Peter Schwabe (樂岩)
Postal Address: Digital Security Group Radboud University PO Box 9010 6500 GL Nijmegen The Netherlands 
Visiting Address: Mercator I building Room 3.18 Toernooiveld 212 6525 EC Nijmegen The Netherlands 
Phone: +31243653456
EMail: peter@cryptojedi.org
Twitter: @cryptojedi
GPGKey: 0102EF4B,
Fingerprint: B89A 4D09 23CC D56C 3539 7613 77D2 DD66 0102 EF4B
Google scholar page
About Me
I am an assistant professor (Universitair Docent) for computer security in the
Digital Security Group at
Radboud University.
Until November 2012 I was a postdoc in the
Research Center for Information Technology Innovation
and the
Institute of Information Science of
Academia Sinica.
Before that, I was postdoc in the
Department of Electrical Engineering of
National Taiwan University within the
IntelNTU Connected Context Computing Center.
Before that, I was a postdoc in the
Institute of Information Science at
Academia Sinica.
Before that, I was a Ph.D. student in the
Department of Mathematics and Computer Science at
Eindhoven University of Technology.
In January 2011, I completed my Ph.D. at Eindhoven University of Technology in the Coding and Cryptology Group under the supervision of Tanja Lange and Daniel J. Bernstein.
In 2006, I finished my Diplom in computer science at RWTH Aachen University at the Institute for Theoretical Information Technology under the supervision of Rudolf Mathar and Michael Naehrig.
Ph.D. Students
 Pol Van Aubel
 Joost Rijneveld
 Ko Stoffelen
Theses

Ph.D. thesis: HighSpeed Cryptography and Cryptanalysis, Eindhoven University of Technology, The Netherlands, 2011.
For the thesis and related software please refer to my separate Ph.D. thesis website.  Diplomarbeit: Effiziente Implementierung von Elliptischen und Hyperelliptischen Kurven für Anwendungen in der Kryptographie, RWTH Aachen University, Germany, 2006. [ps]
Publications

Anna Krasnova, Moritz Neikes, and Peter Schwabe:
Footprint scheduling for DiningCryptographer networks.
Financial Cryptography and Data Security, SpringerVerlag (to appear).
Date: 20151218 [pdf] [bibtex] 
Andreas Hülsing, Joost Rijneveld, and Peter Schwabe:
ARMed SPHINCS – Computing a 41KB signature in 16KB of RAM.
Public Key Cryptography – PKC 2016, SpringerVerlag (to appear).
Date: 20160203 [pdf] [bibtex]
Supersedes: 20151027 [pdf] 
Michael Hutter, Jürgen Schilling, Peter Schwabe, and Wolfgang Wieser:
NaCl's crypto_box in hardware.
Cryptographic Hardware and Embedded Systems – CHES 2015, Lecture Notes in Computer Science 9293, SpringerVerlag (2015), pp 81–101.
Date: 20150616 [pdf] [bibtex] [more] 
Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar, Ana Helena Sánchez, and Peter Schwabe:
Highspeed Curve25519 on 8bit, 16bit, and 32bit microcontrollers.
Designs, Codes and Cryptography, Volume 77, Issue 2, SpringerVerlag (2015), pp 493–514.
Date: 20150417 [pdf] [bibtex] [more]

Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Peter Schwabe, and Zooko WilcoxO'Hearn:
SPHINCS: practical stateless hashbased signatures.
Advances in Cryptology – EUROCRYPT 2015, Part I,, Lecture Notes in Computer Science 9056, SpringerVerlag (2015). pp 368–397.
Date: 20150202 [pdf] [bibtex] [more]
Supersedes: 20141001 [pdf] 
Michael Hutter and Peter Schwabe:
Multiprecision multiplication on AVR revisited.
Journal of Cryptographic Engineering, Volume 5, Issue 3, SpringerVerlag (2015), pp 201–214.
Date: 20150101 [pdf] [bibtex] [more]
Supersedes: 20140715 [pdf], Supersedes: 20140731 [pdf] 
Gesine Hinterwälder, Amir Moradi, Michael Hutter, Peter Schwabe, and Christof Paar:
Full size high security ECC implementation on MSP430 microcontrollers
Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, SpringerVerlag (2015), pp 31–47.
Date: 20141001 [pdf] [bibtex] 
Özgür Dagdelen, Rachid El Bansarkhani, Florian Göpfert, Tim Güneysu, Tobias Oder, Thomas Pöppelmann , Ana Helena S´nchez, and Peter Schwabe:
HighSpeed Signatures from Standard Lattices.
Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, SpringerVerlag (2015), pp 84–103.
Date: 20140904 [pdf] [bibtex] 
Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, and Sjaak Smetsers:
TweetNaCl: A crypto library in 100 tweets.
Progress in Cryptology – LATINCRYPT 2014, Lecture Notes in Computer Science 8895, SpringerVerlag (2015), pp 64–83.
Date: 20140917 [pdf] [bibtex] [more]
Supersedes: 20131229[pdf] 
Lejla Batina, Łukasz Chmielewski, Louiza Papachristodoulou, Peter Schwabe, and Michael Tunstall:
Online Template Attacks.
Progress in Cryptology – INDOCRYPT 2014, Lecture Notes in Computer Science 8885, Springer Verlag (2014), pp 21–36.
Date: 20140922 [pdf] [bibtex] Full version to follow

Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Peter Schwabe:
Kummer strikes back: new DH speed records.
Advances in Cryptology – ASIACRYPT 2014, Lecture Notes in Computer Science 8873, SpringerVerlag (2014), pp 317–337.
Date: 20141028 [pdf] [bibtex]
Supersedes: 20140218 [pdf] 
YuFang Chen, ChangHong Hsu, HsinHung Lin, Peter Schwabe, MingHsien Tsai, BowYaw Wang, BoYin Yang, and ShangYi Yang:
Verifying Curve25519 Software.
2014 ACM SIGSAC Conference on Computer and Communications Security, CCS'14, ACM (2014), pp 299–309.
Date: 20140824 [pdf] [bibtex]
Supersedes: 20140428 [pdf] 
Chitchanok Chuengsatiansup, Michael Naehrig, Pance Ribarski, and Peter Schwabe:
PandA: Pairings and Arithmetic.
PairingBased Cryptography – Pairing 2013, Lecture Notes in Computer Science 8365, SpringerVerlag (2014), pp 229–250.
Date: 20131204 [pdf] [bibtex] 
Keith Alexander, Daniel J. Bernstein, Timo Kasper, Tanja Lange, and Peter Schwabe:
Spyin' NSA.
Journal of Craptology, volume 9 (invited paper).
Date: 20130823 [pdf] [bibtex] 
Daniel J. Bernstein, Tung Chou, and Peter Schwabe:
McBits: fast constanttime codebased cryptography.
Cryptographic Hardware and Embedded Systems – CHES 2013, Lecture Notes in Computer Science 8086, SpringerVerlag (2013), pp 250–272.
Date: 20130616 [pdf] [bibtex] 
Tim Güneysu, Tobias Oder, Thomas Pöppelmann, and Peter Schwabe:
Software speed records for latticebased signatures.
PostQuantum Cryptography, Lecture Notes in Computer Science 7932, SpringerVerlag (2013), pp 67–82.
Date: 20130328 [pdf] [bibtex] [more] 
Michael Hutter and Peter Schwabe:
NaCl on 8bit AVR Microcontrollers.
Progress in Cryptology – AFRICACRYPT 2013, SpringerVerlag (2013), pp 156–172.
Date: 20130514 [pdf] [bibtex] [more]
Supersedes: 20130220 [pdf] 
Severin HolzerGraf, Thomas Krinninger, Martin Pernull, Martin Schläffer,
Peter Schwabe, David Seywald, and Wolfgang Wieser:
Efficient Vector Implementations of AESbased Designs: A Case Study and New Implemenations for Grøstl.
Topics in Cryptology – CTRSA 2013,
Lecture Notes in Computer Science 7779,
SpringerVerlag (2013),
pp 145–161.
Date: 20121119 [pdf] [bibtex]
Supersedes: 20121006 [pdf] 
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
The security impact of a new cryptographic library.
Progress in Cryptology – LATINCRYPT 2012, Lecture Notes in Computer Science 7533, SpringerVerlag (2012), pp 159–176.
Date: 20120725 [pdf] [bibtex] [more]
Supersedes: 20111201 [pdf] 
Daniel J. Bernstein and Peter Schwabe:
NEON crypto.
Cryptographic Hardware and Embedded Systems – CHES 2012, Lecture Notes in Computer Science 7428, SpringerVerlag (2012), pp 320–339.
Date: 20120320 [pdf] [bibtex] [more] 
Peter Schwabe, BoYin Yang, and ShangYi Yang:
SHA3 on ARM11 processors.
Progress in Cryptology – AFRICACRYPT 2012, Lecture Notes in Computer Science 7374, Springer Verlag (2012), pp 324–341.
Date: 20120422 [pdf] [bibtex] [more]
Supersedes: 20111125 [pdf] 
Peter Schwabe:
Graphics Processing Units.
Chapter in Secure Smart Embedded Devices: Platforms and Applications. SpringerVerlag (2014).
Date: 20130310 [pdf] [bibtex]
The final publication will be available at www.springerlink.com. 
Daniel J. Bernstein, HsiehChung Chen, ChenMou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and BoYin Yang:
Usable assembly language for GPUs: a success story.
Workshop record of SpecialPurpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 169–178.
Date: 20120313 [pdf] [bibtex] 
Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and BoYin Yang:
Highspeed highsecurity signatures.
Full version: Journal of Cryptographic Engineering, Volume 2, Issue 2, SpringerVerlag (2012), pp 77–89.
Short version: Cryptographic Hardware and Embedded Systems – CHES 2011. Lecture Notes in Computer Science 6917, SpringerVerlag (2011), pp 124–142.
Date: 20110926 [pdf] [bibtex] [more]
Supersedes: 20110705[pdf] 
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Really fast syndromebased hashing.
Progress in Cryptology – AFRICACRYPT 2011, Lecture Notes in Computer Science 6737, SpringerVerlag (2011), pp 134–152.
Date: 20110508 [pdf] [bibtex]
[more]
Supersedes: 20110214 [pdf] 
Daniel J. Bernstein, Tanja Lange, Christiane Peters, and Peter Schwabe:
Faster 2regular informationset decoding.
Coding and Cryptology, Lecture Notes in Computer Science 6639, Springer Verlag (2011), pp 81–98.
Date: 20110309 [pdf] [bibtex] 
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe:
On the correct use of the negation map in the Pollard rho method.
Public Key Cryptography – PKC 2011, Lecture Notes in Computer Science 6571, SpringerVerlag (2011), pp 128–146.
Date: 20110102 [pdf] [bibtex]

Daniel J. Bernstein, HsiehChung Chen, ChenMou Cheng, Tanja Lange, Ruben Niederhagen, Peter Schwabe, and BoYin Yang:
ECC2K130 on NVIDIA GPUs.
Progress in Cryptology – INDOCRYPT 2010, Lecture Notes in Computer Science 6498, Springer Verlag (2010), pp 328–346.
Date: 20120102 [pdf] [bibtex]

Michael Naehrig, Ruben Niederhagen, and Peter Schwabe:
New software speed records for cryptographic pairings.
Progress in Cryptology – LATINCRYPT 2010, Lecture Notes in Computer Science 6212, SpringerVerlag (2010), pp 109–123.
Date: 20100714 [pdf] [bibtex] [more]
Supersedes: 20100528 [pdf], supersedes: 20100406 [pdf]
Caution: The software as described in versions 20100528 and 20100406 of the paper has a bug related to the choice of curve parameters. This also affects the version in the Latincrypt 2010 proceedings. A corrected version of the software is available and the bug is corrected from version 20100714 of the paper. 
Joppe W. Bos, Thorsten Kleinjung, Ruben Niederhagen, and Peter Schwabe:
ECC2K130 on Cell CPUs.
Progress in Cryptology – AFRICACRYPT 2010, Lecture Notes in Computer Science 6055, Springer Verlag (2010), pp 225–242.
Date: 20100228 [pdf] [bibtex]
Supersedes: 20100212 [pdf] 
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe:
FSBday: Implementing Wagner's generalized birthday attack against the SHA3 round1 candidate FSB.
Progress in Cryptology – INDOCRYPT 2009, Lecture Notes in Computer Science 5922, Springer Verlag (2009), pp 18–38.
Date: 20110927 [pdf] [bibtex] [more]
Supersedes: 20090924 [pdf], supersedes: 20090901 [pdf], supersedes: 20090617 [pdf] 
Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos, Gauthier van Damme,
Giacomo de Meulenaer, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung, Tanja Lange, Nele Mentens,
Christof Paar, Francesco Regazzoni, Peter Schwabe, and Leif Uhsadel:
The Certicom Challenges ECC2X.
Workshop Record of SHARCS'09: Specialpurpose Hardware for Attacking Cryptographic Systems, pp 51–82.
Date: 20090917 [pdf] [bibtex] 
Michael Naehrig, Christiane Peters, and Peter Schwabe:
SHA2 will soon retire  The SHA3 Song.
Journal of Craptology, volume 7 (invited paper).
Date: 20090622 [pdf] [bibtex] [more] 
Emilia Käsper and Peter Schwabe:
Faster and TimingAttack Resistant AESGCM.
Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, SpringerVerlag (2009), pp 1–17.
Date: 20090616 [pdf] [bibtex] [more]
Supersedes: 20090319 [pdf] 
David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg,
Dominik Auras, Gerd Ascheid, and Rudolf Mathar:
Designing an ASIP for Cryptographic Pairings over BarretoNaehrig Curves.
Cryptographic Hardware and Embedded Systems – CHES 2009, Lecture Notes in Computer Science 5745, SpringerVerlag (2009), pp 254–271.
Date: 20090714 [pdf] [bibtex]
See also full version of the paper by David Kammler, Diandian Zhang, Peter Schwabe, Hanno Scharwaechter, Markus Langenberg, Dominik Auras, Rainer Leupers, Gerd Ascheid, Rudolf Mathar, and Heinrich Meyr: [pdf]
Supersedes: 20090331 [pdf], supersedes: 20090205 [pdf] 
Neil Costigan and Peter Schwabe:
Fast ellipticcurve cryptography on the Cell Broadband Engine.
Progress in Cryptology – AFRICACRYPT 2009, Lecture Notes in Computer Science 5580, SpringerVerlag (2009), pp 368–385.
Date: 20090331 [pdf] [bibtex] [more]
Supersedes: 20090121 [pdf], supersedes: 20090107 [pdf] 
Daniel J. Bernstein and Peter Schwabe:
New AES software speed records.
Progress in Cryptology – INDOCRYPT 2008, Lecture Notes in Computer Science 5365, SpringerVerlag (2008), pp 322–336.
Date: 20080926 [pdf] [bibtex] [more]
Supersedes: 20080908 [pdf] 
Michael Naehrig, Paulo S. L. M. Barreto and Peter Schwabe:
On compressible pairings and their computation.
Progress in Cryptology – AFRICACRYPT 2008, Lecture Notes in Computer Science 5023, SpringerVerlag (2008), pp 371–388.
[pdf] [bibtex] [more]
Technical Reports and Preprints

Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe:
Postquantum key exchange – a new hope.
Date: 20151207 [pdf] [bibtex] [more]
Supersedes: 20151110 [pdf], Supersedes: 20151105 [pdf], 
Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe, and BoYin Yang:
EdDSA for more curves.
Date: 20150704 [pdf] [bibtex]

Daniel J. Bernstein, Tanja Lange, and Peter Schwabe.
Improved Networking and Cryptography Library.
Deliverable 2.5 of the EU FP7 project Computer Aided Cryptography Engineering (CACE). 2011.
Date: 20110221 [pdf] [bibtex]

Daniel V. Bailey, Lejla Batina, Daniel J. Bernstein, Peter Birkner, Joppe W. Bos,
HsiehChung Chen, ChenMou Cheng, Gauthier Van Damme, Giacomo de Meulenaer,
Luis Julian Dominguez Perez, Junfeng Fan, Tim Güneysu, Frank Gürkaynak, Thorsten Kleinjung,
Tanja Lange, Nele Mentens, Ruben Niederhagen, Christof Paar, Francesco Regazzoni,
Peter Schwabe, Leif Uhsadel, Anthony Van Herrewege, and BoYin Yang:
Breaking ECC2K130.
Date: 20091106 [pdf] [bibtex]
Talks
 Slides from my talk PostQuantum Cryptography, 20151203 at Santacrypt 2015 in Prague, Czech Republic.
 Slides from my talk Verifying ECC software, 20150929 at ECC 2015 in Bordeaux, France.
 Slides from my talk PandA: Pairings and Arithmetic, 20150602 at the SIAM Conference on Applied Algebraic Geometry – AG'15.
 Slides from my talk Software implementation of (H)ECC, 20150602 at the Summer School on realworld crypto and privacy, Šibenik, Crotia.
 Slides from my talk Introduction to software implementations, 20150602 at the Summer School on realworld crypto and privacy, Šibenik, Crotia.
 Slides from the joint talk SPHINCS: practical stateless hashbased signatures by Andreas Hülsing and me, 20150428 at Eurocrypt 2015, Sofia, Bulgaria.

Slides from my talk Eliminating Timing SideChannels. A Tutorial.
20150118 at ShmooCon 2015, Washington DC, USA.
See also the video on youtube.  Slides from my talk Vectorized implementations of postquantum crypto, 20150112 at DIMACS Workshop on The Mathematics of PostQuantum Cryptography, Rutgers University, USA.
 Slides from my invited tutorial talk Multiprecision arithmetic (from primary school to Asiacrypt), 20141020 at SPACE 2014, Pune, India.
 Slides from my talk TweetNaCl: A crypto library in 100 tweets, 20140918 at Latincrypt 2014, Florianópolis, Brazil.
 Slides from my talk Fast symmetric crypto on embedded CPUs, 20140605 at the Summer School on Design and security of cryptographic algorithms and devices for realworld applications, Šibenik, Crotia.
 Slides from my talk Verifying crypto – many questions and the beginning of an answer, 20140520 in the Brouwer Seminar, Radboud University Nijmegen, Netherlands.
 Slides from my talk McBits: Fast codebased cryptography, 20131217 at the IMA Conference on Cryptography and Coding, Oxford, England.

Slides from my tutorial talk Efficient implementation of finitefield arithmetic,
20131122 at Pairing 2013, Beijing, China, and similarly
20130911 at the ECC 2013 summer school, Leuven, Belgium.  Slides from my talk You vs. the NSA – Why everybody needs highsecurity crypto, 20131021 at the Semana da Computação, Universidade Federal de Santa Catarina, Florianópolis, Brazil.
 Slides from my talk Efficient software implementation of postquantum cryptography, 20131020 at ASCrypto 2013, Florianópolis, Brazil.
 Slides from my talk Scalar multiplication algorithms, 20130911 at the ECC 2013 summer school, Leuven, Belgium.
 Slides from my talk Who is afraid of vectors?, 20130826 in the Crypto Group of Microsoft Research, Redmond, USA.
 Slides from my talk A word of warning, 20130822 in the rump session of CHES 2013, Santa Barbara, USA. [software]
 Slides from the joint talk NaCl on 8bit AVR microcontrollers by Michael Hutter and me, 20130624 at Africacrypt 2013, Cairo, Egypt.
 Slides from my talk NaCl: Cryptography for the Internet, 20130121 at the research retreat Internet crypto, Tenerife, Spain.
 Slides from my talk Constructive and destructive implementations of ellipticcurve arithmetic, 20121030 at ECC 2012 in Querétaro, Mexico.
 Slides from my talk The security impact of a new cryptographic library, 20121009 at Latincrypt 2012 in Santiago, Chile.
 Slides from my presentation NEON crypto, 20120911 at CHES 2012 in Leuven, Belgium.
 Slides from my presentation HighPerformance Cryptography in Software, 20120903 in the ECRYPT Summerschool on Challenges in Security Engineering in Bochum, Germany, and similarly 20121015 at the Advanced Programming Seminar at University of Illinois at Chicago.
 Slides from my presentation SHA3 on ARM11 processors, 20120712 at Africacrypt 2012 in Ifrane, Morocco.
 Slides from my presentation The NaCl library, 20120712 in the rump session of Africacrypt 2012 in Ifrane, Morocco.

Slides from my presentation How to use the negation map in the Pollard rho method,
20120309 in the EiPSI Crypto Working Group.
The slides are basically the same as the ones I used for the talk
How to use the negation map in the Pollard rho method, 20110616 in the crypto seminar of the Laboratoire PRiSM at Université de Versailles SaintQuentinenYvelines. 
Slides from my presentation EdDSA signatures and Ed25519,
20120220 in the Coding Theory and Cryptography Seminar at the
University of Basel.
Subsets of these slides I used in the talks
EdDSA signatures and Ed25519, 20120320 at CARAMEL group, INRIA Nancy,
Highspeed highsecurity signatures, 20110929 at CHES 2011 in Nara, Japan, and
Highspeed highsecurity signatures, 20110914 in the EiPSI seminar at Eindhoven University of Technology.  Slides from my presentation HighSpeed Cryptography, 20111024 in the Graduate Seminar of National Taiwan University.
 Slides from my presentation Fun things to do with your mobile phone, 20110930 in the rump session of CHES 2011 in Nara, Japan.
 Slides from my presentation Highspeed highsecurity signatures, 20110929 at CHES 2011 in Nara, Japan.
 Slides from my presentation Highspeed highsecurity signatures, 20110914 in the EiPSI seminar at Eindhoven University of Technology.
 Slides from my talk Really fast syndromebased hashing, 20110705 at Africacrypt 2011.
 Slides from my talk On the correct use of the negation map in the Pollard rho method, 20101018 in the rump session of ECC 2010 in Redmond, USA.
 Slides from my talk New software speed records for cryptographic pairings, 20100809 at Latincrypt 2010 in Puebla, Mexico.
 Slides from my talk New software speed records for cryptographic pairings, 20100708 in the HGI Colloquium at Ruhr Universität Bochum.

Slides from my talk Breaking ECC2K130, 20100520 in the
Obersemiar Computer Security
at BIT Bonn.
Subsets of these slides I used for the talks
ECC2K130 on Cell processors, 20100505, at Africacrypt 2010,
Breaking ECC2K130 on Cell processors and GPUs, 20100414 in the Workshop on Computer Security and Cryptography at CRM Montréal, and
Breaking ECC2K130 (on Cell CPUs and NVIDIA GPUs), 20100321 at CARAMEL group, INRIA Nancy.  Slides from my talk How do deal with annoying questions from Dan, 20100504 at the rump session of Africacrypt 2010.
 Slides from my talk NaCl – Networking and Cryptography library, 20091204 at the SPAN meeting at TU Eindhoven and code examples I used in the talk: encauthopenssl.c, encauthnacl.c.
 Slides from my talk AESGCM plus rapide et résistant aux attaques temporelles, 20091113 in the séminaire de cryptographie at Université de Rennes 1.
 Slides from the joint talk FSBday: Implementing Wagner's Generalized Birthday Attack against the round1 SHA3 Candidate FSB by Christiane Peters and me, 20090910 at SHARCS 2009.
 Slides from the joint talk The Certicom Challenges ECC2X by Daniel V. Bailey, Daniel J. Bernstein, Frank Gurkaynak, Tanja Lange and me, 20090909 at SHARCS 2009.
 Slides from my talk Fast ellipticcurve cryptography on the Cell Broadband Engine, 20090624 at Africacrypt 2009 and similarly 20090520 at the COSIC seminar at KU Leuven.
 Slides from the joint talk FSBday: Implementing Wagner's Generalized Birthday Attack against the SHA3 Candidate FSB by Christiane Peters and me, 20090616 at the INRIA Paris  Rocquencourt.

Slides from the joint "talk"
"A brief look at the 56 SHA3 submissions",
by Christiane Peters,
Michael Naehrig", and me,
20090428 at the rump session of
Eurocrypt 2009.
See also the Lyrics with guitar chords and the video on youtube.  Slides from the joint presentation "How fast is AES?" by Emilia Käsper and me, 20090212 at the rump session of FSE 2009.
 Slides from my presentation "New AES software speed records", 20081216 at Indocrypt 2008.
 Slides from my presentation "Achieving Software Speed Records with qhasm", 20081112 in the EiPSI seminar at Eindhoven University of Technology.
 Slides from my presentation "Effiziente Berechnung der Tate Paarung", 20070606 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Paarungen und Identitätsbasierte Kryptographie", 20070510 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Effiziente Implementierung von elliptischen und hyperelliptischen Kurven", 2006531 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my presentation "Arithmetik auf hyperelliptischen Kurven", 20051214 at the Institute for Theoretical Information Technology at RWTH Aachen University.
 Slides from my seminar talk "Seitenkanalattacken gegen Kryptographie auf Elliptischen Kurven", 20050517 at the Institute for Theoretical Information Technology at RWTH Aachen University and related report.
Conferences, Workshops, and Schools
I am or was member of the program committees of the following conferences, workshops, and schools: CANS 2016, November 14–16, Milan, Italy
 Asiacrypt 2016, December 4–8, Hanoi, Vietnam
 SCN 2016, August 31–September 2 (tentative), Amalfi, Italy.
 Eurocrypt 2016, May 8–12, 2016, Vienna, Austria.
 Summer School on realworld crypto and privacy, June 5–10, 2016, Šibenik, Croatia. (Coorganizer)
 Africacrypt 2016, April 13–15, 2016, Fes, Morocco.
 PKC 2016, March 6–9, 2016, Taipei, Taiwan.
 Asiacrypt 2015, November 29–December 3, 2015, Auckland, New Zealand.
 WESS 2015, October 8, 2015, Amsterdam, The Netherlands.
 SPACE 2015, October 3–7, 2015, Jaipur, India (program cochair).
 CHES 2015, September 13–16, 2015, SaintMalo, France.
 LightSec 2015, September 11–11, 2015, Bochum, Germany.
 Latincrypt 2015, August 23–26, 2015, Guadalajara, Mexico.
 Summer School on realworld crypto and privacy, May 31–June 5, 2015, Šibenik, Croatia. (Coorganizer)
 Africacrypt 2015,
May 27–29, 2015, Dakar, Senegal. (cancelled and postponed to 2016)  PKC 2015, April 30–May 1, Washington DC, USA.
 WESS 2014, October 17, 2014, New Delhi, India.
 CHES 2014, September 23–26, 2014, Busan, Korea.
 Latincrypt 2014, September 17–19, 2014, Florianópolis, Brazil.
 Africacrypt 2014, May 28–30, 2014, Marrakesh, Morocco.
 Pairing 2013, Nov 22–24, 2013, Beijing, China.
 WESS 2013, September 29, 2013, Montreal, Canada.
 SAC 2013, August 1416, 2013, Burnaby, British Columbia, Canada.
 Asiacrypt 2013, December 1–5, 2013, Bengaluru, India.
 WAIFI 2012, July 16–19, 2012, Bochum, Germany.
 Pairing 2012, May 16–18, 2012, Cologne, Germany.
 Indocrypt 2011, December 11–14, 2011, Chennai, India.
 InfoSecHiComNet 2011, October 19–22, 2011, Haldia, India.
Teaching
Course Operating Systems Security, RU Nijmegen, 2015/16
For details please check the course website.
Course Network Security, RU Nijmegen, 2015
For details please check the course website.
Course Operating Systems Security, RU Nijmegen, 2014/15
For details please check the course website.
Course Network Security, RU Nijmegen, 2014
For details please check the course website.
Course Cryptographic Engineering, RU Nijmegen, 2014
For details please check the course website.
Course "Research A", RU Nijmegen, 2013/14
For details please check the course website.
Course "Research B", RU Nijmegen, 2013/14
For details please check the course website.
Lecture "Security Issues in Cloud Computing", NTU, 2011/12
Whiteboard transcripts: 20111007: Introduction to Cryptography
 20111014: Modern Cryptography I – Symmetric Cryptography
 20111021: Modern Cryptography I – Symmetric Cryptography (ctd.)
 20111028: Modern Cryptography II – Asymmetric Cryptography
 Homework assignment to be handed in on December 11, 2011:
Describe where cryptographic hash functions are used. Explain for what purpose they are used and what properties of the hash function are required for the respective applications. Focus on applications that have not been dealt with in the lecture.
Remarks: This is not about finding as many applications as possible, focus on just 12 applications. Your essay should be about 1 page in length.