Main current topic:

• S-unit attacks.

My other papers on cryptographic attacks, with various coauthors, listed by year of publication of first version:

• Asymptotics of hybrid primal lattice attacks (2023). #lattices
• CryptAttackTester: high-assurance attack analysis (2023). #decoding #metrics #symmetric
• Multi-ciphertext security degradation for lattices (2022). #lattices
• A one-time single-bit fault leaks all previous NTRU-HRSS session keys to a chosen-ciphertext attack (2022). #fault #lattices #vs-impl
• Observations on COMET (2020). #symmetric
• Concrete quantum cryptanalysis of binary elliptic curves (2020). #discretelogs #quantum
• A discretization attack (2020). #ecosystem #lattices
• Quantum circuits for the CSIDH: optimizing quantum evaluation of isogenies (2018). #isogenies #quantum
• HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction (2017). #lattices
• Asymptotically faster quantum algorithms to solve multivariate quadratic equations (2017). #multivariate #quantum
• Low-communication parallel quantum multi-target preimage search (2017). #metrics #quantum #symmetric
• Sliding right into disaster: Left-to-right sliding windows leak (2017). #sidechannel #vs-impl
• Short generators without quantum computers: the case of multiquadratics (2017). #lattices
• A low-resource quantum factoring algorithm (2017). #factorization #quantum
• Faster elliptic-curve discrete logarithms on FPGAs (2016). #discretelogs
• Dual EC: a standardized back door (2015). #ecosystem #symmetric
• Tighter, faster, simpler side-channel security evaluations beyond computing power (2015). #sidechannel #vs-impl
• Bad directions in cryptographic hash functions (2015). #symmetric
• Batch NFS (2014). #factorization #metrics
• How to manipulate curve standards: a white paper for the black hat (2014). #ecosystem
• On the practical exploitability of Dual EC in TLS implementations (2014). #symmetric
• Factoring RSA keys from certified smart cards: Coppersmith in the wild (2013). #vs-impl
• On the security of RC4 in TLS and WPA (2013). #symmetric
• Quantum algorithms for the subset-sum problem (2013). #lattices #quantum
• Computing small discrete logarithms faster (2012). #discretelogs #metrics
• Never trust a bunny (2012). #lattices
• Non-uniform cracks in the concrete: the power of free precomputation (2012). #discretelogs #factorization #metrics #symmetric
• Two grumpy giants and a baby (2012). #discretelogs
• ECC2K-130 on NVIDIA GPUs (2012). #discretelogs
• Faster 2-regular information-set decoding (2011). #decoding
• On the correct use of the negation map in the Pollard rho method (2011). #discretelogs
• Smaller decoding exponents: ball-collision decoding (2010). #decoding
• Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein (2010). #quantum #symmetric
• Starfish on strike (2010). #factorization
• Type-II optimal polynomial bases (2010). #discretelogs
• Grover vs. McEliece (2009). #decoding #quantum
• Breaking ECC2K-130 (2009). #discretelogs
• The Certicom challenges ECC2-X (2009). #discretelogs
• The billion-mulmod-per-second PC (2009). #factorization
• FSBday: implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB (2009). #symmetric
• Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? (2009). #metrics #quantum
• Explicit bounds for generic decoding algorithms for code-based cryptography (2009). #decoding
• ECM on graphics cards (2008). #factorization
• Attacking and defending the McEliece cryptosystem (2008). #decoding
• ECM using Edwards curves (2008). #factorization
• Better price-performance ratios for generalized birthday attacks (2007). #metrics #symmetric
• What output size resists collisions in a xor of independent expansions? (2007). #symmetric
• Analysis of QUAD (2007). #multivariate #symmetric
• Does ZK-Crypt version 1 flunk a repetition test? (2006). #symmetric
• Understanding brute force (2005). #metrics #symmetric
• Cache-timing attacks on AES (2004). #sidechannel #symmetric #vs-impl
• Faster factorization into coprimes (2004). #factorization
• How to find smooth parts of integers (2004). #factorization
• Circuits for integer factorization: a proposal (2001). #factorization #metrics
• How to find small factors of integers (2000). #factorization
• Factoring into coprimes in essentially linear time (1996). #factorization
• The multiple-lattice number field sieve (1995). #factorization
• A general number field sieve implementation (1993). #factorization