| year | title | booktitle | pages |
|---|
| 1 | 2018 | SPD$$\mathbb {Z}_{2^k}$$: Efficient MPC mod $$2^k$$ for Dishonest Majority | crypto | 769-798 |
| 2 | 2018 | Yet Another Compiler for Active Security or: Efficient MPC Over Arbitrary Rings | crypto | 799-829 |
| 3 | 2018 | Compact Zero-Knowledge Proofs of Small Hamming Weight | pkc | 530-560 |
| 4 | 2018 | Continuous NMC Secure Against Permutations and Overwrites, with Applications to CCA Secure Commitments | tcc | 225-254 |
| 5 | 2017 | Amortized Complexity of Zero-Knowledge Proofs Revisited: Achieving Linear Soundness Slack | eurocrypt | 479-500 |
| 6 | 2017 | Secure Arithmetic Computation with Constant Computational Overhead | crypto | 223-254 |
| 7 | 2017 | The TinyTable Protocol for 2-Party Secure Computation, or: Gate-Scrambling Revisited | crypto | 167-187 |
| 8 | 2017 | Resource-Efficient OT Combiners with Active Security | tcc | 461-486 |
| 9 | 2017 | Bounded Tamper Resilience: How to Go Beyond the Algebraic Barrier | jofc | 152-190 |
| 10 | 2016 | Unconditionally Secure Computation with Reduced Interaction | eurocrypt | online |
| 11 | 2016 | Rate-1, Linear Time and Additively Homomorphic UC Commitments | crypto | 179-207 |
| 12 | 2016 | How to Prove Knowledge of Small Secrets | crypto | 478-498 |
| 13 | 2016 | On the Communication Required for Unconditionally Secure Multiplication | crypto | 459-488 |
| 14 | 2016 | On Public Key Encryption from Noisy Codewords | pkc | online |
| 15 | 2016 | Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE) | pkc | online |
| 16 | 2016 | Oblivious Transfer from Any Non-trivial Elastic Noisy Channel via Secret Key Agreement | tcc | 204-234 |
| 17 | 2016 | Access Control Encryption: Enforcing Information Flow with Cryptography | tcc | 547-576 |
| 18 | 2015 | On the Amortized Complexity of Zero-knowledge Protocols | eprint | 446 |
| 19 | 2015 | Unconditionally Secure Computation with Reduced Interaction | eprint | 630 |
| 20 | 2015 | Confidential Benchmarking based on Multiparty Computation | eprint | 1006 |
| 21 | 2015 | On Public Key Encryption from Noisy Codewords | eprint | 572 |
| 22 | 2015 | Fast Oblivious AES\\A dedicated application of the MiniMac protocol | eprint | 989 |
| 23 | 2015 | Additively Homomorphic UC Commitments with Optimal Amortized Overhead | pkc | online |
| 24 | 2015 | Linear Secret Sharing Schemes from Error Correcting Codes and Universal Hash Functions | eurocrypt | online |
| 25 | 2014 | Universally Composable Symbolic Analysis for Two-Party Protocols Based on Homomorphic Encryption | eurocrypt | online |
| 26 | 2014 | Adaptive versus Static Security in the UC Model | eprint | 601 |
| 27 | 2014 | An Efficient Pseudo-Random Generator with Applications to Public-Key Encryption and Constant-Round Multiparty Computation | eprint | 24 |
| 28 | 2014 | Efficient Authentication and Pseudorandomness from Weaker (Ring-)LPN Assumptions | eprint | 426 |
| 29 | 2014 | Compact VSS and Efficient Homomorphic UC Commitments | eprint | 370 |
| 30 | 2014 | Publicly Auditable Secure Multi-Party Computation | eprint | 75 |
| 31 | 2014 | On The Orthogonal Vector Problem and The Feasibility of Unconditionally Secure Leakage Resilient Computation | eprint | 282 |
| 32 | 2014 | An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation | eprint | 289 |
| 33 | 2014 | On the Amortized Complexity of Zero-Knowledge Protocols | jofc | 284-316 |
| 34 | 2014 | Compact VSS and Efficient Homomorphic UC Commitments | asiacrypt | online |
| 35 | 2013 | Constant-Overhead Secure Computation of Boolean Circuits using Preprocessing | TCC | online |
| 36 | 2013 | Efficient Multiparty Protocols via Log-Depth Threshold Formulae - (Extended Abstract) | crypto | online |
| 37 | 2013 | Bounded Tamper Resilience: How to Go beyond the Algebraic Barrier | asiacrypt | online |
| 38 | 2013 | Unconditionally Secure and Universally Composable Commitments from Physical Assumptions | asiacrypt | online |
| 39 | 2012 | Secure Two-Party Computation with Low Communication | tcc | online |
| 40 | 2012 | Multiparty Computation from Somewhat Homomorphic Encryption | crypto | online |
| 41 | 2012 | DDH-Like Assumptions Based on Extension Rings | pkc | online |
| 42 | 2011 | Perfectly Secure Oblivious RAM Without Random Oracles | tcc | online |
| 43 | 2011 | Semi-Homomorphic Encryption and Multiparty Computation | eurocrypt | online |
| 44 | 2010 | Efficient, Robust and Constant-Round Distributed RSA Key Generation | tcc | online |
| 45 | 2010 | On the Necessary and Sufficient Assumptions for UC Computation | tcc | online |
| 46 | 2010 | From Passive to Covert Security at Low Cost | tcc | online |
| 47 | 2010 | Threshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems | tcc | online |
| 48 | 2010 | Perfectly Secure Oblivious RAM Without Random Oracles | eprint | online |
| 49 | 2010 | Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography | eprint | online |
| 50 | 2010 | Multiparty Computation for Dishonest Majority: from Passive to Active Security at Low Cost | eprint | online |
| 51 | 2010 | Multiparty Computation for Dishonest Majority: From Passive to Active Security at Low Cost | crypto | online |
| 52 | 2010 | Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography | eurocrypt | online |
| 53 | 2009 | Universally Composable Multiparty Computation with Partially Isolated Parties | tcc | online |
| 54 | 2009 | Quantum-Secure Coin-Flipping and Applications | asiacrypt | online |
| 55 | 2009 | Asynchronous Multiparty Computation: Theory and Implementation | pkc | online |
| 56 | 2009 | On the Theory and Practice of Personal Digital Signatures | pkc | online |
| 57 | 2009 | Improving the Security of Quantum Protocols via Commit-and-Open | crypto | online |
| 58 | 2009 | On the Amortized Complexity of Zero-Knowledge Protocols | crypto | online |
| 59 | 2008 | Isolated Proofs of Knowledge and Isolated Zero Knowledge | eurocrypt | online |
| 60 | 2008 | Multiparty Computation Goes Live | eprint | online |
| 61 | 2008 | A correction to ``Efficient and Secure Comparison for On-Line Auctions'' | eprint | online |
| 62 | 2008 | Essentially Optimal Universally Composable Oblivious Transfer | eprint | online |
| 63 | 2008 | Efficient Conversion of Secret-shared Values Between Different Fields | eprint | online |
| 64 | 2008 | Scalable Multiparty Computation with Nearly Optimal Work and Resilience | crypto | online |
| 65 | 2007 | Secure Protocols with Asymmetric Trust | asiacrypt | online |
| 66 | 2007 | Secure Identification and QKD in the Bounded-Quantum-Storage Model | crypto | online |
| 67 | 2007 | A Tight High-Order Entropic Quantum Uncertainty Relation with Applications | crypto | online |
| 68 | 2007 | Scalable and Unconditionally Secure Multiparty Computation | crypto | online |
| 69 | 2007 | Non-interactive Proofs for Integer Multiplication | eurocrypt | online |
| 70 | 2007 | Atomic Secure Multi-party Multiplication with Low Communication | eurocrypt | online |
| 71 | 2007 | Non-Interactive Proofs for Integer Multiplication | eprint | online |
| 72 | 2007 | Secure Identification and QKD in the Bounded-Quantum-Storage Model | eprint | online |
| 73 | 2007 | A Tight High-Order Entropic Quantum Uncertainty Relation With Applications | eprint | online |
| 74 | 2007 | Isolated Proofs of Knowledge and Isolated Zero Knowledge | eprint | online |
| 75 | 2007 | Universally Composable Multiparty Computation with Partially Isolated Parties | eprint | online |
| 76 | 2006 | Oblivious Transfer and Linear Functions | crypto | online |
| 77 | 2006 | Scalable Secure Multiparty Computation | crypto | online |
| 78 | 2006 | Simplified Threshold RSA with Adaptive and Proactive Security | eurocrypt | online |
| 79 | 2006 | Unclonable Group Identification | eurocrypt | online |
| 80 | 2006 | Linear Integer Secret Sharing and Distributed Exponentiation | pkc | online |
| 81 | 2006 | Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation | tcc | online |
| 82 | 2006 | Non-interactive Zero-Knowledge from Homomorphic Encryption | tcc | online |
| 83 | 2006 | An Extended Quadratic Frobenius Primality Test with Average- and Worst-Case Error Estimate | jofc | 489-520 |
| 84 | 2006 | Linear Integer Secret Sharing and Distributed Exponentiation | eprint | online |
| 85 | 2006 | RFID Security: Tradeoffs between Security and Efficiency | eprint | online |
| 86 | 2005 | Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator | crypto | online |
| 87 | 2005 | A Quantum Cipher with Near Optimal Key-Recycling | crypto | online |
| 88 | 2005 | Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions | pkc | online |
| 89 | 2005 | Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation | tcc | online |
| 90 | 2005 | Unclonable Group Identification | eprint | online |
| 91 | 2005 | How to Split a Shared Secret into Shared Bits in Constant-Round | eprint | online |
| 92 | 2005 | Constant-Round Multiparty Computation Using a Black-Box Pseudorandom Generator | eprint | online |
| 93 | 2005 | Cryptography In the Bounded Quantum-Storage Model | eprint | online |
| 94 | 2005 | Universally Composable Disk Encryption Schemes | eprint | online |
| 95 | 2005 | Oblivious Transfer and Linear Functions | eprint | online |
| 96 | 2004 | Zero-Knowledge Proofs and String Commitments Withstanding Quantum Attacks | crypto | online |
| 97 | 2004 | On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-Way Quantum Transmission | eurocrypt | online |
| 98 | 2004 | Secret-Key Zero-Knowlegde and Non-interactive Verifiable Exponentiation | tcc | 223-237 |
| 99 | 2004 | Unfair Noisy Channels and Oblivious Transfer | tcc | 355-373 |
| 100 | 2004 | Adaptive versus Non-Adaptive Security of Multi-Party Protocols | jofc | 153-207 |
| 101 | 2004 | On the Key-Uncertainty of Quantum Ciphers and the Computational Security of One-way Quantum Transmission | eprint | online |
| 102 | 2003 | Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption | crypto | online |
| 103 | 2003 | Non-interactive and Reusable Non-malleable Commitment Schemes | eprint | online |
| 104 | 2002 | A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order | asiacrypt | online |
| 105 | 2002 | Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security | crypto | online |
| 106 | 2002 | Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor | crypto | online |
| 107 | 2002 | Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups | eurocrypt | online |
| 108 | 2002 | Client/Server Tradeoffs for Online Elections | pkc | 125-140 |
| 109 | 2002 | Generic Lower Bounds for Root Extraction and Signature Schemes in General Groups | eprint | online |
| 110 | 2001 | Secure Distributed Linear Algebra in a Constant Number of Rounds | crypto | online |
| 111 | 2001 | On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase | crypto | online |
| 112 | 2001 | On Adaptive vs. Non-adaptive Security of Multiparty Protocols | eurocrypt | online |
| 113 | 2001 | Multiparty Computation from Threshold Homomorphic Encryption | eurocrypt | online |
| 114 | 2001 | Practical Threshold RSA Signatures without a Trusted Dealer | eurocrypt | online |
| 115 | 2001 | A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System | pkc | 119-136 |
| 116 | 2001 | On adaptive vs. non-adaptive security of multiparty protocols | eprint | online |
| 117 | 2001 | An Integer Commitment Scheme based on Groups with Hidden Order | eprint | online |
| 118 | 2001 | Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor | eprint | online |
| 119 | 2001 | An Extended Quadratic Frobenius Primality Test with Average Case Error Estimates | eprint | online |
| 120 | 2000 | Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes | asiacrypt | 331-345 |
| 121 | 2000 | Improved Non-committing Encryption Schemes Based on a General Complexity Assumption | crypto | online |
| 122 | 2000 | General Secure Multi-party Computation from any Linear Secret-Sharing Scheme | eurocrypt | online |
| 123 | 2000 | Efficient Concurrent Zero-Knowledge in the Auxiliary String Model | eurocrypt | online |
| 124 | 2000 | Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions | pkc | 354-373 |
| 125 | 2000 | Short Non-Interactive Cryptographic Proofs | jofc | 449-472 |
| 126 | 2000 | Efficient Protocols based on Probabilistic Encryption using Composite Degree Residue Classes | eprint | online |
| 127 | 2000 | General Secure Multi-Party Computation from any Linear Secret Sharing Scheme | eprint | online |
| 128 | 2000 | On the Complexity of Verifiable Secret Sharing and Multi-Party Computation | eprint | online |
| 129 | 2000 | Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions | eprint | online |
| 130 | 2000 | Multiparty Computation from Threshold Homomorphic Encryption | eprint | online |
| 131 | 1999 | Efficient Multiparty Computations Secure Against an Adaptive Adversary | eurocrypt | 311-326 |
| 132 | 1999 | On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions | eurocrypt | 56-73 |
| 133 | 1999 | An error in the mixed adversary protocol by Fitzi, Hirt and Maurer | eprint | online |
| 134 | 1999 | Verifiable Encryption and Applications to Group Signatures and Signature Sharing | eprint | online |
| 135 | 1999 | Concurrent Zero-Knowledge is Easy in Practice | eprint | online |
| 136 | 1998 | Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? | crypto | 424-441 |
| 137 | 1998 | Zero-Knowledge Authentication Scheme with Secret Key Exchange | jofc | 147-159 |
| 138 | 1998 | Two-Key Triple Encryption | jofc | 209-218 |
| 139 | 1997 | Fast and Secure Immunization Against Adaptive Man-in-the-Middle Impersonation | eurocrypt | 75-87 |
| 140 | 1997 | On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures | jofc | 163-194 |
| 141 | 1996 | New Generation of Secure and Practical RSA-Based Signatures | crypto | 173-185 |
| 142 | 1996 | New Convertible Undeniable Signature Schemes | eurocrypt | 372-386 |
| 143 | 1996 | On Monotone Function Closure of Statistical Zero-Knowledge | eprint | online |
| 144 | 1996 | Linear Zero-Knowledge - A note on Efficient Zero-Knowledge Proofs and Arguments | eprint | online |
| 145 | 1995 | Secure Signature Schemes based on Interactive Protocols | crypto | 297-310 |
| 146 | 1995 | Honest Verifier vs Dishonest Verifier in Public Cain Zero-Knowledge Proofs | crypto | 325-338 |
| 147 | 1995 | Practical and Provably Secure Release of a Secret and Exchange of Signatures | jofc | 201-222 |
| 148 | 1994 | Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols | crypto | 174-187 |
| 149 | 1994 | Parallel Divertibility of Proofs of Knowledge (Extended Abstract) | eurocrypt | 140-155 |
| 150 | 1993 | Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract) | crypto | 100-109 |
| 151 | 1993 | On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures | crypto | 250-265 |
| 152 | 1993 | Practical and Provably Secure Release of a Secret and Exchange of Signatures | eurocrypt | 200-217 |
| 153 | 1993 | The Breaking of the AR Hash Function | eurocrypt | 286-292 |
| 154 | 1992 | On Generation of Probable Primes By Incremental Search | crypto | 358-370 |
| 155 | 1992 | Security Bounds for Parallel Versions of Identification Protocols (Extended Abstract) | eurocrypt | 461-466 |
| 156 | 1992 | Non-Interactive Circuit Based Proofs and Non-Interactive Perfect Zero-knowledge with Proprocessing | eurocrypt | 341-355 |
| 157 | 1991 | Speeding up Prime Number Generation | asiacrypt | 440-449 |
| 158 | 1991 | Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks | crypto | 445-456 |
| 159 | 1990 | Convertible Undeniable Signatures | crypto | 189-205 |
| 160 | 1989 | On the Existence of Bit Commitment Schemes and Zero-Knowledge Proofs | crypto | 17-27 |
| 161 | 1989 | A Design Principle for Hash Functions | crypto | 416-427 |
| 162 | 1988 | Zero-Knowledge Authentication Scheme with Secret Key Exchange (Extended Abstract) | crypto | 583-588 |
| 163 | 1988 | "Practical IP" <= MA | crypto | 580-582 |
| 164 | 1988 | On the Randomness of Legendre and Jacobi Sequences | crypto | 163-172 |
| 165 | 1988 | Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals | crypto | 328-335 |
| 166 | 1988 | Anonymous and Verifiable Registration in Databases | eurocrypt | 167-176 |
| 167 | 1987 | Multiparty Unconditionally Secure Protocols (Abstract) | crypto | 462 |
| 168 | 1987 | Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result | crypto | 87-119 |
| 169 | 1987 | Gradual and Verifiable Release of a Secret | crypto | 156-166 |
| 170 | 1987 | Collision Free Hash Functions and Public Key Signature Schemes | eurocrypt | 203-216 |
