Books

1. "Solutions Manual for 'Introduction to Modern Cryptography'," with Y. Lindell
   CRC Press, 2009
   
   
2. "Introduction to Modern Cryptography," with Y. Lindell
   CRC Press, 2007
   
   
3. "Applied Cryptography and Network Security (ACNS) 2007" (edited volume), with M. Yung
   Springer-Verlag, 2007

Book chapters

1. "Public-Key Cryptography"
   In Handbook of Information and Communication Security, P. Stavroulakis and M. Stamp, eds., Springer, 2010.
   
   
2. "Cryptography"
   In Wiley Encyclopedia of Computer Science and Engineering, B.W. Wah, ed., John Wiley & Sons, Inc., 2008.
   
   
3. "Symmetric-Key Encryption"
   In Handbook of Information Security, H. Bidgoli, ed., John Wiley & Sons, Inc., 2005.
   
   
4. "Cryptography"
   In The Computer Science and Engineering Handbook, 2nd edition, A. Tucker, ed., CRC Press, 2004.

Journal articles

Published/Awaiting Publication

1. "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," with Rafail Ostrovsky and Moti Yung
   Journal of the ACM, to appear. The full version is available. Note: this version differs slightly from what will be published.
   
   
2. "Bounds on the Efficiency of 'Black-Box' Commitment Schemes," with Omer Horvitz
   Theoretical Computer Science, to appear. The full version is available.
   
   
3. "Improving the Round Complexity of VSS in Point-to-Point Networks," with Chiu-Yuen Koo and Ranjit Kumaresan
   Information & Computation 207(8): 889-899, 2009. The full version is available.
   
   
4. "Reducing Complexity Assumptions for Statistically-Hiding Commitment," with Iftach Haitner, Omer Horvitz, Chiu-Yuen Koo, Ruggero Morselli, and Ronen Shaltiel
   Journal of Cryptology 22(3): 283-310, 2009. A full version is available. Note: this version differs slightly from what was published (most notably in Section 4).
   
   
5. "Ring Signatures: Stronger Definitions, and Constructions without Random Oracles," with Adam Bender and Ruggero Morselli
   Journal of Cryptology 22(1): 114-138, 2009. The full version is available.
   
   
6. "On Expected Constant-Round Protocols for Byzantine Agreement," with Chiu-Yuen Koo
   Journal of Computer and System Sciences 75(2): 91-112, 2009. The full version is available.
   
   
7. "Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs," with Yehuda Lindell
   Journal of Cryptology 21(3): 303-349, 2008. The full version is available.
   
   
8. "Efficient Signature Schemes with Tight Security Reductions to the Diffie-Hellman Problems," with Eu-Jin Goh, Stanislaw Jarecki, and Nan Wang
   Journal of Cryptology 20(4): 493-514, 2007. The full version is available.
   
   
9. "A Forward-Secure Public-Key Encryption Scheme," with Ran Canetti and Shai Halevi
   Journal of Cryptology 20(3): 265-294, 2007. The full version is available.
   
   
10. "Scalable Protocols for Authenticated Group Key Exchange," with Moti Yung
    Journal of Cryptology 20(1): 85-113, 2007. The full version is available.
    
    
11. "Chosen-Ciphertext Security From Identity-Based Encryption," with Dan Boneh, Ran Canetti, and Shai Halevi
    SIAM Journal on Computing 36(5): 1301-1328, 2007. The full version is available.
    
    
12. "Characterization of Security Notions for Probabilistic Private-Key Encryption," with Moti Yung
    Journal of Cryptology 19(1): 67-96, 2006. The full version is available.
    
    
13. "A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks," with Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney, and Aram Khalili
    ACM Transactions on Information and System Security 8(2): 228-258, 2005. The full version is available.
    
    
14. "Bounds on the Efficiency of Generic Cryptographic Constructions," with Rosario Gennaro, Yael Gertner, and Luca Trevisan
    SIAM Journal on Computing 35(1): 217-246, 2005. The full version is available.

In Preparation

1. "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith
   Accepted to Journal of Cryptology (pending revisions). A preliminary full version is available.
   
   
2. "On Constructing Universal One-Way Hash Functions from Arbitrary One-Way Functions," with Chiu-Yuen Koo
   Accepted to Journal of Cryptology (pending revisions). A preliminary full version is available.
   
   
3. "Two-Server Password-Only Authenticated Key Exchange," with Phil MacKenzie, Gelareh Taban, and Virgil Gligor
   In submission. A preliminary full version is available.
   
   
4. "Complete Fairness in Secure Two-Party Computation," with S. Dov Gordon, Carmit Hazay, and Yehuda Lindell
   In submission. An extended preliminary full version is available.
   
   
5. "Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products," with Amit Sahai and Brent Waters
   One of 4 papers from Eurocrypt 2008 invited to the Journal of Cryptology. A preliminary full version is available.
   
   
6. "Which Languages Have 4-Round Zero-Knowledge Proofs?"
   One of 3 papers from TCC 2008 invited to the Journal of Cryptology. A preliminary full version is available.

Articles in refereed conferences and workshops

1. "Efficient Rational Secret Sharing in Standard Communication Networks," with Georg Fuchsbauer and David Naccache
   7th Theory of Cryptography Conference (TCC) 2010, to appear
   
   
2. "Signature Schemes with Bounded Leakage Resilience," with Vinod Vaikuntanathan
   Asiacrypt 2009, to appear
   A preliminary version is available; the proceedings version contains some additional results
   
   
3. "On Black-Box Constructions of Predicate Encryption Schemes from Trapdoor Permutations," with Arkady Yerukhimovich
   Asiacrypt 2009, to appear
   The proceedings version (© IACR) is available
   
   
4. "Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices," with Vinod Vaikuntanathan
   Asiacrypt 2009, to appear
   The proceedings version (© IACR) is available
   
   
5. "Proofs of Storage from Homomorphic Identification Protocols," with Giuseppe Ateniese and Seny Kamara
   Asiacrypt 2009, to appear
   The proceedings version (© IACR) is available
   
   
6. "Attacking Cryptographic Schemes Based on 'Perturbation Polynomials'," with Martin Albrecht, Craig Gentry, and Shai Halevi
   ACM Conference on Computer and Communications Security 2009, to appear
   
   
7. "Collusion-Free Multiparty Computation in the Mediated Model," with Joel Alwen, Yehuda Lindell, Giuseppe Persiano, Abhi Shelat, and Ivan Visconti
   Crypto 2009, to appear
   An early version is available (note: this is different from the proceedings version).
   
   
8. "Signing a Linear Subspace: Signatures for Network Coding," with Dan Boneh, David Freeman, and Brent Waters
   Public-Key Cryptography (PKC) 2009
   
   
9. "Composability and On-Line Deniability of Authentication," with Yevgeniy Dodis, Adam Smith, and Shabsi Walfish
   6th Theory of Cryptography Conference (TCC) 2009
   The proceedings version (© IACR) is available.
   
   
10. "Complete Fairness in Multi-Party Computation without an Honest Majority," with Dov Gordon
    6th Theory of Cryptography Conference (TCC) 2009
    
    
11. "Improving the Round Complexity of VSS in Point-to-Point Networks," with Chiu-Yuen Koo and Ranjit Kumaresan
    International Colloquium on Automata, Languages, and Programming (ICALP) 2008
    The full version is available above.
    
    
12. "Complete Fairness in Secure Two-Party Computation," with S. Dov Gordon, Carmit Hazay, and Yehuda Lindell
    ACM Symposium on Theory of Computing (STOC) 2008
    The proceedings version (© ACM) is available
    
    
13. "Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products," with Amit Sahai and Brent Waters
    Eurocrypt 2008
    Invited to a special issue of J. Cryptology (one of 4 papers selected from Eurocrypt 2008)
    The proceedings version (© IACR) is available, as is a prelminary full version
    
    
14. "How to Encrypt with a Malicious Random Number Generator," with Seny Kamara
    Fast Software Encryption (FSE) 2008
    
    
15. "Aggregate Message Authentication Codes," with Yehuda Lindell
    RSA 2008 --- Cryptographers' Track
    
    
16. "Bridging Game Theory and Cryptography: Recent Results and Future Directions"
    Invited paper, 5th Theory of Cryptography Conference (TCC) 2008
    The proceedings version (© IACR) is available. A full version is in preparation
    
    
17. "Which Languages have 4-Round Zero-Knowledge Proofs?"
    5th Theory of Cryptography Conference (TCC) 2008
    Invited to a special issue of J. Cryptology (one of 3 papers selected from TCC 2008).
    
    
18. "Universally-Composable Computation with an Unreliable Common Reference String," with Vipul Goyal
    5th Theory of Cryptography Conference (TCC) 2008
    The proceedings version (© IACR) is available
    
    
19. "Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise"
    Invited paper, 11th IMA International Conference on Cryptography and Coding Theory, 2007
    
    
20. "Round Complexity of Authenticated Broadcast with a Dishonest Majority," with Juan Garay, Chiu-Yuen Koo, and Rafail Ostrovsky
    IEEE Symposium on Foundations of Computer Science (FOCS) 2007
    The proceedings version is available.
    
    
21. "Universally-Composable Two-Party Computation in Two Rounds," with Omer Horvitz
    Crypto 2007
    The proceedings version (© IACR) is available.
    
    
22. "On Achieving the 'Best of Both Worlds' in Secure Multiparty Computation"
    ACM Symposium on Theory of Computing (STOC) 2007
    
    
23. "Universally Composable Multi-Party Computation using Tamper-Proof Hardware"
    Eurocrypt 2007
    The proceedings version (© IACR) is available.
    
    
24. "Round-Efficient Secure Computation in Point-to-Point Networks," with Chiu-Yuen Koo
    Eurocrypt 2007
    The proceedings version (© IACR) is available.
    
    
25. "Concurrently-Secure Blind Signatures without Random Oracles or Setup Assumptions," with Carmit Hazay, Chiu-Yuen Koo, and Yehuda Lindell
    4th Theory of Cryptography Conference (TCC) 2007
    The proceedings version (© IACR) is available.
    
    
26. "Exploiting Approximate Transitivity of Trust," with Ruggero Morselli, Bobby Bhattacharjee, and Michael Marsh
    Invited paper, BroadNets 2007
    
    
27. "Rational Secret Sharing, Revisited," with S. Dov Gordon
    Security and Cryptography for Networks 2006
    (An extended abstract of this work was also accepted for presentation at NetEcon 2006)
    
    
28. "Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets," with Yevgeniy Dodis, Leo Reyzin, and Adam Smith
    Crypto 2006
    The proceedings version (© IACR) is available.
    
    
29. "On Expected Constant-Round Protocols for Byzantine Agreement," with Chiu-Yuen Koo
    Crypto 2006
    The full version is available above. An older version is available from the eprint archives.
    
    
30. "Reliable Broadcast in Radio Networks: The Bounded Collision Case," with Chiu-Yuen Koo, Vartika Bhandari, and Nitin Vaidya
    PODC 2006
    
    
31. "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji Sun Shin
    Eurocrypt 2006
    The full version is available.
    This work is superseded by the journal version "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith, available above.
    
    
32. "Ring Signatures: Stronger Definitions, and Constructions without Random Oracles," with Adam Bender and Ruggero Morselli
    3rd Theory of Cryptography Conference (TCC) 2006
    A version available on eprint is an extended version of what appeared in the proceedings. The full version is available above.
    
    
33. "Modeling Insider Attacks on Group Key-Exchange Protocols," with Ji Sun Shin
    ACM Conference on Computer and Communications Security 2005
    The full version and the presentation given at the conference are available.
    
    
34. "Lower Bounds on the Efficiency of 'Black-Box' Commitment Schemes," with Omer Horvitz
    International Colloquium on Automata, Languages, and Programming (ICALP) 2005
    Invited to a special issue of Theoretical Computer Science; see above
    The proceedings version (© Springer-Verlag) is available. A preliminary full version is available above.
    
    
35. "Two-Server Password-Only Authenticated Key Exchange," with Phil MacKenzie, Gelareh Taban, and Virgil Gligor
    Applied Cryptography and Network Security (ACNS) 2005
    The proceedings version (© Springer-Verlag) is available, and a preliminary full version is available above.
    
    
36. "Universally Composable Password-Based Key Exchange," with Ran Canetti, Shai Halevi, Yehuda Lindell, and Phil MacKenzie
    Eurocrypt 2005
    The proceedings version (© IACR) and a preliminary full version are available.
    
    
37. "Secure Remote Authentication Using Biometric Data," with Xavier Boyen, Yevgeniy Dodis, Rafail Ostrovsky, and Adam Smith
    Eurocrypt 2005
    A revised version is available. (Note: this is essentially the same as the proceedings version, except that some mistakes have been fixed.)
    
    
38. "Reducing Complexity Assumptions for Statistically-Hiding Commitment," with Iftach Haitner, Omer Horvitz, Chiu-Yuen Koo, Ruggero Morselli, and Ronen Shaltiel
    Eurocrypt 2005
    The proceedings version (© IACR) is available, and the full version is available above. An earlier version of the paper is also available.
    
    
39. "Adaptively-Secure, Non-Interactive Public-Key Encryption," with Ran Canetti and Shai Halevi
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) and the full version are available.
    
    
40. "Chosen Ciphertext Security of Multiple Encryption," with Yevgeniy Dodis
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) is available
    
    
41. "Handling Expected Polynomial-Time Strategies in Simulation-Based Security Proofs," with Yehuda Lindell
    2nd Theory of Cryptography Conference (TCC) 2005
    The proceedings version (© IACR) is available, and the full version is available above.
    
    
42. "Improved Efficiency for CCA-Secure Cryptosystems Built Using IBE," with Dan Boneh
    RSA 2005 --- Cryptographers' Track
    The proceedings version (© Springer-Verlag) is available. The full version is available above.
    
    
43. "Identity-Based Zero Knowledge," with Rafail Ostrovsky and Michael Rabin
    Security in Communication Networks, 2004
    
    
44. "Round-Optimal Secure Two-Party Computation," with Rafail Ostrovsky
    Crypto 2004
    The proceedings version (© IACR) is available.
    
    
45. "A Game-Theoretic Framework for Analyzing Trust-Inference Protocols," with Ruggero Morselli and Bobby Bhattacharjee
    Second Workshop on the Economics of Peer-to-Peer Systems, 2004
    A preliminary manuscript is available, as well as the presentation that was given at the P2Pecon workshop. A full(er) version of the paper is available on request.
    
    
46. "One-Round Protocols for Two-Party Authenticated Key Exchange," with Ik Rae Jeong and Dong Hoon Lee
    Applied Cryptography and Network Security (ACNS) 2004
    A full version is available (this version corrects some minor errors in the prceedings version).
    
    
47. "Chosen-Ciphertext Security From Identity-Based Encryption," with Ran Canetti and Shai Halevi
    Eurocrypt 2004
    An early version is available at the eprint archives. The proceedings version (© IACR) is also available, and the full version is available above.
    
    
48. "Trust Preserving Set Operations," with Ruggero Morselli, Bobby Bhattacharjee, and Pete Keleher
    IEEE Infocom 2004
    
    
49. "A Generic Construction for Intrusion-Resilient Public-Key Encryption," with Yevgeniy Dodis, Matt Franklin, Atsuko Miyaji, and Moti Yung
    RSA 2004 --- Cryptographers' Track.
    
    
50. "Binary Tree Encryption: Constructions and Applications"
    Invited paper, ICISC 2003
    The proceedings version (© Springer-Verlag) is available.
    
    
51. "Efficiency Improvements for Signature Schemes with Tight Security Reductions," with Nan Wang
    ACM Conference on Computer and Communications Security 2003
    The proceedings version (© ACM) is available (note: this version is slightly updated from what actually appears in the proceedings).
    The full version (which does not contain all the results in the proceedings version) is available above as "Efficient Signature Schemes with Tight Security Reductions to the Diffie-Hellman Problems".
    
    
52. "Scalable Protocols for Authenticated Group Key Exchange," with Moti Yung
    Crypto 2003
    The proceedings version (© IACR) is available, and the full version is available above.
    
    
53. "Lower Bounds on the Efficiency of Encryption and Digital Signature Schemes," with Rosario Gennaro and Yael Gertner
    ACM Symposium on Theory of Computing (STOC) 2003
    The proceedings version (© ACM) is available, and the full version is available above as "Bounds on the Efficiency of Generic Cryptographic Constructions".
    
    
54. "Round Efficiency of Multi-Party Computation with a Dishonest Majority," with Rafail Ostrovsky and Adam Smith
    Eurocrypt 2003
    The proceedings version (© IACR) and an extended version are available.
    
    
55. "A Forward-Secure Public-Key Encryption Scheme," with Ran Canetti and Shai Halevi
    Eurocrypt 2003
    The proceedings version (© IACR) is available, and the full version is available above. Older versions of the paper are available here and here.
    
    
56. "Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications"
    Eurocrypt 2003
    The proceedings version (© IACR) is available. A slightly extended (but older) version is available at the eprint archives.
    
    
57. "Intrusion-Resilient Public-Key Encryption," with Yevgeniy Dodis, Matt Franklin, Atsuko Miyaji, and Moti Yung
    RSA 2003 --- Cryptographers' Track
    
    
58. "Toward Secure Key Distribution in Truly Ad-Hoc Networks," with Aram Khalili and William Arbaugh
    IEEE Workshop on Security and Assurance in Ad-Hoc Networks 2003
    
    
59. "Strong Key-Insulated Signature Schemes," with Yevgeniy Dodis, Shouhuai Xu, and Moti Yung
    Public-Key Cryptography (PKC) 2003
    
    
60. "Forward Secrecy in Password-Only Key Exchange Protocols," with Rafail Ostrovsky and Moti Yung
    Security in Communication Networks 2002
    A preliminary full version is available as "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," above.
    
    
61. "Threshold Cryptosystems Based on Factoring," with Moti Yung
    Asiacrypt 2002
    
    
62. "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG," with Kahil Jallad, Jena Lee, and Bruce Schneier
    Information Security Conference 2002
    
    
63. "Key-Insulated Public-Key Cryptosystems," with Yevgeniy Dodis, Shouhuai Xu, and Moti Yung
    Eurocrypt 2002
    
    
64. "Incremental and Unforgeable Encryption," with Enrico Buonanno and Moti Yung
    Fast Software Encryption 2001
    
    
65. "Efficient Password-Authenticated Key Exchange Using Human-Memorizable Passwords," with Rafail Ostrovsky and Moti Yung
    Eurocrypt 2001
    A preliminary full version is available as "Efficient and Secure Authenticated Key Exchange Using Weak Passwords," above.
    An older version is available at the eprint archives.
    
    
66. "Efficient and Non-Interactive, Non-Malleable Commitment," with Giovanni Di Crescenzo, Rafail Ostrovsky, and Adam Smith
    Eurocrypt 2001
    
    
67. "Cryptographic Counters and Applications to Electronic Voting," with Rafail Ostrovsky and Steven Myers
    Eurocrypt 2001
    
    
68. "A Chosen-Ciphertext Attack against Several E-mail Encryption Protocols," with Bruce Schneier
    USENIX Security Symposium 2000
    
    
69. "Unforgeable Encryption and Chosen-Ciphertext-Secure Modes of Operation," with Moti Yung
    Fast Software Encryption 2000
    
    
70. "Complete Characterization of Security Notions for Probabilistic, Private-Key Encryption," with Moti Yung
    ACM Symposium on Theory of Computing (STOC) 2000
    The full version is available above.
    
    
71. "On the Efficiency of Local Decoding Procedures for Error-Correcting Codes," with Luca Trevisan
    ACM Symposium on Theory of Computing (STOC) 2000

Manuscripts

Current:

1. "A New Framework for Password-Based Authenticated Key Exchange," with Adam Groce
2. "Round-Optimal Password-Based Authenticated Key Echange," with Vinod Vaikuntanathan
3. "Partial Fairness in Secure Two-Party Computation," with Dov Gordon
4. "Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure," with S. Dov Gordon, Ranjit Kumaresan, and Arkady Yerukhimovich

Old:

1. "Compact Signatures for Network Coding," with Brent Waters
   This work is superseded by the paper available above: "Signing a Linear Subspace: Signatures for Network Coding," with Dan Boneh, David Freeman, and Brent Waters
2. "Analyzing the HB and HB+ Protocols in the 'Large Error' Case," with Adam Smith
   This work is superseded by the paper available above: "Parallel and Concurrent Security of the HB and HB+ Protocols," with Ji-Sun Shin and Adam Smith.
3. "KeyChains: A Decentralized Public-Key Infrastructure," with Ruggero Morselli, Bobby Bhattacharjee, and Mike Marsh
   Technical Report CS-TR-4788, Department of Computer Science, University of Maryland, 2006. Also filed as UMIACS-2006-12. The results here are described in the paper available above: "Exploiting Approximate Transitivity of Trust," with Ruggero Morselli, Bobby Bhattacharjee, and Michael Marsh

PhD thesis

• "Efficient and Non-Interactive, Non-Malleable Commitment"
• "Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords"
• "Forward Secrecy in Password-Only Key-Exchange Protocols"
• "Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications"