A side-channel CCA attack based on ciphertexts with sparse NTT.
It turns out that you can do this.
New prime generation algorithms; CRT, batch RSA and Takagi RSA without inversion; RSA with compressed private keys.
An 11-multiply Montgomery ladder for short Weierstrass curves; new technique for completeness.
A simpler modular security proof of Fujisaki-Okamoto KEMs.
A new technique for post-quantum security proofs.
Side-channel attacks using speculative execution. Allows attacks e.g. through cache timing, even against crypto code that defends against such attacks using best practices. Allows JITted code to read memory outside its sandbox.
A new post-quantum encryption algorithm based on pseudo-Mersenne module LWE.
A new lightweight permutation: one of its innovations is arguably a weakness.
Side-channel attack and countermeasure against a postquantum encryption scheme.
A simple and lightweight permutation-based framework for building custom protocols and encryption schemes.
How to encode and decode points to quotient out the cofactor of an Edwards curve.
A super-secure — but still reasonably fast — elliptic curve mod 2448-2224-1.
How to get the performance of twisted Edwards curves without harming completeness.
How to hash to a uniform element of an even-order curve. Draft written in 2013, dug up in 2020.
Techniques for encoding elliptic curve points as random strings. Censorship evasion. PAKE security.
A fast new elliptic-curve crypto implementation. A new field shape with faster multiplies. New scalar-multiply and signature verification techniques.
Extensions to the older spatial encryption paper. Adaptive security, doubly-spatial encryption, new encoding schemes.
Real-time map hacks for Starcraft II and other strategy games. A cryptographic protocol to mitigate such hacks, and a blazing-fast implementation of this protocol.
Privacy-preserving tests for proximity: Alice can test if she is close to Bob without either learning the other's location.
Lightweight opportunistic TCP encryption.
A Javascript crypto library, focusing on AES and SHA-256. We significantly improved speed, size and usability compared to older libraries.
A fast, side-channel-resistant implementation of AES using vector permute instructions to compute the S-box.
How to encrypt a message with a policy that describes who can decrypt. The policy language is encoded using linear algebra.
A public-key system which is provably secure under standard assumptions, even when it encrypts its own key.
Like the Cocks cryptosystem, this uses Jacobi symbols instead of pairings. Our ciphertexts are much shorter than Cocks', but this comes at a cost in speed.