This book constitutes the thoroughly refereed post-proceedings of the 14th International Workshop on Selected Areas in Cryptography, SAC 2007, held in Ottawa, Canada, in August 2007. The 25 revised full papers presented were carefully reviewed and selected from 73 submissions. The papers are organized in topical sections on stream cipher cryptanalysis, hash function attacks, side-channel attacks, efficient implementations, block cipher cryptanalysis, a new stream cipher, white box cryptanalysis, message authentication code attack, and modes of operation. SAC 2007 was the 14th in a series of annual workshops on Selected Areas in Cryptography. This is the ?rst time this workshop was held at the University of Ottawa. Previous workshops were held at Queen¿s University in Kingston (1994, 1996, 1998, 1999, and 2005), Carleton University in Ottawa (1995, 1997, and 2003), University of Waterloo (2000 and 2004), Fields Institute in Toronto (2001), Memorial University of Newfoundland in St. Johns (2002), and Conc- dia University in Montreal (2006). The intent of the workshop is to provide a stimulating atmosphere where researchersin cryptology can present and discuss new work on selected areas of current interest. The themes for SAC 2007 were: ¿ Design and analysis of symmetric key cryptosystems ¿ Primitives for symmetric key cryptography, including block and stream ciphers, hash functions, and MAC algorithms ¿ E?cient implementations of symmetric and public key algorithms ¿ Innovative cryptographic defenses against malicious software A total of 73 papers were submitted to SAC 2007. Of these, one was wi- drawn by the authors, and 25 were accepted by the Program Committee for presentation at the workshop. In addition to these presentations, we were for- nate to have two invited speakers: ¿ Dan Bernstein: ¿Edwards Coordinates for Elliptic Curves¿ ¿ MotiYung:¿CryptographyandVirologyInter-Relationships. ¿Thistalkwas designated the Sta?ord Tavares Lecture. We are grateful to the Program Committee and the many external reviewers for their hard work and expertise in selecting the program. Reduced Complexity Attacks on the Alternating Step Generator 1 Shahram Khazaei, Simon Fischer, and Willi Meier Extended BDD-Based Cryptanalysis of Keystream Generators 17 Dirk Stegemann Two Trivial Attacks on TRIVIUM 36 Alexander Maximov and Alex Biryukov Collisions for 70-Step SHA-1: On the Full Cost of Collision Search 56 Christophe De Canni , Florian Mendel, and Christian Rechberger Cryptanalysis of the CRUSH Hash Function 74 Matt Henricksen and Lars R. Knudsen Improved Side-Channel Collision Attacks on AES 84 Audrey Bogdanov Analysis of Countermeasures Against Access Driven Cache Attacks on AES 96 Johannes Bl mer and Volker Krummel Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms 110 Frederic Amiel, Benoit Feix, and Karine Villegas Koblitz Curves and Integer Equivalents of Frobenius Expansions 126 Billy Bob Brumley and Kimmo J inen Another Look at Square Roots (and Other Less Common Operations) in Fields of Even Characteristic 138 Roberto Maria Avanzi Efficient Explicit Formulae for Genus 2 Hyperelliptic Curves over Prime Fields and Their Implementations 155 Xinxin Fan and Guang Gong Explicit Formulas for Efficient Multiplication in F36m 173 Elisa Gorla, Christoph Puttmann, and Jamshid Shokrollahi Linear Cryptanalysis of Non Binary Ciphers 184 Thomas Baign s, Jacques Stern, and Serge Vaudenay The Delicate Issues of Addition with Respect to XOR, Differences 212 Gaoli, Wang, Nathan Keller. and Orr Dunkelman MRHS Equation Systems 232 H rd Raddum A Fast Stream Cipher with Huge State Space and Quasigroup Filter for Software 246 Makoto Matsumoto, Mutsuo Saito, Takuji Nishimura, and Mariko Hagita Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings 264 Brecht Wyseur, Wil Michiels, Paul Gorissen, and Bart Preneel Cryptanalysis of White Box DES Implementations 278 Louis Goubin, Jean-Michel Masereel, and Micha Quisquater Attacks on the ESA-PSS-04-151 MAC Scheme 296 Georg Mies and Marian Margraf The Security of the Extended Codebook (XCB) Mode of Operation 311 David A. McGrew and Scott R. Fluhrer A Generic Method to Design Modes of Operation Beyond the Birthday Bound 328 David Lefranc, Philippe Painchault, Val e Rouat, and Emmanuel Mayer Passive- Only Key Recovery Attacks on RC4 344 Serge Vaudenay and Martin Vuagnoux Permutation After RC4 Key Scheduling Reveals the Secret Key 360 Goutam Paul and Subhamoy Maitra Revisiting Correlation-Immunity in Filter Generators 378 Aline Gouget and Herv ibert Distinguishing Attack Against TPypy 396 Yukiyasu Tsunoo, Teruo Saito, Takeshi Kawabata, and Hiroki Nakashima Author Index 409