| year | title | booktitle | pages |
|---|
| 1 | 2019 | Collusion Resistant Broadcast and Trace from Positional Witness Encryption | pkc | 3-33 |
| 2 | 2018 | Synchronized Aggregate Signatures from the RSA Assumption | eurocrypt | 197-229 |
| 3 | 2018 | Risky Traitor Tracing and New Differential Privacy Negative Results | crypto | 467-497 |
| 4 | 2018 | Upgrading to Functional Encryption | tcc | 629-658 |
| 5 | 2018 | Impossibility of Simulation Secure Functional Encryption Even with Random Oracles | tcc | 659-688 |
| 6 | 2018 | Traitor-Tracing from LWE Made Simple and Attribute-Based | tcc | 341-369 |
| 7 | 2017 | Separating Semantic and Circular Security for Symmetric-Key Bit Encryption from the Learning with Errors Assumption | eurocrypt | 528-557 |
| 8 | 2017 | Universal Samplers with Fast Verification | pkc | 525-554 |
| 9 | 2017 | Separating IND-CPA and Circular Security for Unbounded Length Key Cycles | pkc | 232-246 |
| 10 | 2017 | A Generic Approach to Constructing and Proving Verifiable Random Functions | tcc | 537-566 |
| 11 | 2016 | New Negative Results on Differing-Inputs Obfuscation | eurocrypt | online |
| 12 | 2016 | Constrained Pseudorandom Functions for Unconstrained Inputs | eurocrypt | online |
| 13 | 2016 | Circular Security Separations for Arbitrary Length Cycles from LWE | crypto | 681-700 |
| 14 | 2016 | How to Generate and Use Universal Samplers | asiacrypt | online |
| 15 | 2016 | Semi-adaptive Security and Bundling Functionalities Made Generic and Easy | tcc | 361-388 |
| 16 | 2015 | Computing on Authenticated Data | jofc | 351-395 |
| 17 | 2015 | Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption | eprint | 16 |
| 18 | 2015 | Time-Lock Puzzles from Randomized Encodings | eprint | 514 |
| 19 | 2015 | New Circular Security Counterexamples from Decision Linear and Learning with Errors | eprint | 715 |
| 20 | 2015 | New Realizations of Somewhere Statistically Binding Hashing and Positional Accumulators | eprint | 869 |
| 21 | 2015 | Separations in Circular Security for Arbitrary Length Key Cycles | tcc | online |
| 22 | 2015 | Universal Signature Aggregators | eurocrypt | 3-34 |
| 23 | 2015 | A Punctured Programming Approach to Adaptively Secure Functional Encryption | crypto | online |
| 24 | 2015 | Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model | asiacrypt | online |
| 25 | 2015 | New Circular Security Counterexamples from Decision Linear and Learning with Errors | asiacrypt | online |
| 26 | 2015 | New Realizations of Somewhere Statistically Binding Hashing and Positional Accumulators | asiacrypt | online |
| 27 | 2014 | Witness Encryption from Instance Independent Assumptions | crypto | online |
| 28 | 2014 | Low Overhead Broadcast Encryption from Multilinear Maps | crypto | online |
| 29 | 2014 | Replacing a Random Oracle: Full Domain Hash from Indistinguishability Obfuscation | eurocrypt | online |
| 30 | 2014 | Why Proving HIBE Systems Secure Is Difficult | eurocrypt | online |
| 31 | 2014 | Online/Offline Attribute-Based Encryption | pkc | online |
| 32 | 2014 | Fully Secure and Fast Signing from Obfuscation | eprint | 523 |
| 33 | 2014 | Witness Encryption from Instance Independent Assumptions | eprint | 273 |
| 34 | 2014 | Online/Offline Attribute-Based Encryption | eprint | 21 |
| 35 | 2014 | A Punctured Programming Approach to Adaptively Secure Functional Encryption | eprint | 588 |
| 36 | 2014 | Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model | eprint | 521 |
| 37 | 2014 | Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption | eprint | 309 |
| 38 | 2014 | Low Overhead Broadcast Encryption from Multilinear Maps | eprint | 195 |
| 39 | 2014 | How to Generate and use Universal Parameters | eprint | 507 |
| 40 | 2014 | Relaxed Two-to-one Recoding Schemes | eprint | 477 |
| 41 | 2013 | Functional Encryption: Origins and Recent Developments | PKC | online |
| 42 | 2013 | Attribute-Based Encryption with Fast Decryption | PKC | online |
| 43 | 2013 | Attribute-Based Encryption for Circuits from Multilinear Maps | crypto | online |
| 44 | 2013 | Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures | crypto | online |
| 45 | 2013 | Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based | crypto | online |
| 46 | 2013 | Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys | crypto | online |
| 47 | 2013 | Constrained Pseudorandom Functions and Their Applications | asiacrypt | online |
| 48 | 2012 | Computing on Authenticated Data | tcc | online |
| 49 | 2012 | Identity-Based (Lossy) Trapdoor Functions and Applications | eurocrypt | 228-245 |
| 50 | 2012 | Standard Security Does Not Imply Security against Selective-Opening | eurocrypt | online |
| 51 | 2012 | Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security | eurocrypt | online |
| 52 | 2012 | Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption | crypto | online |
| 53 | 2012 | Functional Encryption for Regular Languages | crypto | online |
| 54 | 2012 | New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques | crypto | online |
| 55 | 2012 | Dual Form Signatures: An Approach for Proving Security from Static Assumptions | asiacrypt | online |
| 56 | 2011 | Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization | pkc | online |
| 57 | 2011 | Achieving Leakage Resilience Through Dual System Encryption | tcc | online |
| 58 | 2011 | Identity-Based Encryption Secure Against Selective Opening Attack | tcc | online |
| 59 | 2011 | Functional Encryption: Definitions and Challenges | tcc | online |
| 60 | 2011 | Bi-Deniable Public-Key Encryption | crypto | online |
| 61 | 2011 | Unbounded HIBE and Attribute-Based Encryption | eurocrypt | online |
| 62 | 2011 | Decentralizing Attribute-Based Encryption | eurocrypt | online |
| 63 | 2010 | New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts | tcc | online |
| 64 | 2010 | Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption | eurocrypt | online |
| 65 | 2010 | Constructing Verifiable Random Functions with Large Input Spaces | eurocrypt | online |
| 66 | 2010 | Constructing Verifiable Random Functions with Large Input Spaces | eprint | online |
| 67 | 2010 | Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption | eprint | online |
| 68 | 2010 | Identity-Based Encryption Secure under Selective Opening Attack | eprint | online |
| 69 | 2010 | Decentralizing Attribute-Based Encryption | eprint | online |
| 70 | 2010 | On the Insecurity of Parallel Repetition for Leakage Resilience | eprint | online |
| 71 | 2010 | Achieving Leakage Resilience Through Dual System Encryption | eprint | online |
| 72 | 2009 | Predicate Privacy in Encryption Systems | tcc | online |
| 73 | 2009 | Signing a Linear Subspace: Signature Schemes for Network Coding | pkc | online |
| 74 | 2009 | Realizing Hash-and-Sign Signatures under Standard Assumptions | eurocrypt | 333-350 |
| 75 | 2009 | Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) | eurocrypt | 171-188 |
| 76 | 2009 | Short and Stateless Signatures from the RSA Assumption | crypto | online |
| 77 | 2009 | Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions | crypto | online |
| 78 | 2009 | Realizing Hash-and-Sign Signatures under Standard Assumptions | eprint | online |
| 79 | 2008 | Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products | eurocrypt | online |
| 80 | 2008 | Compact Proofs of Retrievability | asiacrypt | online |
| 81 | 2008 | Compact Proofs of Retrievability | eprint | online |
| 82 | 2008 | Adaptive Security in Broadcast Encryption Systems | eprint | online |
| 83 | 2008 | Delegating Capabilities in Predicate Encryption Systems | eprint | online |
| 84 | 2008 | Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization | eprint | online |
| 85 | 2008 | Revocation Systems with Very Small Private Keys | eprint | online |
| 86 | 2008 | Compact Signatures for Network Coding | eprint | online |
| 87 | 2008 | Signing a Linear Subspace: Signature Schemes for Network Coding | eprint | online |
| 88 | 2008 | A Framework for Efficient and Composable Oblivious Transfer | crypto | online |
| 89 | 2007 | Efficient Ring Signatures Without Random Oracles | pkc | 166-180 |
| 90 | 2007 | Full-Domain Subgroup Hiding and Constant-Size Group Signatures | pkc  | 1-15 |
| 91 | 2007 | Conjunctive, Subset, and Range Queries on Encrypted Data | tcc | online |
| 92 | 2007 | Lossy Trapdoor Functions and Their Applications | eprint | online |
| 93 | 2007 | Attribute-Based Encryption with Non-Monotonic Access Structures | eprint | online |
| 94 | 2007 | A Framework for Efficient and Composable Oblivious Transfer | eprint | online |
| 95 | 2007 | Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products | eprint | online |
| 96 | 2006 | Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) | crypto | online |
| 97 | 2006 | Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys | eurocrypt | online |
| 98 | 2006 | Compact Group Signatures Without Random Oracles | eurocrypt | online |
| 99 | 2006 | Sequential Aggregate Signatures and Multisignatures Without Random Oracles | eurocrypt | online |
| 100 | 2006 | Strongly Unforgeable Signatures Based on Computational Diffie-Hellman | pkc | online |
| 101 | 2006 | Conjunctive, Subset, and Range Queries on Encrypted Data | eprint | online |
| 102 | 2006 | Fully Collusion Resistant Traitor Tracing | eprint | online |
| 103 | 2006 | Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) | eprint | online |
| 104 | 2006 | Sequential Aggregate Signatures and Multisignatures without Random Oracles | eprint | online |
| 105 | 2006 | Efficient Ring Signatures without Random Oracles | eprint | online |
| 106 | 2006 | Forward-Secure Signatures with Untrusted Update | eprint | online |
| 107 | 2006 | A Fully Collusion Resistant Broadcast, Trace, and Revoke System | eprint | online |
| 108 | 2006 | Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data | eprint | online |
| 109 | 2005 | Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys | crypto | online |
| 110 | 2005 | Fuzzy Identity-Based Encryption | eurocrypt | online |
| 111 | 2005 | Efficient Identity-Based Encryption Without Random Oracles | eurocrypt | online |
| 112 | 2005 | Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys | eprint | online |
| 113 | 2005 | Direct Chosen Ciphertext Security from Identity-Based Techniques | eprint | online |
| 114 | 2005 | Compact Group Signatures Without Random Oracles | eprint | online |
| 115 | 2004 | Fuzzy Identity Based Encryption | eprint | online |
| 116 | 2004 | Efficient Identity-Based Encryption Without Random Oracles | eprint | online |
