Publications

 

Publications

  1. The Advanced Encryption Standard: 20 years later
    (with D. Stebila)
    IEEE Security & Privacy, 19-6 (2021), 98-102.

  2. End-to-end security: when do we have it?
    (with D. Stebila)
    IEEE Security & Privacy, 19-4 (2021), 60-64.

  3. Challenges in cryptography
    (with D. Stebila)
    IEEE Security & Privacy, 19-2 (2021), 70-73.

  4. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography, Security and Privacy (third edition), edited by S. Jajodia, P. Samarati and M. Yung, Springer-Verlag, 2021.

  5. Critical perspectives on provable security: Fifteen years of "Another Look" papers
    (with N. Koblitz)
    Advances in Mathematics of Communications, 13 (2019), 517-558.
    Updated paper.

  6. On the cost of computing isogenies between supersingular elliptic curves
    (with G. Adj, D. Cervantes-Vazquez, J. Chi-Dominguez and F. Rodriguez-Henriquez)
    SAC 2018, Lecture Notes in Computer Science, 11349 (2019), 322-343.
    Preprint.

  7. On the security of the WOTS-PRF signature scheme
    (with P. Lafrance)
    Advances in Mathematics of Communications, 13 (2019), 185-193.
    Preprint.

  8. On isogeny graphs of supersingular elliptic curves over finite fields
    (with G. Adj and O. Ahmadi)
    Finite Fields and Their Applications, 55 (2019), 267-283.
    Preprint.

  9. Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields
    (with G. Adj, I. Canales-Martinez, N. Cruz-Cortes, T. Oliveira, L. Rivera-Zamarripa and F. Rodriguez-Henriquez)
    Advances in Mathematics of Communications, 12 (2018), 741-759.
    Preprint.

  10. Coding Theory
    (with P. van Oorschot, D. Joyner and T. Shaska)
    chapter in Handbook of Discrete and Combinatorial Mathematics, second edition, CRC Press, 2018, pages 1023-1067.

  11. Cryptographers prepare for a possible post-quantum future
    (with N. Koblitz)
    CMS Notes, Vol. 49, No. 5 (2017), 16-17.

  12. Another look at tightness II: practical issues in cryptography
    (with S. Chatterjee, N. Koblitz and P. Sarkar)
    Mycrypt 2016, Lecture Notes in Computer Science, 10311 (2017), 21-55.
    Preprint.

  13. Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography
    (with P. Sarkar and S. Singh)
    Mycrypt 2016, Lecture Notes in Computer Science, 10311 (2017), 83-108.
    Preprint.

  14. On instantiating pairing-based protocols with elliptic curves of embedding degree one
    (with S. Chatterjee and F. Rodriguez-Henriquez)
    IEEE Transactions on Computers, 66 (2017), 1061-1070.
    Preprint.

  15. A riddle wrapped in an enigma
    (with N. Koblitz)
    IEEE Security & Privacy, 14 (2016), 34-42.
    Preprint.

  16. Cryptocash, cryptocurrencies, and cryptocontracts
    (with N. Koblitz)
    Designs, Codes and Cryptography, 78 (2016), 87-102.
    Preprint:   cryptocash.pdf

  17. Type 2 structure-preserving signature schemes revisited
    (with S. Chatterjee)
    ASIACRYPT 2015, Lecture Notes in Computer Science, 9452 (2015), 286-310.
    Preprint.

  18. The random oracle model: A twenty-year retrospective
    (with N. Koblitz)
    Designs, Codes and Cryptography, 77 (2015), 587-610.
    Preprint.

  19. Special Issue on Cryptography, Codes, Designs and Finite Fields: In Memory of Scott A. Vanstone
    (edited with I. Blake and D. Stinson)
    Designs, Codes and Cryptography, 77 (2-3), 2015.

  20. Fault attacks on pairing-based protocols revisited
    (with S. Chatterjee and K. Karabina)
    IEEE Transactions on Computers, 64 (2015), 1707-1714.
    Preprint

  21. Progress in Cryptology - LATINCRYPT 2014
    (edited with D. Aranha)
    Lecture Notes in Computer Science, 8895, Springer-Verlag, 2015.

  22. Computing discrete logarithms in F36 • 137 and F36 • 163 using Magma
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    WAIFI 2014, Lecture Notes in Computer Science, 9061 (2015), 3-22.
    Preprint.

  23. Weakness of F36 • 1429 and F24 • 3041 for discrete logarithm cryptography
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    Finite Fields and Their Applications, 32 (2015), 148-170.
    Preprint.

  24. Another look at security theorems for 1-key nested MACs
    (with N. Koblitz)
    C.K. Koc (ed.), Open Problems in Mathematics and Computational Science, Springer 2014, 69-89.
    Preprint.

  25. Weakness of F36 • 509 for discrete logarithm cryptography
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    Pairing-Based Cryptography -- Pairing 2013, Lecture Notes in Computer Science, 8365 (2014), 20-44.
    Preprint.

  26. Another look at non-uniformity
    (with N. Koblitz)
    Groups Complexity Cryptology, 5 (2013), 117-139.
    Preprint.

  27. Another look at HMAC
    (with N. Koblitz)
    Journal of Mathematical Cryptology, 7 (2013), 225-251.
    Preprint.

  28. Introduction to Cryptography
    Section 16.1 of Handbook of Finite Fields, edited by G. Mullen and D. Panario, Chapman & Hall/CRC, 2013

  29. Implementing pairings at the 192-bit security level
    (with D. Aranha, L. Fuentes-Castaneda, E. Knapp and F. Rodriguez-Henriquez)
    Pairing-Based Cryptography -- Pairing 2012, Lecture Notes in Computer Science, 7708 (2013), 177-195.
    Preprint.

  30. Generalizations of Verheul's theorem to asymmetric pairings
    (with K. Karabina and E. Knapp)
    Advances in Mathematics of Communications, 7 (2013), 103-111.
    Preprint:   verheul.pdf

  31. Another look at security definitions
    (with N. Koblitz)
    Advances in Mathematics of Communications, 7 (2013), 1-38.
    Preprint.

  32. Another look at tightness
    (with S. Chatterjee and P. Sarkar)
    Proceedings of SAC 2011, Lecture Notes in Computer Science, 7118 (2012), 293-319.
    Preprint.

  33. Parallelizing the Weil and Tate pairings
    (with D. Aranha, E. Knapp and F. Rodriguez-Henriquez)
    Cryptography and Coding 2011, Lecture Notes in Computer Science, 7089 (2011), 275-295.

  34. Discrete logarithms, Diffie-Hellman, and reductions
    (with N. Koblitz and I. Shparlinski)
    Vietnam Journal of Mathematics, 39 (2011), 267-285.

  35. A generic variant of NIST's KAS2 key agreement protocol
    (with S. Chatterjee and B. Ustaoglu)
    Proceedings of ACISP 2011, Lecture Notes in Computer Science, 6812 (2011), 353-370.
    Full version:   kas2.pdf

  36. Elliptic curve cryptography: The serpentine course of a paradigm shift
    (with A. Hibner Koblitz and N. Koblitz)
    Journal of Number Theory, 131 (2011), 781-814.
    Preprint.

  37. On cryptographic protocols employing asymmetric pairings - The role of Ψ revisited
    (with S. Chatterjee)
    Discrete Applied Mathematics, 159 (2011), 1311-1322.
    Preprint.

  38. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography and Security (second edition), edited by H. van Tilborg and S. Jajodia, Springer-Verlag, 2011.

  39. On reusing ephemeral public keys in Diffie-Hellman key agreement protocols   ephemeral.pdf
    (with B. Ustaoglu)
    International Journal of Applied Cryptography, 2 (2010), 154-158.

  40. Combined security analysis of the one- and three-pass unified model key agreement protocols
    (with S. Chatterjee and B. Ustaoglu)
    Indocrypt 2010, Lecture Notes in Computer Science, 6498 (2010), 49-68.

  41. On the efficiency and security of pairing-based protocols in the Type 1 and Type 4 settings
    (with S. Chatterjee and D. Hankerson)
    WAIFI 2010, Lecture Notes in Computer Science, 6087 (2010), 114-134.
    Full version.

  42. On the asymptotic effectiveness of Weil descent attacks   weildescent.pdf
    (with K. Karabina, C. Pomerance and I. Shparlinski)
    Journal of Mathematical Cryptology, 4 (2010), 175-191.

  43. Intractable problems in cryptography   dlog.pdf
    (with N. Koblitz)
    Revised version of a paper that appeared in Finite Fields: Theory and Applications, Contemporary Mathematics, 518 (2010), 279-300.
    See also The brave new world of bodacious assumptions in cryptography
    Notices of the AMS, 57 (2010), 357-365.

  44. Comparing two pairing-based aggregate signature schemes
    (with S. Chatterjee, D. Hankerson and E. Knapp)
    Designs, Codes and Cryptography, 55 (2010), 141-167.
    Preprint.

  45. Reusing static keys in key agreement protocols
    (with S. Chatterjee and B. Ustaoglu)
    Indocrypt 2009, Lecture Notes in Computer Science, 5922 (2009), 39-56.
    Full version:   static.pdf

  46. A new protocol for the nearby friend problem
    (with S. Chatterjee and K. Karabina)
    Cryptography and Coding 2009, Lecture Notes in Computer Science, 5921 (2009), 236-251.

  47. Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields
    (with D. Hankerson and K. Karabina)
    IEEE Transactions on Computers, 58 (2009), 1411-1420.
    Preprint.

  48. An introduction to pairing-based cryptography   pairings.pdf
    Recent Trends in Cryptography, edited by I. Luengo, volume 477 of Contemporary Mathematics, AMS-RSME, 2009, 47-65.

  49. Comparing the pre- and post-specified peer models for key agreement   prepost.pdf
    (with B. Ustaoglu)
    International Journal of Applied Cryptography, 1 (2009), 236-250.
    An earlier version appeared in Proceedings of ACISP 2008, Lecture Notes in Computer Science, 5107 (2008), 53-68.

  50. Software implementation of pairings   pairings_software.pdf
    (with D. Hankerson and M. Scott)
    Identity-Based Cryptography, edited by M. Joye and G. Neven, IOS Press, 2008, 188-206.

  51. Another look at non-standard discrete log and Diffie-Hellman problems
    (with N. Koblitz)
    Journal of Mathematical Cryptology, 4 (2008), 311-326.
    Preprint.

  52. Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard   um.pdf
    (with B. Ustaoglu)
    Proceedings of ASIACCS '08, ACM Press, 261-270.

  53. Software implementation of arithmetic in F3m
    (with O. Ahmadi and D. Hankerson)
    Proceedings of WAIFI 2007, Lecture Notes in Computer Science, 4547 (2007), 85-102.

  54. Advances in Cryptology - CRYPTO 2007 (edited volume)
    Lecture Notes in Computer Science, 4622, Springer-Verlag, 2007.

  55. Formulas for cube roots in F3m
    (with O. Ahmadi and D. Hankerson)
    Discrete Applied Mathematics, 155 (2007), 260-270.

  56. Irreducible polynomials of maximum weight   weightn.pdf
    (with O. Ahmadi)
    Utilitas Mathematica, 72 (2007), 111-123.

  57. Another look at HMQV
    Journal of Mathematical Cryptology, 1 (2007), 47-64.
    Preprint.

  58. Another look at generic groups
    (with N. Koblitz)
    Advances in Mathematics of Communications, 1 (2007), 13-28.
    Preprint.

  59. Another look at "provable security"
    (with N. Koblitz)
    Journal of Cryptology, 20 (2007), 3-37.
    Preprint.

  60. Another look at "provable security". II
    (with N. Koblitz)
    Progress in Cryptology - Indocrypt 2006, Lecture Notes in Computer Science, 4329 (2006), 148-175.
    Spanish translation by Francisco Rodriguez-Henriquez.
    Preprint.

  61. On the importance of public-key validation in the MQV and HMQV key agreement protocols
    (with B. Ustaoglu)
    Progress in Cryptology - Indocrypt 2006, Lecture Notes in Computer Science, 4329 (2006), 133-147.

  62. Software multiplication using Gaussian normal bases
    (with R. Dahab, D. Hankerson, F. Hu, M. Long and J. López)
    IEEE Transactions on Computers, 55 (2006), 974-984.

  63. Cryptographic implications of Hess' generalized GHS attack
    (with E. Teske)
    Applicable Algebra in Engineering, Communication and Computing, 16 (2006), 439-460.
    Preprint.

  64. On the number of trace-one elements in polynomial bases for GF(2 n)
    (with O. Ahmadi)
    Designs, Codes and Cryptography, 37 (2005), 493-507.

  65. Pairing-based cryptography at high security levels
    (with N. Koblitz)
    Cryptography and Coding 2005, Lecture Notes in Computer Science, 3796 (2005), 13-36.
    Preprint.

  66. Algebraic curves and cryptography
    (with S. Galbraith)
    Finite Fields and Their Applications, 11 (2005), 544-577.

  67. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography and Security, edited by Henk van Tilborg, Springer-Verlag, 2005.

  68. Topics in Cryptology - CT-RSA 2005 (edited volume)
    Lecture Notes in Computer Science, 3376, Springer-Verlag, 2005.

  69. A survey of public-key cryptosystems   publickey.pdf
    (with N. Koblitz)
    SIAM Review, 46 (2004), 599-634.

  70. Security of signature schemes in a multi-user setting
    (with N. Smart)
    Designs, Codes and Cryptography, 33 (2004), 261-274.

  71. Hyperelliptic curves and cryptography   hcc.pdf
    (with M. Jacobson and A. Stein)
    High Primes and Misdemeanours: Lectures in Honour of the 60th Birthday of Hugh Cowie Williams,
    Fields Institute Communications Series, 41 (2004), 255-282.

  72. Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman problem
    (with N. Koblitz)
    Mathematics of Computation, 73 (2004), 2027-2041.

  73. Field inversion and point halving revisited
    (with K. Fong, D. Hankerson and J. López)
    IEEE Transactions on Computers, 53 (2004), 1047-1059.

  74. Weak fields for ECC
    (with E. Teske and A. Weng)
    Topics in Cryptology - CT-RSA 2004, Lecture Notes in Computer Science, 2964 (2004), 366-386.
    Preprint.

  75. Guide to Elliptic Curve Cryptography
    (with D. Hankerson and S. Vanstone)
    Springer, 2004.

  76. An efficient protocol for authenticated key agreement
    (with L. Law, M. Qu, J. Solinas and S. Vanstone)
    Designs, Codes and Cryptography, 28 (2003), 119-134.

  77. Validation of elliptic curve public keys
    (with A. Antipa, D. Brown, R. Struik and S. Vanstone)
    Proceedings of PKC 2003, Lecture Notes in Computer Science, 2567 (2003), 211-223.

  78. A small subgroup attack on a key agreement protocol of Arazi   arazi.pdf
    (with D. Brown)
    Bulletin of the ICA, 37 (2003), 45-50.

  79. Progress in Cryptology - INDOCRYPT 2002
    (edited with P. Sarkar)
    Lecture Notes in Computer Science, 2551, Springer-Verlag, 2002.

  80. Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree
    (with M. Maurer and E. Teske)
    LMS Journal of Computation and Mathematics, 5 (2002), 127-174
    An earlier version appeared in Proceedings of Indocrypt 2001, Lecture Notes in Computer Science, 2247 (2001), 195-213.
    Preprint.

  81. Isomorphism classes of genus-2 hyperelliptic curves over finite fields
    (with L. Encinas and J. Masque)
    Applicable Algebra in Engineering, Communication and Computing, 13 (2002), 57-65.

  82. Solving elliptic curve discrete logarithm problems using Weil descent 
    (with M. Jacobson and A. Stein)
    Journal of the Ramanujan Mathematical Society, 16 (2001), 231-260.

  83. The elliptic curve digital signature algorithm (ECDSA)
    (with D. Johnson and S. Vanstone)
    International Journal on Information Security, 1 (2001), 36-63.

  84. Software implementation of the NIST elliptic curves over prime fields
    (with M. Brown, D. Hankerson and J. Hernandez)
    Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, 2020 (2001), 250-265.

  85. Analysis of the Weil descent attack of Gaudry, Hess and Smart
    (with M. Qu)
    Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, 2020 (2001), 308-318.

  86. Software implementation of elliptic curve cryptography over binary fields
    (with D. Hankerson and J. Hernandez)
    Proceedings of CHES 2000, Lecture Notes in Computer Science, 1965 (2000), 1-24.

  87. PGP in constrained wireless devices   pager.pdf
    (with M. Brown, D. Cheung, D. Hankerson, J. Hernandez and M. Kirkup)
    Proceedings of the 9th USENIX Security Symposium, 2000, 247-261.

  88. The state of elliptic curve cryptography
    (with N. Koblitz and S. Vanstone)
    Designs, Codes and Cryptography, 19 (2000), 173-193.

  89. Coding Theory and Cryptology
    (with P. van Oorschot)
    chapter in Handbook of Discrete and Combinatorial Mathematics, CRC Press, 1999, pages 889-954.

  90. Authenticated Diffie-Hellman key agreement protocols
    (with S. Blake-Wilson)
    Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC '98), Lecture Notes in Computer Science, 1556 (1999), 339-361.

  91. Unknown key-share attacks on the station-to-station (STS) protocol
    (with S. Blake-Wilson)
    Proceedings of PKC '99, Lecture Notes in Computer Science, 1560 (1999), 154-170.

  92. Entity authentication and authenticated key transport protocols employing asymmetric techniques
    (with S. Blake-Wilson)
    Proceedings of the 5th International Workshop on Security Protocols, Lecture Notes in Computer Science, 1361 (1998), 137-158.

  93. The discrete logarithm problem in GL(n,q)   glnq.pdf
    (with Yi-Hong Wu)
    Ars Combinatoria, 47 (1998), 23-32.

  94. An elementary introduction to hyperelliptic curves   hyperelliptic.pdf
    (with Yi-Hong Wu and R. Zuccherato)
    appendix in Algebraic Aspects of Cryptography by Neal Koblitz, Springer-Verlag, 1998, pages 155-178.

  95. Key agreement protocols and their security analysis
    (with D. Johnson and S. Blake-Wilson)
    Proceedings of the Sixth IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science, 1355 (1997), 30-45.
    Full version   agreement.pdf

  96. Handbook of Applied Cryptography
    (with P. van Oorschot and S. Vanstone)
    CRC Press, 1997.

  97. Elliptic curves and cryptography
    (with A. Jurisic)
    Dr. Dobb's Journal, April 1997, 23-36.

  98. Some new key agreement protocols providing mutual implicit authentication
    (with M. Qu and S. Vanstone)
    Workshop on Selected Areas in Cryptography (SAC '95), 22-32, 1995.

  99. Elliptic curve cryptosystems
    CryptoBytes - The Technical Newsletter of RSA Laboratories, Volume 1, Number 2, Summer 1995, 1-4.

  100. Elliptic Curve Public Key Cryptosystems
    Kluwer Academic Publishers, 1993.

  101. Reducing elliptic curve logarithms to logarithms in a finite field
    (with T. Okamoto and S. Vanstone)
    IEEE Transactions on Information Theory, 39 (1993), 1639-1646.

  102. Elliptic curve cryptosystems and their implementation
    (with S. Vanstone)
    Journal of Cryptology, 6 (1993), 209-224

  103. Public-key cryptosystems with very small key lengths
    (with G. Harper and S. Vanstone)
    Advances in Cryptology - EUROCRYPT '92, Lecture Notes in Computer Science, 658 (1993), 163-173.

  104. Counting points on elliptic curves over F2m
    (with S. Vanstone and R. Zuccherato)
    Mathematics of Computation, 60 (1993), 407-420.

  105. Applications of Finite Fields
    (with I. Blake, S. Gao, R. Mullin, S. Vanstone and T. Yaghoobian)
    Kluwer Academic Publishers, 1992.

  106. Subgroup refinement algorithms for root finding in GF(q)
    (with P. van Oorschot and S. Vanstone)
    SIAM Journal on Computing, 21 (1992), 228-239.

  107. A note on cyclic groups, finite fields, and the discrete logarithm problem
    (with S. Vanstone)
    Applicable Algebra in Engineering, Communication and Computing, 3 (1992), 67-74.

  108. Advances in Cryptology - Proceedings of CRYPTO '90
    (edited with S. Vanstone)
    Lecture Notes in Computer Science, 537, Springer-Verlag, 1991.

  109. The implementation of elliptic curve cryptosystems
    (with S. Vanstone)
    Advances in Cryptology - AUSCRYPT '90, Lecture Notes in Computer Science, 453 (1990), 2-13.

  110. Isomorphism classes of elliptic curves over finite fields of characteristic 2
    (with S. Vanstone)
    Utilitas Mathematica, 38 (1990), 135-154.

  111. On the number of self-dual bases of GF(qm) over GF(q)
    (with D. Jungnickel and S. Vanstone)
    Proceedings of the American Mathematics Society, 109 (1990), 23-29.

  112. Some computational aspects of root finding in GF(qm)
    (with S. Vanstone and P. van Oorschot)
    Symbolic and Algebraic Computation, Lecture Notes in Computer Science, 358 (1989), 259-270.