Complexity classes in communication complexity theory (preliminary version), 27th FOCS, vol.14, pp.337-347, 1986. ,
An information statistics approach to data stream and communication complexity, 43rd FOCS, vol.14, pp.209-218, 2002. ,
How to compress interactive communication, 42nd ACM STOC, p.19, 2010. ,
DOI : 10.1137/100811969
Random oracles are practical: A paradigm for designing efficient protocols, ACM CCS 93, pp.62-73, 1993. ,
Dual EC: A standardized back door, Cryptology ePrint Archive, 2015. ,
On the impossibility of efficiently combining collision resistant hash functions, CRYPTO 2006, pp.570-583, 2006. ,
Amplifying collision resistance: A complexity-theoretic treatment, CRYPTO 2007, pp.264-283, 2007. ,
DOI : 10.1007/978-3-540-74143-5_15
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-74143-5_15.pdf
The story of set disjointness, SIGACT News, vol.41, issue.3, pp.59-85, 2010. ,
A systematic analysis of the juniper dual EC incident, ACM CCS 16, pp.468-479, 2016. ,
On the practical exploitability of dual EC in TLS implementations, 23rd USENIX Security Symposium (USENIX Security 14), pp.319-335, 2014. ,
Random oracles and nonuniformity. Cryptology ePrint Archive, 2017. ,
New attacks on the concatenation and XOR hash combiners, EUROCRYPT 2016, Part I, pp.484-508, 2016. ,
Fixing cracks in the concrete: Random oracles with auxiliary input, revisited, EUROCRYPT 2017, Part II, pp.473-495, 2017. ,
How to prove yourself: Practical solutions to identification and signature problems, CRYPTO'86, pp.186-194, 1987. ,
DOI : 10.1007/3-540-47721-7_12
URL : http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C86/186.PDF
Security-amplifying combiners for collision-resistant hash functions, CRYPTO 2007, pp.224-243, 2007. ,
DOI : 10.1007/978-3-540-74143-5_13
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-74143-5_13.pdf
Robust multi-property combiners for hash functions, Journal of Cryptology, vol.27, issue.3, pp.397-428, 2014. ,
DOI : 10.1007/s00145-013-9148-7
Foundations of Cryptography: Basic Tools, vol.1, 2001. ,
Set disjointness lower bound via product distribution. Scribes for Information theory and its applications in theory of computation, vol.15, 2013. ,
On the strength of the concatenated hash combiner when all the hash functions are weak, ICALP 2008, Part II, pp.616-630, 2008. ,
Multicollisions in iterated hash functions. Application to cascaded constructions, CRYPTO 2004, p.13, 2004. ,
Hash functions from defective ideal ciphers, CT-RSA 2015, pp.273-290, 2015. ,
DOI : 10.1007/978-3-319-16715-2_15
Security of encryption schemes in weakened random oracle models, PKC 2010, p.13, 2010. ,
DOI : 10.1007/978-3-642-13013-7_24
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-13013-7_24.pdf
Communication complexity, vol.13, 1997. ,
On the Security of Hash Function Combiners, vol.12, 2010. ,
The sum can be weaker than each part, EUROCRYPT 2015, Part I, p.13, 2015. ,
DOI : 10.1007/978-3-662-46800-5_14
URL : https://hal.archives-ouvertes.fr/hal-01105129
Constructing an ideal hash function from weak ideal compression functions, SAC 2006, pp.358-375, 2007. ,
DOI : 10.1007/978-3-540-74462-7_25
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-74462-7_25.pdf
A failure-friendly design principle for hash functions, ASIACRYPT 2005, pp.474-494, 2005. ,
DOI : 10.1007/11593447_26
URL : https://link.springer.com/content/pdf/10.1007%2F11593447_26.pdf
A hardcore lemma for computational indistinguishability: Security amplification for arbitrarily weak PRGs with optimal stretch, TCC 2010, vol.23, pp.237-254, 2010. ,
DOI : 10.1007/978-3-642-11799-2_15
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-11799-2_15.pdf
MD5 is weaker than weak: Attacks on concatenated combiners, ASIACRYPT 2009, pp.144-161, 2009. ,
DOI : 10.1007/978-3-642-10366-7_9
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-10366-7_9.pdf
Cryptophia's short combiner for collision-resistant hash functions, ACNS 13, p.13, 2013. ,
DOI : 10.1007/978-3-642-38980-1_9
URL : http://eprint.iacr.org/2013/210.pdf
Communication complexity. Scribes for Advanced Complexity Theory, vol.15, 2012. ,
Security of digital signature schemes in weakened random oracle models, PKC 2008, pp.268-287, 2008. ,
DOI : 10.1007/978-3-540-78440-1_16
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-78440-1_16.pdf
Notions of reducibility between cryptographic primitives, TCC 2004, pp.1-20, 2004. ,
Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance, FSE 2004, vol.10, pp.371-388, 2004. ,
Finding collisions on a one-way street: Can secure hash functions be based on general assumptions, EUROCRYPT'98, pp.334-345, 1998. ,
Random oracles and auxiliary input, CRYPTO 2007, pp.205-223, 2007. ,
DOI : 10.1007/978-3-540-74143-5_12
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-74143-5_12.pdf
Some complexity questions related to distributive computing(preliminary report), Proceedings of the Eleventh Annual ACM Symposium on Theory of Computing, vol.13, pp.209-213, 1979. ,