My professional website
My CV

Valid HTML 4.01 Transitional

Valid CSS!

Published Books

Published Journal Papers

Journal Title Coauthors Vol-No/pages
IEEE Transactions on Information Theory A New Criterion for Nonlinearity of Block Ciphers Nathan Keller 53-11, 3944-3957 (2007)
Information Processing Letters Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Nathan Keller 107-5 (2008), 133-137
Information Processing Letters The Effects of the Omission of Last Round's MixColumns on AES Nathan Keller 110-(8-9) (2010), 304-308
Journal of Cryptology A Practical Attack on KeeLoq Wim Aerts, Eli Biham, Dieter De Moitie, Elke De Mulder, Sebastiaan Indesteege, Nathan Keller, Bart Preneel 25-1 (2012), 136-157
IEEE Transactions on Information Theory Related-Key Boomerang and Rectangle Attacks Jongsung Kim, Seokhie Hong, Bart Preneel, Eli Biham, Nathan Keller 58-7 (2012), 4948-4966
Design, Codes, and Cryptography Cryptanalysis of the Stream Cipher LEX Nathan Keller 67-3 (2013), 357-373
IEEE Transactions on Information Theory Low Data Complexity Attacks on AES Charles Bouillaguet, Patrick Derbez, Nathan Keller, Pierre-Alain Fouque, Vincent Rijmen 58-11 (2012), 7002-7017
Journal of Cryptology Improved Practical Attacks on Round-Reduced Keccak Itai Dinur, Adi Shamir 27-2 (2014), 183-209
Communications of the ACM Dissection: A New Paradigm for Solving Bicomposite Search Problems Itai Dinur, Nathan Keller, Adi Shamir 57-10 (2014), 98-105
Journal of Cryptology A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Nathan Keller, Adi Shamir 27-4 (2014), 824-849
Journal of Cryptology Slidex Attacks on the Even-Mansour Encryption Scheme Nathan Keller, Adi Shamir 28-1 (2015), 1-28
Journal of Cryptology New Attacks on IDEA with at Least 6 Rounds Eli Biham, Nathan Keller, Adi Shamir 28-2 (2015), 209-239
Journal of Cryptology Improved Single-Key Attacks on 8-round AES-192 and AES-256 Nathan Keller, Adi Shamir 28-3 (2015), 397-422
Design, Codes, and Cryptography Practical-Time Attacks Against Reduced Variants of MISTY1 Nathan Keller 76-3 (2015), 601-627
Design, Codes, and Cryptography Almost Universal Forgery Attacks on AES-Based MAC's Nathan Keller, Adi Shamir 76-3 (2015), 431-449
Design, Codes, and Cryptography Reflections on slide with a twist attacks Itai Dinur, Nathan Keller, Adi Shamir 77-2-3 (2015), 633-651
Journal of Cryptology New Second Preimage Attacks on Hash Functions Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan Hoch, John Kelsey, Adi Shamir TBD
Journal of Cryptology Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES^2 Itai Dinur, Nathan Keller, Adi Shamir TBD

Submitted Journal Papers

Journal Title Coauthors

Published Research Papers

Conference Title Coauthors Paper Errata
Selected Areas in Cryptography (SAC) '98 Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR Biham Eli, Biryukov Alex, Richardson Eran, Shamir Adi PS  
Excellence Program Conference 1 Initial Observations on SkipJack: Cryptanalysis of SkipJack-3XOR Biham Eli, Biryukov Alex, Richardson Eran, Shamir Adi Poster  
Indocrypt 2000 Cryptanalysis of A5/1 GSM Stream Cipher Biham Eli Gzipped PS  
EUROCRYPT 2001 The Rectangle Attack - Rectangling the Serpent Biham Eli, Nathan Keller Gzipped PS  
Fast Software Encryption 2001 Linear Cryptanalysis of Reduced Round Serpent Biham Eli, Nathan Keller Gzipped PS The linear approximation has a small typo. In the round using S_7, the input masks should be swapped between the two active S-boxes. Namely, the input mask for S-box 20 is A_x, and for S-box 25 is 1_x. There are no other changes in the attack.
NESSIE 2nd Workshop (London) Boomerang and Rectangle Attack on SC2000 Nathan Keller Gzipped PS  
Fast Software Encryption 2002 New Results on Boomerang and Rectangle Attacks Eli Biham, Nathan Keller Gzipped PS  
Fast Software Encryption 2002 Differential and Linear Cryptanalysis of SC2000 Hitoshi Yanami, Takeshi Shimoyama Preproceedings version in PDF  
Asiacrypt 2002 Enhancing Differential-Linear Cryptanalysis Biham Eli, Nathan Keller Proceedings version in PDF In the attack on COCONUT98, p is not 0.83*2^{-4}, but rather 0.83*2^{-5}. Hence, the reported data complexity for the full COCONUT98 attack should be multiplied by 4.
Fast Software Encryption 2003 Differential-Linear Cryptanalysis of Serpent Biham Eli, Nathan Keller PDF The linear approximation has a small typo. In the round using S_7, the input masks should be swapped between the two active S-boxes. Namely, the input mask for S-box 20 is A_x, and for S-box 25 is 1_x. There are no other changes in the attack.
Fast Software Encryption 2003 Rectangle Attacks on 49-Round SHACAL-1 Biham Eli, Nathan Keller PDF A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper
Fast Software Encryption 2005 New Combined Attacks on Block Ciphers Biham Eli, Nathan Keller Proceedings version - Gzipped PS  
EUROCRYPT 2005 Related-Key Boomerang and Rectangle Attacks Biham Eli, Nathan Keller Proceedings version - PS A problem with the 9-round attack was discussed in an FSE 2007 paper by Kim, Hong, and Preneel. Please consult that paper after reading this one.
Asiacrypt 2005 Related-Key Rectangle Attack on the Full KASUMI Biham Eli, Nathan Keller PS  
CT-RSA 2006 Related-Key Impossible Differential Attacks on 8-Round AES-192 Biham Eli, Nathan Keller PDF In a paper from SAC 2006 by Zhang et al., a mistake in this paper was identified and fixed. Please consult that paper after reading this paper.
CT-RSA 2006 A New Criterion for Nonlinearity of Block Ciphers Nathan Keller PDF We have identified several mistakes in the paper. The final journal version of this paper should contain a fix.
Information Security and Cryptography 2006 Related-Key Rectangle Attack on 42-Round SHACAL-2 Jiqiang Lu, Jongsung Kim, Nathan Keller PDF  
Selected Areas in Cryptography 2006 Related-Key Rectangle Attack on the Full SHACAL-1 Nathan Keller, Jongsung Kim PS A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper
Asiacrypt 2006 New Cryptanalytic Results on IDEA Biham Eli, Nathan Keller PS  
Indocrypt 2006 Differential and Rectangle Attacks on Reduced-Round SHACAL-1 Jiqiang Lu, Jongsung Kim, Nathan Keller PDF A problem with the consistency of the differentials was identified and analyzed in our SAC 2007 paper
Fast Software Encryption 2007 A New Attack on 6-Round IDEA Biham Eli, Nathan Keller PS  
Fast Software Encryption 2007 Improved Slide Attacks Biham Eli, Nathan Keller PS  
CT-RSA 2007 A Simple Related-Key Attack on the Full SHACAL-1 Eli Biham, Nathan Keller PDF  
ECRYPT hash function workshop 2007 Generalizing Herding Attacks to Concatenated Hashing Schemes Bart Preneel PS PDF  
Information Hiding 2007 Traffic Analysis Attacks on a Continuously-Observable Steganographic File Carmela Troncoso, Claudia Diaz, Bart Preneel PDF  
Selected Areas in Cryptography 2007 The Delicate Issues of Addition with Respect to XOR Differences Gaoli Wang, Nathan Keller PS  
Indocrypt 2007 Improved Meet-in-the-Middle Attacks on Reduced-Round DES Gautham Sekar, Bart Preneel PDF  
Fast Software Encryption 2008 A Unified Approach to Related-Key Attacks Eli Biham, Nathan Keller PS  
SASC 2008 Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Nathan Keller PDF  
CT-RSA 2008 Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1 Jiqiang Lu, Jongsung Kim, Nathan Keller PDF  
EUROCRYPT 2008 A Practical Attack on KeeLoq Sebastiaan Indeestege, Nathan Keller, Eli Biham, Bart Preneel PDF  
ICICS 2008 Analysis of Two Attacks on Reduced-Round Versions of the SMS4 Deniz Toz PDF  
Asiacrypt 2008 A New Attack on the LEX Stream Cipher Nathan Keller PDF  
Asiacrypt 2008 An Improved Impossible Differential Attack on MISTY1 Nathan Keller PDF  
Indocrypt 2008 A Differential-Linear Attack on 12-Round Serpent Sebastiaan Indesteege, Nathan Keller PS A small typo exists in the linear approximation used in the attack. The input mask to S_7 is 0000 0010 000A 0...0 rather than 0000 00A0 0001 0...0.
Indocrypt 2008 New Impossible Differential Attacks on AES Jiqiang Lu, Nathan Keller, Jongsung Kim Full version appears at IACR's ePrint archive  
CT-RSA 2009 Cryptanalysis of CTC2 Nathan Keller PDF Some issues with the longer variants of the attack were reported in an FSE 2012 paper by Lu.
Africacrypt 2009 Cryptanalysis of Vortex Jean-Philippe Aumasson, Florian Mendel, Christian Rechberger, Soren S. Thomsen PDF  
Selected Areas in Cryptography 2009 Cryptanalysis of Dynamic SHA(2) Jean-Philippe Aumasson, Sebastiaan Indesteege, Bart Preneel PDF  
Selected Areas in Cryptography 2009 Herding, Second Preimage and Trojan Message Attacks Beyond Merkle-Damgaard Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, John Kelsey PDF  
CHES 2009 KATAN & KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers Christophe De Canniere, Miroslav Knezevic PDF  
Indocrypt 2009 Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode Ewan Fleischmann, Michael Gorski, Stefan Lucks PDF Please note that there are several issues with this paper that are addressed and fixed by Michael's thesis available here.
Fast Software Encryption 2010 Another Look at Complementation Properties Charles Bouillaguet, Gaetan Leurent, Pierre-Alain Fouque PDF  
EUROCRYPT 2010 Key Recovery Attacks of Practical Complexity on AES-256 Variants With Up To 10 Rounds Alex Biryukov, Nathan Keller, Dmitry Khovratovich, Adi Shamir PDF  
Selected Areas in Cryptography 2010 Attacks on Hash Functions Based on Generalized Feistel: Application to Reduced-Round Lesamnta and SHAvite-3_{512} Charles Bouillaguet, Pierre-Alain Fouque, Gaetan Leurent PDF  
CRYPTO 2010 A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Nathan Keller, Adi Shamir PDF In several locations the left-right notations are wrong due to the question of whether there is a swap operation or not. The final journal version of this paper addresses these issues.
Asiacrypt 2010 Improved Single-Key Attacks on 8-round AES-192 and AES-256 Nathan Keller, Adi Shamir PDF  
Applied Cryptography and Network Security (ACNS) 2011 Linear Analysis of Reduced-Round CubeHash Tomer Ashur PDF  
Selected Areas in Cryptography 2011 New Insights on Impossible Differential Cryptanalysis Charles Bouillaguet, Pierre-Alain Fouque, Gaetan Leurent PDF  
Fast Software Encryption 2012 Improved Attacks on Full GOST Itai Dinur, Adi Shamir PDF  
Fast Software Encryption 2012 New attacks on Keccak-224 and Keccak-256 Itai Dinur, Adi Shamir PDF  
EUROCRYPT 2012 Minimalism in Cryptography: The Even-Mansour Scheme Revisited Nathan Keller, Adi Shamir PDF  
CRYPTO 2012 Minimalism in Cryptography: The Even-Mansour Scheme Revisited Itai Dinur, Nathan Keller, Adi Shamir Soon to be posted  
Fast Software Encryption 2013 Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials Itai Dinur, Adi Shamir Soon to be posted  
Cryptography and Network Security 2013 A Practical Related-Key Boomerang Attack for the Full MMB Block Cipher Tomer Ashur Soon to be posted  
CCS 2013 On the anonymity of Israel's general elections (POSTER) Tomer Ashur Soon to be posted  
CCS 2013 Secure authentication from facial attributeswith no privacy loss(POSTER) Mahmood Sharif, Margarita Osadchy Soon to be posted  
ASIACRYPT 2013 Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES^2 Itai Dinur, Nathan Keller, Adi Shamir Soon to be posted  
Fast Software Encryption 2014 Improved Linear Sieving Techniques with Applications to Step-Reduced LED-64 Itai Dinur, Nathan Keller, Adi Shamir Soon to be posted  
For a list of publications in COSIC (joint papers with people from COSIC before I went there and papers I had published while staying in COSIC), please visit this page.

For those who want a paper which is not linked, or haven't been updated to my site (I don't update the list of papers daily) - I usually don't distribute the paper before it is finalized, and when it is finalized, it usually finds its way to this page. Unless you ask for a work in progress (and why would you want that?), there is little to gain by emailing me, I will just give you a (hopefully) polite answer saying I'm not distributing the paper yet.

As some of you might noticed, I work a lot with Nathan Keller. You may wish to visit his website, and see his version of the papers.



My dissertation (Ph.D. thesis): Techniques for Cryptanalysis of Block Ciphers

Due to technical reasons, the dissertation is no longer available on the website of the computer science dept. Please contact me privately to get a copy of it.


Selected Technical Reports

Title Coauthors Paper
An Analysis of Serpent-p and Serpent-p-ns   Gzipped PS
Cryptanalysis of CTC Nathan Keller IACR's eprint server
Practical Attacks on NESHA-256 Tor E. Bjorstad IACR's eprint server
Privacy-Preserving Biometric Database Melissa Chase PDF



Invited Talks

Invitation-Only Events

Topic Place Date Slides
A Unified Approach to Related-Key Attacks Dagstuhl Symmetric Cryptography meeting (Germany) January 8, 2007 PDF
Improved Meet-in-the-Middle Attacks on Reduced-Round DES Echternach Symmetric Cryptography Seminar 2008 (Luxembourg) January 11, 2008 PDF
What is the Best Attack? Echternach Symmetric Cryptography Seminar 2008 (Luxembourg) January 11, 2008 PDF
Re-Visiting HAIFA and why you should visit too Hash functions in cryptology: theory and practice, Lorentz Center (The Netherlands) June 4, 2008 PDF
SHAvite-3 - A New and Secure Hash Function Proposal Dagstuhl Symmetric Cryptography meeting (Germany) January 12, 2009 PDF
Attacks of Practical Time Complexity on the A5/3 Underlying Block Cipher Early Symmtric Crypto 2010 January 12, 2010  
Low Data Complexity Attacks on AES Early Symmtric Crypto 2010 January 13, 2010  
And Now For Something Completely Impossible Early Symmtric Crypto 2010 January 13, 2010  
A Somewhat Historic View of Lightweight Cryptography Dagstuhl International View of the State-of-the- Art of Cryptography and Security and its Use in Practice (11262) June 30, 2011  
Multiple Results on Multiple Encryption Dagstuhl Symmetric Cryptography meeting (Germany) January 17, 2012  
An IDEA to Consider Dagstuhl Symmetric Cryptography meeting (Germany) January 19, 2012  
New Directions in Dividing: Le Fabuleux Destin d’MISTY1 (The Case of MISTY1) Early Symmtric Crypto 2013 January 17, 2013  
Does Lightweight Cryptography Imply Slightsecurity? International State of the Art in Cryptography — Security (Greece) May 31, 2013  
Sweet16: YALWBC, But Slightly Different Dagstuhl Symmetric Cryptography meeting (Germany) January 7, 2014  

International Events

Topic Place Date Slides
Hash Functions - Much Ado about Something ECC 2008 confernece (Utrecht, Netherlands) September 22, 2008 PDF
Key Recovery Attacks of Practical Complexity on AES Variants IWCNS 2009 December 15, 2009  
The Hitchhiker's Guide to the SHA-3 Competition Latincrypt 2010 August 10, 2010  
From Multiple Encryption to Knapsacks Efficient Dissection of Composite Problems Indocrypt 2012 December 11, 2012  

Domestic Events (Including Seminars)

Topic Place Date Slides
A Unified Approach to Related-Key Attacks Taiwan Information Security Center December 11, 2006 PDF
Combined Attacks for Cryptanalysis of Block Ciphers Taiwan Information Security Center December 12, 2006 PS
Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Rennes, Univeristy 1 (IRMAR, mathematics department) June 13, 2008 PDF
New Hash Function Designs Taiwan Information Security Center November 18, 2008  
Domain Extension: The Incredible Journey Taiwan Information Security Center November 20, 2008  
Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds Rennes, Univeristy 1 (IRMAR, mathematics department) September 25, 2009 PDF
The Not So Happily-Ever After End of AES' Security Fairytale Technion's Crypto Day 2010 June 9, 2010  
Privacy Preserving Biometric Database Korea University, Seoul, South Korea December 9, 2011  
The Hitchhiker's Guide to the SHA-3 Competition Technion's Crypto Day 2012 July 4, 2012  
A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony 80th Anniversary of Broken the Enigma and Return to the Roots (Military University of Technology, Warsaw, Poland) November 7, 2012  
Four Rounds are Not Enough Keccak & SHA-3 Day (Universite Libre de Bruxelles, Brussels, Belgium) March 27, 2013  
Cyber Warfare from a Technological Point of View Technology, Law, and National Security in a Changing World (University of Haifa, Israel) October 29, 2013  
Meet in the Middle Attacks Centrum Wiskunde & Informatica (CWI), (Amsterdam, The Netherlands) February 18, 2014  
Meet in the Middle Attacks - The Next Generation Centrum Wiskunde & Informatica (CWI), (Amsterdam, The Netherlands) February 18, 2014  

The talks in the above section are copyrighted by me. Please respect my rights.



Seminar Talks

Topic (press for abstract) Place Date Slides
The "Divide and Attack" Cryptanalysis Methodology Microelectronics Unit - Universite' Catholique de Louvain (Louvain La Neuve, Belgium) February 1, 2002 Gzipped PS
First - Divide, Then Attack School of Information Technology and Computer Science, University of Wollongong (University of Wollongong, Australia) November 27, 2002 Gzipped PS
Elliptic Curves in Cryptography Computer Science Dept., Technion July 3, 2003 Gzipped PS
Trusted Computing IBM Haifa Research Labs June 29, 2004 PS and PS (presented to the OS group only)
The Rectangle Attack Tel Aviv Security and Computer Forensics Forum (Tausec) July 19, 2005 PDF
Combined Attacks for Cryptanalysis of Block Ciphers IBM T.J. Watson Research Center August 25, 2005 PS
Side Channel Attacks IBM Haifa Research Labs May 1, 2006 PDF
New Cryptanalytic Results on IDEA Microelectronics Unit - Universite' Catholique de Louvain (Louvain La Neuve, Belgium) December 19, 2006 PDF
Improved Slide Attacks Microelectronics Unit - Universite' Catholique de Louvain (Louvain La Neuve, Belgium) December 19, 2006 PDF
New Cryptanalytic Results on IDEA Computer Security and Industrial Cryptography (COSIC) - Katholieke Universiteit Leuven February 23, 2007 PDF
A Unified Approach to Related-Key Attacks Departement d'Informatique, Ecole normale superieure (France) May 22, 2008 PDF
Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Computer Security and Industrial Cryptography (COSIC) - Katholieke Universiteit Leuven July 7, 2008 PDF
Hash Functions - Much Ado about Something School of Information Technology and Computer Science, University of Wollongong (University of Wollongong, Australia) December 5, 2008 PDF
Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Faculty of Computer Science, Tel Aviv University February 8, 2009 PDF
Traffic Analysis Attacks on a Continuously-Observable Steganographic File System Faculty of Electrical Engineering, Tel Aviv University February 9, 2009 PDF
Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers Computer Science Dept, University of Haifa February 11, 2009 PDF
Traffic Analysis Attacks on a Continuously-Observable Steganographic File System Faculty of Electrical Engineering, Technion April 7, 2009 PDF
KATAN & KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers Technical University of Graz May 8, 2009 PDF
KATAN & KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers Computer Security and Industrial Cryptography (COSIC) - Katholieke Universiteit Leuven September 14, 2009 PDF
Key Recovery Attacks of Practical Complexity on AES Variants Departement d'Informatique, Ecole normale superieure (France) September 17, 2009 PDF
Key Recovery Attacks of Practical Complexity on AES Variants Faculty of Computer Science, Tel Aviv University November 29, 2009 PDF
Key Recovery Attacks of Practical Complexity on AES Variants Cryptography Group at Microsoft Research November 30, 2009 PDF
Key Recovery Attacks of Practical Complexity on AES Variants Computer Science Department, Technion December 24, 2009 PDF
Key Recovery Attacks of Practical Complexity on AES Variants Computer Science Dept, University of Haifa January 6, 2010 PDF
Attacks of Practical Time Complexity on the A5/3 Underlying Block Cipher Faculty of Computer Science, Tel Aviv University January 7, 2010  
A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Computer Security and Industrial Cryptography (COSIC) - Katholieke Universiteit Leuven May 7, 2010  
A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Crypto group at Ruhr-universitat Bochum May 27, 2010  
A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Departement d'Informatique, Ecole normale superieure (France) July 8, 2010  
Improved Single-Key Attacks on 8-round AES Departement d'Informatique, Ecole normale superieure (France) July 13, 2010  
A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Cryptography Group at Microsoft Research August 31, 2010  
The Hitchhiker's Guide to the SHA-3 Competition Cryptography Group at Microsoft Research September 3, 2010  
A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony Bonn-Aachen International Center for Information Technology (B-IT) September 16, 2010  
Rethinking IDEA Departement d'Informatique, Ecole normale superieure (France) July 4, 2011 PDF
Rethinking IDEA Cryptography Group at Microsoft Research August 8, 2011 PDF
A Somewhat Historic View of Lightweight Cryptography Departement d'Informatique, Ecole normale superieure (France) September 29, 2011 PDF
Minimalism in Cryptography: The Even-Mansour Scheme Revisited Computer Science Dept, University of Haifa June 13, 2011  
Minimalism in Cryptography: The Even-Mansour Scheme Revisited Faculty of Computer Science, Tel Aviv University June 18, 2011  
New Directions in Dividing: Le Fabuleux Destin d’MISTY1 (The Case of MISTY1) Computer Security and Industrial Cryptography (COSIC) - Katholieke Universiteit Leuven March 28, 2013  
Efficient Dissection of Bicomposite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems Faculty of Computer Science, Tel Aviv University October 23, 2013  
New Results on the LED Family of Lightweight Block Ciphers TU Berlin: Technische Universitat Berlin November 1, 2013  
Meet in the Middle Attacks Centrum Wiskunde & Informatica February 18, 2014  
Meet in the Middle Attacks - The Next Generation Centrum Wiskunde & Informatica February 18, 2014  
Does Lightweight Cryptography Imply Slightsecurity? School of Computing, University of Kent March 6, 2014 PDF
Creative Commons License
The talks in the above section are licensed under a Creative Commons Attribution-Share Alike 3.0 License. Please note that some of the slides may contain typos, minor mistakes, or even major mistakes. Please be careful when using them, and make sure that you follow the license requirements.



Editorial Boards:

JournalEditors in ChiefPublisherTime period
International Journal of Applied Cryptography Yi Mu and David Pointcheval Inderscience 2009 - today
International Journal of Computer Mathematics George Loizou, Choi-Hong Lai, A.Q.M. Khaliq, Q. Sheng Taylor & Francis 2010 - today

Conferences I serve(d) in their program committee:

ConferenceProgram ChairPlaceDates
Second NESSIE Workshop Sean Murphy Royal Holloway of London 12-13 September 2001
Third NESSIE Workshop Louis Granboulan Munich, Germany 6-7 November 2002
Fourth August Penguin (Israel's Linux conference) Orna Agmon Tel Aviv, Israel 4 August 2005
ECRYPT: SKEW - Symmetric Key Encryption Workshop Thomas Johansson Aarhus, Denemark 26-27 May 2005
Asiacrypt 2005 Bimal Roy Chennai, India 4-8 December 2005
Indocrypt 2005 Subhamoy Maitra, C. E. Veni Madhavan, and R. Venkatesan Bangalore, India 10-12 December 2005
Fast Software Encryption 2006 Matt Robshaw Graz, Austria 15-17 March 2006
Selected Areas in Cryptography 2006 Eli Biham and Amr Youssef Montreal, Canada 17-18 August 2006
Inscrypt 2006 (formerly CISC) Helger Lipmaa, Moti Yung Beijing, China 29 November-1 December 2006
Indocrypt 2006 Rana Barua, Tanja Lange Kolkata, India 11-13 December 2006
Fast Software Encryption 2007 Alex Biryukov Luxembourg 26-28 March 2007
ECRYPT Hash Workshop 2007 Vincent Rijmen Barcelona, Spain 24-25 May 2007
SECRYPT 2007 Javier Hernando, Eduardo Fernandez-Medin and Manu Malek Barcelona, Spain 28-31 July 2007
Selected Areas in Cryptography 2007 Carlisle Adams, Ali Miri and Michael Wiener Ottawa, Canada 16-17 August 2007
CRYPTO 2007 Alferd Menzes Santa Barbara, California, USA 19-23 August 2007
ICISC 2007 Kil-Hyun Nam and Gwangsoo Rhee Seoul, Korea 29-30 November 2007
Fast Software Encryption 2008 Kaisa Nyberg Lausanne, Switzerland 10-13 February 2008
CT-RSA 2008 Tal Malkin San Francisco, California, USA 7-11 April 2008
EUROCRYPT 2008 Nigel Smart Istanbul, Turkey 14-17 April 2008
Selected Areas in Cryptography 2008 Roberto Avanzi, Liam Keliher and Francesco Sica Sackville, Canada 14-15 August 2008
CRYPTO 2008 David Wagner Santa Barbara, California, USA 17-21 August 2008
Fast Software Encryption 2009 Orr Dunkelman Leuven, Belgium 22-25 February 2009
Western European Workshop on Research in Cryptology 2009 Christian Rechberger Graz, Austria 5-7 July 2009
Selected Areas in Cryptography 2009 Michael J. Jacobson, Jr., Vincent Rijmen and Rei Safavi-Naini Calgary, Canada 13-14 August 2009
Indocrypt 2009 Bimal Roy and Nicolas Sendrier Delhi, India 13-16 December 2009
Fast Software Encryption 2010 Seokhie Hong and Tetsu Iwata Seoul, Korea 7-10 February 2010
CT-RSA 2010 Josef Pieprzyk San Francisco, California, USA 1-5 March 2010
FutureTech 2010 (Security and trust management Track) Jongsung Kim, Claudio Ardagna and Andreas U. Schmidt Busan, Korea 21-23 May 2010
Africacrypt 2010 Daniel J. Bernstein and Tanja Lange Stellenbosch, South Africa 3-6 May 2010
ACNS 2010 Jianying Zhou and Moti Yung Beijing, China 22-25 June 2010
LatinCrypt 2010 Paulo S.L.M. Barreto and Michel Abdalla Puebla, Mexico 8-11 August 2010
Selected Areas in Cryptography 2010 Alex Biryukov, Guang Gong, and Douglas Stinson Waterloo, Canada 12-13 August 2010
CT-RSA 2011 Aggelos Kiayias San Francisco, California, USA 14-18 February 2011
Financial Cryptography 2011 George Danezis St. Lucia 28 February-4 March 2011
LightSec 2011 Erkay Savas, Ali Aydin Selcuk, and Umut Uludag Istanbul, Turkey 14-15 March 2011
EUROCRYPT 2011 Kenny Paterson Tallinn, Estonia 15-19 May 2011
Hash-2011 Christian Rechberger Tallinn, Estonia 19-20 May 2011
Western European Workshop on Research in Cryptology 2011 Frederik Armknecht and Stefan Lucks Weimar, Germany 20-22 July 2011
Selected Areas in Cryptography 2011 Ali Miri and Serge Vaudenay Toronto, Canada 11-12 August 2011
CRYPTO 2011 Phillip Rogaway Santa Barbara, California, USA 14-18 August 2011
ESORICS 2011 Vijay Atluri and Claudia Diaz Leuven, Belgium 12-14 September 2011
CCS 2011 Vitaly Shmatikov and George Danezis Chicago, Illinois, USA 17-21 October 2011
ECRYPT Workshop on Lightweight Cryptography Gregor Leander and Francois-Xavier Standaert Louvain-la-Neuve, Belgium 28-29 November 2011
CT-RSA 2012 Orr Dunkelman San Francisco, California, USA 27 February-2 March 2012
EUROCRYPT 2012 David Pointcheval and Thomas Johansson Cambridge, UK 15-19 April 2012
ACISP 2012 Willy Susilo and Yi Mu Wollongong, Australia 9-11 July 2012
Africacrypt 2012 Serge Vaudenay Ifrane, Morocco 10-12 July 2012
Latincrypt 2012 Gregory Neven and Alejandro Hevia Santiago, Chile 7-10 October 2012
ASIACRYPT 2012 Xiaoyun Wang and Kazue Sako Beijing, China 2-6 December 2012
Fast Software Encryption 2013 Shiho Moriai Singapore, Singapore 11-13 March 2013
LightSec 2013 Gildas Avoine and Orhun Kara Gebze, Turkey 6-7 May 2013
Australasian Conference on Information Security and Privacy 2013 Colin Boyd and Leonie Simpson Brisbane, Australia 1-3 July 2013
Selected Areas in Cryptography 2013 Tanja Lange, Kristin Lauter, and Petr Lisonek Burnaby, Canada 14-16 August 2013
Cryptology and Network Security 2013 Michel Abdalla and Cristina Nita-Rotaru Patary, Sao Paolu, Brazil 20-22 November 2013
ASIACRYPT 2013 Kazue Sako and Palash Sarkar Bengaluru, India 1-5 December 2013
CT-RSA 2014 Josh Benaloh San Francisco, USA 24-28 February 2014
Fast Software Encryption 2014 Carlos Cid and Christian Rechberger London, UK 3-5 March 2014
Selected Areas in Cryptography 2014 Antoine Joux and Amr Youssef Montreal, Canada 14-15 August 2014
Crypto 2014 Juan Garay and Rosario Gennaro Santa Barbara, USA 17-21 August 2014
Security and Privacy for Smart Connected Devices David Pointcheval and Kazue Sako Wroclaw, Poland 10-11 September 2014
Latincrypt 2014 Diego F. Aranha and Alfred Menezes Santa Catarina, Brazil 17-19 September 2014
CCS 2014 Moti Yung and Ninghui Li Scottsdale, USA 3-7 November 2014
Fast Software Encryption 2015 Gregor Leander Istanbul, Turkey 9-11 March 2015
ASIACCS 2015 Jianying Zhou and Ahn Gail-Joon Singapore, Singapore 14-17 April 2015
CT-RSA 2015 Kaisa Nyberg San Francisco, USA 20-24 April 2015
SAC 2015 Orr Dunkelman and Liam Keliher Sackville, Canada 12-14 August 2015
CRYPTO 2015 Rosario Gennaro and Matt Robshaw Santa Barbara, USA 17-21 August 2015
Fast Software Encryption 2016 Thomas Peyrin Bochum, Germany 20-23 March 2016
Africacrypt 2016 David Pointcheval Fes, Morocco 13-15 April 2016
Privacy Enhancing Technologies 2016 Claudia Diaz and Apu Kapadia Darmstadt, Germany 19-22 July 2016
BalkanCryptSec 2016 Ferucio Laurentiu Tiplea and Bogdan Warinschi Bucharest, Romania 8-9 September 2016
Mycrypt 2016 Raphael C.W.-Phan and Moti Yung Kaula Lumpor, Malaysia 1-2 December 2016
INDOCRYPT 2016 Orr Dunkelman and Somitra Sandhaya Kolkata, India 11-14 December 2016
CT-RSA 2017 Helena Handschuh San Francisco, USA 13-17 February 2017
ASIACCS 2017 Ahmad-Reza Sadeghi and Xun Yi Abu Dhabi, UAE 2-6 April 2017
Privacy Enhancing Technologies 2017 Claudia Diaz, Rachel Greenstadt, and Damon McCoy Minneapolis, USA 18-21 July 2017
CRYTPO 2017 Jon Katz and Hovav Shacham Santa Barbara, USA 20-24 August 2017
Latincrypt 2017 Orr Dunkelman and Tanja Lange Havana, Cuba September 2017


Boards / Steering Committees

ContextRoleYears
FSE Steering Committee Member 2009-2012
SAC Board Member 2008-2013, 2015
CT-RSA Steering Committee Member 2012-2014
Cryptanalysis of ubiquitous computing systems (CRYPTACUS) Management committee member 2014-present


Organized Events:

EventDateLocationRole
SASC (The State of the Art of Stream Ciphers) 2008 13.2.08-14.2.08 Lausanne, Switzerland General Chair
Lightweight Crypto Day 2.2.14 University of Haifa, Haifa, Israel General Chair
The Taiwan-Israel Symposium on Information Security 7.7.14 Hebrew University of Jerusalem, Jerusalem, Israel Local Academic Organizer
The 3rd TCE Summer School on Computer Security 7.9.14-11.9.14 Technion, Haifa, Israel Academic Organizer
Privacy Enhancing Technologies for Biometric Data 15.1.15 University of Haifa, Haifa, Israel Local Organizer
Lightweight Crypto Day 12.3.15 TCE, Technion, Israel General Chair
Privacy Enhancing Technologies for Biometric Data 17.1.16 University of Haifa, Haifa, Israel Local Organizer
Lightweight Crypto Day 28.3.16 TCE, Technion, Israel General Chair



Past and Present Students




Lectures and Tutorials

Course Semester Subject Slides
Technion's Modern Cryptology (236506) Winter 2000 Secret Sharing Schemes Notes
Technion's Modern Cryptology (236506) Winter 2000 Signatures Notes
Technion's Modern Cryptology (236506) Winter 2000 Zero Knowledge Proofs Notes
Technion's Modern Cryptology (236506) Winter 2000 One Way Functions and Ping-Pong Protocols Notes
Technion's Advanced Topics in Computer Science 6 - Cryptology (236606) Spring 2000 Differential-Linear Cryptanalysis 2x2 Format
Technion's Advanced Topics in Computer Science 6 - Cryptology (236606) Spring 2000 Differential Cryptanalysis of FEAL-8 2x2 Format
Technion's Introduction to Operating Systems (234120) Spring 2002 On Linux' Boot-Up Sequence 1x1 Format
Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) Spring 2002 Introduction to Elliptic Curves 2x2 Format
Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) Spring 2003 Introduction to Elliptic Curves 2x2 Format
Technion's Advanced Topics in Computer Science 12 - Cryptology (236612) Spring 2003 Probabilistic Encryption and Signatures Schemes 2x2 Format
Technion's Computer Security (236350) Winter 2003/4 Trusted Computing Part I - 2x2 Format and Part II - 2x2 Format
Technion's Computer Security (236350) Spring 2004 Trusted Computing Part I - 2x2 Format and Part II - 2x2 Format
Technion's Computer Security (236350) Winter 2004/5 Trusted Computing Part I - 2x2 Format and Part II - 2x2 Format
Technion's Computer Security (236350) Spring 2005 Trusted Computing Part I - 2x2 Format and Part II - 2x2 Format
Advanced Topics in Computer Security Winter 2006 Slides can be found here
Technion's Computer Security (236350) Spring 2006 Trusted Computing Part I - 2x2 Format and Part II - 2x2 Format
Technion's Computer Security (236350) Spring 2006 Security Challenges PDF

The talks in the above section are copyrighted by me and the Technion. In some cases there are other copyright owners. Please respect my rights.

All the lectures I have given in the Haifa Linux Club (Haifux) can be found here.

Contact me regarding this website.
The design of the website is based on the design of the Haifa Linux Club website I would like to thank the webmasters of that website (besides myself) for the design.