My CV
- Biometric
- SHAvite-3
- KATAN
- Attacking Keeloq
- Published Books
- Published Research Papers
- Selected Technical Reports
- Invited Talks
- Seminar Talks
- Editorial board / Committees
- Boards / Steering Committees
- Organized Events
- Past Students
- Present Students
- Lectures and Tutorials
Published Books
- 1. Proceedings of Fast Software Encryption 2009 - Lecture Notes in Computer Science vol. 5665, ISBN 978-3-642-03316-2.
- 2. Proceedings of Cryptographers' Track in the RSA Conference (CT-RSA) 2012 - Lecture Notes in Computer Science vol. 7178, ISBN 978-3-642-27953-9.
- 3. Proceedings of Selected Areas in Cryptography 2015 - Jointly with Liam Keliher. Lecture Notes in Computer Science vol. 9556, ISBN 978-3-319-31301-6.
- 4. Proceedings of INDOCRYPT 2016 - Jointly with Somitra Kumar Sanadhya. Lecture Notes in Computer Science vol. 10095, ISBN 978-3-319-49889-8
- 5. Proceedings of Latincrypt 2017 - Jointly with Tanja Lange. Lecture Notes in Computer Science vol. 11368, ISBN 978-3-030-25283-0
Published Journal Papers
| Journal | Title | Coauthors | Vol-No/pages |
| IEEE Transactions on Information Theory | A New Criterion for Nonlinearity of Block Ciphers | Nathan Keller | 53-11, 3944-3957 (2007) |
| Information Processing Letters | Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers | Nathan Keller | 107-5 (2008), 133-137 |
| Information Processing Letters | The Effects of the Omission of Last Round's MixColumns on AES | Nathan Keller | 110-(8-9) (2010), 304-308 |
| Journal of Cryptology | A Practical Attack on KeeLoq | Wim Aerts, Eli Biham, Dieter De Moitie, Elke De Mulder, Sebastiaan Indesteege, Nathan Keller, Bart Preneel | 25-1 (2012), 136-157 |
| IEEE Transactions on Information Theory | Related-Key Boomerang and Rectangle Attacks | Jongsung Kim, Seokhie Hong, Bart Preneel, Eli Biham, Nathan Keller | 58-7 (2012), 4948-4966 |
| Design, Codes, and Cryptography | Cryptanalysis of the Stream Cipher LEX | Nathan Keller | 67-3 (2013), 357-373 |
| IEEE Transactions on Information Theory | Low Data Complexity Attacks on AES | Charles Bouillaguet, Patrick Derbez, Nathan Keller, Pierre-Alain Fouque, Vincent Rijmen | 58-11 (2012), 7002-7017 |
| Journal of Cryptology | Improved Practical Attacks on Round-Reduced Keccak | Itai Dinur, Adi Shamir | 27-2 (2014), 183-209 |
| Communications of the ACM | Dissection: A New Paradigm for Solving Bicomposite Search Problems | Itai Dinur, Nathan Keller, Adi Shamir | 57-10 (2014), 98-105 |
| Journal of Cryptology | A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony | Nathan Keller, Adi Shamir | 27-4 (2014), 824-849 |
| Journal of Cryptology | Slidex Attacks on the Even-Mansour Encryption Scheme | Nathan Keller, Adi Shamir | 28-1 (2015), 1-28 |
| Journal of Cryptology | New Attacks on IDEA with at Least 6 Rounds | Eli Biham, Nathan Keller, Adi Shamir | 28-2 (2015), 209-239 |
| Journal of Cryptology | Improved Single-Key Attacks on 8-round AES-192 and AES-256 | Nathan Keller, Adi Shamir | 28-3 (2015), 397-422 |
| Design, Codes, and Cryptography | Practical-Time Attacks Against Reduced Variants of MISTY1 | Nathan Keller | 76-3 (2015), 601-627 |
| Design, Codes, and Cryptography | Almost Universal Forgery Attacks on AES-Based MAC's | Nathan Keller, Adi Shamir | 76-3 (2015), 431-449 |
| Design, Codes, and Cryptography | Reflections on slide with a twist attacks | Itai Dinur, Nathan Keller, Adi Shamir | 77-2-3 (2015), 633-651 |
| Journal of Cryptology | New Second Preimage Attacks on Hash Functions | Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan Hoch, John Kelsey, Adi Shamir | 29-4 (2016), 657-696 |
| Journal of Cryptology | Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES^2 | Itai Dinur, Nathan Keller, Adi Shamir | 29-4 (2016), 697-728 |
| IEEE Transactions on Information Forensics | No Bot Expects the DeepCAPTCHA! Introducing Immutable Adversarial Examples, with Applications to CAPTCHA Generation | Margarita Osadchy, Julio Hernandez-Castro, Stuart Gibson, Daniel Perez-Cabo | 12-11 (2017), 2640-2653 |
| Transactions on Symmetric Cryptography | Cryptanalysis of GOST2 | Tomer Ashur, Achiya Bar-On | 2017-1, 203-214 |
| Journal of Cryptology | Efficient Slide Attacks | Achiya Bar-On, Eli Biham, Nathan Keller | 31-3 (2018), 641-670 |
| Transactions on Dependable and Secure Computing | It is All in the System's Parameters: Privacy Issues in Transforming Biometric Raw Data into Binary Strings | Margarita Osadchy | 16-5 (2019), 796-804 |
| Journal of Cryptology | Efficient Dissection of Bicomposite Problems with Cryptanalytic Applications | Itai Dinur, Nathan Keller, Adi Shamir | 32-4 (2019), 1448-1490 |
| Transactions on Symmetric Cryptography | Reconstructing an S-box from its Difference Distribution Table | Senyang Huang | 2019-2, 193-217 |
| Journal of Cryptology | A Practical Forgery Attack on Lilliput-AE | Nathan Keller, Eran Lambooij, Yu Sasaki | TBD |
| Journal of Cryptology | Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities | Achiya Bar-On, Nathan Keller, Eyal Ronen, Adi Shamir | TBD |
Submitted Journal Papers
| Journal | Title | Coauthors |
| Transactions on Algorithms | Tight Bounds on Online Checkpointing Algorithms | Achiya Bar-On, Itai Dinur, Rani Hod, Nathan Keller, Eyal Ronen, Adi Shamir |
Published Research Papers
| Conference | Title | Coauthors | Paper | Errata |
| Selected Areas in Cryptography (SAC) '98 | Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR | Biham Eli, Biryukov Alex, Richardson Eran, Shamir Adi | PS | |
| Excellence Program Conference 1 | Initial Observations on SkipJack: Cryptanalysis of SkipJack-3XOR | Biham Eli, Biryukov Alex, Richardson Eran, Shamir Adi | Poster | |
| Indocrypt 2000 | Cryptanalysis of A5/1 GSM Stream Cipher | Biham Eli | Gzipped PS | |
| EUROCRYPT 2001 | The Rectangle Attack - Rectangling the Serpent | Biham Eli, Nathan Keller | Gzipped PS | |
| Fast Software Encryption 2001 | Linear Cryptanalysis of Reduced Round Serpent | Biham Eli, Nathan Keller | Gzipped PS | The linear approximation has a small typo. In the round using S_7, the input masks should be swapped between the two active S-boxes. Namely, the input mask for S-box 20 is A_x, and for S-box 25 is 1_x. There are no other changes in the attack. |
| NESSIE 2nd Workshop (London) | Boomerang and Rectangle Attack on SC2000 | Nathan Keller | Gzipped PS | |
| Fast Software Encryption 2002 | New Results on Boomerang and Rectangle Attacks | Eli Biham, Nathan Keller | Gzipped PS | |
| Fast Software Encryption 2002 | Differential and Linear Cryptanalysis of SC2000 | Hitoshi Yanami, Takeshi Shimoyama | Preproceedings version in PDF | |
| Asiacrypt 2002 | Enhancing Differential-Linear Cryptanalysis | Biham Eli, Nathan Keller | Proceedings version in PDF | In the attack on COCONUT98, p is not 0.83*2^{-4}, but rather 0.83*2^{-5}. Hence, the reported data complexity for the full COCONUT98 attack should be multiplied by 4. |
| Fast Software Encryption 2003 | Differential-Linear Cryptanalysis of Serpent | Biham Eli, Nathan Keller | The linear approximation has a small typo. In the round using S_7, the input masks should be swapped between the two active S-boxes. Namely, the input mask for S-box 20 is A_x, and for S-box 25 is 1_x. There are no other changes in the attack. | |
| Fast Software Encryption 2003 | Rectangle Attacks on 49-Round SHACAL-1 | Biham Eli, Nathan Keller | A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper | |
| Fast Software Encryption 2005 | New Combined Attacks on Block Ciphers | Biham Eli, Nathan Keller | Proceedings version - Gzipped PS | |
| EUROCRYPT 2005 | Related-Key Boomerang and Rectangle Attacks | Biham Eli, Nathan Keller | Proceedings version - PS | A problem with the 9-round attack was discussed in an FSE 2007 paper by Kim, Hong, and Preneel. Please consult that paper after reading this one. |
| Asiacrypt 2005 | Related-Key Rectangle Attack on the Full KASUMI | Biham Eli, Nathan Keller | PS | |
| CT-RSA 2006 | Related-Key Impossible Differential Attacks on 8-Round AES-192 | Biham Eli, Nathan Keller | In a paper from SAC 2006 by Zhang et al., a mistake in this paper was identified and fixed. Please consult that paper after reading this paper. | |
| CT-RSA 2006 | A New Criterion for Nonlinearity of Block Ciphers | Nathan Keller | We have identified several mistakes in the paper. The final journal version of this paper should contain a fix. | |
| Information Security and Cryptography 2006 | Related-Key Rectangle Attack on 42-Round SHACAL-2 | Jiqiang Lu, Jongsung Kim, Nathan Keller | ||
| Selected Areas in Cryptography 2006 | Related-Key Rectangle Attack on the Full SHACAL-1 | Nathan Keller, Jongsung Kim | PS | A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper |
| Asiacrypt 2006 | New Cryptanalytic Results on IDEA | Biham Eli, Nathan Keller | PS | |
| Indocrypt 2006 | Differential and Rectangle Attacks on Reduced-Round SHACAL-1 | Jiqiang Lu, Jongsung Kim, Nathan Keller | A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper | |
| Fast Software Encryption 2007 | A New Attack on 6-Round IDEA | Biham Eli, Nathan Keller | PS | |
| Fast Software Encryption 2007 | Improved Slide Attacks | Biham Eli, Nathan Keller | PS | |
| CT-RSA 2007 | A Simple Related-Key Attack on the Full SHACAL-1 | Eli Biham, Nathan Keller | ||
| ECRYPT hash function workshop 2007 | Generalizing Herding Attacks to Concatenated Hashing Schemes | Bart Preneel | PS PDF | |
| Information Hiding 2007 | Traffic Analysis Attacks on a Continuously-Observable Steganographic File | Carmela Troncoso, Claudia Diaz, Bart Preneel | ||
| Selected Areas in Cryptography 2007 | The Delicate Issues of Addition with Respect to XOR Differences | Gaoli Wang, Nathan Keller | PS | |
| Indocrypt 2007 | Improved Meet-in-the-Middle Attacks on Reduced-Round DES | Gautham Sekar, Bart Preneel | ||
| Fast Software Encryption 2008 | A Unified Approach to Related-Key Attacks | Eli Biham, Nathan Keller | PS | |
| SASC 2008 | Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers | Nathan Keller | ||
| CT-RSA 2008 | Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1 | Jiqiang Lu, Jongsung Kim, Nathan Keller | ||
| EUROCRYPT 2008 | A Practical Attack on KeeLoq | Sebastiaan Indeestege, Nathan Keller, Eli Biham, Bart Preneel | ||
| ICICS 2008 | Analysis of Two Attacks on Reduced-Round Versions of the SMS4 | Deniz Toz | ||
| Asiacrypt 2008 | A New Attack on the LEX Stream Cipher | Nathan Keller | ||
| Asiacrypt 2008 | An Improved Impossible Differential Attack on MISTY1 | Nathan Keller | ||
| Indocrypt 2008 | A Differential-Linear Attack on 12-Round Serpent | Sebastiaan Indesteege, Nathan Keller | PS | A small typo exists in the linear approximation used in the attack. The input mask to S_7 is 0000 0010 000A 0...0 rather than 0000 00A0 0001 0...0. |
| Indocrypt 2008 | New Impossible Differential Attacks on AES | Jiqiang Lu, Nathan Keller, Jongsung Kim | Full version appears at IACR's ePrint archive | |
| CT-RSA 2009 | Cryptanalysis of CTC2 | Nathan Keller | Some issues with the longer variants of the attack were reported in an FSE 2012 paper by Lu. | |
| Africacrypt 2009 | Cryptanalysis of Vortex | Jean-Philippe Aumasson, Florian Mendel, Christian Rechberger, Soren S. Thomsen | ||
| Selected Areas in Cryptography 2009 | Cryptanalysis of Dynamic SHA(2) | Jean-Philippe Aumasson, Sebastiaan Indesteege, Bart Preneel | ||
| Selected Areas in Cryptography 2009 | Herding, Second Preimage and Trojan Message Attacks Beyond Merkle-Damgaard | Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, John Kelsey | ||
| CHES 2009 | KATAN & KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers | Christophe De Canniere, Miroslav Knezevic | ||
| Indocrypt 2009 | Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode | Ewan Fleischmann, Michael Gorski, Stefan Lucks | Please note that there are several issues with this paper that are addressed and fixed by Michael's thesis available here. | |
| Fast Software Encryption 2010 | Another Look at Complementation Properties | Charles Bouillaguet, Gaetan Leurent, Pierre-Alain Fouque | ||
| EUROCRYPT 2010 | Key Recovery Attacks of Practical Complexity on AES-256 Variants With Up To 10 Rounds | Alex Biryukov, Nathan Keller, Dmitry Khovratovich, Adi Shamir | ||
| Selected Areas in Cryptography 2010 | Attacks on Hash Functions Based on Generalized Feistel: Application to Reduced-Round Lesamnta and SHAvite-3_{512} | Charles Bouillaguet, Pierre-Alain Fouque, Gaetan Leurent | ||
| CRYPTO 2010 | A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony | Nathan Keller, Adi Shamir | In several locations the left-right notations are wrong due to the question of whether there is a swap operation or not. The final journal version of this paper addresses these issues. | |
| Asiacrypt 2010 | Improved Single-Key Attacks on 8-round AES-192 and AES-256 | Nathan Keller, Adi Shamir | ||
| Applied Cryptography and Network Security (ACNS) 2011 | Linear Analysis of Reduced-Round CubeHash | Tomer Ashur | ||
| Selected Areas in Cryptography 2011 | New Insights on Impossible Differential Cryptanalysis | Charles Bouillaguet, Pierre-Alain Fouque, Gaetan Leurent | ||
| Fast Software Encryption 2012 | Improved Attacks on Full GOST | Itai Dinur, Adi Shamir | ||
| Fast Software Encryption 2012 | New attacks on Keccak-224 and Keccak-256 | Itai Dinur, Adi Shamir | ||
| EUROCRYPT 2012 | Minimalism in Cryptography: The Even-Mansour Scheme Revisited | Nathan Keller, Adi Shamir | ||
| CRYPTO 2012 | Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems | Itai Dinur, Nathan Keller, Adi Shamir | ||
| Fast Software Encryption 2013 | Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials | Itai Dinur, Adi Shamir | ||
| Cryptography and Network Security (CANS) 2013 | A Practical Related-Key Boomerang Attack for the Full MMB Block Cipher | Tomer Ashur | ||
| CCS 2013 | On the anonymity of Israel's general elections (POSTER) | Tomer Ashur | ||
| CCS 2013 | Secure authentication from facial attributeswith no privacy loss (POSTER) | Mahmood Sharif, Margarita Osadchy | ||
| ASIACRYPT 2013 | Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES^2 | Itai Dinur, Nathan Keller, Adi Shamir | ||
| Fast Software Encryption 2014 | Improved Linear Sieving Techniques with Applications to Step-Reduced LED-64 | Itai Dinur, Nathan Keller, Adi Shamir | ||
| ASIACRYPT 2014 | Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys | Itai Dinur, Nathan Keller, Adi Shamir | ||
| EUROCRYPT 2015 | Cryptanalysis of SP Networks with Partial Non-Linear Layers | Achiya Bar-On, Itai Dinur, Virginie Lallemand, Nathan Keller, Boaz Tsaban | ||
| CRYPTO 2015 | New Attacks on Feistel Structures with Improved Memory Complexities | Itai Dinur, Nathan Keller, Adi Shamir | ||
| Latincrypt 2015 | Improved Top-Down Techniques in Differential Cryptanalysis | Itai Dinur, Masha Gutman, Adi Shamir | ||
| CRYPTO 2016 | Memory-Efficient Algorithms for Finding Needles in Haystacks | Itai Dinur, Nathan Keller, Adi Shamir | ||
| E-VOTE-ID 2016 | Breaching the Privacy of Israel's Paper Ballot Voting System | Tomer Ashur, Nimrod Talmon | ||
| Cryptography and Network Security (CANS) 2016 | Hybrid WBC: Secure and Efficient White-Box Encryption Schemes | Jihoon Cho, Kyu Young Choi, Nathan Keller, Dukjae Moon, Aviya Vaidberg | ||
| CT-RSA 2017 | WEM: A New Family of White-Box Block Ciphers Based on the Even-Mansour Construction | Jihoon Cho, Kyu Young Choi, Itai Dinur, Nathan Keller, Dukjae Moon, Aviya Veidberg | ||
| Cyber Security Cryptography and Machine Learning (CSCML) 2017 | GenFace: Improving Cyber Security Using Realistic Synthetic Face Generation | Margarita Osadchy, Yan Wang, Stuart J. Gibson, Julio Hernandez-Castro, Christopher J. Solomon | ||
| CRYPTO 2017 | Boosting Authenticated Encryption Robustness With Minimal Modifications | Tomer Ashur, Atul Luykx | ||
| CSCML 2018 | Efficient Construction of the Kite Generator Revisited | Ariel Weizman | ||
| CRYPTO 2018 | Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities | Achiya Bar-On, Nathan Keller, Eyal Ronen, Adi Shamir | ||
| GECON 2018 | Why Are Repeated Auctions in RaaS Clouds Risky? | Danielle Movsowitz, Liran Funaro, Shunit Agmon, Orna Agmon Ben-Yehuda | ||
| ICALP 2018 | Tight Bounds on Online Checkpointing Algorithms | Achiya Bar-On, Itai Dinur, Rani Hod, Nathan Keller, Eyal Ronen, Adi Shamir | ||
| EUROCRYPT 2019 | DLCT: A New Tool for Differential-Linear Cryptanalysis | Achiya Bar-On, Nathan Keller, Ariel Weizman | ||
| CSCML 2019 | Linear Cryptanalysis Reduced Round of Piccolo-80 | Tomer Ashur, Nael Masalha | ||
| SSR 2019 | Adapting Rigidity to Symmetric Cryptography: Towards "Unswerving" Designs | Leo Perrin |
For those who want a paper which is not linked, or haven't been updated to my site (I don't update the list of papers daily) - I usually don't distribute the paper before it is finalized, and when it is finalized, it usually finds its way to this page. Unless you ask for a work in progress (and why would you want that?), there is little to gain by emailing me, I will just give you a (hopefully) polite answer saying I'm not distributing the paper yet.
For my DBLP profile or my Google Scholar profile. Recently, I am also available on ArXiV.
As some of you might noticed, I work a lot with Nathan Keller. You may wish to visit his website, and see his version of the papers.
My dissertation (Ph.D. thesis): Techniques for Cryptanalysis of Block Ciphers
Due to technical reasons, the dissertation is no longer available on the website of the computer science dept. Please contact me privately to get a copy of it.Selected Technical Reports
| Title | Coauthors | Paper |
| An Analysis of Serpent-p and Serpent-p-ns | Gzipped PS | |
| Cryptanalysis of CTC | Nathan Keller | IACR's eprint server |
| Practical Attacks on NESHA-256 | Tor E. Bjorstad | IACR's eprint server |
| Privacy-Preserving Biometric Database | Melissa Chase |
Invited Talks
Invitation-Only Events
| Topic | Place | Date | Slides |
| A Unified Approach to Related-Key Attacks | Dagstuhl Symmetric Cryptography meeting (Germany) | January 8, 2007 | |
| Improved Meet-in-the-Middle Attacks on Reduced-Round DES | Echternach Symmetric Cryptography Seminar 2008 (Luxembourg) | January 11, 2008 | |
| What is the Best Attack? | Echternach Symmetric Cryptography Seminar 2008 (Luxembourg) | January 11, 2008 | |
| Re-Visiting HAIFA and why you should visit too | Hash functions in cryptology: theory and practice, Lorentz Center (The Netherlands) | June 4, 2008 | |
| SHAvite-3 - A New and Secure Hash Function Proposal | Dagstuhl Symmetric Cryptography meeting (Germany) | January 12, 2009 | |
| Attacks of Practical Time Complexity on the A5/3 Underlying Block Cipher | Early Symmtric Crypto 2010 | January 12, 2010 | |
| Low Data Complexity Attacks on AES | Early Symmtric Crypto 2010 | January 13, 2010 | |
| And Now For Something Completely Impossible | Early Symmtric Crypto 2010 | January 13, 2010 | |
| A Somewhat Historic View of Lightweight Cryptography | Dagstuhl International View of the State-of-the- Art of Cryptography and Security and its Use in Practice (11262) | June 30, 2011 | |
| Multiple Results on Multiple Encryption | Dagstuhl Symmetric Cryptography meeting | January 17, 2012 | |
| An IDEA to Consider | Dagstuhl Symmetric Cryptography meeting | January 19, 2012 | |
| New Directions in Dividing: Le Fabuleux Destin d’MISTY1 (The Case of MISTY1) | Early Symmtric Crypto 2013 | January 17, 2013 | |
| Does Lightweight Cryptography Imply Slightsecurity? | International State of the Art in Cryptography & Security | May 31, 2013 | |
| Sweet16: YALWBC, But Slightly Different | Dagstuhl Symmetric Cryptography meeting | January 7, 2014 |
International Events
| Topic | Place | Date | Slides |
| Hash Functions - Much Ado about Something | ECC 2008 confernece (Utrecht, Netherlands) | September 22, 2008 | |
| Key Recovery Attacks of Practical Complexity on AES Variants | IWCNS 2009 | December 15, 2009 | |
| The Hitchhiker's Guide to the SHA-3 Competition | Latincrypt 2010 | August 10, 2010 | |
| From Multiple Encryption to Knapsacks Efficient Dissection of Composite Problems | Indocrypt 2012 | December 11, 2012 |
Domestic Events (Including Seminars)
| Topic | Place | Date | Slides |
| A Unified Approach to Related-Key Attacks | Taiwan Information Security Center | December 11, 2006 | |
| Combined Attacks for Cryptanalysis of Block Ciphers | Taiwan Information Security Center | December 12, 2006 | PS |
| Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers | Rennes, Univeristy 1 (IRMAR, mathematics department) | June 13, 2008 | |
| New Hash Function Designs | Taiwan Information Security Center | November 18, 2008 | |
| Domain Extension: The Incredible Journey | Taiwan Information Security Center | November 20, 2008 | |
| Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds | Rennes, Univeristy 1 (IRMAR, mathematics department) | September 25, 2009 | |
| The Not So Happily-Ever After End of AES' Security Fairytale | Technion's Crypto Day 2010 | June 9, 2010 | |
| Privacy Preserving Biometric Database | Korea University, Seoul, South Korea | December 9, 2011 | |
| The Hitchhiker's Guide to the SHA-3 Competition | Technion's Crypto Day 2012 | July 4, 2012 | |
| A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony | 80th Anniversary of Broken the Enigma and Return to the Roots (Military University of Technology, Warsaw, Poland) | November 7, 2012 | |
| Four Rounds are Not Enough | Keccak & SHA-3 Day (Universite Libre de Bruxelles, Brussels, Belgium) | March 27, 2013 | |
| Cyber Warfare from a Technological Point of View | Technology, Law, and National Security in a Changing World (University of Haifa, Israel) | October 29, 2013 | |
| Meet in the Middle Attacks | Centrum Wiskunde & Informatica (CWI), (Amsterdam, The Netherlands) | February 18, 2014 | |
| Meet in the Middle Attacks - The Next Generation | Centrum Wiskunde & Informatica (CWI), (Amsterdam, The Netherlands) | February 18, 2014 |
The talks in the above section are copyrighted by me. Please respect my rights.
Seminar Talks
The talks in the above section are licensed under a Creative Commons Attribution-Share Alike 3.0 License. Please note that some of the slides may contain typos, minor mistakes, or even major mistakes. Please be careful when using them, and make sure that you follow the license requirements.
Editorial Boards:
| Journal | Editors in Chief | Publisher | Time period |
| International Journal of Applied Cryptography | Yi Mu and David Pointcheval | Inderscience | 2009 - today |
| International Journal of Computer Mathematics | George Loizou, Choi-Hong Lai, A.Q.M. Khaliq, Q. Sheng | Taylor & Francis | 2010 - 2018 |
| Information Processing Letters | Marek Chrobak | Elsevier | 2018 - today |
Conferences I serve(d) in their program committee:
| Conference | Program Chair | Place | Dates |
| Second NESSIE Workshop | Sean Murphy | Royal Holloway of London | 12-13 September 2001 |
| Third NESSIE Workshop | Louis Granboulan | Munich, Germany | 6-7 November 2002 |
| Fourth August Penguin (Israel's Linux conference) | Orna Agmon | Tel Aviv, Israel | 4 August 2005 |
| ECRYPT: SKEW - Symmetric Key Encryption Workshop | Thomas Johansson | Aarhus, Denemark | 26-27 May 2005 |
| Asiacrypt 2005 | Bimal Roy | Chennai, India | 4-8 December 2005 |
| Indocrypt 2005 | Subhamoy Maitra, C. E. Veni Madhavan, and R. Venkatesan | Bangalore, India | 10-12 December 2005 |
| Fast Software Encryption 2006 | Matt Robshaw | Graz, Austria | 15-17 March 2006 |
| Selected Areas in Cryptography 2006 | Eli Biham and Amr Youssef | Montreal, Canada | 17-18 August 2006 |
| Inscrypt 2006 (formerly CISC) | Helger Lipmaa, Moti Yung | Beijing, China | 29 November-1 December 2006 |
| Indocrypt 2006 | Rana Barua, Tanja Lange | Kolkata, India | 11-13 December 2006 |
| Fast Software Encryption 2007 | Alex Biryukov | Luxembourg | 26-28 March 2007 |
| ECRYPT Hash Workshop 2007 | Vincent Rijmen | Barcelona, Spain | 24-25 May 2007 |
| SECRYPT 2007 | Javier Hernando, Eduardo Fernandez-Medin and Manu Malek | Barcelona, Spain | 28-31 July 2007 |
| Selected Areas in Cryptography 2007 | Carlisle Adams, Ali Miri and Michael Wiener | Ottawa, Canada | 16-17 August 2007 |
| CRYPTO 2007 | Alferd Menzes | Santa Barbara, California, USA | 19-23 August 2007 |
| ICISC 2007 | Kil-Hyun Nam and Gwangsoo Rhee | Seoul, Korea | 29-30 November 2007 |
| Fast Software Encryption 2008 | Kaisa Nyberg | Lausanne, Switzerland | 10-13 February 2008 |
| CT-RSA 2008 | Tal Malkin | San Francisco, California, USA | 7-11 April 2008 |
| EUROCRYPT 2008 | Nigel Smart | Istanbul, Turkey | 14-17 April 2008 |
| Selected Areas in Cryptography 2008 | Roberto Avanzi, Liam Keliher and Francesco Sica | Sackville, Canada | 14-15 August 2008 |
| CRYPTO 2008 | David Wagner | Santa Barbara, California, USA | 17-21 August 2008 |
| Fast Software Encryption 2009 | Orr Dunkelman | Leuven, Belgium | 22-25 February 2009 |
| Western European Workshop on Research in Cryptology 2009 | Christian Rechberger | Graz, Austria | 5-7 July 2009 |
| Selected Areas in Cryptography 2009 | Michael J. Jacobson, Jr., Vincent Rijmen and Rei Safavi-Naini | Calgary, Canada | 13-14 August 2009 |
| Indocrypt 2009 | Bimal Roy and Nicolas Sendrier | Delhi, India | 13-16 December 2009 |
| Fast Software Encryption 2010 | Seokhie Hong and Tetsu Iwata | Seoul, Korea | 7-10 February 2010 |
| CT-RSA 2010 | Josef Pieprzyk | San Francisco, California, USA | 1-5 March 2010 |
| FutureTech 2010 (Security and trust management Track) | Jongsung Kim, Claudio Ardagna and Andreas U. Schmidt | Busan, Korea | 21-23 May 2010 |
| Africacrypt 2010 | Daniel J. Bernstein and Tanja Lange | Stellenbosch, South Africa | 3-6 May 2010 |
| ACNS 2010 | Jianying Zhou and Moti Yung | Beijing, China | 22-25 June 2010 |
| LatinCrypt 2010 | Paulo S.L.M. Barreto and Michel Abdalla | Puebla, Mexico | 8-11 August 2010 |
| Selected Areas in Cryptography 2010 | Alex Biryukov, Guang Gong, and Douglas Stinson | Waterloo, Canada | 12-13 August 2010 |
| CT-RSA 2011 | Aggelos Kiayias | San Francisco, California, USA | 14-18 February 2011 |
| Financial Cryptography 2011 | George Danezis | St. Lucia | 28 February-4 March 2011 |
| LightSec 2011 | Erkay Savas, Ali Aydin Selcuk, and Umut Uludag | Istanbul, Turkey | 14-15 March 2011 |
| EUROCRYPT 2011 | Kenny Paterson | Tallinn, Estonia | 15-19 May 2011 |
| Hash-2011 | Christian Rechberger | Tallinn, Estonia | 19-20 May 2011 |
| Western European Workshop on Research in Cryptology 2011 | Frederik Armknecht and Stefan Lucks | Weimar, Germany | 20-22 July 2011 |
| Selected Areas in Cryptography 2011 | Ali Miri and Serge Vaudenay | Toronto, Canada | 11-12 August 2011 |
| CRYPTO 2011 | Phillip Rogaway | Santa Barbara, California, USA | 14-18 August 2011 |
| ESORICS 2011 | Vijay Atluri and Claudia Diaz | Leuven, Belgium | 12-14 September 2011 |
| CCS 2011 | Vitaly Shmatikov and George Danezis | Chicago, Illinois, USA | 17-21 October 2011 |
| ECRYPT Workshop on Lightweight Cryptography | Gregor Leander and Francois-Xavier Standaert | Louvain-la-Neuve, Belgium | 28-29 November 2011 |
| CT-RSA 2012 | Orr Dunkelman | San Francisco, California, USA | 27 February-2 March 2012 |
| EUROCRYPT 2012 | David Pointcheval and Thomas Johansson | Cambridge, UK | 15-19 April 2012 |
| ACISP 2012 | Willy Susilo and Yi Mu | Wollongong, Australia | 9-11 July 2012 |
| Africacrypt 2012 | Serge Vaudenay | Ifrane, Morocco | 10-12 July 2012 |
| Latincrypt 2012 | Gregory Neven and Alejandro Hevia | Santiago, Chile | 7-10 October 2012 |
| ASIACRYPT 2012 | Xiaoyun Wang and Kazue Sako | Beijing, China | 2-6 December 2012 |
| Fast Software Encryption 2013 | Shiho Moriai | Singapore, Singapore | 11-13 March 2013 |
| LightSec 2013 | Gildas Avoine and Orhun Kara | Gebze, Turkey | 6-7 May 2013 |
| Australasian Conference on Information Security and Privacy 2013 | Colin Boyd and Leonie Simpson | Brisbane, Australia | 1-3 July 2013 |
| Selected Areas in Cryptography 2013 | Tanja Lange, Kristin Lauter, and Petr Lisonek | Burnaby, Canada | 14-16 August 2013 |
| Cryptology and Network Security 2013 | Michel Abdalla and Cristina Nita-Rotaru | Patary, Sao Paolu, Brazil | 20-22 November 2013 |
| ASIACRYPT 2013 | Kazue Sako and Palash Sarkar | Bengaluru, India | 1-5 December 2013 |
| CT-RSA 2014 | Josh Benaloh | San Francisco, USA | 24-28 February 2014 |
| Fast Software Encryption 2014 | Carlos Cid and Christian Rechberger | London, UK | 3-5 March 2014 |
| Selected Areas in Cryptography 2014 | Antoine Joux and Amr Youssef | Montreal, Canada | 14-15 August 2014 |
| Crypto 2014 | Juan Garay and Rosario Gennaro | Santa Barbara, USA | 17-21 August 2014 |
| Security and Privacy for Smart Connected Devices | David Pointcheval and Kazue Sako | Wroclaw, Poland | 10-11 September 2014 |
| Latincrypt 2014 | Diego F. Aranha and Alfred Menezes | Santa Catarina, Brazil | 17-19 September 2014 |
| CCS 2014 | Moti Yung and Ninghui Li | Scottsdale, USA | 3-7 November 2014 |
| Fast Software Encryption 2015 | Gregor Leander | Istanbul, Turkey | 9-11 March 2015 |
| ASIACCS 2015 | Jianying Zhou and Ahn Gail-Joon | Singapore, Singapore | 14-17 April 2015 |
| CT-RSA 2015 | Kaisa Nyberg | San Francisco, USA | 20-24 April 2015 |
| SAC 2015 | Orr Dunkelman and Liam Keliher | Sackville, Canada | 12-14 August 2015 |
| CRYPTO 2015 | Rosario Gennaro and Matt Robshaw | Santa Barbara, USA | 17-21 August 2015 |
| Fast Software Encryption 2016 | Thomas Peyrin | Bochum, Germany | 20-23 March 2016 |
| Africacrypt 2016 | David Pointcheval | Fes, Morocco | 13-15 April 2016 |
| Privacy Enhancing Technologies 2016 | Claudia Diaz and Apu Kapadia | Darmstadt, Germany | 19-22 July 2016 |
| BalkanCryptSec 2016 | Ferucio Laurentiu Tiplea and Bogdan Warinschi | Bucharest, Romania | 8-9 September 2016 |
| Mycrypt 2016 | Raphael C.W.-Phan and Moti Yung | Kaula Lumpor, Malaysia | 1-2 December 2016 |
| INDOCRYPT 2016 | Orr Dunkelman and Somitra Sandhaya | Kolkata, India | 11-14 December 2016 |
| CT-RSA 2017 | Helena Handschuh | San Francisco, USA | 13-17 February 2017 |
| ASIACCS 2017 | Ahmad-Reza Sadeghi and Xun Yi | Abu Dhabi, UAE | 2-6 April 2017 |
| Privacy Enhancing Technologies 2017 | Claudia Diaz, Rachel Greenstadt, and Damon McCoy | Minneapolis, USA | 18-21 July 2017 |
| CRYTPO 2017 | Jon Katz and Hovav Shacham | Santa Barbara, USA | 20-24 August 2017 |
| Latincrypt 2017 | Orr Dunkelman and Tanja Lange | Havana, Cuba | 20-22 September 2017 |
| Security Standardisation Research (SSR) 2018 | Cas Cremers and Anja Lehmann | Darmstadt, Germany | 3-4 December 2018 |
| Fast Software Encryption 2019 | Florian Mendel and Yu Sasaki | Paris, France | 25-28 March 2019 |
| Cyber Security Cryptography and Machine Learning (CSCML) 2019 | Shlomi Dolev and Sachin Lodha | Be'er Sheva, Israel | June 2019 |
| Usenix Annual Technical Conference (ATC) 2019 (ERC) | Dahlia Malkhi and Dan Tsafrir | Renton, USA | 10-12 July 2019 |
| Selected Areas in Cryptography 2019 | Kenneth G. Paterson and Douglas Stebila | Waterloo, Canada | 14-16 August 2019 |
| CRYPTO 2019 | Alexandra Boldyreva and Daniele Micciancio | Santa Barbara, USA | 18-23 August 2019 |
| Latincrypt 2019 | Peter Schwabe and Nicolas Tériault | Santiago de Chile, Chile | 2-4 October 2019 |
| SSR 2019 | Maryam Mehrnezhad, Thyla van der Merwe and Feng Hao | London, UK | 11 November 2019 |
| Fast Software Encryption 2020 | Yu Sasaki and Gaëtan Leurent | Athens, Greece | 9-13 November 2020 |
| CFAIL 2020 | Nicky Mouha | Santa Barbara, US | 15 August 2020 |
| Cyber Security Cryptography and Machine Learning (CSCML) 2020 | Shlomi Dolev and Gera Weiss | Be'er Sheva, Israel | 2-3 July 2020 |
| Selected Areas in Cryptography 2020 | Orr Dunkelman, Colin O'Flynn, Michael J. Jacobson | Halifax, Canada | 21-23 October 2020 |
| Fast Software Encryption 2021 | Itai Dinur and Gaëtan Leurent | Athens, Greece | 20-25 March 2021 |
| Cyber Security Cryptography and Machine Learning (CSCML) 2021 | Oded Margalin, Benny Pinkas, and Alexander Schwarzmann | Be'er Sheva, Israel | 8-9 July 2021 |
| CFail 2021 | Tomer Ashur | Santa Barbara, California, USA | 14 August 2021 |
| Latincrypt 2021 | Patrick Longa and Carla Rafols | Bogota, Colombia | 6-8 October 2021 |
| EUROCRYPT 2021 | Anne Canteaut and Francois-Xavier Standaert | Zagreb, Croatia | 17-21 October 2021 |
| EUROCRYPT 2022 | Orr Dunkelman and Stefan Dziembowski | Trondheim, Norway | May 2022 |
Boards / Steering Committees
| Context | Role | Years |
| IACR Board of Directors | Member | 2017-2018 |
| FSE Steering Committee | Member | 2009-2012,2017-2020 |
| SAC Board | Member | 2008-2013, 2015-2018, 2021-2024 |
| CT-RSA Steering Committee | Member | 2012-2014 |
| Cryptanalysis of ubiquitous computing systems (CRYPTACUS) | Management committee member | 2014-2018 |
Organized Events:
| Event | Date | Location | Role |
| SASC (The State of the Art of Stream Ciphers) 2008 | 13.2.08-14.2.08 | Lausanne, Switzerland | General Chair |
| Lightweight Crypto Day | 2.2.14 | University of Haifa, Haifa, Israel | General Chair |
| The Taiwan-Israel Symposium on Information Security | 7.7.14 | Hebrew University of Jerusalem, Jerusalem, Israel | Local Academic Organizer |
| Privacy Enhancing Technologies for Biometric Data | 15.1.15 | University of Haifa, Haifa, Israel | Local Organizer |
| Lightweight Crypto Day | 12.3.15 | TCE, Technion, Israel | General Chair |
| Privacy Enhancing Technologies for Biometric Data | 17.1.16 | University of Haifa, Haifa, Israel | Local Organizer |
| Lightweight Crypto Day | 28.3.16 | TCE, Technion, Israel | General Chair |
| EUROCRYPT 2018 | 29.4.18-3.5.18 | Tel Aviv, Israel | General Chair |
| Lightweight Crypto Day | 29.4.18 | Tel Aviv, Israel | General Chair |
| Lightweight Crypto Day | 31.3.19 | Ramat Gan, Israel | General Chair |
| Privacy Enhancing Technologies for Biometric Data | 10.2.20 | University of Haifa, Haifa, Israel | Local Organizer |
Summer/Winter Schools Organized:
| Event | Date | Location | Role |
| The 3rd TCE Summer School on Computer Security | 7.9.14-11.9.14 | Technion, Haifa, Israel | Co-Organizer |
| SAC Summer School (S3) | 10-12.8.15 | Mount Allison University, Sackville, Canada | Co-Organizer |
| The 5th TCE Summer School on Computer Security | 4-8.9.2015 | Technion, Haifa, Israel | Co-Organizer |
| The First Israeli Winter School on Biometrics | 11-13.2.2020 | University of Haifa, Haifa, Israel | Co-Organizer |
| The 8th Technion School on Cyber & Computer Security | 7-10.9.2020 | Technion, Haifa, Israel | Co-Organizer |
| SAC Summer School (S3) | 19-20.10.20 | Dalhouise University, Halifax, Canada | Co-Organizer |
Past Students
- Ph.D. students:
Student Thesis Univeristy Michael Gorski Cryptanalysis and Design of Symmetric Primitives Bauhaus-University Weimar, Germany (shared student with Prof. Stefan Lucks) - Master students:
Student Thesis Univeristy Gautier Van Damme Symmetrische versleuteling voor RFID-Tags Katholieke Universiteit Leuven Uri Avraham ABC - A New Framework for Block Ciphers Technion (co-supervised by Eli Biham) Tomer Ashur Security Assessment of Selected Cryptographic Symmetric-Key Primitives University of Haifa Muhammad Barham New Second Preimage Attacks on Dithered Hash Functions with Low Memory Complexity University of Haifa Ariel Weizman Efficient Construction of Diamond Structures Bar-Ilan University (co-supervised by Nathan Keller) Rami Illabouni DNS-Morph: UDP-Based Bootstrapping Protocol for Tor University of Haifa (co-supervisied by Sara Bitan) Nael Masalha Linear Cryptanalysis Reduced Round of Piccolo-80 University of Haifa - Erasmus students
Student Project Visiting Univeristy Original Univeristy Deniz Toz Analysis of two Attacks on Reduced-Round Versions of the SMS4 Katholieke Universiteit Leuven Middle East Technical University
Present Students
- Ph.D. students:
- Ariel Weizman, Bar-Ilan University (co-supervised by Nathan Keller)
- Eran Lambooij, University of Haifa
- Shibam Ghosh, University of Haifa
- M.Sc. students:
- Danielle Movsowitz Davidow, University of Haifa (co-supervised by Orna Agmon Ben-Yehuda)
- Danny Keller, University of Haifa
- Alex Nulman, University of Haifa
Lectures and Tutorials
| Course | Semester | Subject | Slides | |
| Technion's Modern Cryptology (236506) | Winter 2000 | Secret Sharing Schemes | Notes | |
| Technion's Modern Cryptology (236506) | Winter 2000 | Signatures | Notes | |
| Technion's Modern Cryptology (236506) | Winter 2000 | Zero Knowledge Proofs | Notes | |
| Technion's Modern Cryptology (236506) | Winter 2000 | One Way Functions and Ping-Pong Protocols | Notes | |
| Technion's Advanced Topics in Computer Science 6 - Cryptology (236606) | Spring 2000 | Differential-Linear Cryptanalysis | 2x2 Format | |
| Technion's Advanced Topics in Computer Science 6 - Cryptology (236606) | Spring 2000 | Differential Cryptanalysis of FEAL-8 | 2x2 Format | |
| Technion's Introduction to Operating Systems (234120) | Spring 2002 | On Linux' Boot-Up Sequence | 1x1 Format | |
| Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) | Spring 2002 | Introduction to Elliptic Curves | 2x2 Format | |
| Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) | Spring 2003 | Introduction to Elliptic Curves | 2x2 Format | |
| Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) | Spring 2003 | Probabilistic Encryption and Signatures Schemes | 2x2 Format | |
| Technion's Computer Security (236350) | Winter 2003/4 | Trusted Computing | Part I - 2x2 Format and Part II - 2x2 Format | |
| Technion's Computer Security (236350) | Spring 2004 | Trusted Computing | Part I - 2x2 Format and Part II - 2x2 Format | |
| Technion's Computer Security (236350) | Winter 2004/5 | Trusted Computing | Part I - 2x2 Format and Part II - 2x2 Format | |
| Technion's Computer Security (236350) | Spring 2005 | Trusted Computing | Part I - 2x2 Format and Part II - 2x2 Format | |
| Advanced Topics in Computer Security | Winter 2006 | Slides can be found here | ||
| Technion's Computer Security (236350) | Spring 2006 | Trusted Computing | Part I - 2x2 Format and Part II - 2x2 Format | |
| Technion's Computer Security (236350) | Spring 2006 | Security Challenges |
The talks in the above section are copyrighted by me and the Technion. In some cases there are other copyright owners. Please respect my rights.
All the lectures I have given in the Haifa Linux Club (Haifux) can be found here.
Contact me regarding this website.
The design of the website is based on the design of the Haifa Linux Club website I would like to thank the webmasters of that website (besides myself) for the design.