Peter Schwabe (樂岩)
Postal Address: Digital Security Group Radboud University Nijmegen PO Box 9010 6500 GL Nijmegen The Netherlands 
Visiting Address: Mercator I building Room 1.03 Toernooiveld 210 6525 EC Nijmegen The Netherlands 
Phone: +31243653456
EMail: peter@cryptojedi.org
Twitter: @cryptojedi
GPGKey: 603ABD5D,
Fingerprint: 64A9 1D22 F226 EA50 7B8C 7197 A715 A6B7 603A BD5D
Google scholar page
About Me
I am an assistant professor (Universitair Docent) for computer security in the
Digital Security Group at
Radboud University Nijmegen.
Until November 2012 I was a postdoc in the
Research Center for Information Technology Innovation
and the
Institute of Information Science of
Academia Sinica.
Before that, I was postdoc in the
Department of Electrical Engineering of
National Taiwan University within the
IntelNTU Connected Context Computing Center.
Before that, I was a postdoc in the
Institute of Information Science at
Academia Sinica.
Before that, I was a Ph.D. student in the
Department of Mathematics and Computer Science at
Eindhoven University of Technology.
In January 2011, I completed my Ph.D. at Eindhoven University of Technology in the Coding and Cryptology Group under the supervision of Tanja Lange and Daniel J. Bernstein.
In 2006, I finished my Diplom in computer science at RWTH Aachen University at the Institute for Theoretical Information Technology under the supervision of Rudolf Mathar and Michael Naehrig.
Theses

Ph.D. thesis: HighSpeed Cryptography and Cryptanalysis, Eindhoven University of Technology, The Netherlands, 2011.
For the thesis and related software please refer to my separate Ph.D. thesis website.  Diplomarbeit: Effiziente Implementierung von Elliptischen und Hyperelliptischen Kurven für Anwendungen in der Kryptographie, RWTH Aachen University, Germany, 2006. [ps]
Publications

Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Peter Schwabe:
Kummer strikes back: new DH speed records.
Advances in Cryptology – ASIACRYPT 2014, Lecture Notes in Computer Science, SpringerVerlag (2014), to appear.
Date: 20140218 [pdf] [bibtex] 
YuFang Chen, ChangHong Hsu, HsinHung Lin, Peter Schwabe, MingHsien Tsai, BowYaw Wang, BoYin Yang, and ShangYi Yang:
Verifying Curve25519 Software.
2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, ACM (2014), to appear.
Date: 20140428 [pdf] [bibtex] 
Chitchanok Chuengsatiansup, Michael Naehrig, Pance Ribarski, and Peter Schwabe:
PandA: Pairings and Arithmetic.
PairingBased Cryptography – Pairing 2013, Lecture Notes in Computer Science 8365, SpringerVerlag (2014), pp 229–250.
Date: 20131204 [pdf] [bibtex] 
Daniel J. Bernstein, Tung Chou, and Peter Schwabe:
McBits: fast constanttime codebased cryptography.
Cryptographic Hardware and Embedded Systems – CHES 2013, Lecture Notes in Computer Science 8086, SpringerVerlag (2013), pp 250–272.
Date: 20130616 [pdf] [bibtex] 
Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe:
Software speed records for latticebased signatures.
PostQuantum Cryptography, Lecture Notes in Computer Science 7932, SpringerVerlag (2013), pp 67–82.
Date: 20130328 [pdf] [bibtex] [more] 
Michael Hutter and Peter Schwabe:
NaCl on 8bit AVR Microcontrollers.
Progress in Cryptology – AFRICACRYPT 2013, SpringerVerlag (2013), pp 156–172.
Date: 20130514 [pdf] [bibtex] [more]
Supersedes: 20130220 [pdf] 
Severin HolzerGraf, Thomas Krinninger, Martin Pernull, Martin Schläffer,
Peter Schwabe, David Seywald, and Wolfgang Wieser:
Efficient Vector Implementations of AESbased Designs: A Case Study and New Implemenations for Grøstl.
Topics in Cryptology – CTRSA 2013,
Lecture Notes in Computer Science 7779,
SpringerVerlag (2013),
pp 145–161.
Date: 20121119 [pdf] [bibtex]
Supersedes: 20121006 [pdf] 
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
The security impact of a new cryptographic library.
Progress in Cryptology – LATINCRYPT 2012, Lecture Notes in Computer Science 7533, SpringerVerlag (2012), pp 159–176.
Date: 20120725 [pdf] [bibtex] [more]
Supersedes: 20111201 [pdf] 
Daniel J. Bernstein and Peter Schwabe:
NEON crypto.
Cryptographic Hardware and Embedded Systems – CHES 2012, Lecture Notes in Computer Science 7428, SpringerVerlag (2012), pp 320–339.
Date: 20120320 [pdf] [bibtex] [more] 
Peter Schwabe, BoYin Yang, and ShangYi Yang:
SHA3 on ARM11 processors.
Progress in Cryptology – AFRICACRYPT 2012, Lecture Notes in Computer Science 7374, Springer Verlag (2012), pp 324–341.
Date: 20120422 [pdf] [bibtex] [more]
Supersedes: 20111125 [pdf] 
Peter Schwabe:
Graphics Processing Units.
Chapter in Secure Smart Embedded Devices: Platforms and Applications. SpringerVerlag (2014).
Date: 20130310 [pdf] [bibtex]
The final publication will be available at www.springerlink.com. 
Daniel J. Bernstein, HsiehChung Chen, ChenMou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and BoYin Yang:
Usable assembly language for GPUs: a success story.
Workshop record of SpecialPurpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 169–178.
Date: 20120313 [pdf] [bibtex] 
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and BoYin Yang:
Highspeed highsecurity signatures.
Full version: Journal of Cryptographic Engineering, Volume 2, Issue 2, SpringerVerlag (2012), pp 77–89.
Short version: Cryptographic Hardware and Embedded Systems – CHES 2011. Lecture Notes in Computer Science 6917, SpringerVerlag (2011), pp 124–142.
Date: 20110926 [pdf] [bibtex] [more]
Supersedes: 20110705[pdf] 
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Really fast syndromebased hashing.
Progress in Cryptology – AFRICACRYPT 2011, Lecture Notes in Computer Science 6737, SpringerVerlag (2011), pp 134–152.
Date: 20110508 [pdf] [bibtex]
[more]
Supersedes: 20110214 [pdf] 
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Faster 2regular informationset decoding.
Coding and Cryptology, Lecture Notes in Computer Science 6639, Springer Verlag (2011), pp 81–98.
Date: 20110309 [pdf] [bibtex] 
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
On the correct use of the negation map in the Pollard rho method.
Public Key Cryptography – PKC 2011, Lecture Notes in Computer Science 6571, SpringerVerlag (2011), pp 128–146.
Date: 20110102 [pdf] [bibtex]

Daniel J. Bernstein, HsiehChung Chen, ChenMou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and BoYin Yang:
ECC2K130 on NVIDIA GPUs.
Progress in Cryptology – INDOCRYPT 2010, Lecture Notes in Computer Science 6498, Springer Verlag (2010), pp 328–346.
Date: 20120102 [pdf] [bibtex]

Michael Naehrig, Ruben Niederhagen, and Peter Schwabe:
New software speed records for cryptographic pairings.
Progress in Cryptology – LATINCRYPT 2010, Lecture Notes in Computer Science 6212, SpringerVerlag (2010), pp 109–123.
Date: 20100714 [pdf] [bibtex] [more]
Supersedes: 20100528 [pdf], supersedes: 20100406 [pdf]
Caution: The software as described in versions 20100528 and 20100406 of the paper has a bug related to the choice of curve parameters. This also affects the version in the Latincrypt 2010 proceedings. A corrected version of the software is available and the bug is corrected from version 20100714 of the paper. 
Joppe W. Bos, Thorsten Kleinjung, Ruben Niederhagen, and Peter Schwabe:
ECC2K130 on Cell CPUs.
Progress in Cryptology – AFRICACRYPT 2010, Lecture Notes in Computer Science 6055, Springer Verlag (2010), pp 225–242.
Date: 20100228 [pdf] [bibtex]
Supersedes: 20100212 [pdf] 
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe:
FSBday: Implementing Wagner's generalized birthday attack against the SHA3 round1 candidate FSB.
Progress in Cryptology – INDOCRYPT 2009, Lecture Notes in Computer Science 5922, Springer Verlag (2009), pp 18–38.
Date: 20110927 [pdf] [bibtex] [more]
Supersedes: 20090924 [pdf], supersedes: 20090901 [pdf], supersedes: 20090617 [pdf] 
Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme,
Giacomo de Meulenaer, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens,
Christof Paar, Francesco Regazzoni, Peter Schwabe, and Leif Uhsadel:
The Certicom Challenges ECC2X.
Workshop Record of SHARCS'09: Specialpurpose Hardware for Attacking Cryptographic Systems, pp 51–82.
Date: 20090917 [pdf] [bibtex] 
Michael Naehrig, Christiane Peters, and Peter Schwabe:
SHA2 will soon retire  The SHA3 Song.
Journal of Craptology, volume 7 (invited paper).
Date: 20090622 [pdf] [bibtex] [more] 
Emilia Käsper and Peter Schwabe:
Faster and TimingAttack Resistant AESGCM.
Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, SpringerVerlag (2009), pp 1–17.
Date: 20090616 [pdf] [bibtex] [more]
Supersedes: 20090319 [pdf] 
David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg,
Dominik Auras, Gerd Ascheid, and Rudolf Mathar:
Designing an ASIP for Cryptographic Pairings over BarretoNaehrig Curves.
Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, SpringerVerlag (2009), pp 254–271.
Date: 20090714 [pdf] [bibtex]
See also full version of the paper by David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg, Dominik Auras, Rainer Leupers, Gerd Ascheid, Rudolf Mathar, and Heinrich Meyr: [pdf]
Supersedes: 20090331 [pdf], supersedes: 20090205 [pdf] 
Neil Costigan and Peter Schwabe:
Fast ellipticcurve cryptography on the Cell Broadband Engine.
Progress in Cryptology – AFRICACRYPT 2009, Lecture Notes in Computer Science 5580, SpringerVerlag (2009), pp 368–385.
Date: 20090331 [pdf] [bibtex] [more]
Supersedes: 20090121 [pdf], supersedes: 20090107 [pdf] 
Daniel J. Bernstein and Peter Schwabe:
New AES software speed records.
Progress in Cryptology – INDOCRYPT 2008, Lecture Notes in Computer Science 5365, SpringerVerlag (2008), pp 322–336.
Date: 20080926 [pdf] [bibtex] [more]
Supersedes: 20080908 [pdf] 
Michael Naehrig, Paulo S. L. M. Barreto and Peter Schwabe:
On compressible pairings and their computation.
Progress in Cryptology – AFRICACRYPT 2008, Lecture Notes in Computer Science 5023, SpringerVerlag (2008), pp 371–388.
[pdf] [bibtex] [more]
Technical Reports and Preprints

Michael Hutter and Peter Schwabe:
Multiprecision multiplication on AVR revisited.
Date: 20140731 [pdf] [bibtex] [more]
Supersedes: 20140715 [pdf] 
Daniel J. Bernstein, Wesley Janssen, Tanja Lange, Peter Schwabe:
TweetNaCl: A crypto library in 100 tweets.
Date: 20131229 [pdf] [bibtex] [more] 
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe.
Improved Networking and Cryptography Library.
Deliverable 2.5 of the EU FP7 project Computer Aided Cryptography Engineering (CACE). 2011.
Date: 20110221 [pdf] [bibtex]

Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos,
HsiehChung Chen, ChenMou Cheng, Gauthier Van Damme, Giacomo de Meulenaer,
Luis Julian Dominguez Perez, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung,
Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni,
Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, and BoYin Yang:
Breaking ECC2K130.
Date: 20091106 [pdf] [bibtex]
Talks
 Slides from my talk Fast symmetric crypto on embedded CPUs 20140605 at the Summer School on Design and security of cryptographic algorithms and devices for realworld applications , Šibenik, Crotia.
 Slides from my talk Verifying crypto – many questions and the beginning of an answer 20140520 in the Brouwer Seminar, Radboud University Nijmegen, Netherlands.
 Slides from my talk McBits: Fast codebased cryptography, 20131217 at the IMA Conference on Cryptography and Coding, Oxford, England.

Slides from my tutiral talk Efficient implementation of finitefield arithmetic
20131122 at Pairing 2013, Beijing, China, and similarly
20130911 at the ECC 2013 summer school, Leuven, Belgium.  Slides from my talk You vs. the NSA – Why everybody needs highsecurity crypto, 20131021 at the Semana da Computação, Universidade Federal de Santa Catarina, Florianópolis, Brazil.
 Slides from my talk Efficient software implementation of postquantum cryptography, 20131020 at ASCrypto 2013, Florianópolis, Brazil.
 Slides from my talk Scalar multiplication algorithms, 20130911 at the ECC 2013 summer school, Leuven, Belgium.
 Slides from my talk Who is afraid of vectors?, 20130826 in the Crypto Group of Microsoft Research, Redmond, USA.
 Slides from my talk A word of warning, 20130822 in the rump session of CHES 2013, Santa Barbara, USA. [software]
 Slides from the joint talk by Michael Hutter and me NaCl on 8bit AVR microcontrollers, 20130624 at Africacrypt 2013, Cairo, Egypt.
 Slides from my talk NaCl: Cryptography for the Internet, 20130121 at the research retreat Internet crypto, Tenerife, Spain.
 Slides from my talk Constructive and destructive implementations of ellipticcurve arithmetic, 20121030 at ECC 2012 in Querétaro, Mexico.
 Slides from my talk The security impact of a new cryptographic library, 20121009 at Latincrypt 2012 in Santiago, Chile.
 Slides from my presentation NEON crypto, 20120911 at CHES 2012 in Leuven, Belgium.
 Slides from my presentation HighPerformance Cryptography in Software, 20120903 in the ECRYPT Summerschool on Challenges in Security Engineering in Bochum, Germany, and similarly 20121015 at the Advanced Programming Seminar at University of Illinois at Chicago.
 Slides from my presentation SHA3 on ARM11 processors, 20120712 at Africacrypt 2012 in Ifrane, Morocco.
 Slides from my presentation The NaCl library, 20120712 in the rump session of Africacrypt 2012 in Ifrane, Morocco.

Slides from my presentation How to use the negation map in the Pollard rho method,
20120309 in the EiPSI Crypto Working Group.
The slides are basically the same as the ones I used for the talk
How to use the negation map in the Pollard rho method, 20110616 in the crypto seminar of the Laboratoire PRiSM at Université de Versailles SaintQuentinenYvelines. 
Slides from my presentation EdDSA signatures and Ed25519,
20120220 in the Coding Theory and Cryptography Seminar at the
University of Basel.
Subsets of these slides I used in the talks
EdDSA signatures and Ed25519, 20120320 at CARAMEL group, INRIA Nancy,
Highspeed highsecurity signatures, 20110929 at CHES 2011 in Nara, Japan, and
Highspeed highsecurity signatures, 20110914 in the EiPSI seminar at Eindhoven University of Technology.  Slides from my presentation HighSpeed Cryptography, 20111024 in the Graduate Seminar of National Taiwan University.
 Slides from my presentation Fun things to do with your mobile phone, 20110930 in the rump session of CHES 2011 in Nara, Japan.
 Slides from my presentation Highspeed highsecurity signatures, 20110929 at CHES 2011 in Nara, Japan.
 Slides from my presentation Highspeed highsecurity signatures, 20110914 in the EiPSI seminar at Eindhoven University of Technology.
 Slides from my talk Really fast syndromebased hashing, 20110705 at Africacrypt 2011.
 Slides from my talk On the correct use of the negation map in the Pollard rho method, 20101018 in the rump session of ECC 2010 in Redmond, USA.
 Slides from my talk New software speed records for cryptographic pairings, 20100809 at Latincrypt 2010 in Puebla, Mexico.
 Slides from my talk New software speed records for cryptographic pairings, 20100708 in the HGI Colloquium at Ruhr Universität Bochum.

Slides from my talk Breaking ECC2K130, 20100520 in the
Obersemiar Computer Security
at BIT Bonn.
Subsets of these slides I used for the talks
ECC2K130 on Cell processors, 20100505, at Africacrypt 2010,
Breaking ECC2K130 on Cell processors and GPUs, 20100414 in the Workshop on Computer Security and Cryptography at CRM Montréal, and
Breaking ECC2K130 (on Cell CPUs and NVIDIA GPUs), 20100321 at CARAMEL group, INRIA Nancy.  Slides from my talk How do deal with annoying questions from Dan, 20100504 at the rump session of Africacrypt 2010.
 Slides from my talk NaCl — Networking and Cryptography library, 20091204 at the SPAN meeting at TU Eindhoven and code examples I used in the talk: encauthopenssl.c, encauthnacl.c.
 Slides from my talk AESGCM plus rapide et résistant aux attaques temporelles, 20091113 in the séminaire de cryptographie at Université de Rennes 1.
 Slides from the joint talk by Christiane Peters and me FSBday: Implementing Wagner's Generalized Birthday Attack against the round1 SHA3 Candidate FSB, 20090910 at SHARCS 2009.
 Slides from the joint talk by Daniel V. Bailey, Daniel J. Bernstein, Frank Gurkaynak, Tanja Lange and me The Certicom Challenges ECC2X, 20090909 at SHARCS 2009.
 Slides from my talk Fast ellipticcurve cryptography on the Cell Broadband Engine, 20090624 at Africacrypt 2009 and similarly 20090520 at the COSIC seminar at KU Leuven.
 Slides from the joint talk by Christiane Peters and me FSBday: Implementing Wagner's Generalized Birthday Attack against the SHA3 Candidate FSB, 20090616 at the INRIA Paris  Rocquencourt.

Slides from the joint "talk" by Christiane Peters,
Michael Naehrig", and me
"A brief look at the 56 SHA3 submissions",
20090428 at the rump session of
Eurocrypt 2009.
See also the Lyrics with guitar chords and the video on youtube.  Slides from the joint presentation by Emilia Käsper and me "How fast is AES?", 20090212 at the rump session of FSE 2009.
 Slides from my presentation "New AES software speed records", 20081216 at Indocrypt 2008.
 Slides from my presentation "Achieving Software Speed Records with qhasm", 20081112 in the EiPSI seminar at Eindhoven University of Technology.
 Slides from my presentation "Effiziente Berechnung der Tate Paarung", 20070606 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Paarungen und Identitätsbasierte Kryptographie", 20070510 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Effiziente Implementierung von elliptischen und hyperelliptischen Kurven", 2006531 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Arithmetik auf hyperelliptischen Kurven", 20051214 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my seminar talk "Seitenkanalattacken gegen Kryptographie auf Elliptischen Kurven", 20050517 at the Institute for Theoretical Information Technology at RWTH Aachen University and related report.
Conferences, Workshops, and Schools
I am or was member of the program committees of the following conferences, workshops, and schools: Summer School on the design and security of cryptographic algorithms and devices for realworld applications, May 31–June 5, 2015, Šibenik, Croatia. (Coorganizer)
 Africacrypt 2015, May 27–29, 2015, Dakar, Senegal.
 PKC 2015, April 30–May 1, Washington DC, USA.
 WESS 2014, October 17, 2014, New Delhi, India.
 CHES 2014, September 23–26, 2014, Busan, Korea.
 Latincrypt 2014, September 17–19, 2014, Florianópolis, Brazil.
 Africacrypt 2014, May 28–30, 2014, Marrakesh, Morocco.
 Pairing 2013, Nov 22–24, 2013, Beijing, China.
 WESS 2013, September 29, 2013, Montreal, Canada.
 SAC 2013, August 1416, 2013, Burnaby, British Columbia, Canada.
 Asiacrypt 2013, December 1–5, 2013, Bengaluru, India.
 WAIFI 2012, July 16–19, 2012, Bochum, Germany.
 Pairing 2012, May 16–18, 2012, Cologne, Germany.
 Indocrypt 2011, December 11–14, 2011, Chennai, India.
 InfoSecHiComNet 2011, October 19–22, 2011, Haldia, India.
Teaching
Course Network Security, RU Nijmegen, 2014
For details please check the course website.
Course Cryptographic Engineering, RU Nijmegen, 2014
For details please check the course website.
Course "Research A", RU Nijmegen, 2013/14
For details please check the course website.
Course "Research B", RU Nijmegen, 2013/14
For details please check the course website.
Lecture "Security Issues in Cloud Computing", NTU, 2011/12
Whiteboard transcripts: 20111007: Introduction to Cryptography
 20111014: Modern Cryptography I – Symmetric Cryptography
 20111021: Modern Cryptography I – Symmetric Cryptography (ctd.)
 20111028: Modern Cryptography II – Asymmetric Cryptography
 Homework assignment to be handed in on December 11, 2011:
Describe where cryptographic hash functions are used. Explain for what purpose they are used and what properties of the hash function are required for the respective applications. Focus on applications that have not been dealt with in the lecture.
Remarks: This is not about finding as many applications as possible, focus on just 12 applications. Your essay should be about 1 page in length.