| year | title | booktitle | pages |
|---|
| 1 | 2012 | Group Signatures with Almost-for-Free Revocation | crypto | 571-589 |
| 2 | 2012 | Multi-location Leakage Resilient Cryptography | pkc | 504-521 |
| 3 | 2012 | Non-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions | tcc | 75-93 |
| 4 | 2012 | Scalable Group Signatures with Revocation | eurocrypt | 609-627 |
| 5 | 2011 | Resettable Cryptography in Constant Rounds - The Case of Zero Knowledge | asiacrypt | 390-406 |
| 6 | 2011 | Efficient Circuit-Size Independent Public Key Encryption with KDM Security | eurocrypt | 507 |
| 7 | 2011 | Signatures Resilient to Continual Leakage on Memory and Computation | tcc | 89 |
| 8 | 2011 | On the Security of Hash Functions Employing Blockcipher Postprocessing | fse | 146 |
| 9 | 2010 | Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs | tcc | 499-517 |
| 10 | 2010 | A New Framework for RFID Privacy | eprint | online |
| 11 | 2010 | Concurrent Knowledge Extraction in the Public-Key Model | eprint | online |
| 12 | 2010 | Cryptography between Wonderland and Underland | eurocrypt | 320-321 |
| 13 | 2010 | Adaptive Concurrent Non-Malleability with Bare Public-Keys | eprint | online |
| 14 | 2009 | A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks | eurocrypt | 443-461 |
| 15 | 2009 | On the Portability of Generalized Schnorr Proofs | eprint | online |
| 16 | 2009 | Secure Multi-party Computation Minimizing Online Rounds | asiacrypt | 268-286 |
| 17 | 2009 | Group Encryption: Non-interactive Realization in the Standard Model | asiacrypt | 179-196 |
| 18 | 2009 | A New Randomness Extraction Paradigm for Hybrid Encryption | eurocrypt | 590-609 |
| 19 | 2009 | On the Portability of Generalized Schnorr Proofs | eurocrypt | 425-442 |
| 20 | 2008 | Fair Traceable Multi-Group Signatures | eprint | online |
| 21 | 2008 | The CCA2-Security of Hybrid Damgård's ElGamal | eprint | online |
| 22 | 2008 | Recovering NTRU Secret Key from Inversion Oracles | pkc | 18-36 |
| 23 | 2008 | A New Randomness Extraction Paradigm for Hybrid Encryption | eprint | online |
| 24 | 2008 | Constructing Variable-Length PRPs and SPRPs from Fixed-Length PRPs | eprint | online |
| 25 | 2007 | A Block Cipher based PRNG Secure Against Side-Channel Key Recovery | eprint | online |
| 26 | 2007 | Generic and Practical Resettable Zero-Knowledge in the Bare Public-Key Model | eurocrypt | 129-147 |
| 27 | 2007 | Cryptographic Hardness based on the Decoding of Reed-Solomon Codes | eprint | online |
| 28 | 2007 | Two-Party Computing with Encrypted Data | asiacrypt | 298-314 |
| 29 | 2007 | Group Encryption | asiacrypt | 181-199 |
| 30 | 2007 | Parallel Key-Insulated Public Key Encryption Without Random Oracles | pkc | 298-314 |
| 31 | 2007 | Group Encryption | eprint | online |
| 32 | 2007 | Scalable Protocols for Authenticated Group Key Exchange | jofc | 85-113 |
| 33 | 2006 | Threshold and Proactive Pseudo-Random Permutations | eprint | online |
| 34 | 2006 | Interactive Zero-Knowledge with Restricted Random Oracles | tcc | online |
| 35 | 2006 | Threshold and Proactive Pseudo-Random Permutations | tcc | online |
| 36 | 2006 | Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding | asiacrypt | online |
| 37 | 2006 | Characterization of Security Notions for Probabilistic Private-Key Encryption | jofc | 67-95 |
| 38 | 2006 | A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) | eprint | online |
| 39 | 2006 | Public Key Cryptography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24-26, 2006, Proceedings | pkc | |
| 40 | 2006 | Copyrighting Public-key Functions and Applications to Black-box Traitor Tracing | eprint | online |
| 41 | 2006 | Do We Need to Vary the Constants? (Methodological Investigation of Block-Cipher Based Hash Functions) | eprint | online |
| 42 | 2005 | Group Signatures with Efficient Concurrent Join | eprint | online |
| 43 | 2005 | Group Signatures with Efficient Concurrent Join | eurocrypt | online |
| 44 | 2004 | Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders | eprint | online |
| 45 | 2004 | The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures | eurocrypt | online |
| 46 | 2004 | Elastic Block Ciphers | eprint | online |
| 47 | 2004 | Elastic AES | eprint | online |
| 48 | 2004 | Scalable Public-Key Tracing and Revoking | eprint | online |
| 49 | 2004 | Cryptanalyzing the Polynomial-Reconstruction based Public-Key System Under Optimal Parameter Choice | eprint | online |
| 50 | 2004 | Traceable Signatures | eurocrypt | online |
| 51 | 2004 | General Group Authentication Codes and Their Relation to "Unconditionally-Secure Signatures" | pkc | online |
| 52 | 2004 | Traceable Signatures | eprint | online |
| 53 | 2004 | Cryptanalyzing the Polynomial-Reconstruction Based Public-Key System Under Optimal Parameter Choice | asiacrypt | online |
| 54 | 2004 | The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures | eprint | online |
| 55 | 2003 | Scalable Protocols for Authenticated Group Key Exchange | eprint | online |
| 56 | 2003 | Extracting Group Signatures from Traitor Tracing Schemes | eurocrypt | 630-648 |
| 57 | 2003 | Scalable Protocols for Authenticated Group Key Exchange | crypto | online |
| 58 | 2003 | Strong Key-Insulated Signature Schemes | pkc | 130-144 |
| 59 | 2002 | Crypto-integrity | asiacrypt | online |
| 60 | 2002 | Key-Insulated Public-Key Cryptosystems | eprint | online |
| 61 | 2002 | Traitor Tracing with Constant Transmission Rate | eurocrypt | online |
| 62 | 2002 | Self-tallying Elections and Perfect Ballot Secrecy | pkc | 141-158 |
| 63 | 2002 | Threshold Cryptosystems Based on Factoring | asiacrypt | online |
| 64 | 2002 | Key-Insulated Public Key Cryptosystems | eurocrypt | online |
| 65 | 2001 | Adaptive Security for the Additive-Sharing Based Proactive RSA | pkc | 240-263 |
| 66 | 2001 | Bandwidth-Optimal Kleptographic Attacks | ches | 235-250 |
| 67 | 2001 | Incremental Unforgeable Encryption | fse | 109-124 |
| 68 | 2001 | Self Protecting Pirates and Black-Box Traitor Tracing | crypto | 63-79 |
| 69 | 2001 | Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords | eurocrypt | 475-494 |
| 70 | 2001 | Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords | eprint | online |
| 71 | 2001 | A PVSS as Hard as Discrete Log and Shareholder Separability | pkc | 287-299 |
| 72 | 2001 | Threshold Cryptosystems Based on Factoring | eprint | online |
| 73 | 2000 | "Psyeudorandom Intermixing": A Tool for Shared Cryptography | pkc | 306-325 |
| 74 | 2000 | Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation | fse | 284-299 |
| 75 | 2000 | Towards Signature-Only Signature Schemes | asiacrypt | 97-115 |
| 76 | 2000 | Design Validations for Discrete Logarithm Based Signature Schemes | pkc | 276-292 |
| 77 | 2000 | RSA-Based Auto-recoverable Cryptosystems | pkc | 326-341 |
| 78 | 1999 | Scramble All, Encrypt Small | fse | 95-111 |
| 79 | 1999 | Decision Oracles are Equivalent to Matching Oracles | pkc | 276-289 |
| 80 | 1999 | Adaptively-Secure Optimal-Resilience Proactive RSA | asiacrypt | 180-194 |
| 81 | 1999 | Auto-Recoverable Cryptosystems with Faster Initialization and the Escrow Hierarchy | pkc | 306-314 |
| 82 | 1998 | Distributed Public Key Cryptosystems | pkc | 1-13 |
| 83 | 1998 | Auto-Recoverable Auto-Certifiable Cryptosystems | eurocrypt | 17-31 |
| 84 | 1998 | Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs | fse | 122-133 |
| 85 | 1998 | Lower Bounds on Term-Based Divisible Cash Systems | pkc | 72-82 |
| 86 | 1998 | Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation | jofc | 87-108 |
| 87 | 1998 | Fair Off-Line e-cash Made Easy | asiacrypt | 257-270 |
| 88 | 1998 | On the Security of ElGamal Based Encryption | pkc | 117-134 |
| 89 | 1997 | Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function | eprint | online |
| 90 | 1997 | Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function | eurocrypt | 280-305 |
| 91 | 1997 | Proactive RSA | crypto | 440-454 |
| 92 | 1997 | The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems | crypto | 264-276 |
| 93 | 1997 | Kleptography: Using Cryptography Against Cryptography | eurocrypt | 62-74 |
| 94 | 1997 | Sliding Encryption: A Cryptographic Tool for Mobile Agents | fse | 230-241 |
| 95 | 1997 | Keeping the SZK-Verifier Honest Unconditionally | crypto | 31-45 |
| 96 | 1997 | Distributed "Magic Ink" Signatures | eurocrypt | 450-464 |
| 97 | 1996 | Certifying Permutations: Noninteractive Zero-Knowledge Based on Any Trapdoor Permutation | jofc | 149-166 |
| 98 | 1996 | Proactive RSA | eprint | online |
| 99 | 1996 | The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? | crypto | 89-103 |
| 100 | 1996 | Multi-Autority Secret-Ballot Elections with Linear Work | eurocrypt | 72-83 |
| 101 | 1996 | Proving Without Knowing: On Oblivious, Agnostic and Blindolded Provers | crypto | 186-200 |
| 102 | 1996 | "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash | asiacrypt | 286-300 |
| 103 | 1995 | Escrow Encryption Systems Visited: Attacks, Analysis and Designs | crypto | 222-235 |
| 104 | 1995 | Cryptoanalysis of the Immunized LL Public Key Systems | crypto | 287-296 |
| 105 | 1995 | Proactive Secret Sharing Or: How to Cope With Perpetual Leakage | crypto | 339-352 |
| 106 | 1994 | The Blinding of Weak Signatures (Extended Abstract) | eurocrypt | 67-76 |
| 107 | 1993 | Interactive Hashing Simplifies Zero-Knowledge Protocol Design | eurocrypt | 267-273 |
| 108 | 1992 | Perfectly-Secure Key Distribution for Dynamic Conferences | crypto | 471-486 |
| 109 | 1992 | Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract) | crypto | 196-214 |
| 110 | 1992 | Certifying Cryptographic Tools: The Case of Trapdoor Permutations | crypto | 442-460 |
| 111 | 1991 | Systematic Design of Two-Party Authentication Protocols | crypto | 44-61 |
| 112 | 1991 | Weakness of Undeniable Signature Schemes (Extended Abstract) | eurocrypt | 205-220 |
| 113 | 1990 | One-Way Group Actions | crypto | 94-107 |
| 114 | 1990 | Crptograpic Applications of the Non-Interactive Metaproof and Many-Prover Systems | crypto | 366-377 |
| 115 | 1990 | Abritrated Unconditionally Secure Authentication Can Be Unconditionally Protected Against Arbiter's Attacks (Extended Abstract) | crypto | 177-188 |
| 116 | 1990 | On the Design of Provably Secure Cryptographic Hash Functions | eurocrypt | 412-431 |
| 117 | 1989 | Zero-Knowledge Proofs of Computational Power (Extended Summary) | eurocrypt | online |
| 118 | 1989 | Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds (Extended Abstract) | eurocrypt | 192-195 |
| 119 | 1989 | A Secure Public-key Authentication Scheme | eurocrypt | 3-15 |
| 120 | 1987 | Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model | crypto | 135-155 |
| 121 | 1987 | Direct Minimum-Knowledge Computations | crypto | 40-51 |
| 122 | 1985 | Symmetric Public-Key Encryption | crypto | 128-137 |
| 123 | 1984 | Cryptoprotocols: Subscription to a Public Key, the Secret Blocking and the Multi-Player Mental Poker Game (Extended Abstract) | crypto | 439-453 |
