| year | title | booktitle | pages |
|---|
| 1 | 2018 | Rounded Gaussians | pkc | 728-757 |
| 2 | 2017 | Short Generators Without Quantum Computers: The Case of Multiquadratics | eurocrypt | 27-59 |
| 3 | 2016 | Flush, Gauss, and Reload - A Cache Attack on the BLISS Lattice-Based Signature Scheme | ches | 323-345 |
| 4 | 2015 | Tighter, faster, simpler side-channel security evaluations beyond computing power | eprint | 221 |
| 5 | 2015 | Dual EC: A Standardized Back Door | eprint | 767 |
| 6 | 2015 | EdDSA for more curves | eprint | 677 |
| 7 | 2015 | Bad directions in cryptographic hash functions | eprint | 151 |
| 8 | 2015 | Twisted Hessian curves | eprint | 781 |
| 9 | 2015 | SPHINCS: Practical Stateless Hash-Based Signatures | eurocrypt | 368-397 |
| 10 | 2014 | Curve41417: Karatsuba revisited | eprint | 526 |
| 11 | 2014 | Kummer strikes back: new DH speed records | eprint | 134 |
| 12 | 2014 | How to manipulate curve standards: a white paper for the black hat | eprint | 571 |
| 13 | 2014 | Kangaroos in Side-Channel Attacks | eprint | 565 |
| 14 | 2014 | Hyper-and-elliptic-curve cryptography | eprint | 379 |
| 15 | 2014 | Kummer Strikes Back: New DH Speed Records | asiacrypt | 317-337 |
| 16 | 2014 | Curve41417: Karatsuba Revisited | ches | 316-334 |
| 17 | 2013 | Factoring RSA Keys from Certified Smart Cards: Coppersmith in the Wild | asiacrypt | 341-360 |
| 18 | 2013 | Non-uniform Cracks in the Concrete: The Power of Free Precomputation | asiacrypt | 321-340 |
| 19 | 2011 | On the correct use of the negation map in the Pollard rho method | pkc | 128 |
| 20 | 2011 | Smaller Decoding Exponents: Ball-Collision Decoding | crypto | 740 |
| 21 | 2011 | High-Speed High-Security Signatures | ches | 124-142 |
| 22 | 2010 | Faster Pairing Computations on Curves with High-Degree Twists | pkc | 224-242 |
| 23 | 2010 | Type-II Optimal Polynomial Bases | eprint | online |
| 24 | 2010 | Starfish on Strike | eprint | online |
| 25 | 2010 | Wild McEliece | eprint | online |
| 26 | 2009 | ECM on Graphics Cards | eurocrypt | 483-501 |
| 27 | 2008 | Binary Edwards Curves | ches | 244-265 |
| 28 | 2008 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | jofc | 350-391 |
| 29 | 2008 | Twisted Edwards Curves | eprint | online |
| 30 | 2008 | ECM using Edwards curves | eprint | online |
| 31 | 2008 | Binary Edwards Curves | eprint | online |
| 32 | 2008 | Attacking and defending the McEliece cryptosystem | eprint | online |
| 33 | 2008 | ECM on Graphics Cards | eprint | online |
| 34 | 2007 | Faster Addition and Doubling on Elliptic Curves | asiacrypt  | 29-50 |
| 35 | 2007 | Inverted Edwards coordinates | eprint | online |
| 36 | 2007 | Optimizing double-base elliptic-curve single-scalar multiplication | eprint | online |
| 37 | 2007 | Analysis and optimization of elliptic-curve single-scalar multiplication | eprint | online |
| 38 | 2006 | Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups | eprint | online |
| 39 | 2005 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | crypto | online |
| 40 | 2005 | Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions | eprint | online |
| 41 | 2004 | A note on L\'opez-Dahab coordinates | eprint | online |
| 42 | 2003 | Improved Algorithms for Efficient Arithmetic on Elliptic Curves Using Fast Endomorphisms | eurocrypt | online |
| 43 | 2003 | Trace Zero Subvariety for Cryptosystems | eprint | online |
| 44 | 2002 | Efficient Arithmetic on Hyperelliptic Curves | eprint | online |
| 45 | 2002 | Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae | eprint | online |
| 46 | 2002 | Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves | eprint | online |
| 47 | 2002 | Weighted Coordinates on Genus 2 Hyperelliptic Curves | eprint | online |
