Understanding the Efficacy of Security Training in Practice, , Proceedings of the IEEE Symposium on Security and Privacy, May 2025.
On the Semidirect Discrete Logarithm Problem in Finite Groups, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption, , IACR Journal of Cryptology 37(4), December 2024.
Succinctly-Committing Authenticated Encryption, , Proceedings of Crypto 2024, Santa Barbara, CA, August 2024.
Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, , Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.
RADIUS/UDP Considered Harmful, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, , Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.
Experimental Security Analysis of Sensitive Data Access by Browser Extensions, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
Unfiltered: Measuring Cloud-based Email Filtering Bypasses, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
PressProtect: Helping Journalists Navigate Social Media in the Face of Online Harassment, , Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2024.
Watch Your Language: Investigating Content Moderation with Large Language Models, , Proceedings of the international AAAI conference on Web and social media, june 2024.
Specious sites: Tracking the spread and sway of spurious news stories at scale, , Proceedings of the IEEE Symposium on Security and Privacy, May 2024.
Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, , Proceedings of the IEEE Symposium on Security and Privacy, May 2024.
On the Possibility of a Backdoor in the Micali-Schnorr Generator, , Proceedings of PKC 2024, May 2024.
Survey: Recovering cryptographic keys from partial information, by example., , IACR Communications in Cryptology 1(1), April 2024.
Network Topology Facilitates Internet Traffic Control in Autocracies, , pnasnex 3(3), March 2024.
Architecting Trigger-Action Platforms for Security, Performance and Functionality, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.
On Precisely Detecting Censorship Circumvention in Real-World Networks, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.
Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.
Scalable Metadata-Hiding for Privacy Preserving IoT Systems, , Proceedings on Privacy Enhanding Technologies Symposium, Bristol, UK, July 2024.
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles, , Proceedings of the USENIX WOOT Conference on Offensive Technologies (WOOT), Philadelphia, PA, August 2024.
Stateful Least Privilege Authorization for the Cloud, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
An Empirical Analysis of Enterprise-Wide Mandatory Password Updates, , Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.
IRRegularities in the Internet Routing Registry, , Proceedings of the ACM Internet Measurement Conference (IMC), Montreal, Canada, October 2023.
Fast Practical Lattice Reduction through Iterated Compression, , Proceedings of Crypto 2023, Santa Barbara, CA, August 2023. (Best paper award).
When Messages are Keys: Is HMAC a Dual-PRF?, , Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.
Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL, , Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.
Error Correction and Ciphertext Quantization in Lattice Cryptography, , Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.
Do users write more insecure code with ai assistants?, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Cophenhagen, Denmark, November 2023.
Happenstance: utilizing semantic search to track Russian state media narratives about the Russo-Ukrainian war on Reddit, , Proceedings of the international AAAI conference on Web and social media, june 2023.
Hate raids on twitch: Echoes of the past, new modalities, and implications for platform governance, , Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2023.
A Golden Age: Conspiracy theories’ relationship with misinformation outlets, news media, and the wider internet, arXiv. doi: 10.48550, , Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2023.
Understanding the behaviors of toxic accounts on reddit, , Proceedings of the Web Conference (WWW), Austin, May 2023.
" A Special Operation": A Quantitative Approach to Dissecting and Comparing Different Media Ecosystems’ Coverage of the Russo-Ukrainian War, , Proceedings of the international AAAI conference on Web and social media, june 2023.
Access Denied: Assessing Physical Risks to Internet Access Networks, , Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.
Improving Logging to Reduce Permission Over-Granting Mistakes, , Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.
HECO: Fully Homomorphic Encryption Compiler, , Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.
MultiView: Finding Blind Spotsin Access-Deny Issues, , Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.
Understanding the Viability of Gmail’s Origin Indicator for Identifying the Sender, , Proceedings of the Sympsoium on Useable Privacy and Security, Anaheim, CA, August 2023.
In the Line of Fire: Risks of DPI-triggered Data Collection, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Marina del Rey, CA, August 2023.
No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps, , Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.
CERTainty: Detecting DNS Manipulation at Scale using TLS Certificates, , Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy, , Proceedings of the IEEE European Symposium on Security and Privacy, Delft, The Netherlands, July 2023. (Best paper award).
WaVe: a Verifiably Secure WebAssembly Sandboxing Runtime, , Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).
Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution, , Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).
MEGA: Malleable Encryption Goes Awry, , Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).
The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications, , Proceedings of PKC 2023, April 2023. (Best Paper Award).
Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA, , Proceedings of PKC 2023, April 2023.
Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, , JAMA Network Open 6(5):e2312270-e2312270, 2023.
Efficient FHEW Bootstrapping with Small Evaluation Keys, and Applications to Threshold Homomorphic Encryption, , Proceedings of Eurocrypt 2023, Lyon, France, April 2023.
Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks, , The Cryptographers' Track at the RSA Conference 2023, San Francisco, April 2023.
Turn on, Tune in, Listen up: Maximizing Side-Channel Recovery in Time-to-Digital Converters, , Proceedings of the International Symposiuym on Field-Programable Gate Arrays, MOnterey, CA, February 2023.
TagAlong: Free, Wide-Area Data-Muling and Services, , Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.
Going Beyond the Limits of SFI: Flexible Hardware-Assisted In-Process Isolation with HFI, , Proceedings of the 28th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Vancouver, Canada, March 2023. (Distinguished Paper Award).
MSWasm: Soundly Enforcing Memory-Safe Execution of Unsafe Code, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Boston, MA, January 2023.
Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86, , Proceedings of the Workshop on Programming Languages and Analyusis for Security (PLAS), 2022.
The Challenges of Blockchain-based Naming Systems for Malware Defenders, , Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), November 2022. (Best Student Paper).
Toppling top lists: Evaluating the accuracy of popular website lists, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
Retroactive Identification of Targeted DNS Infrastructure Hijacking, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
Measuring UID Smuggling in the Wild, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
Stop, DROP, and ROA: Effectiveness of Defenses through the lens of DROP, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
Mind Your MANRS: Measuring the MANRS Ecosystem, , Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security, , Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Chicago, IL, October 2022.
Measuring Security Practices, , Communications of the Association for Computing Machinery 65(9):93-102, September 2022.
On the infrastructure providers that support misinformation websites, , Proceedings of the international AAAI conference on Web and social media, june 2022.
No calm in the storm: investigating QAnon website relationships, , Proceedings of the international AAAI conference on Web and social media, june 2022.
Open to a fault: On the passive compromise of TLS keys via transient errors, , Proceedings of the USENIX Security Symposium, Boston, MA, August 2022.
Better than Advertised Security for Non-Interactive Threshold Signatures, , Proceedings of Crypto 2022, Santa Barbara, CA, August 2022.
Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites, , Proceedings on Privacy Enhancing Technologies Symposium, Sydney, Australia, July 2022.
Domain Name Lifetimes: Baseline and Threats, , Proceedings of Network Traffic Measurement and Analysis Conference (TMA), June 2022.
Efficient Schemes for Committing Authenticated Encryption, , Proceedings of Eurocrypt 2022, Trondheim, Norway, May 2022.
Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices, , Proceedings of the IEEE Symposium on Security and Privacy, May 2022.
SoK: Practical Foundations for Software Spectre Defenses, , Proceedings of the IEEE Symposium on Security and Privacy, May 2022.
Quantifying Nations' Exposure to Traffic Observation and Selective Tampering, , Proceedings of the Passive and Active Measurement Conference (PAM), Virtual, March 2022.
Isolation Without Taxation: Near Zero Cost Transitions for WebAssembly and SFI, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Philadelphia, PA, January 2022.
Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).
Chain Reductions for Multi-Signatures and the HBMS Scheme, , Proceedings of Asiacrypt 2021, Virtual, December 2021.
Measuring DNS-over-HTTPS Performance around the World, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.
Risky BIZness: Risks Derived from Registrar Name Management, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021. (IRTF Applied Networking Research Prize).
Who’s Got Your Mail? Characterizing Mail Service Provider Usage, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.
Home is Where the Hijacking is: Understanding DNS Interception by Residential Routers, , Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.
Solver-Aided Constant-Time Hardware Verification, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
SugarCoat: Programmatically generating privacy-Preserving, Web-compatible resource replacements for content blocking, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
On Bounded Distance Decoding with Predicate: Breaking the "Lattice Barrier" for the Hidden Number Problem, , Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.
On the Security of Homomorphic Encryption on Approximate Numbers, , Proceedings of Eurocrypt 2021, Zagreb, Croatia, October 2021.
Hopper: Modeling and Detecting Lateral Movement, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Designing toxic content classification for a diversity of perspectives, , Proceedings of the Sympsoium on Useable Privacy and Security, August 2021.
Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Swivel: Hardening WebAssembly against Spectre, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Jetset: Targeted Firmware Rehosting for Embedded Systems, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
Can Systems Explain Permissions Better? Understanding Users' Misperceptions under Smartphone Runtime Permission Model, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.
STORM: Refinement Types for Secure Web Applications, , Proceedings of the 15th USENIX Symposium on Operating System Design and Implementation (OSDI), Virtual, July 2021.
Scooter & Sidecar: A Domain-Specific Approach to Writing Secure Database Migrations, , Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), Virtual, June 2021.
CoResident Evil: Covert Communications in the Cloud with Lambdas, , Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, arp 2021.
SoK: Hate, harassment, and the changing landscape of online abuse, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.
High-Assurance Cryptography in the Spectre Era, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.
Diogenes: Lightweight Scalable RSA Modulus Generation with a Dishonest Majority, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2021.
Clairvoyance: Inferring Blocklist Use on the Internet, , Proceedings of the Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021.
Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.
Automatically Eliminating Speculative Leaks from CryptograpHic Code with Blade, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Internet, January 2021. (Distinguished paper).
Simpler Statistically Sender Private Oblivious Transfer from Ideals of Cyclotomic Integers, , Proceedings of Asiacrypt 2020, Virtual, December 2020.
Incremental Cryptography Revisited: RPFs, Nonces and Modular Design, , Proceedings of Indocrypt, Bangalore, India, December 2020.
The Multi-Base Discrete Logarithm Problem: Tight Reductions and Non-Rewinding Proofs for Schnorr Identification and Signatures Incremental Cryptography Revisited: RPFs, Nonces and Modular Design, , Proceedings of Indocrypt, Bangalore, India, December 2020.
Dual-Mode NIZKs: Possibility and Impossibility Results for Property Transfer, , Proceedings of Indocrypt, Bangalore, India, December 2020.
The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing, , USENIX ;login: 45(5), December 2020.
Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, , Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020.
Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, , Proceedings of the ACM Internet Measurement Conference, Pittsburgh, Pennsylvania (via the Internet), October 2020. (IRTF Applied Networking Research Prize).
Comparing the Difficulty of Factorization and Discrete Logarithm: A 240-Digit Experiment, , Proceedings of Crypto 2020, Santa Barbara, CA, August 2020.
Liquid Information Flow Control, , Proceedings of International Conference on Functional Programming, August 2020. (Distinguished paper).
Measuring identity confusion with uniform resource locators, , Proceedings of the ACM CHI Conference on Human Factors in Computing Systems, May 2020.
TPM-FAIL: TPM meets Timing and Lattice Attacks, , Proceedings of the USENIX Security Symposium, August 2020.
CopyCat: Controlled Instruction-Level Attacks on Enclaves, , Proceedings of the USENIX Security Symposium, August 2020.
Sys: a Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code, , Proceedings of the USENIX Security Symposium, August 2020.
Retrofitting Fine Grain Isolation in the Firefox Renderer, , Proceedings of the USENIX Security Symposium, August 2020. (Distinguished paper and first place at CSAW 2020.).
Exploring Connections Between Active Learning and Model Extraction, , Proceedings of the USENIX Security Symposium, August 2020.
Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements, , Privacy Enhancing Technologies Symposium, Virtual, July 2020.
Towards a verified range analysis for JavaScript JITs, , Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020.
Constant-time foundations for the new Spectre era, , Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020. (Intel HSAA finalist.).
Understanding Memory and Thread Safety Practices and Issues in Real-World Rust Programs, , Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), June 2020. (The first two authors contributed equally.).
Properties of constacyclic codes under the Schur product, , Designs, Codes, and Cryptography 88(6), June 2020.
Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography, , Proceedings of PKC 2020, June 2020.
Pseudorandom Black Swans: Cache Attacks on CTRDRBG, , Proceedings of the IEEE Symposium on Security and Privacy, May 2020.
Packet Chasing: Spying on Network Packets over a Cache Side-Channel, , Proceedings of ACM/IEEE Annual International Symposium on Computer Architecture, ISCA 2020, May 2020.
Separate Your Domains: NIST PQC KEMs, Oracle Cloning and Read-Only Indifferentiability, , Proceedings of Eurocrypt 2020, Virtual, May 2020.
Security Under Message-Derived Keys: Signcryption in iMessage, , Proceedings of Eurocrypt 2020, Virtual, May 2020.
Shredder: Learning Noise Distributions to Protect Inference Privacy, , Proceedings of Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2020, April 2020.
Dark Matter: Uncovering the DarkComet RAT Ecosystem, , Proceedings of The Web Conference (WWW), Taipei, Taiwan, April 2020.
Imperfect forward secrecy: how Diffie-Hellman fails in practice, , Communications of the Association for Computing Machinery 62(1):106-114, May 2019.
The Local Forking Lemma and Its Application to Deterministic Encryption, , Proceedings of ASIACRYPT 2019, December 2019.
Homomorphic Encryption for Finite Automata, , Proceedings of ASIACRYPT 2019, 2019.
Hack for Hire, , Communications of the Association for Computing Machinery 62(12):32-37, December 2019.
Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
Towards Continuous Access Control Validation and Forensics, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
Hack for Hire: Investigating the Black Market of Retail Email Account Hacking Services, , ACM Queue: Tomorrow's Computing Today 17(4), October 2019.
Measuring Security Practices and How They Impact Security, , Proceedings of the ACM Internet Measurement Conference, Amsterdam, Netherlands, October 2019.
Nonces Are Noticed: AEAD Revisited, , Proceedings of Crypto 2019, Santa Barbara, CA, August 2019.
Triton: A Software-Reconfigurable Federated Avionics Testbed, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Santa Clara, CA, August 2019.
All things considered: An analysis of $$IoT$$ devices on home networks, , Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.
Detecting and Characterizing Lateral Phishing at Scale, , Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019. (Distinguished paper).
Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence, , Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.
IODINE: Verifying Constant-Time Execution of Hardware, , Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.
"Please Pay Inside": Evaluating Bluetooth-based Detection of Gas Pump Skimmers, , Proceedings of the USENIX Security Symposium, Santa Clara, CA, August 2019.
FaCT: A DSL for timing-sensitive computation, , Proceedings of the ACM SIGPLAN Conference onProgramming Language Design and Implementation (PLDI), Phoenix, Arizona, US, June 2019.
Position Paper: Bringing Memory Safety to WebAssembly, , Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP), June 2019.
Hack for Hire: Exploring the Emerging Market for Account Hijacking, , Proceedings of the Web Conference (WWW), San Francisco, CA, May 2019.
Code That Never Ran: Modeling Attacks on Speculative Evaluation, , Proceedings of the IEEE Symposium on Security and Privacy, May 2019.
Context-Sensitive Decoding: On-Demand Microcode Customization for Security and Energy Management, , IEEE Micro 39(3):75-83, May 2019.
Symbolic Encryption with Pseudorandom Keys, , Proceedings of Eurocrypt 2019, Darmstadt, Germany, May 2019.
Building an efficient lattice gadget toolkit: Subgaussian sampling and more, , Proceedings of Eurocrypt 2019, Darmstadt, Germany, May 2019.
Foundations for parallel information flow control runtime systems, , Proceedings of the Conference on Principles of Security and Trust (POST), April 2019.
Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization, , Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, April 2019.
Towards verified programming of embedded devices, , Proceedings of Design, Automation amp; Test in Europe Conference amp; Exhibition, March 2019.
Short Paper: The Proof is in the Pudding - Proofs of Work for Solving Discrete Logarithms, , Proceedings of FC 2019, February 2019.
Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies, , Proceedings of FC 2019, February 2019.
CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019.
From Fine- to Coarse-grained Dynamic Information Flow Control and Back, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019. (Distinguished paper).
Pretend Synchrony: Synchronous Verification of Asynchronous Distributed Programs, , Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Cascais, Portugal, January 2019.
Interactive proofs for lattice problems, , In Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. Oded Goldreich, editor. ACM, 2019.
Where did I leave my keys?: lessons from the Juniper Dual EC incident, , Communications of the Association for Computing Machinery 61(11), May 2018.
The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants, , Proceedings of the Secure IT Systems - 23rd Nordic Conference, NordSec 2018, November 2018.
On the Hardness of Learning With Errors with Binary Secrets, , Theory Comput. 14(1):1-17, November 2018.
An Empirical Analysis of the Commercial VPN Ecosystem, , Proceedings of the ACM Internet Measurement Conference, Boston, MA, October 2018.
Following Their Footsteps: Characterizing Account Automation Abuse and Defenses, , Proceedings of the ACM Internet Measurement Conference, Boston, MA, October 2018.
Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.
Practical State Recovery Attacks against Legacy RNG Implementations, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.
Towards Verified, Constant-time Floating Point Operations, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.
Browser history re:visited, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2018.
Skill squatting attacks on Amazon Alexa, , Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2018.
Erays: reverse engineering ethereum's opaque smart contracts, , Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2018.
Schrodinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem, , Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2018.
Optimal Channel Security Against Fine-Grained State Compromise: The Safety of Messaging, , Proceedings of Crypto 2018, Santa Barbara, CA, August 2018.
Asymptotically Efficient Lattice-Based Digital Signatures, , J. Cryptology 31(3):774-797, July 2018.
Ring packing and amortized FHEW bootstrapping, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Lisboa, Portugal, July 2018.
Symbolic security of garbled circuits, , IEEE Computer Security Foundations Symposium, July 2018.
Characterizing overstretched NTRU attacks, , Journal of Mathematical Cryptology 2018:110-119, June 2018.
On the bit security of cryptographic primitives, , Proceedings of Eurocrypt 2018, Tel Aviv, May 2018.
Faster Gaussian sampling for trapdoor lattices with arbitrary modulus, , Proceedings of Eurocrypt 2018, Tel Aviv, May 2018.
SoK:" Plug amp; Pray" today--understanding USB insecurity in versions 1 through C, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2018.
Tracking certificate misissuance in the wild, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2018.
Tracking Ransomware End-to-end, , Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, May 2018.
Robust Encryption, , Journal of Cryptology 31(2):307-350, April 2018.
In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild, , IEEE European Symposium on Security and Privacy, April 2018.
Public-Key Encryption Resistant to Parameter Subversion and Its Realization from Efficiently-Embeddable Groups, , Proceedings of PKC 2018, March 2018.
Equational security proofs of oblivious transfer protocols, , Proceedings of PKC 2018, March 2018.
Public-key encryption resistant to parameter subversion and its realization from efficiently-embeddable groups, , Proceedings of PKC 2018, March 2018.
Estimating Profitability of Alternative Cryptocurrencies, , Proceedings of the International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Curacao, February 2018.
Security challenges in an increasingly tangled web, , Proceedings of the International World Wide Web Conference (WWW), Perth, Australia, April 2017.
Forward-security under continual leakage, , Proceedings of Cryptology and Network Security, November 2017.
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.
Better Than Advertised: Improved Security Guarantees for MD-Based Hash Functions, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.
Defending Against Key Exfiltration: Efficiency Improvements for BIG-Key Cryptography via Large-Alphabet Subkey Prediction, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.
Identity-Based Format-Preserving Encryption, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, November 2017.
Tripwire: Inferring Internet Site Compromise, , Proceedings of the ACM Internet Measurement Conference, London, UK, November 2017.
Exploring the Dynamics of Search Advertiser Fraud, , Proceedings of the ACM Internet Measurement Conference, London, UK, November 2017.
FaCT: A Flexible, Constant-Time Programming Language, , Secure Development Conference (SecDev), September 2017.
Sliding right into disaster: Left-to-right sliding windows leak, , Proceedings of CHES 2017, Taipei Taiwan, September 2017.
Backpage and Bitcoin: Uncovering Human Traffickers, , Proceedings of the ACM SIGKDD Conference, Halifax, Nova Scotia, August 2017.
Ratcheted encryption and key exchange: The security of messaging, , Proceedings of Crypto 2017, Santa Barbara, CA, August 2017.
Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time, , Proceedings of Crypto 2017, Santa Barbara, CA, August 2017.
Understanding the mirai botnet, , Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.
Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX, , Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.
On the Effectiveness of Mitigations against Floating-Point Timing Channels, , Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.
Dead Store Elimination (Still) Considered Harmful, , Proceedings of the USENIX Security Symposium, Vancouver, BC, Canada, August 2017.
Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2017.
Post-quantum RSA, , International Workshop on Post-Quantum Cryptography, June 2017.
Hails: Protecting data privacy in untrusted web applications, , Journal Computer Security 25(4-5):427-461, June 2017.
How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles, , Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.
To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild, , Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.
Finding and Preventing Bugs in JavaScript Bindings, , Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.
How Do System Administrators Resolve Access-Denied Issues in the Real World?, , Proceedings of the 35th Annual CHI Conference on Human Factors in Computing Systems (CHI'17), Denver, CO, USA, May 2017.
A kilobit hidden SNFS discrete logarithm computation, , Proceedings of Eurocrypt 2017, Vienna, May 2017.
Pinning Down Abuse on Google Maps, , Proceedings of the International World Wide Web Conference (WWW), Perth, Australia, April 2017.
Automated Analysis of Cybercriminal Markets, , Proceedings of the International World Wide Web Conference (WWW), Perth, Australia, April 2017.
Measuring small subgroup attacks against Diffie-Hellman, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2017.
A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2017.
Flexible Dynamic Information Flow Control in the Presence of Exceptions, , Journal of Functional Programming 27, January 2017.
NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion, , Proceedings of Asiacrypt 2016, Hanoi, Vietnam, December 2016.
From Identification to Signatures, Tightly: A Framework and Generic Transforms, , Proceedings of Asiacrypt 2016, Hanoi, Vietnam, December 2016.
Simultaneous Secrecy and Reliability Amplification for a General Channel Model, , Proceedings of TCC 2016-B, Beijing, October 2016.
Compactness vs Collusion Resistance in Functional Encryption, , Proceedings of TCC 2016-B, Beijing, October 2016.
Message-Recovery Attacks on Feistel-Based Format Preserving Encryption, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016.
Superhacks: Exploring and Preventing Vulnerabilities in Browser Binding Code, , Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), Vienna, October 2016.
A Systematic Analysis of the Juniper Dual EC Incident, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Vienna, October 2016. (Best paper award and IRTF Applied Networking Research Prize).
The Multi-User Security of Authenticated Encryption: AES-GCM in TLS 1.3, , Proceedings of Crypto 2016, Santa Barbara, CA, August 2016.
Resisting Key Exfiltration: Big-Key Symmetric Encryption, , Proceedings of Crypto 2016, Santa Barbara, CA, August 2016.
You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications, , Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.
DROWN: Breaking TLS using SSLv2, , Proceedings of the USENIX Security Symposium, Austin, TX, August 2016. (Pwnie award for Best Cryptographic Attack).
On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction, , Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 2016.
Automobile Driver Fingerprinting, , Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 2016.
Creating Cryptographic Challenges Using Multi-Party Computation: The LWE Challenge, , The 3rd ACM ASIA Public-Key Cryptography Workshop (AsiaPKC 2016), Xi'an, China, May 2016.
New Negative Results on Differing-Inputs Obfuscation, , Proceedings of Eurocrypt 2016, Vienna, May 2016.
Nonce-Based Cryptography: Retaining Security when Randomness Fails, , Proceedings of Eurocrypt 2016, Vienna, May 2016.
Honey Encryption beyond Message Recovery Security, , Proceedings of Eurocrypt 2016, Vienna, May 2016.
Hash-Function based PRFs: AMAC and its Multi-User Security, , Proceedings of Eurocrypt 2016, Vienna, May 2016.
Practical, Predictable Lattice Basis Reduction, , Proceedings of Eurocrypt 2016, Vienna, May 2016.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , Communications of the Association for Computing Machinery 59(4):86-93, April 2016.
HIPStR---Heterogeneous-ISA Program State Relocation, , Proceedings of the 21th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Atlanta, GA, April 2016.
Quantifying Hardware Security Using Joint Information Flow Analysis, , Proceedings of the Conference on Design, Automation, and Test in Europe (DATE), Dresden, Germany, March 2016.
Stressing Out: Bitcoin "Stress Testing", , BITCOIN '16: The Third Workshop on Bitcoin and Blockchain Research, Christ Church, Barbados, February 2016.
Protecting C++ Dynamic Dispatch Through VTable Interleaving, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016.
Contention in Cryptoland: Obfuscation, Leakage and UCE, , Proceedings of TCC 2016-A, Tel Aviv, January 2016.
Non-Malleable Encryption: Simpler, Shorter, Stronger, , Proceedings of TCC 2016-A, Tel Aviv, January 2016.
Point-Function Obfuscation: A Framework and Generic Constructions, , Proceedings of TCC 2016-A, Tel Aviv, January 2016.
Exploring Controller Area Networks, , USENIX ;login: 40(6), December 2015.
Robust Authenticated Encryption and the Limits of Symmetric Cryptography, , Proceedings of the 15th IMA International Conference on Cryptography and Coding, Oxford, December 2015.
(De-)Constructing TLS 1.3, , Proceedings of Indocrypt 2015, Bangalore, India, December 2015.
Augmented Secure Channels and the Goal of the TLS 1.3 Record Layer, , Proceedings of the 9th International Conference on Provable Security (ProvSec), Kanazawa, Japan, November 2015.
Quantifying Timing-Based Information Flow in Cryptographic Hardware, , Proceedings of the 2015 International Conference on Computer Aided Design (ICCAD), Austin, TX, November 2015.
mperfect Forward Secrecy: How Diffie-Hellman Fails In Practice, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015. (Best Paper Award and Pwnie award for Most Innovative Research).
Security by Any Other Name: On the Effectiveness of Provider Based Email Security, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015.
Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 2015.
Affiliate Crookies: Characterizing Affiliate Marketing Abuse, , Proceedings of the ACM Internet Measurement Conference, Tokyo, Japan, October 2015.
An End-to-End Measurement of Certificate Revocation in the Web's PKI, , Proceedings of the ACM Internet Measurement Conference, Tokyo, Japan, October 2015.
Fair Distributed Computation of Reactive Functions, , Proceedings of the 29th International Symposium on Distributed Computing (DISC), Tokyo, October 2015.
PowerSpy: Location Tracking using Mobile Device Power Analysis, , Proceedings of the USENIX Security Symposium, Washington, D.C., August 2015.
Fast and Vulnerable: A Story of Telematic Failures, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015.
SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015.
How Fair is Your Protocol? A Utility-based Approach to Protocol Optimality, , 34th Annual ACM Symposium on Principles of Distributed Computing (PODC 2015), Donostia-San Sebastián, Spain, July 2015.
Framing Dependencies Introduced by Underground Commoditization, , Proceedings of the Workshop on the Economics of Information Security (WEIS), Delft, The Netherlands, June 2015.
On Subnormal Floating Point and Abnormal Timing, , Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2015.
Lattice Point Enumeration on Block Reduced Bases, , Proceedings of the 8th International Conference on Information-Theoretic Security (ICITS), Lugano, Switzerland, May 2015.
Query-Complexity Amplification for Random Oracles, , Proceedings of the 8th International Conference on Information-Theoretic Security (ICITS), Lugano, Switzerland, May 2015.
Analyis of a ``/0'' Stealth Scan from a Botnet, , IEEE/ACM Transactions on Networking 23(2), April 2015.
FHEW: Bootstrapping in less than a Second, , Proceedings of Eurocrypt 2015, Sofia, Bulgaria, April 2015.
Resisting randomness subversion: Fast deterministic and hedged public-key encryption in the standard model, , Proceedings of Eurocrypt 2015, Sofia, Bulgaria, April 2015.
How Secure is Deterministic Encryption?, , Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.
Adaptive Witness Encryption and Asymmetric Password-Based Cryptography, , Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.
Interactive Message-Locked Encryption and Secure Deduplication, , Proceedings of PKC 2015, Gaithersburg, Maryland, March 2015.
From Single-Bit to Multi-Bit Public-Key Encryption via Non-Malleable Codes, , Proceedings of TCC 2015, Warsaw, Poland, March 2015.
Too LeJIT to Quit: Extending JIT Spraying to ARM, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2015.
Fast Lattice Point Enumeration with Minimal Overhead, , ACM-SIAM Symposium on Discrete Algorithms, San Diego, January 2015.
Subtleties in the Definition of IND-CCA: When and How Should Challenge Decryption Be Disallowed?, , IACR Journal of Cryptology 28(1):29-48, January 2015.
Analysis of Country-wide Internet Outages Caused by Censorship, , , December 2014.
Efficient Identity-Based Encryption over NTRU Lattices, , Proceedings of Asiacrypt 2014, Kaohsiung, Taiwan, December 2014.
Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation, , Proceedings of Asiacrypt 2014, Kaohsiung, Taiwan, December 2014.
Leveraging Gate-Level Properties to Identify Hardware Timing Channels, , ACM Transactions on Design Automation of Electronic Systems (TODAES) 20(1), November 2014.
Characterizing Large-Scale Click Fraud in ZeroAccess, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
On The Security of Mobile Cockpit Information Systems, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
Deniable Liaisons, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
Algebraic MACs and Keyed-Verification Anonymous Credentials, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
RevCast: Fast, Private Certificate Revocation over FM Radio, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
Search + Seizure: The Effectiveness of Interventions on SEO Campaigns, , Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.
Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild, , Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.
Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed, , Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014.
A Characterization of Chameleon Hash Functions and New, Efficient Designs, , IACR Journal of Cryptology 27(4):799-823, October 2014.
Leveraging Gate-Level Properties to Identify Hardware Timing Channels, , IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) 33(9):1288-1301, September 2014.
Enhanced Lattice-Based Signatures on Reconfigurable Hardware, , Proceedings of CHES 2014, Busan, Korea, September 2014.
On the Practical Exploitability of Dual-EC in TLS Implementations, , Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.
Hulk: Eliciting Malicious Behavior in Browser Extensions, , Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.
Security Analysis of a Full-Body Scanner, , Proceedings of the USENIX Security Symposium, San Diego, CA, August 2014.
Mouse Trap: Exploiting Firmware Updates in USB Peripherals, , Proceedings of Workshop On Offensive Technologies (WOOT), August 2014.
Knock It Off: Profiling the Online Storefronts of Counterfeit Merchandise, , Proceedings of the ACM SIGKDD Conference, Washington D.C., August 2014.
Security of Symmetric Encryption against Mass Surveillance, , Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.
Cryptography from Compression Functions: The UCE Bridge to the ROM, , Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.
Improved Short Lattice Sigantures in the Standard Model, , Proceedings of Crypto 2014, Santa Barbara, CA, August 2014.
Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting, , Proceedings of the Workshop on the Economics of Information Security (WEIS), State College, PA, June 2014.
Locally Dense Codes, , 29th Annual IEEE Conference on Computational Complexity (CCC 2014), Vancouver, BC, Canada, June 2014.
Automating formal proofs for reactive systems, , Proceedings of the ACM SIGPLAN 2014 Conference on Programming Language Design and Implementation (PLDI), Edinburgh, United Kingdom, June 2014.
Key-Versatile Signatures and Applications: RKA, KDM, and Joint Enc/Sig, , Proceedings of Eurocrypt 2014, Copenhagen, Denmark, May 2014.
Deja Q: Using Dual Systems to Revisit q-Type Assumptions, , Proceedings of Eurocrypt 2014, Copenhagen, Denmark, May 2014.
A Gaussian Latent Variable Model for Large Margin Classification of Labeled and Unlabeled Data, , Proceedings of the 17th International Conference on Artificial Intelligence and Statistics (AISTATS), Reykjavik, Iceland, April 2014.
XXXtortion? Inferring Registration Intent in the .XXX TLD, , Proceedings of the International World Wide Web Conference (WWW), Seoul, Korea, April 2014.
Policy-Based Signatures, , Proceedings of PKC 2014, Buenos Aires, Argentina, March 2014.
Sapper: A Language for Hardware-Level Security Policy Enforcement, , Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Salt Lake City, UT, March 2014.
Botcoin: Monetizing Stolen Cycles, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
DSpin: Detecting Automatically Spun Content on the Web, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
SafeDispatch: Security C++ Virtual Calls, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions, , The Cryptographers' Track at the RSA Conference 2014, San Francisco, February 2014.
A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations, , SIAM Journal on Computing 42(3):1364-91, 2013.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , USENIX ;login: 38(6), December 2013.
ViceROI: Catching Click-Spam in Search Ad Networks, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names, , Proceedings of the ACM Internet Measurement Conference, Barcelona, Spain, October 2013.
Encryption for Deduplicated Storage with DupLESS, , Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.
Take This Personally: Pollution Attacks on Personalized Services, , Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.
D(N,o)SSec: Measuring the Practical Impact of DNSSEC Deployment, , Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.
Practical Comprehensive Bounds on Surreptitious Communication over DNS, , Proceedings of the USENIX Security Symposium, Washington D.C., August 2013.
Instantiating Random Oracles via UCEs, , Proceedings of Crypto 2013, Santa Barbara, CA, August 2013.
Hardness of SIS and LWE with Small Parameters, , Proceedings of Crypto 2013, Santa Barbara, CA, August 2013.
ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowsourcing, , Proceedings of the ACM Conference on Mobile Systems, Appliations and Services (MobiSys), Taipei, Taiwan, June 2013.
Sapper: A Language for Provable Hardware Policy Enforcement, , Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), Seattle, WA, June 2013.
A Variational Approximation for Topic Modeling of Hierarchical Corpora, , Proceedings of the International Conference on Machine Learning, Atlanta, GA, June 2013.
Message-Locked Encryption and Secure Deduplication, , Proceedings of Eurocrypt 2013, Athens, Greece, May 2013.
Efficient Garbling from a Fixed-Key Blockcipher, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2013.
Welcome to the Entropics: Boot-Time Entropy in Embedded Devices, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2013.
Iago Attacks: Why The System Call API Is a Bad Untrusted RPC Interface, , Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, TX, March 2013.
A Practical Testing Framework for Isolating Hardware Timing Channels, , Proceedings of the Conference on Design, Automation, and Test in Europe (DATE), Grenoble, France, March 2013.
The Day After Patch Tuesday: Effects Observable in IP Darkspace Traffic, , Proceedings of the Passive and Active Measurement Workshop, Hong Kong, China, March 2013.
A Coordinated View of the Temporal Evolution of Large-scale Internet Events, , Proceedings of the Passive and Active Measurement Workshop, Hong Kong, China, March 2013.
Succinct Malleable NIZKs and an Application to Compact Shuffles, , Proceedings of TCC 2013, Tokyo, Japan, March 2013.
Verifiable Elections That Scale for Free, , Proceedings of PKC 2013, Nara, Japan, February 2013.
The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions, , The Cryptographers' Track at the RSA Conference 2013, San Francisco, February 2013.
Juice: A Longitudinal Study of an SEO Campaign, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2013.
Risk-Limiting Audits and the Margin of Victory in Nonplurality Elections, , Statistics, Politics, and Policy 3(3):29-64, January 2013.
Algorithms for the Densest Sub-Lattice Problem, , ACM-SIAM Symposium on Discrete Algorithms, New Orleans, January 2013.
An equational approach to secure multi-party computation, , ITCS 2013: Innovations in Theoretical Computer Science, Berkeley, January 2013.
Eliminating Timing Information Flows in a Mix-trusted System-on-Chip, , IEEE Design and Test of Computers, 2013.
Compact Proofs of Retrievability, , IACR Journal of Cryptology, 2013.
Sequential Aggregate Signatures and Multisignatures without Random Oracles, , IACR Journal of Cryptology 26(2):340-73, April 2013.
Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing, , Proceedings of Asiacrypt 2012, Beijing, China, December 2012.
RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures, , Proceedings of Asiacrypt 2012, Beijing, China, December 2012.
Simultaneous Information Flow Security and Circuit Redundancy in Boolean Gates, , Proceedings of the 2012 International Conference on Computer Aided Design (ICCAD), San Jose, CA, November 2012.
Taster's Choice: A Comparative Analysis of Spam Feeds, , Proceedings of the ACM Internet Measurement Conference, Boston, MA, November 2012.
Analyis of a '/0' Stealth Scan from a Botnet, , Proceedings of the ACM Internet Measurement Conference, Boston, MA, November 2012.
Achieving Oblivious Transfer Capacity of Generalized Erasure Channel in the Malicious Model, , IEEE Transactions on Information Theory 58(10):6672-80, October 2012.
On-Line Ciphers and the Hash-CBC Constructions, , IACR Journal of Cryptology 25(4):640-79, October 2012.
Are AES x86 Cache Timing Attacks Still Feasible? (short paper), , Proceedings of the Cloud Computing Security Workshop (CCSW), October 2012.
Torchestra: Reducing Interactive Traffic Delays over Tor, , Proceedings of the Workshop on Privacy in the Electronic Society (WPES), Raleigh, NC, October 2012.
Priceless: The Role of Payments in Abuse-advertised Goods, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.
Manufacturing Compromise: The Emergence of Exploit-as-a-Service, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.
Foundations of Garbled Circuits, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012.
Inapproximability of the Shortest Vector Problem: Toward a Deterministic Reduction, , Theory of Computing 8(22):487-512, October 2012.
Multi-Instance Security and its Application to Password-Based Cryptography, , Proceedings of Crypto 2012, Santa Barbara, CA, August 2012.
Semantic Security for the Wiretap Channel, , Proceedings of Crypto 2012, Santa Barbara, CA, August 2012.
PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs, , Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, , Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012. (Best Paper Award and USENIX Security Test-of-time Award).
Optimally Robust Private Information Retrieval, , Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.
Establishing Browser Security Guarantees through Formal Shim Verification, , Proceedings of the USENIX Security Symposium, Bellevue, WA, August 2012.
Operator-Assisted Tabulation of Optical Scan Ballots, , Proceedings of EVT/WOTE 2012, Seattle, WA, August 2012.
When Good Services Go Wild: Reassembling Web Services for Unintended Purposes, , Proceedings of the USENIX Workshop on Hot Topics in Security, Bellevue, WA, August 2012.
Approximate Common Divisors via Lattices, , ANTS-X: The 10th Algorithmic Number Theory Symposium, San Diego, CA, July 2012.
CSolve: Verifying C With Liquid Types, , Proceedings of the 24th Conference on Computer-Aided Verification (CAV), Berkeley, CA, July 2012.
On the Complexity of Generating Gate Level Information Flow Tracking Logic, , IEEE Transactions on Information Forensics and Security (TIFS) 7(3):1067-80, June 2012.
Measuring the Cost of Cybercrime, , Proceedings of the Workshop on the Economics of Information Security (WEIS), Berlin, Germany, June 2012.
Economic Analysis of Cybercrime in Crowdsourced Labor Markets, , Proceedings of the Workshop on the Economics of Information Security (WEIS), Berlin, Germany, June 2012.
Software Abstractions for Trusted Sensors, , Proceedings of the ACM Conference on Mobile Systems, Appliations and Services (MobiSys), Low Wood Bay, Lake District, UK, June 2012.
Pixel Perfect: Fingerprinting Canvas in HTML5, , Proceedings of Web 2.0 Security and Privacy 2012 (W2SP), San Franciso, May 2012.
On the (Im)possibility of Obfuscating Programs, , Journal of the ACM 59(2), April 2012.
Standard Security Does Not Imply Security Against Selective-Opening, , Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.
Identity-Based (Lossy) Trapdoor Functions and Applications, , Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.
Malleable Proof Systems and Applications, , Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.
Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading, , Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller, , Proceedings of Eurocrypt 2012, Cambridge, England, April 2012.
Return-Oriented Programming: Systems, Languages and Applications, , ACM Transactions on Information and System Security 15(1), March 2012.
Providing Safe, User Space Access to Fast, Solid State Disks, , Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), London, March 2012.
The BIZ Top-Level Domain: Ten Years Later, , Proceedings of the Passive and Active Measurement Workshop, Vienna, Austria, March 2012.
Oblivious Transfer Based on the McEliece Assumptions, , IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E95-A(2):567-575, February 2012.
Extracting benefit from harm: using malware pollution to analyze the impac of political and geophysical events on the Internet, , ACM SIGCOMM Computer Communication Review 42(1), January 2012.
In Planning Digital Defenses, the Biggest Obstacle is Human Ingenuity, , New York Times, Dec 6 2011.
Cryptography Secure Against Related-Key Attack, , Proceedings of Asiacrypt 2011, Seoul, Korea, December 2011.
Practical Containment for Measuring Modern Malware Systems, , Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.
An Analysis of Underground Forums, , Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.
Analysis of Country-wide Internet Outages Caused by Censorship, , Proceedings of the ACM Internet Measurement Conference, Berlin, CA, November 2011.
Do You Know Where Your Cloud Files Are?, , Proceedings of the Cloud Computing Security Workshop (CCSW), October 2011.
Eliminating Fine Grained Timers in Xen, , Proceedings of the Cloud Computing Security Workshop (CCSW), October 2011.
Judging a site by its content: learning the textual, structural, and visual features of malicious Web pages, , Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), Chicago, IL, October 2011.
Topic Modeling of Freelance Job Postings to Monitor Web Service Abuse, , Proceedings of the ACM Workshop on Artificial Intelligence and Security (AISEC), Chicago, IL, October 2011.
Cloak and Dagger: Dynamics of Web Search Cloaking, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011.
Ciphers that Encipher their Own Keys, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011.
Theoretical Fundamentals of Gate Level Information Flow Tracking, , IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) 30(8):1128-40, August 2011.
Achieving Oblivious Transfer Capacity of Generalized Erasure Channel in the Malicious Model, , IEEE Transactions on Information Theory 57(8):5566-71, August 2011.
The Geometry of Lattice Cryptography, , Foundations of Security Analysis and Design VI -- FOSAD Tutorial Lectures, August 2011.
Authenticated and Misuse-Resistant Encryption of Key-Dependent Data, , Proceedings of Crypto 2011, Santa Barbara, CA, August 2011.
Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions, , Proceedings of Crypto 2011, Santa Barbara, CA, August 2011.
Interview with Stefan Savage: On the Spam Payment Trail, , USENIX ;login: 36(4):7-20, August 2011.
Putting Out a HIT: Crowdsourcing Malware Installs, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011.
Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, , Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011.
No Plan Survives Contact: Experience with Cybercrime Measurement, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011.
ExperimenTor: A Testbed for Safe Realistic Tor Experimentation, , Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), August 2011.
Show Me the Money: Characterizing Spam-advertised Revenue, , Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
Dirty Jobs: The Role of Freelance Labor in Web Service Abuse, , Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
Comprehensive Experimental Analyses of Automotive Attack Surfaces, , Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
The Phantom Tollbooth: Privacy-preserving Electronic Toll Collection in the Presence of Driver Collusion, , Proceedings of the USENIX Security Symposium, San Francisco, CA, August 2011.
DefenestraTor: Throwing out Windows in Tor, , Privacy Enhancing Technologies Symposium, Waterloo, Canada, July 2011.
3-D Extensions for Trustworthy Systems (invited paper), , Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA), Las Vegas, Nevada, July 2011.
Enforcing Information Flow Guarantees in Reconfigurable Systems with Mix-Trusted IP (invited paper), , Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA), Las Vegas, Nevada, July 2011.
The Equivalence of the Random Oracle Model and the Ideal Cipher Model, Revisited, , 43rd Annual ACM Symposium on Theory of Computing, San Jose, CA, June 2011.
An Improved Encoding Technique for Gate Level Information Flow Tracking, , Proceedings of the 20th International Workshop on Logic and Synthesis (IWLS), San Diego, CA, June 2011.
Information Flow Isolation in I2C and USB, , Proceedings of the 48th Design Automation Conference (DAC), San Diego, June 2011.
Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security, , Proceedings of the 38th International Symposium of Computer Architecture (ISCA), San Jose, CA, June 2011.
Privacy-preserving Network Forensics, , Communications of the Association for Computing Machinery 54(5), May 2011.
Extracting Device Fingerprints from Flash Memory by Exploiting Physical Variations, , Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST), Pittsburg, Pennsylvania, June 2011.
Analyzing the Cross-domain Policies of Flash Applications, , Proceedings of Web 2.0 Security and Privacy 2011 (W2SP), San Franciso, May 2011.
Fingerprinting Information in JavaScript Implementations, , Proceedings of Web 2.0 Security and Privacy 2011 (W2SP), San Franciso, May 2011.
Click Trajectories: End-to-End Analysis of the Spam Value Chain, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2011, pages 431-446. (Award paper).
Efficient Authentication from Hard Learning Problems, , Proceedings of Eurocrypt 2011, Tallinn, Estonia, May 2011.
Careful with Composition: Limitations of the Indifferentiability Framework, , Proceedings of Eurocrypt 2011, Tallinn, Estonia, May 2011.
On the Effects of Registrar-level Intervention, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, March 2011.
Got Traffic? An Evaluation of Click Traffic Providers, , Proceedings of the WICOM/AIRWeb Workshop on Web Quality (WebQuality), Hyderabad, India, Mar 2011.
Security Amplification for the Cascade of Arbitrarily Weak PRPs: Tight Bounds via the Interactive Hardcore Lemma, , Proceedings of TCC 2011, Providence, Rhode Island, March 2011.
Identity-Based Encryption Secure Against Selective Opening Attack, , Proceedings of TCC 2011, Providence, Rhode Island, March 2011.
Proximax: Fighting Censorship with an Adaptive System for Distribution of Open Proxies, , Proceedings of the International Conference on Financial Cryptography and Data Security, St Lucia, February 2011.
Learning to Detect Malicious URLs, , ACM Transactions on Intelligent Systems and Technology (TIST) 2(3), April 2011.
Universally Composable and Statistically Secure Verifiable Secret Sharing Scheme Based on Pre-Distributed Data, , IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E94-A(2):725-34, February 2011.
Reliably Erasing Data From Flash-based Solid State Drives, , Proceedings of the 9th USENIX Conference on File and Storage Technologies, San Jose, CA, February 2011.
Hardware Assistance for Trustworthy Systems through 3-D Integration, , Proceedings of ACSAC 2010, Austin, TX, December 2010.
Practical Defenses for Evil Twin Attacks in 802.11, , Proceedings of IEEE GlobeCom 2010, Miami, FL, December 2010.
Toward Improving Path Selection in Tor, , Proceedings of IEEE GlobeCom 2010, Miami, FL, December 2010.
Random Oracles with(out) Programmability, , Proceedings of Asiacrypt 2010, Singapore, December 2010.
Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures, , Proceedings of Asiacrypt 2010, Singapore, December 2010.
An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, October 2010.
Return-Oriented Programming without Returns, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, October 2010.
Hardware Trust Implications of 3-D Integration, , Proceedings of the 5th Workshop on Embedded Systems Security (WESS), Scottsdale, AZ, October 2010.
Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks, , Proceedings of Crypto 2010, Santa Barbara, CA, August 2010.
ZKPDL: A Language-based System for Efficient Zero-Knowledge Proofs and Electronic Cash, , Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.
Re: CAPTCHAs -- Understanding CAPTCHA Solving from an Economic Context, , Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.
Efficient User-Guided Ballot Image Verification, , Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.
Single-Ballot Risk-Limiting Audits Using Convex Optimization, , Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.
OpenScan: A Fully Transparent Optical Scan Voting System, , Proceedings of EVT/WOTE 2010, Washington, D.C., August 2010.
Don't Take LaTeX Files from Strangers, , USENIX ;login: 35(4), August 2010.
Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits, , Proceedings of the ACM SIGKDD Conference, Washington D.C., July 2010.
A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations, , 42nd Annual ACM Symposium on Theory of Computing, Cambridge, MA, June 2010.
Theoretical Analysis of Gate Level Information Flow Tracking, , Proceedings of the 47th Design Automation Conference (DAC), Anaheim, CA, June 2010.
Security Primitives for Reconfigurable Hardware Based Systems, , ACM Transactions on Reconfigurable Technology and Systems (TRETS) 3(2), May 2010.
Experimental Security Analysis of a Modern Automobile, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.
Exploiting Feature Covariance in High-Dimensional Online Learning, , Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS), Sardinia, Italy, May 2010.
Computational Soundness, Co-Induction, and Encryption Cycles, , Proceedings of Eurocrypt 2010, Nice, France, May 2010.
Cryptographic Agility and Its Relation to Circular Encryption, , Proceedings of Eurocrypt 2010, Nice, France, May 2010.
Bonsai Trees, or How to Delegate a Lattice Basis, , Proceedings of Eurocrypt 2010, Nice, France, May 2010.
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions, , Proceedings of PKC 2010, Paris, May 2010.
Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2010.
Carousel: Scalable Logging for Intrusion Prevention Systems, , Proceedings of the 7th ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Jose, CA, April 2010.
The RSA Group is Pseudo-Free, , IACR Journal of Cryptology 23(2):169-86, April 2010.
Neon: System Support for Derived Data Management, , Proceedings of the ACM International Conference on Virtual Execution Environments (VEE), Pittsburgh, PA, March 2010.
Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine, , The Cryptographers' Track at the RSA Conference 2010, San Francisco, March 2010.
Leaping Multiple Headers in a Single Bound: Wire Speed Parsing using the Kangaroo System, , Proceedings of the IEEE Infocom Conference, San Diego, CA, March 2010.
Botnet Judo: Fighting Spam with Itself, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2010.
When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography, , Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2010.
Faster Exponential Time Algorithms for the Shortest Vector Problem, , ACM-SIAM Symposium on Discrete Algorithms, Austin, TX, January 2010.
Robust Encryption, , Proceedings of TCC 2010, Zurich, March 2010, pages 480-97.
Uniform Direct Product Theorems: Simplified, Optimized, and Derandomized, , SIAM Journal on Computing 39(4):1637-65, January 2010.
Hedged Public-Key Encryption: How to Protect Against Bad Randomness, , Proceedings of Asiacrypt 2009, Tokyo, December 2009.
Foundations of Non-Malleable Hash and One-Way Functions, , Proceedings of Asiacrypt 2009, Tokyo, December 2009.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November 2009.
When Private Keys are Public: Results from the 2008 Debian OpenSSL Debacle, , Proceedings of the ACM Internet Measurement Conference, Chicago, November 2009.
Spamalytics: An Empirical Analysis of Spam Marketing Conversion, , Communications of the Association for Computing Machinery 52(9):99-107, September 2009.
Reconstructing RSA Private Keys from Random Key Bits, , Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.
Randomizable Proofs and Delegatable Anonymous Credentials, , Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.
On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem, , Proceedings of Crypto 2009, Santa Barbara, CA, August 2009.
Format-Preserving Encryption, , Proceedings of Selected Areas in Cryptography (SAC) 2009, Calgary, Canada, August 2009.
Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage, , Proceedings of EVT/WOTE 2009, Montreal, Canada, August 2009.
Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default, , Privacy Enhancing Technologies Symposium, Seattle, Washington, August 2009.
Secure and Policy-Compliant Source Routing, , IEEE/ACM Transactions on Networking 17(4), August 2009.
Identifying Suspicious URLs: An Application of Large-Scale Online Learning, , Proceedings of the 26th Annual International Conference on Machine Learning (ICML 2009), Montreal, Quebec, June 2009.
Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs, , Proceedings of the ACM SIGKDD Conference, Paris, France, June 2009.
Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening, , Proceedings of Eurocrypt 2009, Cologne, April 2009.
Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme, , Proceedings of Eurocrypt 2009, Cologne, April 2009.
Salvaging Merkle-Damgard for Practical Applications, , Proceedings of Eurocrypt 2009, Cologne, April 2009.
Defending Mobile Phones from Proximity Malware, , Proceedings of the IEEE Infocom Conference, Rio de Janeiro, Brazil, April 2009.
Spamcraft: An Inside Look at Spam Campaign Orchestration, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), Boston, MA, April 2009.
Key Insulation and Intrusion Resilience over a Public Channel, , The Cryptographers' Track at the RSA Conference 2009, San Francisco, April 2009, pages 84-99.
Security Amplification for Interactive Cryptographic Primitives, , Proceedings of TCC 2009, San Francisco, March 2009, pages 128-45.
Lattice-Based Cryptography, , In Post Quantum Cryptography. Bernstein, Daniel J. and Buchmann, Johannes and Dahmen, Erik, editor. Springer-Verlag, 2009.
Detecting Malicious Packet Losses, , IEEE Transactions on Parallel and Distributed Systems 20(2), February 2009.
Security Proofs for Identity-Based Identification and Signature Schemes, , IACR Journal of Cryptology 22(1):1-61, January 2009.
Chernoff-Type Direct Product Theorems, , IACR Journal of Cryptology 22(1):75-92, January 2009.
Hash Functions from Sigma Protocols and Improvements to VSH, , Proceedings of Asiacrypt 2008, Melbourne, Australia, December 2008.
Compact Proofs of Retrievability, , Proceedings of Asiacrypt 2008, Melbourne, Australia, December 2008, pages 90-107.
When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 27-38.
Spamalytics: an Empirical Analysis of Spam Marketing Conversion, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 3-14.
Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 469-77.
Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles, , Proceedings of Crypto 2008, Santa Barbara, CA, August 2008, pages 360-78.
From Identification to Signatures Via the Fiat-Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security, , IEEE Transactions on Information Theory 54(8):3631-46, August 2008.
Optimal Communication Complexity of Generic Multicast Key Distribution, , IEEE/ACM Transactions on Networking 16(4):803-13, August 2008.
Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs, , Proceedings of the USENIX Security Symposium, San Jose, CA, July 2008.
AutoISES: Automatically Inferring Security Specifications and Detecting Violations, , Proceedings of the USENIX Security Symposium, San Jose, CA, July 2008.
Storm: When Researchers Collide, , USENIX ;login: 33(4), August 2008.
You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems, , Proceedings of EVT 2008, San Jose, CA, July 2008.
An Indistinguishability-Based Characterization of Anonymous Channels, , Privacy Enhancing Technologies Symposium, Leuven, Belgium, July 2008, pages 24-43.
Efficient Bounded Distance Decoders for Barnes-Wall lattices, , 2008 IEEE International Symposium on Information Theory, Toronto, Ontario, Canada, July 2008.
Uniform Direct Product Theorems: Simplified, Optimized, and Derandomized, , 40th Annual ACM Symposium on Theory of Computing, Victoria, B.C., Canada, May 2008, pages 579-588.
On the Spam Campaign Trail, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.
The Heisenbot Uncertainty Problem: Challenges in Separating Bots from Chaff, , Proceedings of the USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), San Franciso, CA, April 2008.
Detecting Compromised Routers via Packet Forwarding Behavior, , IEEE Network 22(2), March 2008.
Recovering NTRU Secret Key From Inversion Oracles, , Proceedings of PKC 2008, Barcelona, Spain, March 2008.
Lattice-Based Identification Schemes Secure under Active Attacks, , Proceedings of PKC 2008, Barcelona, Spain, March 2008. (Best paper).
Asymptotically Efficient Lattice-Based Digital Signatures, , Proceedings of TCC 2008, New York, March 2008, pages 37-54.
The Round-Complexity of Black-Box Zero-Knowledge: A Combinatorial Characterization, , Proceedings of TCC 2008, New York, March 2008, pages 535-52.
SWIFFT: A Modest Proposal for FFT Hashing, , Proceedings of FSE 2008, Lausanne, Switzerland, February 2008, pages 54-72.
Efficient Reductions among Lattice Problems, , ACM-SIAM Symposium on Discrete Algorithms, San Francisco, CA, January 2008.
Generalized Compact Knapsaks, Cyclic Lattices, and Efficient One-Way Functions, , Computational Complexity 16(4):365-411, December 2007.
How to Build a Hash Function from any Collision-Resistant Function, , Proceedings of Asiacrypt 2007, Kuching, Sarawak, Malaysia, December 2007, pages 147-63.
Multi-Recipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security, , IEEE Transactions on Information Theory 53(11):3927-43, November 2007.
Can You Infect Me Now? Malware Propagation in Mobile Phone Networks, , Proceedings of the ACM Workshop on Recurring Malcode (WORM), Washington D.C., November 2007.
Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007, pages 172-84.
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007.
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86), , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2007, pages 552-61.
Slicing Spam with Occam's Razor, , Proceedings of Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2007.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure, , Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.
Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks, , Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.
Chernoff-Type Direct Product Theorems, , Proceedings of Crypto 2007, Santa Barbara, CA, August 2007, pages 500-516.
Deterministic and Efficiently Searchable Encryption, , Proceedings of Crypto 2007, Santa Barbara, CA, August 2007, pages 535-52.
Source Code Review of the Hart InterCivic Voting System, , Part of California Secretary of State Debra Bowen’s “Top-to-Bottom” Review of the voting machines used in California, August 2007.
Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Wroclaw, Poland, July 2007, pages 399-410.
Unrestricted Aggregate Signatures, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Wroclaw, Poland, July 2007, pages 411-22.
How to Design Computer Security Experiments, , World Conference on Information Security Education (WISE), June 2007.
Cryptographic Functions from Worst-Case Complexity Assumptions, , Proceedings of the LLL+25 conference in honor of the 25th birthday of LLL, Caen, France, June 2007.
Worst-Case to Average-Case Reductions Based on Gaussian Measures, , SIAM Journal on Computing 37(1):267-302, May 2007.
The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks, , Proceedings of Eurocrypt 2007, Barcelona, Spain, May 2007, pages 228-45.
Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir without Random Oracles, , Proceedings of PKC 2007, Beijing, China, April 2007, pages 201-16.
Efficient Ring Signatures without Random Oracles, , Proceedings of PKC 2007, Beijing, China, April 2007, pages 166-80.
Toward Models for Forensic Analysis, , Proceedings of the International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), Seattle, WA, April 2007.
Analysis of the SPV Secure Routing Protocol: Weaknesses and Lessons, , ACM SIGCOMM Computer Communication Review 37(2), April 2007.
Analysis of Computer Intrusions using Sequences of Function Calls, , IEEE Transactions on Dependable and Secure Computing 4(2):137-150, April 2007.
How to Enrich the Message Space of a Cipher, , Proceedings of FSE 2007, Luxembourg, March 2007, pages 101-18.
Tackling Adaptive Corruptions in Multicast Encryption Protocols, , Proceedings of TCC 2007, Amsterdam, The Netherlands, February 2007, pages 21-40. (Best student paper).
Identity-Based Multi-signatures from RSA, , The Cryptographers' Track at the RSA Conference 2007, San Francisco, February 2007, pages 145-62.
Sweeper: A Lightweight End-to-End System for Defending Against Fast Worms, , Proceedings of the 2nd European Conference in Computer Systems (EuroSys), Lisbon, Portugal, March 2007.
On Scalable Attack Detection in the Network, , IEEE/ACM Transactions on Networking 15(1), February 2007.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, , Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Orlando, FL, December 2006, pages 135-148.
Back to the Future: A Framework for Automatic Malware Removal, , Proceedings of ACSAC 2006, December 2006.
Multi-Property-Preserving Hash Domain Extension and the EMD Transform, , Proceedings of Asiacrypt 2006, Shanghai, China, December 2006, pages 299-314.
Glavlit: Preventing Exfiltration at Wire Speed, , Proceedings of the 5th ACM Workshop on Hot Topics in Networks (HotNets-V), Irvine, CA, November 2006.
Asgard: Software Guards for System Address Spaces, , Proceedings of the 7th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), Seattle, WA, November 2006.
Unexpected Means of Identifying Protocols, , Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.
Finding Diversity in Remote Code Injection Exploits, , Proceedings of the ACM Internet Measurement Conference, Rio de Janeiro, Brazil, October 2006.
Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 380-9.
Multisignatures in the Plain Public-Key Model and a General Forking Lemma, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 390-9.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006.
Forward Secure Signatures with Untrusted Update, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2006, pages 191-200.
Approximately List-Decoding Direct Product Codes and Uniform Hardness Amplification, , 47th Symposium on Foundations of Computer Science (FOCS 2006), Princeton, NJ, October 2006, pages 187-196.
Detecting Evasion Attacks at High Speeds without Reassembly, , Proceedings of the ACM SIGCOMM Conference, Pisa, Italy, September 2006.
Beyond Bloom Filters: From Approximate Membership Checks to Approximate State Machines, , Proceedings of the ACM SIGCOMM Conference, Pisa, Italy, September 2006.
PRIMED: Community-of-Interest-Based DDoS Mitigation, , Proceedings of the ACM SIGCOMM Workshop on Large Scale Attack Defense, Pisa, Italy, September 2006, pages 147-154.
Provably Secure FFT Hashing, , NIST Second Cryptographic Hash Workshop, August 2006.
New Proofs for NMAC and HMAC: Security without Collision-Resistance, , Proceedings of Crypto 2006, Santa Barbara, CA, August 2006, pages 602-19.
On Bounded Distance Decoding for General Lattices, , International Workshop on Randomization and Computation -- RANDOM 2006, Barcelona, Spain, August 2006, pages 450-61.
Fatih: Detecting and Isolating Malicious Routers via Traffic Validation, , IEEE Transactions on Dependable and Secure Computing 3(3), July 2006.
Hard Instances of the Constrained Discrete Logarithm Problem, , ANTS-VII: The 7th International Symposium on Algorithmic Number Theory, Berlin, Germany, July 2006, pages 582-98.
Designing Voting Machines for Verification, , Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, July 2006, pages 321-36.
Generalized Compact Knapsacks Are Collision Resistant, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Venice, Italy, July 2006, pages 144-55 (volume 2).
Corrupting One vs. Corrupting Many: The Case of Broadcast and Multicast Encryption, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Venice, Italy, July 2006, pages 70-82 (volume 2).
Inferring Internet Denial-of-Service Activity, , ACM Transactions on Computer Systems 24(2):115-139, May 2006.
Code-Based Game-Playing Proofs and the Security of Triple Encryption, , Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 409-26.
Herding Hash Functions and the Nostradamus Attack, , Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 183-200.
Sequential Aggregate Signatures and Multisignatures without Random Oracles, , Proceedings of Eurocrypt 2006, St. Petersburg, Russia, May 2006, pages 465-85.
Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM storage, or, How to Store Ballots on a Voting Machine (extended abstract), , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2006, pages 365-70.
Security Analysis of KEA Authenticated Key Exchange Protocol, , Proceedings of PKC 2006, New York, April 2006, pages 378-94.
Logics for Reasoning about Cryptographic Constructions, , Journal of Computer and System Sciences 72(2):286-320, March 2006.
Concurrent Zero Knowledge Without Complexity Assumptions, , Proceedings of TCC 2006, New York, March 2006, pages 1-20.
Wireless Security and Internetworking, , Proceedings of the IEEE 94(2), February 2006.
Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage, , The 13th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2006.
Opportunistic Measurement: Extracting Insight from Spurious Traffic, , Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD, November 2005.
Self-stopping Worms, , Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington D.C., November 2005, pages 12-21.
Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2005.
Rx: Treating Bugs as Allergies---a Safe Method to Survive Software Failure, , Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005. (Award paper).
Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm, , Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005, pages 148-162.
Principles-Driven Forensic Analysis, , Proceedings of the New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, September 2005.
Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions, , Proceedings of Crypto 2005, Santa Barbara, CA, August 2005, pages 205-22.
Improved Security Analyses for CBC MACs, , Proceedings of Crypto 2005, Santa Barbara, CA, August 2005, pages 527-45.
Simultaneous Broadcast Revisited, , 24th Annual ACM Symposium on Principles of Distributed Computing (PODC 2005), Las Vegas, NV, July 2005, pages 324-33.
Empirical Study of Tolerating Denial-of-Service Attacks with a Proxy Network, , Proceedings of the USENIX Security Symposium, Baltimore, MD, August 2005.
Treating Bugs as Allergies: A Safe Method for Surviving Software Failures, , Proceedings of the 10th USENIX Workshop on Hot Topics in Operating Systems (HotOS-X), Santa Fe, NM, June 2005.
Append-Only Signatures, , Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP), Lisboa, Portugal, July 2005.
Fatih: Detecting and Isolating Malicious Routers, , Proceedings of the IEEE Conference on Dependable Systems and Networks (DSN), Yokohama, Japan, June 2005, pages 538-547. (Award paper).
The Complexity of the Covering Radius Problem on Lattices and Codes, , Computational Complexity 14(2):90-121, June 2005.
Remote Physical Device Fingerprinting, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2005. (Award paper).
Mix-Network with Stronger Security, , Privacy Enhancing Technologies Symposium, Cavtat, Croatia, May 2005, pages 128-46.
The RSA Group is Pseudo-Free, , Proceedings of Eurocrypt 2005, Aarhus, Denmark, May 2005, pages 387-403.
Remote Physical Device Fingerprinting, , IEEE Transactions on Dependable and Secure Computing 2(2):93-108, April 2005.
Surviving Internet Catastrophes, , Proceedings of the USENIX Annual Technical Conference, Anaheim, CA, April 2005.
SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs, , Proceedings of IEEE International Symposium on High-Performance Computer Architecture, San Francisco, CA, February 2005.
End-to-End Security in the Presence of Intelligent Data Adapting Proxies: the Case of Authenticating Transcoded Streaming Media, , IEEE Journal on Selected Areas in Communication 23(2):464-73, February 2005.
Adaptive Security of Symbolic Encryption, , Proceedings of TCC 2005, Cambridge, MA, February 2005, pages 169-87.
Foundations of Group Signatures: The Case of Dynamic Groups, , The Cryptographers' Track at the RSA Conference 2005, San Francisco, February 2005, pages 136-53.
Automated Worm Fingerprinting, , Proceedings of the 6th ACM/USENIX Symposium on Operating System Design and Implementation (OSDI), San Francisco, CA, December 2004, pages 45-60.
Towards Plaintext-Aware Public-Key Encryption without Random Oracles, , Proceedings of Asiacrypt 2004, Jeju Island, Korea, December 2004, pages 48-62.
Client Side Caching for TLS, , ACM Transactions on Information and System Security 7(4):553-75, November 2004.
Attacking and Repairing the WinZip Encryption Scheme, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 72-81.
Group Signatures with Verifier-Local Revocation, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 168-77.
On the Effectiveness of Address-Space Randomization, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004, pages 298-307.
On the Difficulty of Scalably Detecting Network Attacks, , Proceedings of the ACM Conference on Computer and Communications Security (CCS), Washington, D.C., October 2004.
The Top Speed of Flash Worms, , Proceedings of the ACM Workshop on Rapid Malcode (WORM), Washington, D.C., October 2004.
Worst-Case to Average-Case Reductions Based on Gaussian Measures, , 45th Symposium on Foundations of Computer Science (FOCS 2004), Rome, Italy, October 2004, pages 372-81.
On Scalable Attack Detection in the Network, , Proceedings of the USENIX/ACM Internet Measurement Conference, Taormina, Sicily, Italy, October 2004.
Short Signatures from the Weil Pairing, , IACR Journal of Cryptology 17(4):297-319, September 2004.
A System for Authenticated Policy-Compliant Routing, , Proceedings of the ACM SIGCOMM Conference, Portland, OR, September 2004, pages 167-178.
The Inapproximability of Lattice and Coding Problems with Preprocessing, , Journal of Computer and System Sciences 69(1):45-67, August 2004.
The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols, , Proceedings of Crypto 2004, Santa Barbara, CA, August 2004, pages 273-89.
Short Group Signatures, , Proceedings of Crypto 2004, Santa Barbara, CA, August 2004, pages 41-55.
UCLog: A Unified, Correlated Logging Architecture for Intrusion Detection, , International Conference on Telecommunication Systems - Modeling and Analysis (ICTSM), July 2004.
The Spread of the Witty Worm, , IEEE Security and Privacy 2(4), July 2004.
Fault-Tolerant Forwarding in the Face of Malicious Routers, , Proceedings of the International Workshop on the Future Directions in Distributed Computing (FuDiCo), Bertinoro, Italy, June 2004.
The Complexity of the Covering Radius Problem on Lattices and Codes, , 19th Annual IEEE Conference on Computational Complexity (CCC 2004), Amherst, MA, June 2004, pages 161-73.
Analysis of an Electronic Voting System, , Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2004, pages 27-42.
Optimal Communication Complexity of Generic Multicast Key Distribution, , Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 153-70.
Hash Function Balance and Its Impact on Birthday Attacks, , Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 401-18.
Security Proofs for Identity-Based Identification and Signature Schemes, , Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 268-86.
An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem, , Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 171-88.
Sequential Aggregate Signatures from Trapdoor Permutations, , Proceedings of Eurocrypt 2004, Interlaken, Switzerland, May 2004, pages 74-90.
The Spread of the Witty Worm, , CAIDA Report, March 2004.
Soundness of Formal Encryption in the Presence of Active Adversaries, , Proceedings of TCC 2004, Cambridge, MA, February 2004, pages 133-51.
New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms, , Proceedings of FSE 2004, Delhi, India, February 2004, pages 427-45.
CWC: A High-Performance Conventional Authenticated Encryption Mode, , Proceedings of FSE 2004, Delhi, India, February 2004, pages 408-26.
The EAX Mode of Operation, , Proceedings of FSE 2004, Delhi, India, February 2004, pages 389-407.
Almost Perfect Lattices, the Covering Radius Problem, and Applications to Ajtai's Connection Factor, , SIAM Journal on Computing 34(1):118-69, 2004.