| year | title | booktitle | pages |
|---|
| 1 | 2016 | Compactness vs Collusion Resistance in Functional Encryption | tcc | 443-468 |
| 2 | 2016 | Practical, Predictable Lattice Basis Reduction | eurocrypt | 820-849 |
| 3 | 2015 | FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second | eurocrypt | 617-640 |
| 4 | 2014 | Improved Short Lattice Signatures in the Standard Model | eprint | 495 |
| 5 | 2014 | Fast Lattice Point Enumeration with Minimal Overhead | eprint | 569 |
| 6 | 2014 | Improved Short Lattice Signatures in the Standard Model | crypto | 335-352 |
| 7 | 2013 | Hardness of SIS and LWE with Small Parameters | crypto | 21-39 |
| 8 | 2012 | Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller | eurocrypt | 700-718 |
| 9 | 2011 | Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions | crypto | 461 |
| 10 | 2010 | The RSA Group is Pseudo-Free | jofc | 169-186 |
| 11 | 2010 | Computational Soundness, Co-induction, and Encryption Cycles | eurocrypt | 362-380 |
| 12 | 2009 | On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem | crypto | 577-594 |
| 13 | 2008 | SWIFFT: A Modest Proposal for FFT Hashing | fse | online |
| 14 | 2008 | The Round-Complexity of Black-Box Zero-Knowledge: A Combinatorial Characterization | tcc | 535-552 |
| 15 | 2008 | Asymptotically Efficient Lattice-Based Digital Signatures | tcc | 37-54 |
| 16 | 2006 | Concurrent Zero Knowledge Without Complexity Assumptions | tcc | online |
| 17 | 2005 | Concurrent Zero Knowledge without Complexity Assumptions | eprint | online |
| 18 | 2005 | The RSA Group is Pseudo-Free | eurocrypt | online |
| 19 | 2005 | Adaptive Security of Symbolic Encryption | tcc | online |
| 20 | 2004 | Soundness of Formal Encryption in the Presence of Active Adversaries | tcc | 133-151 |
| 21 | 2004 | Optimal Communication Complexity of Generic Multicast Key Distribution | eurocrypt | online |
| 22 | 2004 | Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions | eprint | online |
| 23 | 2003 | Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions | eurocrypt | 614-629 |
| 24 | 2003 | Simulatable Commitments and Efficient Concurrent Zero-Knowledge | eurocrypt | online |
| 25 | 2003 | Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More | crypto | online |
| 26 | 2002 | Cryptanalysis of a Pseudorandom Generator Based on Braid Groups | eurocrypt | online |
| 27 | 2002 | The Provable Security of Graph-Based One-Time Signatures and Extensions to Algebraic Signature Schemes | asiacrypt | online |
| 28 | 2002 | Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods | eurocrypt | online |
| 29 | 2002 | Efficient and Concurrent Zero-Knowledge from any public coin HVZK protocol | eprint | online |
| 30 | 2001 | Composition and Efficiency Tradeoffs for Forward-Secure Digital Signatures | eprint | online |
| 31 | 1999 | Lattice Based Cryptography: A Global Improvement | eprint | online |
| 32 | 1998 | An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products | eprint | online |
| 33 | 1997 | A New Paradigm for Collision-free Hashing: Incrementality at Reduced Cost | eprint | online |
| 34 | 1997 | A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost | eurocrypt | 163-192 |
| 35 | 1997 | "Pseudo-Random" Number Generation Within Cryptographic Algorithms: The DDS Case | crypto | 277-291 |
