Lattice Based Cryptography -- Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001 -- On the Insecurity of a Server-Aided RSA Protocol -- The Modular Inversion Hidden Number Problem -- Human Identification -- Secure Human Identification Protocols -- Invited Talk -- Unbelievable Security Matching AES Security Using Public Key Systems -- Practical Public Key Cryptography -- A Probable Prime Test with Very High Confidence for n ? 1 mod 4 -- Computation of Discrete Logarithms in -- Speeding Up XTR -- An Efficient Implementation of Braid Groups -- Cryptography Based on Coding Theory -- How to Achieve a McEliece-Based Digital Signature Scheme -- Efficient Traitor Tracing Algorithms Using List Decoding -- Block Ciphers -- Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis -- Known-IV Attacks on Triple Modes of Operation of Block Ciphers -- Generic Attacks on Feistel Schemes -- A Compact Rijndael Hardware Architecture with S-Box Optimization -- Provable Security -- Provable Security of KASUMI and 3GPP Encryption Mode f8 -- Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices -- Provably Authenticated Group Diffie-Hellman Key Exchange — The Dynamic Case -- Threshold Cryptography -- Fully Distributed Threshold RSA under Standard Assumptions -- Adaptive Security in the Threshold Setting: From Cryptosystems to Signature Schemes -- Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks -- Two-Party Protocols -- Oblivious Polynomial Evaluation and Oblivious Neural Learning -- Mutually Independent Commitments -- Zero Knowledge -- Efficient Zero-Knowledge Authentication Based on a Linear Algebra Problem MinRank -- Responsive Round Complexity and Concurrent Zero-Knowledge -- Cryptographic Building Blocks -- Practical Construction and Analysis of Pseudo-Randomness Primitives -- Autocorrelation Coefficients and Correlation Immunity of Boolean Functions -- Elliptic Curve Cryptography -- An Extension of Kedlaya’s Point-Counting Algorithm to Superelliptic Curves -- Supersingular Curves in Cryptography -- Short Signatures from the Weil Pairing -- Self-Blindable Credential Certificates from the Weil Pairing -- Anonymity -- How to Leak a Secret -- Key-Privacy in Public-Key Encryption -- Provably Secure air Blind Signatures with Tight Revocation.

The origins of the Asiacrypt series of conferences can be traced back to 1990, when the ?rst Auscrypt conference was held, although the name Asiacrypt was ?rst used for the 1991 conference in Japan. Starting with Asiacrypt 2000, the conference is now one of three annual conferences organized by the Inter- tional Association for Cryptologic Research (IACR). The continuing success of Asiacrypt is in no small part due to the e?orts of the Asiacrypt Steering C- mittee (ASC) and the strong support of the IACR Board of Directors. There were 153 papers submitted to Asiacrypt 2001 and 33 of these were accepted for inclusion in these proceedings. The authors of every paper, whether accepted or not, made a valued contribution to the success of the conference. Sending out rejection noti?cations to so many hard working authors is one of the most unpleasant tasks of the Program Chair. The review process lasted some 10 weeks and consisted of an initial refe- eing phase followed by an extensive discussion period. My heartfelt thanks go to all members of the Program Committee who put in extreme amounts of time to give their expert analysis and opinions on the submissions. All papers were reviewed by at least three committee members; in many cases, particularly for those papers submitted by committee members, additional reviews were obt- ned. Specialist reviews were provided by an army of external reviewers without whom our decisions would have been much more di?cult.