### Table 1 Properties of the cryptographic primitives

2001

"... In PAGE 3: ... Assumption (Black-box assumption). The axioms in Table1 are the only way in which a passive intruder can infer new knowledge from known data. Obviously, this is a rather strong assumption to make in practice, since in real-world cryptography, it is often possible to infer partial or statistical information about the content of a message, without necessarily understanding the entire message.... In PAGE 3: ... However, the black-box assumption is essential to our model, and in fact to most other logic-based models of cryptographic protocols. In addition to the general-purpose axioms shown in Table1 , there will also be protocol-speci c axioms. The intuition is that the general-purpose axioms capture all the ways in which a passive intruder can infer knowledge, namely by looking at data and analyzing it.... In PAGE 6: ... While this is a liveness property and not a security property, it is certainly important that a protocol should not be \over-speci ed quot; by relying on the principals to use information that they do not have access to. The reader may verify that in the presence of the axioms from Table1 , i(A; B) is logically derivable from K K A and K sA;B, while r(A; B) is logically derivable from K K B and K sA;B. Thus, any principal with knowledge of a private key can participate in this protocol.... In PAGE 6: ... Recall that the informal requirement was that the intruder should not be able to learn the secret sA;B for any honest principals A and B. Let be the set of axioms from Table1 . Let be the following... In PAGE 11: ...models, it follows that is intuitionistically provable. 2 Note that all axioms in Table1 are of Type 1, as are the protocol-speci c axioms. The formula is of Type 0.... ..."

Cited by 7

### Tables Let E be a set of terms and 2E be the powerset of E. A table T is a nite mapping KEY ! 2E. The constant empty table denotes the table T s.t. its domain, noted dom(T ), is empty. Let K be a key, T be a table and e be an element of E. If K = 2 dom(T ), then the function add key applied to T and K creates a new table T 0 identical to T except that T 0(K) = . If K 2 dom(T ), the function update applied to T , K and e creates a new table T 0 identical to T except that T 0(K) = T (K) [ feg. The function equiv key applied to T and K returns a key K0 2 dom(T ) s.t. K K0.

### Table 2: Rank of the exactly-t function compared with the average rank and the rank interval of randomly generated Boolean functions (rnd).

"... In PAGE 7: ...7 Note that this does not mean that there are no Boolean functions with lower or higher rank, it only means that they were not present in our random sample. In Table2 we present similar comparisons for the exactly-t function. Table 1: Rank of the threshold Boolean function with threshold t compared with the average rank and the rank interval of randomly generated Boolean functions (rnd).... ..."

### Table 2: Rank of the exactly-t function compared with the average rank and the rank interval of randomly generated Boolean functions (rnd).

"... In PAGE 7: ...165 functions with lower or higher rank, it only means that they were not present in our random sample. In Table2 we present similar comparisons for the exactly-t function. Table 1: Rank of the threshold Boolean function with threshold t compared with the average rank and the rank interval of randomly generated Boolean functions (rnd).... ..."

### TABLE I EXPECTED NUMBER OF FLOWS F AND BYTES ESTIMATOR MEAN SQUARE ERROR V FROM SAMPLING A SINGLE FLOW OF DURATION t, k PACKETS AND b BYTES, WITH FLOW TIMEOUT T. THE FUNCTION f IS DEFINED IN (19). Vlb AND Vnu ARE DEFINED IN SECTION III-B.5

2005

Cited by 23

### Table 1. Timing measurements for cryptographic primitives on the PalmPilot

1999

"... In PAGE 8: ... Since this signature needs to take place on the PalmPilot, the withdrawal request is signed using an ECC-DSA signature (as opposed to an RSA signature) to minimize the signature generation time. (Recall that from Table1 , ECC-DSA signature generation takes 776ms on average, while RSA signature generation takes over 7000ms.) After the bank receives the withdrawal request and veri es the user apos;s signa- ture, the bank then generates a hash chain certi cate, signs it, and sends it to the user apos;s wallet.... ..."

Cited by 3

### Table 1: Cryptographic Algorithm Choices

1999

"... In PAGE 9: ... The iSpaceFor- warder is part of the infrastructure, however, which means it apos;s part of the trusted code base regardless. Table1 shows the cryptographic algorithms used for the various components and their associated param- eters. Our design does not rely on any of the algo- rithm choices.... ..."

Cited by 232

### Table 2 Benchmarks for cryptographic operations

in for

"... In PAGE 9: ...1 GHz Pentium IV processor [30]. The processing times of the required cryptographic oper- ations, such as modular exponentiation, RSA decryption/signature and encryption/verification, are listed in Table2 . These benchmarks are also used to evaluate our PKC-based protocol later.... ..."

### Table 1. Cryptographic function notation Notation Description

"... In PAGE 3: ... There are two types of token: primitives such as participant identifiers, and functions over tokens. Table1 defines cryptographic functions used in Section 2.2.... ..."

### Table 2. Primitives of the Seine geometry- based coupling/interaction framework.

"... In PAGE 4: ...which are listed in Table2 . The register operation allows a process to dynamically register a region of interest, which causes it to join an appropriate existing space or a new space to be created if one does not exist.... ..."