D. J. Bernstein

Index of formal scientific papers

Papers by title

completed A complete set of addition laws for incomplete Edwards curves
zeroseek A fast journaling filesystem
nfsi A general number field sieve implementation
231 A non-iterative 2-adic statement of the 3N+1 conjecture
sigs A secure public-key signature system with extremely fast verification
easycbc A short proof of the unpredictability of cipher block chaining
unipat A simple universal pattern-matching automaton
efd Analysis and optimization of elliptic-curve single-scalar multiplication
antiquad Analysis of QUAD
psi Arbitrarily tight bounds on the distribution of smooth integers
mceliece Attacking and defending the McEliece cryptosystem
bbe Batch binary Edwards
genbday Better price-performance ratios for generalized birthday attacks
edwards2 Binary Edwards curves
psi-abs Bounding smooth integers (extended abstract)
ecc2k130 Breaking ECC2K-130
cachetiming Cache-timing attacks on AES
calculus Calculus for mathematicians
curvezero Can we avoid tests for zero in fast elliptic-curve arithmetic?
chacha ChaCha, a variant of Salsa20
cipherdag Cipher DAGs (extended abstract)
nfscircuit Circuits for integer factorization: a proposal
rings Commutative rings
stream256 Comparison of 256-bit stream ciphers at the beginning of 2006
compose Composing power series over a finite ring in essentially linear time
logfloor Computing logarithm floors in essentially linear time
logagm Computing logarithm intervals with the arithmetic-geometric-mean iteration
cuberoot Computing small discrete logarithms faster
nfspoly Controlling three coefficients in number-field-sieve polynomials
collisioncost Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?
naclcrypto Cryptography in NaCl
curve25519 Curve25519: new Diffie-Hellman speed records
curve41417 Curve41417: Karatsuba revisited
aecycles Cycle counts for authenticated encryption
decompress Data decompression
powers2 Detecting perfect powers by factoring into coprimes
powers Detecting perfect powers in essentially linear time
diffchain Differential addition chains
prime2004 Distinguishing prime numbers from composite numbers: the state of the art in 2004
zkcrypt Does ZK-Crypt version 1 flunk a repetition test?
focus Doubly focused enumeration of locally square polynomial values
gpuecc2k ECC2K-130 on NVIDIA GPUs
gpuecm ECM on graphics cards
eecm ECM using Edwards curves
elligator Elligator: Elliptic-curve points indistinguishable from uniform random strings
epsi Enumerating and counting smooth integers
sortedsums Enumerating solutions to p(a)+q(b)=r(c)+s(d)
smoothdep Estimating the dependence time for smooth integers
xsalsa Extending the Salsa20 nonce
dcba Factoring into coprimes in essentially linear time
smartfacts Factoring RSA keys from certified smart cards: Coppersmith in the wild
fiall Fast ideal arithmetic via lazy localization
multapps Fast multiplication and its applications
nistp224 Fast point multiplication on the NIST P-224 elliptic curve
2reg Faster 2-regular information-set decoding
newelliptic Faster addition and doubling on elliptic curves
nonsquare Faster algorithms to find non-squares modulo worst-case integers
badbatch Faster batch forgery identification
auth256 Faster binary-field multiplication and faster binary-field MACs
dcba2 Faster factorization into coprimes
zmult Faster multiplication of integers
sqroot Faster square roots in annoying finite fields
hash127 Floating-point arithmetic and message authentication
fsbday FSBday: implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB
gge Generalized Gaussian elimination
grovercode Grover vs. McEliece
hash127-abs Guaranteed message authentication faster than MD5 (abstract)
fastgraeffe High-precision roots of high-degree polynomials
ed25519 High-speed high-security signatures
sf How to find small factors of integers
smoothparts How to find smooth parts of integers
stretch How to stretch random functions: the security of protected counter sums
hyperand Hyper-and-elliptic-curve cryptography
inverted Inverted Edwards coordinates
kummer Kummer strikes back: new DH speed records
goppalist List decoding for binary Goppa codes
fastgcd Kronecker matrices and polynomial GCDs
mimd Matrix inversion made difficult
mcbits McBits: fast constant-time code-based cryptography
minimalt MinimaLT: Minimal-latency networking through better security
meecrt Modular exponentiation via the explicit Chinese remainder theorem
mmecrt Multidigit modular multiplication with the Explicit Chinese Remainder Theorem
m3 Multidigit multiplication for mathematicians
neoncrypto NEON crypto
bunny Never trust a bunny
aesspeed New AES software speed records
westinghouse New fast algorithms for pi and e
nonuniform Non-uniform cracks in the concrete: the power of free precomputation
negation On the correct use of the negation map in the Pollard rho method
dualectls On the practical exploitability of Dual EC in TLS implementations
rc4biases On the security of RC4 in TLS and WPA
sha3opt Optimization failures in SHA-3 software
doublebase Optimizing double-base elliptic-curve single-scalar multiplication
linearmod2 Optimizing linear maps modulo 2
pippenger Pippenger's exponentiation algorithm
pema Polynomial evaluation and message authentication
hblcs Predicting a linear congruential sequence from its high bits
primesieves Prime sieves using binary quadratic forms
forgery Protecting communications against forgery
aks Proving primality after Agrawal-Kayal-Saxena
quartic Proving primality in essentially quartic random time
rwtight Proving tight security for Rabin-Williams signatures
qsubsetsum Quantum algorithms for the subset-sum problem
quantumsha3 Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein
rfsb Really fast syndrome-based hashing
smallheight Reducing lattice bases to find small-height values of univariate polynomials
fastnewton Removing redundancy in high-precision Newton iteration
rwsota RSA signatures and Rabin-Williams signatures: the state of the art
huptrie Saving space and time in hash tries
scaledmod Scaled remainder trees
interop SHA-3 interoperability
abccong Sharper ABC-based bounds for congruent polynomials
simplelist Simplified high-speed high-distance list decoding for alternant codes
siphash SipHash: a fast short-input PRF
ballcoll Smaller decoding exponents: ball-collision decoding
qmailsec Some thoughts on security after ten years of qmail 1.0
a1ecm Starfish on strike
permutations Stronger security bounds for permutations
securitywcs Stronger security bounds for Wegman-Carter-Shoup authenticators
senfs Superelliptic integrals and the number-field sieve
surf SURF: Simple Unpredictable Random Function
3x1conjmap The 3x+1 conjugacy map
abc The ABC polygon
pc109 The billion-mulmod-per-second PC
ecc2x The Certicom challenges ECC2-X
c3 The complexity of complex convolution
mlnfs The multiple-lattice number field sieve
shootout The new SHA-3 software shootout
poly1305 The Poly1305-AES message-authentication code
salsafamily The Salsa20 family of stream ciphers
coolnacl The security impact of a new cryptographic library
tangentfft The tangent FFT
dal The ubiquitous dal function
tweetnacl TweetNaCl: a crypto library in 100 tweets
twisted Twisted Edwards curves
grumpy Two grumpy giants and a baby
opb Type-II optimal polynomial bases
bruteforce Understanding brute force
gpuasm Usable assembly language for GPUs: a success story
kdvseries Using fast power-series arithmetic in the Kedlaya-Denef-Vercauteren algorithm
bestat Visualizing area-time tradeoffs for SHA-3
expandxor What output size resists collisions in a xor of independent expansions?
broken Which eSTREAM ciphers have been broken?
wild Wild McEliece
wild2 Wild McEliece incognito
phase3speed Which phase-3 eSTREAM ciphers provide the best software speeds?

Papers by date

Sorted by date of the most recently published version. When another date is listed, it is the date of the first published version.

URL Pages First published version Refereed? Printed? Most recently published version

http://cr.yp.to/papers.html#westinghouse 21pp 1987 [scanned] [more]
Daniel J. Bernstein. ``New fast algorithms for pi and e.'' Fifth-place paper for the nationwide 1987 Westinghouse Science Talent Search. Distributed widely at the Ramanujan Centenary Conference.
http://cr.yp.to/papers.html#nfsi 24pp printed 1993.01 [more]
Daniel J. Bernstein, Arjen K. Lenstra. ``A general number field sieve implementation.'' Pages 103--126 in The development of the number field sieve, edited by Arjen K. Lenstra, Hendrik W. Lenstra, Jr. Lecture Notes in Mathematics 1554, Springer, 1993. ISBN 3-540-57013-6.
http://cr.yp.to/papers.html#231 4pp refereed printed 1994.02 [more]
Daniel J. Bernstein. ``A non-iterative 2-adic statement of the 3N+1 conjecture.'' Proceedings of the American Mathematical Society 121 (1994), 405--408.
http://cr.yp.to/papers.html#epsi 4pp printed 1995.05 [PDF] [more]
Daniel J. Bernstein. ``Enumerating and counting smooth integers.'' Chapter 2, Ph.D. thesis, University of California at Berkeley.
http://cr.yp.to/papers.html#mlnfs 5pp printed 1995.05 [PDF] [more]
Daniel J. Bernstein. ``The multiple-lattice number field sieve.'' Chapter 3, Ph.D. thesis, University of California at Berkeley.
http://cr.yp.to/papers.html#mmecrt 7pp printed 1995.05 [PDF] [more]
Daniel J. Bernstein. ``Multidigit modular multiplication with the Explicit Chinese Remainder Theorem.'' Chapter 4, Ph.D. thesis, University of California at Berkeley.
http://cr.yp.to/papers.html#fiall 8pp refereed printed 1996.06.01 [PDF] [more]
Daniel J. Bernstein. ``Fast ideal arithmetic via lazy localization.'' Pages 27--34 in Algorithmic number theory: second international symposium, ANTS-II, Talence, France, May 18--23, 1996, proceedings, edited by Henri Cohen. Lecture Notes in Computer Science 1122, Springer, 1996. ISBN 3-540-61581-4.
http://cr.yp.to/papers.html#fastgcd 1996.06.28 [more]
Daniel J. Bernstein. ``Kronecker matrices and polynomial GCDs.'' Superseded by multapps.
http://cr.yp.to/papers.html#3x1conjmap 16pp refereed printed 1996.11 [more]
Daniel J. Bernstein, Jeffrey C. Lagarias. ``The 3x+1 conjugacy map.'' Canadian Journal of Mathematics 48 (1996), 1154--1169.
http://cr.yp.to/papers.html#calculus 12pp 1997.04.03 [PDF] [more]
Daniel J. Bernstein. ``Calculus for mathematicians.''
http://cr.yp.to/papers.html#psi-abs 3pp refereed printed 1998.07.01 [PDF] [more]
Daniel J. Bernstein. ``Bounding smooth integers (extended abstract).'' Pages 128--130 in Algorithmic number theory: third international symposium, ANTS-III, Portland, Oregon, USA, June 21--25, 1998, proceedings, edited by Joe Buhler. Lecture Notes in Computer Science 1423, Springer, 1998. ISBN 3-540-64657-4.
http://cr.yp.to/papers.html#powers 31pp 1995.05 refereed printed 1998.07 [PDF] [more]
Daniel J. Bernstein. ``Detecting perfect powers in essentially linear time.'' Mathematics of Computation 67 (1998), 1253--1283.
http://cr.yp.to/papers.html#compose 3pp refereed printed 1998.09 [PDF] [more]
Daniel J. Bernstein. ``Composing power series over a finite ring in essentially linear time.'' Journal of Symbolic Computation 26 (1998), 339--341.
http://cr.yp.to/papers.html#stretch 8pp refereed printed 1999 [PDF] [more]
Daniel J. Bernstein. ``How to stretch random functions: the security of protected counter sums.'' Journal of Cryptology 12 (1999), 185--192.
http://cr.yp.to/papers.html#hash127-abs 2pp 1999.04.04 [PDF] [more]
Daniel J. Bernstein. ``Guaranteed message authentication faster than MD5 (abstract).''
http://cr.yp.to/papers.html#unipat 6pp 2000.08.06 [PDF] [more]
Daniel J. Bernstein. ``A simple universal pattern-matching automaton.''
http://cr.yp.to/papers.html#sigs 11pp refereed 2000.08.09 [PDF] [more]
Daniel J. Bernstein. ``A secure public-key signature system with extremely fast verification.'' Accepted to Journal of Cryptology, but withdrawn to be incorporated into author's High-speed cryptography book.
http://cr.yp.to/papers.html#sortedsums 6pp 1998.06.29 refereed printed 2001.01 [PDF] [more]
Daniel J. Bernstein. ``Enumerating solutions to p(a)+q(b)=r(c)+s(d).'' Mathematics of Computation 70 (2001), 389--394.
http://cr.yp.to/papers.html#m3 19pp refereed 2001.08.11 [PDF] [more]
Daniel J. Bernstein. ``Multidigit multiplication for mathematicians.'' Accepted to Advances in Applied Mathematics, but withdrawn by author to prevent irreparable mangling by Academic Press.
http://cr.yp.to/papers.html#nfscircuit 11pp 2001.11.09 [PDF] [more]
Daniel J. Bernstein. ``Circuits for integer factorization: a proposal.'' Excerpted from DMS-0140542 grant proposal.
http://cr.yp.to/papers.html#sqroot 10pp 2001.11.23 [PDF] [more]
Daniel J. Bernstein. ``Faster square roots in annoying finite fields.'' To be incorporated into author's High-speed cryptography book.
http://cr.yp.to/papers.html#nonsquare 3pp 2001.12.20 [PDF] [more]
Daniel J. Bernstein. ``Faster algorithms to find non-squares modulo worst-case integers.''
http://cr.yp.to/papers.html#pippenger 21pp 2001.12.18 2002.01.18 [PDF] [more]
Daniel J. Bernstein. ``Pippenger's exponentiation algorithm.'' To be incorporated into author's High-speed cryptography book. Error pointed out by Sam Hocevar: the example in Figure 4 needs 2 and is thus of length 18.
http://cr.yp.to/papers.html#sf 15pp 2000.06.22 2002.09.23 [PDF] [more]
Daniel J. Bernstein. ``How to find small factors of integers.'' Now being revamped in light of smoothparts results.
http://cr.yp.to/papers.html#psi 18pp 2000.11.03 refereed printed 2002.10.01 [PDF] [more]
Daniel J. Bernstein. ``Arbitrarily tight bounds on the distribution of smooth integers.'' Pages 49--66 in Number theory for the Millennium volume 1, edited by Michael A. Bennett, Bruce C. Berndt, Nigel Boston, Harold G. Diamond, Adolf J. Hildebrand, Walter Philipp. A. K. Peters, 2002. ISBN 1-56881-126-8.
http://cr.yp.to/papers.html#aks 15pp 2002.08.09 2003.01.25 [PDF] [more]
Daniel J. Bernstein. ``Proving primality after Agrawal-Kayal-Saxena.''
http://cr.yp.to/papers.html#logfloor 4pp 2003.06.29 2003.06.30 [PDF] [more]
Daniel J. Bernstein. ``Computing logarithm floors in essentially linear time.''
http://cr.yp.to/papers.html#logagm 8pp 2003.07.17 2003.07.17 [PDF] [more]
Daniel J. Bernstein. ``Computing logarithm intervals with the arithmetic-geometric-mean iteration.''
http://cr.yp.to/papers.html#fastnewton 13pp 1998.06.27 2004.03.09 [PDF] [more]
Daniel J. Bernstein. ``Removing redundancy in high-precision Newton iteration.''
http://cr.yp.to/papers.html#primesieves 8pp 1999.05.05 refereed printed 2004.04 [PDF] [more]
A. O. L. Atkin, Daniel J. Bernstein. ``Prime sieves using binary quadratic forms.'' Mathematics of Computation 73 (2004), 1023--1030.
http://cr.yp.to/papers.html#smoothparts 7pp 2004.05.10 2004.05.10 [PDF] [more]
Daniel J. Bernstein. ``How to find smooth parts of integers.''
http://cr.yp.to/papers.html#focus 8pp 2001.12.31 refereed printed 2004.06.10 [more]
Daniel J. Bernstein. ``Doubly focused enumeration of locally square polynomial values.'' Pages 69--76 in High primes and misdemeanours: lectures in honour of the 60th birthday of Hugh Cowie Williams, edited by Alf van der Poorten, Andreas Stein. Fields Institute Communications 41, American Mathematical Society, 2004. ISBN 0-8218-3353-7.
http://cr.yp.to/papers.html#scaledmod 8pp 2004.08.20 2004.08.20 [PDF] [more]
Daniel J. Bernstein. ``Scaled remainder trees.''
http://cr.yp.to/papers.html#hash127 21pp 1999.04.04 2004.09.18 [PDF] [more]
Daniel J. Bernstein. ``Floating-point arithmetic and message authentication.'' To be incorporated into author's High-speed cryptography book.
http://cr.yp.to/papers.html#dcba2 4pp 2004.10.09 2004.11.03 [PDF] [more]
Daniel J. Bernstein. ``Research announcement: Faster factorization into coprimes.''
http://cr.yp.to/papers.html#prime2004 15pp 2004.02.12 2004.12.23 [PDF] [more]
Daniel J. Bernstein. ``Distinguishing prime numbers from composite numbers: the state of the art in 2004.''
http://cr.yp.to/papers.html#dcba 30pp 1996.05.12 refereed printed 2005.01 [PDF] [more]
Daniel J. Bernstein. ``Factoring into coprimes in essentially linear time.'' Journal of Algorithms 54 (2005), 1--30.
http://cr.yp.to/papers.html#easycbc 6pp 2005.01.09 2005.01.09 [PDF] [more]
Daniel J. Bernstein. ``A short proof of the unpredictability of cipher block chaining.''
http://cr.yp.to/papers.html#securitywcs 17pp 2004.10.19 refereed printed 2005.02.27 [PDF] [more]
Daniel J. Bernstein. ``Stronger security bounds for Wegman-Carter-Shoup authenticators.'' Pages 164--180 in Advances in Cryptology---EUROCRYPT 2005, 24th annual international conference on the theory and applications of cryptographic techniques, Aarhus, Denmark, May 22--26, 2005, proceedings, edited by Ronald Cramer. Lecture Notes in Computer Science 3494, Springer, 2005. ISBN 3-540-25910-4.
http://cr.yp.to/papers.html#permutations 10pp 2005.03.23 2005.03.23 [PDF] [more]
Daniel J. Bernstein. ``Stronger security bounds for permutations.'' To be incorporated into author's High-speed cryptography book.
http://cr.yp.to/papers.html#poly1305 18pp 2004.11.01 refereed printed 2005.03.29 [PDF] [more]
Daniel J. Bernstein. ``The Poly1305-AES message-authentication code.'' Pages 32--49 in Fast software encryption: 12th international workshop, FSE 2005, Paris, France, February 21--23, 2005, revised selected papers, edited by Henri Gilbert and Helena Handschuh. Lecture Notes in Computer Science 3557, Springer, 2005. ISBN 3-540-26541-4.
http://cr.yp.to/papers.html#cachetiming 37pp 2004.11.11 2005.04.14 [PDF] [more]
Daniel J. Bernstein. ``Cache-timing attacks on AES.''
http://cr.yp.to/papers.html#bruteforce 10pp 2005.04.25 refereed 2005.04.25 [PDF] [more]
Daniel J. Bernstein. ``Understanding brute force.'' ECRYPT STVL Workshop on Symmetric Key Encryption.
http://cr.yp.to/papers.html#abccong 5pp 2003.03.14 refereed printed 2005.12.24 [PDF] [more]
Daniel J. Bernstein. ``Sharper ABC-based bounds for congruent polynomials.'' Journal de Théorie des Nombres de Bordeaux 17 (2005), 721--725.
http://cr.yp.to/papers.html#stream256 14pp 2005.12.23 refereed 2006.01.23 [PDF] [more]
Daniel J. Bernstein. ``Comparison of 256-bit stream ciphers at the beginning of 2006.'' Workshop Record of SASC 2006: Stream Ciphers Revisited.
http://cr.yp.to/papers.html#curve25519 22pp 2005.11.15 refereed printed 2006.02.09 [PDF] [more]
Daniel J. Bernstein. ``Curve25519: new Diffie-Hellman speed records.'' Pages 207--228 in Public key cryptography---PKC 2006, 9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24--26, 2006, proceedings, edited by Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin. Lecture Notes in Computer Science 3958, Springer, 2006. ISBN 3-540-33851-9.
http://cr.yp.to/papers.html#diffchain 16pp 2006.02.19 2006.02.19 [PDF] [more]
Daniel J. Bernstein. ``Differential addition chains.''
http://cr.yp.to/papers.html#zkcrypt 4pp 2006.03.02 2006.03.02 [PDF] [more]
Daniel J. Bernstein. ``Does ZK-Crypt version 1 flunk a repetition test?''
http://cr.yp.to/papers.html#curvezero 13pp 2006.07.21 2006.07.26 [PDF] [more]
Daniel J. Bernstein. ``Can we avoid tests for zero in fast elliptic-curve arithmetic?''
http://cr.yp.to/papers.html#quartic 15pp 2003.01.28 refereed printed 2006.09.14 [PDF] [more]
Daniel J. Bernstein. ``Proving primality in essentially quartic random time.'' Mathematics of Computation 76 (2007), 389--403.
http://cr.yp.to/papers.html#meecrt 12pp 2003.08.15 refereed printed 2006.09.14 [PDF] [more]
Daniel J. Bernstein, Jonathan P. Sorenson. ``Modular exponentiation via the explicit Chinese remainder theorem.'' Mathematics of Computation 76 (2007), 443--454.
http://cr.yp.to/papers.html#powers2 4pp 2004.06.30 refereed printed 2006.09.14 [PDF] [more]
Daniel J. Bernstein, Hendrik W. Lenstra, Jr., Jonathan Pila. ``Detecting perfect powers by factoring into coprimes.'' Mathematics of Computation 76 (2007), 385--388.
http://cr.yp.to/papers.html#kdvseries 4pp 2006.10.19 2006.10.19 [PDF] [more]
Daniel J. Bernstein. ``Using fast power-series arithmetic in the Kedlaya-Denef-Vercauteren algorithm.''
http://cr.yp.to/papers.html#aecycles 13pp 2007.01.11 refereed 2007.01.18 [PDF] [more]
Daniel J. Bernstein. ``Cycle counts for authenticated encryption.'' Workshop Record of SASC 2007: The State of the Art of Stream Ciphers.
http://cr.yp.to/papers.html#expandxor 10pp 2007.04.11 refereed 2007.05.03 [PDF] [more]
Daniel J. Bernstein. ``What output size resists collisions in a xor of independent expansions?'' Workshop Record of ECRYPT Workshop on Hash Functions 2007.
http://cr.yp.to/papers.html#cipherdag 2pp 2007.06.30 refereed 2007.06.30 [PDF] [more]
Daniel J. Bernstein. ``Cipher DAGs.'' Workshop Record of ECRYPT Workshop on Tools for Cryptanalysis 2007.
http://cr.yp.to/papers.html#antiquad 19pp 2007.03.03 refereed printed 2007.08.17 [PDF] [more]
Bo-Yin Yang, Owen Chia-Hsin Chen, Daniel J. Bernstein, Jiun-Ming Chen. ``Analysis of QUAD.'' Pages 290--308 in Fast software encryption: 14th international workshop, FSE 2007, Luxembourg, Luxembourg, March 26--28, 2007, revised selected papers, edited by Alex Biryukov. Lecture Notes in Computer Science 4593, Springer, 2007. ISBN 978-3-540-74617-1.
http://cr.yp.to/papers.html#genbday 8pp 2007.07.19 refereed 2007.09.04 [PDF] [more]
Daniel J. Bernstein. ``Better price-performance ratios for generalized birthday attacks.'' Workshop Record of SHARCS'07: Special-purpose Hardware for Attacking Cryptographic Systems.
http://cr.yp.to/papers.html#newelliptic 20pp 2007.04.10 refereed printed 2007.09.06 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Faster addition and doubling on elliptic curves.'' Pages 29--50 in Advances in cryptology---ASIACRYPT 2007, 13th international conference on the theory and application of cryptology and information security, Kuching, Malaysia, December 2--6, 2007, proceedings, edited by Kaoru Kurosawa. Lecture Notes in Computer Science 4833, Springer, 2007. ISBN 978-3-540-76899-9.
http://cr.yp.to/papers.html#tangentfft 10pp 2007.08.09 refereed printed 2007.09.19 [PDF] [more]
Daniel J. Bernstein. ``The tangent FFT.'' Pages 291--300 in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 17th International Symposium, AAECC-17, Bangalore, India, December 16--20, 2007, Proceedings, edited by Serdar Boztas and Hsiao-feng Lu, Lecture Notes in Computer Science 4851, Springer, 2007. ISBN 978-3-540-77223-1.
http://cr.yp.to/papers.html#inverted 8pp 2007.10.09 printed 2007.10.09 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Inverted Edwards coordinates.'' Pages 20--27 in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 17th International Symposium, AAECC-17, Bangalore, India, December 16--20, 2007, Proceedings, edited by Serdar Boztas and Hsiao-feng Lu, Lecture Notes in Computer Science 4851, Springer, 2007. ISBN 978-3-540-77223-1. Paper invited from Lange by conference organizers.
http://cr.yp.to/papers.html#pema 14pp 2007.10.22 2007.10.22 [PDF] [more]
Daniel J. Bernstein. ``Polynomial evaluation and message authentication.''
http://cr.yp.to/papers.html#doublebase 16pp 2007.10.28 refereed printed 2007.10.28 [PDF] [more]
Daniel J. Bernstein, Peter Birkner, Tanja Lange, Christiane Peters. ``Optimizing double-base elliptic-curve single-scalar multiplication.'' Pages 167--182 in: Progress in cryptology---INDOCRYPT 2007, 8th international conference on cryptology in India, Chennai, India, December 9--13, 2007, proceedings, edited by Kannan Srinathan, Chandrasekaran Pandu Rangan, and Moti Yung. Lecture Notes in Computer Science 4859, Springer, 2007. ISBN 978-3-540-77025-1.
http://cr.yp.to/papers.html#qmailsec 10pp 2007.11.01 printed 2007.11.01 [PDF]
Daniel J. Bernstein. ``Some thoughts on security after ten years of qmail 1.0.'' Proceedings of Computer Security Architecture Workshop (CSAW) 2007. Paper invited by conference organizers.
http://cr.yp.to/papers.html#efd 19pp 2007.12.04 refereed printed 2007.12.04 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Analysis and optimization of elliptic-curve single-scalar multiplication.'' Pages 1--19 in Finite fields and applications, edited by Gary L. Mullen, Daniel Panario, and Igor E. Shparlinski, Contemporary Mathematics 461, American Mathematical Society, 2008. ISBN 978-0-8218-4309-3.
http://cr.yp.to/papers.html#salsafamily 15pp 2007.12.25 printed 2007.12.25 [PDF] [more]
Daniel J. Bernstein. ``The Salsa20 family of stream ciphers.'' Pages 84--97 in New stream cipher designs: the eSTREAM finalists, edited by Matthew Robshaw and Olivier Billet, Lecture Notes in Computer Science 4986, Springer, 2008. ISBN 978-3-540-68350-6. Paper invited by book editors.
http://cr.yp.to/papers.html#chacha 6pp 2008.01.20 refereed 2008.01.28 [PDF] [more]
Daniel J. Bernstein. ``ChaCha, a variant of Salsa20.'' Workshop Record of SASC 2008: The State of the Art of Stream Ciphers.
http://cr.yp.to/papers.html#rwsota 11pp 2008.01.31 2008.01.31 [PDF] [more]
Daniel J. Bernstein. ``RSA signatures and Rabin-Williams signatures: the state of the art.''
http://cr.yp.to/papers.html#rwtight 18pp 2003.09.26 refereed printed 2008.02.01 [PDF] [more]
Daniel J. Bernstein. ``Proving tight security for Rabin-Williams signatures.'' Pages 70--87 in Advances in cryptology---EUROCRYPT 2008, 27th annual international conference on the theory and applications of cryptographic techniques, Istanbul, Turkey, April 13--17, 2008, proceedings, edited by Nigel Smart, Lecture Notes in Computer Science 4965, Springer, 2008. ISBN 978-3-540-78966-6.
http://cr.yp.to/papers.html#twisted 17pp 2008.01.08 refereed printed 2008.03.13 [PDF] [more]
Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, Christiane Peters. ``Twisted Edwards curves.'' Pages 389--405 in Progress in cryptology---AFRICACRYPT 2008, first international conference on cryptology in Africa, Casablanca, Morocco, June 11--14, 2008, proceedings, edited by Serge Vaudenay, Lecture Notes in Computer Science 5023, Springer, 2008. ISBN 978-3-540-68159-5.
http://cr.yp.to/papers.html#broken 35pp 2008.02.21 2008.03.30 [PDF] [more]
Daniel J. Bernstein. ``Which eSTREAM ciphers have been broken?''
http://cr.yp.to/papers.html#phase3speed 13pp 2008.02.25 2008.03.31 [PDF] [more]
Daniel J. Bernstein. ``Which phase-3 eSTREAM ciphers provide the best software speeds?''
http://cr.yp.to/papers.html#forgery 15pp 2001.07.31 refereed printed 2008.05.01 [PDF] [more]
Daniel J. Bernstein. ``Protecting communications against forgery.'' Pages 535--549 in Algorithmic number theory: lattices, number fields, curves and cryptography, edited by Joe Buhler, Peter Stevenhagen. Cambridge University Press. ISBN 978-0521808545. Erratum: The conjecture on page 539 is quantitatively incorrect (as are many analogous conjectures in the literature) for the most obvious definition of "steps". There exists an attack algorithm with a considerably better tradeoff between success probability and number of steps, even though no feasible method is known to find that algorithm.
http://cr.yp.to/papers.html#smallheight 26pp 2003.09.18 refereed printed 2008.05.02 [PDF] [more]
Daniel J. Bernstein. ``Reducing lattice bases to find small-height values of univariate polynomials.'' Pages 421--446 in Algorithmic number theory: lattices, number fields, curves and cryptography, edited by Joe Buhler, Peter Stevenhagen. Cambridge University Press. ISBN 978-0521808545.
http://cr.yp.to/papers.html#multapps 60pp 2003.01.19 refereed printed 2008.05.15 [PDF] [more]
Daniel J. Bernstein. ``Fast multiplication and its applications.'' Pages 325--384 in Algorithmic number theory: lattices, number fields, curves and cryptography, edited by Joe Buhler, Peter Stevenhagen. Cambridge University Press. ISBN 978-0521808545.
http://cr.yp.to/papers.html#edwards2 23pp 2008.04.15 refereed printed 2008.06.11 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Reza Rezaeian Farashahi. ``Binary Edwards curves.'' Pages 244--265 in Cryptographic hardware and embedded systems---CHES 2008, 10th international workshop, Washington, D.C., USA, August 10--13, 2008, proceedings, edited by Elisabeth Oswald and Pankaj Rohatgi, Lecture Notes in Computer Science 5154, Springer, 2008. ISBN 978-3-540-85052-6.
http://cr.yp.to/papers.html#mceliece 16pp 2008.07.22 refereed printed 2008.08.07 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters. ``Attacking and defending the McEliece cryptosystem.'' Pages 31--46 in Post-quantum cryptography: second international workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17--19, 2008, proceedings, edited by Johannes Buchmann and Jintai Ding. Springer, 2008. ISBN 978-3-540-88402-6.
http://cr.yp.to/papers.html#aesspeed 15pp 2008.09.08 refereed printed 2008.09.26 [PDF] [more]
Daniel J. Bernstein, Peter Schwabe. ``New AES software speed records.'' Pages 322--336 in Progress in cryptology---INDOCRYPT 2008, 9th international conference on cryptology in India, Kharagpur, India, December 14--17, 2008, proceedings, edited by Dipanwita Roy Chowdhury. Vincent Rijmen, and Abhijit Das. Lecture Notes in Computer Science 5365. Springer, 2008. ISBN 978-3-540-89753-8.
http://cr.yp.to/papers.html#gpuecm 20pp 2008.11.11 refereed printed 2009.01.27 [PDF] [more]
Daniel J. Bernstein, Tien-Ren Chen, Chen-Mou Cheng, Tanja Lange, Bo-Yin Yang. ``ECM on graphics cards.'' Pages 483--501 in Advances in cryptology---EUROCRYPT 2009, 28th annual international conference on the theory and applications of cryptographic techniques, Cologne, Germany, April 26--30, 2009, proceedings, edited by Antoine Joux. Lecture Notes in Computer Science 5479. Springer, 2009. ISBN 978-3-642-01000-2.
http://cr.yp.to/papers.html#naclcrypto 45pp 2009.03.10 2009.03.10 [PDF]
Daniel J. Bernstein. ``Cryptography in NaCl.''
http://cr.yp.to/papers.html#bbe 21pp 2009.06.04 refereed printed 2009.06.04 [PDF] [more]
Daniel J. Bernstein. ``Batch binary Edwards.'' Pages 317--336 in Advances in cryptology---Crypto 2009, 29th annual international cryptology conference, Santa Barbara, CA, USA, August 16--20, 2009, proceedings, edited by Shai Halevi. Lecture Notes in Computer Science 5677, Springer, 2009. ISBN 978-3-642-03355-1.
http://cr.yp.to/papers.html#collisioncost 12pp 2009.05.17 refereed 2009.08.23 [PDF] [more]
Daniel J. Bernstein. ``Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?'' Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.
http://cr.yp.to/papers.html#ecc2x 32pp 2009.09.01 refereed 2009.09.01 [PDF] [more]
Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme, Giacomo de Meulenaer, Junfeng Fan, Tim Gueneysu, Frank Gurkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Christof Paar, Francesco Regazzoni, Peter Schwabe, Leif Uhsadel. ``The Certicom challenges ECC2-X.'' Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.
http://cr.yp.to/papers.html#pc109 14pp 2009.09.01 refereed 2009.09.01 [PDF] [more]
Daniel J. Bernstein, Hsueh-Chung Chen, Ming-Shing Chen, Chen-Mou Cheng, Chun-Hung Hsiao, Tanja Lange, Zong-Cing Lin, Bo-Yin Yang. ``The billion-mulmod-per-second PC.'' Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.
http://cr.yp.to/papers.html#fsbday 21pp 2009.06.17 refereed printed 2009.10.03 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, Peter Schwabe. ``FSBday: implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB.'' Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems. Pages 18--38 in Progress in cryptology---INDOCRYPT 2009, 10th international conference on cryptology in India, New Delhi, India, December 13--16, 2009, proceedings, edited by Bimal Roy and Nicolas Sendrier. Lecture Notes in Computer Science 5922, Springer, 2009. ISBN 978-3-642-10627-9.
http://cr.yp.to/papers.html#linearmod2 16pp 2009.08.30 refereed 2009.10.05 [PDF] [more]
Daniel J. Bernstein. ``Optimizing linear maps modulo 2.'' Workshop Record of SPEED-CC: Software Performance Enhancement for Encryption and Decryption and Cryptographic Compilers.
http://cr.yp.to/papers.html#ecc2k130 20pp 2009.11.05 2009.11.18 [PDF] [more]
Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier van Damme, Giacomo de Meulenaer, Luis Julian Dominguez Perez, Junfeng Fan, Tim Gueneysu, Frank Gurkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni, Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, Bo-Yin Yang. ``Breaking ECC2K-130.''
http://cr.yp.to/papers.html#grovercode 8pp 2009.11.23 refereed printed 2010.03.03 [PDF] [more]
Daniel J. Bernstein. ``Grover vs. McEliece.'' Pages 73--80 in Post-quantum cryptography: third international workshop, PQCrypto 2010, Darmstadt, Germany, May 25--28, 2010, proceedings, edited by Nicolas Sendrier. Lecture Notes in Computer Science 6061, Springer, 2010. ISBN 978-3-642-12928-5.
http://cr.yp.to/papers.html#opb 17pp 2010.02.09 refereed printed 2010.04.13 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Type-II optimal polynomial bases.'' Pages 41--61 in Arithmetic of finite fields: third international workshop, WAIFI 2010, Istanbul, Turkey, June 27--30, 2010, proceedings, edited by M. Anwar Hasan and Tor Helleseth, Lecture Notes in Computer Science 6087, Springer, 2010. ISBN 978-3-642-13796-9.
http://cr.yp.to/papers.html#a1ecm 20pp 2010.06.14 refereed printed 2010.06.14 [PDF] [more]
Daniel J. Bernstein, Peter Birkner, Tanja Lange. ``Starfish on strike.'' Pages 61--80 in Progress in cryptology---LATINCRYPT 2010, first international conference on cryptology and information security in Latin America, Puebla, Mexico, August 8--11, 2010, proceedings, edited by Michel Abdalla and Paulo S. L. M. Barreto, Lecture Notes in Computer Science 6212, Springer, 2010. ISBN 978-3-642-14711-1. Typo in the proof of Theorem 5.1: the displayed ...=d should be -...=d.
http://cr.yp.to/papers.html#bestat 5pp 2010.09.06 2010.09.06 [PDF] [more]
Daniel J. Bernstein. ``Visualizing area-time tradeoffs for SHA-3.''
http://cr.yp.to/papers.html#interop 5pp 2010.09.15 2010.09.15 [PDF] [more]
Daniel J. Bernstein. ``SHA-3 interoperability.''
http://cr.yp.to/papers.html#completed 15pp 2009.11.25 refereed printed 2010.10.06 [PDF]
Daniel J. Bernstein, Tanja Lange. ``A complete set of addition laws for incomplete Edwards curves.'' Journal of Number Theory 131 (2011), 858--872.
http://cr.yp.to/papers.html#wild 18pp 2010.07.21 refereed printed 2010.10.07 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters. ``Wild McEliece''. Pages 143--158 in Selected areas in cryptography---17th international workshop, SAC 2010, Waterloo, Ontario, Canada, August 12--13, 2010, revised selected papers, edited by Alex Biryukov, Guang Gong, and Douglas R. Stinson, Lecture Notes in Computer Science 6544, Springer, 2011. ISBN 978-3-642-19573-0.
http://cr.yp.to/papers.html#quantumsha3 7pp 2010.11.12 2010.11.12 [PDF] [more]
Daniel J. Bernstein. ``Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein.''
http://cr.yp.to/papers.html#negation 26pp 2011.01.02 refereed printed 2011.01.02 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Peter Schwabe. ``On the correct use of the negation map in the Pollard rho method.'' 2010.12.22 version: Pages 128–146 in Public key cryptography---PKC 2011---14th international conference on practice and theory in public key cryptography, Taormina, Italy, March 6--9, 2011, proceedings, edited by Dario Catalano, Nelly Fazio, Rosario Gennaro, and Antonio Nicolosi, Lecture Notes in Computer Science 6571, Springer, 2011. ISBN 978-3-642-19378-1. 2011.01.02 version: Full version online.
http://cr.yp.to/papers.html#xsalsa 14pp 2008.11.28 refereed 2011.02.04 [PDF] [more]
Daniel J. Bernstein. ``Extending the Salsa20 nonce.'' Workshop Record of Symmetric Key Encryption Workshop 2011.
http://cr.yp.to/papers.html#goppalist 19pp 2008.07.06 refereed printed 2011.03.03 [PDF] [more]
Daniel J. Bernstein. ``List decoding for binary Goppa codes.'' Pages 62--80 in Coding and cryptology---third international workshop, IWCC 2011, Qingdao, China, May 30--June 3, 2011, proceedings, edited by Yeow Meng Chee, Zhenbo Guo, San Ling, Fengjing Shao, Yuansheng Tang, Huaxiong Wang, and Chaoping Xing, Lecture Notes in Computer Science 6639, Springer, 2011. ISBN 978-3-642-20900-0.
http://cr.yp.to/papers.html#ballcoll 26pp 2010.11.17 2011.03.07 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters. ``Smaller decoding exponents: ball-collision decoding.'' Proceedings of Crypto 2011, to appear.
http://cr.yp.to/papers.html#2reg 18pp 2011.03.09 refereed printed 2011.03.09 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe. ``Faster 2-regular information-set decoding.'' Pages 81--98 in Coding and cryptology---third international workshop, IWCC 2011, Qingdao, China, May 30--June 3, 2011, proceedings, edited by Yeow Meng Chee, Zhenbo Guo, San Ling, Fengjing Shao, Yuansheng Tang, Huaxiong Wang, and Chaoping Xing, Lecture Notes in Computer Science 6639, Springer, 2011. ISBN 978-3-642-20900-0.
http://cr.yp.to/papers.html#rfsb 19pp 2011.02.14 refereed printed 2011.05.08 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe. ``Really fast syndrome-based hashing.'' Pages 134--152 in Progress in cryptology---AFRICACRYPT 2011---4th international conference on cryptology in Africa, Dakar, Senegal, July 5--7, 2011, proceedings, edited by Abderrahmane Nitaj and David Pointcheval, Lecture Notes in Computer Science 6737, Springer, 2011. ISBN 978-3-642-21968-9.
http://cr.yp.to/papers.html#wild2 13pp 2011.09.15 refereed printed 2011.09.15 [PDF] [more]
Daniel J. Bernstein, Tanja Lange, Christiane Peters. ``Wild McEliece incognito''. Pages 244--254 in Post-quantum cryptography---4th international workshop, PQCrypto 2011, Taipei, Taiwan, November 29--December 2, 2011, proceedings, edited by Bo-Yin Yang, Lecture Notes in Computer Science 7071, Springer, 2011. ISBN 978-3-642-25404-8.
http://cr.yp.to/papers.html#simplelist 17pp 2011.03.20 refereed printed 2011.09.15 [PDF] [more]
Daniel J. Bernstein. ``Simplified high-speed high-distance list decoding for alternant codes.'' Pages 200--216 in Post-quantum cryptography---4th international workshop, PQCrypto 2011, Taipei, Taiwan, November 29--December 2, 2011, proceedings, edited by Bo-Yin Yang, Lecture Notes in Computer Science 7071, Springer, 2011. ISBN 978-3-642-25404-8.
http://cr.yp.to/papers.html#ed25519 23pp 2011.07.05 refereed printed 2011.09.26 [PDF] [more]
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang. ``High-speed high-security signatures.'' Journal of Cryptographic Engineering 2 (2012), 77--89. Previous version: Pages 124--142 in Cryptographic hardware and embedded systems---CHES 2011, 13th international workshop, Nara, Japan, September 28--October 1, 2011, proceedings, edited by Bart Preneel and Tsuyoshi Takagi, Lecture Notes in Computer Science 6917, Springer, 2011. ISBN 978-3-642-23950-2.
http://cr.yp.to/papers.html#eecm 41pp 2008.01.09 refereed printed 2011.10.08 [PDF] [more]
Daniel J. Bernstein, Peter Birkner, Tanja Lange, Christiane Peters. ``ECM using Edwards curves.'' Mathematics of Computation 82 (2013), 1139--1179.
http://cr.yp.to/papers.html#gpuecc2k 19pp 2012.01.02 refereed printed 2012.01.02 [PDF]
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, Bo-Yin Yang. ``ECC2K-130 on NVIDIA GPUs.'' 2010.09.25 version: Pages 328–346 in Progress in cryptology---INDOCRYPT 2010---11th international conference on cryptology in India, Hyderabad, India, December 12--15, 2010, proceedings, edited by Guang Gong and Kishan Chand Gupta, Lecture Notes in Computer Science 6498, Springer, 2010. ISBN 978-3-642-17400-1. 2012.01.02: Full version online.
http://cr.yp.to/papers.html#sha3opt 8pp 2012.01.04 2012.01.04 [PDF]
Daniel J. Bernstein. ``Optimization failures in SHA-3 software.''
http://cr.yp.to/papers.html#shootout 13pp 2012.01.03 refereed 2012.02.19 [PDF]
Daniel J. Bernstein, Tanja Lange. ``The new SHA-3 software shootout.'' Third SHA-3 Candidate Conference.
http://cr.yp.to/papers.html#gpuasm 10pp 2012.03.13 refereed 2012.03.13 [PDF]
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, Bo-Yin Yang. ``Usable assembly language for GPUs: a success story.'' Workshop Record of SHARCS 2012: Special-Purpose Hardware for Attacking Cryptographic Systems.
http://cr.yp.to/papers.html#neoncrypto 15pp 2012.03.20 refereed printed 2012.03.20 [PDF]
Daniel J. Bernstein, Peter Schwabe. ``NEON crypto.'' Online update: Coming soon. 2012.06.19 version: Pages 320--339 in Cryptographic hardware and embedded systems, CHES 2012, 14th international workshop, Leuven, Belgium, September 9--12, 2012, proceedings, edited by Emmanuel Prouff and Patrick Schaumont, Lecture Notes in Computer Science 7428, Springer, 2012. ISBN 978-3-642-33026-1.
http://cr.yp.to/papers.html#bunny 12pp 2012.06.21 refereed printed 2012.06.21 [PDF]
Daniel J. Bernstein, Tanja Lange. ``Never trust a bunny.'' Pages 137--148 in Radio frequency identification. Security and privacy issues---8th international workshop, RFIDSec 2012, Nijmegen, The Netherlands, July 2--3, 2012, revised selected papers, edited by Jaap-Henk Hoepman and Ingrid Verbauwhede, Lecture Notes in Computer Science 7739, Springer, 2013. ISBN 978-3-642-36139-5.
http://cr.yp.to/papers.html#grumpy 19pp 2012.06.02 refereed printed 2012.07.09 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Two grumpy giants and a baby.'' Pages 87--111 in ANTS X: proceedings of the tenth algorithmic number theory symposium, San Diego 2012, edited by Everett W. Howe and Kiran S. Kedlaya, Mathematical Sciences Publishers, 2013. ISBN 978-1-935107-01-9.
http://cr.yp.to/papers.html#coolnacl 18pp 2011.12.01 refereed printed 2012.07.25 [PDF]
Daniel J. Bernstein, Tanja Lange, Peter Schwabe. ``The security impact of a new cryptographic library.'' Pages 159--176 in Progress in cryptology---LATINCRYPT 2012---2nd international conference on cryptology and information security in Latin America, Santiago, Chile, October 7--10, 2012, proceedings, edited by Alejandro Hevia and Gregory Neven, Lecture Notes in Computer Science 7533, Springer, 2012. ISBN 978-3-642-33480-1.
http://cr.yp.to/papers.html#siphash 20pp 2012.06.20 refereed printed 2012.09.18 [PDF]
Jean-Philippe Aumasson, Daniel J. Bernstein. ``SipHash: a fast short-input PRF.'' Pages 489--508 in Progress in cryptology---INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9--12, 2012, proceedings, edited by Steven D. Galbraith and Mridul Nandi, Lecture Notes in Computer Science 7668, Springer, 2012. ISBN 978-3-642-34930-0. 2012.06.20 version: Workshop Record of DIAC 2012: Directions in Authenticated Ciphers.
http://cr.yp.to/papers.html#cuberoot 22pp 2012.08.12 refereed printed 2012.09.19 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Computing small discrete logarithms faster.'' Pages 317--338 in Progress in cryptology---INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9--12, 2012, proceedings, edited by Steven D. Galbraith and Mridul Nandi, Lecture Notes in Computer Science 7668, Springer, 2012. ISBN 978-3-642-34930-0.
http://cr.yp.to/papers.html#badbatch 20pp 2012.09.19 refereed printed 2012.09.19 [PDF] [more]
Daniel J. Bernstein, Jeroen Doumen, Tanja Lange, Jan-Jaap Oosterwijk. ``Faster batch forgery identification.'' Pages 454--473 in Progress in cryptology---INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9--12, 2012, proceedings, edited by Steven D. Galbraith and Mridul Nandi, Lecture Notes in Computer Science 7668, Springer, 2012. ISBN 978-3-642-34930-0.
http://cr.yp.to/papers.html#qsubsetsum 18pp 2013.04.07 refereed printed 2013.04.07 [PDF] [more]
Daniel J. Bernstein, Stacey Jeffery, Tanja Lange, Alexander Meurer. ``Quantum algorithms for the subset-sum problem.'' Pages 16--33 in Post-quantum cryptography---5th international workshop, PQCrypto 2013, Limoges, France, June 4--7, 2013, proceedings, edited by Philippe Gaborit, Lecture Notes in Computer Science 7932, Springer, 2013. ISBN 978-3-642-38615-2.
http://cr.yp.to/papers.html#mcbits 26pp 2013.06.16 refereed printed 2013.06.16 [PDF] [more]
Daniel J. Bernstein, Tung Chou, Peter Schwabe. ``McBits: fast constant-time code-based cryptography.'' Pages 250--272 in Cryptographic hardware and embedded systems---CHES 2013---15th international workshop, Santa Barbara, CA, USA, August 20--23, 2013, proceedings, edited by Guido Bertoni and Jean-S\'ebastien Coron, Lecture Notes in Computer Science 8086, Springer, 2013. ISBN 978-3-642-40348-4.
http://cr.yp.to/papers.html#rc4biases 31pp 2013.07.08 refereed printed 2013.07.08 [PDF]
Nadhem J. AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt. ``On the security of RC4 in TLS and WPA.'' Short version: ``On the security of RC4 in TLS''; pages 305--320 in Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14--16, 2013, edited by Samuel T. King, USENIX Association, 2013. ISBN 978-1-931971-03-4.
http://cr.yp.to/papers.html#elligator 13pp 2013.05.27 refereed printed 2013.08.28 [PDF] [more]
Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, Tanja Lange. ``Elligator: Elliptic-curve points indistinguishable from uniform random strings.'' Pages 967--980 in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4--8, 2013, edited by Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung, ACM, 2013. ISBN 978-1-4503-2477-9.
http://cr.yp.to/papers.html#nonuniform 53pp 2012.06.04 refereed printed 2013.09.14 [PDF] [more]
Daniel J. Bernstein, Tanja Lange. ``Non-uniform cracks in the concrete: the power of free precomputation.'' Pages 321--340 in Advances in cryptology---ASIACRYPT 2013---19th international conference on the theory and application of cryptology and information security, Bengaluru, India, December 1--5, 2013, proceedings, part II, edited by Kazue Sako and Palash Sarkar, Lecture Notes in Computer Science 8270, Springer, 2013. ISBN 978-3-642-42044-3.
http://cr.yp.to/papers.html#smartfacts 20pp 2013.09.16 refereed printed 2013.09.16 [PDF] [more]
Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren. ``Factoring RSA keys from certified smart cards: Coppersmith in the wild.'' Pages 341--360 in Advances in cryptology---ASIACRYPT 2013---19th international conference on the theory and application of cryptology and information security, Bengaluru, India, December 1--5, 2013, proceedings, part II, edited by Kazue Sako and Palash Sarkar, Lecture Notes in Computer Science 8270, Springer, 2013. ISBN 978-3-642-42044-3.
http://cr.yp.to/papers.html#minimalt 13pp 2013.05.22 refereed printed 2013.10.31 [PDF] [more]
W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, Tanja Lange. ``MinimaLT: Minimal-latency networking through better security.'' Pages 425--438 in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4--8, 2013, edited by Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung, ACM, 2013. ISBN 978-1-4503-2477-9.
http://cr.yp.to/papers.html#kummer 21pp 2014.02.18 2014.02.18 [PDF]
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, Peter Schwabe. ``Kummer strikes back: new DH speed records.''
http://cr.yp.to/papers.html#hyperand 21pp 2014.05.27 refereed 2014.05.27 [PDF]
Daniel J. Bernstein, Tanja Lange. ``Hyper-and-elliptic-curve cryptography.'' Algorithmic number theory symposium, to appear.
http://cr.yp.to/papers.html#dualectls 17pp 2014.04.07 refereed 2014.06.06 [PDF] [more]
Stephen Checkoway, Matt Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matt Green, Tanja Lange, Tom Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham. ``On the practical exploitability of Dual EC in TLS implementations.'' Proceedings of the 23rd USENIX Security Symposium, edited by Kevin Fu, USENIX Association, to appear.
http://cr.yp.to/papers.html#curve41417 19pp 2014.07.06 refereed 2014.07.06 [PDF]
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange. ``Curve41417: Karatsuba revisited.'' Cryptographic hardware and embedded systems, to appear.
http://cr.yp.to/papers.html#tweetnacl 18pp 2013.12.29 refereed 2014.09.17 [PDF] [more]
Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, Sjaak Smetsers. ``TweetNaCl: a crypto library in 100 tweets.'' LatinCrypt 2014, to appear.
http://cr.yp.to/papers.html#auth256 20pp 2014.09.18 refereed 2014.09.18 [PDF] [more]
Daniel J. Bernstein, Tung Chou. ``Faster binary-field multiplication and faster binary-field MACs.'' Selected Areas in Cryptography 2014, to appear.
http://cr.yp.to/papers.html#decoco refereed
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Henk van Tilborg. ``Explicit bounds for generic decoding algorithms for code-based cryptography.'' Proceedings of WCC 2009.
http://cr.yp.to/papers.html#zeroseek [more]
Daniel J. Bernstein. ``A fast journaling filesystem.''
http://cr.yp.to/papers.html#rings [more]
Daniel J. Bernstein. ``Commutative rings.''
http://cr.yp.to/papers.html#nfspoly [more]
Daniel J. Bernstein. ``Controlling three coefficients in number-field-sieve polynomials.''
http://cr.yp.to/papers.html#decompress [more]
Daniel J. Bernstein. ``Data decompression.''
http://cr.yp.to/papers.html#smoothdep [more]
Daniel J. Bernstein. ``Estimating the dependence time for smooth integers.''
http://cr.yp.to/papers.html#nistp224 [more]
Daniel J. Bernstein. ``Fast point multiplication on the NIST P-224 elliptic curve.'' To be incorporated into author's High-speed cryptography book.
http://cr.yp.to/papers.html#zmult [more]
Daniel J. Bernstein. ``Faster multiplication of integers.''
http://cr.yp.to/papers.html#gge [more]
Daniel J. Bernstein. ``Generalized Gaussian elimination.''
http://cr.yp.to/papers.html#fastgraeffe [more]
Daniel J. Bernstein. ``High-precision roots of high-degree polynomials.''
http://cr.yp.to/papers.html#mimd [more]
Daniel J. Bernstein. ``Matrix inversion made difficult.''
http://cr.yp.to/papers.html#hblcs [more]
Daniel J. Bernstein. ``Predicting a linear congruential sequence from its high bits.''
http://cr.yp.to/papers.html#huptrie [more]
Daniel J. Bernstein. ``Saving space and time in hash tries.''
http://cr.yp.to/papers.html#senfs [more]
Daniel J. Bernstein. ``Superelliptic integrals and the number-field sieve.''
http://cr.yp.to/papers.html#surf [more]
Daniel J. Bernstein. ``SURF: Simple Unpredictable Random Function.''
http://cr.yp.to/papers.html#abc [more]
Daniel J. Bernstein, Bruce E. Kaskel. ``The ABC polygon.''
http://cr.yp.to/papers.html#c3 [more]
Daniel J. Bernstein. ``The complexity of complex convolution.''
http://cr.yp.to/papers.html#dal [more]
Daniel J. Bernstein. ``The ubiquitous dal function.''