Index of formal scientific papers

Papers by date (reverse chronological)

Sorted by date of the most recently published version. When another date is listed, it is the date of the first published version.

rsrst 2025.07.27 14pp PDF old PDF 2025.07.20
Daniel J. Bernstein. "Robust statistics for rejection-sampling timings."

pwccp 2025.05.20 51pp PDF old PDF older PDF even older PDF oldest PDF 2023.09.06
Daniel J. Bernstein. "Papers with computer-checked proofs."

symexemu 2025.05.05 20pp PDF
Daniel J. Bernstein. "Symbolically executing emulators."

cryptoint 2025.04.24 42pp PDF
Daniel J. Bernstein. "The cryptoint library."

eraa 2025.02.03 26pp PDF
Daniel J. Bernstein. "The error rate of algorithm analyses."

kyberslash 2025.01.15 refereed journal 30pp PDF old PDF more 2024.06.28
Daniel J. Bernstein, Karthikeyan Bhargavan, Shivam Bhasin, Anupam Chattopadhyay, Tee Kiah Chia, Matthias J. Kannwischer, Franziskus Kiefer, Thales B. Paiva, Prasanna Ravi, Goutam Tamvada. "KyberSlash: Exploiting secret-dependent division timings in Kyber implementations." IACR Transactions on Cryptographic Hardware and Embedded Systems 2025 issue 2 (2025), 209–234.

footloose 2024.12.30 refereed 25pp PDF old PDF 2021.07.05
Daniel J. Bernstein. "FO derandomization sometimes damages security." IACR Communications in Cryptology, to appear. Previous title: "On the looseness of FO derandomization".

kpqc 2024.12.26 211pp PDF
Daniel J. Bernstein, Jolijn Cottaar, Emanuele Di Giandomenico, Kathrin Hövelmanns, Andreas Hülsing, Mikhail Kudinov, Tanja Lange, Mairon Mahzoun, Matthias Meijers, Alex Pellegrini, Alberto Ravagnani, Silvia Ritsch, Sven Schäge, Tianxin Tang, Monika Trimoska, Marc Vorstermans, Fiona Johanna Weber. "Report on evaluation of KpqC Round-2 candidates."

pqconnect 2024.12.06 refereed book 20pp PDF more
Daniel J. Bernstein, Tanja Lange, Jonathan Levin, Bo-Yin Yang. "PQConnect: automated post-quantum end-to-end tunnels." 32nd annual network and distributed system security symposium, NDSS 2025, San Diego, California, USA, February 24–28, 2025. First posting was 27 December 2024, on the "PQConnect: Papers" page.

safecurves 2024.08.09 refereed book 68pp PDF
Daniel J. Bernstein, Tanja Lange. "Safe curves for elliptic-curve cryptography." Pages 124–191 in Information security in a connected world: celebrating the life and work of Ed Dawson (edited by Colin Boyd, Reihaneh Safavi-Naini, Leonie Simpson), Lecture Notes in Computer Science 15600, Springer, 2025, ISBN 978-3-031-83489-9.

latticeasymp 2024.07.27 refereed 36pp PDF old PDF older PDF 2024.04.13
Daniel J. Bernstein. "Asymptotics for the standard block size in primal lattice attacks: second order, formally verified." IACR Communications in Cryptology, to appear.

goppadecoding 2024.07.02 refereed journal 64pp PDF old PDF older PDF even older PDF oldest PDF 2022.03.20
Daniel J. Bernstein. "Understanding binary-Goppa decoding." IACR Communications in Cryptology 1 (2024), article 1.14.

dacmitm 2024.06.27 refereed journal 23pp PDF
Daniel J. Bernstein, Jolijn Cottaar, Tanja Lange. "Searching for differential addition chains." Research in Number Theory 11 (2025), article 45. Algorithmic Number Theory Symposium (ANTS) 2024.

cat 2024.06.12 refereed book 90pp PDF old PDF older PDF more 2023.06.14
Daniel J. Bernstein, Tung Chou. "CryptAttackTester: high-assurance attack analysis." Pages 141–182 in Advances in cryptology—CRYPTO 2024—44th annual international cryptology conference, Santa Barbara, CA, USA, August 18–22, 2024, proceedings, part VI (edited by Leonid Reyzin, Douglas Stebila), Lecture Notes in Computer Science 14925, Springer, 2024, ISBN 978-3-031-68390-9. Previous title: "CryptAttackTester: formalizing attack analyses".

pqcomplexity 2024.04.19 31pp PDF old PDF older PDF 2023.12.17
Daniel J. Bernstein. "Analyzing the complexity of reference post-quantum software: the case of lattice-based KEMs."

pppqefs 2024.03.27 17pp PDF old PDF 2023.12.06
Daniel J. Bernstein. "Predicting performance for post-quantum encrypted-file systems."

competitions 2024.01.13 refereed journal 42pp PDF old PDF older PDF oldest PDF 2020.12.25
Daniel J. Bernstein. "Cryptographic competitions." Journal of Cryptology 37 (2024), article 7.

hybrid 2023.12.08 28pp PDF
Daniel J. Bernstein. "Asymptotics of hybrid primal lattice attacks."

qrcsp 2023.12.02 35pp PDF older PDF oldest PDF 2023.11.23
Daniel J. Bernstein. "Quantifying risks in cryptographic selection processes."

lprrr 2023.03.17 55pp PDF old PDF 2022.11.14
Daniel J. Bernstein. "Multi-ciphertext security degradation for lattices."

ntrw 2022.10.25 refereed book 29pp PDF old PDF 2022.08.29
Daniel J. Bernstein. "A one-time single-bit fault leaks all previous NTRU-HRSS session keys to a chosen-ciphertext attack." Pages 617–643 in Progress in cryptology—INDOCRYPT 2022, 23rd international conference on cryptology in India, Kolkata, India, December 11–14, 2022, proceedings (edited by Takanori Isobe, Santanu Sarkar), Lecture Notes in Computer Science 13774, Springer, 2022, ISBN 978-3-031-22911-4. Best Paper Award.

abeliannorms 2022.07.31 refereed journal 59pp PDF
Daniel J. Bernstein. "Fast norm computation in smooth-degree Abelian number fields." Research in Number Theory 9 (2023), article 82. Algorithmic Number Theory Symposium (ANTS) 2022.

spherical 2021.10.23 58pp PDF
Daniel J. Bernstein, Tanja Lange. "Non-randomness of S-unit lattices."

opensslntru 2021.10.06 refereed book 18pp PDF more 2021.06.15
Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Nicola Tuveri. "OpenSSLNTRU: Faster post-quantum TLS key exchange." Pages 845–862 in Proceedings of the 31st USENIX Security Symposium (edited by Kevin R. B. Butler, Kurt Thomas), USENIX Association, 2022, ISBN 978-1-939133-31-1.

ctidh 2021.05.13 refereed journal 36pp PDF more
Gustavo Banegas, Daniel J. Bernstein, Fabio Campos, Tung Chou, Tanja Lange, Michael Meyer, Benjamin Smith, Jana Sotáková. "CTIDH: faster constant-time CSIDH." IACR Transactions on Cryptographic Hardware and Embedded Systems 2021 issue 4 (2021), 351–387.

basicblocker 2021.05.04 refereed book 22pp PDF old PDF 2020.07.31
Jan Philipp Thoma, Jakob Feldtkeller, Markus Krausz, Tim Güneysu, Daniel J. Bernstein. "BasicBlocker: ISA redesign to make Spectre-immune CPUs faster." Pages 103–118 in RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses, San Sebastian, Spain, October 6–8, 2021 (edited by Leyla Bilge, Tudor Dumitras), ACM, 2021, ISBN 978-1-4503-9058-3.

comet 2020.11.13 5pp PDF
Daniel J. Bernstein, Henri Gilbert, Meltem Sönmez Turan. "Observations on COMET."

binecc 2020.10.16 refereed journal 33pp PDF more
Gustavo Banegas, Daniel J. Bernstein, Iggy van Hoof, Tanja Lange. "Concrete quantum cryptanalysis of binary elliptic curves." IACR Transactions on Cryptographic Hardware and Embedded Systems 2021 issue 1 (2021), 451–472.

controlbits 2020.09.23 67pp PDF
Daniel J. Bernstein. "Verified fast formulas for control bits for permutation networks."

categories 2020.09.18 28pp PDF
Daniel J. Bernstein. "A discretization attack."

velusqrt 2020.06.16 refereed book 22pp PDF more 2020.03.20
Daniel J. Bernstein, Luca De Feo, Antonin Leroux, Benjamin Smith. "Faster computation of isogenies of large prime degree." Pages 39–55 in ANTS XIV: proceedings of the fourteenth algorithmic number theory symposium, Auckland 2020 (edited by Steven Galbraith), Open Book Series 4, Mathematical Sciences Publishers, 2020, ISBN 978-1-935107-07-1.

gigo 2020.03.30 19pp PDF old PDF 2020.03.29
Daniel J. Bernstein. "Further analysis of the impact of distancing upon the COVID-19 pandemic."

mctiny 2019.12.02 refereed book 18pp PDF
Daniel J. Bernstein, Tanja Lange. "McTiny: fast high-confidence post-quantum key erasure for tiny network servers." Pages 1731–1748 in Proceedings of the 29th USENIX Security Symposium (edited by Srdjan Capkun, Franziska Roesner), USENIX Association, 2020, ISBN 978-1-939133-17-5.

spx 2019.09.23 refereed book 24pp PDF
Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, Peter Schwabe. "The SPHINCS+ signature framework." Pages 2129–2146 in Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, CCS 2019, London, UK, November 11–15, 2019 (edited by Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, Jonathan Katz), ACM, 2019, ISBN 978-1-4503-6747-9.

dspr 2019.09.23 refereed book 36pp PDF old PDF 2019.05.13
Daniel J. Bernstein, Andreas Hülsing. "Decisional second-preimage resistance: When does SPR imply PRE?" Pages 33–62 in Advances in cryptology—ASIACRYPT 2019—25th international conference on the theory and application of cryptology and information security, Kobe, Japan, December 8–12, 2019, proceedings, part III (edited by Steven D. Galbraith, Shiho Moriai), Lecture Notes in Computer Science 11923, Springer, 2019, ISBN 978-3-030-34617-1.

latticeproofs 2019.07.19 refereed 52pp PDF old PDF 2019.06.08
Daniel J. Bernstein. "Comparing proofs of security for lattice-based encryption." Second PQC Standardization Conference.

paretoviz 2019.06.03 refereed 16pp PDF
Daniel J. Bernstein. "Visualizing size-security tradeoffs for lattice-based encryption." Second PQC Standardization Conference.

safegcd 2019.04.13 refereed journal 59pp PDF more 2019.03.05
Daniel J. Bernstein, Bo-Yin Yang. "Fast constant-time gcd computation and modular inversion." IACR Transactions on Cryptographic Hardware and Embedded Systems 2019 issue 3 (2019), 340–398.

qisog 2019.03.05 refereed book 56pp PDF more 2018.10.31
Daniel J. Bernstein, Tanja Lange, Chloe Martindale, Lorenz Panny. "Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies." Pages 409–441 in Advances in cryptology—EUROCRYPT 2019—38th annual international conference on the theory and applications of cryptographic techniques, Darmstadt, Germany, May 19–23, 2019, proceedings, part II (edited by Yuval Ishai, Vincent Rijmen), Lecture Notes in Computer Science 11477, Springer, 2019, ISBN 978-3-030-17655-6.

tightkem 2018.05.28 37pp PDF
Daniel J. Bernstein, Edoardo Persichetti. "Towards KEM unification."

divergence 2018.04.30 10pp PDF more 2017.12.12
Daniel J. Bernstein. "Divergence bounds for random fixed-weight vectors obtained by sorting."

holographic 2018.03.12 11pp PDF old PDF 2016.03.26
Daniel J. Bernstein. "Is the security of quantum cryptography guaranteed by the laws of physics?"

hila5 2018.03.08 refereed book 14pp PDF old PDF 2017.12.18
Daniel J. Bernstein, Leon Groot Bruinderink, Tanja Lange, Lorenz Panny. "HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction." Pages 203–216 in Progress in cryptology, AFRICACRYPT 2018, 10th international conference on cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, proceedings (edited by Antoine Joux, Abderrahmane Nitaj, Tajjeeddine Rachidi), Lecture Notes in Computer Science 10831, Springer, 2018, ISBN 978-3-319-89338-9.

groverxl 2017.12.15 refereed book 21pp PDF
Daniel J. Bernstein, Bo-Yin Yang. "Asymptotically faster quantum algorithms to solve multivariate quadratic equations." Pages 1–20 in Post-quantum cryptography—9th international conference, PQCrypto 2018, Fort Lauderdale, FL, USA, April 9–11, 2018, proceedings (edited by Tanja Lange, Rainer Steinwandt), Lecture Notes in Computer Science 10786, Springer, 2018, ISBN 978-3-319-79062-6.

groverrho 2017.08.18 refereed book 11pp PDF
Gustavo Banegas, Daniel J. Bernstein. "Low-communication parallel quantum multi-target preimage search." Pages 325–335 in Selected Areas in Cryptography—SAC 2017, 24th international conference, Ottawa, ON, Canada, August 16–18, 2017, revised selected papers (edited by Carlisle Adams, Jan Camenisch), Lecture Notes in Computer Science 10719, Springer, 2018, ISBN 978-3-319-72564-2.

ntruprime 2017.08.16 refereed book 55pp PDF more 2016.05.11
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, Christine van Vredendaal. "NTRU Prime: reducing attack surface at low cost." Pages 235–260 in Selected Areas in Cryptography—SAC 2017, 24th international conference, Ottawa, ON, Canada, August 16–18, 2017, revised selected papers (edited by Carlisle Adams, Jan Camenisch), Lecture Notes in Computer Science 10719, Springer, 2018, ISBN 978-3-319-72564-2.

slidingright 2017.06.28 refereed book 21pp PDF 2017.06.27
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, Yuval Yarom. "Sliding right into disaster: Left-to-right sliding windows leak." Pages 555–576 in Cryptographic hardware and embedded systems—CHES 2017—19th international conference, Taipei, Taiwan, September 25–28, 2017, proceedings (edited by Wieland Fischer, Naofumi Homma), Lecture Notes in Computer Science 10529, Springer, 2017, ISBN 978-3-319-66786-7.

gimli 2017.06.27 refereed book 35pp PDF more
Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, Benoît Viguier. "Gimli: a cross-platform permutation." Pages 299–320 in Cryptographic hardware and embedded systems—CHES 2017—19th international conference, Taipei, Taiwan, September 25–28, 2017, proceedings (edited by Wieland Fischer, Naofumi Homma), Lecture Notes in Computer Science 10529, Springer, 2017, ISBN 978-3-319-66786-7.

multiquad 2017.05.01 refereed book 55pp PDF more
Jens Bauch, Daniel J. Bernstein, Henry de Valence, Tanja Lange, Christine van Vredendaal. "Short generators without quantum computers: the case of multiquadratics." Pages 27–59 in Advances in cryptology—EUROCRYPT 2017—36th annual international conference on the theory and applications of cryptographic techniques, Paris, France, April 30–May 4, 2017, proceedings, part I (edited by Jean-Sébastien Coron, Jesper Buus Nielsen), Lecture Notes in Computer Science 10210, Springer, 2017, ISBN 978-3-319-56619-1.

pqrsa 2017.04.19 refereed book 20pp PDF
Daniel J. Bernstein, Nadia Heninger, Paul Lou, Luke Valenta. "Post-quantum RSA." Pages 311–329 in Post-quantum cryptography—8th international workshop, PQCrypto 2017, Utrecht, the Netherlands, June 26–28, 2017, proceedings (edited by Tanja Lange, Tsuyoshi Takagi), Lecture Notes in Computer Science 10346, Springer, 2017, ISBN 978-3-319-59878-9.

grovernfs 2017.04.19 refereed book 17pp PDF
Daniel J. Bernstein, Jean-François Biasse, Michele Mosca. "A low-resource quantum factoring algorithm." Pages 330–346 in Post-quantum cryptography—8th international workshop, PQCrypto 2017, Utrecht, the Netherlands, June 26–28, 2017, proceedings (edited by Tanja Lange, Tsuyoshi Takagi), Lecture Notes in Computer Science 10346, Springer, 2017, ISBN 978-3-319-59878-9.

fallout 2017.04.09 refereed journal 20pp PDF
Daniel J. Bernstein, Tanja Lange. "Post-quantum cryptography—dealing with the fallout of physics success." Nature 549 (2017), 188–194. Journal version has the title without the subtitle.

montladder 2017.03.30 refereed book 37pp PDF
Daniel J. Bernstein, Tanja Lange. "Montgomery curves and the Montgomery ladder." Pages 82–115 in Topics in computational number theory inspired by Peter L. Montgomery (edited by Joppe W. Bos, Arjen K. Lenstra), Cambridge University Press, 2017, ISBN 978-1107109353.

dagger 2017.01.13 38pp PDF more
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange. "Double-base scalar multiplication revisited."

sect113r2 2016.08.06 29pp PDF old PDF 2016.04.14
Daniel J. Bernstein, Susanne Engels, Tanja Lange, Ruben Niederhagen, Christof Paar, Peter Schwabe, Ralf Zimmermann. "Faster elliptic-curve discrete logarithms on FPGAs."

amac 2016.02.28 refereed book 35pp PDF 2016.02.15
Mihir Bellare, Daniel J. Bernstein, Stefano Tessaro. "Hash-function based PRFs: AMAC and its multi-user security." Pages 566–595 in Advances in cryptology—EUROCRYPT 2016—35th annual international conference on the theory and applications of cryptographic techniques, Vienna, Austria, May 8–12, 2016, proceedings, part I (edited by Marc Fischlin, Jean-Sébastien Coron), Lecture Notes in Computer Science 9665, Springer, 2016, ISBN 978-3-662-49889-7.

nistecc 2016.01.06 27pp PDF
Daniel J. Bernstein, Tanja Lange. "Failures in NIST's ECC standards."

multischnorr 2015.10.12 19pp PDF more
Daniel J. Bernstein. "Multi-user Schnorr security, revisited."

bada55 2015.09.27 refereed book 44pp PDF more 2014.07.22
Daniel J. Bernstein, Tung Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Eran Lambooij, Tanja Lange, Ruben Niederhagen, Christine van Vredendaal. "How to manipulate curve standards: a white paper for the black hat." Pages 109–139 in Security standardisation research—second international conference, SSR 2015, Tokyo, Japan, December 15–16, 2015, proceedings (edited by Liqun Chen, Shin'ichiro Matsuo), Lecture Notes in Computer Science 9497, Springer, 2015, ISBN 978-3-319-27151-4.

hessian 2015.08.04 refereed book 28pp PDF
Daniel J. Bernstein, Chitchanok Chuengsatiansup, David Kohel, Tanja Lange. "Twisted Hessian curves." Pages 1–26 in Progress in cryptology—LATINCRYPT 2015, 4th international conference on cryptology and information security in Latin America, Guadalajara, Mexico, August 23–26, 2015, proceedings (edited by Kristin Lauter, Francisco Rodríguez-Henríquez), Lecture Notes in Computer Science 9230, Springer, 2015, ISBN 978-3-319-22173-1. Erratum: At the end of the proof of Theorem 4.4, $27a^3X_1^9 = dX_1^3Y_1^3Z_1^3 = da^2X_1^3$ should say $27a^3X_1^9 = d^3X_1^3Y_1^3Z_1^3 = d^3a^2X_1^3$.

dual-ec 2015.07.31 book 25pp PDF
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen. "Dual EC: a standardized back door." Pages 256–281 in The new codebreakers: essays dedicated to David Kahn on the occasion of his 85th birthday (edited by Peter Y. A. Ryan, David Naccache, Jean-Jacques Quisquater), Lecture Notes in Computer Science 9100, Springer, 2015, ISBN 978-3-662-49300-7.

cpupuf 2015.07.29 refereed book 25pp PDF
Pol Van Aubel, Daniel J. Bernstein, Ruben Niederhagen. "Investigating SRAM PUFs in large CPUs and GPUs." Pages 228–247 in Security, privacy, and applied cryptography engineering—5th international conference, SPACE 2015, Jaipur, India, October 3–7, 2015, proceedings (edited by Rajat Subhra Chakraborty, Peter Schwabe, Jon A. Solworth), Lecture Notes in Computer Science 9354, Springer, 2015, ISBN 978-3-319-24125-8.

eddsa 2015.07.04 5pp PDF more
Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe, Bo-Yin Yang. "EdDSA for more curves."

pro 2015.03.08 25pp PDF more
Daniel J. Bernstein, Tanja Lange, Christine van Vredendaal. "Tighter, faster, simpler side-channel security evaluations beyond computing power."

obviouscation 2015.02.23 refereed book 27pp PDF more
Daniel J. Bernstein, Andreas Hülsing, Tanja Lange, Ruben Niederhagen. "Bad directions in cryptographic hash functions." Pages 488–508 in Information security and privacy—20th Australasian conference, ACISP 2015, Brisbane, QLD, Australia, June 29–July 1, 2015, proceedings (edited by Ernest Foo, Douglas Stebila), Lecture Notes in Computer Science 9144, Springer, 2015, ISBN 978-3-319-19961-0.

sphincs 2015.02.02 refereed book 30pp PDF more 2014.10.01
Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, Zooko Wilcox-O'Hearn. "SPHINCS: practical stateless hash-based signatures." Pages 368–397 in Advances in cryptology—EUROCRYPT 2015—34th annual international conference on the theory and applications of cryptographic techniques, Sofia, Bulgaria, April 26–30, 2015, proceedings, part I (edited by Elisabeth Oswald, Marc Fischlin), Lecture Notes in Computer Science 9056, Springer, 2015, ISBN 978-3-662-46799-2.

batchnfs 2014.11.09 refereed book 24pp PDF more
Daniel J. Bernstein, Tanja Lange. "Batch NFS." Pages 38–58 in Selected areas in cryptography—SAC 2014—21st international conference, Montreal, QC, Canada, August 14–15, 2014, revised selected papers (edited by Antoine Joux, Amr M. Youssef), Lecture Notes in Computer Science 8781, Springer, 2014, ISBN 978-3-319-13050-7.

kummer 2014.10.28 refereed book 34pp PDF 2014.02.18
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, Peter Schwabe. "Kummer strikes back: new DH speed records." Pages 317–337 in Advances in cryptology—ASIACRYPT 2014—20th international conference on the theory and application of cryptology and information security, Kaoshiung, Taiwan, December 7–11, 2014, proceedings, part 1 (edited by Palash Sarkar, Tetsu Iwata), Lecture Notes in Computer Science 8873, Springer, 2014, ISBN 978-3-662-45610-1.

auth256 2014.09.18 refereed book 20pp PDF more
Daniel J. Bernstein, Tung Chou. "Faster binary-field multiplication and faster binary-field MACs." Pages 92–111 in Selected areas in cryptography—SAC 2014—21st international conference, Montreal, QC, Canada, August 14–15, 2014, revised selected papers (edited by Antoine Joux, Amr M. Youssef), Lecture Notes in Computer Science 8781, Springer, 2014, ISBN 978-3-319-13050-7.

tweetnacl 2014.09.17 refereed book 18pp PDF more 2013.12.29
Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, Sjaak Smetsers. "TweetNaCl: a crypto library in 100 tweets." Pages 64–83 in Progress in cryptology—LATINCRYPT 2014—third international conference on cryptology and information security in Latin America, Florianópolis, Brazil, September 17–19, 2014, revised selected papers (edited by Diego F. Aranha, Alfred Menezes), Lecture Notes in Computer Science 8895, Springer, 2015, ISBN 978-3-319-16294-2.

curve41417 2014.07.06 refereed book 19pp PDF
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange. "Curve41417: Karatsuba revisited." Pages 316–334 in Cryptographic hardware and embedded systems—CHES 2014—16th international workshop, Busan, South Korea, September 23–26, 2014, proceedings (edited by Lejla Batina, Matthew Robshaw), Lecture Notes in Computer Science 8731, Springer, 2014, ISBN 978-3-662-44708-6. Typo: the displayed value of 2^411-ell is missing a final digit 9. See safecurves.cr.yp.to for computer-verified curve information.

dualectls 2014.06.06 refereed book 17pp PDF more 2014.04.07
Stephen Checkoway, Matt Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matt Green, Tanja Lange, Tom Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham. "On the practical exploitability of Dual EC in TLS implementations." Pages 319–335 in Proceedings of the 23rd USENIX Security Symposium (edited by Kevin Fu), USENIX Association, 2014.

hyperand 2014.05.27 refereed journal 21pp PDF
Daniel J. Bernstein, Tanja Lange. "Hyper-and-elliptic-curve cryptography." LMS Journal of Computation and Mathematics 17 (2014), 181–202. Special journal issue for proceedings of Algorithmic number theory symposium.

minimalt 2013.10.31 refereed book 13pp PDF more 2013.05.22
W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, Tanja Lange. "MinimaLT: Minimal-latency networking through better security." Pages 425–438 in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4–8, 2013 (edited by Ahmad-Reza Sadeghi, Virgil D. Gligor, Moti Yung), ACM, 2013, ISBN 978-1-4503-2477-9.

smartfacts 2013.09.16 refereed book 20pp PDF more
Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren. "Factoring RSA keys from certified smart cards: Coppersmith in the wild." Pages 341–360 in Advances in cryptology—ASIACRYPT 2013—19th international conference on the theory and application of cryptology and information security, Bengaluru, India, December 1–5, 2013, proceedings, part II (edited by Kazue Sako, Palash Sarkar), Lecture Notes in Computer Science 8270, Springer, 2013, ISBN 978-3-642-42044-3.

nonuniform 2013.09.14 refereed book 53pp PDF more 2012.06.04
Daniel J. Bernstein, Tanja Lange. "Non-uniform cracks in the concrete: the power of free precomputation." Pages 321–340 in Advances in cryptology—ASIACRYPT 2013—19th international conference on the theory and application of cryptology and information security, Bengaluru, India, December 1–5, 2013, proceedings, part II (edited by Kazue Sako, Palash Sarkar), Lecture Notes in Computer Science 8270, Springer, 2013, ISBN 978-3-642-42044-3.

elligator 2013.08.28 refereed book 13pp PDF more 2013.05.27
Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, Tanja Lange. "Elligator: Elliptic-curve points indistinguishable from uniform random strings." Pages 967–979 in 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4–8, 2013 (edited by Ahmad-Reza Sadeghi, Virgil D. Gligor, Moti Yung), ACM, 2013, ISBN 978-1-4503-2477-9.

rc4biases 2013.07.08 refereed book 31pp PDF
Nadhem J. AlFardan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt. "On the security of RC4 in TLS and WPA." Pages 305–320 in Proceedings of the 22nd USENIX Security Symposium, Washington, DC, USA, August 14–16, 2013 (edited by Samuel T. King), USENIX Association, 2013, ISBN 978-1-931971-03-4. Conference version is titled ``On the security of RC4 in TLS'' and does not include WPA analysis.

mcbits 2013.06.16 refereed book 26pp PDF more
Daniel J. Bernstein, Tung Chou, Peter Schwabe. "McBits: fast constant-time code-based cryptography." Pages 250–272 in Cryptographic hardware and embedded systems—CHES 2013—15th international workshop, Santa Barbara, CA, USA, August 20–23, 2013, proceedings (edited by Guido Bertoni, Jean-Sébastien Coron), Lecture Notes in Computer Science 8086, Springer, 2013, ISBN 978-3-642-40348-4.

qsubsetsum 2013.04.07 refereed book 18pp PDF more
Daniel J. Bernstein, Stacey Jeffery, Tanja Lange, Alexander Meurer. "Quantum algorithms for the subset-sum problem." Pages 16–33 in Post-quantum cryptography—5th international workshop, PQCrypto 2013, Limoges, France, June 4–7, 2013, proceedings (edited by Philippe Gaborit), Lecture Notes in Computer Science 7932, Springer, 2013, ISBN 978-3-642-38615-2.

badbatch 2012.09.19 refereed book 20pp PDF more
Daniel J. Bernstein, Jeroen Doumen, Tanja Lange, Jan-Jaap Oosterwijk. "Faster batch forgery identification." Pages 454–473 in Progress in cryptology—INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9–12, 2012, proceedings (edited by Steven D. Galbraith, Mridul Nandi), Lecture Notes in Computer Science 7668, Springer, 2012, ISBN 978-3-642-34930-0.

cuberoot 2012.09.19 refereed book 22pp PDF more 2012.08.12
Daniel J. Bernstein, Tanja Lange. "Computing small discrete logarithms faster." Pages 317–338 in Progress in cryptology—INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9–12, 2012, proceedings (edited by Steven D. Galbraith, Mridul Nandi), Lecture Notes in Computer Science 7668, Springer, 2012, ISBN 978-3-642-34930-0.

siphash 2012.09.18 refereed book 20pp PDF 2012.06.20
Jean-Philippe Aumasson, Daniel J. Bernstein. "SipHash: a fast short-input PRF." Pages 489–508 in Progress in cryptology—INDOCRYPT 2012, 13th international conference on cryptology in India, Kolkata, India, December 9–12, 2012, proceedings (edited by Steven D. Galbraith, Mridul Nandi), Lecture Notes in Computer Science 7668, Springer, 2012, ISBN 978-3-642-34930-0. 2012.06.20 version: Workshop Record of DIAC 2012: Directions in Authenticated Ciphers.

coolnacl 2012.07.25 refereed book 18pp PDF 2011.12.01
Daniel J. Bernstein, Tanja Lange, Peter Schwabe. "The security impact of a new cryptographic library." Pages 159–176 in Progress in cryptology—LATINCRYPT 2012—2nd international conference on cryptology and information security in Latin America, Santiago, Chile, October 7–10, 2012, proceedings (edited by Alejandro Hevia, Gregory Neven), Lecture Notes in Computer Science 7533, Springer, 2012, ISBN 978-3-642-33480-1.

grumpy 2012.07.09 refereed book 19pp PDF more 2012.06.02
Daniel J. Bernstein, Tanja Lange. "Two grumpy giants and a baby." Pages 87–111 in ANTS X: proceedings of the tenth algorithmic number theory symposium, San Diego 2012 (edited by Everett W. Howe, Kiran S. Kedlaya), Mathematical Sciences Publishers, 2013, ISBN 978-1-935107-01-9.

bunny 2012.06.21 refereed book 12pp PDF
Daniel J. Bernstein, Tanja Lange. "Never trust a bunny." Pages 137–148 in Radio frequency identification. Security and privacy issues—8th international workshop, RFIDSec 2012, Nijmegen, The Netherlands, July 2–3, 2012, revised selected papers (edited by Jaap-Henk Hoepman, Ingrid Verbauwhede), Lecture Notes in Computer Science 7739, Springer, 2013, ISBN 978-3-642-36139-5.

neoncrypto 2012.03.20 refereed book 15pp PDF
Daniel J. Bernstein, Peter Schwabe. "NEON crypto." Pages 320–339 in Cryptographic hardware and embedded systems, CHES 2012, 14th international workshop, Leuven, Belgium, September 9–12, 2012, proceedings (edited by Emmanuel Prouff, Patrick Schaumont), Lecture Notes in Computer Science 7428, Springer, 2012, ISBN 978-3-642-33026-1.

gpuasm 2012.03.13 refereed 10pp PDF
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, Bo-Yin Yang. "Usable assembly language for GPUs: a success story." Workshop Record of SHARCS 2012: Special-Purpose Hardware for Attacking Cryptographic Systems.

shootout 2012.02.19 refereed 13pp PDF 2012.01.03
Daniel J. Bernstein, Tanja Lange. "The new SHA-3 software shootout." Third SHA-3 Candidate Conference.

sha3opt 2012.01.04 8pp PDF
Daniel J. Bernstein. "Optimization failures in SHA-3 software."

gpuecc2k 2012.01.02 refereed book 19pp PDF
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, Bo-Yin Yang. "ECC2K-130 on NVIDIA GPUs." Pages 328–346 in Progress in cryptology—INDOCRYPT 2010—11th international conference on cryptology in India, Hyderabad, India, December 12–15, 2010, proceedings (edited by Guang Gong, Kishan Chand Gupta), Lecture Notes in Computer Science 6498, Springer, 2010, ISBN 978-3-642-17400-1.

eecm 2011.10.08 refereed journal 41pp PDF more 2008.01.09
Daniel J. Bernstein, Peter Birkner, Tanja Lange, Christiane Peters. "ECM using Edwards curves." Mathematics of Computation 82 (2013), 1139–1179.

ed25519 2011.09.26 refereed book journal 23pp PDF more 2011.07.05
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang. "High-speed high-security signatures." Pages 124–142 in Cryptographic hardware and embedded systems—CHES 2011, 13th international workshop, Nara, Japan, September 28–October 1, 2011, proceedings (edited by Bart Preneel, Tsuyoshi Takagi), Lecture Notes in Computer Science 6917, Springer, 2011, ISBN 978-3-642-23950-2. Journal version: Journal of Cryptographic Engineering 2 (2012), 77–89.

wild2 2011.09.15 refereed book 13pp PDF more
Daniel J. Bernstein, Tanja Lange, Christiane Peters. "Wild McEliece incognito." Pages 244–254 in Post-quantum cryptography—4th international workshop, PQCrypto 2011, Taipei, Taiwan, November 29–December 2, 2011, proceedings (edited by Bo-Yin Yang), Lecture Notes in Computer Science 7071, Springer, 2011, ISBN 978-3-642-25404-8.

simplelist 2011.09.15 refereed book 17pp PDF more 2011.03.20
Daniel J. Bernstein. "Simplified high-speed high-distance list decoding for alternant codes." Pages 200–216 in Post-quantum cryptography—4th international workshop, PQCrypto 2011, Taipei, Taiwan, November 29–December 2, 2011, proceedings (edited by Bo-Yin Yang), Lecture Notes in Computer Science 7071, Springer, 2011, ISBN 978-3-642-25404-8.

rfsb 2011.05.08 refereed book 19pp PDF more 2011.02.14
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe. "Really fast syndrome-based hashing." Pages 134–152 in Progress in cryptology—AFRICACRYPT 2011—4th international conference on cryptology in Africa, Dakar, Senegal, July 5–7, 2011, proceedings (edited by Abderrahmane Nitaj, David Pointcheval), Lecture Notes in Computer Science 6737, Springer, 2011, ISBN 978-3-642-21968-9.

2reg 2011.03.09 refereed book 18pp PDF more
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe. "Faster 2-regular information-set decoding." Pages 81–98 in Coding and cryptology—third international workshop, IWCC 2011, Qingdao, China, May 30–June 3, 2011, proceedings (edited by Yeow Meng Chee, Zhenbo Guo, San Ling, Fengjing Shao, Yuansheng Tang, Huaxiong Wang, Chaoping Xing), Lecture Notes in Computer Science 6639, Springer, 2011, ISBN 978-3-642-20900-0.

ballcoll 2011.03.07 refereed book 26pp PDF more 2010.11.17
Daniel J. Bernstein, Tanja Lange, Christiane Peters. "Smaller decoding exponents: ball-collision decoding." Pages 743–760 in Advances in cryptology—CRYPTO 2011—31st annual cryptology conference, Santa Barbara, CA, USA, August 14–18, 2011, proceedings (edited by Phillip Rogaway), Lecture Notes in Computer Science 6841, Springer, 2011, ISBN 978-3-642-22791-2.

goppalist 2011.03.03 refereed book 19pp PDF more 2008.07.06
Daniel J. Bernstein. "List decoding for binary Goppa codes." Pages 62–80 in Coding and cryptology—third international workshop, IWCC 2011, Qingdao, China, May 30–June 3, 2011, proceedings (edited by Yeow Meng Chee, Zhenbo Guo, San Ling, Fengjing Shao, Yuansheng Tang, Huaxiong Wang, Chaoping Xing), Lecture Notes in Computer Science 6639, Springer, 2011, ISBN 978-3-642-20900-0.

xsalsa 2011.02.04 refereed 14pp PDF more 2008.11.28
Daniel J. Bernstein. "Extending the Salsa20 nonce." Workshop Record of Symmetric Key Encryption Workshop 2011.

negation 2011.01.02 refereed book 26pp PDF more
Daniel J. Bernstein, Tanja Lange, Peter Schwabe. "On the correct use of the negation map in the Pollard rho method." Pages 128–146 in Public key cryptography—PKC 2011—14th international conference on practice and theory in public key cryptography, Taormina, Italy, March 6–9, 2011, proceedings (edited by Dario Catalano, Nelly Fazio, Rosario Gennaro, Antonio Nicolosi), Lecture Notes in Computer Science 6571, Springer, 2011, ISBN 978-3-642-19378-1.

quantumsha3 2010.11.12 7pp PDF more
Daniel J. Bernstein. "Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein."

wild 2010.10.07 refereed book 18pp PDF more 2010.07.21
Daniel J. Bernstein, Tanja Lange, Christiane Peters. "Wild McEliece." Pages 143–158 in Selected areas in cryptography—17th international workshop, SAC 2010, Waterloo, Ontario, Canada, August 12–13, 2010, revised selected papers (edited by Alex Biryukov, Guang Gong, Douglas R. Stinson), Lecture Notes in Computer Science 6544, Springer, 2011, ISBN 978-3-642-19573-0.

completed 2010.10.06 refereed journal 15pp PDF 2009.11.25
Daniel J. Bernstein, Tanja Lange. "A complete set of addition laws for incomplete Edwards curves." Journal of Number Theory 131 (2011), 858–872.

interop 2010.09.15 5pp PDF more
Daniel J. Bernstein. "SHA-3 interoperability."

bestat 2010.09.06 5pp PDF more
Daniel J. Bernstein. "Visualizing area-time tradeoffs for SHA-3."

a1ecm 2010.06.14 refereed book 20pp PDF more
Daniel J. Bernstein, Peter Birkner, Tanja Lange. "Starfish on strike." Pages 61–80 in Progress in cryptology—LATINCRYPT 2010, first international conference on cryptology and information security in Latin America, Puebla, Mexico, August 8–11, 2010, proceedings (edited by Michel Abdalla, Paulo S. L. M. Barreto), Lecture Notes in Computer Science 6212, Springer, 2010, ISBN 978-3-642-14711-1. Typo in the proof of Theorem 5.1: the displayed ...=d should be -...=d.

opb 2010.04.13 refereed book 17pp PDF more 2010.02.09
Daniel J. Bernstein, Tanja Lange. "Type-II optimal polynomial bases." Pages 41–61 in Arithmetic of finite fields: third international workshop, WAIFI 2010, Istanbul, Turkey, June 27–30, 2010, proceedings (edited by M. Anwar Hasan, Tor Helleseth), Lecture Notes in Computer Science 6087, Springer, 2010, ISBN 978-3-642-13796-9.

grovercode 2010.03.03 refereed book 8pp PDF more 2009.11.23
Daniel J. Bernstein. "Grover vs. McEliece." Pages 73–80 in Post-quantum cryptography: third international workshop, PQCrypto 2010, Darmstadt, Germany, May 25–28, 2010, proceedings (edited by Nicolas Sendrier), Lecture Notes in Computer Science 6061, Springer, 2010, ISBN 978-3-642-12928-5.

ecc2k130 2009.11.18 20pp PDF more 2009.11.05
Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier van Damme, Giacomo de Meulenaer, Luis Julian Dominguez Perez, Junfeng Fan, Tim Gueneysu, Frank Gurkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni, Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, Bo-Yin Yang. "Breaking ECC2K-130."

linearmod2 2009.10.05 refereed 16pp PDF more 2009.08.30
Daniel J. Bernstein. "Optimizing linear maps modulo 2." Workshop Record of SPEED-CC: Software Performance Enhancement for Encryption and Decryption and Cryptographic Compilers.

fsbday 2009.10.03 refereed book 21pp PDF more 2009.06.17
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, Peter Schwabe. "FSBday: implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB." Pages 18–38 in Progress in cryptology—INDOCRYPT 2009, 10th international conference on cryptology in India, New Delhi, India, December 13–16, 2009, proceedings (edited by Bimal Roy, Nicolas Sendrier), Lecture Notes in Computer Science 5922, Springer, 2009, ISBN 978-3-642-10627-9. Previous version: Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.

pc109 2009.09.01 refereed 14pp PDF more
Daniel J. Bernstein, Hsueh-Chung Chen, Ming-Shing Chen, Chen-Mou Cheng, Chun-Hung Hsiao, Tanja Lange, Zong-Cing Lin, Bo-Yin Yang. "The billion-mulmod-per-second PC." Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.

ecc2x 2009.09.01 refereed 32pp PDF more
Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme, Giacomo de Meulenaer, Junfeng Fan, Tim Gueneysu, Frank Gurkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Christof Paar, Francesco Regazzoni, Peter Schwabe, Leif Uhsadel. "The Certicom challenges ECC2-X." Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.

collisioncost 2009.08.23 refereed 12pp PDF more 2009.05.17
Daniel J. Bernstein. "Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?" Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems.

bbe 2009.06.04 refereed book 21pp PDF more
Daniel J. Bernstein. "Batch binary Edwards." Pages 317–336 in Advances in cryptology—Crypto 2009, 29th annual international cryptology conference, Santa Barbara, CA, USA, August 16–20, 2009, proceedings (edited by Shai Halevi), Lecture Notes in Computer Science 5677, Springer, 2009, ISBN 978-3-642-03355-1.

naclcrypto 2009.03.10 45pp PDF
Daniel J. Bernstein. "Cryptography in NaCl."

gpuecm 2009.01.27 refereed book 20pp PDF more 2008.11.11
Daniel J. Bernstein, Tien-Ren Chen, Chen-Mou Cheng, Tanja Lange, Bo-Yin Yang. "ECM on graphics cards." Pages 483–501 in Advances in cryptology—EUROCRYPT 2009, 28th annual international conference on the theory and applications of cryptographic techniques, Cologne, Germany, April 26–30, 2009, proceedings (edited by Antoine Joux), Lecture Notes in Computer Science 5479, Springer, 2009, ISBN 978-3-642-01000-2.

decoco 2009 refereed 13pp
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Henk van Tilborg. "Explicit bounds for generic decoding algorithms for code-based cryptography." Proceedings of WCC 2009.

aesspeed 2008.09.26 refereed book 15pp PDF more 2008.09.08
Daniel J. Bernstein, Peter Schwabe. "New AES software speed records." Pages 322–336 in Progress in cryptology—INDOCRYPT 2008, 9th international conference on cryptology in India, Kharagpur, India, December 14–17, 2008, proceedings (edited by Dipanwita Roy Chowdhury, Vincent Rijmen, Abhijit Das), Lecture Notes in Computer Science 5365, Springer, 2008, ISBN 978-3-540-89753-8.

mceliece 2008.08.07 refereed book 16pp PDF more 2008.07.22
Daniel J. Bernstein, Tanja Lange, Christiane Peters. "Attacking and defending the McEliece cryptosystem." Pages 31–46 in Post-quantum cryptography: second international workshop, PQCrypto 2008, Cincinnati, OH, USA, October 17–19, 2008, proceedings (edited by Johannes Buchmann, Jintai Ding), Springer, 2008, ISBN 978-3-540-88402-6.

edwards2 2008.06.11 refereed book 23pp PDF more 2008.04.15
Daniel J. Bernstein, Tanja Lange, Reza Rezaeian Farashahi. "Binary Edwards curves." Pages 244–265 in Cryptographic hardware and embedded systems—CHES 2008, 10th international workshop, Washington, D.C., USA, August 10–13, 2008, proceedings (edited by Elisabeth Oswald, Pankaj Rohatgi), Lecture Notes in Computer Science 5154, Springer, 2008, ISBN 978-3-540-85052-6.

multapps 2008.05.15 refereed book 60pp PDF more 2003.01.19
Daniel J. Bernstein. "Fast multiplication and its applications." Pages 325–384 in Algorithmic number theory: lattices, number fields, curves and cryptography (edited by Joe Buhler, Peter Stevenhagen), Cambridge University Press, 2008, ISBN 978-0521808545.

smallheight 2008.05.02 refereed book 26pp PDF more 2003.09.18
Daniel J. Bernstein. "Reducing lattice bases to find small-height values of univariate polynomials." Pages 421–446 in Algorithmic number theory: lattices, number fields, curves and cryptography (edited by Joe Buhler, Peter Stevenhagen), Cambridge University Press, 2008, ISBN 978-0521808545.

forgery 2008.05.01 refereed book 15pp PDF more 2001.07.31
Daniel J. Bernstein. "Protecting communications against forgery." Pages 535–549 in Algorithmic number theory: lattices, number fields, curves and cryptography (edited by Joe Buhler, Peter Stevenhagen), Cambridge University Press, 2008, ISBN 978-0521808545. Erratum: The conjecture on page 539 is quantitatively incorrect (as are many analogous conjectures in the literature) for the most obvious definition of "steps". There exists an attack algorithm with a considerably better tradeoff between success probability and number of steps, even though no feasible method is known to find that algorithm.

phase3speed 2008.03.31 13pp PDF more 2008.02.25
Daniel J. Bernstein. "Which phase-3 eSTREAM ciphers provide the best software speeds?"

broken 2008.03.30 35pp PDF more 2008.02.21
Daniel J. Bernstein. "Which eSTREAM ciphers have been broken?"

twisted 2008.03.13 refereed book 17pp PDF more 2008.01.08
Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, Christiane Peters. "Twisted Edwards curves." Pages 389–405 in Progress in cryptology—AFRICACRYPT 2008, first international conference on cryptology in Africa, Casablanca, Morocco, June 11–14, 2008, proceedings (edited by Serge Vaudenay), Lecture Notes in Computer Science 5023, Springer, 2008, ISBN 978-3-540-68159-5.

rwtight 2008.02.01 refereed book 18pp PDF more 2003.09.26
Daniel J. Bernstein. "Proving tight security for Rabin-Williams signatures." Pages 70–87 in Advances in cryptology—EUROCRYPT 2008, 27th annual international conference on the theory and applications of cryptographic techniques, Istanbul, Turkey, April 13–17, 2008, proceedings (edited by Nigel Smart), Lecture Notes in Computer Science 4965, Springer, 2008, ISBN 978-3-540-78966-6.

rwsota 2008.01.31 11pp PDF more
Daniel J. Bernstein. "RSA signatures and Rabin-Williams signatures: the state of the art."

chacha 2008.01.28 refereed 6pp PDF more 2008.01.20
Daniel J. Bernstein. "ChaCha, a variant of Salsa20." Workshop Record of SASC 2008: The State of the Art of Stream Ciphers.

salsafamily 2007.12.25 book 15pp PDF more
Daniel J. Bernstein. "The Salsa20 family of stream ciphers." Pages 84–97 in New stream cipher designs: the eSTREAM finalists (edited by Matthew Robshaw, Olivier Billet), Lecture Notes in Computer Science 4986, Springer, 2008, ISBN 978-3-540-68350-6. Paper invited by book editors.

efd 2007.12.04 refereed book 19pp PDF more
Daniel J. Bernstein, Tanja Lange. "Analysis and optimization of elliptic-curve single-scalar multiplication." Pages 1–19 in Finite fields and applications: Eighth international conference on finite fields and applications, July 9–13, 2007, Melbourne, Australia (edited by Gary L. Mullen, Daniel Panario, Igor E. Shparlinski), Contemporary Mathematics 461, American Mathematical Society, 2008, ISBN 978-0-8218-4309-3.

qmailsec 2007.11.01 book 10pp PDF
Daniel J. Bernstein. "Some thoughts on security after ten years of qmail 1.0." Proceedings of Computer Security Architecture Workshop (CSAW) 2007. Paper invited by conference organizers.

doublebase 2007.10.28 refereed book 16pp PDF more
Daniel J. Bernstein, Peter Birkner, Tanja Lange, Christiane Peters. "Optimizing double-base elliptic-curve single-scalar multiplication." Pages 167–182 in Progress in cryptology—INDOCRYPT 2007, 8th international conference on cryptology in India, Chennai, India, December 9–13, 2007, proceedings (edited by Kannan Srinathan, Chandrasekaran Pandu Rangan, Moti Yung), Lecture Notes in Computer Science 4859, Springer, 2007, ISBN 978-3-540-77025-1.

pema 2007.10.22 14pp PDF more
Daniel J. Bernstein. "Polynomial evaluation and message authentication."

inverted 2007.10.09 book 8pp PDF more
Daniel J. Bernstein, Tanja Lange. "Inverted Edwards coordinates." Pages 20–27 in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 17th International Symposium, AAECC-17, Bangalore, India, December 16–20, 2007, Proceedings (edited by Serdar Boztas, Hsiao-feng Lu), Lecture Notes in Computer Science 4851, Springer, 2007, ISBN 978-3-540-77223-1. Paper invited from Lange by conference organizers.

tangentfft 2007.09.19 refereed book 10pp PDF more 2007.08.09
Daniel J. Bernstein. "The tangent FFT." Pages 291–300 in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 17th International Symposium, AAECC-17, Bangalore, India, December 16–20, 2007, Proceedings (edited by Serdar Boztas, Hsiao-feng Lu), Lecture Notes in Computer Science 4851, Springer, 2007, ISBN 978-3-540-77223-1.

newelliptic 2007.09.06 refereed book 20pp PDF more 2007.04.10
Daniel J. Bernstein, Tanja Lange. "Faster addition and doubling on elliptic curves." Pages 29–50 in Advances in cryptology—ASIACRYPT 2007, 13th international conference on the theory and application of cryptology and information security, Kuching, Malaysia, December 2–6, 2007, proceedings (edited by Kaoru Kurosawa), Lecture Notes in Computer Science 4833, Springer, 2007, ISBN 978-3-540-76899-9. 2022 IACR Test-of-Time Award.

genbday 2007.09.04 refereed 8pp PDF more 2007.07.19
Daniel J. Bernstein. "Better price-performance ratios for generalized birthday attacks." Workshop Record of SHARCS'07: Special-purpose Hardware for Attacking Cryptographic Systems.

antiquad 2007.08.17 refereed book 19pp PDF more 2007.03.03
Bo-Yin Yang, Owen Chia-Hsin Chen, Daniel J. Bernstein, Jiun-Ming Chen. "Analysis of QUAD." Pages 290–308 in Fast software encryption: 14th international workshop, FSE 2007, Luxembourg, Luxembourg, March 26–28, 2007, revised selected papers (edited by Alex Biryukov), Lecture Notes in Computer Science 4593, Springer, 2007, ISBN 978-3-540-74617-1.

cipherdag 2007.06.30 refereed 2pp PDF more
Daniel J. Bernstein. "Cipher DAGs." Workshop Record of ECRYPT Workshop on Tools for Cryptanalysis 2007.

expandxor 2007.05.03 refereed 10pp PDF more 2007.04.11
Daniel J. Bernstein. "What output size resists collisions in a xor of independent expansions?" Workshop Record of ECRYPT Workshop on Hash Functions 2007.

aecycles 2007.01.18 refereed 13pp PDF more 2007.01.11
Daniel J. Bernstein. "Cycle counts for authenticated encryption." Workshop Record of SASC 2007: The State of the Art of Stream Ciphers.

kdvseries 2006.10.19 4pp PDF more
Daniel J. Bernstein. "Using fast power-series arithmetic in the Kedlaya-Denef-Vercauteren algorithm."

powers2 2006.09.14 refereed journal 4pp PDF more 2004.06.30
Daniel J. Bernstein, Hendrik W. Lenstra, Jr., Jonathan Pila. "Detecting perfect powers by factoring into coprimes." Mathematics of Computation 76 (2007), 385–388.

meecrt 2006.09.14 refereed journal 12pp PDF more 2003.08.15
Daniel J. Bernstein, Jonathan P. Sorenson. "Modular exponentiation via the explicit Chinese remainder theorem." Mathematics of Computation 76 (2007), 443–454.

quartic 2006.09.14 refereed journal 15pp PDF more 2003.01.28
Daniel J. Bernstein. "Proving primality in essentially quartic random time." Mathematics of Computation 76 (2007), 389–403.

curvezero 2006.07.26 13pp PDF more 2006.07.21
Daniel J. Bernstein. "Can we avoid tests for zero in fast elliptic-curve arithmetic?"

zkcrypt 2006.03.02 4pp PDF more
Daniel J. Bernstein. "Does ZK-Crypt version 1 flunk a repetition test?"

diffchain 2006.02.19 16pp PDF more
Daniel J. Bernstein. "Differential addition chains."

curve25519 2006.02.09 refereed book 22pp PDF more 2005.11.15
Daniel J. Bernstein. "Curve25519: new Diffie-Hellman speed records." Pages 207–228 in Public key cryptography—PKC 2006, 9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24–26, 2006, proceedings (edited by Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, Tal Malkin), Lecture Notes in Computer Science 3958, Springer, 2006, ISBN 3-540-33851-9. 2022 PKC Test-of-Time Award.

stream256 2006.01.23 refereed 14pp PDF more 2005.12.23
Daniel J. Bernstein. "Comparison of 256-bit stream ciphers at the beginning of 2006." Workshop Record of SASC 2006: Stream Ciphers Revisited.

abccong 2005.12.24 refereed journal 5pp PDF more 2003.03.14
Daniel J. Bernstein. "Sharper ABC-based bounds for congruent polynomials." Journal de Théorie des Nombres de Bordeaux 17 (2005), 721–725.

bruteforce 2005.04.25 refereed 10pp PDF more
Daniel J. Bernstein. "Understanding brute force." ECRYPT STVL Workshop on Symmetric Key Encryption.

cachetiming 2005.04.14 37pp PDF more 2004.11.11
Daniel J. Bernstein. "Cache-timing attacks on AES."

poly1305 2005.03.29 refereed book 18pp PDF more 2004.11.01
Daniel J. Bernstein. "The Poly1305-AES message-authentication code." Pages 32–49 in Fast software encryption: 12th international workshop, FSE 2005, Paris, France, February 21–23, 2005, revised selected papers (edited by Henri Gilbert, Helena Handschuh), Lecture Notes in Computer Science 3557, Springer, 2005, ISBN 3-540-26541-4.

permutations 2005.03.23 10pp PDF more
Daniel J. Bernstein. "Stronger security bounds for permutations." To be incorporated into author's High-speed cryptography book.

securitywcs 2005.02.27 refereed book 17pp PDF more 2004.10.19
Daniel J. Bernstein. "Stronger security bounds for Wegman-Carter-Shoup authenticators." Pages 164–180 in Advances in Cryptology—EUROCRYPT 2005, 24th annual international conference on the theory and applications of cryptographic techniques, Aarhus, Denmark, May 22–26, 2005, proceedings (edited by Ronald Cramer), Lecture Notes in Computer Science 3494, Springer, 2005, ISBN 3-540-25910-4.

easycbc 2005.01.09 6pp PDF more
Daniel J. Bernstein. "A short proof of the unpredictability of cipher block chaining."

dcba 2005.01 refereed journal 30pp PDF more 1996.05.12
Daniel J. Bernstein. "Factoring into coprimes in essentially linear time." Journal of Algorithms 54 (2005), 1–30.

prime2004 2004.12.23 15pp PDF more 2004.02.12
Daniel J. Bernstein. "Distinguishing prime numbers from composite numbers: the state of the art in 2004."

dcba2 2004.11.03 4pp PDF more 2004.10.09
Daniel J. Bernstein. "Research announcement: Faster factorization into coprimes."

hash127 2004.09.18 21pp PDF more 1999.04.04
Daniel J. Bernstein. "Floating-point arithmetic and message authentication." To be incorporated into author's High-speed cryptography book.

scaledmod 2004.08.20 8pp PDF more
Daniel J. Bernstein. "Scaled remainder trees."

focus 2004.06.10 refereed book 8pp more 2001.12.31
Daniel J. Bernstein. "Doubly focused enumeration of locally square polynomial values." Pages 69–76 in High primes and misdemeanours: lectures in honour of the 60th birthday of Hugh Cowie Williams (edited by Alf van der Poorten, Andreas Stein), Fields Institute Communications 41, American Mathematical Society, 2004, ISBN 0-8218-3353-7.

smoothparts 2004.05.10 7pp PDF more
Daniel J. Bernstein. "How to find smooth parts of integers."

primesieves 2004.04 refereed journal 8pp PDF more 1999.05.05
A. O. L. Atkin, Daniel J. Bernstein. "Prime sieves using binary quadratic forms." Mathematics of Computation 73 (2004), 1023–1030.

fastnewton 2004.03.09 13pp PDF more 1998.06.27
Daniel J. Bernstein. "Removing redundancy in high-precision Newton iteration."

logagm 2003.07.17 8pp PDF more
Daniel J. Bernstein. "Computing logarithm intervals with the arithmetic-geometric-mean iteration."

logfloor 2003.06.30 4pp PDF more 2003.06.29
Daniel J. Bernstein. "Computing logarithm floors in essentially linear time."

aks 2003.01.25 15pp PDF more 2002.08.09
Daniel J. Bernstein. "Proving primality after Agrawal-Kayal-Saxena."

psi 2002.10.01 refereed book 18pp PDF more 2000.11.03
Daniel J. Bernstein. "Arbitrarily tight bounds on the distribution of smooth integers." Pages 49–66 in Number theory for the Millennium volume 1 (edited by Michael A. Bennett, Bruce C. Berndt, Nigel Boston, Harold G. Diamond, Adolf J. Hildebrand, Walter Philipp), A. K. Peters, 2002, ISBN 1-56881-126-8.

sf 2002.09.23 15pp PDF more 2000.06.22
Daniel J. Bernstein. "How to find small factors of integers." Now being revamped in light of smoothparts results.

pippenger 2002.01.18 21pp PDF more 2001.12.18
Daniel J. Bernstein. "Pippenger's exponentiation algorithm." To be incorporated into author's High-speed cryptography book. Error pointed out by Sam Hocevar: the example in Figure 4 needs 2 and is thus of length 18.

nonsquare 2001.12.20 3pp PDF more
Daniel J. Bernstein. "Faster algorithms to find non-squares modulo worst-case integers."

sqroot 2001.11.23 10pp PDF more
Daniel J. Bernstein. "Faster square roots in annoying finite fields." To be incorporated into author's High-speed cryptography book.

nfscircuit 2001.11.09 11pp PDF more
Daniel J. Bernstein. "Circuits for integer factorization: a proposal." Excerpted from DMS-0140542 grant proposal.

m3 2001.08.11 refereed 19pp PDF more
Daniel J. Bernstein. "Multidigit multiplication for mathematicians." Accepted to Advances in Applied Mathematics, but withdrawn by author to prevent irreparable mangling by Academic Press.

sortedsums 2001.01 refereed journal 6pp PDF more 1998.06.29
Daniel J. Bernstein. "Enumerating solutions to p(a)+q(b)=r(c)+s(d)." Mathematics of Computation 70 (2001), 389–394.

sigs 2000.08.09 refereed 11pp PDF more
Daniel J. Bernstein. "A secure public-key signature system with extremely fast verification." Accepted to Journal of Cryptology, but withdrawn to be incorporated into author's High-speed cryptography book.

unipat 2000.08.06 6pp PDF more
Daniel J. Bernstein. "A simple universal pattern-matching automaton."

hash127-abs 1999.04.04 2pp PDF more
Daniel J. Bernstein. "Guaranteed message authentication faster than MD5 (abstract)."

stretch 1999 refereed journal 8pp PDF more
Daniel J. Bernstein. "How to stretch random functions: the security of protected counter sums." Journal of Cryptology 12 (1999), 185–192.

compose 1998.09 refereed journal 3pp PDF more
Daniel J. Bernstein. "Composing power series over a finite ring in essentially linear time." Journal of Symbolic Computation 26 (1998), 339–341.

psi-abs 1998.07.01 refereed book 3pp PDF more
Daniel J. Bernstein. "Bounding smooth integers (extended abstract)." Pages 128–130 in Algorithmic number theory: third international symposium, ANTS-III, Portland, Oregon, USA, June 21–25, 1998, proceedings (edited by Joe Buhler), Lecture Notes in Computer Science 1423, Springer, 1998, ISBN 3-540-64657-4.

powers 1998.07 refereed journal 31pp PDF more 1995.05
Daniel J. Bernstein. "Detecting perfect powers in essentially linear time." Mathematics of Computation 67 (1998), 1253–1283. First version was Chapter 1 of Ph.D. dissertation.

calculus 1997.04.03 12pp PDF more
Daniel J. Bernstein. "Calculus for mathematicians."

fastgcd 1996.06.28 more
Daniel J. Bernstein. "Kronecker matrices and polynomial GCDs." Superseded by multapps.

fiall 1996.06.01 refereed book 8pp PDF more
Daniel J. Bernstein. "Fast ideal arithmetic via lazy localization." Pages 27–34 in Algorithmic number theory: second international symposium, ANTS-II, Talence, France, May 18–23, 1996, proceedings (edited by Henri Cohen), Lecture Notes in Computer Science 1122, Springer, 1996, ISBN 3-540-61581-4.

3x1conjmap 1996.02.15 refereed journal 16pp PDF more
Daniel J. Bernstein, Jeffrey C. Lagarias. "The 3x+1 conjugacy map." Canadian Journal of Mathematics 48 (1996), 1154–1169.

mmecrt 1995.05 book 7pp PDF more
Daniel J. Bernstein. "Multidigit modular multiplication with the Explicit Chinese Remainder Theorem." Chapter 4 in Detecting perfect powers in essentially linear time, and other studies in computational number theory, Ph.D. dissertation, University of California at Berkeley, 1995.

mlnfs 1995.05 book 5pp PDF more
Daniel J. Bernstein. "The multiple-lattice number field sieve." Chapter 3 in Detecting perfect powers in essentially linear time, and other studies in computational number theory, Ph.D. dissertation, University of California at Berkeley, 1995.

epsi 1995.05 book 4pp PDF more
Daniel J. Bernstein. "Enumerating and counting smooth integers." Chapter 2 in Detecting perfect powers in essentially linear time, and other studies in computational number theory, Ph.D. dissertation, University of California at Berkeley, 1995.

231 1994.02 refereed journal 4pp more
Daniel J. Bernstein. "A non-iterative 2-adic statement of the 3N+1 conjecture." Proceedings of the American Mathematical Society 121 (1994), 405–408.

nfsi 1993.01 book 24pp more
Daniel J. Bernstein, Arjen K. Lenstra. "A general number field sieve implementation." Pages 103–126 in The development of the number field sieve (edited by Arjen K. Lenstra, Hendrik W. Lenstra, Jr), Lecture Notes in Mathematics 1554, Springer, 1993, ISBN 3-540-57013-6.

westinghouse 1987 21pp scanned more
Daniel J. Bernstein. "New fast algorithms for pi and e." Fifth-place paper for the nationwide 1987 Westinghouse Science Talent Search. Distributed widely at the Ramanujan Centenary Conference.

dal more
Daniel J. Bernstein. "The ubiquitous dal function."

c3 more
Daniel J. Bernstein. "The complexity of complex convolution."

abc more
Daniel J. Bernstein, Bruce E. Kaskel. "The ABC polygon."

surf more
Daniel J. Bernstein. "SURF: Simple Unpredictable Random Function."

senfs more
Daniel J. Bernstein. "Superelliptic integrals and the number-field sieve."

huptrie more
Daniel J. Bernstein. "Saving space and time in hash tries."

hblcs more
Daniel J. Bernstein. "Predicting a linear congruential sequence from its high bits."

mimd more
Daniel J. Bernstein. "Matrix inversion made difficult."

fastgraeffe more
Daniel J. Bernstein. "High-precision roots of high-degree polynomials."

gge more
Daniel J. Bernstein. "Generalized Gaussian elimination."

zmult more
Daniel J. Bernstein. "Faster multiplication of integers."

nistp224 more
Daniel J. Bernstein. "Fast point multiplication on the NIST P-224 elliptic curve." To be incorporated into author's High-speed cryptography book.

smoothdep more
Daniel J. Bernstein. "Estimating the dependence time for smooth integers."

decompress more
Daniel J. Bernstein. "Data decompression."

nfspoly more
Daniel J. Bernstein. "Controlling three coefficients in number-field-sieve polynomials."

rings more
Daniel J. Bernstein. "Commutative rings."

zeroseek more
Daniel J. Bernstein. "A fast journaling filesystem."