Peter Schwabe

Peter Schwabe
michael
peter
crypto
papers
programming
music
misc
gallery
recipes
links
Peter Schwabe (樂岩)
Office Address at MPI-SP:
Max Planck Institute for Security and Privacy
Universitätsstraße 142
Room 5/177
44799 Bochum
Germany
Office Address at Radboud University:
Radboud University – iCIS
Toernooiveld 212
Room 3.10
6525 EC Nijmegen
The Netherlands
Phone: +31243652031
E-Mail:
peter@cryptojedi.org
Twitter:
@cryptojedi
Mastodon:
@cryptojedi@ruhr.social
ORCID:
0000-0002-1310-0997
GPG-Key:
0102EF4B
Fingerprint: B89A 4D09 23CC D56C 3539 7613 77D2 DD66 0102 EF4B
Google scholar page
Please address any requests for internships, Ph.D., or postdoc positions
to
office-schwabe@mpi-sp.org
As I am receiving many such requests, I will only answer e-mails that clearly explain
what you want to work on and why you want to do this work with me and my group.
About Me
I'm a scientific director at the
Max Planck Institute for Security and Privacy
and
a part-time professor (hoogleraar) for cryptographic engineering in the
Digital Security Group
at
Radboud University
I am also an adjunct professor (Außerplanmäßiger Professor, APL) in the
Faculty of Computer Science
at
Ruhr University Bochum
From 2025 until 2027 I am serving as external examiner for the
BSc (Hons) Cyber Security program
at
University of Mauritius
From October 2018 until December 2023, I have been
working on the project
EPOQUE – Engineering post-quantum cryptography
funded by the European Commission through an ERC Starting grant.
Until November 2012 I was a postdoc in the
Research Center for Information Technology Innovation
and the
Institute of Information Science
of
Academia Sinica
Before that, I was postdoc in the
Department of Electrical Engineering
of
National Taiwan University
within the
Intel-NTU Connected Context Computing Center
Before that, I was a postdoc in the
Institute of Information Science
at
Academia Sinica
Before that, I was a Ph.D. student in the
Department of Mathematics and Computer Science
at
Eindhoven University of Technology
In January 2011, I completed my Ph.D. at
Eindhoven University of Technology
in the
Coding and Cryptology Group
under the supervision of
Tanja Lange
and
Daniel J. Bernstein
In 2006, I finished my Diplom in computer science at
RWTH Aachen University
at the
Institute for Theoretical Information Technology
under the supervision of
Rudolf Mathar
and
Michael Naehrig
I am an elected member of the
IACR Board of Directors
a member of the
IACR CHES Steering Committee
and liason to the IACR Board of Directors;
a member of the
IACR RWC Steering Committee
a member of the organizing committee of the annual
Workshop on High-Assurance Crypto Software
; and
a member of the scientific committee of the annual
Summerschool on Real-World Crypto and Privacy
I am a member of the advisory boards of
PQShield
and
SciEngines
I was a member of the advisory boards of
Bitmark Inc.
and
Neutrality
Current and former Ph.D. Students
Current
Hoang Nguyen Hien Pham,
(co-supervising together with Philippe Elbaz-Vincent)
Ushana Bandyopadhyay,
second supervisor; first supervisor is Alexander Kiening
at
DENSO AUTOMOTIVE Deutschland GmbH
Sabrina Manickam
(co-supervising together with
Yuval Yarom
Noemi Terzo
Amin Abdulrahman
Aaron Kaiser
Vincent Hwang (黃柏文)
Kai-Chun Ning (寗凱竣)
Miguel Quaresma
(co-supervising together with
Gilles Barthe
Ruben Gonzalez
second supervisor; first supervisor is
Karl Jonas
at
Hochschule Bonn-Rhein-Sieg
Former
Amber Sprenkels
(co-supervised together with
Joppe Bos
);
graduated in December 2024.
Basavesh Ammanaghatta Shivakumar
(co-supervised together with
Gilles Barthe
);
graduated in September 2024.
Marcel Fourné
(co-supervised together with
Yasemin Acar
and
Gilles Barthe
);
graduated in January 2024.
Thom Wiggers
(co-supervised together with
Douglas Stebila
);
graduated in January 2024.
Pol Van Aubel
second supervisor; first supervisor is
Erik Poll
, graduated in September 2023.
Fabio Campos
second supervisor; first supervisor is
Steffen Reith
at
Hochschule RheinMain
, graduated in September 2023.
Denisa Greconici
Matthias Kannwischer
, graduated in April 2022.
Benoît Viguier
(co-supervised together with
Joan Daemen
Herman Geuvers
, and
Freek Wiedijk
);
graduated in December 2021.
Ko Stoffelen
(co-supervised together with
Joan Daemen
);
graduated in June 2022.
Joost Rijneveld
, graduated in November 2019.
Erdem Alkım
, graduated in May 2017.
second supervisor; first supervisor was
Urfat Nuriyev
from
Ege University, Izmir, Turkey
Current and former Postdocs
Current
Ádám Vécsi
Zhiyuan Zhang
Julius Hermelink
Former
Tiago Oliveira
Monika Trimoska
Łukasz Chmielewski
Simona Samardjiska
Bas Westerbaan
Theses
Ph.D. thesis:
High-Speed Cryptography and Cryptanalysis
, Eindhoven University of Technology, The Netherlands, 2011.
For the thesis and related software please refer to my separate
Ph.D. thesis website
Diplomarbeit:
Effiziente Implementierung von Elliptischen und Hyperelliptischen Kurven für Anwendungen in der Kryptographie
, RWTH Aachen University, Germany, 2006.
ps
Publications
Toggle expand
Manuel Barbosa, Matthias J. Kannwischer, Thing-han Lim, Peter Schwabe, and Pierre-Yves Strub:
Formally Verified Correctness Bounds for Lattice-Based Cryptography.
2025 ACM SIGSAC Conference on Computer and Communications Security, CCS'25
, ACM (2025),
to appear.
Date: 2025-08-21
pdf
bibtex
José Bacelar Almeida, Gustavo Xavier Delerue Marinho Alves, Manuel Barbosa, Gilles Barthe,
Luís Esquível, Vincent Hwang, Tiago Oliveira, Hugo Pacheco, Peter Schwabe, and Pierre-Yves Strub:
Faster Verification of Faster Implementations: Combining Deductive and Circuit-Based Reasoning in EasyCrypt.
2025 IEEE Symposium on Security and Privacy (SP)
IEEE (2025),
pp 3820–3838.
Date: 2025-09-07
pdf
bibtex
Amin Abdulrahman, Felix Oberhansl, Hoang Nguyen Hien Pham, Jade Philipoom, Peter Schwabe, Tobias Stelzer, and Andreas Zankl:
Towards ML-KEM & ML-DSA on OpenTitan.
2025 IEEE Symposium on Security and Privacy (SP)
IEEE (2025),
pp 1–19.
Date: 2025-05-14
pdf
bibtex
more
Supersedes: 2024-07-24 [
pdf
Santiago Arranz-Olmos, Gilles Barthe, Benjamin Grégoire, Jan Jancar, Vincent Laporte, Tiago Oliveira, and Peter Schwabe:
Let's DOIT: Using Intel's Extended HW/SW Contract for Secure Compilation of Crypto Code.
Transactions on Cryptographic Hardware and Embedded Systems
, Volume 2025-3, Ruhr University Bochum (2025),
pp 644–667.
Date: 2025-04-28
pdf
bibtex
Santiago Arranz Olmos, Gilles Barthe, Chitchanok Chuengsatiansup, Benjamin Grégoire,
Vincent Laporte, Tiago Oliveira, Peter Schwabe, Yuval Yarom, and Zhiyuan Zhang:
Protecting Cryptographic Code Against Spectre-RSB
(and, in Fact, All Known Spectre Variants).
ASPLOS '25: Proceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
ACM (2025),
pp 933–948.
Date: 2025-02-24
pdf
bibtex
Matthias J. Kannwischer, Ruben Niederhagen, Francisco Rodriguez-Henriquez, and Peter Schwabe:
Post-Quantum Implementations.
Chapter in
Embedded Cryptography 2
Emmanuel Prouff, Guénaël Renault, Matthieu Rivain and and Colin O'Flynn (editors),
Wiley-ISTE (2025), pp. 249–286.
Date: 2025-02-09
pdf
bibtex
The full book is available at
www.wiley.com
Manuel Barbosa and Peter Schwabe:
Kyber terminates.
Polynesian Journal of Mathematics
, Volume 1, Issue 6 (2024), pp 1–5.
Date: 2024-12-30
pdf
bibtex
Supersedes: 2023-05-16 [
pdf
José Bacelar Almeida, Santiago Arranz Olmos, Manuel Barbosa, Gilles Barthe, François Dupressoir,
Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet, Cameron Low,
Tiago Oliveira, Hugo Pacheco, Miguel Quaresma, Peter Schwabe, and Pierre-Yves Strub:
Formally verifying Kyber – Episode V: Machine-checked IND-CCA security and correctness of ML-KEM in EasyCrypt.
Advances in Cryptology – CRYPTO 2024
Lecture Notes in Computer Science,
Springer-Verlag (2024),
pp 384–421.
Date: 2024-05-29.
pdf
bibtex
Gilles Barthe, Marcel Böhme, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Marco Guarnieri, David Mateos Romero, Peter Schwabe, David Wu, and Yuval Yarom:
Testing side-channel security of cryptographic implementations against future microarchitectures.
2024 ACM SIGSAC Conference on Computer and Communications Security, CCS'24
, ACM (2024),
pp 1076–1090.
Date: 2024-02-01
pdf
bibtex
Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner, and Bas Westerbaan:
X-Wing: The Hybrid KEM You’ve Been Looking For.
IACR Communications in Cryptology
, Volume 1, Issue 1, IACR (2024), 22 pages.
Date: 2024-04-15
pdf
bibtex
Supersedes: 2024-02-11 [
pdf
Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, and Thom Wiggers:
On the Practicality of Post-Quantum TLS Using Large-Parameter CSIDH.
IACR Communications in Cryptology
, Volume 1, Issue 1, IACR (2024), 26 pages.
Date: 2024-04-09
pdf
bibtex
more
Supersedes: 2023-05-30 [
pdf
Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, and Yasemin Acar:
"These results must be false": A usability evaluation of constant-time analysis tools.
Proceedings of the 33rd USENIX Security Symposium
USENIX Association (2024),
pp 6705–6722.
Date: 2024-03-05
pdf
bibtex
Santiago Arranz Olmos, Gilles Barthe, Ruben Gonzalez, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet,
Tiago Oliveira, and Peter Schwabe:
High-assurance zeroization.
Transactions on Cryptographic Hardware and Embedded Systems
, Volume 2024-1, Ruhr University Bochum (2023), pp 375–397.
Date: 2023-11-05
pdf
bibtex
Phillip Gajland, Bor de Kock, Miguel Quaresma, Giulio Malavolta, and Peter Schwabe:
Swoosh: Practical Lattice-Based Non-Interactive Key Exchange.
Proceedings of the 33rd USENIX Security Symposium
USENIX Association (2024),
pp 487–504.
Date: 2023-10-23
pdf
bibtex
more
Supersedes: 2023-02-23 [
pdf
Joël Alwen, Dominik Hartmann, Eike Kiltz, Marta Mularczyk, and Peter Schwabe:
Post-Quantum Multi-Recipient Public Key Encryption.
2023 ACM SIGSAC Conference on Computer and Communications Security, CCS'23
, ACM (2023), pp 1108–11227.
Date: 2022-08-12
pdf
bibtex
more
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet,
Tiago Oliveira, Hugo Pacheco, Miguel Quaresma, Peter Schwabe, Antoine Séré, and Pierre-Yves Strub:
Formally verifying Kyber – Episode IV: Implementation Correctness.
Transactions on Cryptographic Hardware and Embedded Systems
, Volume 2023-3, Ruhr University Bochum (2023),
pp 164–193.
Date: 2023-04-24
pdf
bibtex
more
Supersedes: 2023-02-17 [
pdf
Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, and Yuval Yarom:
Ultimate SLH: Taking Speculative Load Hardening to the Next Level.
Proceedings of the 32nd USENIX Security Symposium
USENIX Association (2023), pp 7125–7142.
Date: 2023-04-30
pdf
bibtex
Supersedes: 2022-06-05 [
pdf
Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte,
Tiago Oliveira, Swarn Priya, Peter Schwabe, and Lucas Tabary-Maujean:
Typing High-Speed Cryptography against Spectre v1.
2023 IEEE Symposium on Security and Privacy (SP)
IEEE (2023),
pp 1094–1111.
Date: 2022-09-25
pdf
bibtex
Basavesh Ammanaghatta Shivakumar, Jack Barnes, Gilles Barthe, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Sioli O'Connell, Peter Schwabe, Rui Qi Sim, and Yuval Yarom:
Spectre Declassified: Reading from the Right Place at the Wrong Time.
2023 IEEE Symposium on Security and Privacy (SP)
IEEE (2023),
pp 1753–1770.
Date: 2022-04-03
pdf
bibtex
Lejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, and Peter Schwabe:
SoK: SCA-secure ECC in software – mission impossible?
Transactions on Cryptographic Hardware and Embedded Systems
, Volume 2023-1, Ruhr University Bochum (2023),
pp 557–589.
Date: 2022-11-04
pdf
bibtex
more
Supersedes: 2021-09-27 [
pdf
Gilles Barthe, Adrien Koutsos, Solène Mirliaz, David Pichardie, and Peter Schwabe:
Semantic foundations for cost analysis of pipeline-optimized programs.
Static Analysis
Lecture Notes in Computer Science 13790,
Springer-Verlag (2022),
pp 372–396.
Date: 2022-09-16
pdf
bibtex
Yawning Angel, Benjamin Dowling, Andreas Hülsing, Peter Schwabe, and Florian Weber:
Post Quantum Noise.
2022 ACM SIGSAC Conference on Computer and Communications Security, CCS'22
ACM (2022),
pp 97–109.
Date: 2022-05-19
pdf
bibtex
Matthias J. Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers:
Improving Software Quality in Cryptography Standardization Projects.
2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
pp 19–30.
Date: 2022-04-13
pdf
bibtex
Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, and Yasemin Acar:
"They’re not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks.
2022 IEEE Symposium on Security and Privacy (SP)
IEEE (2022),
pp 632–649.
Date: 2021-12-16
pdf
bibtex
Peter Schwabe, Douglas Stebila, and Thom Wiggers:
More efficient post-quantum KEMTLS with pre-distributed public keys.
Computer Security – ESORICS 2021
Lecture Notes in Computer Science 12972,
Springer-Verlag (2021),
pp 3–22.
Date: 2022-03-15
pdf
bibtex
more
Supersedes: 2021-06-09 [
pdf
],
Peter Schwabe, Benoît Viguier, Timmy Weerwag, and Freek Wiedijk:
A Coq proof of the correctness of X25519 in TweetNaCl.
34th IEEE Computer Security Foundations Symposium (CSF)
IEEE (2021),
pp 1–16.
Date: 2021-02-08
pdf
bibtex
Gilles Barthe, Sunjay Cauligi, Benjamin Gregoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe:
High-assurance Cryptography Software in the Spectre Era.
2021 IEEE Symposium on Security and Privacy (SP)
IEEE (2021),
pp 1884–1901.
Date: 2021-01-15
pdf
bibtex
Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R. Zimmermann:
Post-quantum WireGuard.
2021 IEEE Symposium on Security and Privacy (SP)
IEEE (2021),
pp 304–321.
Date: 2021-06-16
pdf
bibtex
more
Supersedes: 2020-04-03 [
pdf
],
Peter Schwabe, Douglas Stebila, and Thom Wiggers:
Post-quantum TLS without handshake signatures.
2020 ACM SIGSAC Conference on Computer and Communications Security, CCS'20
ACM (2020),
pp 1461–1480.
Date: 2022-01-03
pdf
bibtex
more
Supersedes: 2021-04-21 [
pdf
],
supersedes: 2020-09-29 [
pdf
],
supersedes: 2020-08-26 [
pdf
],
supersedes: 2020-05-07 [
pdf
Peter Schwabe and Daan Sprenkels:
The complete cost of cofactor h=1.
Progress in Cryptology – INDOCRYPT 2019
Lecture Notes in Computer Science 11898,
Springer-Verlag (2019),
pp 375–397.
Date: 2019-10-11
pdf
bibtex
more
Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, and Peter Schwabe:
The SPHINCS
signature framework.
2019 ACM SIGSAC Conference on Computer and Communications Security, CCS'19
ACM (2019),
pp 2129–2146.
Date: 2019-09-23
pdf
bibtex
Matthias J. Kannwischer, Joost Rijneveld, Peter Schwabe, and Ko Stoffelen:
pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4.
Workshop Record of the Second PQC Standardization Conference.
Date: 2019-07-21
pdf
bibtex
more
Leon Botros, Matthias Kannwischer, and Peter Schwabe:
Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4.
Progress in Cryptology – Africacrypt 2019
Lecture Notes in Computer Science 11627,
Springer-Verlag (2019),
pp 209–228.
Date: 2019-05-13
pdf
bibtex
Matthias Kannwischer, Joost Rijneveld, and Peter Schwabe:
Faster multiplication in ℤ
[x] on Cortex-M4 to speed up NIST PQC candidates.
Applied Cryptography and Network Security
Lecture Notes in Computer Science 11464,
Springer-Verlag (2019),
pp 281–301
Date: 2019-04-09
pdf
bibtex
Supersedes: 2018-10-19 [
pdf
Ebo van der Laan, Erik Poll, Joost Rijneveld, Joeri de Ruiter, Peter Schwabe, and Jan Verschuren:
Is Java Card ready for hash-based signatures?
Advances in Information and Computer Security – IWSEC 2018
Lecture Notes in Computer Science 11049,
Springer-Verlag (2018),
pp 127–142.
Date: 2018-06-14
pdf
bibtex
more
Benjamin Grégoire, Kostas Papagiannopoulos, Peter Schwabe, and Ko Stoffelen:
Vectorizing higher-order masking.
Constructive Side-Channel Analysis and Secure Design
Lecture Notes in Computer Science 10815,
Springer-Verlag (2018),
pp 23–43
Date: 2018-04-06
pdf
bibtex
more (external link)
Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe:
SOFIA: MQ-based signatures in the QROM.
Public Key Cryptography – PKC 2018
Lecture Notes in Computer Science 10770,
Springer-Verlag (2018),
pp 1–17.
Date: 2017-07-17
pdf
bibtex
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS – Dilithium: Digital Signatures from Module Lattices.
Transactions on Cryptographic Hardware and Embedded Systems
, Volume 2018-1, Ruhr University Bochum (2018),
pp 238–268.
Date: 2017-06-27
pdf
bibtex
Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS – Kyber: a CCA-secure module-lattice-based KEM.
2018 IEEE European Symposium on Security and Privacy (EuroS&P)
IEEE (2018),
pp 353–367.
Date: 2018-07-16
pdf
bibtex
more
Supersedes: 2018-02-26 [
pdf
Supersedes: 2017-06-27 [
pdf
Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz,
Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier:
Gimli: a cross-platform permutation.
Cryptographic Hardware and Embedded Systems – CHES 2017
Lecture Notes in Computer Science 10529,
Springer-Verlag (2017),
pp 299–320.
Date: 2017-06-27
pdf
bibtex
more
Andreas Hülsing, Joost Rijneveld, John Schanck, and Peter Schwabe:
High-speed key encapsulation from NTRU.
Cryptographic Hardware and Embedded Systems – CHES 2017
Lecture Notes in Computer Science 10529,
Springer-Verlag (2017),
pp 232–252.
Date: 2017-08-28
pdf
bibtex
more
Supersedes: 2017-06-27 [
pdf
Erick Nascimento, Łukasz Chmielewski, David Oswald, and Peter Schwabe:
Attacking embedded ECC implementations through cmov side channels.
Selected Areas in Cryptology – SAC 2016
Lecture Notes in Computer Science 10532,
Springer-Verlag (2017),
pp 99–119.
Date: 2016-07-18
pdf
bibtex
Peter Schwabe and Bas Westerbaan:
Solving binary MQ with Grover's algorithm.
Security, Privacy, and Applied Cryptography Engineering
Lecture Notes in Computer Science 10076,
Springer-Verlag (2016),
pp 303–322.
Date: 2017-11-30
pdf
bibtex
Supersedes: 2017-10-23 [
pdf
],
Supersedes: 2016-09-01 [
pdf
].
Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe:
From 5-pass MQ-based identification to MQ-based signatures.
Advances in Cryptology – ASIACRYPT 2016
Lecture Notes in Computer Science 10032,
Springer-Verlag (2016),
pp 135–165.
Date: 2016-12-01
pdf
bibtex
Supersedes: 2016-09-13 [
pdf
],
supersedes: 2016-07-15 [
pdf
Erdem Alkim, Philipp Jakubeit, and Peter Schwabe:
NewHope on ARM Cortex-M
Security, Privacy, and Applied Cryptography Engineering
Lecture Notes in Computer Science 10076,
Springer-Verlag (2016),
pp 332–349.
Date: 2016-09-01
pdf
bibtex
Supersedes: 2016-08-03 [
pdf
],
Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe:
Post-quantum key exchange – a new hope.
Proceedings of the 25th USENIX Security Symposium
USENIX Association (2016),
pp 327–343.
Date: 2019-07-10
pdf
bibtex
more
Supersedes: 2017-12-12 [
pdf
],
supersedes: 2016-11-19 [
pdf
],
supersedes: 2016-08-03 [
pdf
],
supersedes: 2016-03-28 [
pdf
],
supersedes: 2015-12-07 [
pdf
],
supersedes: 2015-11-10 [
pdf
],
supersedes: 2015-11-05 [
pdf
Peter Schwabe and Ko Stoffelen:
All the AES you need on Cortex-M3 and M4.
Selected Areas in Cryptology – SAC 2016
Lecture Notes in Computer Science 10532,
Springer-Verlag (2017),
pp 180–194.
Date: 2016-10-19
pdf
bibtex
Supersedes: 2016-07-18 [
pdf
Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina:
μKummer: efficient hyperelliptic signatures and key exchange on microcontrollers.
Cryptographic Hardware and Embedded Systems – CHES 2016
Lecture Notes in Computer Science 9813,
Springer-Verlag (2016),
pp 301–320.
Date: 2017-01-26
pdf
bibtex
Supersedes: 2016-07-19 [
pdf
],
supersedes: 2016-04-07 [
pdf
Anna Krasnova, Moritz Neikes, and Peter Schwabe:
Footprint scheduling for Dining-Cryptographer networks
Financial Cryptography and Data Security
Lecture Notes in Computer Science 9603,
Springer-Verlag (2017).
pp 385–402.
Date: 2015-12-18
pdf
bibtex
Andreas Hülsing, Joost Rijneveld, and Peter Schwabe:
ARMed SPHINCS – Computing a 41KB signature in 16KB of RAM.
Public Key Cryptography – PKC 2016
Lecture Notes in Computer Science 9614,
Springer-Verlag (2016),
pp 446–470.
Date: 2016-02-03
pdf
bibtex
Supersedes: 2015-10-27 [
pdf
Michael Hutter, Jürgen Schilling, Peter Schwabe, and Wolfgang Wieser:
NaCl's
crypto_box
in hardware.
Cryptographic Hardware and Embedded Systems – CHES 2015
Lecture Notes in Computer Science 9293,
Springer-Verlag (2015),
pp 81–101.
Date: 2015-06-16
pdf
bibtex
more
Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe:
High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers.
Designs, Codes and Cryptography
, Volume 77, Issue 2, Springer-Verlag (2015), pp 493–514.
Date: 2015-04-17
pdf
bibtex
more
Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O'Hearn:
SPHINCS: practical stateless hash-based signatures.
Advances in Cryptology – EUROCRYPT 2015, Part I,
Lecture Notes in Computer Science 9056,
Springer-Verlag (2015).
pp 368–397.
Date: 2015-02-02
pdf
bibtex
more
Supersedes: 2014-10-01 [
pdf
Michael Hutter and Peter Schwabe:
Multiprecision multiplication on AVR revisited.
Journal of Cryptographic Engineering
, Volume 5, Issue 3, Springer-Verlag (2015), pp 201–214.
Date: 2015-01-01
pdf
bibtex
more
Supersedes: 2014-07-15 [
pdf
],
supersedes: 2014-07-31 [
pdf
Gesine Hinterwälder, Amir Moradi, Michael Hutter, Peter Schwabe, and Christof Paar:
Full size high security ECC implementation on MSP430 microcontrollers
Progress in Cryptology – LATINCRYPT 2014,
Lecture Notes in Computer Science 8895,
Springer-Verlag (2015),
pp 31–47.
Date: 2014-10-01
pdf
bibtex
Özgür Dagdelen, Rachid El Bansarkhani, Florian Göpfert, Tim Güneysu, Tobias Oder, Thomas Pöppelmann , Ana Helena Sánchez, and Peter Schwabe:
High-Speed Signatures from Standard Lattices.
Progress in Cryptology – LATINCRYPT 2014,
Lecture Notes in Computer Science 8895,
Springer-Verlag (2015),
pp 84–103.
Date: 2014-09-04
pdf
bibtex
Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, and Sjaak Smetsers:
TweetNaCl: A crypto library in 100 tweets.
Progress in Cryptology – LATINCRYPT 2014,
Lecture Notes in Computer Science 8895,
Springer-Verlag (2015),
pp 64–83.
Date: 2014-09-17
pdf
bibtex
more
Supersedes: 2013-12-29[
pdf
Lejla Batina, Łukasz Chmielewski, Louiza Papachristodoulou, Peter Schwabe, and Michael Tunstall:
Online Template Attacks.
Full version
Journal of Cryptographic Engineering
, Volume 9, Issue 1, Springer-Verlag (2017), pp 21–36.
Short version
Progress in Cryptology – INDOCRYPT 2014
Lecture Notes in Computer Science 8885, Springer Verlag (2014),
pp 21–36.
Date: 2017-08-12
pdf
bibtex
Supersedes: 2014-09-22[
pdf
Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Peter Schwabe:
Kummer strikes back: new DH speed records.
Advances in Cryptology – ASIACRYPT 2014
Lecture Notes in Computer Science 8873,
Springer-Verlag (2014),
pp 317–337.
Date: 2014-10-28
pdf
bibtex
Supersedes: 2014-02-18 [
pdf
Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang, and Shang-Yi Yang:
Verifying Curve25519 Software.
2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14
ACM (2014),
pp 299–309.
Date: 2014-08-24
pdf
bibtex
Supersedes: 2014-04-28 [
pdf
Chitchanok Chuengsatiansup, Michael Naehrig, Pance Ribarski, and Peter Schwabe:
PandA: Pairings and Arithmetic.
Pairing-Based Cryptography – Pairing 2013
Lecture Notes in Computer Science 8365,
Springer-Verlag (2014),
pp. 229–250.
Date: 2013-12-04
pdf
bibtex
Keith Alexander, Daniel J. Bernstein, Timo Kasper, Tanja Lange, and Peter Schwabe:
Spyin' NSA.
Journal of Craptology
volume 9
(invited paper).
Date: 2013-08-23
pdf
bibtex
Daniel J. Bernstein, Tung Chou, and Peter Schwabe:
McBits: fast constant-time code-based cryptography.
Cryptographic Hardware and Embedded Systems – CHES 2013
Lecture Notes in Computer Science 8086,
Springer-Verlag (2013),
pp 250–272.
Date: 2013-06-16
pdf
bibtex
Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe:
Software speed records for lattice-based signatures.
Post-Quantum Cryptography
Lecture Notes in Computer Science 7932,
Springer-Verlag (2013),
pp 67–82.
Date: 2013-03-28
pdf
bibtex
more
Michael Hutter and Peter Schwabe:
NaCl on 8-bit AVR Microcontrollers.
Progress in Cryptology – AFRICACRYPT 2013
Lecture Notes in Computer Science 7918,
Springer-Verlag (2013),
pp 156–172.
Date: 2013-05-14
pdf
bibtex
more
Supersedes: 2013-02-20 [
pdf
Severin Holzer-Graf, Thomas Krinninger, Martin Pernull, Martin Schläffer,
Peter Schwabe, David Seywald, and Wolfgang Wieser:
Efficient Vector Implementations of AES-based Designs: A Case Study and New Implemenations for
Grøstl
Topics in Cryptology – CT-RSA 2013
Lecture Notes in Computer Science 7779,
Springer-Verlag (2013),
pp 145–161.
Date: 2012-11-19
pdf
bibtex
Supersedes: 2012-10-06 [
pdf
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
The security impact of a new cryptographic library.
Progress in Cryptology – LATINCRYPT 2012,
Lecture Notes in Computer Science 7533,
Springer-Verlag (2012),
pp 159–176.
Date: 2012-07-25
pdf
bibtex
more
Supersedes: 2011-12-01 [
pdf
Daniel J. Bernstein and Peter Schwabe:
NEON crypto.
Cryptographic Hardware and Embedded Systems – CHES 2012
Lecture Notes in Computer Science 7428,
Springer-Verlag (2012),
pp 320–339.
Date: 2012-03-20
pdf
bibtex
more
Peter Schwabe, Bo-Yin Yang, and Shang-Yi Yang:
SHA-3 on ARM11 processors.
Progress in Cryptology – AFRICACRYPT 2012
Lecture Notes in Computer Science 7374,
Springer Verlag (2012),
pp 324–341.
Date: 2012-04-22
pdf
bibtex
more
Supersedes: 2011-11-25 [
pdf
Peter Schwabe:
Graphics Processing Units.
Chapter in
Secure Smart Embedded Devices: Platforms and Applications
Kostas Markantonakis and Keith Mayes (editors),
Springer-Verlag (2014).
Date: 2013-03-10
pdf
bibtex
The full book is available at
www.springerlink.com
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and Bo-Yin Yang:
Usable assembly language for GPUs: a success story.
Workshop record of Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 169–178.
Date: 2012-03-13
pdf
bibtex
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang:
High-speed high-security signatures.
Full version
Journal of Cryptographic Engineering
, Volume 2, Issue 2, Springer-Verlag (2012), pp 77–89.
Short version
Cryptographic Hardware and Embedded Systems – CHES 2011
Lecture Notes in Computer Science 6917, Springer-Verlag (2011),
pp 124–142.
Date: 2011-09-26
pdf
bibtex
more
Supersedes: 2011-07-05[
pdf
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Really fast syndrome-based hashing.
Progress in Cryptology – AFRICACRYPT 2011
Lecture Notes in Computer Science 6737,
Springer-Verlag (2011),
pp 134–152.
Date: 2011-05-08
pdf
bibtex
more
Supersedes: 2011-02-14 [
pdf
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Faster 2-regular information-set decoding.
Coding and Cryptology
Lecture Notes in Computer Science 6639,
Springer Verlag (2011),
pp 81–98.
Date: 2011-03-09
pdf
bibtex
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
On the correct use of the negation map in the Pollard rho method.
Public Key Cryptography – PKC 2011
Lecture Notes in Computer Science 6571,
Springer-Verlag (2011),
pp 128–146.
Date: 2011-01-02
pdf
bibtex
Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and Bo-Yin Yang:
ECC2K-130 on NVIDIA GPUs.
Progress in Cryptology – INDOCRYPT 2010
Lecture Notes in Computer Science 6498,
Springer Verlag (2010),
pp 328–346.
Date: 2012-01-02
pdf
bibtex
Michael Naehrig, Ruben Niederhagen, and Peter Schwabe:
New software speed records for cryptographic pairings.
Progress in Cryptology – LATINCRYPT 2010,
Lecture Notes in Computer Science 6212,
Springer-Verlag (2010),
pp. 109–123.
Date: 2010-07-14
pdf
bibtex
more
Supersedes: 2010-05-28 [
pdf
],
supersedes: 2010-04-06 [
pdf
Caution:
The software as described in versions 2010-05-28 and 2010-04-06 of
the paper has a bug related to the choice of curve parameters.
This also affects the version in the Latincrypt 2010 proceedings.
corrected version of the software
is available and
the bug is corrected from version 2010-07-14 of the paper.
Joppe W. Bos, Thorsten Kleinjung, Ruben Niederhagen, and Peter Schwabe:
ECC2K-130 on Cell CPUs.
Progress in Cryptology – AFRICACRYPT 2010
Lecture Notes in Computer Science 6055,
Springer Verlag (2010),
pp 225–242.
Date: 2010-02-28
pdf
bibtex
Supersedes: 2010-02-12 [
pdf
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe:
FSBday: Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB.
Progress in Cryptology – INDOCRYPT 2009
Lecture Notes in Computer Science 5922,
Springer Verlag (2009),
pp 18–38.
Date: 2011-09-27
pdf
bibtex
more
Supersedes: 2009-09-24 [
pdf
],
supersedes: 2009-09-01 [
pdf
],
supersedes: 2009-06-17 [
pdf
Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme,
Giacomo de Meulenaer, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens,
Christof Paar, Francesco Regazzoni, Peter Schwabe, and Leif Uhsadel:
The Certicom Challenges ECC2-X.
Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems, pp 51–82.
Date: 2009-09-17
pdf
bibtex
Michael Naehrig, Christiane Peters, and Peter Schwabe:
SHA-2 will soon retire - The SHA-3 Song.
Journal of Craptology
volume 7
(invited paper).
Date: 2009-06-22
pdf
bibtex
more
Emilia Käsper and Peter Schwabe:
Faster and Timing-Attack Resistant AES-GCM.
Cryptographic Hardware and Embedded Systems – CHES 2009
Lecture Notes in Computer Science 5745,
Springer-Verlag (2009),
pp 3–33.
Date: 2009-06-16
pdf
bibtex
more
Supersedes: 2009-03-19 [
pdf
David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg,
Dominik Auras, Gerd Ascheid, and Rudolf Mathar:
Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves.
Cryptographic Hardware and Embedded Systems – CHES 2009
Lecture Notes in Computer Science 5745,
Springer-Verlag (2009),
pp 254–271.
Date: 2009-07-14
pdf
bibtex
See also full version of the paper by
David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg,
Dominik Auras, Rainer Leupers, Gerd Ascheid, Rudolf Mathar, and Heinrich Meyr:
pdf
Supersedes: 2009-03-31 [
pdf
],
supersedes: 2009-02-05 [
pdf
Neil Costigan and Peter Schwabe:
Fast elliptic-curve cryptography on the Cell Broadband Engine.
Progress in Cryptology – AFRICACRYPT 2009
Lecture Notes in Computer Science 5580,
Springer-Verlag (2009),
pp 368–385.
Date: 2009-03-31
pdf
bibtex
more
Supersedes: 2009-01-21 [
pdf
],
supersedes: 2009-01-07 [
pdf
Daniel J. Bernstein and Peter Schwabe:
New AES software speed records.
Progress in Cryptology – INDOCRYPT 2008
Lecture Notes in Computer Science 5365,
Springer-Verlag (2008),
pp 322–336.
Date: 2008-09-26
pdf
bibtex
more
Supersedes: 2008-09-08 [
pdf
Michael Naehrig, Paulo S. L. M. Barreto and Peter Schwabe:
On compressible pairings and their computation.
Progress in Cryptology – AFRICACRYPT 2008
Lecture Notes in Computer Science 5023,
Springer-Verlag (2008),
pp. 371–388.
pdf
bibtex
more
Technical Reports and Preprints
Toggle expand
Daniel Heinz, Matthias J. Kannwischer, Georg Land, Thomas Pöppelmann, Peter Schwabe, and Amber Sprenkels:
First-Order Masked Kyber on ARM Cortex-M4.
Date: 2023-12-11
pdf
bibtex
more
Supersedes: 2022-01-17 [
pdf
Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe:
NewHope without reconciliation.
Date: 2017-11-08
pdf
bibtex
Supersedes: 2016-12-17 [
pdf
Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, and Peter Schwabe:
TESLA: Tightly-secure efficient signatures from standard lattices.
Date: 2016-10-05
pdf
bibtex
more
Supersedes: 2016-08-02 [
pdf
Note:
Gus Gutoski and Chris Peikert independently informed us about a
mistake in the security reduction from LWE to TESLA.
This mistake does not, as far as we can
tell, lead to any attack against TESLA.
Moreover, the (non-tight) security reduction given by Bai and Galbraith still holds.
The proof is fixed (at the expense of different parameters with much worse
performance) in the paper
Revisiting TESLA in the quantum random oracle model
by Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krämer, and Filip Pawlega,
which was published at
PQCRYPTO 2017
Daniel J. Bernstein, Susanne Engels, Tanja Lange, Ruben Niederhagen, Christof Paar, Peter Schwabe, and Ralf Zimmermann:
Faster elliptic-curve discrete logarithms on FPGAs.
Date: 2016-12-12
pdf
bibtex
Supersedes: 2016-08-06 [
pdf
],
supersedes: 2016-04-14 [
pdf
Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe, and Bo-Yin Yang:
EdDSA for more curves.
Date: 2015-07-04
pdf
bibtex
Julien Schmaltz and Peter Schwabe:
Verification of optimised 48-bit multiplications on AVR.
Date: 2015-06-09
pdf
bibtex
Elif Bilge Kavun, Martin M. Lauridsen, Gregor Leander, Christian Rechberger, Peter Schwabe, and Tolga Yalçın:
Prøst v1.1.
Submission to the
CAESAR competition
Date: 2015-01-14
pdf
bibtex
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe.
Improved Networking and Cryptography Library.
Deliverable 2.5 of the EU FP7 project Computer Aided Cryptography Engineering (CACE).
2011.
Date: 2011-02-21
pdf
bibtex
Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos,
Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier Van Damme, Giacomo de Meulenaer,
Luis Julian Dominguez Perez, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung,
Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni,
Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, and Bo-Yin Yang:
Breaking ECC2K-130.
Date: 2009-11-06
pdf
bibtex
Standardization Efforts
Toggle expand
CRYSTALS–Kyber (
selected for standardization by NIST
in July 2022)
Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Kyber: algorithm specification and supporting documentation (version 3.02).
Round-3 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2021-08-04
pdf
bibtex
Supersedes: 2021-01-31 (version 3.01) [
pdf
],
supersedes: 2020-10-01 (version 3.0,
original round-3 submission
) [
pdf
].
Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Kyber: algorithm specification and supporting documentation (version 2.0).
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-04-01
pdf
bibtex
Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Kyber: algorithm specification and supporting documentation.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-30
pdf
bibtex
Peter Schwabe and Bas Westerbaan:
Kyber Post-Quantum KEM.
IETF Internet draft
draft-cfrg-schwabe-kyber
See also
the CRYSTALS–Kyber website
CRYSTALS–Dilithium (
selected for standardization by NIST
in July 2022)
Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Dilithium: algorithm specification and supporting documentation (Version 3.1).
Round-3 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2021-02-08
pdf
bibtex
Supersedes: 2020-10-01 (
original round-3 submission
) [
pdf
].
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Dilithium: algorithm specification and supporting documentation.
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-03-30
pdf
bibtex
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé:
CRYSTALS–Dilithium: algorithm specification and supporting documentation.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-30
pdf
bibtex
See also
the CRYSTALS–Dilithium website
SPHINCS
selected for standardization by NIST
in July 2022)
Jean-Philippe Aumasson, Daniel J. Bernstein, Ward Beullens, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag,
Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen,
Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, and Bas Westerbaan:
SPHINCS
: Submission to the NIST post-quantum project, v3.1.
Round-3 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2022-06-10
pdf
bibtex
Supersedes: 2020-10-01 (v3,
original round-3 submission
) [
pdf
].
Jean-Philippe Aumasson, Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag,
Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen,
Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, and Peter Schwabe:
SPHINCS
: Submission to the NIST post-quantum project.
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-03-14
pdf
bibtex
Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukasz Gazdag,
Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen,
Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, and Peter Schwabe:
SPHINCS
: Submission to the NIST post-quantum project.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-30
pdf
bibtex
See also
the SPHINCS
website
NTRU (NTRU-HRSS-KEM in round 1, merged with NTRUEncrypt for NIST PQC rounds 2 and 3)
Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hulsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, Zhenfei Zhang, Tsunekazu Saito, Takashi Yamakawa, Keita Xagawa:
NTRU: Algorithm Specifications and Supporting Documentation.
Round-3 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2020-09-30
pdf
bibtex
Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hülsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, and Zhenfei Zhang:
NTRU: Algorithm Specifications and Supporting Documentation.
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-03-30
pdf
bibtex
Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe:
NTRU-HRSS-KEM: Algorithm Specifications and Supporting Documentation.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-30
pdf
bibtex
See also
the NTRU website
Classic McEliece (merged with NTS-KEM from NIST PQC round 3; resigned from the team early in round 4)
Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen,
Kenneth G. Paterson, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Cen Jung Tjhai, Martin Tomlinson, and Wen Wang:
Classic McEliece: conservative code-based cryptography.
Round-3 submission to the
NIST Post-Quantum Cryptography Standardization Project.
Date: 2020-10-10
pdf
bibtex
Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen,
Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, and Wen Wang:
Classic McEliece: conservative code-based cryptography.
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-03-31
pdf
bibtex
Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen,
Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, and Wen Wang:
Classic McEliece: conservative code-based cryptography.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-29
pdf
bibtex
See also
the Classic McEliece website
NewHope
Martin R. Albrecht, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Emmanuela Orsini, Valery Osheter,
Kenneth G. Paterson, Guy Peer, Antonio de la Piedra, Thomas Pöppelmann, Peter Schwabe, Nigel P. Smart, and Douglas Stebila:
NewHope: algorithm specification and supporting documentation.
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2019-03-15
pdf
bibtex
Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Thomas Pöppelmann, Peter Schwabe, and Douglas Stebila:
NewHope: algorithm specification and supporting documentation.
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2017-11-28
pdf
bibtex
See also
the NewHope website
MQDSS
Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe:
MQDSS specifications (version 2.1).
Round-2 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2020-04-14
pdf
bibtex
Supersedes: 2019-03-15 (version 2.0,
original round-2 submission
) [
pdf
],
Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe:
MQDSS specifications (version 1.1).
Round-1 submission to the
NIST Post-Quantum Cryptography Standardization Project
Date: 2018-08-31
pdf
bibtex
Supersedes: 2017-11-29 (version 1.0,
original round-1 submission
) [
pdf
],
See also
the MQDSS website
Gimli
Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz,
Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier:
Gimli 20190927.
Round-2 Submission to the
NIST Lightweight Cryptography Standardization Project
Date: 2019-09-27
pdf
bibtex
Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz,
Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier:
Gimli 20190329.
Round-1 Submission to the
NIST Lightweight Cryptography Standardization Project
Date: 2019-03-29
pdf
bibtex
See also
the Gimli website
KEMTLS
Thom Wiggers, Sofía Celi, Peter Schwabe, Douglas Stebila, and Nick Sullivan:
KEM-based Authentication for TLS 1.3.
IETF Internet draft
draft-celi-wiggers-tls-authkem
Thom Wiggers, Sofía Celi, Peter Schwabe, Douglas Stebila, and Nick Sullivan:
KEM-based pre-shared-key handshakes for TLS 1.3
IETF Internet draft
draft-wiggers-tls-authkem-psk
X-Wing
Deirdre Connolly, Peter Schwabe, and Bas Westerbaan:
X-Wing: general-purpose hybrid post-quantum KEM
IETF Internet draft
draft-connolly-cfrg-xwing-kem
Talks
Toggle expand
Slides from my keynote
Towards a new generation of cryptographic software
2025-12-10 at
Asiacrypt 2025
Melbourne, Australia.
Slides from my talk
The migration to post-quantum cryptography
2025-12-01 in the Radboud Symposium at
Radboud University
Nijmegen, The Netherlands.
Slides from my talk
Post-Quanten-Kryptographie: Schutz privater Kommunikation für ein neues Zeitalter
2025-11-18 in the
"Wissensrunde Sicherheiten" of the city of Bochum
Bochum, Germany.
Slides from my talk
The migration to post-quantum cryptography
2025-11-14 in the
Hackerspace Nijmegen
Nijmegen, The Netherlands.
Slides from my inaugural speech entitled
Cryptographic Engineering
2025-10-24 in the Chemistry, Physics and Technology Section of the
Max Planck Society
Berlin, Germany.
Slides from my talk
The migration to post-quantum cryptography
2025-10-21 at
SAP
(given remotely).
Slides from my talk
The migration to post-quantum cryptography
2025-10-09 at the
22nd International ISC Conference on Information Security & Cryptography
Teheran, Iran (given remotely).
Slides from my talk
Post-Quantum Cryptography
2025-09-04 at the
WE-Heraeus-Seminar on Quantum Technologies – Origins and Applications
Steinbach, Germany.
Slides from my talk
The migration to post-quantum cryptography
2025-08-29 at
ITZ Bund
, Berlin, Germany.
Slides from my talk
The migration to post-quantum cryptography
2025-07-11 at the
Max Planck Institute for Plasma Physics
, Munich, Germany.
Slides from my talk
The migration to post-quantum cryptography
2025-05-09 at the
University of Oxford
Compsoc
and
Invariants
student societies, Oxford, UK.
Slides from my talk
Some lessons learned from NIST PQC
2025-04-23 at
PANDA 2025
, Shenzhen, China (given remotely).
Slides from my talk
End-to-end formal verification of ML-KEM
2025-01-09 at
Technology Innovation Institute (TII)
, Abu Dhabi, United Arab Emirates.
Slides from my talk
X-Wing
2024-12-20 at
Bundesamt für Sicherheit in der Informationstechnik (BSI)
, Bonn, Germany.
Slides from my talk
Formosa Crypto: high-assurance, high-security crypto software
2024-12-06 at Santacrypt 2024, Prague, Czech Republic.
Slides from my talk
IT-Sicherheit der Zukunft: Danke für Ihr Vertrauen
2024-11-06 at the G DATA Study2Protect Award Ceremony, Bochum, Germany.
Slides from my talk
Forschung am MPI-SP und ein kleiner Blick auf die Migration zur Post-Quanten Kryptographie
2024-09-26 at the IT4Science Days 2024, Göttingen, Germany.
Slides from my talk
"My life in crypto"
2024-09-17 at
University of Mauritius
, Moka, Mauritius.
Slides from my talk
Kyber – Implementation aspects
2024-08-01 at the
The Cornell, Maryland, Max Planck Pre-doctoral Research School in Computer Science (CMMRS 2024)
, Saarbrücken, Germany.
Slides from my talk
Kyber – Design
2024-08-01 at the
The Cornell, Maryland, Max Planck Pre-doctoral Research School in Computer Science (CMMRS 2024)
, Saarbrücken, Germany.
Slides from my talk
Formosa Crypto – High-assurance crypto in practice
2024-02-20 at
QSMC
, Taipei, Taiwan (given remotely).
Slides from my invited talk
Formosa Crypto – high-assurance crypto in practice
2023-11-15 at
ESCAR 2023
, Hamburg, Germany.
Slides from my invited talk
High-assurance crypto in practice – Challenges and recent results
2023-09-11 at
CHES 2023
, Prague, Czech Republic.
Slides from my invited talk
Post-Quantum Crypto Software – Embedded and High-Assurance
2023-06-28 at the
10th International VDI Conference – Cyber Security for Vehicles
, Frankfurt, Germany.
Slides from my talk
Kyber
2023-03-26 at
Real World PQC
, Tokyo, Japan.
Slides from my talk
NIST PQC: Ein Blick zurück und in die Zukunft
2023-02-21 at the
Gesellschaft für Informatik
(in German, slides in English).
See also the
video on youtube
Slides from my talk
High-assurance crypto
2023-01-30 at the
IACR School on Applied Cryptography
, Bangkok, Thailand.
Exercises
Exercise solutions
Slides from my talk
Formosa Crypto
2022-12-05 at the
PQC Standardization & Migration Workshop
, Taipei, Taiwan.
Slides from my talk
CRYSTALS-Kyber
2022-11-29 at the
Fourth NIST PQC Standardization Conference
, virtual.
Slides from my talk
Engineering high-assurance crypto software
2022-09-30 at the
2022 Graz Security Week
, Graz, Austria.
Slides from my invited talk
6 years of NIST PQC – looking back and ahead
2022-09-29 at
PQCRYPTO 2022
(virtual event).
Slides from my talk
Post-quantum key encapsulation: Kyber
2022-08-31 at IPAS Tech Sharing.
Slides from my talk
NIST PQC, Kyber, and beyond
2022-08-10 at Infineon, San Jose, USA.
Slides from my talk
Engineering post-quantum cryptography
2022-05-04 at the post-COINS spring school, Oslo, Norway.
Slides from my talk
Introduction to lattice-based KEMs
2022-05-04 at the post-COINS spring school, Oslo, Norway.
Exercises
Exercise solutions
Slides from my tutorial talk
An introduction to hash-based signatures
2021-12-13 at
SPACE 2021
(virtual event).
Exercises
Exercise solutions
Slides from my talk
An introduction to hash-based signatures
2021-12-07 at the
1st MSCR Cryptography School (CRYPTOS 2021)
(virtual event).
Slides from my talk
An introduction to lattice-based KEMs
2021-12-07 at the
1st MSCR Cryptography School (CRYPTOS 2021)
(virtual event).
Slides from my talk
My personal experience with the NIST PQC "competition"
2021-11-18 at the KpqC workshop of the Affiliated Institute of ETRI, South Korea (given remotely).
See also the
video on youtube
Slides from my talk
Post-quantum WireGuard
2021-10-25 at
ZITiS
(given remotely).
Slides from my talk
Crypto protocols for the post-quantum era: PQ-WireGuard and KEMTLS
2021-09-09 in the
CRC Seminar Series of TII
(given remotely).
Slides from my tutorial talk
An introduction to lattice-based KEMs
2020-12-17 at
SPACE 2020
(virtual event).
Exercises
Exercise solutions
Slides from my talk
Hash-based signatures – from Lamport to SPHINCS
2020-11-18 at the
Indian Workshop on Post-Quantum Cryptography
(virtual event).
Slides from my talk
The transition to post-quantum cryptography: challenge and chance
2020-11-14 at
ICITDA 2020
(virtual event).
Slides from my talk
Optimizing crypto on embedded microcontrollers
2020-10-04 in the PQEmbed workshop (virtual event).
Slides from my talk
Post-quantum crypto on embedded microcontrollers
2019-12-04 as a
CASA Distinguished Lecture
, Ruhr-University Bochum, Germany.
Slides from my talk
The transition to post-quantum crypto
2019-11-19 for alumni of Radboud University, The Netherlands.
Slides from my talk
Post-quantum crypto on ARM Cortex-M
2019-11-11 at
CARDIS 2019
, Prague, Czech Republic.
Slides from my talk
The transition to post-quantum cryptography
2019-10-15 in the cyber security seminar at
TU Delft
, The Netherlands.
Slides from my talk
Engineering lattice-based cryptography
2019-09-30 at
ASCrypto 2019
, Santiago, Chile.
Slides from my talk
Implementing post-quantum cryptography on embedded microcontrollers
2019-09-17 at the
2019 Graz Security Week
, Graz, Austria.
Slides from my talk
The NIST post-quantum project
2019-09-04 at the
NERD Summer School 2019
, Aachen, Germany.
Slides from my talk
CRYSTALS-Kyber
2019-08-23 at the
Second NIST PQC Conference
, Santa Barbara, USA.
Slides from my talk
On implementation issues of post-quantum cryptography
2019-06-13 at the
Central European Conference on Cryptology
, Telč, Czech Republic.
Slides from my talk
Post-quantum crypto on ARM Cortex M
2019-01-23 in the
Security and Cryptography Group
of
Microsoft Research
, Redmond, USA.
Slides from my talk
Optimizing crypto on embedded microcontrollers
2018-12-10 in the seminar of
Australian Summer School on Embedded Cryptography
Adelaide, Australia.
Slides from my talk
Implementing post-quantum cryptography
2018-06-28 in the
PQCRYPTO Mini-School
Taipei, Taiwan.
Slides from my talk
Hash-based signatures
2018-06-28 in the
PQCRYPTO Mini-School
Taipei, Taiwan.
Slides from my talk
CRYSTALS-Kyber
2018-04-12 at the
First NIST PQC Conference
, Fort Lauderdale, USA.
Slides from my talk
The transition to post-quantum cryptography
2018-02-19 in the seminar of
Inria Nancy
, France.
Slides from my talk
CRYSTALS – Kyber and Dilithium
2018-02-07 in the
Cryptography Seminar
at the
Mathematical Institute of the University of Oxford
, Oxford, UK.
Slides from my talk
Implementing post-quantum crypto
2018-02-01 at the
Combined event on Post-Quantum Cryptography
, Tenerife, Spain.
Slides from my talk
Post-quantum crypto on μc
2017-12-12 at the Colloquium on Hardware Security at
Continental
, Frankfurt, Germany.
Slides from my talk
Long-term security for the IoT?
2017-11-06 at the
Workshop on Cryptography for the Internet of Things and Cloud 2017
, Bochum, Germany.
Slides from my talk
Optimizing crypto on embedded microcontrollers
2017-08-30 at the
COINS Summerschool
, Metochi (Lesbos), Greece.
Software examples and exercises
].
Slides from my talk
Two approaches to verifying high-speed ECC software
2017-04-29 at the
Models and Tools for Security Analysis and Proofs
workshop, Paris, France.
Slides from my talk
From NewHope to Kyber
2017-04-11 in the
Prosecco Seminar
at
Inria Paris
, France;
and similarly
2017-04-07 at
Ege University
in Izmir, Turkey [
slides
];
2017-01-17 at the
Computer Science Department of the Cinvestav
, Mexico [
slides
];
2017-01-13 at
Rambus Security
in San Francisco, USA [
slides
]; and
2017-01-12 in the "Beers and Breakage" seminar at
, Palo Alto, USA. [
slides
Slides from my talk
Post-quantum cryptography
2017-03-22 at the award ceremony for the
Dutch Prize for ICT Research
Amersfoort, The Netherlands.
Slides from my talk
Post-quantum key exchange – a new hope
2016-08-10 at
USENIX Security 2016
, Austin, USA.
Slides from my talk
Post-quantum cryptography
2016-08-04 at
Noisebridge
, San Francisco, USA.
See also the
video on youtube
Slides from my talk
High-assurance crypto software
2016-06-22 at the
Central European Conference on Cryptology
, Piešťany, Slovakia.
Slides from my talk
Timing Attacks and Countermeasures
2016-06-10 at the
Summer School on real-world crypto and privacy
, Šibenik, Crotia.
Slides from my talk
Open Access
2016-06-07 at the
Summer School on real-world crypto and privacy
, Šibenik, Crotia.
See also the
PhD Comics "Open Access Explained"
video on Youtube.
Slides from my talk
Post-quantum key exchange – a new hope
2016-04-14 at the
monthly lattice meeting at University of Lyon
, France.
Slides from my talk
Post-Quantum Cryptography
2015-12-03 at Santacrypt 2015, Prague, Czech Republic.
Slides from my talk
Verifying ECC software
, 2015-09-29 at
ECC 2015
in Bordeaux, France.
Slides from my talk
PandA: Pairings and Arithmetic
2015-06-02 at the
SIAM Conference on Applied Algebraic Geometry – AG'15
Slides from my talk
Software implementation of (H)ECC
2015-06-02 at the
Summer School on real-world crypto and privacy
, Šibenik, Crotia.
Slides from my talk
Introduction to software implementations
2015-06-02 at the
Summer School on real-world crypto and privacy
, Šibenik, Crotia.
Slides from the joint talk
SPHINCS: practical stateless hash-based signatures
by
Andreas Hülsing
and me,
2015-04-28 at
Eurocrypt 2015
, Sofia, Bulgaria.
Slides from my talk
Eliminating Timing Side-Channels. A Tutorial.
2015-01-18 at
ShmooCon 2015
, Washington DC, USA.
See also the
video on youtube
Slides from my talk
Vectorized implementations of post-quantum crypto
2015-01-12 at
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography
, Rutgers University, USA.
Slides from my invited tutorial talk
Multiprecision arithmetic (from primary school to Asiacrypt)
2014-10-20 at
SPACE 2014
, Pune, India.
Slides from my talk
TweetNaCl: A crypto library in 100 tweets
2014-09-18 at
Latincrypt 2014
, Florianópolis, Brazil.
Slides from my talk
Fast symmetric crypto on embedded CPUs
2014-06-05 at the
Summer School on Design and security of cryptographic algorithms and devices for real-world applications
, Šibenik, Crotia.
Slides from my talk
Verifying crypto – many questions and the beginning of an answer
2014-05-20 in the
Brouwer Seminar
Radboud University Nijmegen
, Netherlands.
Slides from my talk
McBits: Fast code-based cryptography
2013-12-17 at the
IMA Conference on Cryptography and Coding
, Oxford, England.
Slides from my tutorial talk
Efficient implementation of finite-field arithmetic
2013-11-22 at
Pairing 2013
, Beijing, China, and similarly
2013-09-11 at the
ECC 2013 summer school
, Leuven, Belgium.
Slides from my talk
You vs. the NSA – Why everybody needs high-security crypto
2013-10-21 at the Semana da Computação,
Universidade Federal de Santa Catarina
, Florianópolis, Brazil.
Slides from my talk
Efficient software implementation of post-quantum cryptography
2013-10-20 at
ASCrypto 2013
, Florianópolis, Brazil.
Slides from my talk
Scalar multiplication algorithms
2013-09-11 at the
ECC 2013 summer school
, Leuven, Belgium.
Slides from my talk
Who is afraid of vectors?
2013-08-26 in the
Crypto Group
of
Microsoft Research
, Redmond, USA.
Slides from my talk
A word of warning
2013-08-22 in the rump session of
CHES 2013
, Santa Barbara, USA.
software
Slides from the joint talk
NaCl on 8-bit AVR microcontrollers
by
Michael Hutter
and me,
2013-06-24 at
Africacrypt 2013
, Cairo, Egypt.
Slides from my talk
NaCl: Cryptography for the Internet
, 2013-01-21 at
the research retreat
Internet crypto
, Tenerife, Spain.
Slides from my talk
Constructive and destructive implementations of elliptic-curve arithmetic
, 2012-10-30 at
ECC 2012
in Querétaro, Mexico.
Slides from my talk
The security impact of a new cryptographic library
, 2012-10-09 at
Latincrypt 2012
in Santiago, Chile.
Slides from my presentation
NEON crypto
2012-09-11 at
CHES 2012
in Leuven, Belgium.
Slides from my presentation
High-Performance Cryptography in Software
2012-09-03 in the
ECRYPT Summerschool on Challenges in Security Engineering
in Bochum, Germany, and similarly
2012-10-15 at the
Advanced Programming Seminar
at
University of Illinois at Chicago
Slides from my presentation
SHA-3 on ARM11 processors
2012-07-12 at
Africacrypt 2012
in Ifrane, Morocco.
Slides from my presentation
The NaCl library
2012-07-12 in the rump session of
Africacrypt 2012
in Ifrane, Morocco.
Slides from my presentation
How to use the negation map in the Pollard rho method
2012-03-09 in the
EiPSI Crypto Working Group
The slides are basically the same as the ones I used for the talk
How to use the negation map in the Pollard rho method
, 2011-06-16 in
the
crypto seminar
of the
Laboratoire PRiSM
at
Université de Versailles Saint-Quentin-en-Yvelines
Slides from my presentation
EdDSA signatures and Ed25519
2012-02-20 in the
Coding Theory and Cryptography Seminar
at the
University of Basel
Subsets of these slides I used in the talks
EdDSA signatures and Ed25519
2012-03-20 at
CARAMEL group, INRIA Nancy
High-speed high-security signatures
2011-09-29 at
CHES 2011
in Nara, Japan, and
High-speed high-security signatures
2011-09-14 in the
EiPSI seminar
at
Eindhoven University of Technology
Slides from my presentation
High-Speed Cryptography
2011-10-24 in the Graduate Seminar of
National Taiwan University
Slides from my presentation
Fun things to do with your mobile phone
2011-09-30 in the
rump session
of
CHES 2011
in Nara, Japan.
Slides from my presentation
High-speed high-security signatures
2011-09-29 at
CHES 2011
in Nara, Japan.
Slides from my presentation
High-speed high-security signatures
2011-09-14 in the
EiPSI seminar
at
Eindhoven University of Technology
Slides from my talk
Really fast syndrome-based hashing
, 2011-07-05 at
Africacrypt 2011
Slides from my talk
On the correct use of the negation map in the Pollard rho method
, 2010-10-18 in
the rump session of
ECC 2010
in Redmond, USA.
Slides from my talk
New software speed records for cryptographic pairings
, 2010-08-09 at
Latincrypt 2010
in Puebla, Mexico.
Slides from my talk
New software speed records for cryptographic pairings
, 2010-07-08 in the
HGI Colloquium
at Ruhr Universität Bochum.
Slides from my talk
Breaking ECC2K-130
, 2010-05-20 in the
Obersemiar Computer Security
at
B-IT Bonn
Subsets of these slides I used for the talks
ECC2K-130 on Cell processors
, 2010-05-05,
at
Africacrypt 2010
Breaking ECC2K-130 on Cell processors and GPUs
, 2010-04-14 in
the
Workshop on Computer Security and Cryptography
at
CRM Montréal
, and
Breaking ECC2K-130 (on Cell CPUs and NVIDIA GPUs)
, 2010-03-21 at
CARAMEL group, INRIA Nancy
Slides from my talk
How do deal with annoying questions from Dan
, 2010-05-04 at
the rump session of
Africacrypt 2010
Slides from my talk
NaCl – Networking and Cryptography library
, 2009-12-04 at
the
SPAN
meeting at
TU Eindhoven
and code examples I used in the talk:
enc-auth-openssl.c
enc-auth-nacl.c
Slides from my talk
AES-GCM plus rapide et résistant aux attaques temporelles
2009-11-13 in the
séminaire de cryptographie
at
Université de Rennes 1
Slides from the joint talk
FSBday: Implementing Wagner's Generalized Birthday Attack against the round-1 SHA-3 Candidate FSB
by
Christiane Peters
and me,
2009-09-10 at
SHARCS 2009
Slides from the joint talk
The Certicom Challenges ECC2-X
by Daniel V. Bailey,
Daniel J. Bernstein
Frank Gurkaynak,
Tanja Lange
and me,
2009-09-09 at
SHARCS 2009
Slides from my talk
Fast elliptic-curve cryptography on the Cell Broadband Engine
2009-06-24 at
Africacrypt 2009
and similarly
2009-05-20 at the
COSIC
seminar at
KU Leuven
Slides from the joint talk
FSBday: Implementing Wagner's Generalized Birthday Attack against the SHA-3 Candidate FSB
by
Christiane Peters
and me,
2009-06-16 at the
INRIA Paris - Rocquencourt
Slides from the joint "talk"
"A brief look at the 56 SHA-3 submissions"
by
Christiane Peters
Michael Naehrig"
, and me,
2009-04-28 at the
rump session
of
Eurocrypt 2009
See also the
Lyrics with guitar chords
and the
video on youtube
Slides from the joint presentation
"How fast is AES?"
by
Emilia Käsper
and me,
2009-02-12 at the rump session of
FSE 2009
Slides from my presentation
"New AES software speed records"
2008-12-16 at
Indocrypt 2008
Slides from my presentation
"Achieving Software Speed Records with qhasm"
2008-11-12 in the
EiPSI seminar
at
Eindhoven University of Technology
Slides from my presentation
"Effiziente Berechnung der Tate Paarung"
2007-06-06 at the
Institute for Theoretical Information Technology
at
RWTH Aachen University
Slides from my presentation
"Paarungen und Identitätsbasierte Kryptographie"
2007-05-10 at the
Institute for Theoretical Information Technology
at
RWTH Aachen University
Slides from my presentation
"Effiziente Implementierung von elliptischen und hyperelliptischen Kurven"
2006-5-31 at the
Institute for Theoretical Information Technology
at
RWTH Aachen University
Slides from my presentation
"Arithmetik auf hyperelliptischen Kurven"
2005-12-14 at the
Institute for Theoretical Information Technology
at
RWTH Aachen University
Slides from my seminar talk
"Seitenkanalattacken gegen Kryptographie auf Elliptischen Kurven"
2005-05-17 at the
Institute for Theoretical Information Technology
at
RWTH Aachen University
and related
report
Journals
I am or was involved in the editorial board of the following journals:
Since 2021 Associate Editor of the
Journal of Computer Security
Member of the Editorial Board of the
IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)
in 2018, 2019, and 2020;
in 2021 Editor-in-Chief together with
Elke De Mulder
Member of the Editorial Board of the
Proceedings of Privacy Enhancing Technology Symposium (PoPETs)
in 2017,2018, and 2019.
From 2015 to 2023, Associate Editor of the
Journal of Cryptographic Engineering
Conferences, Workshops, and Schools
I am or was member of the program committees of the following conferences, workshops, and schools:
RWC 2025
, March 26–28, 2025, Sofia, Bulgaria
Crypto 2024
, August 2024, Santa Barbara, California, USA
Eurocrypt 2024
, May 26–30, 2024, Zurich, Switzerland
RWC 2024
, March 25–27, 2024, Toronto, Canada
SPACE 2023
, December 14–17, Roorkee, India
Latincrypt 2023
, October 2–6, 2023, Quito, Ecuador
CSF 2023
, July 10–14, 2023, Dubrovnik, Croatia
RWC 2023
, March 27–29, 2023, Tokyo, Japan
SPACE 2022
, December 8–11, 2022, Jaipur, India
CARDIS 2022
, November 7–9, 2022, Birmingham, UK
IWSEC 2022
, August 31–September 2, 2022, Tokyo, Japan
ACM CCS 2022
(Applied Cryptography Track), November 14–19, 2022, Los Angeles, USA
Indocrypt 2021
, December 12–15, 2021, Jaipur, India
SPACE 2021
, December 11–15, 2021, Kolkata/Kharagpur, India
CARDIS 2021
, November 10–12, 2021, Lübeck, Germany
IEEE S&P 2022
, May 22–26, 2022, USA
Crypto 2021
, August 16–20, 2021, Santa Barbara, California, USA
Latincrypt 2021
, October 6–8, 2021, virtual conference
CARDIS 2020
, November 18–19, 2020, virtual conference
Indocrypt 2020
, December 13–16, 2020, virtual conference
Eurocrypt 2020
, May 10–14, 2020, Zagreb, Croatia
Indocrypt 2019
, December 15–18, 2019, Hyderabad, India
SSR 2019
, November 7–8, 2019, London, UK
CARDIS 2019
, November 11–13, 2019, Prague, Czech Republic.
Latincrypt 2019
, October 2–4, 2019, Santiago, Chile (program co-chair).
Indocrypt 2018
, December 10–12, 2018, New Delhi, India
Kangacrypt 2018
, December 7–8, 2018, Adelaide, Australia
SSR 2018
, November 26–27, 2018, Darmstadt, Germany
PROOFS 2018
, September 13, Amsterdam, The Netherlands
LightSec 2018
, September 10–12, 2018, Cardiff, UK
(cancelled)
SAC 2018
, August 15–18, 2018, Calgary, Canada
SICHERHEIT 2018
, April 25–27, 2018, Konstanz, Germany
Africacrypt 2018
, May 7–9, 2018, Marrakesh, Morocco.
PQCRYPTO 2018
, April 9–11, 2018, Fort Lauderdale, USA.
Asiacrypt 2017
, December 3–7, 2017, Hong Kong, China.
ECC 2017
, November 13–15, 2017, Nijmegen, The Netherlands (co-chair)
ECC 2017 school
, November 9–11, 2017, Nijmegen, The Netherlands (co-organizer)
Latincrypt 2017
, September 17–22, 2017, Havana, Cuba.
PQCRYPTO 2017
, June 26–28, 2017, Utrecht, The Netherlands
CSF 2017
, August 22–25, 2017, Santa Barbara, USA. (Session Chair of the session on Computer-Aided Cryptography)
Summer School on real-world crypto and privacy
, June 5–9, 2017, Šibenik, Croatia. (Co-organizer)
HighLight
, October 31–November 4, 2016, Leiden, The Netherlands (Co-organizer)
SPEED-B
, October 19–21 2016, Utrecht, The Netherlands. (Co-organizer)
Africacrypt 2017
, May 24–26 2017, Dakar, Senegal
ICMC 2017
, January 17–21, 2017, Haldia, India
CANS 2016
, November 14–16, 2016, Milan, Italy
Asiacrypt 2016
, December 4–8, 2016, Hanoi, Vietnam
SCN 2016
, August 31–September 2, 2016, Amalfi, Italy.
Eurocrypt 2016
, May 8–12, 2016, Vienna, Austria.
Summer School on real-world crypto and privacy
, June 5–10, 2016, Šibenik, Croatia. (Co-organizer)
Africacrypt 2016
, April 13–15, 2016, Fes, Morocco.
PKC 2016
, March 6–9, 2016, Taipei, Taiwan.
Asiacrypt 2015
, November 29–December 3, 2015, Auckland, New Zealand.
WESS 2015
, October 8, 2015, Amsterdam, The Netherlands.
SPACE 2015
, October 3–7, 2015, Jaipur, India (program co-chair).
CHES 2015
, September 13–16, 2015, Saint-Malo, France.
LightSec 2015
, September 11–11, 2015, Bochum, Germany.
Latincrypt 2015
, August 23–26, 2015, Guadalajara, Mexico.
Summer School on real-world crypto and privacy
, May 31–June 5, 2015, Šibenik, Croatia. (Co-organizer)
Africacrypt 2015, May 27–29, 2015, Dakar, Senegal
. (cancelled and postponed to 2016)
PKC 2015
, April 30–May 1, Washington DC, USA.
WESS 2014
, October 17, 2014, New Delhi, India.
CHES 2014
, September 23–26, 2014, Busan, Korea.
Latincrypt 2014
, September 17–19, 2014, Florianópolis, Brazil.
Africacrypt 2014
, May 28–30, 2014, Marrakesh, Morocco.
Pairing 2013
, Nov 22–24, 2013, Beijing, China.
WESS 2013
, September 29, 2013, Montreal, Canada.
SAC 2013
, August 14-16, 2013, Burnaby, British Columbia, Canada.
Asiacrypt 2013
, December 1–5, 2013, Bengaluru, India.
WAIFI 2012
, July 16–19, 2012, Bochum, Germany.
Pairing 2012
, May 16–18, 2012, Cologne, Germany.
Indocrypt 2011
, December 11–14, 2011, Chennai, India.
InfoSecHiComNet 2011
, October 19–22, 2011, Haldia, India.
Teaching
Courses taught at RU Nijmegen
Engineering Cryptographic Software 2025
Engineering Cryptographic Software 2024
Engineering Cryptographic Software 2023
Engineering Cryptographic Software 2022
Engineering Cryptographic Software 2021
Crypto Engineering 2021 (Part I: Software)
Crypto Engineering 2020 (Part I: Software)
Network Security 2019
Hacking in C 2019
Crypto Engineering 2019 (Part I: Software)
Network Security 2018
Hacking in C 2018
Operating Systems Security 2017/18
Network Security 2017
Operating Systems Security 2015/16
Network Security 2015
Operating Systems Security 2014/15
Network Security 2014
Cryptographic Engineering 2014
Research A 2013/14
Research B 2013/14
Courses taught elsewhere
Engineering Cryptographic Software
Block course taught at the
University of Mauritius
, January 2026.
Lecture "Security Issues in Cloud Computing", National Taiwan University, 2011/12
Whiteboard transcripts:
2011-10-07:
Introduction to Cryptography
2011-10-14:
Modern Cryptography I – Symmetric Cryptography
2011-10-21:
Modern Cryptography I – Symmetric Cryptography (ctd.)
2011-10-28:
Modern Cryptography II – Asymmetric Cryptography
Homework assignment to be handed in on December 11, 2011:
Describe where cryptographic hash functions are used.
Explain for what purpose they are used and what properties
of the hash function are required for the respective applications.
Focus on applications that have not been dealt with in the lecture.
Remarks: This is not about finding as many applications as possible,
focus on just 1-2 applications.
Your essay should be about 1 page in length.