Lucky thirteen: Breaking the TLS and DTLS record protocols, 2013 IEEE Symposium on Security and Privacy, pp.526-540, 2013. ,
Verifiable side-channel security of cryptographic implementations: Constant-time MEE-CBC, 23rd International Conference on Fast Software Encryption, pp.163-184, 2016. ,
Augmented secure channels and the goal of the TLS 1.3 record layer, 9th International Conference on Provable Security, pp.85-104, 2015. ,
Probabilistic relational verification for cryptographic implementations, 41st Annual ACM Symposium on Principles of Programming Languages, pp.193-206, 2014. ,
DOI : 10.1145/2535838.2535847
URL : https://hal.archives-ouvertes.fr/hal-00935743
The security of triple encryption and a framework for code-based gameplaying proofs, Advances in Cryptology-EUROCRYPT, pp.409-426, 2006. ,
, Code-based game-playing proofs and the security of triple encryption, Cryptology ePrint Archive, 2004.
The multi-user security of authenticated encryption: AES-GCM in TLS 1.3, Advances in Cryptology-CRYPTO, pp.247-276, 2016. ,
The power of verification queries in message authentication and authenticated encryption, IACR Cryptology ePrint Archive, p.309, 2004. ,
The Poly1305-AES message-authentication code, 12th International Workshopo on Fast Software Encryption, FSE 2005, pp.32-49, 2005. ,
, Stronger security bounds for Wegman-Carter-Shoup authenticators, Advances in Cryptology-EUROCRYPT 2005, pp.164-180, 2005.
On the practical (in-)security of 64-bit block ciphers: Collision attacks on HTTP over TLS and OpenVPN, Cryptology ePrint Archive, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01404208
Implementing TLS with verified cryptographic security, 2013 IEEE Symposium on Security and Privacy, pp.445-459, 2013. ,
DOI : 10.1109/sp.2013.37
URL : https://hal.archives-ouvertes.fr/hal-00863373
Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS, 2014 IEEE Symposium on Security and Privacy, pp.98-113, 2014. ,
DOI : 10.1109/sp.2014.14
URL : https://hal.archives-ouvertes.fr/hal-01102259
Proving the TLS handshake secure (as it is), Cryptology ePrint Archive, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01102231
Wrong results with Poly1305 functions, 2016. ,
Nonce-disrespecting adversaries: Practical forgery attacks on GCM in TLS, Cryptology ePrint Archive, 2016. ,
From stateless to stateful: Generic authentication and authenticated encryption constructions with application to TLS, Topics in Cryptology-CTRSA 2016, pp.55-71, 2016. ,
DOI : 10.1007/978-3-319-29485-8_4
URL : https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/11250/2483752/1/AuthNotions_master.pdf
Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication, 2016 IEEE Symposium on Security and Privacy, pp.470-485, 2016. ,
Computationally sound compositional logic for key exchange protocols, 19th IEEE Computer Security Foundations Workshop, pp.321-334, 2006. ,
A cryptographic analysis of the TLS 1.3 handshake protocol candidates, 22nd ACM Conference on Computer and Communications Security, pp.1197-1210, 2015. ,
, A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol, 2016.
Here come the ? ninjas, 2011. ,
Recommendation for block cipher modes of operation: Galois/Counter mode (GCM) and GMAC, National Institute of Standards & Technology, 2007. ,
Data is a stream: Security of stream-based channels, Advances in Cryptology-CRYPTO 2015, pp.545-564, 2015. ,
Key confirmation in key exchange: A formal treatment and implications for TLS 1.3, 2016 IEEE Symposium on Security and Privacy, pp.197-206, 2016. ,
Modular code-based cryptographic verification, 18th ACM Conference on Computer and Communications Security, pp.341-350, 2011. ,
DOI : 10.1145/2046707.2046746
URL : https://hal.archives-ouvertes.fr/inria-00614372
On the security of TLS renegotiation, 2013 ACM Conference on Computer and Communications Security, pp.387-398, 2013. ,
Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), IETF RFC, vol.7366, 2014. ,
On the security of TLS-DHE in the standard model, Advances in Cryptology-CRYPTO, pp.273-293, 2012. ,
On the security of TLS 1.3 and QUIC against weaknesses in PKCS#1 v1.5 encryption, 22nd ACM Conference on Computer and Communications Security, pp.1185-1196, 2015. ,
, Progress in Cryptology-INDOCRYPT 2015, pp.85-102, 2015.
LFSR-based hashing and authentication, Advances in Cryptology-CRYPTO 1994, pp.129-139, 1994. ,
DOI : 10.1007/3-540-48658-5_15
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-48658-5_15.pdf
, The order of encryption and authentication for protecting communications (or: how secure is SSL?), Cryptology ePrint Archive, 2001.
, A unilateral-to-mutual authentication compiler for key exchange (with applications to client authentication in TLS 1.3), 23rd ACM Conference on Computer and Communications Security, 2016.
The OPTLS protocol and TLS 1.3, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01378195
On the security of the TLS protocol: A systematic analysis, Advances in Cryptology-CRYPTO 2013, pp.429-448, 2013. ,
Limits on authenticated encryption use in TLS, 2015. ,
Flexible and efficient message authentication in hardware and software ,
An interface and algorithms for authenticated encryption, IETF RFC, vol.5116, 2008. ,
This POODLE Bites: Exploiting The SSL 3.0 Fallback, 2014. ,
ChaCha20 and Poly1305 for IETF protocols, IETF RFC, vol.7539, 2015. ,
Tag size does matter: Attacks and proofs for the TLS record protocol, Advances in Cryptology-ASIACRYPT, pp.372-389, 2011. ,
The CRIME Attack, 2012. ,
, AES Galois Counter Mode (GCM) cipher suites for TLS, vol.5288, 2008.
A trade-off between collision probability and key size in universal hashing using polynomials, Cryptology ePrint Archive, 2009. ,
On fast and provably secure message authentication based on universal hashing, Advances in Cryptology-CRYPTO, pp.313-328, 1996. ,
Truncating TLS connections to violate beliefs in web applications, Inria, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01102013
Systematic fuzzing and testing of TLS libraries, 23rd ACM Conference on Computer and Communications Security, 2016. ,
Dependent types and multimonadic effects in F*, 43nd ACM Symposium on Principles of Programming Languages, pp.256-270, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01265793
ChaCha20/Poly1305 heap-buffer-overflow, 2016. ,
Online privacy and ISPs: ISP access to consumer data is limited and often less than access by others, Georgia Tech, Tech. Rep, 2016. ,
Analysis of the SSL 3.0 protocol, 2nd USENIX Workshop on Electronic Commerce, pp.29-40, 1996. ,