| year | title | booktitle | pages |
|---|
| 1 | 2017 | Preface | tosc | online |
| 2 | 2016 | A MAC Mode for Lightweight Block Ciphers | fse | 43-59 |
| 3 | 2016 | On the Influence of Message Length in PMAC's Security Bounds | eurocrypt | 596-621 |
| 4 | 2015 | On the Impact of Known-Key Attacks on Hash Functions | eprint | 909 |
| 5 | 2015 | Collateral damage of Facebook Apps: an enhanced privacy scoring model | eprint | 456 |
| 6 | 2015 | New Techniques for Electronic Voting | eprint | 809 |
| 7 | 2015 | On the Impact of Known-Key Attacks on Hash Functions | asiacrypt | 59-84 |
| 8 | 2015 | Problems, solutions and experience of the first international student's Olympiad in cryptography | eprint | 534 |
| 9 | 2014 | Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers | eprint | 386 |
| 10 | 2014 | Triple and Quadruple Encryption: Bridging the Gaps | eprint | 16 |
| 11 | 2012 | Soft Decision Error Correction for Compact Memory-Based PUFs Using a Single Enrollment | ches | 268-282 |
| 12 | 2012 | UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX | fse | 287-305 |
| 13 | 2012 | A Model for Structure Attacks, with Applications to PRESENT and Serpent | fse | 49-68 |
| 14 | 2012 | Hash Functions Based on Three Permutations: A Generic Security Analysis | crypto | 330-347 |
| 15 | 2011 | The Additive Differential Probability of ARX | fse | 342 |
| 16 | 2011 | Practical Collisions for EnRUPT | jofc | 1-23 |
| 17 | 2010 | Increased Resilience in Threshold Cryptography: Sharing a Secret with Devices That Cannot Store Shares | eprint | online |
| 18 | 2010 | Related-Key Boomerang and Rectangle Attacks | eprint | online |
| 19 | 2010 | On the Indifferentiability of the Gr{\o}stl Hash Function | eprint | online |
| 20 | 2010 | MQ^*-IP: An Identity-based Identification Scheme without Number-theoretic Assumptions | eprint | online |
| 21 | 2010 | Improved Collision Attacks on the Reduced-Round Gr{\o}stl Hash Function | eprint | online |
| 22 | 2010 | Security Reductions of the Second Round SHA-3 Candidates | eprint | online |
| 23 | 2009 | Practical Collisions for EnRUPT | fse | 246-259 |
| 24 | 2008 | Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms | crypto | 144-161 |
| 25 | 2008 | Collisions and other Non-Random Properties for Step-Reduced SHA-256 | eprint | online |
| 26 | 2008 | Mutual Information Analysis | ches | 426-442 |
| 27 | 2008 | A Practical Attack on KeeLoq | eurocrypt | 1-18 |
| 28 | 2007 | Weaknesses in the Pseudorandom Bit Generation Algorithms of the Stream Ciphers TPypy and TPy | eprint | online |
| 29 | 2007 | Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings | eprint | online |
| 30 | 2007 | MAME: A Compression Function with Reduced Hardware Requirements | ches | 148-165 |
| 31 | 2007 | Seven-Property-Preserving Iterated Hashing: ROX | eprint | online |
| 32 | 2007 | New Attacks on the Stream Cipher TPy6 and Design of New Ciphers the TPy6-A and the TPy6-B | eprint | online |
| 33 | 2007 | Differential-Linear Attacks Against the Stream Cipher Phelix | fse | 87-100 |
| 34 | 2007 | Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy | eurocrypt | 276-290 |
| 35 | 2007 | Related-Key Rectangle Attacks on Reduced AES-192 and AES-256 | fse | 225-241 |
| 36 | 2007 | New Weaknesses in the Keystream Generation Algorithms of the Stream Ciphers TPy and Py | eprint | online |
| 37 | 2007 | Seven-Property-Preserving Iterated Hashing: ROX | asiacrypt | 130-146 |
| 38 | 2006 | Superscalar Coprocessor for High-Speed Curve-Based Cryptography | ches | online |
| 39 | 2006 | A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols | asiacrypt | online |
| 40 | 2006 | A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols | eprint | online |
| 41 | 2006 | On the (In)security of Stream Ciphers Based on Arrays and Modular Addition | asiacrypt | online |
| 42 | 2006 | Cryptanalysis of the Stream Cipher DECIM | fse | online |
| 43 | 2006 | On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 | eprint | online |
| 44 | 2006 | Distinguishing Attacks on the Stream Cipher Py | fse | online |
| 45 | 2006 | Resynchronization Attacks on WG and LEX | fse | online |
| 46 | 2005 | On the Algebraic Immunity of Symmetric Boolean Functions | eprint | online |
| 47 | 2005 | Hardware/Software Co-design for Hyperelliptic Curve Cryptography (HECC) on the 8051µP | ches | online |
| 48 | 2005 | Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192 | fse | online |
| 49 | 2005 | On the Security of Encryption Modes of MD4, MD5 and HAVAL | eprint | online |
| 50 | 2005 | Classification of Cubic $(n-4)$-resilient Boolean Functions | eprint | online |
| 51 | 2005 | Taxonomy of Public Key Schemes based on the problem of Multivariate Quadratic equations | eprint | online |
| 52 | 2005 | Large Superfluous Keys in Multivariate Quadratic Asymmetric Systems | pkc | online |
| 53 | 2005 | On the (In)security of Stream Ciphers Based on Arrays and Modular Addition (Full Version) | eprint | online |
| 54 | 2005 | Equivalent Keys in Multivariate Quadratic Public Key Systems | eprint | online |
| 55 | 2004 | Power Analysis of an FPGA: Implementation of Rijndael: Is Pipelining a DPA Countermeasure? | ches | 30-44 |
| 56 | 2004 | Equivalent Keys in HFE, C$^*$, and variations | eprint | online |
| 57 | 2004 | Higher Order Universal One-Way Hash Functions | asiacrypt | online |
| 58 | 2004 | Superfluous Keys in Multivariate Quadratic Asymmetric Systems | eprint | online |
| 59 | 2004 | A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher | fse | 245-259 |
| 60 | 2004 | Classification of Highly Nonlinear Boolean Power Functions with a Randomised Algorithm for Checking Normality | eprint | online |
| 61 | 2004 | Extending the Resynchronization Attack | eprint | online |
| 62 | 2004 | Classification of Boolean Functions of 6 Variables or Less with Respect to Cryptographic Properties | eprint | online |
| 63 | 2004 | On Boolean Functions with Generalized Cryptographic Properties | eprint | online |
| 64 | 2004 | On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds | asiacrypt | online |
| 65 | 2004 | Solving Systems of Differential Equations of Addition | eprint | online |
| 66 | 2003 | A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms | eurocrypt | online |
| 67 | 2003 | Cryptanalysis of the Alleged SecurID Hash Function | eprint | online |
| 68 | 2003 | A Concrete Security Analysis for 3GPP-MAC | fse | online |
| 69 | 2003 | Cryptanalysis of SOBER-t32 | fse | online |
| 70 | 2003 | Cryptanalysis of 3-Pass HAVAL | asiacrypt | online |
| 71 | 2003 | Multi-Party Computation from any Linear Secret Sharing Scheme Secure against Adaptive Adversary: The Zero-Error Case | eprint | online |
| 72 | 2003 | Power-Analysis Attacks on an FPGA - First Experimental Results | ches | 35-50 |
| 73 | 2002 | Square Attacks on Reduced-Round Variants of the Skipjack Block Cipher | eprint | online |
| 74 | 2002 | Applying General Access Structure to Metering Schemes | eprint | online |
| 75 | 2002 | A New Keystream Generator MUGI | fse | online |
| 76 | 2002 | Applying General Access Structure to Proactive Secret Sharing Schemes | eprint | online |
| 77 | 2002 | A note on Weak Keys of PES, IDEA and some Extended Variants | eprint | online |
| 78 | 2002 | New European Schemes for Signature, Integrity and Encryption (NESSIE): A Status Report | pkc | 297-309 |
| 79 | 2002 | On the Security of the Threshold Scheme Based on the Chinese Remainder Theorem | pkc | 199-210 |
| 80 | 2001 | A Memory Efficient Version of Satoh's Algorithm | eurocrypt | 1-13 |
| 81 | 2001 | NESSIE: A European Approach to Evaluate Cryptographic Algorithms | fse | 267-276 |
| 82 | 2001 | Producing Collisions for PANAMA | fse | 37-51 |
| 83 | 2001 | Improved SQUARE Attacks against Reduced-Round HIEROCRYPT | fse | 165-173 |
| 84 | 2001 | SQUARE Attacks on Reduced-Round PES and IDEA Block Ciphers | eprint | online |
| 85 | 2000 | Linear Cryptanalysis of Reduced-Round Versions of the SAFER Block Cipher Family | fse | 244-261 |
| 86 | 1999 | On the Security of Double and 2-Key Triple Modes of Operation | fse | 215-230 |
| 87 | 1999 | Equivalent Keys of HPC | asiacrypt | 29-42 |
| 88 | 1999 | Software Performance of Universal Hash Functions | eurocrypt | 24-41 |
| 89 | 1999 | Attack on Six Rounds of Crypton | fse | 46-59 |
| 90 | 1999 | Linear Cryptanalysis of RC5 and RC6 | fse | 16-30 |
| 91 | 1998 | Analysis Methods for (Alleged) RC4 | asiacrypt | 327-341 |
| 92 | 1998 | Attacks on Fast Double Block Length Hash Functions | jofc | 59-72 |
| 93 | 1997 | A Family of Trapdoor Ciphers | fse | 139-148 |
| 94 | 1997 | Fast and Secure Hashing Based on Codes | crypto | 485-498 |
| 95 | 1996 | Hash Functions Based on Block Ciphers and Quaternary Codes | asiacrypt | 77-90 |
| 96 | 1996 | The Cipher SHARK | fse | 99-111 |
| 97 | 1996 | On the Security of Two MAC Algorithms | eurocrypt | 19-32 |
| 98 | 1996 | RIPEMD-160: A Strengthened Version of RIPEMD | fse | 71-82 |
| 99 | 1995 | MDx-MAC and Building Fast MACs from Hash Functions | crypto | 1-14 |
| 100 | 1994 | FSE'94 - Introduction | fse | 1-5 |
| 101 | 1994 | Improved Characteristics for Differential Cryptanalysis of Hash Functions Based on Block Ciphers | fse | 242-248 |
| 102 | 1994 | Cryptanalysis of McGuffin | fse | 353-358 |
| 103 | 1993 | Design Principles for Dedicated Hash Functions | fse | 71-82 |
| 104 | 1993 | Hash Functions Based on Block Ciphers: A Synthetic Approach | crypto | 368-378 |
| 105 | 1993 | Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds | crypto | 212-223 |
| 106 | 1992 | On the Power of Memory in the Design of Collision Resistant Hash Functions | auscrypt | 105-121 |
| 107 | 1992 | An Attack on Two Hash Functions by Zheng-Matsumoto-Imai | auscrypt | 535-538 |
| 108 | 1991 | Race Integrity Primitives Evaluation (RIPE): A Status Report | eurocrypt | 547-551 |
| 109 | 1991 | Boolean Functions Satisfying Higher Order Propagation Criteria | eurocrypt | 141-152 |
| 110 | 1990 | Propagation Characteristics of Boolean Functions | eurocrypt | 161-173 |
| 111 | 1989 | A Chosen Text Attack on The Modified Cryptographic Checksum Algorithm of Cohen and Huang | crypto | 154-163 |
