• Santiago Arranz Olmos, Gilles Barthe, Ruben Gonzalez, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet, Tiago Oliveira, and Peter Schwabe: High-assurance zeroization.
  Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024-1, Ruhr University Bochum (2023), to appear.
  Date: 2023-11-05 [pdf] [bibtex]
• Phillip Gajland, Bor de Kock, Miguel Quaresma, Giulio Malavolta, and Peter Schwabe: Swoosh: Practical Lattice-Based Non-Interactive Key Exchange.
  Proceedings of the 33rd USENIX Security Symposium, USENIX Association (2024), to appear. Date: 2023-10-23 [pdf] [bibtex] [more]
  Supersedes: 2023-02-23 [pdf],
• Joël Alwen, Dominik Hartmann, Eike Kiltz, Marta Mularczyk, and Peter Schwabe: Post-Quantum Multi-Recipient Public Key Encryption.
  2023 ACM SIGSAC Conference on Computer and Communications Security, CCS'23, ACM (to appear).
  Date: 2022-08-12 [pdf] [bibtex] [more]
  
• José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Jean-Christophe Léchenet, Tiago Oliveira, Hugo Pacheco, Miguel Quaresma, Peter Schwabe, Antoine Séré, and Pierre-Yves Strub: Formally verifying Kyber – Episode IV: Implementation Correctness.
  Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023-3, Ruhr University Bochum (2023), pp 164–193.
  Date: 2023-04-24 [pdf] [bibtex] [more]
  Supersedes: 2023-02-17 [pdf]
• Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, and Yuval Yarom: Ultimate SLH: Taking Speculative Load Hardening to the Next Level.
  Proceedings of the 32nd USENIX Security Symposium, USENIX Association (2023), to appear.
  Date: 2023-04-30 [pdf] [bibtex]
  Supersedes: 2022-06-05 [pdf]
• Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Swarn Priya, Peter Schwabe, and Lucas Tabary-Maujean: Typing High-Speed Cryptography against Spectre v1.
  2023 IEEE Symposium on Security and Privacy (SP), IEEE (2023), pp 1094–1111.
  Date: 2022-09-25 [pdf] [bibtex]
  
• Basavesh Ammanaghatta Shivakumar, Jack Barnes, Gilles Barthe, Sunjay Cauligi, Chitchanok Chuengsatiansup, Daniel Genkin, Sioli O'Connell, Peter Schwabe, Rui Qi Sim, and Yuval Yarom: Spectre Declassified: Reading from the Right Place at the Wrong Time.
  2023 IEEE Symposium on Security and Privacy (SP), IEEE (2023), pp 1753–1770.
  Date: 2022-04-03 [pdf] [bibtex]
  
• Lejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, and Peter Schwabe: SCA-secure ECC in software – mission impossible?
  Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023-1, Ruhr University Bochum (2023), pp 557–589.
  Date: 2022-11-04 [pdf] [bibtex] [more]
  Supersedes: 2021-09-27 [pdf]
• Gilles Barthe, Adrien Koutsos, Solène Mirliaz, David Pichardie, and Peter Schwabe: Semantic foundations for cost analysis of pipeline-optimized programs.
  Static Analysis, Lecture Notes in Computer Science 13790, Springer-Verlag (2022), pp 372–396.
  Date: 2022-09-16 [pdf] [bibtex]
• Yawning Angel, Benjamin Dowling, Andreas Hülsing, Peter Schwabe, and Florian Weber: Post Quantum Noise.
  2022 ACM SIGSAC Conference on Computer and Communications Security, CCS'22, ACM (2022), pp 97–109.
  Date: 2022-05-19 [pdf] [bibtex]
  
• Matthias J. Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers: Improving Software Quality in Cryptography Standardization Projects.
  2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp 19–30.
  Date: 2022-04-13 [pdf] [bibtex]
• Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, and Yasemin Acar: "They’re not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks.
  2022 IEEE Symposium on Security and Privacy (SP), IEEE (2022), pp 632–649.
  Date: 2021-12-16 [pdf] [bibtex]
• Peter Schwabe, Douglas Stebila, and Thom Wiggers: More efficient post-quantum KEMTLS with pre-distributed public keys.
  Computer Security – ESORICS 2021, Lecture Notes in Computer Science 12972, Springer-Verlag (2021), pp 3–22.
  Date: 2022-03-15 [pdf] [bibtex] [more]
  Supersedes: 2021-06-09 [pdf],
• Peter Schwabe, Benoît Viguier, Timmy Weerwag, and Freek Wiedijk: A Coq proof of the correctness of X25519 in TweetNaCl.
  34th IEEE Computer Security Foundations Symposium (CSF), IEEE (2021), pp 1–16.
  Date: 2021-02-08 [pdf] [bibtex]
• Gilles Barthe, Sunjay Cauligi, Benjamin Gregoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, Tamara Rezk, and Peter Schwabe: High-assurance Cryptography Software in the Spectre Era.
  2021 IEEE Symposium on Security and Privacy (SP), IEEE (2021), pp 1884–1901.
  Date: 2021-01-15 [pdf] [bibtex]
• Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R. Zimmermann: Post-quantum WireGuard.
  2021 IEEE Symposium on Security and Privacy (SP), IEEE (2021), pp 304–321.
  Date: 2021-06-16 [pdf] [bibtex] [more]
  Supersedes: 2020-04-03 [pdf],
• Peter Schwabe, Douglas Stebila, and Thom Wiggers: Post-quantum TLS without handshake signatures.
  2020 ACM SIGSAC Conference on Computer and Communications Security, CCS'20, ACM (2020), pp 1461–1480.
  Date: 2022-01-03 [pdf] [bibtex] [more]
  Supersedes: 2021-04-21 [pdf], supersedes: 2020-09-29 [pdf], supersedes: 2020-08-26 [pdf], supersedes: 2020-05-07 [pdf]
• Peter Schwabe and Daan Sprenkels: The complete cost of cofactor h=1.
  Progress in Cryptology – INDOCRYPT 2019, Lecture Notes in Computer Science 11898, Springer-Verlag (2019), pp 375–397.
  Date: 2019-10-11 [pdf] [bibtex] [more]
  
• Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, and Peter Schwabe: The SPHINCS⁺ signature framework.
  2019 ACM SIGSAC Conference on Computer and Communications Security, CCS'19, ACM (2019), pp 2129–2146.
  Date: 2019-09-23 [pdf] [bibtex]
• Matthias J. Kannwischer, Joost Rijneveld, Peter Schwabe, and Ko Stoffelen: pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4.
  Workshop Record of the Second PQC Standardization Conference.
  Date: 2019-07-21 [pdf] [bibtex] [more]
• Leon Botros, Matthias Kannwischer, and Peter Schwabe: Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4.
  Progress in Cryptology – Africacrypt 2019, Lecture Notes in Computer Science 11627, Springer-Verlag (2019), pp 209–228.
  Date: 2019-05-13 [pdf] [bibtex]
• Matthias Kannwischer, Joost Rijneveld, and Peter Schwabe: Faster multiplication in ℤ_2^m[x] on Cortex-M4 to speed up NIST PQC candidates.
  Applied Cryptography and Network Security, Lecture Notes in Computer Science 11464, Springer-Verlag (2019), pp 281–301
  Date: 2019-04-09 [pdf] [bibtex]
  Supersedes: 2018-10-19 [pdf]
• Ebo van der Laan, Erik Poll, Joost Rijneveld, Joeri de Ruiter, Peter Schwabe, and Jan Verschuren: Is Java Card ready for hash-based signatures?
  Advances in Information and Computer Security – IWSEC 2018, Lecture Notes in Computer Science 11049, Springer-Verlag (2018), pp 127–142.
  Date: 2018-06-14 [pdf] [bibtex] [more]
  
• Benjamin Grégoire, Kostas Papagiannopoulos, Peter Schwabe, and Ko Stoffelen: Vectorizing higher-order masking.
  Constructive Side-Channel Analysis and Secure Design, Lecture Notes in Computer Science 10815, Springer-Verlag (2018), pp 23–43
  Date: 2018-04-06 [pdf] [bibtex] [more (external link)]
  
• Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe: SOFIA: MQ-based signatures in the QROM.
  Public Key Cryptography – PKC 2018, Lecture Notes in Computer Science 10770, Springer-Verlag (2018), pp 1–17.
  Date: 2017-07-17 [pdf] [bibtex]
• Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS – Dilithium: Digital Signatures from Module Lattices.
  Transactions on Cryptographic Hardware and Embedded Systems, Volume 2018-1, Ruhr University Bochum (2018), pp 238–268.
  Date: 2017-06-27 [pdf] [bibtex]
• Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS – Kyber: a CCA-secure module-lattice-based KEM.
  2018 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE (2018), pp 353–367.
  Date: 2018-07-16 [pdf] [bibtex] [more]
  Supersedes: 2018-02-26 [pdf] Supersedes: 2017-06-27 [pdf]
• Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier: Gimli: a cross-platform permutation.
  Cryptographic Hardware and Embedded Systems – CHES 2017, Lecture Notes in Computer Science 10529, Springer-Verlag (2017), pp 299–320.
  Date: 2017-06-27 [pdf] [bibtex] [more]
• Andreas Hülsing, Joost Rijneveld, John Schanck, and Peter Schwabe: High-speed key encapsulation from NTRU.
  Cryptographic Hardware and Embedded Systems – CHES 2017, Lecture Notes in Computer Science 10529, Springer-Verlag (2017), pp 232–252.
  Date: 2017-08-28 [pdf] [bibtex] [more]
  Supersedes: 2017-06-27 [pdf]
• Erick Nascimento, Łukasz Chmielewski, David Oswald, and Peter Schwabe: Attacking embedded ECC implementations through cmov side channels.
  Selected Areas in Cryptology – SAC 2016, Lecture Notes in Computer Science 10532, Springer-Verlag (2017), pp 99–119.
  Date: 2016-07-18 [pdf] [bibtex]
• Peter Schwabe and Bas Westerbaan: Solving binary MQ with Grover's algorithm.
  Security, Privacy, and Applied Cryptography Engineering, Lecture Notes in Computer Science 10076, Springer-Verlag (2016), pp 303–322.
  Date: 2017-11-30 [pdf] [bibtex]
  Supersedes: 2017-10-23 [pdf], Supersedes: 2016-09-01 [pdf].
• Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe: From 5-pass MQ-based identification to MQ-based signatures.
  Advances in Cryptology – ASIACRYPT 2016, Lecture Notes in Computer Science 10032, Springer-Verlag (2016), pp 135–165.
  Date: 2016-12-01 [pdf] [bibtex]
  Supersedes: 2016-09-13 [pdf], supersedes: 2016-07-15 [pdf]
• Erdem Alkim, Philipp Jakubeit, and Peter Schwabe: NewHope on ARM Cortex-M
  Security, Privacy, and Applied Cryptography Engineering, Lecture Notes in Computer Science 10076, Springer-Verlag (2016), pp 332–349.
  Date: 2016-09-01 [pdf] [bibtex]
  Supersedes: 2016-08-03 [pdf],
• Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe: Post-quantum key exchange – a new hope.
  Proceedings of the 25th USENIX Security Symposium, USENIX Association (2016), pp 327–343.
  Date: 2019-07-10 [pdf] [bibtex] [more]
  Supersedes: 2017-12-12 [pdf], supersedes: 2016-11-19 [pdf], supersedes: 2016-08-03 [pdf], supersedes: 2016-03-28 [pdf], supersedes: 2015-12-07 [pdf], supersedes: 2015-11-10 [pdf], supersedes: 2015-11-05 [pdf]
• Peter Schwabe and Ko Stoffelen: All the AES you need on Cortex-M3 and M4.
  Selected Areas in Cryptology – SAC 2016, Lecture Notes in Computer Science 10532, Springer-Verlag (2017), pp 180–194.
  Date: 2016-10-19 [pdf] [bibtex]
  Supersedes: 2016-07-18 [pdf]
• Joost Renes, Peter Schwabe, Benjamin Smith, and Lejla Batina: μKummer: efficient hyperelliptic signatures and key exchange on microcontrollers.
  Cryptographic Hardware and Embedded Systems – CHES 2016, Lecture Notes in Computer Science 9813, Springer-Verlag (2016), pp 301–320.
  Date: 2017-01-26 [pdf] [bibtex]
  Supersedes: 2016-07-19 [pdf], supersedes: 2016-04-07 [pdf]
• Anna Krasnova, Moritz Neikes, and Peter Schwabe: Footprint scheduling for Dining-Cryptographer networks.
  Financial Cryptography and Data Security, Lecture Notes in Computer Science 9603, Springer-Verlag (2017). pp 385–402.
  Date: 2015-12-18 [pdf] [bibtex]
• Andreas Hülsing, Joost Rijneveld, and Peter Schwabe: ARMed SPHINCS – Computing a 41KB signature in 16KB of RAM.
  Public Key Cryptography – PKC 2016, Lecture Notes in Computer Science 9614, Springer-Verlag (2016), pp 446–470.
  Date: 2016-02-03 [pdf] [bibtex]
  Supersedes: 2015-10-27 [pdf]
• Michael Hutter, Jürgen Schilling, Peter Schwabe, and Wolfgang Wieser: NaCl's crypto_box in hardware.
  Cryptographic Hardware and Embedded Systems – CHES 2015, Lecture Notes in Computer Science 9293, Springer-Verlag (2015), pp 81–101.
  Date: 2015-06-16 [pdf] [bibtex] [more]
• Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe: High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers.
  Designs, Codes and Cryptography, Volume 77, Issue 2, Springer-Verlag (2015), pp 493–514.
  Date: 2015-04-17 [pdf] [bibtex] [more]
  
• Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O'Hearn: SPHINCS: practical stateless hash-based signatures.
  Advances in Cryptology – EUROCRYPT 2015, Part I,, Lecture Notes in Computer Science 9056, Springer-Verlag (2015). pp 368–397.
  Date: 2015-02-02 [pdf] [bibtex] [more]
  Supersedes: 2014-10-01 [pdf]
• Michael Hutter and Peter Schwabe: Multiprecision multiplication on AVR revisited.
  Journal of Cryptographic Engineering, Volume 5, Issue 3, Springer-Verlag (2015), pp 201–214.
  Date: 2015-01-01 [pdf] [bibtex] [more]
  Supersedes: 2014-07-15 [pdf], supersedes: 2014-07-31 [pdf]
• Gesine Hinterwälder, Amir Moradi, Michael Hutter, Peter Schwabe, and Christof Paar: Full size high security ECC implementation on MSP430 microcontrollers
  Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, Springer-Verlag (2015), pp 31–47.
  Date: 2014-10-01 [pdf] [bibtex]
• Özgür Dagdelen, Rachid El Bansarkhani, Florian Göpfert, Tim Güneysu, Tobias Oder, Thomas Pöppelmann , Ana Helena Sánchez, and Peter Schwabe: High-Speed Signatures from Standard Lattices.
  Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, Springer-Verlag (2015), pp 84–103.
  Date: 2014-09-04 [pdf] [bibtex]
• Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, and Sjaak Smetsers: TweetNaCl: A crypto library in 100 tweets.
  Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, Springer-Verlag (2015), pp 64–83.
  Date: 2014-09-17 [pdf] [bibtex] [more]
  Supersedes: 2013-12-29[pdf]
• Lejla Batina, Łukasz Chmielewski, Louiza Papachristodoulou, Peter Schwabe, and Michael Tunstall: Online Template Attacks.
  Full version: Journal of Cryptographic Engineering, Volume 9, Issue 1, Springer-Verlag (2017), pp 21–36.
  Short version: Progress in Cryptology – INDOCRYPT 2014, Lecture Notes in Computer Science 8885, Springer Verlag (2014), pp 21–36.
  Date: 2017-08-12 [pdf] [bibtex]
  Supersedes: 2014-09-22[pdf]
• Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Peter Schwabe: Kummer strikes back: new DH speed records.
  Advances in Cryptology – ASIACRYPT 2014, Lecture Notes in Computer Science 8873, Springer-Verlag (2014), pp 317–337.
  Date: 2014-10-28 [pdf] [bibtex]
  Supersedes: 2014-02-18 [pdf]
• Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang, and Shang-Yi Yang: Verifying Curve25519 Software.
  2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, ACM (2014), pp 299–309.
  Date: 2014-08-24 [pdf] [bibtex]
  Supersedes: 2014-04-28 [pdf]
• Chitchanok Chuengsatiansup, Michael Naehrig, Pance Ribarski, and Peter Schwabe: PandA: Pairings and Arithmetic.
  Pairing-Based Cryptography – Pairing 2013, Lecture Notes in Computer Science 8365, Springer-Verlag (2014), pp 229–250.
  Date: 2013-12-04 [pdf] [bibtex]
• Keith Alexander, Daniel J. Bernstein, Timo Kasper, Tanja Lange, and Peter Schwabe: Spyin' NSA.
  Journal of Craptology, volume 9 (invited paper).
  Date: 2013-08-23 [pdf] [bibtex]
• Daniel J. Bernstein, Tung Chou, and Peter Schwabe: McBits: fast constant-time code-based cryptography.
  Cryptographic Hardware and Embedded Systems – CHES 2013, Lecture Notes in Computer Science 8086, Springer-Verlag (2013), pp 250–272.
  Date: 2013-06-16 [pdf] [bibtex]
• Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe: Software speed records for lattice-based signatures.
  Post-Quantum Cryptography, Lecture Notes in Computer Science 7932, Springer-Verlag (2013), pp 67–82.
  Date: 2013-03-28 [pdf] [bibtex] [more]
• Michael Hutter and Peter Schwabe: NaCl on 8-bit AVR Microcontrollers.
  Progress in Cryptology – AFRICACRYPT 2013, Lecture Notes in Computer Science 7918, Springer-Verlag (2013), pp 156–172.
  Date: 2013-05-14 [pdf] [bibtex] [more]
  Supersedes: 2013-02-20 [pdf]
• Severin Holzer-Graf, Thomas Krinninger, Martin Pernull, Martin Schläffer, Peter Schwabe, David Seywald, and Wolfgang Wieser: Efficient Vector Implementations of AES-based Designs: A Case Study and New Implemenations for Grøstl.
  Topics in Cryptology – CT-RSA 2013, Lecture Notes in Computer Science 7779, Springer-Verlag (2013), pp 145–161.
  Date: 2012-11-19 [pdf] [bibtex]
  Supersedes: 2012-10-06 [pdf]
• Daniel J. Bernstein, Tanja Lange, and Peter Schwabe: The security impact of a new cryptographic library.
  Progress in Cryptology – LATINCRYPT 2012, Lecture Notes in Computer Science 7533, Springer-Verlag (2012), pp 159–176.
  Date: 2012-07-25 [pdf] [bibtex] [more]
  Supersedes: 2011-12-01 [pdf]
• Daniel J. Bernstein and Peter Schwabe: NEON crypto.
  Cryptographic Hardware and Embedded Systems – CHES 2012, Lecture Notes in Computer Science 7428, Springer-Verlag (2012), pp 320–339.
  Date: 2012-03-20 [pdf] [bibtex] [more]
• Peter Schwabe, Bo-Yin Yang, and Shang-Yi Yang: SHA-3 on ARM11 processors.
  Progress in Cryptology – AFRICACRYPT 2012, Lecture Notes in Computer Science 7374, Springer Verlag (2012), pp 324–341.
  Date: 2012-04-22 [pdf] [bibtex] [more]
  Supersedes: 2011-11-25 [pdf]
• Peter Schwabe: Graphics Processing Units.
  Chapter in Secure Smart Embedded Devices: Platforms and Applications. Springer-Verlag (2014).
  Date: 2013-03-10 [pdf] [bibtex]
  The final publication will be available at www.springerlink.com.
• Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and Bo-Yin Yang: Usable assembly language for GPUs: a success story.
  Workshop record of Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 169–178.
  Date: 2012-03-13 [pdf] [bibtex]
• Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang: High-speed high-security signatures.
  Full version: Journal of Cryptographic Engineering, Volume 2, Issue 2, Springer-Verlag (2012), pp 77–89.
  Short version: Cryptographic Hardware and Embedded Systems – CHES 2011. Lecture Notes in Computer Science 6917, Springer-Verlag (2011), pp 124–142.
  Date: 2011-09-26 [pdf] [bibtex] [more]
  Supersedes: 2011-07-05[pdf]
• Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe: Really fast syndrome-based hashing.
  Progress in Cryptology – AFRICACRYPT 2011, Lecture Notes in Computer Science 6737, Springer-Verlag (2011), pp 134–152.
  Date: 2011-05-08 [pdf] [bibtex]
  [more]
  Supersedes: 2011-02-14 [pdf]
• Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe: Faster 2-regular information-set decoding.
  Coding and Cryptology, Lecture Notes in Computer Science 6639, Springer Verlag (2011), pp 81–98.
  Date: 2011-03-09 [pdf] [bibtex]
• Daniel J. Bernstein, Tanja Lange, and Peter Schwabe: On the correct use of the negation map in the Pollard rho method.
  Public Key Cryptography – PKC 2011, Lecture Notes in Computer Science 6571, Springer-Verlag (2011), pp 128–146.
  Date: 2011-01-02 [pdf] [bibtex]
  
• Daniel J. Bernstein, Hsieh-Chung Chen, Chen-Mou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and Bo-Yin Yang: ECC2K-130 on NVIDIA GPUs.
  Progress in Cryptology – INDOCRYPT 2010, Lecture Notes in Computer Science 6498, Springer Verlag (2010), pp 328–346.
  Date: 2012-01-02 [pdf] [bibtex]
  
• Michael Naehrig, Ruben Niederhagen, and Peter Schwabe: New software speed records for cryptographic pairings.
  Progress in Cryptology – LATINCRYPT 2010, Lecture Notes in Computer Science 6212, Springer-Verlag (2010), pp 109–123.
  Date: 2010-07-14 [pdf] [bibtex] [more]
  Supersedes: 2010-05-28 [pdf], supersedes: 2010-04-06 [pdf]
  Caution: The software as described in versions 2010-05-28 and 2010-04-06 of the paper has a bug related to the choice of curve parameters. This also affects the version in the Latincrypt 2010 proceedings. A corrected version of the software is available and the bug is corrected from version 2010-07-14 of the paper.
• Joppe W. Bos, Thorsten Kleinjung, Ruben Niederhagen, and Peter Schwabe: ECC2K-130 on Cell CPUs.
  Progress in Cryptology – AFRICACRYPT 2010, Lecture Notes in Computer Science 6055, Springer Verlag (2010), pp 225–242.
  Date: 2010-02-28 [pdf] [bibtex]
  Supersedes: 2010-02-12 [pdf]
• Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe: FSBday: Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB.
  Progress in Cryptology – INDOCRYPT 2009, Lecture Notes in Computer Science 5922, Springer Verlag (2009), pp 18–38.
  Date: 2011-09-27 [pdf] [bibtex] [more]
  Supersedes: 2009-09-24 [pdf], supersedes: 2009-09-01 [pdf], supersedes: 2009-06-17 [pdf]
• Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme, Giacomo de Meulenaer, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Christof Paar, Francesco Regazzoni, Peter Schwabe, and Leif Uhsadel: The Certicom Challenges ECC2-X.
  Workshop Record of SHARCS'09: Special-purpose Hardware for Attacking Cryptographic Systems, pp 51–82.
  Date: 2009-09-17 [pdf] [bibtex]
• Michael Naehrig, Christiane Peters, and Peter Schwabe: SHA-2 will soon retire - The SHA-3 Song.
  Journal of Craptology, volume 7 (invited paper).
  Date: 2009-06-22 [pdf] [bibtex] [more]
• Emilia Käsper and Peter Schwabe: Faster and Timing-Attack Resistant AES-GCM.
  Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, Springer-Verlag (2009), pp 3–33.
  Date: 2009-06-16 [pdf] [bibtex] [more]
  Supersedes: 2009-03-19 [pdf]
• David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg, Dominik Auras, Gerd Ascheid, and Rudolf Mathar: Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves.
  Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, Springer-Verlag (2009), pp 254–271.
  Date: 2009-07-14 [pdf] [bibtex]
  See also full version of the paper by David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg, Dominik Auras, Rainer Leupers, Gerd Ascheid, Rudolf Mathar, and Heinrich Meyr: [pdf]
  Supersedes: 2009-03-31 [pdf], supersedes: 2009-02-05 [pdf]
• Neil Costigan and Peter Schwabe: Fast elliptic-curve cryptography on the Cell Broadband Engine.
  Progress in Cryptology – AFRICACRYPT 2009, Lecture Notes in Computer Science 5580, Springer-Verlag (2009), pp 368–385.
  Date: 2009-03-31 [pdf] [bibtex] [more]
  Supersedes: 2009-01-21 [pdf], supersedes: 2009-01-07 [pdf]
• Daniel J. Bernstein and Peter Schwabe: New AES software speed records.
  Progress in Cryptology – INDOCRYPT 2008, Lecture Notes in Computer Science 5365, Springer-Verlag (2008), pp 322–336.
  Date: 2008-09-26 [pdf] [bibtex] [more]
  Supersedes: 2008-09-08 [pdf]
• Michael Naehrig, Paulo S. L. M. Barreto and Peter Schwabe: On compressible pairings and their computation.
  Progress in Cryptology – AFRICACRYPT 2008, Lecture Notes in Computer Science 5023, Springer-Verlag (2008), pp 371–388.
  [pdf] [bibtex] [more]

• Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, and Thom Wiggers: On the Practicality of Post-Quantum TLS Using Large-Parameter CSIDH
  Date: 2023-05-30 [pdf] [bibtex] [more]
  
• Manuel Barbosa and Peter Schwabe: Kyber terminates.
  Date: 2023-05-16 [pdf] [bibtex]
• Daniel Heinz, Matthias J. Kannwischer, Georg Land, Thomas Pöppelmann, Peter Schwabe, and Daan Sprenkels: First-Order Masked Kyber on ARM Cortex-M4.
  Date: 2022-01-17 [pdf] [bibtex] [more]
  
• Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe: NewHope without reconciliation.
  Date: 2017-11-08 [pdf] [bibtex]
  Supersedes: 2016-12-17 [pdf]
• Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, and Peter Schwabe: TESLA: Tightly-secure efficient signatures from standard lattices.
  Date: 2016-10-05 [pdf] [bibtex] [more]
  Supersedes: 2016-08-02 [pdf]
  Note: Gus Gutoski and Chris Peikert independently informed us about a mistake in the security reduction from LWE to TESLA. This mistake does not, as far as we can tell, lead to any attack against TESLA. Moreover, the (non-tight) security reduction given by Bai and Galbraith still holds. The proof is fixed (at the expense of different parameters with much worse performance) in the paper Revisiting TESLA in the quantum random oracle model by Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krämer, and Filip Pawlega, which was published at PQCRYPTO 2017.
• Daniel J. Bernstein, Susanne Engels, Tanja Lange, Ruben Niederhagen, Christof Paar, Peter Schwabe, and Ralf Zimmermann: Faster elliptic-curve discrete logarithms on FPGAs.
  Date: 2016-12-12 [pdf] [bibtex]
  Supersedes: 2016-08-06 [pdf], supersedes: 2016-04-14 [pdf]
• Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe, and Bo-Yin Yang: EdDSA for more curves.
  Date: 2015-07-04 [pdf] [bibtex]
  
• Julien Schmaltz and Peter Schwabe: Verification of optimised 48-bit multiplications on AVR.
  Date: 2015-06-09 [pdf] [bibtex]
• Elif Bilge Kavun, Martin M. Lauridsen, Gregor Leander, Christian Rechberger, Peter Schwabe, and Tolga Yalçın: Prøst v1.1.
  Submission to the CAESAR competition.
  Date: 2015-01-14 [pdf] [bibtex]
• Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. Improved Networking and Cryptography Library.
  Deliverable 2.5 of the EU FP7 project Computer Aided Cryptography Engineering (CACE). 2011.
  Date: 2011-02-21 [pdf] [bibtex]
  
• Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Hsieh-Chung Chen, Chen-Mou Cheng, Gauthier Van Damme, Giacomo de Meulenaer, Luis Julian Dominguez Perez, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni, Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, and Bo-Yin Yang: Breaking ECC2K-130.
  Date: 2009-11-06 [pdf] [bibtex]
  

CRYSTALS–Kyber (selected for standardization by NIST in July 2022)

• Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Kyber: algorithm specification and supporting documentation (version 3.02).
  Round-3 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2021-08-04 [pdf] [bibtex]
  Supersedes: 2021-01-31 (version 3.01) [pdf], supersedes: 2020-10-01 (version 3.0, original round-3 submission) [pdf].
• Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Kyber: algorithm specification and supporting documentation (version 2.0).
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-04-01 [pdf] [bibtex]
• Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Kyber: algorithm specification and supporting documentation.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-30 [pdf] [bibtex]
• Peter Schwabe and Bas Westerbaan: Kyber Post-Quantum KEM.
  IETF Internet draft draft-cfrg-schwabe-kyber.
• See also the CRYSTALS–Kyber website.

CRYSTALS–Dilithium (selected for standardization by NIST in July 2022)

• Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Dilithium: algorithm specification and supporting documentation (Version 3.1).
  Round-3 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2021-02-08 [pdf] [bibtex]
  Supersedes: 2020-10-01 (original round-3 submission) [pdf].
• Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Dilithium: algorithm specification and supporting documentation.
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-03-30 [pdf] [bibtex]
• Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé: CRYSTALS–Dilithium: algorithm specification and supporting documentation.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-30 [pdf] [bibtex]
• See also the CRYSTALS–Dilithium website.

SPHINCS⁺ (selected for standardization by NIST in July 2022)

• Jean-Philippe Aumasson, Daniel J. Bernstein, Ward Beullens, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, and Bas Westerbaan: SPHINCS⁺: Submission to the NIST post-quantum project, v3.1.
  Round-3 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2022-06-10 [pdf] [bibtex]
  Supersedes: 2020-10-01 (v3, original round-3 submission) [pdf].
• Jean-Philippe Aumasson, Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, and Peter Schwabe: SPHINCS⁺: Submission to the NIST post-quantum project.
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-03-14 [pdf] [bibtex]
• Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukasz Gazdag, Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, and Peter Schwabe: SPHINCS⁺: Submission to the NIST post-quantum project.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-30 [pdf] [bibtex]
• See also the SPHINCS⁺ website.

NTRU (NTRU-HRSS-KEM in round 1, merged with NTRUEncrypt for NIST PQC rounds 2 and 3)

• Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hulsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, Zhenfei Zhang, Tsunekazu Saito, Takashi Yamakawa, Keita Xagawa: NTRU: Algorithm Specifications and Supporting Documentation.
  Round-3 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2020-09-30 [pdf] [bibtex]
• Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hülsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, and Zhenfei Zhang: NTRU: Algorithm Specifications and Supporting Documentation.
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-03-30 [pdf] [bibtex]
• Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe: NTRU-HRSS-KEM: Algorithm Specifications and Supporting Documentation.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-30 [pdf] [bibtex]
• See also the NTRU website.

Classic McEliece (merged with NTS-KEM from NIST PQC round 3; resigned from the team early in round 4)

• Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Kenneth G. Paterson, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Cen Jung Tjhai, Martin Tomlinson, and Wen Wang: Classic McEliece: conservative code-based cryptography.
  Round-3 submission to the NIST Post-Quantum Cryptography Standardization Project..
  Date: 2020-10-10 [pdf] [bibtex]
• Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, and Wen Wang: Classic McEliece: conservative code-based cryptography.
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-03-31 [pdf] [bibtex]
• Daniel J. Bernstein, Tung Chou, Tanja Lange, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, and Wen Wang: Classic McEliece: conservative code-based cryptography.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-29 [pdf] [bibtex]
• See also the Classic McEliece website.

NewHope

• Martin R. Albrecht, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Emmanuela Orsini, Valery Osheter, Kenneth G. Paterson, Guy Peer, Antonio de la Piedra, Thomas Pöppelmann, Peter Schwabe, Nigel P. Smart, and Douglas Stebila: NewHope: algorithm specification and supporting documentation.
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2019-03-15 [pdf] [bibtex]
• Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Thomas Pöppelmann, Peter Schwabe, and Douglas Stebila: NewHope: algorithm specification and supporting documentation.
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2017-11-28 [pdf] [bibtex]
• See also the NewHope website.

MQDSS

• Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe: MQDSS specifications (version 2.1).
  Round-2 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2020-04-14 [pdf] [bibtex]
  Supersedes: 2019-03-15 (version 2.0, original round-2 submission) [pdf],
• Ming-Shing Chen, Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, and Peter Schwabe: MQDSS specifications (version 1.1).
  Round-1 submission to the NIST Post-Quantum Cryptography Standardization Project.
  Date: 2018-08-31 [pdf] [bibtex]
  Supersedes: 2017-11-29 (version 1.0, original round-1 submission) [pdf],
• See also the MQDSS website.

Gimli

• Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier: Gimli 20190927.
  Round-2 Submission to the NIST Lightweight Cryptography Standardization Project.
  Date: 2019-09-27 [pdf] [bibtex]
• Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier: Gimli 20190329.
  Round-1 Submission to the NIST Lightweight Cryptography Standardization Project.
  Date: 2019-03-29 [pdf] [bibtex]
• See also the Gimli website.

KEMTLS

• Sofía Celi, Peter Schwabe, Douglas Stebila, Nick Sullivan, and Thom Wiggers: KEM-based Authentication for TLS 1.3.
  IETF Internet draft draft-celi-wiggers-tls-authkem.

• Slides from my invited talk High-assurance crypto in practice – Challenges and recent results, 2023-09-11 at CHES 2023, Prague, Czech Republic.
• Slides from my invited talk Post-Quantum Crypto Software – Embedded and High-Assurance, 2023-06-28 at 10th International VDI Conference – Cyber Security for Vehicles, Frankfurt, Germany.
• Slides from my talk Kyber, 2023-03-26 at Real World PQC, Tokyo, Japan.
• Slides from my talk NIST PQC: Ein Blick zurück und in die Zukunft, 2023-02-21 at the Gesellschaft für Informatik (in German, slides in English).
  See also the video on youtube.
• Slides from my talk High-assurance crypto, 2023-01-30 at the IACR School on Applied Cryptography, Bangkok, Thailand. [Exercises] [Exercise solutions]
• Slides from my talk Formosa Crypto, 2022-12-05 at the PQC Standardization & Migration Workshop, Taipei, Taiwan.
• Slides from my talk CRYSTALS-Kyber, 2022-11-29 at the Fourth NIST PQC Standardization Conference, virtual.
• Slides from my talk Engineering high-assurance crypto software, 2022-09-30 at the 2022 Graz Security Week, Graz, Austria.
• Slides from my invited talk 6 years of NIST PQC – looking back and ahead, 2022-09-29 at PQCRYPTO 2022 (virtual event).
• Slides from my talk Post-quantum key encapsulation: Kyber, 2022-08-31 at IPAS Tech Sharing.
• Slides from my talk NIST PQC, Kyber, and beyond, 2022-08-10 at Infineon, San Jose, USA.
• Slides from my talk Engineering post-quantum cryptography, 2022-05-04 at the post-COINS spring school, Oslo, Norway.
• Slides from my talk Introduction to lattice-based KEMs, 2022-05-04 at the post-COINS spring school, Oslo, Norway. [Exercises] [Exercise solutions]
• Slides from my tutorial talk An introduction to hash-based signatures, 2021-12-13 at SPACE 2021 (virtual event). [Exercises] [Exercise solutions]
• Slides from my talk An introduction to hash-based signatures, 2021-12-07 at the 1st MSCR Cryptography School (CRYPTOS 2021) (virtual event).
• Slides from my talk An introduction to lattice-based KEMs, 2021-12-07 at the 1st MSCR Cryptography School (CRYPTOS 2021) (virtual event).
• Slides from my talk My personal experience with the NIST PQC "competition", 2021-11-18 at the KpqC workshop of the Affiliated Institute of ETRI, South Korea (given remotely).
  See also the video on youtube.
• Slides from my talk Post-quantum WireGuard, 2021-10-25 at ZITiS (given remotely).
• Slides from my talk Crypto protocols for the post-quantum era: PQ-WireGuard and KEMTLS, 2021-09-09 in the CRC Seminar Series of TII (given remotely).
• Slides from my tutorial talk An introduction to lattice-based KEMs, 2020-12-17 at SPACE 2020 (virtual event). [Exercises] [Exercise solutions]
• Slides from my talk Hash-based signatures – from Lamport to SPHINCS⁺, 2020-11-18 at the Indian Workshop on Post-Quantum Cryptography (virtual event).
• Slides from my talk The transition to post-quantum cryptography: challenge and chance, 2020-11-14 at ICITDA 2020 (virtual event).
• Slides from my talk Optimizing crypto on embedded microcontrollers, 2020-10-04 in the PQEmbed workshop (virtual event).
• Slides from my talk Post-quantum crypto on embedded microcontrollers, 2019-12-04 as a CASA Distinguished Lecture, Ruhr-University Bochum, Germany.
• Slides from my talk The transition to post-quantum crypto, 2019-11-19 for alumni of Radboud University, The Netherlands.
• Slides from my talk Post-quantum crypto on ARM Cortex-M, 2019-11-11 at CARDIS 2019, Prague, Czech Republic.
• Slides from my talk The transition to post-quantum cryptography, 2019-10-15 in the cyber security seminar at TU Delft, The Netherlands.
• Slides from my talk Engineering lattice-based cryptography, 2019-09-30 at ASCrypto 2019, Santiago, Chile.
• Slides from my talk Implementing post-quantum cryptography on embedded microcontrollers, 2019-09-17 at the 2019 Graz Security Week, Graz, Austria.
• Slides from my talk The NIST post-quantum project, 2019-09-04 at the NERD Summer School 2019, Aachen, Germany.
• Slides from my talk CRYSTALS-Kyber, 2019-08-23 at the Second NIST PQC Conference, Santa Barbara, USA.
• Slides from my talk On implementation issues of post-quantum cryptography, 2019-06-13 at the Central European Conference on Cryptology, Telč, Czech Republic.
• Slides from my talk Post-quantum crypto on ARM Cortex M, 2019-01-23 in the Security and Cryptography Group of Microsoft Research, Redmond, USA.
• Slides from my talk Optimizing crypto on embedded microcontrollers, 2018-12-10 in the seminar of Australian Summer School on Embedded Cryptography Adelaide, Australia.
• Slides from my talk Implementing post-quantum cryptography, 2018-06-28 in the PQCRYPTO Mini-School Taipei, Taiwan.
• Slides from my talk Hash-based signatures, 2018-06-28 in the PQCRYPTO Mini-School Taipei, Taiwan.
• Slides from my talk CRYSTALS-Kyber, 2018-04-12 at the First NIST PQC Conference, Fort Lauderdale, USA.
• Slides from my talk The transition to post-quantum cryptography, 2018-02-19 in the seminar of Inria Nancy, France.
• Slides from my talk CRYSTALS – Kyber and Dilithium, 2018-02-07 in the Cryptography Seminar at the Mathematical Institute of the University of Oxford, Oxford, UK.
• Slides from my talk Implementing post-quantum crypto, 2018-02-01 at the Combined event on Post-Quantum Cryptography, Tenerife, Spain.
• Slides from my talk Post-quantum crypto on μc, 2017-12-12 at the Colloquium on Hardware Security at Continental, Frankfurt, Germany.
• Slides from my talk Long-term security for the IoT?, 2017-11-06 at the Workshop on Cryptography for the Internet of Things and Cloud 2017, Bochum, Germany.
• Slides from my talk Optimizing crypto on embedded microcontrollers, 2017-08-30 at the COINS Summerschool, Metochi (Lesbos), Greece. [Software examples and exercises].
• Slides from my talk Two approaches to verifying high-speed ECC software, 2017-04-29 at the Models and Tools for Security Analysis and Proofs workshop, Paris, France.
• Slides from my talk From NewHope to Kyber, 2017-04-11 in the Prosecco Seminar at Inria Paris, France; and similarly
  2017-04-07 at Ege University in Izmir, Turkey [slides];
  2017-01-17 at the Computer Science Department of the Cinvestav, Mexico [slides];
  2017-01-13 at Rambus Security in San Francisco, USA [slides]; and
  2017-01-12 in the "Beers and Breakage" seminar at Facebook, Palo Alto, USA. [slides]
  
• Slides from my talk Post-quantum cryptography, 2017-03-22 at the award ceremony for the Dutch Prize for ICT Research, Amersfoort, The Netherlands.
• Slides from my talk Post-quantum key exchange – a new hope, 2016-08-10 at USENIX Security 2016, Austin, USA.
• Slides from my talk Post-quantum cryptography, 2016-08-04 at Noisebridge, San Francisco, USA.
  See also the video on youtube.
• Slides from my talk High-assurance crypto software, 2016-06-22 at the Central European Conference on Cryptology, Piešťany, Slovakia.
• Slides from my talk Timing Attacks and Countermeasures, 2016-06-10 at the Summer School on real-world crypto and privacy, Šibenik, Crotia.
• Slides from my talk Open Access, 2016-06-07 at the Summer School on real-world crypto and privacy, Šibenik, Crotia.
  See also the PhD Comics "Open Access Explained" video on Youtube.
• Slides from my talk Post-quantum key exchange – a new hope, 2016-04-14 at the monthly lattice meeting at University of Lyon, France.
  
• Slides from my talk Post-Quantum Cryptography, 2015-12-03 at Santacrypt 2015 in Prague, Czech Republic.
• Slides from my talk Verifying ECC software, 2015-09-29 at ECC 2015 in Bordeaux, France.
• Slides from my talk PandA: Pairings and Arithmetic, 2015-06-02 at the SIAM Conference on Applied Algebraic Geometry – AG'15.
• Slides from my talk Software implementation of (H)ECC, 2015-06-02 at the Summer School on real-world crypto and privacy, Šibenik, Crotia.
• Slides from my talk Introduction to software implementations, 2015-06-02 at the Summer School on real-world crypto and privacy, Šibenik, Crotia.
• Slides from the joint talk SPHINCS: practical stateless hash-based signatures by Andreas Hülsing and me, 2015-04-28 at Eurocrypt 2015, Sofia, Bulgaria.
• Slides from my talk Eliminating Timing Side-Channels. A Tutorial. 2015-01-18 at ShmooCon 2015, Washington DC, USA.
  See also the video on youtube.
• Slides from my talk Vectorized implementations of post-quantum crypto, 2015-01-12 at DIMACS Workshop on The Mathematics of Post-Quantum Cryptography, Rutgers University, USA.
• Slides from my invited tutorial talk Multiprecision arithmetic (from primary school to Asiacrypt), 2014-10-20 at SPACE 2014, Pune, India.
• Slides from my talk TweetNaCl: A crypto library in 100 tweets, 2014-09-18 at Latincrypt 2014, Florianópolis, Brazil.
• Slides from my talk Fast symmetric crypto on embedded CPUs, 2014-06-05 at the Summer School on Design and security of cryptographic algorithms and devices for real-world applications, Šibenik, Crotia.
• Slides from my talk Verifying crypto – many questions and the beginning of an answer, 2014-05-20 in the Brouwer Seminar, Radboud University Nijmegen, Netherlands.
• Slides from my talk McBits: Fast code-based cryptography, 2013-12-17 at the IMA Conference on Cryptography and Coding, Oxford, England.
• Slides from my tutorial talk Efficient implementation of finite-field arithmetic, 2013-11-22 at Pairing 2013, Beijing, China, and similarly
  2013-09-11 at the ECC 2013 summer school, Leuven, Belgium.
• Slides from my talk You vs. the NSA – Why everybody needs high-security crypto, 2013-10-21 at the Semana da Computação, Universidade Federal de Santa Catarina, Florianópolis, Brazil.
• Slides from my talk Efficient software implementation of post-quantum cryptography, 2013-10-20 at ASCrypto 2013, Florianópolis, Brazil.
• Slides from my talk Scalar multiplication algorithms, 2013-09-11 at the ECC 2013 summer school, Leuven, Belgium.
• Slides from my talk Who is afraid of vectors?, 2013-08-26 in the Crypto Group of Microsoft Research, Redmond, USA.
• Slides from my talk A word of warning, 2013-08-22 in the rump session of CHES 2013, Santa Barbara, USA. [software]
• Slides from the joint talk NaCl on 8-bit AVR microcontrollers by Michael Hutter and me, 2013-06-24 at Africacrypt 2013, Cairo, Egypt.
• Slides from my talk NaCl: Cryptography for the Internet, 2013-01-21 at the research retreat Internet crypto, Tenerife, Spain.
• Slides from my talk Constructive and destructive implementations of elliptic-curve arithmetic, 2012-10-30 at ECC 2012 in Querétaro, Mexico.
• Slides from my talk The security impact of a new cryptographic library, 2012-10-09 at Latincrypt 2012 in Santiago, Chile.
• Slides from my presentation NEON crypto, 2012-09-11 at CHES 2012 in Leuven, Belgium.
• Slides from my presentation High-Performance Cryptography in Software, 2012-09-03 in the ECRYPT Summerschool on Challenges in Security Engineering in Bochum, Germany, and similarly 2012-10-15 at the Advanced Programming Seminar at University of Illinois at Chicago.
• Slides from my presentation SHA-3 on ARM11 processors, 2012-07-12 at Africacrypt 2012 in Ifrane, Morocco.
• Slides from my presentation The NaCl library, 2012-07-12 in the rump session of Africacrypt 2012 in Ifrane, Morocco.
• Slides from my presentation How to use the negation map in the Pollard rho method, 2012-03-09 in the EiPSI Crypto Working Group.
  The slides are basically the same as the ones I used for the talk
  How to use the negation map in the Pollard rho method, 2011-06-16 in the crypto seminar of the Laboratoire PRiSM at Université de Versailles Saint-Quentin-en-Yvelines.
• Slides from my presentation EdDSA signatures and Ed25519, 2012-02-20 in the Coding Theory and Cryptography Seminar at the University of Basel.
  Subsets of these slides I used in the talks
  EdDSA signatures and Ed25519, 2012-03-20 at CARAMEL group, INRIA Nancy,
  High-speed high-security signatures, 2011-09-29 at CHES 2011 in Nara, Japan, and
  High-speed high-security signatures, 2011-09-14 in the EiPSI seminar at Eindhoven University of Technology.
• Slides from my presentation High-Speed Cryptography, 2011-10-24 in the Graduate Seminar of National Taiwan University.
• Slides from my presentation Fun things to do with your mobile phone, 2011-09-30 in the rump session of CHES 2011 in Nara, Japan.
• Slides from my presentation High-speed high-security signatures, 2011-09-29 at CHES 2011 in Nara, Japan.
• Slides from my presentation High-speed high-security signatures, 2011-09-14 in the EiPSI seminar at Eindhoven University of Technology.
• Slides from my talk Really fast syndrome-based hashing, 2011-07-05 at Africacrypt 2011.
• Slides from my talk On the correct use of the negation map in the Pollard rho method, 2010-10-18 in the rump session of ECC 2010 in Redmond, USA.
• Slides from my talk New software speed records for cryptographic pairings, 2010-08-09 at Latincrypt 2010 in Puebla, Mexico.
• Slides from my talk New software speed records for cryptographic pairings, 2010-07-08 in the HGI Colloquium at Ruhr Universität Bochum.
• Slides from my talk Breaking ECC2K-130, 2010-05-20 in the Obersemiar Computer Security at B-IT Bonn.
  Subsets of these slides I used for the talks
  ECC2K-130 on Cell processors, 2010-05-05, at Africacrypt 2010,
  Breaking ECC2K-130 on Cell processors and GPUs, 2010-04-14 in the Workshop on Computer Security and Cryptography at CRM Montréal, and
  Breaking ECC2K-130 (on Cell CPUs and NVIDIA GPUs), 2010-03-21 at CARAMEL group, INRIA Nancy.
• Slides from my talk How do deal with annoying questions from Dan, 2010-05-04 at the rump session of Africacrypt 2010.
• Slides from my talk NaCl – Networking and Cryptography library, 2009-12-04 at the SPAN meeting at TU Eindhoven and code examples I used in the talk: enc-auth-openssl.c, enc-auth-nacl.c.
• Slides from my talk AES-GCM plus rapide et résistant aux attaques temporelles, 2009-11-13 in the séminaire de cryptographie at Université de Rennes 1.
• Slides from the joint talk FSBday: Implementing Wagner's Generalized Birthday Attack against the round-1 SHA-3 Candidate FSB by Christiane Peters and me, 2009-09-10 at SHARCS 2009.
• Slides from the joint talk The Certicom Challenges ECC2-X by Daniel V. Bailey, Daniel J. Bernstein, Frank Gurkaynak, Tanja Lange and me, 2009-09-09 at SHARCS 2009.
• Slides from my talk Fast elliptic-curve cryptography on the Cell Broadband Engine, 2009-06-24 at Africacrypt 2009 and similarly 2009-05-20 at the COSIC seminar at KU Leuven.
• Slides from the joint talk FSBday: Implementing Wagner's Generalized Birthday Attack against the SHA-3 Candidate FSB by Christiane Peters and me, 2009-06-16 at the INRIA Paris - Rocquencourt.
• Slides from the joint "talk" "A brief look at the 56 SHA-3 submissions", by Christiane Peters, Michael Naehrig", and me, 2009-04-28 at the rump session of Eurocrypt 2009.
  See also the Lyrics with guitar chords and the video on youtube.
• Slides from the joint presentation "How fast is AES?" by Emilia Käsper and me, 2009-02-12 at the rump session of FSE 2009.
• Slides from my presentation "New AES software speed records", 2008-12-16 at Indocrypt 2008.
• Slides from my presentation "Achieving Software Speed Records with qhasm", 2008-11-12 in the EiPSI seminar at Eindhoven University of Technology.
• Slides from my presentation "Effiziente Berechnung der Tate Paarung", 2007-06-06 at the Institute for Theoretical Information Technology at RWTH Aachen University.
• Slides from my presentation "Paarungen und Identitätsbasierte Kryptographie", 2007-05-10 at the Institute for Theoretical Information Technology at RWTH Aachen University.
• Slides from my presentation "Effiziente Implementierung von elliptischen und hyperelliptischen Kurven", 2006-5-31 at the Institute for Theoretical Information Technology at RWTH Aachen University.
• Slides from my presentation "Arithmetik auf hyperelliptischen Kurven", 2005-12-14 at the Institute for Theoretical Information Technology at RWTH Aachen University.
• Slides from my seminar talk "Seitenkanalattacken gegen Kryptographie auf Elliptischen Kurven", 2005-05-17 at the Institute for Theoretical Information Technology at RWTH Aachen University and related report.