Cryptography 101 with Alfred Menezes

Publications

  1. NEW: A gentle introduction to lattice-based cryptography

  2. NEW: Several chapters in Textbook of Applied Cryptography
    (in progress)
  3. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography, Security and Privacy (third edition), edited by S. Jajodia, P. Samarati and M. Yung, Springer-Verlag, 2025.

  4. The Advanced Encryption Standard: 20 years later
    (with D. Stebila)
    IEEE Security & Privacy, 19-6 (2021), 98-102.

  5. End-to-end security: when do we have it?
    (with D. Stebila)
    IEEE Security & Privacy, 19-4 (2021), 60-64.

  6. Challenges in cryptography
    (with D. Stebila)
    IEEE Security & Privacy, 19-2 (2021), 70-73.

  7. Critical perspectives on provable security: Fifteen years of “Another Look” papers
    (with N. Koblitz)
    Advances in Mathematics of Communications, 13 (2019), 517-558.
    Updated paper.

  8. On the cost of computing isogenies between supersingular elliptic curves
    (with G. Adj, D. Cervantes-Vazquez, J. Chi-Dominguez and F. Rodriguez-Henriquez)
    SAC 2018, 322-343.
    Preprint.

  9. On the security of the WOTS-PRF signature scheme
    (with P. Lafrance)
    Advances in Mathematics of Communications, 13 (2019), 185-193.
    Preprint.

  10. On isogeny graphs of supersingular elliptic curves over finite fields
    (with G. Adj and O. Ahmadi)
    Finite Fields and Their Applications, 55 (2019), 267-283.
    Preprint.

  11. Computing discrete logarithms in cryptographically-interesting characteristic-three finite fields
    (with G. Adj, I. Canales-Martinez, N. Cruz-Cortes, T. Oliveira, L. Rivera-Zamarripa and F. Rodriguez-Henriquez)
    Advances in Mathematics of Communications, 12 (2018), 741-759.
    Preprint.

  12. Coding Theory
    (with P. van Oorschot, D. Joyner and T. Shaska)
    chapter in Handbook of Discrete and Combinatorial Mathematics, second edition, CRC Press, 2018, pages 1023-1067.

  13. Cryptographers prepare for a possible post-quantum future
    (with N. Koblitz)
    CMS Notes, Vol. 49, No. 5 (2017), 16-17.

  14. Another look at tightness II: practical issues in cryptography
    (with S. Chatterjee, N. Koblitz and P. Sarkar)
    Mycrypt 2016, 21-55.
    Preprint.

  15. Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography
    (with P. Sarkar and S. Singh)
    Mycrypt 2016, 83-108.
    Preprint.

  16. On instantiating pairing-based protocols with elliptic curves of embedding degree one
    (with S. Chatterjee and F. Rodriguez-Henriquez)
    IEEE Transactions on Computers, 66 (2017), 1061-1070.
    Preprint.

  17. A riddle wrapped in an enigma
    (with N. Koblitz)
    IEEE Security & Privacy, 14 (2016), 34-42.
    Preprint.

  18. Cryptocash, cryptocurrencies, and cryptocontracts
    (with N. Koblitz)
    Designs, Codes and Cryptography, 78 (2016), 87-102.
    Preprint.

  19. Type 2 structure-preserving signature schemes revisited
    (with S. Chatterjee)
    ASIACRYPT 2015, 286-310.
    Preprint.

  20. The random oracle model: A twenty-year retrospective
    (with N. Koblitz)
    Designs, Codes and Cryptography, 77 (2015), 587-610.
    Preprint.

  21. Special Issue on Cryptography, Codes, Designs and Finite Fields: In Memory of Scott A. Vanstone
    (edited with I. Blake and D. Stinson)
    Designs, Codes and Cryptography, 77 (2-3), 2015.

  22. Fault attacks on pairing-based protocols revisited
    (with S. Chatterjee and K. Karabina)
    IEEE Transactions on Computers, 64 (2015), 1707-1714.
    Preprint

  23. Progress in Cryptology – LATINCRYPT 2014
    (edited with D. Aranha)
    Lecture Notes in Computer Science, 8895, Springer-Verlag, 2015.

  24. Computing discrete logarithms in F36 • 137 and F36 • 163 using Magma
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    WAIFI 2014, 3-22.
    Preprint.

  25. Weakness of F36 • 1429 and F24 • 3041 for discrete logarithm cryptography
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    Finite Fields and Their Applications, 32 (2015), 148-170.
    Preprint.

  26. Another look at security theorems for 1-key nested MACs
    (with N. Koblitz)
    C.K. Koc (ed.), Open Problems in Mathematics and Computational Science, 2014, 69-89.
    Preprint.

  27. Weakness of F36 • 509 for discrete logarithm cryptography
    (with G. Adj, T. Oliveira and F. Rodriguez-Henriquez)
    Pairing-Based Cryptography — Pairing 2013, 20-44.
    Preprint.

  28. Another look at non-uniformity
    (with N. Koblitz)
    Groups Complexity Cryptology, 5 (2013), 117-139.
    Preprint.

  29. Another look at HMAC
    (with N. Koblitz)
    Journal of Mathematical Cryptology, 7 (2013), 225-251.
    Preprint.

  30. Introduction to Cryptography
    Section 16.1 of Handbook of Finite Fields, edited by G. Mullen and D. Panario, Chapman & Hall/CRC, 2013

  31. Implementing pairings at the 192-bit security level
    (with D. Aranha, L. Fuentes-Castaneda, E. Knapp and F. Rodriguez-Henriquez)
    Pairing-Based Cryptography — Pairing 2012, 177-195.
    Preprint.

  32. Generalizations of Verheul’s theorem to asymmetric pairings
    (with K. Karabina and E. Knapp)
    Advances in Mathematics of Communications, 7 (2013), 103-111.
    Preprint.

  33. Another look at security definitions
    (with N. Koblitz)
    Advances in Mathematics of Communications, 7 (2013), 1-38.
    Preprint.

  34. Another look at tightness
    (with S. Chatterjee and P. Sarkar)
    Proceedings of SAC 2011, 293-319.
    Preprint.

  35. Parallelizing the Weil and Tate pairings
    (with D. Aranha, E. Knapp and F. Rodriguez-Henriquez)
    Cryptography and Coding 2011, 275-295.

  36. Discrete logarithms, Diffie-Hellman, and reductions
    (with N. Koblitz and I. Shparlinski)
    Vietnam Journal of Mathematics, 39 (2011), 267-285.

  37. A generic variant of NIST’s KAS2 key agreement protocol
    (with S. Chatterjee and B. Ustaoglu)
    Proceedings of ACISP 2011, 353-370.
    Full version.

  38. Elliptic curve cryptography: The serpentine course of a paradigm shift
    (with A. Hibner Koblitz and N. Koblitz)
    Journal of Number Theory, 131 (2011), 781-814.
    Preprint.

  39. On cryptographic protocols employing asymmetric pairings – The role of Ψ revisited
    (with S. Chatterjee)
    Discrete Applied Mathematics, 159 (2011), 1311-1322.
    Preprint.

  40. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography and Security (second edition), edited by H. van Tilborg and S. Jajodia, Springer-Verlag, 2011.

  41. On reusing ephemeral public keys in Diffie-Hellman key agreement protocols
    (with B. Ustaoglu)
    International Journal of Applied Cryptography, 2 (2010), 154-158.

  42. Combined security analysis of the one- and three-pass unified model key agreement protocols
    (with S. Chatterjee and B. Ustaoglu)
    Indocrypt 2010, 49-68.

  43. On the efficiency and security of pairing-based protocols in the Type 1 and Type 4 settings
    (with S. Chatterjee and D. Hankerson)
    WAIFI 2010, 114-134.
    Full version.

  44. On the asymptotic effectiveness of Weil descent attacks  
    (with K. Karabina, C. Pomerance and I. Shparlinski)
    Journal of Mathematical Cryptology, 4 (2010), 175-191.

  45. Intractable problems in cryptography 
    (with N. Koblitz)
    Revised version of a paper that appeared in Finite Fields: Theory and Applications, Contemporary Mathematics, 518 (2010), 279-300.
    See also The brave new world of bodacious assumptions in cryptography
    Notices of the AMS, 57 (2010), 357-365.

  46. Comparing two pairing-based aggregate signature schemes
    (with S. Chatterjee, D. Hankerson and E. Knapp)
    Designs, Codes and Cryptography, 55 (2010), 141-167.
    Preprint.

  47. Reusing static keys in key agreement protocols
    (with S. Chatterjee and B. Ustaoglu)
    Indocrypt 2009, 39-56.
    Full version

  48. A new protocol for the nearby friend problem
    (with S. Chatterjee and K. Karabina)
    Cryptography and Coding 2009, 236-251.

  49. Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields
    (with D. Hankerson and K. Karabina)
    IEEE Transactions on Computers, 58 (2009), 1411-1420.
    Preprint.

  50. An introduction to pairing-based cryptography  
    Recent Trends in Cryptography, edited by I. Luengo, volume 477 of Contemporary Mathematics, AMS-RSME, 2009, 47-65.

  51. Comparing the pre- and post-specified peer models for key agreement
    (with B. Ustaoglu)
    International Journal of Applied Cryptography, 1 (2009), 236-250.
    An earlier version appeared in Proceedings of ACISP 2008, 53-68.

  52. Software implementation of pairings
    (with D. Hankerson and M. Scott)
    Identity-Based Cryptography, edited by M. Joye and G. Neven, IOS Press, 2008, 188-206.

  53. Another look at non-standard discrete log and Diffie-Hellman problems
    (with N. Koblitz)
    Journal of Mathematical Cryptology, 4 (2008), 311-326.
    Preprint.

  54. Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard
    (with B. Ustaoglu)
    Proceedings of ASIACCS ’08, ACM Press, 261-270.

  55. Software implementation of arithmetic in F3m
    (with O. Ahmadi and D. Hankerson)
    Proceedings of WAIFI 2007, 85-102.

  56. Advances in Cryptology – CRYPTO 2007 (edited volume)
    Lecture Notes in Computer Science, 4622, Springer-Verlag, 2007.

  57. Formulas for cube roots in F3m
    (with O. Ahmadi and D. Hankerson)
    Discrete Applied Mathematics, 155 (2007), 260-270.

  58. Irreducible polynomials of maximum weight 
    (with O. Ahmadi)
    Utilitas Mathematica, 72 (2007), 111-123.

  59. Another look at HMQV
    Journal of Mathematical Cryptology, 1 (2007), 47-64.
    Preprint.

  60. Another look at generic groups
    (with N. Koblitz)
    Advances in Mathematics of Communications, 1 (2007), 13-28.
    Preprint.

  61. Another look at “provable security”
    (with N. Koblitz)
    Journal of Cryptology, 20 (2007), 3-37.
    Preprint.

  62. Another look at “provable security”. II
    (with N. Koblitz)
    Progress in Cryptology – Indocrypt 2006, 148-175.
    Spanish translation by Francisco Rodriguez-Henriquez.
    Preprint.

  63. On the importance of public-key validation in the MQV and HMQV key agreement protocols
    (with B. Ustaoglu)
    Progress in Cryptology – Indocrypt 2006, 133-147.

  64. Software multiplication using Gaussian normal bases
    (with R. Dahab, D. Hankerson, F. Hu, M. Long and J. López)
    IEEE Transactions on Computers, 55 (2006), 974-984.

  65. Cryptographic implications of Hess’ generalized GHS attack
    (with E. Teske)
    Applicable Algebra in Engineering, Communication and Computing, 16 (2006), 439-460.
    Preprint.

  66. On the number of trace-one elements in polynomial bases for GF(2 n)
    (with O. Ahmadi)
    Designs, Codes and Cryptography, 37 (2005), 493-507.

  67. Pairing-based cryptography at high security levels
    (with N. Koblitz)
    Cryptography and Coding 2005, 13-36.
    Preprint.

  68. Algebraic curves and cryptography
    (with S. Galbraith)
    Finite Fields and Their Applications, 11 (2005), 544-577.

  69. Several sections on elliptic curve cryptography
    (with D. Hankerson)
    Encyclopedia of Cryptography and Security, edited by Henk van Tilborg, Springer-Verlag, 2005.

  70. Topics in Cryptology – CT-RSA 2005 (edited volume)
    Lecture Notes in Computer Science, 3376, Springer-Verlag, 2005.

  71. A survey of public-key cryptosystems
    (with N. Koblitz)
    SIAM Review, 46 (2004), 599-634.

  72. Security of signature schemes in a multi-user setting
    (with N. Smart)
    Designs, Codes and Cryptography, 33 (2004), 261-274.

  73. Hyperelliptic curves and cryptography
    (with M. Jacobson and A. Stein)
    High Primes and Misdemeanours: Lectures in Honour of the 60th Birthday of Hugh Cowie Williams,
    Fields Institute Communications Series, 41 (2004), 255-282.

  74. Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman problem
    (with N. Koblitz)
    Mathematics of Computation, 73 (2004), 2027-2041.

  75. Field inversion and point halving revisited
    (with K. Fong, D. Hankerson and J. López)
    IEEE Transactions on Computers, 53 (2004), 1047-1059.

  76. Weak fields for ECC
    (with E. Teske and A. Weng)
    Topics in Cryptology – CT-RSA 2004, 366-386.
    Preprint.

  77. Guide to Elliptic Curve Cryptography
    (with D. Hankerson and S. Vanstone)
    Springer, 2004.

  78. An efficient protocol for authenticated key agreement
    (with L. Law, M. Qu, J. Solinas and S. Vanstone)
    Designs, Codes and Cryptography, 28 (2003), 119-134.

  79. Validation of elliptic curve public keys
    (with A. Antipa, D. Brown, R. Struik and S. Vanstone)
    Proceedings of PKC 2003, 211-223.

  80. A small subgroup attack on a key agreement protocol of Arazi
    (with D. Brown)
    Bulletin of the ICA, 37 (2003), 45-50.

  81. Progress in Cryptology – INDOCRYPT 2002
    (edited with P. Sarkar)
    Lecture Notes in Computer Science, 2551, Springer-Verlag, 2002.

  82. Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree
    (with M. Maurer and E. Teske)
    LMS Journal of Computation and Mathematics, 5 (2002), 127-174
    An earlier version appeared in Proceedings of Indocrypt 2001, 195-213.
    Preprint.

  83. Isomorphism classes of genus-2 hyperelliptic curves over finite fields
    (with L. Encinas and J. Masque)
    Applicable Algebra in Engineering, Communication and Computing, 13 (2002), 57-65.

  84. Solving elliptic curve discrete logarithm problems using Weil descent 
    (with M. Jacobson and A. Stein)
    Journal of the Ramanujan Mathematical Society, 16 (2001), 231-260.

  85. The elliptic curve digital signature algorithm (ECDSA)
    (with D. Johnson and S. Vanstone)
    International Journal on Information Security, 1 (2001), 36-63.

  86. Software implementation of the NIST elliptic curves over prime fields
    (with M. Brown, D. Hankerson and J. Hernandez)
    Topics in Cryptology – CT-RSA 2001, 250-265.

  87. Analysis of the Weil descent attack of Gaudry, Hess and Smart
    (with M. Qu)
    Topics in Cryptology – CT-RSA 2001, 308-318.

  88. Software implementation of elliptic curve cryptography over binary fields
    (with D. Hankerson and J. Hernandez)
    Proceedings of CHES 2000, 1-24.

  89. PGP in constrained wireless devices 
    (with M. Brown, D. Cheung, D. Hankerson, J. Hernandez and M. Kirkup)
    Proceedings of the 9th USENIX Security Symposium, 2000, 247-261.

  90. The state of elliptic curve cryptography
    (with N. Koblitz and S. Vanstone)
    Designs, Codes and Cryptography, 19 (2000), 173-193.

  91. Coding Theory and Cryptology
    (with P. van Oorschot)
    chapter in Handbook of Discrete and Combinatorial Mathematics, CRC Press, 1999, pages 889-954.

  92. Authenticated Diffie-Hellman key agreement protocols
    (with S. Blake-Wilson)
    Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC ’98), 339-361.

  93. Unknown key-share attacks on the station-to-station (STS) protocol
    (with S. Blake-Wilson)
    Proceedings of PKC ’99, 154-170.

  94. Entity authentication and authenticated key transport protocols employing asymmetric techniques
    (with S. Blake-Wilson)
    Proceedings of the 5th International Workshop on Security Protocols, 1998, 137-158.

  95. The discrete logarithm problem in GL(n,q)  
    (with Yi-Hong Wu)
    Ars Combinatoria, 47 (1998), 23-32.

  96. An elementary introduction to hyperelliptic curves 
    (with Yi-Hong Wu and R. Zuccherato)
    appendix in Algebraic Aspects of Cryptography by Neal Koblitz, Springer-Verlag, 1998, pages 155-178.

  97. Key agreement protocols and their security analysis
    (with D. Johnson and S. Blake-Wilson)
    Proceedings of the Sixth IMA International Conference on Cryptography and Coding, 1355 (1997), 30-45.
    Full version.

  98. Handbook of Applied Cryptography
    (with P. van Oorschot and S. Vanstone)
    CRC Press, 1997.

  99. Elliptic curves and cryptography
    (with A. Jurisic)
    Dr. Dobb’s Journal, April 1997, 23-36.

  100. Some new key agreement protocols providing mutual implicit authentication
    (with M. Qu and S. Vanstone)
    Workshop on Selected Areas in Cryptography (SAC ’95), 22-32, 1995.

  101. Elliptic curve cryptosystems
    CryptoBytes – The Technical Newsletter of RSA Laboratories, Volume 1, Number 2, Summer 1995, 1-4.

  102. Elliptic Curve Public Key Cryptosystems
    Kluwer Academic Publishers, 1993.

  103. Reducing elliptic curve logarithms to logarithms in a finite field
    (with T. Okamoto and S. Vanstone)
    IEEE Transactions on Information Theory, 39 (1993), 1639-1646.

  104. Elliptic curve cryptosystems and their implementation
    (with S. Vanstone)
    Journal of Cryptology, 6 (1993), 209-224

  105. Public-key cryptosystems with very small key lengths
    (with G. Harper and S. Vanstone)
    Advances in Cryptology – EUROCRYPT ’92, 163-173.

  106. Counting points on elliptic curves over F2m
    (with S. Vanstone and R. Zuccherato)
    Mathematics of Computation, 60 (1993), 407-420.

  107. Applications of Finite Fields
    (with I. Blake, S. Gao, R. Mullin, S. Vanstone and T. Yaghoobian)
    Kluwer Academic Publishers, 1992.

  108. Subgroup refinement algorithms for root finding in GF(q)
    (with P. van Oorschot and S. Vanstone)
    SIAM Journal on Computing, 21 (1992), 228-239.

  109. A note on cyclic groups, finite fields, and the discrete logarithm problem
    (with S. Vanstone)
    Applicable Algebra in Engineering, Communication and Computing, 3 (1992), 67-74.

  110. Advances in Cryptology – Proceedings of CRYPTO ’90
    (edited with S. Vanstone)
    Lecture Notes in Computer Science, 537, Springer-Verlag, 1991.

  111. The implementation of elliptic curve cryptosystems
    (with S. Vanstone)
    Advances in Cryptology – AUSCRYPT ’90, 2-13.

  112. Isomorphism classes of elliptic curves over finite fields of characteristic 2
    (with S. Vanstone)
    Utilitas Mathematica, 38 (1990), 135-154.

  113. On the number of self-dual bases of GF(qm) over GF(q)
    (with D. Jungnickel and S. Vanstone)
    Proceedings of the American Mathematics Society, 109 (1990), 23-29.

  114. Some computational aspects of root finding in GF(qm)
    (with S. Vanstone and P. van Oorschot)
    Symbolic and Algebraic Computation, Lecture Notes in Computer Science, 358 (1989), 259-270.