Papers from a workshop that aimed to advance software algorithms for two cryptographic primitives requiring very high speeds, namely encryption algorithms and hash functions. This volume contains six proposals for new ciphers as well as results on the security of the new proposals.

Clock-controlled pseudorandom generators on finite groups.- On random mappings and random permutations.- Binary cyclotomic generators.- Construction of bent functions and balanced Boolean functions with high nonlinearity.- Additive and linear structures of cryptographic functions.- The RC5 encryption algorithm.- The MacGuffin block cipher algorithm.- S-boxes and round functions with controllable linearity and differential uniformity.- Properties of linear approximation tables.- Searching for the optimum correlation attack.- A known plaintext attack on the PKZIP stream cipher.- Linear cryptanalysis of stream ciphers.- Feedback with carry shift registers over finite fields.- A free energy minimization framework for inference problems in modulo 2 arithmetic.- Truncated and higher order differentials.- SAFER K-64: One year later.- Improved characteristics for differential cryptanalysis of hash functions based on block ciphers.- Linear cryptanalysis using multiple approximations and FEAL.- Problems with the linear cryptanalysis of DES using more than one active S-box per round.- Correlation matrices.- On the need for multipermutations: Cryptanalysis of MD4 and SAFER.- How to exploit the intractability of exact TSP for cryptography.- How to reverse engineer an EES device.- A fast homophonic coding algorithm based on arithmetic coding.- On Fibonacci keystream generators.- Cryptanalysis of McGuffin.- Performance of block ciphers and hash functions — One year later.- TEA, a tiny encryption algorithm.