| year | title | booktitle | pages |
|---|
| 1 | 2016 | Standard Security Does Imply Security Against Selective Opening for Markov Distributions | tcc | 282-305 |
| 2 | 2016 | Two-Round Man-in-the-Middle Security from LPN | tcc | 225-248 |
| 3 | 2016 | Tightly CCA-Secure Encryption Without Pairings | eurocrypt  | 1-27 |
| 4 | 2016 | Optimal Security Proofs for Signatures from Identification Schemes | crypto | 33-61 |
| 5 | 2015 | Tightly-Secure Authenticated Key Exchange | tcc | 629-658 |
| 6 | 2015 | On the Selective Opening Security of Practical Public-Key Encryption Schemes | pkc | 27-51 |
| 7 | 2015 | Digital Signatures from Strong RSA without Prime Generation | pkc | 217-235 |
| 8 | 2015 | Tightly-Secure Signatures from Chameleon Hash Functions | pkc | 256-279 |
| 9 | 2015 | Simple Chosen-Ciphertext Security from Low-Noise LPN | eprint | 401 |
| 10 | 2015 | Quasi-Adaptive NIZK for Linear Subspaces Revisited | eprint | 216 |
| 11 | 2015 | Quasi-Adaptive NIZK for Linear Subspaces Revisited | eurocrypt | 101-128 |
| 12 | 2015 | Subtleties in the Definition of IND-CCA: When and How Should Challenge Decryption Be Disallowed? | jofc | 29-48 |
| 13 | 2015 | Standard Security Does Imply Security Against Selective Opening for Markov Distributions | eprint | 853 |
| 14 | 2015 | Structure-Preserving Signatures from Standard Assumptions, Revisited | crypto | 275-295 |
| 15 | 2015 | Structure-Preserving Signatures from Standard Assumptions, Revisited | eprint | 604 |
| 16 | 2014 | (Hierarchical) Identity-Based Encryption from Affine Message Authentication | eprint | 581 |
| 17 | 2014 | (Hierarchical) Identity-Based Encryption from Affine Message Authentication | crypto | 408-425 |
| 18 | 2014 | Simple Chosen-Ciphertext Security from Low-Noise LPN | pkc | 1-18 |
| 19 | 2013 | An Algebraic Framework for Diffie-Hellman Assumptions | crypto | 129-147 |
| 20 | 2013 | Digital Signatures with Minimal Overhead from Indifferentiable Random Invertible Functions | crypto | 571-588 |
| 21 | 2013 | Non-Interactive Key Exchange | PKC | 249 |
| 22 | 2012 | DDH-Like Assumptions Based on Extension Rings | pkc | 644-661 |
| 23 | 2012 | Certifying RSA | asiacrypt | 404-414 |
| 24 | 2012 | Lapin: An Efficient Authentication Protocol Based on Ring-LPN | fse | 346-365 |
| 25 | 2012 | Identity-Based (Lossy) Trapdoor Functions and Applications | eurocrypt | 228-245 |
| 26 | 2012 | Message Authentication, Revisited | eurocrypt | 355-374 |
| 27 | 2012 | Optimal Security Proofs for Full Domain Hash, Revisited | eurocrypt | 537-553 |
| 28 | 2011 | Efficient Authentication from Hard Learning Problems | eurocrypt | 7 |
| 29 | 2011 | Short Signatures from Weaker Assumptions | asiacrypt | 647-666 |
| 30 | 2010 | Leakage Resilient ElGamal Encryption | asiacrypt | 595-612 |
| 31 | 2010 | A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems | tcc | 146-164 |
| 32 | 2010 | Leakage-Resilient Signatures | tcc | 343-360 |
| 33 | 2010 | Simple and Efficient Public-Key Encryption from Computational Diffie-Hellman in the Standard Model | pkc | 1-18 |
| 34 | 2010 | More Constructions of Lossy and Correlation-Secure Trapdoor Functions | pkc | 279-295 |
| 35 | 2010 | Instantiability of RSA-OAEP under Chosen-Plaintext Attack | crypto | 295-313 |
| 36 | 2010 | Simple and Efficient Public-Key Encryption from Computational Diffie-Hellman in the Standard Model | eprint | online |
| 37 | 2010 | Bonsai Trees, or How to Delegate a Lattice Basis | eurocrypt | 523-552 |
| 38 | 2010 | Adaptive Trapdoor Functions and Chosen-Ciphertext Security | eurocrypt | 673-692 |
| 39 | 2010 | Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks | eurocrypt | 381-402 |
| 40 | 2009 | Practical Chosen Ciphertext Secure Encryption from Factoring | eurocrypt | 313-332 |
| 41 | 2009 | Compact CCA-Secure Encryption for Messages of Arbitrary Length | pkc | 377-392 |
| 42 | 2009 | The Group of Signed Quadratic Residues and Applications | crypto | 637-653 |
| 43 | 2009 | The Twin Diffie-Hellman Problem and Applications | jofc | 470-504 |
| 44 | 2009 | On the Security of Padding-Based Encryption Schemes - or - Why We Cannot Prove OAEP Secure in the Standard Model | eurocrypt | 389-406 |
| 45 | 2009 | A New Randomness Extraction Paradigm for Hybrid Encryption | eurocrypt | 590-609 |
| 46 | 2008 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | jofc | 350-391 |
| 47 | 2008 | CCA2 Secure IBE: Standard Model Efficiency through Authenticated Symmetric Encryption | eprint | online |
| 48 | 2008 | The CCA2-Security of Hybrid Damgård's ElGamal | eprint | online |
| 49 | 2008 | Programmable Hash Functions and Their Applications | crypto | 21-38 |
| 50 | 2008 | The Twin Diffie-Hellman Problem and Applications | eprint | online |
| 51 | 2008 | A New Randomness Extraction Paradigm for Hybrid Encryption | eprint | online |
| 52 | 2008 | Chosen Ciphertext Security with Optimal Ciphertext Overhead | asiacrypt | 355-371 |
| 53 | 2008 | The Twin Diffie-Hellman Problem and Applications | eurocrypt | 127-145 |
| 54 | 2007 | Secure Hybrid Encryption from Weakened Key Encapsulation | eprint | online |
| 55 | 2007 | From Selective-ID to Full Security: The Case of the Inversion-Based Boneh-Boyen IBE Scheme | eprint | online |
| 56 | 2007 | Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman | eprint | online |
| 57 | 2007 | Bounded CCA2-Secure Encryption | asiacrypt | 502-518 |
| 58 | 2007 | Secure Hybrid Encryption from Weakened Key Encapsulation | crypto | 553-571 |
| 59 | 2007 | Secure Linear Algebra Using Linearly Recurrent Sequences | tcc | 291-310 |
| 60 | 2007 | A Note on Secure Computation of the Moore-Penrose Pseudoinverse and Its Application to Secure Linear Algebra | crypto | 613-630 |
| 61 | 2007 | Generalized Key Delegation for Hierarchical Identity-Based Encryption | eprint | online |
| 62 | 2007 | Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman | pkc | 282-297 |
| 63 | 2007 | Efficient Hybrid Encryption from ID-Based Encryption | eprint | online |
| 64 | 2006 | Direct Chosen-Ciphertext Secure Identity-Based Key Encapsulation without Random Oracles | eprint | online |
| 65 | 2006 | Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation | tcc | online |
| 66 | 2006 | Chosen-Ciphertext Security from Tag-Based Encryption | tcc | online |
| 67 | 2006 | Chosen-Ciphertext Secure Identity-Based Encryption in the Standard Model with short Ciphertexts | eprint | online |
| 68 | 2006 | A Note on Bounded Chosen Ciphertext Security from Black-box Semantical Security | eprint | online |
| 69 | 2006 | The Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure | eprint | online |
| 70 | 2006 | On the Generic Construction of Identity-Based Signatures with Additional Properties | asiacrypt | online |
| 71 | 2006 | On the Limitations of the Spread of an IBE-to-PKE Transformation | pkc | online |
| 72 | 2006 | KEM/DEM: Necessary and Sufficient Conditions for Secure Hybrid Encryption | eprint | online |
| 73 | 2005 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | eprint | online |
| 74 | 2005 | Secure Computation of the Mean and Related Statistics | tcc | online |
| 75 | 2005 | Unconditionally Secure Constant Round Multi-Party Computation for Equality, Comparison, Bits and Exponentiation | eprint | online |
| 76 | 2005 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | crypto | online |
| 77 | 2005 | Append-Only Signatures | eprint | online |
| 78 | 2004 | Secure Computation of the Mean and Related Statistics | eprint | online |
