Papers in Cryptography – Phillip Rogaway

See dblp for an automated enumeration of my papers. See Google scholar for reverse references and See research summary for an outdated research summary. Many of the papers below are published, in a different form, by Springer. There is also a list of some old service contributions.

• Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing. Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. ASIACRYPT 2012. abstract [dyn]
• Foundations of Garbled Circuits. Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. ACM CCS 2012. abstract [gc]
• An Enciphering Scheme Based on a Card Shuffle. Viet Tung Hoang, Ben Morris, and Phillip Rogaway. CRYPTO 2012. abstract. [shuffle]
• The Security of Ciphertext Stealing. Phillip Rogaway, Mark Wooding, and Haibin Zhang. FSE 2012. abstract [steal]
• Online Ciphers from Tweakable Blockciphers. CT-RSA 2011. Springer, pp. 237-249, 2011. [online]
• The Software Performance of Authenticated-Encryption Modes. Ted Krovetz and Phillip Rogaway. FSE 2011. LNCS 6733, Springer, pp. 306-327, 2011. abstract [ae]
• Evaluation of Some Blockcipher Modes of Operation. Phillip Rogaway. Unpublished manuscript (CRYPTREC report on ECB, CBC, CFB, OFB, CTR, XTS, CBC-MAC, CMAC, HMAC, GMAC, CCM, GCM). February 2011.
• Online Ciphers from Tweakable Blockciphers. Phillip Rogaway and Haibin Zhang. CT-RSA 2011. LNCS 6558, Springer, pp. 237-249, 2011. abstract [online]
• On Generalized Fiestel Networks. Viet Tung Hoang and Phillip Rogaway. CRYPTO 2010. LNCS 6223, Springer, pp. 613-660, 2010. abstract [feistel]
• A Synopsis of Format-Preserving Encryption. Phillip Rogaway. Unpublished manuscript (readable survey of format-preserving encryption). March 2010. [synopsis]
• The FFX Mode of Operation for Format Preserving Encryption. Mihir Bellare, Phillip Rogaway, and Terence Spies. Unpublished manuscript, submitted to NIST for possible standardization. February 20, 2010. [ffx1]
• Addendum to “The FFX Mode of Operation for Format Preserving Encryption”. Mihir Bellare, Phillip Rogaway, and Terence Spies. Unpublished manuscripts, submitted to NIST for possible standardization. September 3, 2010. [ffx2].
• Format Preserving Encryption. Mihir Bellare, Tom Ristenpart, Phillip Rogaway, and Till Stegers. SAC 2009. LNCS 5867, Springer, pp. 295-312, 2009. abstract. [fpe].
• How to Encipher Messages on a Small Domain: Deterministic Encryption and the Thorp Shuffle. By Ben Morris, Phillip Rogaway, and Till Stegers. CRYPTO 2009. LNCS 5677, Springer, pp. 286-302, 2009. abstract. [thorp].
• Practice-Oriented Provable Security and the Social Construction of Cryptography. By Phillip Rogaway. Unpublished essay corresponding to an invited talk at EUROCRYPT 2009. May 6, 2009. abstract. [cc].
• Authentication without Elision: Partially Specified Protocols, Associated Data, and Cryptographic Models Described by Code. Phillip Rogaway and Till Stegers. Computer Security Foundations Symposium (CSF-22, CSF 2009), IEEE Press, 2009. abstract. [psp].
• Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers. Phillip Rogaway and John Steinberger. CRYPTO 2008, LNCS vol. 5157, Springer, pp. 433-450, 2008. abstract. [lp].
  
• Security/Efficiency Tradeoffs for Permutation-Based Hashing. Phillip Rogaway and John Steinberger. EUROCRYPT 2008, LNCS vol. 4965, Springer, pp. 220-236, 2008. abstract. [tradeoff]
• Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals. Mihir Bellare and Phillip Rogaway. ACM CCS 2007. abstract. [rcss].
  
• How to Enrich the Message Space of a Cipher. Fast Software Encryption (FSE) 2007, Thomas Ristenpart and Phillip Rogaway. LNCS vol. 4593, Springer, pp. 101-118, 2007. abstract. [extend].
• Formalizing Human Ignorance: Collision-Resistant Hashing without the Keys. Phillip Rogaway. Vietcrypt 2006. LNCS vol. 4341, Springer, pp. 221-228, 2006. abstract. [ignorance].
• Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Keywrap Problem. Phillip Rogaway and Tom Shrimpton. EUROCRYPT 2006. LNCS vol. 4004, Springer, 2006. abstract. [dae].
• The SIV Mode of Operation for Deterministic Authenticated-Encryption (Key Wrap) and Misuse-Resistant Nonce-Based Authenticated-Encryption. Phillip Rogaway and Tom Shrimpton. Specification document corresponding to the above. Submitted to NIST, August 2007. abstract. [siv].
• Variationally Universal Hashing. Ted Krovetz and Phillip Rogaway. Information Processing Letters (IPL), vol. 100, no. 1, pp. 36-39, 2006. abstract. [vu].
  
• Code-Based Game-Playing Proofs and the Security of Triple Encryption. Mihir Bellare and Phillip Rogaway. EUROCRYPT 2006. LNCS vol. 4004, Springer, 2006. abstract. [games]. Note: see Gazi and Maurer for a description of some bugs in the proof for triple encryption.
  
• UMAC: Message Authentication Code Using Universal Hashing. Ted Krovetz (editor), John Black, Shai Halevi, Alejandro Hevia, Hugo Krawczyk, and Phillip Rogaway. RFC 4418, March 2006. RFC based on the UMAC paper. abstract. [rfc4418].
• Improved Security Analyses for CBC MACs. Mihir Bellare, Krzysztof Pietrzak, and Phillip Rogaway. CRYPTO 2005, LNCS vol. 3621, Springer, pp. 527-541, 2005. abstract. [cbc2].
• The OCB Authenticated-Encryption Algorithm. Ted Krovetz and Phillip Rogaway. Internet draft, 2012. abstract. [ocb-spec]
• On the Role of Definitions in and Beyond Cryptography. Phillip Rogaway. ASIAN'04, The Ninth Asian Computing Science Conference. LNCS vol. 3321. Springer, 2004. Note: A working draft of this paper appeared in the LNCS proceedings due to an editorial error; please use this version instead. abstract. [def].
• Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. Phillip Rogaway. Asiacrypt 2004. LNCS vol. 3329. Springer, 2004. abstract. [offsets].
• Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision-Resistance. Phillip Rogaway and Tom Shrimpton. Fast Software Encryption (FSE) 2004, LNCS vol. 3017, pp. 371-388, Springer, 2004. abstract. [relates].
• Nonce-Based Symmetric Encryption. Fast Software Encryption (FSE) 2004, LNCS vol. 3017, Phillip Rogaway. pp. 348-359, Springer, 2004. abstract. [nonce].
  
• The EAX Mode of Operation (A Two-Pass Authenticated Encryption Scheme Optimized for Simplicity and Efficiency). Mihir Bellare, Phillip Rogaway, and David Wagner. Fast Software Encryption (FSE), LNCS vol. 3017, pp. 389-407, 2004. abstract. [eax].
• A Critique of CCM. Manuscript (service contribution), content largely absorbed into the above. February 2003. Phillip Rogaway and David Wagner. abstract [ccm].
• A Parallelizable Enciphering Mode. Shai Halevi and Phillip Rogaway. Topics in Cryptology, CT-RSA 2004, LNCS vol. 2964, pp. 292-304, Springer, 2004. abstract. [eme].
• A Tweakable Enciphering Mode. CRYPTO 2003, LNCS vol. 2729, pp. 482-499, Springer, 2003. abstract. [cmc].
• Authenticated-Encryption with Associated-Data. Phillip Rogaway. ACM Conference on Computer and Communications Security 2002 (CCS'02), ACM Press, pp. 98-107, September 2002. abstract. [aead].
  
• Block-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. John Black, Phillip Rogaway, and Tom Shrimpton. CRYPTO 2002, LNCS vol. 2442, pp. 320-335, Springer, 2002. abstract. [hash].
  
• Encryption-Scheme Security in the Presence of Key-Dependent Messages. John Black, Phillip Rogaway, and Tom Shrimpton. Selected Areas in Cryptography 2002 (SAC 2002), LNCS vol. 2595, pp. 62-75, Springer, 2002. abstract. [kdm].
  
• A Block-Cipher Mode of Operation for Parallelizable Message Authentication.
  John Black and Phillip Rogaway. EUROCRYPT 2002, LNCS vol. 2332, pp. 384-397, Springer, 2002. abstract. [pmac].
• Ciphers with Arbitrary Finite Domains. John Black and Phillip Rogaway. RSA Data Security Conference, Cryptographer's Track (RSA CT '02), LNCS vol. 2271, pp. 114-130, Springer, 2002. abstract. [subset]
• OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. Phillip Rogaway, Mihir Bellare, and John Black. ACM Transactions on Information and System Security (TISSEC), vol. 6, no. 3, pp. 365-403, August 2003. Earlier version, with Ted Krovetz, in Eighth ACM Conference on Computer and Communications Security (ACM CCS), ACM Press, pp. 196-205, 2001. Further information available from the OCB homepage. abtract. [ocb]
• Counter-mode encryption. Helger Lipmaa, Phillip Rogaway, and David Wagner. Contribution to NIST on CTR. [ctr].
• Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). Martín Abadi and Phillip Rogaway. J. of Cryptology, vol. 15, no. 2, pp. 103-127, 2002. Earlier version in Theoretical Computer Science, Exploring New Frontiers in Theoretical Informatics. LNCS vol. 1872, pp. 3-22, Springer, 2000. abstract [equiv].
• Fast Universal Hashing with Small Keys and no Preprocessing: the PolyR Construction. Ted Krovetz and Phillip Rogaway. Information Security and Cryptology - ICICS 2000, LNCS vol. 2015, pp. 73-89, Springer, 2000. abstract. [poly].
• Encode-then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography. Mihir Bellare and Phillip Rogaway. Asiacrypt '00, LNCS vol. 1976, pp. 317-330, Springer, 2000. abstract. [encode].
• CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions. John Black and Phillip Rogaway. J. of Cryptology, vol. 18, no. 2, pp. 111-131, 2005. Earlier version in CRYPTO 2000. abstract. [3key].
• Authenticated Key Exchange Secure against Dictionary Attacks. Mihir Bellare, David Pointcheval, and Phillip Rogaway. EUROCRYPT 2000, LNCS vol. 1807, pp. 139-155, Springer, 2000. abstract. [dict].
• The AuthA Protocol for Password-Based Authenticated Key Exchange. Mihir Bellare and Phillip Rogaway. Unpublished manuscript (service contribution) submitted to IEEE P1363. abstract. [autha].
• UMAC: Fast and Secure Message Authentication. John Black, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. Crypto '99, LNCS vol. 1666. pp. 216-233, Springer, 1999. abstract. [umac].
• On the Construction of Variable-Input-Length Ciphers. Mihir Bellare and Phillip Rogaway. Fast Software Encryption, 6th International Workshop, FSE'99, LNCS vol. 1636, pp. 321-344, Springer, 1999. abstract. [vil].
• The Oracle Diffie-Hellman Assumption and an Analysis of DHIES. Michael Abdalla, Mihir Bellare, and Phillip Rogaway. Topics in Cryptology - CT RSA 01. LNCS vol. 2020, Springer, 2001. abstract. [dhies].
• PSS: Provably Secure Encoding Method for Digital Signatures. Mihir Bellare and Phillip Rogaway. Submission to IEEE P1363a (service contribution corresponding to the above). abstract. [pss].
• A Software-Optimized Encryption Algorithm. Phillip Rogaway and Don Coppersmith. Journal of Cryptology, vol. 11, num 4, pp. 273-287, 1998. abstract. [seal].
• When to Hyphenate Phrases such as “Public Key”. Kathleen Ward and Phillip Rogaway. Technical (so-to-speak) content of the possibly-humorous rump-session talk given at CRYPTO '98. [hyphen].
• Relations among Notions of Security for Public-Key Encryption Schemes. Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Crypto '98, LNCS vol. 1462, pp. 26-45, Springer, 1998. abstract. [relations].
• Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-Invertible. Mihir Bellare, Ted Krovetz, and Phillip Rogaway. EUROCRPYT '98, LNCS vol. 1403, pp. 266-280, Springer, 1998. abstract. [p2f].
  
• A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. Mihir Bellare, Anand Desai, Eron Jokipii, and Phillip Rogaway. Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97), pp. 394-403, IEEE Press, 1997. abstract. [se].
• Collision-Resistant Hashing: Towards Making UOWHFs Practical. Mihir Bellare and Phillip Rogaway. Crypto '97, LNCS vol. 1294, pp. 470-484, Springer, 1997. abstract. [tcr].
• Bucket Hashing and its Application to Fast Message Authentication. Phillip Rogaway. Journal of Cryptology , vol. 12, num. 2, pp. 91-115, 1999. Earlier version in CRYPTO '95. abstract. [bucket].
• Locally Random Reductions: Improvements and Applications. Don Beaver, Joan Feigenbaum, Joe Kilian, and Phillip Rogaway. Journal of Cryptology, Winter 1997, pp. 17-36. abstract. [lrr].
• How to Protect DES Against Exhaustive Key Search (an analysis of DESX). Joe Kilian and Phillip Rogaway. J. of Cryptology, vol. 14, no. 1, pp. 17-35, 2001. Earlier version in CRYPTO '96. abstract. [desx].
• The Security of DESX. Phillip Rogaway. RSA Laboratories' CryptoBytes, Summer 1996. Less technical summary of the above article. abstract. [desx'].
• The Exact Security of Digital Signatures – How to Sign with RSA and Rabin. Mihir Bellare and Phillip Rogaway. Advance in Cryptology - EURO CRYPT '96, LNCS vol. 1070, pp. 399-416, Springer, 1996. abstract. [sig].
• XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions. Mihir Bellare, Roch Guerin, and Phillip Rogaway. Crypto ’95, LNCS vol. 963, pp. 15-28, Springer, 1995. abstract. [xormac].
• Provably Secure Session Key Distribution - The Three Party Case. Mihir Bellare and Phillip Rogaway. Proc. 27th Annual Symposium on the Theory of Computing (STOC 95), pp. 57-66, ACM, 1995. abstract [3pkd].
• Optimal Asymmetric Encryption – How to Encrypt with RSA. Mihir Bellare and Phillip Rogaway. EUROCRYPT ’94, LNCS vol. 950, pp. 341-358, Springer, 1995. abstract. [oaep].
• The Security of the Cipher Block Chaining Message Authentication Code. Mihir Bellare, Joe Kilian, and Phillip Rogaway. Journal of Computer and System Sciences (JCSS), vol. 61, no. 3, pp. 362-399, Dec 2000. Earlier version in CRYPTO ’94. abstract. [cbcmac].
• Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. Mihir Bellare and Phillip Rogaway. Extended abstract in Proc. First Annual Conference on Computer and Communications Security, ACM, 1993. abstract. [ro].
• Entity Authentication and Key Distribution. Mihir Bellare and Phillip Rogaway. Crypto 93, LNCS vol. 773, pp. 232-249, Springer, 1994. abstract. [eakd].
• The Complexity of Approximating a Nonlinear Program. Mihir Bellare and Phillip Rogaway. Journal of Mathematical Programming B, vol. 69, no. 3, pp. 429-441, September 1995. Also in Complexity of Numerical Optimization, ed. P. M. Pardalos, World Scientific, 1993. abstract. [qp].
• The Round Complexity of Secure Protocols. Phillip Rogaway. MIT Ph.D. Thesis, June 1991. Note: Definitions and a fuller treatment of [BMR90]. Sometimes cited for having a full proof for garbled circuits, but the method descrbed here is buggy: see Tate and Xu (2003) for a description of the problem, and a solution. [thesis].