Publications

For more details about my research, and more informal descriptions of my papers, click here
For copies of papers not available here, please send me email

Books

  1. "Public-Key Cryptography (PKC) 2015" (edited volume)
    LNCS vol. 9020, Springer, 2015

  2. "Introduction to Modern Cryptography (second edition)," with Y. Lindell
    CRC Press, 2014

  3. "Decision and Game Theory for Security (GameSec) 2011" (edited volume), with J. Baras and E. Altman
    LNCS vol. 7037, Springer, 2011

  4. "Digital Signatures"
    Springer, 2010

  5. "Solutions Manual for 'Introduction to Modern Cryptography'," with Y. Lindell
    CRC Press, 2009

  6. "Introduction to Modern Cryptography," with Y. Lindell
    CRC Press, 2007

  7. "Applied Cryptography and Network Security (ACNS) 2007" (edited volume), with M. Yung
    LNCS vol. 4521, Springer, 2007

Book chapters

  1. "Cryptography"
    In Computing Handbook (3rd edition), vol. 1: Computer Science and Software Engineering, A. Tucker, T. Gonzalez, and J. Diaz-Herrera, eds., Chapman & Hall/CRC Press, 2014.

  2. "Public-Key Cryptography"
    In Handbook of Information and Communication Security, P. Stavroulakis and M. Stamp, eds., Springer, 2010.

  3. "Cryptography"
    In Wiley Encyclopedia of Computer Science and Engineering, B.W. Wah, ed., John Wiley & Sons, Inc., 2008.

  4. "Symmetric-Key Encryption"
    In Handbook of Information Security, H. Bidgoli, ed., John Wiley & Sons, Inc., 2005.

  5. "Cryptography"
    In Computer Science Handbook, 2nd edition, A. Tucker, ed., CRC Press, 2004.

Journal articles

Published/Awaiting Publication

  1. "Anon-Pass: Practical Anonymous Subscriptions," with Michael Lee, Alan Dunn, Brent Waters, and Emmett Witchel
    IEEE Security & Privacy 12(3): 20-27, 2014. (Part of a special issue for selected papers from the 2013 IEEE Symposium on Security & Privacy.)
    The full version is available. See here for a link to source code.

  2. "Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure," with S. Dov Gordon, Ranjit Kumaresan, and Arkady Yerukhimovich
    Information & Computation 234: 17-25, 2014. (Invited to a special issue for selected papers from SSS 2010.)
    The full version is available.

  3. "One-Round Multi-Party Communication Complexity of Distinguishing Sums," with Daniel Apon and Alex Malozemoff
    Theoretical Computer Science 501: 101-108, 2013.
    The full version is available: ECCC, arXiv

  4. "Round-Optimal Password-Based Authenticated Key Exchange," with Vinod Vaikuntanathan
    J. Cryptology 26(4): 714-743, 2013. (One of 3 papers from TCC 2011 invited to the Journal of Cryptology.)
    The full version is available.

  5. "Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products," with Amit Sahai and Brent Waters
    Journal of Cryptology 26(2): 191-224, 2013. (One of 4 papers from Eurocrypt 2008 invited to the Journal of Cryptology.)
    The full version is available. Note: this version differs slightly from what was published.

  6. "Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets," with Yevgeniy Dodis, Bhavana Kanukurthi, Leo Reyzin, and Adam Smith
    IEEE Transactions on Information Theory 58(9): 6207-6222, 2012.
    The full version is available. Note: this version differs slightly from what was published.

  7. "Two-Server Password-Only Authenticated Key Exchange," with Phil MacKenzie, Gelareh Taban, and Virgil Gligor
    Journal of Computer and System Sciences 78(2): 651--669, 2012.
    The full version is available.

  8. "Which Languages Have 4-Round Zero-Knowledge Proofs?"
    Journal of Cryptology 25(1): 41-56, 2012. (One of 3 papers from TCC 2008 invited to the Journal of Cryptology.)
    The full version is available. Note: this version differs slightly from what was published.

  9. "Partial Fairness in Secure Two-Party Computation," with Dov Gordon
    Journal of Cryptology 25(1): 14-40, 2012.
    The full version is available. Note: this version differs slightly from what was published.

  10. "Complete Fairness in Secure Two-Party Computation," with S. Dov Gordon, Carmit Hazay, and Yehuda Lindell
    Journal of the ACM 58(6): 1-36, 2011.
    The extended full version is available.

  11. "On Achieving the 'Best of Both Worlds' in Secure Multiparty Computation," with Yuval Ishai, Eyal Kushilevitz, Yehuda Lindell, and Erez Petrank
    SIAM J. Computing 40(1): 122-141, 2011.
    The full version is available.

  12. "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith
    Journal of Cryptology 23(3): 402-421, 2010.
    The full version is available.

  13. "Bounds on the Efficiency of 'Black-Box' Commitment Schemes," with Omer Horvitz
    Theoretical Computer Science 411(10): 1251-1260, 2010.
    The full version is available.

  14. "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," with Rafail Ostrovsky and Moti Yung
    Journal of the ACM 57(1): 78-116, 2009.
    The full version is available. Note: this version differs slightly from what was published.

  15. "Improving the Round Complexity of VSS in Point-to-Point Networks," with Chiu-Yuen Koo and Ranjit Kumaresan
    Information & Computation 207(8): 889-899, 2009.
    The full version is available.

  16. "Reducing Complexity Assumptions for Statistically-Hiding Commitment," with Iftach Haitner, Omer Horvitz, Chiu-Yuen Koo, Ruggero Morselli, and Ronen Shaltiel
    Journal of Cryptology 22(3): 283-310, 2009.
    The full version is available. Note: this version differs slightly from what was published (most notably in Section 4).

  17. "Ring Signatures: Stronger Definitions, and Constructions without Random Oracles," with Adam Bender and Ruggero Morselli
    Journal of Cryptology 22(1): 114-138, 2009.
    The full version is available.

  18. "On Expected Constant-Round Protocols for Byzantine Agreement," with Chiu-Yuen Koo
    Journal of Computer and System Sciences 75(2): 91-112, 2009.
    The full version is available.

  19. "Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs," with Yehuda Lindell
    Journal of Cryptology 21(3): 303-349, 2008.
    The full version is available.

  20. "Efficient Signature Schemes with Tight Security Reductions to the Diffie-Hellman Problems," with Eu-Jin Goh, Stanislaw Jarecki, and Nan Wang
    Journal of Cryptology 20(4): 493-514, 2007.
    The full version is available.

  21. "A Forward-Secure Public-Key Encryption Scheme," with Ran Canetti and Shai Halevi
    Journal of Cryptology 20(3): 265-294, 2007.
    The full version is available.

  22. "Scalable Protocols for Authenticated Group Key Exchange," with Moti Yung
    Journal of Cryptology 20(1): 85-113, 2007.
    The full version is available.

  23. "Chosen-Ciphertext Security From Identity-Based Encryption," with Dan Boneh, Ran Canetti, and Shai Halevi
    SIAM Journal on Computing 36(5): 1301-1328, 2007.
    The full version is available.

  24. "Characterization of Security Notions for Probabilistic Private-Key Encryption," with Moti Yung
    Journal of Cryptology 19(1): 67-96, 2006.
    The full version is available.

  25. "A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks," with Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney, and Aram Khalili
    ACM Transactions on Information and System Security 8(2): 228-258, 2005.
    The full version is available.

  26. "Bounds on the Efficiency of Generic Cryptographic Constructions," with Rosario Gennaro, Yael Gertner, and Luca Trevisan
    SIAM Journal on Computing 35(1): 217-246, 2005.
    The full version is available.

In Preparation

  1. "(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens," with Seung Geol Choi, Dominique Schröder, Arkady Yerukhimovich, and Hong-Sheng Zhou
    In submission. (One of 3 papers from TCC 2014 invited to the Journal of Cryptology.)

  2. "Fair Computation with Rational Players," with Amos Beimel, Adam Groce, and Ilan Orlov
    In submission

  3. "On Constructing Universal One-Way Hash Functions from Arbitrary One-Way Functions," with Chiu-Yuen Koo
    Accepted to Journal of Cryptology (pending revisions).
    A preliminary full version is available.

  4. "Aggregate Message Authentication Codes," with Yehuda Lindell
    Accepted to IET Information Security (pending revisions).
    The full version is available.

Articles in refereed conferences and workshops

  1. "Secure Computation of MIPS Machine Code," with Xiao Wang, S. Dov Gordon, and Allen McIntosh
    ESORICS 2016

  2. "A Unified Approach to Idealized Model Separations via Indistinguishability Obfuscation,"with Matthew D. Green, Alex Malozemoff and Hong-Sheng Zhou
    10th Conference on Security and Cryptography for Networks (SCN) 2016

  3. "All Your Queries are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption," with Yupeng Zhang and Babis Papamanthou
    USENIX Security Symposium 2016

  4. "The Cut-and-Choose Game and its Application to Cryptographic Protocols," with Ruiyu Zhu, Yan Huang, and Abhi Shelat
    USENIX Security Symposium 2016

  5. "Revisiting Square Root ORAM: Efficient Random Access in Multi-Party Computation," with Samee Zahur, Xiao Wang, Mariana Raykova, Adria Gascon, Jack Doerner, and David Evans
    IEEE Symposium on Security & Privacy (Oakland) 2016

  6. "10-Round Feistel is Indifferentiable from an Ideal Cipher," with Dana Dachman-Soled and Aishwarya Thiruvengadam
    Eurocrypt 2016

  7. "Automated Analysis and Synthesis of Authenticated Encryption Schemes," with Viet Tung Hoang and Alex Malozemoff
    ACM Conference on Computer and Communications Security 2015
    Recipient of best paper award

  8. "IntegriDB: Verifiable SQL for Outsourced Databases," with Yupeng Zhang and Babis Papamanthou
    ACM Conference on Computer and Communications Security 2015
    Paper and code available here

  9. "Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions," with Andrew Miller, Ahmed Kosba, and Elaine Shi
    ACM Conference on Computer and Communications Security 2015
    The proceedings version (© ACM) and a fuller version are available

  10. "How Fair is Your Protocol? A Utility-Based Approach to Protocol Optimality," with Juan Garay, Bjoern Tackmann, and Vassilis Zikas
    ACM Symposium on Principles of Distributed Computing (PODC) 2015

  11. "Adaptively Secure, Universally Composable, Multi-Party Computation in Constant Rounds," with Dana Dachman-Soled and Vanishree Rao
    12th Theory of Cryptography Conference (TCC) 2015

  12. "Multi-Client Verifiable Computation with Stronger Security Guarantees," with S. Dov Gordon, Feng-Hao Liu, Elaine Shi, and Hong-Sheng Zhou
    12th Theory of Cryptography Conference (TCC) 2015

  13. "Hash Functions from Defective Ideal Ciphers," with Stefan Lucks and Aishwarya Thiruvengadam
    RSA 2015---Cryptographers' Track

  14. "ALITHEIA: Towards Practical Verifiable Graph Processing," with Yupeng Zhang and Babis Papamanthou
    ACM Conference on Computer and Communications Security 2014

  15. "Amortizing Garbled Circuits," with Yan Huang, Vlad Kolesnikov, Ranjit Kumaresan, and Alex Malozemoff
    Crypto 2014

  16. "Feasibility and Infeasibility of Secure Computation with Malicious PUFs," with Dana Dachman-Soled, Nils Fleischhacker, Anna Lysyanskaya, and Dominique Schröder
    Crypto 2014

  17. "Efficient Three-Party Computation from Cut-and-Choose," with Seung-Geol Choi, Alex Malozemoff, and Vassilis Zikas
    Crypto 2014

  18. "Automated Analysis and Synthesis of Block-Cipher Modes of Operation," with Alexis J. Malozemoff and Matthew D. Green
    IEEE Computer Security Foundations Symposium 2014
    The proceedings version, full version, and code are available.

  19. "Distributing the Setup in Universally Composable Multiparty Computation," with Aggelos Kiayias, Hong-Sheng Zhou, and Vassilis Zikas
    ACM Symposium on Principles of Distributed Computing (PODC) 2014.

  20. "Automating Efficient RAM-Model Secure Computation," with Chang Liu, Yan Huang, Elaine Shi, and Mike Hicks
    IEEE Symposium on Security & Privacy (Oakland) 2014
    The proceedings version is available

  21. "PermaCoin: Repurposing Bitcoin Work for Long-Term Data Preservation," with Andrew Miller, Ari Juels, Elaine Shi, and Bryan Parno
    IEEE Symposium on Security & Privacy (Oakland) 2014

  22. "Multi-Input Functional Encryption," with Shafi Goldwasser, S. Dov Gordon, Vipul Goyal, Abhishek Jain, Feng-Hao Liu, Amit Sahai, Elaine Shi, and Hong-Sheng Zhou
    Eurocrypt 2014
    This publication is the result of a merge with this paper

  23. "Verifiable Oblivious Storage," with Daniel Apon, Elaine Shi, and Aishwarya Thiruvengadam
    Public-Key Cryptography (PKC) 2014

  24. "(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens," with Seung Geol Choi, Dominique Schröder, Arkady Yerukhimovich, and Hong-Sheng Zhou
    11th Theory of Cryptography Conference (TCC) 2014
    Invited to J. Cryptology (one of 3 papers selected from TCC 2014)

  25. "Authenticated Data Structures, Generically," with Andrew Miller, Michael Hicks, and Elaine Shi
    ACM Symposium on Principles of Programming Languages (POPL) 2014

  26. "Functional Encryption from (Small) Hardware Tokens," with Kai-Min Chung and Hong-Sheng Zhou
    Asiacrypt 2013

  27. "Rational Protocol Design: Cryptography Against Incentive-Driven Adversaries," with Juan Garay, Ueli Maurer, Bjoern Tackmann, and Vassilis Zikas
    IEEE Symposium on Foundations of Computer Science (FOCS) 2013

  28. "Coupled-Worlds Privacy: Exploiting Adversarial Uncertainty in Statistical Data Privacy," with Raef Bassily, Adam Groce, and Adam Smith
    IEEE Symposium on Foundations of Computer Science (FOCS) 2013

  29. "Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose," with Yan Huang and David Evans
    Crypto 2013

  30. "Anon-Pass: Practical Anonymous Subscriptions," with Michael Lee, Alan Dunn, Brent Waters, and Emmett Witchel
    IEEE Symposium on Security & Privacy (Oakland) 2013
    The proceedings version is available. See here for a link to source code
    Invited to special issue of IEEE Security & Privacy magazine

  31. "Multi-Client Non-Interactive Verifiable Computation," with Seung Geol Choi, Ranjit Kumaresan, and Carlos Cid
    10th Theory of Cryptography Conference (TCC) 2013

  32. "Feasibility and Completeness of Cryptographic Tasks in the Quantum World," with Serge Fehr, Fang Song, Hong-Sheng Zhou, and Vassilis Zikas
    10th Theory of Cryptography Conference (TCC) 2013
    (An extended abstract of this work was also presented at the 6th International Conference on Information-Theoretic Security (ICITS), 2012 workshop track)

  33. "Universally Composable Synchronous Computation," with Ueli Maurer, Bjorn Tackmann, and Vassilis Zikas
    10th Theory of Cryptography Conference (TCC) 2013

  34. "Efficient, Adaptively Secure, and Composable Oblivious Transfer with a Single, Global CRS," with Seung Geol Choi, Hoeteck Wee, and Hong-Sheng Zhou
    Public-Key Cryptography (PKC) 2013

  35. "Feasibility and Infeasibility of Adaptively Secure, Fully Homomorphic Encryption," with Aishwarya Thiruvengadam and Hong-Sheng Zhou
    Public-Key Cryptography (PKC) 2013

  36. "Secure Two-Party Computation in Sublinear Amortized Time," with Dov Gordon, Vladimir Kolesnikov, Fernando Krell, Tal Malkin, Mariana Raykova, and Yevgeniy Vahlis
    ACM Conference on Computer and Communications Security 2012
    A preliminary version of this work was accepted as a short paper to the Workshop on Cryptography and Security in Clouds, 2011
    The proceedings version (© ACM) is available. See also here.

  37. "Collusion-Preserving Computation," with Joel Alwen, Ueli Maurer, and Vassilis Zikas
    Crypto 2012

  38. "Byzantine Agreement with a Rational Adversary," with Adam Groce, Aishwarya Thiruvengadam, and Vassilis Zikas
    International Colloquium on Automata, Languages, and Programming (ICALP) 2012

  39. "Knowledge-Oriented Secure Multiparty Computation," with Piotr Mardziel, Michael Hicks, and Mudhakar Srivatsa
    ACM Workshop on Programming Languages and Analysis for Security (PLAS) 2012
    The proceedings version is available.

  40. "Quid Pro Quo-tocols: Strengthening Semi-Honest Protocols with Dual Execution," with Yan Huang and David Evans
    IEEE Symposium on Security & Privacy (Oakland) 2012
    The proceedings version is available. (Note: this may not match the actual published version.)

  41. "Constant-Round Multi-Party Private Set Union using Reversed Laurent Series," with Jae Hong Seo and Jung Hee Cheon
    Public-Key Cryptography (PKC) 2012

  42. "Fair Computation with Rational Players," with Adam Groce
    Eurocrypt 2012

  43. "On the Security of the 'Free-XOR' Technique," with Seung Geol Choi, Ranjit Kumaresan, and Hong-Sheng Zhou
    9th Theory of Cryptography Conference (TCC) 2012

  44. "Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces," with Seung Geol Choi, Kyung-Wook Hwang, Tal Malkin, and Dan Rubenstein
    RSA 2012---Cryptographers' Track
    The code is available here.

  45. "Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?" with Yan Huang and David Evans
    Network and Distributed System Security Conference (NDSS) 2012.
    The proceedings version is available.
    The code is available here.

  46. "Efficient Secure Computation with Garbled Circuits," with Yan Huang, Chih-hao Shen, David Evans, and Abhi Shelat
    Invited paper, International Conference on Information Systems Security 2011

  47. "Constant-Round Private-Function Evaluation with Linear Complexity," with Lior Malka
    Asiacrypt 2011

  48. "Faster Secure Two-Party Computation Using Garbled Circuits," with Yan Huang, David Evans, and Lior Malka
    USENIX Security Symposium 2011.
    The proceedings version is available. (Note: this may not fully match the actual published version.)
    The code is available here.

  49. "Adaptively Secure Broadcast, Revisited," with Juan Garay, Ranjit Kumaresan, and Hong-Sheng Zhou
    ACM Symposium on Principles of Distributed Computing (PODC) 2011.
    The proceedings version is available.

  50. "Round-Optimal Password-Based Authenticated Key Exchange," with Vinod Vaikuntanathan
    8th Theory of Cryptography Conference (TCC) 2011.
    Invited to J. Cryptology (one of 3 papers selected from TCC 2011).

  51. "Limits of Computational Differential Privacy in the Client/Server Setting," with Adam Groce and Arkady Yerukhimovich
    8th Theory of Cryptography Conference (TCC) 2011.
    The proceedings version (© IACR) is available.

  52. "Impossibility of Blind Signatures from One-Way Permutations," with Dominique Schröder and Arkady Yerukhimovich
    8th Theory of Cryptography Conference (TCC) 2011.
    The proceedings version (© IACR) is available.

  53. "Limits on the Power of Zero-Knowledge Proofs in Cryptographic Constructions," with Zvika Brakerski, Gil Segev, and Arkady Yerukhimovich
    8th Theory of Cryptography Conference (TCC) 2011.
    The proceedings version (© IACR) is available.

  54. "Efficient Privacy-Preserving Biometric Identification," with Yan Huang, Lior Malka, and David Evans
    Network and Distributed System Security Conference (NDSS) 2011.

  55. "A Group Signature Scheme from Lattice Assumptions," with Dov Gordon and Vinod Vaikuntanathan
    Asiacrypt 2010

  56. "Public-Key Cryptography Resilient to Continual Memory Leakage," with Zvika Brakerski, Yael Tauman Kalai, and Vinod Vaikuntanathan
    IEEE Symposium on Foundations of Computer Science (FOCS) 2010

  57. "Secure Text Processing with Applications to Private DNA Matching," with Lior Malka
    ACM Conference on Computer and Communications Security 2010
    The proceedings version is available.

  58. "A New Framework for Efficient Password-Based Authenticated Key Exchange," with Adam Groce
    ACM Conference on Computer and Communications Security 2010. The full version is available.

  59. "Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure," with S. Dov Gordon, Ranjit Kumaresan, and Arkady Yerukhimovich
    12th Intl. Symp. on Stabilization, Safety, and Security of Distributed Systems (SSS) 2010
    Invited to a special issue of Information & Computation

  60. "Partial Fairness in Secure Two-Party Computation," with Dov Gordon
    Eurocrypt 2010. The full version is available.

  61. "Secure Network Coding Over the Integers," with Rosario Gennaro, Hugo Krawczyk, and Tal Rabin
    Public-Key Cryptography (PKC) 2010

  62. "Efficient Rational Secret Sharing in Standard Communication Networks," with Georg Fuchsbauer and David Naccache
    7th Theory of Cryptography Conference (TCC) 2010. The full version is available.

  63. "Signature Schemes with Bounded Leakage Resilience," with Vinod Vaikuntanathan
    Asiacrypt 2009
    An early version is available; the proceedings version contains some additional results

  64. "On Black-Box Constructions of Predicate Encryption Schemes from Trapdoor Permutations," with Arkady Yerukhimovich
    Asiacrypt 2009
    The proceedings version (© IACR) is available

  65. "Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices," with Vinod Vaikuntanathan
    Asiacrypt 2009
    The proceedings version (© IACR) is available

  66. "Proofs of Storage from Homomorphic Identification Protocols," with Giuseppe Ateniese and Seny Kamara
    Asiacrypt 2009
    The proceedings version (© IACR) is available

  67. "Attacking Cryptographic Schemes Based on 'Perturbation Polynomials'," with Martin Albrecht, Craig Gentry, and Shai Halevi
    ACM Conference on Computer and Communications Security 2009

  68. "Collusion-Free Multiparty Computation in the Mediated Model," with Joel Alwen, Yehuda Lindell, Giuseppe Persiano, Abhi Shelat, and Ivan Visconti
    Crypto 2009
    An early version is available (note: this is different from the proceedings version).

  69. "Signing a Linear Subspace: Signatures for Network Coding," with Dan Boneh, David Freeman, and Brent Waters
    Public-Key Cryptography (PKC) 2009

  70. "Composability and On-Line Deniability of Authentication," with Yevgeniy Dodis, Adam Smith, and Shabsi Walfish
    6th Theory of Cryptography Conference (TCC) 2009
    The proceedings version (© IACR) is available.

  71. "Complete Fairness in Multi-Party Computation without an Honest Majority," with Dov Gordon
    6th Theory of Cryptography Conference (TCC) 2009

  72. "Improving the Round Complexity of VSS in Point-to-Point Networks," with Chiu-Yuen Koo and Ranjit Kumaresan
    International Colloquium on Automata, Languages, and Programming (ICALP) 2008
    The full version is available above.

  73. "Complete Fairness in Secure Two-Party Computation," with S. Dov Gordon, Carmit Hazay, and Yehuda Lindell
    ACM Symposium on Theory of Computing (STOC) 2008
    The proceedings version (© ACM) is available, and the full version is available above

  74. "Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products," with Amit Sahai and Brent Waters
    Eurocrypt 2008
    Invited to J. Cryptology (one of 4 papers selected from Eurocrypt 2008)
    The proceedings version (© IACR) is available, as is the full version

  75. "How to Encrypt with a Malicious Random Number Generator," with Seny Kamara
    Fast Software Encryption (FSE) 2008

  76. "Aggregate Message Authentication Codes," with Yehuda Lindell
    RSA 2008---Cryptographers' Track

  77. "Bridging Game Theory and Cryptography: Recent Results and Future Directions"
    Invited paper, 5th Theory of Cryptography Conference (TCC) 2008
    The proceedings version (© IACR) is available. A full version is in preparation

  78. "Which Languages have 4-Round Zero-Knowledge Proofs?"
    5th Theory of Cryptography Conference (TCC) 2008
    Invited to J. Cryptology (one of 3 papers selected from TCC 2008).

  79. "Universally-Composable Computation with an Unreliable Common Reference String," with Vipul Goyal
    5th Theory of Cryptography Conference (TCC) 2008
    The proceedings version (© IACR) is available

  80. "Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise"
    Invited paper, 11th IMA International Conference on Cryptography and Coding Theory, 2007

  81. "Round Complexity of Authenticated Broadcast with a Dishonest Majority," with Juan Garay, Chiu-Yuen Koo, and Rafail Ostrovsky
    IEEE Symposium on Foundations of Computer Science (FOCS) 2007
    The proceedings version is available.

  82. "Universally-Composable Two-Party Computation in Two Rounds," with Omer Horvitz
    Crypto 2007
    The proceedings version (© IACR) is available.

  83. "On Achieving the 'Best of Both Worlds' in Secure Multiparty Computation"
    ACM Symposium on Theory of Computing (STOC) 2007
    The full version is available above.

  84. "Universally Composable Multi-Party Computation using Tamper-Proof Hardware"
    Eurocrypt 2007
    The proceedings version (© IACR) is available.

  85. "Round-Efficient Secure Computation in Point-to-Point Networks," with Chiu-Yuen Koo
    Eurocrypt 2007
    The proceedings version (© IACR) is available.

  86. "Concurrently-Secure Blind Signatures without Random Oracles or Setup Assumptions," with Carmit Hazay, Chiu-Yuen Koo, and Yehuda Lindell
    4th Theory of Cryptography Conference (TCC) 2007
    The proceedings version (© IACR) is available.

  87. "Exploiting Approximate Transitivity of Trust," with Ruggero Morselli, Bobby Bhattacharjee, and Michael Marsh
    Invited paper, BroadNets 2007

  88. "Rational Secret Sharing, Revisited," with S. Dov Gordon
    Security and Cryptography for Networks 2006
    (An extended abstract of this work was also accepted for presentation at NetEcon 2006)

  89. "Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets," with Yevgeniy Dodis, Leo Reyzin, and Adam Smith
    Crypto 2006
    This paper is superseded by the full version available above.

  90. "On Expected Constant-Round Protocols for Byzantine Agreement," with Chiu-Yuen Koo
    Crypto 2006
    The full version is available above. An older version is available from the eprint archives.

  91. "Reliable Broadcast in Radio Networks: The Bounded Collision Case," with Chiu-Yuen Koo, Vartika Bhandari, and Nitin Vaidya
    PODC 2006

  92. "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji Sun Shin
    Eurocrypt 2006
    The full version is available.
    This work is superseded by the journal version "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith, available above.

  93. "Ring Signatures: Stronger Definitions, and Constructions without Random Oracles," with Adam Bender and Ruggero Morselli
    3rd Theory of Cryptography Conference (TCC) 2006
    A version available on eprint is an extended version of what appeared in the proceedings. The full version is available above.

  94. "Modeling Insider Attacks on Group Key-Exchange Protocols," with Ji Sun Shin
    ACM Conference on Computer and Communications Security 2005
    The full version and the presentation given at the conference are available.

  95. "Lower Bounds on the Efficiency of 'Black-Box' Commitment Schemes," with Omer Horvitz
    International Colloquium on Automata, Languages, and Programming (ICALP) 2005
    Invited to a special issue of Theoretical Computer Science
    The proceedings versionSpringer-Verlag) is available. A full version is available above.

  96. "Two-Server Password-Only Authenticated Key Exchange," with Phil MacKenzie, Gelareh Taban, and Virgil Gligor
    Applied Cryptography and Network Security (ACNS) 2005
    The proceedings versionSpringer-Verlag) is available, and the full version is available above.

  97. "Universally Composable Password-Based Key Exchange," with Ran Canetti, Shai Halevi, Yehuda Lindell, and Phil MacKenzie
    Eurocrypt 2005
    The proceedings version (© IACR) and a preliminary full version are available.

  98. "Secure Remote Authentication Using Biometric Data," with Xavier Boyen, Yevgeniy Dodis, Rafail Ostrovsky, and Adam Smith
    Eurocrypt 2005
    A revised version is available. (Note: this is essentially the same as the proceedings version, except that some mistakes have been fixed.)

  99. "Reducing Complexity Assumptions for Statistically-Hiding Commitment," with Iftach Haitner, Omer Horvitz, Chiu-Yuen Koo, Ruggero Morselli, and Ronen Shaltiel
    Eurocrypt 2005
    The proceedings version (© IACR) is available, and the full version is available above. An earlier version of the paper is also available.

  100. "Adaptively-Secure, Non-Interactive Public-Key Encryption," with Ran Canetti and Shai Halevi
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) and the full version are available.

  101. "Chosen Ciphertext Security of Multiple Encryption," with Yevgeniy Dodis
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) is available

  102. "Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs," with Yehuda Lindell
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) is available, and the full version is available above.

  103. "Improved Efficiency for CCA-Secure Cryptosystems Built Using IBE," with Dan Boneh
    RSA 2005---Cryptographers' Track
    The proceedings version (© Springer-Verlag) is available. The full version is available above.

  104. "Identity-Based Zero Knowledge," with Rafail Ostrovsky and Michael Rabin
    Security in Communication Networks, 2004

  105. "Round-Optimal Secure Two-Party Computation," with Rafail Ostrovsky
    Crypto 2004
    The proceedings version (© IACR) is available.

  106. "A Game-Theoretic Framework for Analyzing Trust-Inference Protocols," with Ruggero Morselli and Bobby Bhattacharjee
    Second Workshop on the Economics of Peer-to-Peer Systems, 2004
    A preliminary manuscript is available, as well as the presentation that was given at the P2Pecon workshop. A full(er) version of the paper is available on request.

  107. "One-Round Protocols for Two-Party Authenticated Key Exchange," with Ik Rae Jeong and Dong Hoon Lee
    Applied Cryptography and Network Security (ACNS) 2004
    A full version is available (this version corrects some minor errors in the prceedings version).

  108. "Chosen-Ciphertext Security From Identity-Based Encryption," with Ran Canetti and Shai Halevi
    Eurocrypt 2004
    An early version is available at the eprint archives. The proceedings version (© IACR) is also available, and the full version is available above.

  109. "Trust Preserving Set Operations," with Ruggero Morselli, Bobby Bhattacharjee, and Pete Keleher
    IEEE Infocom 2004

  110. "A Generic Construction for Intrusion-Resilient Public-Key Encryption," with Yevgeniy Dodis, Matt Franklin, Atsuko Miyaji, and Moti Yung
    RSA 2004---Cryptographers' Track.

  111. "Binary Tree Encryption: Constructions and Applications"
    Invited paper, ICISC 2003
    The proceedings versionSpringer-Verlag) is available.

  112. "Efficiency Improvements for Signature Schemes with Tight Security Reductions," with Nan Wang
    ACM Conference on Computer and Communications Security 2003
    The proceedings version (© ACM) is available (note: this version is slightly updated from what actually appears in the proceedings).
    The full version (which does not contain all the results in the proceedings version) is available above as "Efficient Signature Schemes with Tight Security Reductions to the Diffie-Hellman Problems".

  113. "Scalable Protocols for Authenticated Group Key Exchange," with Moti Yung
    Crypto 2003
    The proceedings version (© IACR) is available, and the full version is available above.

  114. "Lower Bounds on the Efficiency of Encryption and Digital Signature Schemes," with Rosario Gennaro and Yael Gertner
    ACM Symposium on Theory of Computing (STOC) 2003
    The proceedings version (© ACM) is available, and the full version is available above as "Bounds on the Efficiency of Generic Cryptographic Constructions".

  115. "Round Efficiency of Multi-Party Computation with a Dishonest Majority," with Rafail Ostrovsky and Adam Smith
    Eurocrypt 2003
    The proceedings version (© IACR) and an extended version are available.

  116. "A Forward-Secure Public-Key Encryption Scheme," with Ran Canetti and Shai Halevi
    Eurocrypt 2003
    The proceedings version (© IACR) is available, and the full version is available above. Older versions of the paper are available here and here.

  117. "Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications"
    Eurocrypt 2003
    The proceedings version (© IACR) is available. A slightly extended (but older) version is available at the eprint archives.

  118. "Intrusion-Resilient Public-Key Encryption," with Yevgeniy Dodis, Matt Franklin, Atsuko Miyaji, and Moti Yung
    RSA 2003---Cryptographers' Track

  119. "Toward Secure Key Distribution in Truly Ad-Hoc Networks," with Aram Khalili and William Arbaugh
    IEEE Workshop on Security and Assurance in Ad-Hoc Networks 2003

  120. "Strong Key-Insulated Signature Schemes," with Yevgeniy Dodis, Shouhuai Xu, and Moti Yung
    Public-Key Cryptography (PKC) 2003

  121. "Forward Secrecy in Password-Only Key Exchange Protocols," with Rafail Ostrovsky and Moti Yung
    Security in Communication Networks 2002
    The full version is available as "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," above.

  122. "Threshold Cryptosystems Based on Factoring," with Moti Yung
    Asiacrypt 2002

  123. "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG," with Kahil Jallad, Jena Lee, and Bruce Schneier
    Information Security Conference 2002

  124. "Key-Insulated Public-Key Cryptosystems," with Yevgeniy Dodis, Shouhuai Xu, and Moti Yung
    Eurocrypt 2002

  125. "Incremental and Unforgeable Encryption," with Enrico Buonanno and Moti Yung
    Fast Software Encryption 2001

  126. "Efficient Password-Authenticated Key Exchange Using Human-Memorizable Passwords," with Rafail Ostrovsky and Moti Yung
    Eurocrypt 2001
    A full version is available as "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," above.
    An older version is available at the eprint archives.

  127. "Efficient and Non-Interactive, Non-Malleable Commitment," with Giovanni Di Crescenzo, Rafail Ostrovsky, and Adam Smith
    Eurocrypt 2001

  128. "Cryptographic Counters and Applications to Electronic Voting," with Rafail Ostrovsky and Steven Myers
    Eurocrypt 2001

  129. "A Chosen-Ciphertext Attack against Several E-mail Encryption Protocols," with Bruce Schneier
    USENIX Security Symposium 2000

  130. "Unforgeable Encryption and Chosen-Ciphertext-Secure Modes of Operation," with Moti Yung
    Fast Software Encryption 2000

  131. "Complete Characterization of Security Notions for Probabilistic, Private-Key Encryption," with Moti Yung
    ACM Symposium on Theory of Computing (STOC) 2000
    The full version is available above.

  132. "On the Efficiency of Local Decoding Procedures for Error-Correcting Codes," with Luca Trevisan
    ACM Symposium on Theory of Computing (STOC) 2000

Other manuscripts

  1. "Efficiently Enforcing Input Validity in Secure Two-party Computation," with Alex Malozemoff and Xiao Wang
  2. "Symmetric-Key Broadcast Encryption: The Multi-Sender Case," with Cody Freitag and Nathan Klein
  3. "Analysis of a Proposed Hash-Based Signature Standard, rev. 4"
  4. "Analysis of a Proposed Hash-Based Signature Standard"
  5. "Implementing Cryptographic Program Obfuscation," with Daniel Apon, Yan Huang, and Alex J. Malozemoff
  6. "Pseudonymous Secure Computation from Time-Lock Puzzles," with Andrew Miller and Elaine Shi
  7. "Cryptography and the Economics of Supervisory Information: Balancing Transparency and Confidentiality," with Mark Flood, Stephen Ong, and Adam Smith
    Presented at Financial Stability Conference: Using the Tools, Finding the Data (2013)
    and Conference on Data Standards, Information, and Financial Stability (2014)
    Available here
  8. "Implementing Actively Secure MPC with Optimal Security Threshold," with Seung Geol Choi and Arkady Yerukhimovich
  9. "Tracing Insider Attacks in the Context of Predicate Encryption Schemes," with Dominique Schröder.
    Annual Conference of the ITA (ACITA) 2011.
  10. "A Game-Theoretic Model Motivated by the DARPA Network Challenge," with Rajesh Chitnis, MohammadTaghi Hajiaghayi, and Koyel Mukherjee
    SPAA 2013 brief announcement. Also appeared at the Workshop on Risk Aversion in Algorithmic Game Theory and Mechanism Design, 2012.

    (The following have been superseded by other work)

  11. "VMCrypt---Modular Software Architecture for Scalable Secure Computation," with Lior Malka.
    Revised version accepted to ACM Conference on Computer and Communications Security 2011.
  12. "Compact Signatures for Network Coding," with Brent Waters
    This work is superseded by the paper available above: "Signing a Linear Subspace: Signatures for Network Coding," with Dan Boneh, David Freeman, and Brent Waters
  13. "Analyzing the HB and HB+ Protocols in the 'Large Error' Case," with Adam Smith
    This work is superseded by the paper available above: "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith.
  14. "KeyChains: A Decentralized Public-Key Infrastructure," with Ruggero Morselli, Bobby Bhattacharjee, and Mike Marsh
    Technical Report CS-TR-4788, Department of Computer Science, University of Maryland, 2006. Also filed as UMIACS-2006-12. The results here are described in the paper: "Exploiting Approximate Transitivity of Trust," with Ruggero Morselli, Bobby Bhattacharjee, and Michael Marsh

PhD thesis

"Efficient Cryptographic Protocols Preventing 'Man-in-the-Middle' Attacks"
Columbia University, 2002
Includes results from the following papers (see above for full publication information) and also some additional, unpublished results: