| year | title | booktitle | pages |
|---|
| 1 | 2012 | Homomorphic Evaluation of the AES Circuit | crypto | 850-867 |
| 2 | 2012 | Better Bootstrapping in Fully Homomorphic Encryption | pkc | 1-16 |
| 3 | 2012 | Leakage-Tolerant Interactive Protocols | tcc | 266-284 |
| 4 | 2012 | Fully Homomorphic Encryption with Polylog Overhead | eurocrypt | 465-482 |
| 5 | 2011 | Secure Computation on the Web: Computing without Simultaneous Interaction | crypto | 128 |
| 6 | 2011 | Program Obfuscation with Leaky Hardware | asiacrypt | 722-739 |
| 7 | 2011 | Implementing Gentry's Fully-Homomorphic Encryption Scheme | eurocrypt | 129 |
| 8 | 2011 | One-Pass HMQV and Asymmetric Key-Wrapping | pkc | 317 |
| 9 | 2011 | After-the-Fact Leakage in Public-Key Encryption | tcc | 107 |
| 10 | 2010 | i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits | eprint | online |
| 11 | 2010 | A Simple BGN-type Cryptosystem from LWE | eprint | online |
| 12 | 2010 | Composable Security Analysis of OS Services | eprint | online |
| 13 | 2010 | i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits | crypto | 155-172 |
| 14 | 2010 | A Simple BGN-Type Cryptosystem from LWE | eurocrypt | 506-522 |
| 15 | 2010 | Fully Homomorphic Encryption over the Integers | eurocrypt | 24-43 |
| 16 | 2009 | Attacking Cryptographic Schemes Based on "Perturbation Polynomials" | eprint | online |
| 17 | 2009 | Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings | crypto | |
| 18 | 2009 | Hierarchical Identity Based Encryption with Polynomially Many Levels | tcc | 437-456 |
| 19 | 2008 | On Seed-Incompressible Functions | tcc | 19-36 |
| 20 | 2008 | Degradation and Amplification of Computational Hardness | tcc | 626-643 |
| 21 | 2008 | Cryptanalysis of ISO/IEC 9796-1 | jofc | 27-51 |
| 22 | 2008 | Threshold RSA for Dynamic and Ad-Hoc Groups | eprint | online |
| 23 | 2008 | Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs | eprint | online |
| 24 | 2008 | Circular-Secure Encryption from Decision Diffie-Hellman | crypto | 108-125 |
| 25 | 2008 | Degradation and Amplification of Computational Hardness | eprint | online |
| 26 | 2008 | Threshold RSA for Dynamic and Ad-Hoc Groups | eurocrypt | 88-107 |
| 27 | 2007 | Security under Key-Dependent Inputs | eprint | online |
| 28 | 2007 | Invertible Universal Hashing and the TET Encryption Mode | crypto | 412-429 |
| 29 | 2007 | Smooth Projective Hashing and Two-Message Oblivious Transfer | eprint | online |
| 30 | 2007 | Invertible Universal Hashing and the TET Encryption Mode | eprint | online |
| 31 | 2007 | A Forward-Secure Public-Key Encryption Scheme | jofc | 265-294 |
| 32 | 2006 | Mitigating Dictionary Attacks on Password-Protected Local Storage | eprint | online |
| 33 | 2006 | Mitigating Dictionary Attacks on Password-Protected Local Storage | crypto | online |
| 34 | 2006 | Strengthening Digital Signatures Via Randomized Hashing | crypto | online |
| 35 | 2006 | Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings | tcc | |
| 36 | 2005 | Adaptively-Secure, Non-interactive Public-Key Encryption | tcc | online |
| 37 | 2005 | Hardness Amplification of Weakly Verifiable Puzzles | tcc | online |
| 38 | 2005 | A sufficient condition for key-privacy | eprint | online |
| 39 | 2005 | A model and architecture for pseudo-random generation with applications to /dev/random | eprint | online |
| 40 | 2005 | Universally Composable Password-Based Key Exchange | eurocrypt | online |
| 41 | 2005 | Enforcing Confinement in Distributed Storage and a Cryptographic Model for Access Control | eprint | online |
| 42 | 2005 | A plausible approach to computer-aided cryptographic proofs | eprint | online |
| 43 | 2005 | Universally Composable Password-Based Key Exchange | eprint | online |
| 44 | 2004 | Hardness amplification of weakly verifiable puzzles | eprint | online |
| 45 | 2004 | On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes | tcc | 40-57 |
| 46 | 2004 | EME*: extending EME to handle arbitrary-length messages with associated data | eprint | online |
| 47 | 2004 | Chosen-Ciphertext Security from Identity-Based Encryption | eurocrypt | online |
| 48 | 2004 | Adaptively-Secure, Non-Interactive Public-Key Encryption | eprint | online |
| 49 | 2003 | A Forward-Secure Public-Key Encryption Scheme | eprint | online |
| 50 | 2003 | A Parallelizable Enciphering Mode | eprint | online |
| 51 | 2003 | A Tweakable Enciphering Mode | eprint | online |
| 52 | 2003 | On the random-oracle methodology as applied to length-restricted signature schemes | eprint | online |
| 53 | 2003 | A Tweakable Enciphering Mode | crypto | online |
| 54 | 2003 | Chosen-Ciphertext Security from Identity-Based Encryption | eprint | online |
| 55 | 2003 | A Forward-Secure Public-Key Encryption Scheme | eurocrypt | online |
| 56 | 2002 | Scream: a software-efficient stream cipher | eprint | online |
| 57 | 2002 | Cryptanalysis of stream ciphers with linear masking | eprint | online |
| 58 | 2002 | Cryptanalysis of Stream Ciphers with Linear Masking | crypto | online |
| 59 | 2002 | Scream: A Software-Efficient Stream Cipher | fse | online |
| 60 | 2001 | The Modular Inversion Hidden Number Problem | asiacrypt | 36-51 |
| 61 | 2001 | An observation regarding Jutla's modes of operation | eprint | online |
| 62 | 2000 | Maintaining Authenticated Communication in the Presence of Break-Ins | jofc | 61-105 |
| 63 | 2000 | Exposure-Resilient Functions and All-or-Nothing Transforms | eurocrypt | 453-469 |
| 64 | 2000 | Computing Inverses over a Shared Secret Modulus | eurocrypt | 190-206 |
| 65 | 2000 | A Cryptographic Solution to a Game Theoretic Problem | crypto | 112-130 |
| 66 | 1999 | Secure Hash-and-Sign Signatures Without the Random Oracle | eurocrypt | 123-139 |
| 67 | 1999 | Public-key cryptography and password protocols | eprint | online |
| 68 | 1999 | Secure Hash-and-Sign Signatures without the Random Oracle | eprint | online |
| 69 | 1999 | Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver | jofc | 77-89 |
| 70 | 1999 | UMAC: Fast and Secure Message Authentication | crypto | 216-233 |
| 71 | 1998 | The Random Oracle Methodology, Revisited | eprint | online |
| 72 | 1998 | Maintaining Authenticated Communication in the Presence of Break-ins | eprint | online |
| 73 | 1998 | More on Proofs of Knowledge | eprint | online |
| 74 | 1998 | Many-to-one Trapdoor Functions and their Relation to Public-key Cryptosystems | eprint | online |
| 75 | 1998 | Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems | crypto | 283-298 |
| 76 | 1997 | Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem | crypto | 105-111 |
| 77 | 1997 | Public-Key Cryptosystems from Lattice Reduction Problems | crypto | 112-131 |
| 78 | 1997 | MMH: Software Message Authentication in the Gbit/Second Rates | fse | 172-189 |
| 79 | 1996 | Collision-Free Hashing from Lattice Problems | eprint | online |
| 80 | 1996 | Public-Key Cryptosystems from Lattice Reduction Problems | eprint | online |
| 81 | 1996 | Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing | crypto | 201-215 |
| 82 | 1995 | Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver | crypto | 84-96 |
