Bernstein, Daniel - Department of Computer Science, University of Illinois at Chicago

Advanced Search

Bernstein, Daniel - Department of Computer Science, University of Illinois at Chicago

Disproof of Li An-Ping's claims regarding Salsa20
Response to "Slid Pairs in Salsa20 and Trivium" Daniel J. Bernstein
Analysis of Bernstein's Factorization Circuit Arjen K. Lenstra 1 , Adi Shamir 2 , Jim Tomlinson 3 , Eran Tromer 2
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION
An abridged version of this paper appears in Proceedings of the 37th Symposium on Foundations of Computer Science, IEEE, 1996.
Fast Exponentiation with Precomputation: Algorithms and Lower Bounds \Lambda
Salsa20 design Daniel J. Bernstein
Associated Press, 2004.09.16: "Security breach clears Oakland airport
MATHEMATICS OF COMPUTATION Volume 65, Number 216
Salsa20/8 and Salsa20/12 Daniel J. Bernstein
IA-32 Intel Architecture
Solutions for Basic Counting and Listing CL-1.1 This is a simple application of the Rules of Sum and Product.
Factoring into coprimes in essentially linear time
Putnam Mathematical Competition, 6 December 2003 Let n be a fixed positive integer. How many ways are there to write n as a sum of
Chinese Remaindering with Errors Oded Goldreich
Using the Groebner basis algorithm to find proofs of unsatisfiability Matthew Clegg \Lambda
[3] R.E. Blahut, Theory and Practice of Error Control Codes, AddisonWesley, Reading, Massachusetts, 1983.
RESEARCH ANNOUNCEMENT: STRONGER SECURITY BOUNDS
Putnam Mathematical Competition, 2 December 2000 Let A be a positive real number. What are the possible values of
Vedi, vedi, e dicile spiegare, e dicile capire,
Optimal security proofs for PSS and other signature schemes Jean-S ebastien Coron
On the exact security of Full Domain Hash Jean-S ebastien Coron
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
Putnam Mathematical Competition, 7 December 2002 Let k be a xed positive integer. The nth derivative of 1
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
A NON-ITERATIVE 2-ADIC STATEMENT OF THE 3N + 1 CONJECTURE
Full version of the extended abstract which appeared in the Proceedings of Eurocrypt '2000 (19th IACR Eurocrypt, May 14--18, 2000, Bruges, Belgium)
Universal hashing and geometric codes Jurgen Bierbrauer
Fast multiprecision evaluation of series of rational numbers Bruno Haible Thomas Papanikolaou
1996 Putnam problems and unocial solutions, revised As usual, rst come the problems, then the problems with solutions. Comments and
January 23rd 1994. On the equations z m = F (x; y) and Ax p +By q = Cz r
Integers, without large prime factors, in arithmetic progressions, II
PROVING PRIMALITY IN ESSENTIALLY QUARTIC EXPECTED TIME
Differential addition chains Daniel J. Bernstein
DUALITY APPLIED TO THE COMPLEXITY OF MATRIX MULTIPLICATIONS
Comparison of 256-bit stream ciphers at the beginning of 2006
Tolerable performance on this quiz: answering more than half of the
List decoding for binary Goppa codes Daniel J. Bernstein
ECM using Edwards curves Daniel J. Bernstein1
Robert Lemos, News.com, 2004.11.08: "Virus writers elude Microsoft's bounty
Salsa20 cover sheet Daniel J. Bernstein
COMPUTING DISCRETE LOGARITHMS WITH THE PARALLELIZED KANGAROO METHOD
Distributed MatrixFree Solution of Large Sparse Linear Systems over Finite Fields \Lambda
SOLVING SIMULTANEOUS MODULAR EQUATIONS OF LOW DEGREE Johan Hastad*
Aimed at Math. Comp. DISTINGUISHING PRIME NUMBERS
There are infinitely many Carmichael numbers W. R. Alford, Andrew Granville and Carl Pomerance
Refereed. Will be printed in J. P. Buhler and P. Stevenhagen, Algorithmic number theory: lattices, number fields, curves and cryptography.
A Key Recovery Attack on Discrete Logbased Schemes Using a Prime Order Subgroup ?
Fast Encryption and Authentication in a Single Cryptographic Primitive
Curriculum vitae Daniel J. Bernstein
An extended abstract appears in Advances in Cryptology Eurocrypt 98 Proceedings, Lecture Notes in Computer Science, Vol. 1304, K. Nyberg ed., Springer-Verlag, 1998. This is the full version.
Integer factorization Daniel J. Bernstein
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
Chosen Ciphertext Attack on SSS Joan Daemen1, Joseph Lano2 , and Bart Preneel2
GUARANTEED MESSAGE AUTHENTICATION FASTER THAN MD5
Submitted to Mathematics of Computation, August 2000. HOW TO FIND SMALL FACTORS OF INTEGERS
Strongbox: A System for SelfSecuring Programs
COMPUTING LOGARITHM INTERVALS WITH THE ARITHMETIC-GEOMETRIC-MEAN ITERATION
MERSENNE TWISTER AND FUBUKI STREAM/BLOCK MAKOTO MATSUMOTO, TAKUJI NISHIMURA, MARIKO HAGITA, AND MUTSUO
ECM USING EDWARDS CURVES DANIEL J. BERNSTEIN, PETER BIRKNER, TANJA LANGE, AND CHRISTIANE PETERS
The Poly1305-AES message-authentication code Daniel J. Bernstein
Draft. Aimed at HSC. PROVING TIGHT SECURITY FOR
List decoding for binary Goppa codes Daniel J. Bernstein
Algorithmic Number Theory MSRI Publications
Rachel Crofts, Scotsman, 2004.11.29: "Consumers warned of `criminal cashback'
Does ZK-Crypt version 1 flunk a repetition test?
Cipher DAGs (extended abstract) Daniel J. Bernstein
Algorithmic Number Theory MSRI Publications
Distinguishing Attack on MAG Simon Knzli and Willi Meier
Acta Informatica 28, 693--701 (1991) On Fast Multiplication of Polynomials Over Arbitrary Algebras
COMPUTING LOGARITHM FLOORS IN ESSENTIALLY LINEAR TIME
SURF: SIMPLE UNPREDICTABLE RANDOM FUNCTION DANIEL J. BERNSTEIN
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. FAST MULTIPLICATION AND ITS APPLICATIONS
The Poly1305AES messageauthentication code Daniel J. Bernstein #
Integers, without large prime factors, in arithmetic progressions, I
Computing Roots in Finite Fields and Groups,
O conte udo do presente relat orio e de unica responsabilidade do(s) autor(es). The contents of this report are the sole responsibility of the author(s).
MULTIDIGIT MODULAR MULTIPLICATION WITH THE EXPLICIT CHINESE REMAINDER THEOREM
THE MULTIPLE-LATTICE NUMBER FIELD SIEVE Daniel J. Bernstein
Journal of Number Theory MINORATION EFFECTIVE DE LA DISTANCE PADIQUE
Submitted to MATHEMATICS OF COMPUTATION VOLUME 00, NUMBER 0
Integer factorization Daniel J. Bernstein
Salsa20 specification Daniel J. Bernstein
John Markoff, New York Times, 2004.10.25
Contemporary Mathematics Polynomial evaluation
Ryan Naraine, Eweek, 2004.11.11: "XP SP2 flaw warning sparks debate on
Comments on the Rediscovery of Time Memory Data Tradeoffs
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. REDUCING LATTICE BASES
Notation Index (for all) SF-16
Wild McEliece Daniel J. Bernstein1, Tanja Lange2, and Christiane Peters2
Laura Berrill, Techworld, 2004.10.11: "Solaris security suffers image problem
MATHEMATICS OF COMPUTATION Volume 65, Number 213
Algorithmic Number Theory MSRI Publications
Random Walks Revisited: Extensions of Pollard's Rho Algorithm for Computing
Robert Lemos, News.com, 2004.12.01: "Microsoft rushes out critical IE fix
Draft. Aimed at BuhlerStevenhagen MSRI conference proceedings. REDUCING LATTICE BASES
Improved Decoding of ReedSolomon and AlgebraicGeometry Codes
'$ ffifl fflfi I N F O R M A T I K
Fast Machine Code for Modular Multiplication Michael Scott
Tellegen's Principle into Practice Laboratoire STIX
List decoding for binary Goppa codes Daniel J. Bernstein
PC Assembly Language Paul A. Carter
THE 3x + 1 CONJUGACY MAP Daniel J. Bernstein, Jeffrey C. Lagarias
[Journal Name], [Volumn Number], 1--12 ([Volumn Year]) fl [Volumn Year] Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
Fields Institute Communications Volume 00, 0000
Journal of Computational and Applied Mathematics 121 (2000) 247296 www.elsevier.nl/locate/cam
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. FAST MULTIPLICATION AND ITS APPLICATIONS
Analysis of QUAD Bo-Yin Yang1
Field inversion and point halving revisited Kenny Fong, Darrel Hankerson, Julio Lopez, and Alfred Menezes
Article No. sy980216 J. Symbolic Computation (1998) 26, 339341
Stronger security bounds for WegmanCarterShoup authenticators
Appears in Advances in Cryptology --Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., SpringerVerlag, 1996.
Calculus for mathematicians D. J. Bernstein, University of Illinois at Chicago, djb@pobox.com
A SoftwareOptimized Encryption Algorithm Phillip Rogaway 1 and Don Coppersmith 2
Aimed at Math. Comp. PROVING PRIMALITY
Software Implementation of the NIST Elliptic Curves Over Prime Fields
Stronger security bounds for WegmanCarterShoup authenticators
Type-II Optimal Polynomial Bases Daniel J. Bernstein1 and Tanja Lange2
Fast Multiple-Precision Evaluation of Elementary Functions RICHARD P. BRENT
Analysis of QUAD Bo-Yin Yang1
The Age, Australia, 2004.10.29: "Thieves caught driving stolen
Cryptography in NaCl Daniel J. Bernstein
MATHEMATICS OF COMPUTATION Volume 67, Number 223, July 1998, Pages 12531283
Really fast syndrome-based hashing Daniel J. Bernstein1
Cache-timing attacks on AES Daniel J. Bernstein
WhatEveryComputerScientist ShouldKnowAboutFloatingPoint
LOWER BOUNDS FOR LUCAS CHAINS MARTIN KUTZ
On the Bounded Sum-of-digits Discrete Logarithm Problem in Finite Fields
Z .Journal of Algebra 247, 370 434 2002 doi:10.1006rjabr.2001.9016, available online at http:rrwww.idealibrary.com on
ECM on Graphics Cards Daniel J. Bernstein1
encryptions. Therefore to find a single DES key will on average take 1:2 \Delta 10 6 MY, or about 300 times as much as the factorization of RSA129 required.
A short proof of the unpredictability
On the Security of Two MAC Algorithms Bart Preneel 1? Paul C. van Oorschot 2
KRONECKER MATRICES AND POLYNOMIAL GCDS Daniel J. Bernstein
Draft. Aimed at Math. Comp. SCALED REMAINDER TREES
Draft. Aimed at HSC. PROVING TIGHT SECURITY FOR
{franke,thor,wirth}@math.unibonn.de morain@lix.polytechnique.fr polytechnique
Section 1: Some Basic Terminology Functions play a fundamental role in nearly all of mathematics. Combinatorics is no ex-
How to disguise an elliptic curve (Weil descent)
PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME
Aimed at Math. Comp. I need to do some software verification first. REMOVING REDUNDANCY IN
PROVING PRIMALITY AFTER AGRAWAL-KAYAL-SAXENA DANIEL J. BERNSTEIN
Target: Mathematics of Computation. New version of paper in preparation, with 4:5 for reciprocal, 6:5 for quotient, 5:5 for square root, and 8:5 for exponential. See
Cryptanalysis of MD5 Compress Hans Dobbertin
Submitted to Chicago Journal of Theoretical Computer Science, August 2000. A SIMPLE UNIVERSAL PATTERN-MATCHING AUTOMATON
Draft. Aimed at High Primes and Misdemeanors. Doubly focused enumeration of
Preventing weaknesses on F-FCSR in IV mode and tradeoff attack on F-FCSR 8
Software Optimization Guide for AMD AthlonTM 64
Proving tight security for Rabin-Williams signatures
Matthew Broersma, PC World, 2004.10.01
Cycle counts for authenticated encryption Daniel J. Bernstein
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
Finding a Balance: Computer Software, Intellectual Property and the Challenge of
Which eSTREAM ciphers have been broken? Daniel J. Bernstein
Optimizing double-base elliptic-curve single-scalar multiplication
Primality Proving via One Round in ECPP and One Iteration in AKS
The Security and Performance of the Galois/Counter Mode (GCM) of Operation
Draft. Aimed at Math. Comp. I'm rewriting [8] in light of this. HOW TO FIND SMOOTH PARTS OF INTEGERS
An Efficient Hardware Architecture for Factoring Integers with the Elliptic Curve Method
Yaakov Katz, Jerusalem Post, 2004.08.24: "Police drill reveals security flaws in malls
Submission to ECRYPT call for stream ciphers: the self-synchronizing stream cipher Mosquito
An extended abstract of this paper appears in Advances in Cryptology --Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., SpringerVerlag, 1994. This is the
Review of Il-Whan Park, Seok-Won Jung, Hee-Jean Kim, Jong-In Lim, \Fast operation method in GF(2 n ) using a modi ed optimal normal basis," Commun. Korean Math. Soc. 12 (1997), 531{538
1997 Putnam problems and unocial solutions As usual, rst come the problems, then the problems with solutions. Comments and
Number-Theoretic Constructions of Ecient Pseudo-Random Functions
HOW TO FIND SMALL FACTORS OF INTEGERS DANIEL J. BERNSTEIN
On some subgroups of the multiplicative group of finite rings Jose Felipe Voloch
PRIME SIEVES USING BINARY QUADRATIC FORMS A. O. L. ATKIN AND D. J. BERNSTEIN
To appear in The Journal of Cryptology, Springer-Verlag. Selecting Cryptographic Key Sizes
ENUMERATING AND COUNTING SMOOTH INTEGERS Daniel J. Bernstein
Shor's discrete logarithm quantum algorithm for elliptic curves
PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME
Factoring N = p r q for Large r (Extended Abstract)
NEWTON ITERATION REVISITED GUILLAUME HANROT AND PAUL ZIMMERMANN
Specifications Christophe De Canni`ere and Bart Preneel
Notes on the Salsa20 key size Daniel J. Bernstein
Visualizing area-time tradeoffs for SHA-3 Daniel J. Bernstein
Universal Hash Functions from Exponential Sums over Finite Fields and Galois Rings *
Unix and Security: The In uences of History Eugene H. Spaord
Aimed at Math. Comp. PROVING PRIMALITY
SFINKS: A Synchronous Stream Cipher for Restricted Hardware Environments
ARBITRARILY TIGHT BOUNDS ON THE DISTRIBUTION OF SMOOTH INTEGERS
1995 Putnam problems and unocial solutions As usual, rst come the problems, then the problems with solutions. Comments and
Chinese Remaindering with Errors \Lambda Oded Goldreich y Dana Ron z Madhu Sudan x
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. PROTECTING COMMUNICATIONS AGAINST FORGERY
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
The Fractional Fourier Transform and Applications David H. Bailey and Paul N. Swarztrauber
The GHS Attack in odd Characteristic March 24, 2003
Equivalence and Order Section 1: Equivalence
Federal Information Processing Standards Publication 180-2
BULLETIN (New Series) OF THE AMERICAN MATHEMATICAL SOCIETY
Programming Glenn Manacher Techniques Editor
Solutions for Boolean Functions and Computer Arithmetic BF-1.1 The idea of this problem is to show how English phrases are translated into logical
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION
BRICSRS-03-9Damgard&Frandsen:AnExtendedQuadraticFrobeniusPrimalityTest BRICSBasic Research in Computer Science
Remote Timing Attacks are Practical David Brumley Dan Boneh
Ryan Naraine, InternetNews, 2004.09.08: "Apple issues mega security update
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
PROVING PRIMALITY IN ESSENTIALLY QUARTIC EXPECTED TIME
An abridged version of this paper appears in Advances in Cryptology --Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., SpringerVerlag, 1996.
Polynomial Selection for the Number Field Sieve
Draft. Aimed at Mathematics of Computation. FASTER ALGORITHMS TO FIND NON-SQUARES
Danny Brierley, Local London, 2004.09.30: "BA flight diverted after security scare
FAST FOURIER TRANSFORM ALGORITHMS WITH APPLICATIONS A Dissertation
David McGlinchey, GovExec, 2004.09.23: "Border chief touts biometrics as security
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
Decoding of Reed Solomon codes beyond the error-correction bound
Smith Normal Form of Dense Integer Matrices, Fast Algorithms into Practice #
Smoothing ``Smooth'' Numbers John B. Friedlander *
Journal of Symbolic Computation 26 (1998), 339{341. COMPOSING POWER SERIES OVER A FINITE RING
Refereed. Pages 27{34 in Algorithmic number theory: ANTS-II, edited by Henri Cohen, Lecture Notes in Computer Science 1122, Springer, 1996.
Date: 2003.09.28. Permanent ID of this document: b4795a4f12863c26de5b7afe9296ffd8. Refereed. Will be printed in Primes and misdemeanours: lectures in honour of the sixtieth birthday of Hugh Cowie Williams, 2004.
Technical Report CG--1997/3.2
USA Today, 2004.10.08: "Tests uncover lax security at Newark
Extending the Salsa20 nonce Daniel J. Bernstein
UNIVERSITY OF CALIFORNIA Los Angeles
THE PARALLELIZED POLLARD KANGAROO METHOD IN REAL QUADRATIC FUNCTION FIELDS
Bucket Hashing and its Application to Fast Message Authentication
by John Walker The Hacker's Diet
To be incorporated into author's Highspeed cryptography book. FLOATINGPOINT ARITHMETIC
EVALUATING RECURRENCES OF FORM Xm+n = f(Xm ; Xn ; Xm\Gamman ) VIA LUCAS CHAINS
MDxMAC and Building Fast MACs from Hash Functions ?
Submitted to Journal of Cryptology, March 2000. FLOATING-POINT ARITHMETIC
Cryptanalysis of ABC v2 Hongjun Wu and Bart Preneel
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. PROTECTING COMMUNICATIONS AGAINST FORGERY
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
PowerPC User Instruction Set Architecture Version 2.01
Volume 106, Number 3, MayJune 2001 Journal of Research of the National Institute of Standards and Technology
Dragon: A Fast Word Based Stream Cipher , M. Henricksen1
Faster addition and doubling on elliptic curves Daniel J. Bernstein1
Algorithmic Number Theory MSRI Publications
Complexity Issues in Bivariate Polynomial Factorization A. Bostan, STIX
Algorithmic Number Theory MSRI Publications
Really fast syndrome-based hashing Daniel J. Bernstein1
MATHEMATICS OF COMPUTATION Volume 65, Number 213
Simplified high-speed high-distance list decoding for alternant codes
Approximate Integer Common Divisors Nick Howgrave-Graham
MAG My Array Generator (a new strategy for random number generation) Abstract: MAG is an algorithm (cellular automata) that creates an apparently random stream. It
This is a corrected version of Proc. of Cryptography and Lattices Conference (March 29--30, 2001, Providence, Rhode Island, USA)
SQUARE-ROOT ALGORITHMS FOR THE DISCRETE LOGARITHM PROBLEM
MULTIPLE-PRECISION ZERO-FINDING METHODS AND THE COMPLEXITY OF ELEMENTARY FUNCTION EVALUATION 1
Decoding a VCR Controller Code Ken Shirriff 1
The lattice points of an n--dimensional tetrahedron y Andrew Granville
Divisors in Residue Classes, Constructively Don Coppersmith #
A fast and flexible software library for large integer arithmetic
PRIME SIEVES USING BINARY QUADRATIC FORMS A. O. L. ATKIN AND D. J. BERNSTEIN
A HYPERELLIPTIC SMOOTHNESS TEST, II H. W. LENSTRA Jr, J. PILA and CARL POMERANCE
Stronger security bounds for Wegman-Carter-Shoup authenticators
The Dragon Is Alive and Well Ed Dawson, Matt Henricksen, Willam Millan, and Leonie Simpson
MATHEMATICS OF COMPUTATION Volume 67, Number 223, July 1998, Pages 11791197
A preliminary version of this paper appeared in Advances in Cryptology --Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., SpringerVerlag, 1995.
Cachetiming attacks on AES Daniel J. Bernstein #
Computational Aspects of Discrete Logarithms Rob Lambert
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. FAST MULTIPLICATION AND ITS APPLICATIONS
1998 Putnam problems and unocial solutions As usual, rst come the problems, then the problems with solutions. Comments and
SPEEDING UP THE COMPUTATIONS ON AN ELLIPTIC USING ADDITIONSUBTRACTION CHAINS
CIRCUITS FOR INTEGER FACTORIZATION: A PROPOSAL DANIEL J. BERNSTEIN
Review of M. Fourni e, J.-Ph. Furter, D. Pinchon, \Computation of the maximal degree of the inverse of a cubic automorphism of the ane plane with Jacobian 1 via Grobner bases," J. Symbolic Computation
Computational Mathematics Inspired by RSA
Proc. 12th Symposium Applied Algebra, Algebraic Algorithms and ErrorCorrecting Codes, AAECC12
Side Channel Cryptanalysis of Product Ciphers John Kelsey 1 , Bruce Schneier 1 , David Wagner 2 , and Chris Hall 3
Notation Index (there exists) Fn-4
Algebraic Attacks on Combiners with Memory and Several Outputs
The Montgomery Powering Ladder [Published in B.S. Kaliski Jr., C.K. Koc, and C. Paar, Eds., Cryptographic
Can we avoid tests for zero in fast elliptic-curve arithmetic?
Volume 104, Number 5, SeptemberOctober 1999 Journal of Research of the National Institute of Standards and Technology
ChaCha, a variant of Salsa20 Daniel J. Bernstein
The Poly1305-AES message-authentication code Daniel J. Bernstein
IA-32 Intel Architecture Software Developer's
Binary Edwards Curves Daniel J. Bernstein1
MATHEMATICS OF COMPUTATION Volume 76, Number 257, January 2007, Pages 385388
Cascade Jump Controlled Sequence Generator Tor Helleseth1
Implementing Wagner's generalized birthday attack against the SHA-3
Journal de Th'eorie des Nombres de Bordeaux 6 (1994), 21--38
Journal de Theorie des Nombres de Bordeaux, to appear. Sharper ABCbased bounds
Putnam Mathematical Competition, 3 December 2005 Show that every positive integer is a sum of one or more numbers of the form 2 r 3 s , where
Finding Smooth Integers in Short Intervals Using CRT Decoding
The Fastest Fourier Transform in the West (MITLCSTR728)
Draft. Aimed at Mathematics of Computation. FASTER SQUARE ROOTS IN ANNOYING FINITE FIELDS
Cachetiming attacks on AES Daniel J. Bernstein #
Putnam Mathematical Competition, 4 December 2004 Basketball star Shanille O'Keal's team statistician keeps track of the number, S(N ), of
FFTs in External or Hierarchical Memory David H. Bailey
Practical Attacks on one Version of DICING Gilles Piret
High Precision Division and Square Root Alan H. Karp and Peter Markstein
Proving tight security for Rabin/Williams signatures
Salsa20 speed Daniel J. Bernstein
The Poly1305-AES message-authentication code Daniel J. Bernstein
A NEW STREAM CIPHER: DICING Beijing 100085, P.R.China
New AES software speed records Daniel J. Bernstein1
ChaCha, a variant of Salsa20 Daniel J. Bernstein
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. PROTECTING COMMUNICATIONS AGAINST FORGERY
Integer factorization, part 1: the Q sieve
Cycle counts for authenticated encryption Daniel J. Bernstein
Better price-performance ratios for generalized birthday attacks
Aimed at Math. Comp. DISTINGUISHING PRIME NUMBERS
Volume 42 Number 2 DOES INTERNET INFORMATION
The Parallel Evaluation of General Arithmetic Expressions RICHARD P. BRENT
SHA-3 interoperability Daniel J. Bernstein
Really fast syndrome-based hashing Daniel J. Bernstein1
A complete set of addition laws for incomplete Edwards curves Daniel J. Bernsteina
Distinguishing Attack on Grain Shahram Khazaei
Attacking and defending the McEliece cryptosystem
Contemporary Mathematics Analysis and optimization of
The Power of Verification Queries in Message Authentication and Authenticated Encryption
Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD
Provably Secure Masking of AES Johannes Blomer1, Jorge Guajardo Merchan2, and Volker Krummel1
Finding Small Solutions to Small Degree Polynomials
A short proof of the unpredictability
Breaking ECC2K-130 Daniel V. Bailey1,10, Lejla Batina2, Daniel J. Bernstein3, Peter Birkner4, Joppe W. Bos5,
Cost analysis of hash collisions: Will quantum computers
MATHEMATICS OF COMPUTATION Volume 68, Number 225, January 1999, Pages 345350
Boolean Functions and Computer Arithmetic Section 1: Boolean Functions
On the List and Bounded Distance Decodibility of Reed-Solomon Codes (extended abstract)
Stream Cipher HC-256 Institute for Infocomm Research, Singapore
Slide Attacks Alex Biryukov ? David Wagner ??
Draft. I want to rethink all the notation. Taking logs would have some advantages. PIPPENGER'S EXPONENTIATION ALGORITHM
Technical Report UCL Crypto Group Technical Report Series
An Analysis of Shanks's Algorithm for Computing Square Roots in Finite Fields
Engineering Radix Sort Peter M. McIlroy
Setuid Demystified Hao Chen David Wagner
Some remarks and questions about the AKS algorithm and related conjecture
ECM using Edwards curves Daniel J. Bernstein1
Smaller decoding exponents: ball-collision decoding
Stronger security bounds for permutations Daniel J. Bernstein
Algorithmic Number Theory MSRI Publications
MPC7450 RISC Microprocessor Family Reference Manual
A NEW STREAM CIPHER: DICING Beijing 100085, P.R.China
Using fast power-series arithmetic in the Kedlaya-Denef-Vercauteren algorithm
Better price-performance ratios for generalized birthday attacks
Faster 2-regular information-set decoding Daniel J. Bernstein1
Remarks on the Period of Edon80 National Security Research Institute
Computing (x): An Analytic Method J. C. Lagarias
Refereed. Pages 128-130 in Algorithmic number theory: ANTS-III, edited by Joe Buhler, Lecture Notes in Computer Science 1423, Springer, 1998.
SURF: SIMPLE UNPREDICTABLE RANDOM FUNCTION DANIEL J. BERNSTEIN
Draft. Aimed at Mathematics of Computation. FASTER SQUARE ROOTS IN ANNOYING FINITE FIELDS
Understanding brute force Daniel J. Bernstein ?
A short proof of the unpredictability
Draft. Aimed at HSC. PROVING TIGHT SECURITY FOR
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. PROTECTING COMMUNICATIONS AGAINST FORGERY
Draft. Aimed at Math. Comp. SCALED REMAINDER TREES
PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
The Poly1305-AES message-authentication code Daniel J. Bernstein ?
MULTIDIGIT MODULAR MULTIPLICATION WITH THE EXPLICIT CHINESE REMAINDER THEOREM
Putnam Mathematical Competition, 1 December 2001 Consider a set S and a binary operation * on S (that is, for each a, b in S, a *
1998 Putnam problems and unofficial solutions As usual, first come the problems, then the problems with solutions. Comments *
Submitted to Chicago Journal of Theoretical Computer Science, August 2000. A SIMPLE UNIVERSAL PATTERN-MATCHING AUTOMATON
PROVING PRIMALITY IN ESSENTIALLY QUARTIC EXPECTED TIME
HOW TO FIND SMALL FACTORS OF INTEGERS DANIEL J. BERNSTEIN
COMPUTING LOGARITHM FLOORS IN ESSENTIALLY LINEAR TIME
The Goldman-Krull theorem D. J. Bernstein
Journal de Th'eorie des Nombres de Bordeaux, to appear. SHARPER ABC-BASED BOUNDS
SHARPER ABC-BASED BOUNDS FOR CONGRUENT POLYNOMIALS
COMPUTING LOGARITHM INTERVALS WITH THE ARITHMETIC-GEOMETRIC-MEAN ITERATION
1995 Putnam problems and unofficial solutions As usual, first come the problems, then the problems with solutions. Comments *
1996 Putnam problems and unofficial solutions, revised As usual, first come the problems, then the problems with solutions. Comments *
Target: Mathematics of Computation. New version of paper in preparation, with 4.5 for reciprocal, 6.5 for quotient, 5.5 for square root, and 8.5 for exponent*
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
Draft. Aimed at Mathematics of Computation. DOUBLY FOCUSED ENUMERATION OF
Mathematics of Computation, to appear. ENUMERATING SOLUTIONS TO p(a) + q(b) = r(c) + s(d)
PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME
Submitted to Journal of Cryptology, March 2000. FLOATING-POINT ARITHMETIC
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
PROTECTING COMMUNICATIONS AGAINST FORGERY DANIEL J. BERNSTEIN
Aimed at Math. Comp. I need to do some software verification first. REMOVING REDUNDANCY IN
Cachetiming attacks on AES Daniel J. Bernstein #
PROVING THE PRIMALITY OF VERY LARGE NUMBERS WITH J. FRANKE, T. KLEINJUNG, F. MORAIN, AND T. WIRTH
Understanding brute force Daniel J. Bernstein #
The Multi-variable Modular Polynomial and its Applications to Cryptography
SHARPER ABC-BASED BOUNDS FOR CONGRUENT POLYNOMIALS
A New 128-bit Key Stream Cipher LEX Alex Biryukov
CubeHash specification (2.B.1) Daniel J. Bernstein
1999 Putnam problems and unocial solutions As usual, rst come the problems, then the problems with solutions. Comments and
Advances in Applied Mathematics, to appear. MULTIDIGIT MULTIPLICATION FOR MATHEMATICIANS
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
Mathematics of Computation, to appear. ENUMERATING SOLUTIONS TO p(a) + q(b) = r(c) + s(d)
Comparison of three modular reduction Antoon Bosselaers, Ren'e Govaerts and Joos Vandewalle
ON POSITIVE INTEGERS x WITH PRIME FACTORS t log x Andrew Granville
Hardware-Dedicated Stream Ciphers Sean O'Neil, Benjamin Gittins, Howard A. Landman
Sets and Functions Section 1: Sets
Report on the integer-factorization project at Arizona Winter School 2006
Fast Encryption and Authentication in a Single Cryptographic Primitive
Version 1.0 UltraSPARC
Cryptanalysis of Pomaranch 1, Henri Gilbert
MATHEMATICS OF COMPUTATION Volume 66, Number 220, October 1997, Pages 17291741
Inverted Edwards coordinates Daniel J. Bernstein1
The Game-Playing Technique M. Bellare
Response to "On the Salsa20 core function" Daniel J. Bernstein
MATHEMATICS OF COMPUTATION Volume 76, Number 257, January 2007, Pages 443454
J. Symbolic Computation (2000) 11, 1{000 Fast evaluation of holonomic functions
PROTECTING COMMUNICATIONS AGAINST FORGERY DANIEL J. BERNSTEIN
This is a corrected version of Algorithmic Number Theory --Proceedings of ANTSIV (July 3--7, 2000, Leiden, Netherlands)
MATHEMATICS OF COMPUTATION VOLUME 000, NUMBER 0
Journal de Theorie des Nombres de Bordeaux, to appear. SHARPER ABCBASED BOUNDS
Draft. Aimed at Mathematics of Computation. DOUBLY FOCUSED ENUMERATION OF
Authentication via algebraicgeometric Jurgen Bierbrauer
10 A. M. ODLYZKO rithms 3 (1982), 101--127.
REDUCING LATTICE BASES TO FIND SMALLHEIGHT VALUES
Fast evaluation of holonomic functions Joris van der Hoeven
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
A survey of fast exponentiation methods Daniel M. Gordon
IMPLEMENTATION OF THE ATKINGOLDWASSERKILIAN
PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME
Fast Universal Hashing with Small Keys and No Preprocessing: The PolyR Construction
The Stream Cipher Polar Bear Johan Hastad NADA
Proving tight security for RabinWilliams signatures
Grover vs. McEliece Daniel J. Bernstein
Standard ECMA-48 Fifth Edition -June 1991
Cycle counts for authenticated encryption Daniel J. Bernstein
Logic is the tool for reasoning about the truth and falsity of statements. There are two main directions in which logic develops.
The Salsa20 family of stream ciphers Daniel J. Bernstein
MCS 494 midterm 1 D. J. Bernstein
Universal Hashing and Multiple Authentication M. Atici1*2and 11. R,. S t i n ~ o n ' > ~
Liz Szabo, USA Today, 2004.11.30: "Radioactive medical procedures can set
Can we avoid tests for zero in fast elliptic-curve arithmetic?
Security Proof for Partial-Domain Hash Signature Schemes
UNIX Security Holes, Fall 2004 Course number: MCS 494, 12363
Ryan Naraine, InternetNews, 2004.08.26: "Beware that WinAmp skin
Graeme Wearden, CNET News.com, 2004.09.01: "Wi-Fi group backs brawnier
Ryan Naraine, InternetNews, 2004.09.10: "MS Premium customers get early security
The Daily Mirror, 2004.09.13: "Batman protestor invades Palace
Kryptonite Bic-picking was published by John Stuart Clark, New Cyclist, 1992.
Jerusalem Post, 2004.09.28: "Jerusalem envelope security fence may be
Associated Press, 2004.10.14: "Would-be bank robber gets laughed at
Paul Roberts, IDG News Service, 2004.10.18
Doreen Hemlock, Fort Lauderdale Sun Sentinel, 2004.10.21
KCRA TV, 2004.11.04: "Students accused of hacking computer,
Reuters, 2004.11.09: "Worm breaks speed record from discovery
MCS 494 midterm 2 D. J. Bernstein
nbc4.tv, 2004.11.19: "Two people who worked at LAX blew
Matthew Broersma, Techworld, 2004.11.23
MCS 494 final D. J. Bernstein
The tangent FFT Daniel J. Bernstein
The tangent FFT Daniel J. Bernstein
Draft. Aimed at Math. Comp. SCALED REMAINDER TREES
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION INTO COPRIMES
Attacking and defending the McEliece cryptosystem
Implementing Wagner's generalized birthday attack against the SHA-3
Grover vs. McEliece Daniel J. Bernstein
Wild McEliece Daniel J. Bernstein1, Tanja Lange2, and Christiane Peters2
Cost analysis of hash collisions: Will quantum computers
Extending the Salsa20 nonce Daniel J. Bernstein
Salsa20 security Daniel J. Bernstein
Understanding brute force Daniel J. Bernstein
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
To be incorporated into author's High-speed cryptography book. FLOATING-POINT ARITHMETIC
RESEARCH ANNOUNCEMENT: STRONGER SECURITY BOUNDS
Cache-timing attacks on AES Daniel J. Bernstein
Curve25519: new Diffie-Hellman speed records Daniel J. Bernstein
Journal de Theorie des Nombres de Bordeaux 17 (2005), 721725
Journal de Theorie des Nombres de Bordeaux, to appear. Sharper ABC-based bounds
Refereed. Will be printed in J. P. Buhler and P. Stevenhagen, Algorithmic number theory: lattices, number fields, curves and cryptography.
REDUCING LATTICE BASES TO FIND SMALL-HEIGHT VALUES
DISTINGUISHING PRIME NUMBERS FROM COMPOSITE NUMBERS
Putnam Mathematical Competition, 6 December 2003 Let n be a fixed positive integer. How many ways are there to write n as a sum of
Putnam Mathematical Competition, 4 December 2004 Basketball star Shanille O'Keal's team statistician keeps track of the number, S(N), of
Accelerated Verification of ECDSA Signatures Adrian Antipa1
Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue commu-
The Equivalence Between the DHP and DLP for Elliptic Curves Used in Practical Applications,
arXiv:math.NT/0211334v120Nov2002 Sharpening Primes is in P for a large family of numbers.
Fast Hashing on the Pentium Antoon Bosselaers, Rene Govaerts and Joos Vandewalle
FFTW: AN ADAPTIVE SOFTWARE ARCHITECTURE FOR THE FFT Matteo Frigo
Designs, Codes and Cryptogrphy 2 (1992), 315-323. Optimal normal bases
Some Hints on Mathematical Style Many years ago, just after my degree, I had the good fortune to be given some
Efficiency Improvements for Signature Schemes with Tight Security Reductions
Writing a Math Phase Two Paper http://www.mit.edu/afs/athena.mit.edu/course/other/mathp2/www/pii... 1 of 17 09/06/04 21:41
Timing Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems
MATHEMATICS OF COMPUTATION Volume 66, Number 218, April 1997, Pages 841851
Elliptic curves and number-thcorelic algorithms -H.W. Lenstra, Jr -version 19860716 ELLIPTIC CURVES AND NUMBER-THEORETIC ALGORITHMS.
Counter Mode Security: Analysis and Recommendations
CACHE MISSING FOR FUN AND PROFIT COLIN PERCIVAL
Sequences of Games: A Tool for Taming Complexity in Security Proofs
June 2000 CSTR-00-007 University of Bristol
Elem. Math. 55 (2000) 93 94 0013-6018/00/030093-2 $ 1.50+0.20/0
Cryptanalysis of DES Implemented on Computers with Cache
Parallel Collision Search with Cryptanalytic Applications Paul C. van Oorschot and Michael J. Wiener
The Full Cost of Cryptanalytic Attacks Michael J. Wiener
List of publications Daniel J. Bernstein
List of conferences Daniel J. Bernstein
Research overview Daniel J. Bernstein
Research sample: Cryptographic protocol design Daniel J. Bernstein
Aimed at Math. Comp. I need to do some software verification first. REMOVING REDUNDANCY IN
What output size resists collisions in a xor of independent expansions?
RSA signatures and RabinWilliams signatures: the state of the art
Twisted Edwards Curves Daniel J. Bernstein1
Which eSTREAM ciphers have been broken? Daniel J. Bernstein
Which phase-3 eSTREAM ciphers provide the best software speeds?
Batch binary Edwards Daniel J. Bernstein
Optimizing linear maps modulo 2 Daniel J. Bernstein
SUBMITTED FOR PUBLICATION, APRIL 2005 1 A modified split-radix FFT
What output size resists collisions in a xor of independent expansions?
Cryptanalysis of ABC C^ome Berbain, Henri Gilbert
Divide and Conquer Attack on ABC Stream Cipher
Cryptanalysis of Achterbahn Thomas Johansson1
Distinguishing Attack on CryptMT Shahram Khazaei Elham Shakour
Decim a new stream cipher for hardware applications C. Berbain1
Cryptanalysis of Stream Cipher DECIM Hongjun Wu and Bart Preneel
Attack the Dragon Hakan Englund and Alexander Maximov
B. Primitive specification and supporting documentation B.1 Our Filtered FCSR stream ciphers are based on a very simple mechanism: the output is obtained by filtering
Grain -A Stream Cipher for Constrained Environments
Attacking the IV Setup of Stream Cipher LEX Hongjun Wu and Bart Preneel
The stream cipher MICKEY (version 1) Algorithm specification issue 1.0
Countering the Correlation Attack on Cees J.A. Jansen1
On IV Setup of Pomaranch Mahdi M. Hasanzadeh
Pomaranch is Sound and Healthy Cees J.A. Jansen1
Distinguishing Attacks the Stream Cipher Py
The Stream Cipher Rabbit Martin Boesgaard Mette Vesterager Thomas Christensen
Sosemanuk, a fast software-oriented stream cipher C. Berbain1
Improved Guess and Determine Attack on Hadi Ahmadi 1
Chosen IV Attack on Stream Cipher WG Hongjun Wu and Bart Preneel
22 Schepkina Str., Office 22 Moscow, RUSSIA
The distinguishing attack on ZK-Crypt cipher Alexey Lubkin
Comparison of 256-bit stream ciphers Daniel J. Bernstein
Which phase-3 eSTREAM ciphers provide the best software speeds?
The PowerPC Compiler Writer's Guide
The SPARC Architecture Manual SPARC International, Inc.
IA-32 Intel Architecture Software Developer's
Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the
Rediscovery of Time Memory Tradeoffs and Palash Sarkar2
Integer factorization, part 1: the Q sieve
ECM using Edwards curves Daniel J. Bernstein1
ECM using Edwards curves Daniel J. Bernstein1
ECM using Edwards curves Daniel J. Bernstein1
ECM on Graphics Cards Daniel J. Bernstein1
Date: 2003.09.28. Permanent ID of this document: b4795a4f12863c26de5b7afe9296ffd8. Refereed. Will be printed in Primes and misdemeanours: lectures in honour of the sixtieth birthday of Hugh Cowie Williams, 2004.
A Short Course Discrete Mathematics
Number Theory and Cryptography Section 1: Basic Facts About Numbers
Induction, Sequences and Series Section 1: Induction
Mathematics Algorithm and System Analysis
Basic Counting and Listing Section 1: Lists with Repetitions
Decision Trees and Recursion In many situations one needs to make a series of decisions. This leads naturally to
Basic Concepts in Graph Theory Section 1: What is a Graph?
Understanding Periods in Edon80 -Response on Remarks on the Period of
A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths
Journal of Algorithms, to appear. Final revisions are in progress. FACTORING INTO COPRIMES
REDUCING LATTICE BASES TO FIND SMALL-HEIGHT VALUES
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. PROTECTING COMMUNICATIONS AGAINST FORGERY
ARBITRARILY TIGHT BOUNDS ON THE DISTRIBUTION OF SMOOTH INTEGERS
Stronger security bounds for permutations Daniel J. Bernstein ?
RESEARCH ANNOUNCEMENT: STRONGER SECURITY BOUNDS
CIRCUITS FOR INTEGER FACTORIZATION: A PROPOSAL DANIEL J. BERNSTEIN
PROVING PRIMALITY AFTER AGRAWAL-KAYAL-SAXENA DANIEL J. BERNSTEIN
THE MULTIPLE-LATTICE NUMBER FIELD SIEVE Daniel J. Bernstein
GUARANTEED MESSAGE AUTHENTICATION FASTER THAN MD5
PROVING PRIMALITY IN ESSENTIALLY QUARTIC EXPECTED TIME
1997 Putnam problems and unofficial solutions As usual, first come the problems, then the problems with solutions. Comments *
Putnam Mathematical Competition, 7 December 2002 Let k be a fixed positive integer. The nth derivative of __1___xkh-a1s the form*
Aimed at Math. Comp. DISTINGUISHING PRIME NUMBERS
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. FAST MULTIPLICATION AND ITS APPLICATIONS
To appear, Mathematics of Computation. Submitted to MATHEMATICS OF COMPUTATION
DETECTING PERFECT POWERS BY FACTORING INTO COPRIMES
Refereed. Pages 27-34 in Algorithmic number theory: ANTS-II, edited by Henri Cohen, Lecture Notes in Computer Science 1122, Springer, 1996.
ENUMERATING AND COUNTING SMOOTH INTEGERS Daniel J. Bernstein
Draft. Aimed at Math. Comp. I'm rewriting [8] in light of this. HOW TO FIND SMOOTH PARTS OF INTEGERS
Submitted to Mathematics of Computation, August 2000. HOW TO FIND SMALL FACTORS OF INTEGERS
Putnam Mathematical Competition, 2 December 2000 P 1
1999 Putnam problems and unofficial solutions As usual, first come the problems, then the problems with solutions. Comments *
Cache-timing attacks on AES Daniel J. Bernstein ?
Refereed. Will be printed in J. P. Buhler and P. Stevenhagen, Algorithmic numbe* *r theory: lattices, number fields,
The Poly1305-AES message-authentication code Daniel J. Bernstein ?
PRIME SIEVES USING BINARY QUADRATIC FORMS A. O. L. ATKIN AND D. J. BERNSTEIN
Draft. Aimed at High Primes and Misdemeanors. Doubly focused enumeration of
Review of M. Fourni'e, J.-Ph. Furter, D. Pinchon, "Computation of the maxim* *al degree of the inverse
Journal of Cryptology 12 (1999), 185-192. HOW TO STRETCH RANDOM FUNCTIONS
Stronger security bounds for Wegman-Carter-Shoup authenticators
Stronger security bounds for Wegman-Carter-Shoup authenticators
IA-32 Intel Architecture Software Developer's
High Precision Division and Square Root
Even Faster Hashing on the Pentium Antoon Bosselaers
Stronger security bounds for permutations Daniel J. Bernstein #
Software Implementation of Elliptic Curve Cryptography Over Binary Fields
Journal of Algorithms, to appear. Final revisions are in progress. FACTORING INTO COPRIMES
Journal de Th'eorie des Nombres de Bordeaux 7 (1995), 219--254
Bounding Smooth Integers (Extended Abstract) Daniel J. Bernstein
MMH: Software Message Authentication in the Gbit/second Rates \Lambda
Low-Weight Binary Representations for Pairs of Integers
Submitted to Journal of Cryptology, August 2000. A SECURE PUBLIC-KEY SIGNATURE SYSTEM
On Fast and Provably Secure Message Authentication Based on Universal Hashing \Lambda
Diss. ETH No. 11404 Eciency and Security of Cryptosystems
Susannah A. Nesmith and Luisa Yanez, Knight Ridder, 2004.08.29
Draft. Aimed at Math. Comp. I'm rewriting [8] in light of this. HOW TO FIND SMOOTH PARTS OF INTEGERS
MATHEMATICS OF COMPUTATION Volume 76, Number 257, January 2007, Pages 389403
Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to
This is roughly what I said in class on 10 January 2005. My computer is too slow
Some thoughts on security after ten years of qmail 1.0 Daniel J. Bernstein
Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grstl, Hamsi, JH, Keccak, Shabal, SHAvite-3,
Mark Rasch, SecurityFocus, 2004.10.25: "The latest tool in competition: hacking
How to optimize for the Pentium family of microprocessors
Putnam Mathematical Competition, 3 December 2005 Show that every positive integer is a sum of one or more numbers of the form 2r
TechWeb.com, 2004.10.19: "Fingerprint system for border security is
Journal de Theorie des Nombres de Bordeaux, to appear. SHARPER ABC-BASED BOUNDS
New AES software speed records Daniel J. Bernstein1
The Billion-Mulmod-Per-Second PC Daniel J. Bernstein1, Hsueh-Chung Chen2, Ming-Shing Chen3,
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION INTO COPRIMES
Draft. Aimed at BuhlerStevenhagen MSRI conference proceedings. PROTECTING COMMUNICATIONS AGAINST FORGERY
DISTINGUISHING PRIME NUMBERS FROM COMPOSITE NUMBERS
Linear Cryptanalysis of TSC Stream Ciphers Applications to the ECRYPT Proposal TSC-3
The Poly1305AES messageauthentication code Daniel J. Bernstein #
Putnam Mathematical Competition, 1 December 2001 Consider a set S and a binary operation on S (that is, for each a; b in S, a b is in S).
Cryptanalysis of RSA with Private Key d Less Than N 0:292 Dan Boneh Glenn Durfee y
Journal of Cryptology 12 (1999), 185{192. HOW TO STRETCH RANDOM FUNCTIONS
Stronger security bounds for Wegman-Carter-Shoup authenticators
Factoring into coprimes in essentially linear time
Draft. I want to rethink all the notation. Taking logs would have some advantag* PIPPENGER'S EXPONENTIATION ALGORITHM
Date:i2003.09.28.nPermanentPIDrofithismdocument:eb4795a4f12863c26de5b7afe9296ff* *d8.sRefereed.aWillnbedprintedmisdemeanours: lectures in honour of the sixtiet*
Submitted to Journal of Cryptology, August 2000. A SECURE PUBLIC-KEY SIGNATURE SYSTEM
Algorithmic number theory, edited by Buhler and Stevenhagen, to appear. FAST MULTIPLICATION AND ITS APPLICATIONS
PRIME SIEVES USING BINARY QUADRATIC FORMS A. O. L. ATKIN AND D. J. BERNSTEIN
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION
KRONECKER MATRICES AND POLYNOMIAL GCDS Daniel J. Bernstein
Canadian Journal of Mathematics 48 (1996), 1154-1169. THE 3x + 1 CONJUGACY MAP
Aimed at Math. Comp. PROVING PRIMALITY
Journal de Th'eorie des Nombres de Bordeaux, to appear. Sharper ABC-based bounds
DISTINGUISHING PRIME NUMBERS FROM COMPOSITE NUMBERS
Putnam Mathematical Competition, 4 December 2004 Basketball star Shanille O'Keal's team statistician keeps track of the number, *
Calculus for mathematicians D. J. Bernstein, University of Illinois at Chicago, djb@pobox.com
Cache-timing attacks on AES Daniel J. Bernstein ?
Factoring into coprimes in essentially linear time
Journal of Symbolic Computation 26 (1998), 339-341. COMPOSING POWER SERIES OVER A FINITE RING
Putnam Mathematical Competition, 3 December 2005 Show that every positive integer is a sum of one or more numbers of the form 2r*
Review of Il-Whan Park, Seok-Won Jung, Hee-Jean Kim, Jong-In Lim, "Fast ope* *ration method in
Proceedings of the American Mathematical Society 121 (1994), 405-408. A NON-ITERATIVE 2-ADIC STATEMENT
Putnam Mathematical Competition, 6 December 2003 Let n be a fixed positive integer. How many ways are there to write n as a sum*
To be incorporated into author's High-speed cryptography book. FLOATING-POINT ARITHMETIC
Draft. Aimed at Mathematics of Computation. FASTER ALGORITHMS TO FIND NON-SQUARES
RESEARCH ANNOUNCEMENT: FASTER FACTORIZATION INTO COPRIMES
Draft. Aimed at Buhler-Stevenhagen MSRI conference proceedings. REDUCING LATTICE BASES
MATHEMATICS OF COMPUTATION VOLUME 000, NUMBER 0
Advances in Applied Mathematics, to appear. MULTIDIGIT MULTIPLICATION FOR MATHEMATICIANS
MODULAR EXPONENTIATION VIA THE EXPLICIT CHINESE REMAINDER THEOREM
List decoding for binary Goppa codes Daniel J. Bernstein
CONGRESSIONAL RECORD --SENATES9468 September 19, 2001 Meanwhile, it is likely that there could be
License Exceptions Supplement No. 1 to Part 740 page 1 Export Administration Regulations September 28, 2001
CubeHash attack analysis (2.B.5) Daniel J. Bernstein
Embargoesand Other Special Controls Part 746-page 1 Export Administration Regulations July 12, 2001
Commerce Control List Supplement No. 1 to Part774 Category 7--page 1 Export Administration Regulations July 16, 2001
BULLETIN (New Series) OF THE AMERICAN MATHEMATICAL SOCIETY
Scope of the Export Administration Regulations Part 734-page 1 Export Administration Regulations August 2001
Commerce Control List Supplement No. 1 to Part 774 Category 5 -Info. Security--page 1 Export Administration Regulations
Subject Cite Subject Cite Export Administration Regulations October 1, 2001
Control Policy--CCL Based Controls Part 742-page 1 Export Administration Regulations October 1, 2001
Commerce Control List -Index Supplement No. 1 to Part 774 -Index 42 Export Administration Regulations September 28, 2001
Special Comprehensive License Part 752-page 1 Export Administration Regulations January 2001
Previous Page Site Search
on RFID and Light-Weight Crypto
RICHARD R. WINTER, ESQ. JAMES WHEATON, ESQ.; SBN 115230 SARAH E. PACE, ESQ. FIRST AMENDMENT PROJECT
Control Policy: End-User and End-Use Based Part 744--page 1 Export Administration Regulations October 1, 2001
Commerce Control List Supplement No. 1 to Part 774 Category 8--page 1 Export Administration Regulations January 2001
CubeHash expected strength (2.B.4) Daniel J. Bernstein
Application Processing, Issuance and/or Denial Part 750page 1 Export Administration Regulations January 2001
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
General Prohibitions Part 736-page 1 Export Administration Regulations September 28, 2001
CONGRESSIONAL RECORD --SENATE S9469September 19, 2001 in our committee was the single big-
Faster addition and doubling on elliptic curves Daniel J. Bernstein1 and Tanja Lange2
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Forms Supplement page -1 Export Administration Regulations January 2001
Steps for Using the EAR Part 732-page 1 Export Administration Regulations
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
CubeHash specification (2.B.1) Daniel J. Bernstein
Restrictive Trade Practices or Boycotts Part 760--page 1 Export Administration Regulations January 2001
int n; double x; answer[1] = 1;
Syllabus, MCS 275, Fall 1997 Prerequisites (chapters 1 through 7)
MCS 275 homework #2 Due date: 19990215
MCS 275 homework #1 Due date: 19990125
17. A graph has an Euler path if and only if the number of odd-degree vertices * *is 0 or 2.
Syllabus, MCS 275, Fall 1997 Prerequisites (chapters 1 through 7)
MCS 275 homework #1 Due date: 19970905
MCS 275 homework #3 Due date: 19971017
Course. MCS 275, Fall 1997 Course location.212 TH; lab 307 AH
Course. MCS 401 and EECS 460, Fall 1998: Computer Algorithms I Course home page.http://pobox.com/~djb/401.html
MCS 275 midterm #2 D. J. Bernstein
MCS 275 homework #2 Due date: 19970926
MCS 275 homework #3 Due date: 19990312
MCS 275 homework #5 Due date: 19971121
CubeHash efficiency estimates (2.B.2) Daniel J. Bernstein
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Export Clearance Requirements Part 758-page 1 Export Administration Regulations January 2001
Export Administration Regulations December 21, 2001 Control Policy: End-User and End-Use Based Supplement No. 4 to Part 744page 1
Commerce Control List Supplement No. 1 to Part 774 Category 6--page 1 Export Administration Regulations January 2001
Recordkeeping Part 762--page 1 Export Administration Regulations January 2001
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Commerce Control List Supplement No. 1 to Part774 Category 0--page 1 Export Administration Regulations July 16, 2001
Commerce Control List Supplement No. 1 to Part 774 Category 9--page 1 Export Administration Regulations January 2001
Commerce Control List -Index Supplement No. 1 to part774 -Index 1 Export Administration Regulations July 12, 2001
Definitions of Terms Part 772-page 1 Export Administration Regulations July 16, 2001
CubeHash features (2.B.6) Daniel J. Bernstein
Optimizing linear maps modulo 2 Daniel J. Bernstein
Export Administration Regulations EARB 298 -October 2001 LEGAL AUTHORITY
RICHARD R. WINTER, ESQ. JAMES WHEATON, ESQ.; SBN 115230 SARAH E. PACE, ESQ. FIRST AMENDMENT PROJECT
Short Supply Controls Part 7546page 1 Export Administration Regulations January 2001
on RFID and Light-Weight Crypto
Applications (Classification, Advisory, and License) and Documentation Part 748page 1 Export Administration Regulations
High-speed high-security signatures Daniel J. Bernstein1
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Enforcement and Protective Measures Part 764 page 1 Export Administration Regulations EARB 298 -October 2001
CubeHash efficiency estimates (2.B.2) Daniel J. Bernstein
Defs.' Opposition to Pls' Motion for Summary Judgment Civ. A. No. 95-0582 (MHP)
Performance evaluation of a new coordinate system
Commerce Control List Supplement No. 1 to Part 774 Category 4--page 1 Export Administration Regulations EARB 298 -October 2001
The Commerce Control List Part 774--page 1 Export Administration Regulations January 2001
CubeHash attack analysis (2.B.5) Daniel J. Bernstein
Chemical Weapons Convention Requirements Part 745page 1 Export Administration Regulations September 28, 2001
Commerce Office Addresses 2 Export Administration Regulations January 2001
Commerce Control List Overview and the Country Chart Part 738page 1 Export Administration Regulations
CubeHash appendix: complexity of generic attacks
Commerce Control List Overview and the Country Chart Supplement No. 1 to Part 738page 1 Export Administration Regulations September 28, 2001
Type-II Optimal Polynomial Bases Daniel J. Bernstein1 and Tanja Lange2
CubeHash expected strength (2.B.4) Daniel J. Bernstein
January 2001 TITLE 15--COMMERCE AND FOREIGN TRADE
CubeHash parameter tweak: 16 times faster Daniel J. Bernstein
Commerce Control List Supplement No. 1 to Part 774 Category 2--page 1 Export Administration Regulations September 28, 2001
General Information Part 730page 1 Export Administration Regulations
CubeHash parameter tweak: 10 smaller MAC overhead
RICHARD R. WINTER, ESQ. SARAH E. PACE, ESQ.
Commerce Control List Supplement No. 2 to Part 774--page 1 Export Administration Regulations January 2001
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Administrative Enforcement Proceedings Part 766--page 1 Export Administration Regulations January 2001
Defendant's Reply 2002 Summary Judgment Civ. A. No. 95-0582 (MHP)
Breaking ECC2K-130 Daniel V. Bailey1,10, Lejla Batina2, Daniel J. Bernstein3, Peter Birkner4, Joppe W. Bos5,
CubeHash round-2 modifications Daniel J. Bernstein
Special Reporting Part 743 -page 1 Export Administration Regulations January 2001
Commerce Control List Supplement No. 1 to Part 774 Category 3--page 1 Export Administration Regulations
Performance evaluation of a new side-channel-resistant
RICHARD R. WINTER, ESQ. JAMES WHEATON, ESQ.; SBN 115230 SARAH E. PACE, ESQ. FIRST AMENDMENT PROJECT
Interpretations Part 770--page 1 Export Administration Regulations September 28, 2001
Commerce Control List Supplement No. 1 to Part774 Category 5 -Telecommunications--page 1 Export Administration Regulations July 16, 2001
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
Foreign Availability Determination Procedures and Criteria Part 7686page 1 Export Administration Regulations January 2001
Table of Contents i Export Administration Regulations October 1, 2001
Commerce Office Addresses page -4 Export Administration Regulations January 2001
Legal Authority 1 Export Administration Regulations EARB 298 -October 2001
Appeals Part 756-page 1 Export Administration Regulations January 2001
Commerce Control List Supplement No. 1 to Part 774 Category 1--page 1 Export Administration Regulations September 28, 2001
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
CubeHash features (2.B.6) Daniel J. Bernstein
DANIEL J. BERNSTEIN Department of Mathematics, Statistics, and Computer Science
License Exceptions Part 740-page 1 Export Administration Regulations August 2001
High-speed high-security signatures Daniel J. Bernstein1
ECM USING EDWARDS CURVES DANIEL J. BERNSTEIN, PETER BIRKNER, TANJA LANGE, AND CHRISTIANE PETERS
Wild McEliece Incognito Daniel J. Bernstein1, Tanja Lange2, and Christiane Peters3
The security impact of a new cryptographic library
Simplified high-speed high-distance list decoding for alternant codes
Optimization failures in SHA-3 software Daniel J. Bernstein
The new SHA-3 software shootout Daniel J. Bernstein1
ECC2K-130 on NVIDIA GPUs Daniel J. Bernstein1