| year | title | booktitle | pages |
|---|
| 1 | 2012 | Differential Privacy with Imperfect Randomness | crypto | 497-516 |
| 2 | 2012 | On the Instantiability of Hash-and-Sign RSA Signatures | tcc | 112-132 |
| 3 | 2012 | Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources | tcc | 618-635 |
| 4 | 2012 | Counterexamples to Hardness Amplification beyond Negligible | tcc | 476-493 |
| 5 | 2012 | Message Authentication, Revisited | eurocrypt | 355-374 |
| 6 | 2012 | To Hash or Not to Hash Again? (In)Differentiability Results for H 2 and HMAC | crypto | 348-366 |
| 7 | 2011 | Leftover Hash Lemma, Revisited | crypto | 1 |
| 8 | 2011 | Domain Extension for MACs Beyond the Birthday Barrier | eurocrypt | 323 |
| 9 | 2010 | Efficient Public-Key Cryptography in the Presence of Key Leakage | eprint | online |
| 10 | 2010 | Efficient Public-Key Cryptography in the Presence of Key Leakage | asiacrypt | 613-631 |
| 11 | 2010 | Cryptography Against Continuous Memory Attacks | eprint | online |
| 12 | 2010 | Public-Key Encryption Schemes with Auxiliary Inputs | tcc | 361-381 |
| 13 | 2010 | Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets | eprint | online |
| 14 | 2010 | A Domain Extender for the Ideal Cipher | tcc | 273-289 |
| 15 | 2010 | Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks | crypto | 21-40 |
| 16 | 2010 | Public-Key Encryption in the Bounded-Retrieval Model | eurocrypt | 113-134 |
| 17 | 2009 | Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model | crypto | 36-54 |
| 18 | 2009 | Proofs of Retrievability via Hardness Amplification | eprint | online |
| 19 | 2009 | Message Authentication Codes from Unpredictable Block Ciphers | crypto | 267-285 |
| 20 | 2009 | Composability and On-Line Deniability of Authentication | tcc | 146-162 |
| 21 | 2009 | Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Applications to MD6 | fse | 104-121 |
| 22 | 2009 | Security Amplification for InteractiveCryptographic Primitives | tcc | 128-145 |
| 23 | 2009 | Proofs of Retrievability via Hardness Amplification | tcc | 109-127 |
| 24 | 2009 | Salvaging Merkle-Damgård for Practical Applications | eurocrypt | 371-388 |
| 25 | 2008 | Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors | eprint | online |
| 26 | 2008 | Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs | crypto | 515-535 |
| 27 | 2008 | Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors | eurocrypt | 471-488 |
| 28 | 2008 | A New Mode of Operation for Block Ciphers and Length-Preserving MACs | eurocrypt | 198-219 |
| 29 | 2008 | One-Round Authenticated Key Agreement from Weak Secrets | eprint | online |
| 30 | 2007 | Universally Composable Security with Global Setup | tcc | 61-85 |
| 31 | 2007 | Intrusion-Resilient Key Exchange in the Bounded Retrieval Model | tcc | 479-498 |
| 32 | 2007 | Feistel Networks Made Public, and Applications | eurocrypt | 534-554 |
| 33 | 2007 | Does Privacy Require True Randomness? | tcc | 1-20 |
| 34 | 2007 | Optimistic Fair Exchange in a Multi-user Setting | eprint | online |
| 35 | 2007 | Improving the Security of MACs Via Randomized Message Preprocessing | fse | 414-433 |
| 36 | 2007 | Optimistic Fair Exchange in a Multi-user Setting | pkc | 118-133 |
| 37 | 2006 | Threshold and Proactive Pseudo-Random Permutations | eprint | online |
| 38 | 2006 | Does Privacy Require True Randomness? | eprint | online |
| 39 | 2006 | Mercurial Commitments: Minimal Assumptions and Efficient Constructions | tcc | online |
| 40 | 2006 | On the Relation Between the Ideal Cipher and the Random Oracle Models | tcc | online |
| 41 | 2006 | Separating Sources for Encryption and Secret Sharing | tcc | online |
| 42 | 2006 | Threshold and Proactive Pseudo-Random Permutations | tcc | online |
| 43 | 2006 | Verifiable Random Permutations | eprint | online |
| 44 | 2006 | Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets | crypto | online |
| 45 | 2006 | Universally Composable Security with Global Setup | eprint | online |
| 46 | 2006 | Public Key Cryptography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24-26, 2006, Proceedings | pkc | |
| 47 | 2005 | Secure Remote Authentication Using Biometric Data | eurocrypt | online |
| 48 | 2005 | Chosen-Ciphertext Security of Multiple Encryption | tcc | online |
| 49 | 2005 | Entropic Security and the Encryption of High Entropy Messages | tcc | online |
| 50 | 2005 | Merkle-Damgård Revisited: How to Construct a Hash Function | crypto | 430-448 |
| 51 | 2005 | Minimal Assumptions for Efficient Mercurial Commitments | eprint | online |
| 52 | 2005 | On the Generic Insecurity of the Full Domain Hash | crypto | online |
| 53 | 2005 | A Verifiable Random Function with Short Proofs and Keys | pkc  | online |
| 54 | 2004 | Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data | eurocrypt | online |
| 55 | 2004 | Scalable Public-Key Tracing and Revoking | eprint | online |
| 56 | 2004 | ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption | eprint | online |
| 57 | 2004 | Entropic Security and the Encryption of High Entropy Messages | eprint | online |
| 58 | 2004 | Optimal Signcryption from Any Trapdoor Permutation | eprint | online |
| 59 | 2004 | Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes | crypto | online |
| 60 | 2004 | A Verifiable Random Function With Short Proofs and Keys | eprint | online |
| 61 | 2004 | Anonymous Identification in Ad Hoc Groups | eurocrypt | online |
| 62 | 2003 | Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack | eprint | online |
| 63 | 2003 | Breaking and Repairing Optimistic Fair Exchange from PODC 2003 | eprint | online |
| 64 | 2003 | Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data | eprint | online |
| 65 | 2003 | Parallel Signcryption with OAEP, PSS-R, and other Feistel Paddings | eprint | online |
| 66 | 2003 | Efficient Construction of (Distributed) Verifiable Random Functions | pkc | 1-17 |
| 67 | 2003 | Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack | pkc | 100-115 |
| 68 | 2003 | Strong Key-Insulated Signature Schemes | pkc | 130-144 |
| 69 | 2003 | Concealment and its Applications to Authenticated Encryption | eprint | online |
| 70 | 2003 | Concealment and Its Applications to Authenticated Encryption | eurocrypt | online |
| 71 | 2002 | On the Security of Joint Signature and Encryption | eprint | online |
| 72 | 2002 | Key-Insulated Public-Key Cryptosystems | eprint | online |
| 73 | 2002 | On the Power of Claw-Free Permutations | eprint | online |
| 74 | 2002 | Efficient Construction of (Distributed) Verifiable Random Functions | eprint | online |
| 75 | 2002 | On the Security of Joint Signature and Encryption | eurocrypt | online |
| 76 | 2002 | Key-Insulated Public Key Cryptosystems | eurocrypt | online |
| 77 | 2001 | On Perfect and Adaptive Security in Exposure-Resilient Cryptography | eurocrypt | 301-324 |
| 78 | 2000 | Exposure-Resilient Functions and All-or-Nothing Transforms | eurocrypt | 453-469 |
| 79 | 2000 | A Cryptographic Solution to a Game Theoretic Problem | crypto | 112-130 |
| 80 | 2000 | Parallel Reducibility for Information-Theoretically Secure Computation | crypto | 74-92 |
| 81 | 1999 | Lower Bounds for Oblivious Transfer Reductions | eurocrypt | 42-55 |
