Papers (some also with slides)

• PORs: Proofs of Retrievability for Large Files. ACM CCS 2007
• Proofs for Two-Server Password Authentication. CT-RSA 2005
• A new two-server approach for authentication with short secrets. USENIX Security 2003.
• On the security of RSA encryption in TLS. CRYPTO 2002.
• On hash function firewalls in signature schemes. CT-RSA 2002.
• An unknown key-share attack on the MQV key agreement protocol. ACM TISSEC, 2001.
• Server-assisted generation of a strong secret from a password. WET ICE 2000.
• Efficient finite field basis conversion involving dual bases. CHES'99.
• Emerging standards for public-key cryptography. Lectures on Data Security: Modern Cryptology in Theory and Practice, 1999.
• Storage-efficient finite field basis conversion. SAC'98.

Technical Articles

• RFID Blocker Tags. Dr. Dobb's Journal, September 2004.
• RSA Digital Signatures. Dr. Dobb's Journal, May 2001.

Other Publications

• The Mathematics of the RSA Public-Key Cryptosystem. Lead essay, Mathematics Awareness Month, April 2006. (.pdf)
• Testimony. Witness panel 2, The State of Small Business Security in a Cyber Economy. Committee on Small Business, Subcommittee on Regulatory Reform and Oversight, U.S. House of Representatives, Washington, DC, USA, March 16, 2006. (.html)
• Algorithm Agility and OATH. Opinion piece, Computerworld, May 19, 2005.
• One Cryptographer's Perspective. Interesting-People message, February 24, 2005.

Presentations

• PORs: Proofs of Retrievability for Large Files. (Joint work with Ari Juels) Peking University School of Software and Microelectronics, Beijing, China, August 7, 2007 (.ppt) Revised version presented at Technion, Haifa, Israel, January 8, 2008 (.ppt)
• Learning to SKI Again: The Renaissance of Symmetric Key Infrastructures. RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007(.ppt)
• Some New Applications of One-Time Passwords. Peking University School of Software and Microelectronics, Beijing, China, November 1, 2006 and Shanghai Jiao Tong University, Shanghai, China, November 3, 2006(.ppt)
• Next Steps toward More Trustworthy Interfaces, continued (invited). 2nd Workshop on Trustworthy Interfaces for Passwords and Personal Information (TIPPI), Stanford University, Stanford, CA, June 19, 2006. (.ppt; abstract)
• The Mathematics of Computer Security (invited). Worcester Polytechnic Institute, Worcester, MA, USA, April 26, 2006. Also presented at Weston High School, Weston, MA, USA, April 28, 2006; and ED.gov Teacher Workshop, Hopkinton, MA, USA, July 13, 2006. (.ppt)
• Cryptography and Security: The Narrow Road from Theory to Practice (invited). Information Security Practice and Experience Conference (ISPEC) 2006, Hangzhou, China, April 14, 2006. (.ppt)
• Growing Up with Alice and Bob: Three Decades with the RSA Cryptosystem (invited). Singapore Management University, Singapore, April 7, 2006. (.ppt; announcement; video)
• Homeland Security, User Authentication and Cryptography (invited). IEEE Rochester Section Joint Chapter Meeting, Rochester, NY, USA, March 29, 2006. (.ppt)
• Circuit Design Projects in Integer Factorization (invited). Rochester Institute of Technology, Rochester, NY, USA, March 29, 2006. (.ppt)
• Towards More Trustworthy Interfaces for User Authentication (invited). Telcordia Distinguished Speaker Seminar Series, Piscataway, NJ, USA, February 28, 2006. Also presented at Peking University School of Software and Microelectronics, Beijing, China, April 10, 2006. (.ppt; abstract)
• Stronger Authentication: The Feeling is Mutual (invited). GTISC Security Seminar, Georgia Tech., Altanta, GA, USA, December 6, 2005. (.ppt)
• Security for Web Information Systems: Towards Compromise-Resilient Architectures (invited). Web Information Systems Engineering (WISE) 2005, New York City, NY, USA, November 21, 2005. (.ppt)
• Data Protection: Architecting for Security and Responsibility. 32nd CSI Conference, Washington, DC, USA, November 15, 2005. (.ppt)
• Digital Identities: Liabilities or Valuable Assets? 32nd CSI Conference, Washington, DC, USA, November 15, 2005. (.ppt)
• Tendencias Tecnológicas de PKI: Thoughts on SHA-1 and the Very Long Term. Congreso Internet 2005, UNAM, Ciudad Universitaria, Mexico (by videoconference). October 27, 2005. (.ppt)
• User Interfaces: The Weakest Link. Panel presentation, RSA Conference Europe 2005, Vienna, Austria, October 2005. (.ppt)
• Next Steps toward More Trustworthy Interfaces. 1st Workshop on Trustworthy Interfaces for Passwords and Personal Information, Stanford University, Stanford, CA, USA, June 13, 2005. (.ppt)
• Security Technology and Regulatory Compliance. MassNetComms Breakfast Panel, Newton, MA, USA, June 9, 2005. (.ppt)
• Passwords Don't Get No Respect: Or, How to Make the Most of Weak Shared Secrets (invited). DIMACS Workshop on Theft in E-Commerce, Piscataway, NJ, USA, April 14, 2005. (.ppt)
• The Challenges of RFID Authentication (invited). RFID in 2005 — Technology and Industry Perspectives, U.S. Department of Commerce, Washington, DC, USA, April 6, 2005. (.ppt)
• Two Technical Phishing Countermeasures (invited). North Shore Technology Council, Peabody, MA, USA, March 23, 2005. (.ppt)
• Panelist. Phishing: Don’t Get Hooked, Microsoft Executive Circle Webcast: Security360 with Mike Nash, March 15, 2005.
• Future Directions in User Authentication (invited).IT-Defense 2005, Cologne, Germany, January 24-28, 2005. (.ppt) Revised version presented at Peking University School of Software and Microelectronics, Beijing, China, April 10, 2006. (.ppt)
• Cryptography and Data Security: Long-Term Challenges (invited). Northeastern University CCIS Mini-Symposium on Information Security, Boston, MA, USA, November 9, 2004. Also presented at Bell Labs, Murray Hill, NJ, USA, December 6, 2004. (.ppt)
• Authentication: Risk vs. Readiness, Challenges & Solutions (invited). BITS Protecting the Core Forum, Washington, DC, USA, October 6, 2004. (.ppt)
• RFID Privacy: Challenges and Progress. Information Security Solutions Europe (ISSE) , Berlin, Germany, September 28-30, 2004. (.ppt)
• Network Encryption: Long-Term Challenges (invited). NRO Terabits Networking Forum, Chantilly, VA, USA, September 8, 2004. (.ppt)
• Radio Frequency Identification: The Next Wave in Identity Management. Security Leadership Council, Security & Technology Online, June 30, 2004. (.ppt)
• Thoughts on RFID Security and Privacy. ITAA RFID Forum, Washington, DC, June 15, 2004. (.ppt)
• Public-Key Validity and Private-Key Possession: Recent Developments. (Joint work with Mark McCutcheon.) RSA Conference 2004 Japan, Tokyo, Japan, May 31-June 1, 2004. Also presented at The University of Electro-Communications, May 30, 2004. (.ppt)
• Security and Privacy for RFID Systems. RSA Conference 2004 Japan, Tokyo, Japan, May 31-June 1, 2004. Also presented at The University of Electro-Communications, May 30, 2004. (.ppt)
• Trustworthy On-Line Signatures: the Nightingale Approach. RSA Conference 2004 Europe, Amsterdam, The Netherlands, November 3-5, 2003. (.ppt)
• Nightingale: Privacy Outsourcing for Sensitive Data. (Joint work with John Brainard, Ari Juels and Mike Szydlo.) RSA Conference 2003 Japan, Tokyo, Japan, June 3-4, 2003. Also presented at The University of Electro-Communications, June 2, 2003. (.ppt) Extended version presented at Stanford University Security Seminar, May 28, 2003. (.ppt)
• Wireless Security: When Things Really Get Interesting (invited). World Wireless Congress, San Francisco, CA, USA, May 28, 2003. (.ppt)
• Protecting the Knowledge in Knowledge-Based Authentication. Knowledge Based Authentication Symposium, NIST, Gaithersburg, MD, USA, February 9-10, 2003. (.ppt)
• Crypto-Visionen - ist IT-Sicherheit überhaupt zukunftsicher (keynote). (Crypto-Vision: Is IT-Security Safe for the Future?) NetworkWorld Germany Security-Tage, Munich, Germany, December 4, 2002. (.ppt)
• On the Security of RSA Encryption in TLS. Boston University Applied Cryptography and e-Security (ACeS) Lab, Boston, MA, USA, November 18, 2002. (.ppt) (Joint work with Jakob Jonsson.)
• Key Encapsulation: An Emerging Paradigm for Public-Key Cryptography. RSA Conference 2002 Japan, Tokyo, Japan, May 29-30, 2002. (.ppt)
• Hash Function Firewalls in Signature Schemes. RSA Conference 2002, San Jose, CA, USA, February 18-22, 2002. (.ppt)
• Status of Draft ANSI X9.44 (& More). NIST Second Key Management Workshop, Gaithersburg, MD, USA, November 1-2, 2001. (.ppt) (Joint work with Jakob Jonsson.)
• Perspectives on PKI & Technology. Logistics Community Forum 2001, Chantilly, VA, USA, July 31, 2001. (.ppt)
• New Challenges in Embedded Security (invited). CEES Symposium on Embedded Security, Boston, MA, USA, July 10, 2001; WPI Cryptography and Data Security Seminar Series, Worcester, MA, USA, October 18, 2001. (.ppt)
• Cryptography Trends: A US-Based Perspective (invited). CRYPTREC Cryptography Symposium, Tokyo, Japan, October 20, 2000. (.ppt)
• RSA Digital Signature Standards. National Information Systems Security Conference, Baltimore, MD, USA, October 16-19, 2000. (.ppt)
• Considerations for New Public-Key Algorithms. Information Security Solutions Europe (ISSE) 2000, Barcelona, Spain, September 27-29, 2000. (.ppt)
• Hash Function Firewalls in Signature Schemes (preliminary version). IEEE P1363 Working Group, Boston, MA, USA, June 2, 2000; AT&T Research, Florham Park, NJ, USA, August 13, 2001; MIT Laboratory for Computer Science Cryptography and Information Security Group, Cambridge, MA, USA, October 5, 2001. (.ppt)
• Subdividing Crypto with Smart Cards. CardTech/SecurTech 2000, Miami, FL, USA, May 1-4, 2000. (.ppt)
• Further Improvements in PKCS #11 and #15. CardTech/SecurTech 2000, Miami, FL, USA, May 1-4, 2000. (.ppt)
• Unknown Key Share Attacks and the MQV Key Agreement Protocol. RSA Conference 2000 Europe, Munich, Germany, April 10-13, 2000. (.ppt)
• Key Management and ANSI X9.44. NIST Workshop on Key Management Using Public Key Cryptography, Gaithersburg, MD, USA, February 10-11, 2000. (.ppt)
• Requirements for New Public-Key Algorithms (invited). Arithmetica GT-1 Consortium, New York, NY, USA, February 1, 2000. (.ppt)
• RSA Digital Signature Standards. RSA Conference 2000, San Jose, CA, USA, January 16-20, 2000. (.ppt)
• PKCS Workshop '99 Summary. RSA Conference 2000, San Jose, CA, USA, January 16-20, 2000. (.ppt)
• The Emergence of Universal Security. Dataquest Semiconductors ’99, Palm Springs, CA, USA, November 1-3, 1999. (.ppt)
• PKCS: Public-Key Cryptography Standards. Information Security Solutions Europe (ISSE) ‘99, Berlin, Germany, October 4-6, 1999. (.ppt)
• Elliptic Curve Cryptography. Information Security Solutions Europe (ISSE) ‘99, Berlin, Germany, October 4-6, 1999. (.ppt)
• Finite Field Basis Conversion Methods (invited). Public Key Solutions ’99, Toronto, Ontario, Canada, April 12-14, 1999. (.ppt) (Joint work with Yiqun Lisa Yin and Moses Liskov.)
• Some Perspectives on Smart Card Cryptography (invited). Smart Card Industry Association Fall ‘98 Workshop, IC Card & System Security, Arlington, VA, USA, November 16-17, 1998. (.ppt)
• Factoring and Discrete Logarithm Based Cryptography: A Tale of Two Families (invited). ASIACRYPT ’98, Beijing, China, October 18-22, 1998. (.ppt) (Joint work with Moses Liskov.)
• RSA Data Security’s DES Challenge (invited). ASIACRYPT ’98, Beijing, China, October 18-22, 1998. (.ppt) (photo)
• Storage-Efficient Finite Field Basis Conversion. SAC ‘98, Queen's University, Kingston, Ontario, Canada, August 17-18, 1998. (.ppt)
• Emerging Standards for Public Key Cryptography. BRICS Summer School in Cryptology and Data Security, Aarhus University, Aarhus, Denmark, July 20-24, 1998; Graduate School of USTC, Beijing, China, October 23, 1998 (invited). (.ppt)

Theses

• Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools. Ph.D. Thesis, MIT/LCS/TR-411, MIT, 1988. (.pdf)
    Note: Augusto Jun Devegili has kindly posted a transcription of the
    Macsyma code for the Weil pairing given in the appendix of the thesis.