of K[x] !n (the set of polynomials of degree less than n). Similarly, in the second case, we assume that K[ff] is given as a...

Interest in normal bases over finite fields stems both from mathematical theory and practical applications. There has been a lot of literature dealing with various properties of normal bases (for finite fields and for Galois extension of arbitrary fields). The advantage of using normal bases to represent finite fields was noted by Hensel in 1888. With the introduction of optimal normal bases, large finite fields, that can be used in secure and e#cient implementation of several cryptosystems, have recently been realized in hardware. The present thesis studies various theoretical and practical aspects of normal bases in finite fields. We first give some characterizations of normal bases. Then by using linear algebra, we prove that F q n has a basis over F q such that any element in F q represented in this basis generates a normal basis if and only if some groups of coordinates are not simultaneously zero. We show how to construct an irreducible polynomial of degree 2 n with linearly i...