Useful Crypto-related Resources

This repository contains resources that I considered useful. It is a personal repository.

General

Non-Malleable Cryptography by Danny Dolev, Cynthia Dwork, Moni Naor
The Uneasy Relationship Between Mathematics and Cryptography by Neal Koblitz
Another Look at “Provable Security” by Neal Koblitz and Alfred J. Menezes

Authenticated Encryption

Challenges in Authenticated Encryption by Daniel J. Bernstein
Boosting Authenticated Encryption Robustness With Minimal Modifications by Tomer Ashur, Orr Dunkelman, and Atul Luykx

AKE

An Efficient Protocol for Authenticated Key Agreement by Laurie Law, Alfred Menezes, Minghua Qu, Jerry Solinas.
Two-party authenticated key exchange protocol using lattice-based cryptography by Xiaopeng Yang and Wenping Ma
The X3DH Key Agreement Protocol by Moxie Marlinspike and Trevor Perrin
Deniable Authentication and Key Exchange by Mario Di Raimondo, Rosario Gennaro and Hugo Krawczyk
A non-interactive deniable authentication scheme in the standard model by Bin Wang, Qing Zhao and Ke Dai
A non-interactive deniable authentication scheme in the standard model by Bin Wang, Qing Zhao and Ke Dai
Authenticated Key Exchange from Ideal Lattices by Jiang Zhang, Zhenfeng Zhang, Jintai Ding, Michael Snook, and Ozgür Dagdelen

Network Protocols

Security Analysis of Network Protocols by John Mitchell

TLS

Encrypting the Internet with Go by Filippo Valsorda
SSL and HTTPS by Nickolai Zeldovich and their notes
The New Illustrated TLS Connection
TLS Handshake : Under The Hood by Sathya Bandara
Keyless
Keyless: details
CFSSL by Nick Sullivan
A Comprehensive Symbolic Analysis of TLS 1.3 by Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott and Thyla van der Merwe
Introducing Zero Round Trip Time Resumption (0-RTT) by Nick Sullivan
Even faster connection establishment with QUIC 0-RTT resumption by Alessandro Ghedini
The QUIC Transport Protocol: Design and Internet-Scale Deployment by Adam Langley, Alistair Riddoch, Alyssa Wilk, Antonio Vicente, Charles Krasic, Dan Zhang, Fan Yang, Fedor Kouranov, Ian Swett, Janardhan Iyengar, Jeff Bailey, Jeremy Dorfman, Jim Roskind, Joanna Kulik, Patrik Westin, Raman Tenneti, Robbie Shade, Ryan Hamilton, Victor Vasiliev, Wan-Teh Chang, Zhongyi Shi
Benchmarking Post-Quantum Cryptography in TLS by Christian Paquin, Douglas Stebila and Goutam Tamvada

X509/ASN.1

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile by D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk
A Layman's Guide to a Subset of ASN.1, BER, and DER by Burton S. Kaliski Jr.
New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX) by P. Hoffman and J. Schaad
Abstract Syntax Notation One (ASN.1): Specification of basic notation by INTERNATIONAL TELECOMMUNICATION UNION

OTR

OTRv2

Finite-State Security Analysis of OTR Version 2 by Joseph Bonneau and Andrew Morrison.
Protocol by Nikita Borisov and Ian Goldberg.
Secure Off-the-Record Messaging by Mario Di Raimondo, Rosario Gennaro and Hugo Krawczyk

Signal Protocol

A Formal Security Analysis of the Signal Messaging Protocol by Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt and Douglas Stebila.
How Secure is TextSecure? by Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jorg Schwenk and Thorsten Holz.
Technology preview: Private contact discovery for Signal
Is Bob Sending Mixed Signals? by Michael Schliep, Ian Kariniemi and Nicholas Hopper.

Zero Knowledge Proof

Multiple Non-Interactive Zero Knowledge Proofs Based on a Single Random String by Uriel Feige, Dror Lapidot and Adi Shamir.

Ciphers

So you want to use an alternative cipher… by Matthew Green.
Why switch from AES to a new stream cipher? by Daniel Bernstein.

Stream cipher

Nonce

Introducing Miscreant: a multi-language misuse resistant encryption library by Tony Arceri
Nonce misuse resistance 101 by lvh
Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance by Viet Tung Hoang, Reza Reyhanitabar, Phillip Rogaway and Damian Vizár

AES

Another New AES Attack by Bruce Schneier

Salsa 20

Salsa20 security by Daniel J. Bernstein.
Notes on the Salsa20 key size by Daniel J. Bernstein.
Notes

XSalsa20

Extending the Salsa20 nonce by Daniel J. Bernstein.
Notes on the Salsa20 key size by Daniel J. Bernstein.
Implementation in NaCl

ChaCha20

ChaCha20 and Poly1305 for IETF Protocols by Y. Nir and A. Langley
ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) by A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strombergson and S. Josefsson

Analysis of Salsa, ChaCha and Rumba

New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba by Jean-Philippe Aumasson, Simon Fischer, Shahram Khazaei, Willi Meier, and Christian Rechberger
Improved Key Recovery Attacks on Reduced-Round Salsa20 and ChaCha by Zhenqing Shi, Bin Zhang, Dengguo Feng and Wenling Wu

Blockcipher

In general

Evaluation of Some Blockcipher Modes of Operation by Phillip Rogaway.

Symmetric key algorithm

DES

On the Security of Multiple Encryption by Ralph C. Merkle and Martin E. Hellman

Key Exchange

Theory

Entity Authentication and Key Distribution by Mihir Bellare and Phillip Rogaway
Key Agreement Protocols and their Security Analysis by Simon Blake-Wilson, Don Johnson and Alfred Menezes.

With Anonymous Authentication

Key Exchange with Anonymous Authentication using DAA-SIGMA Protocol by Jesse Walker and Jiangtao Li

Degenerate

Degenerate Keys for RSA Encryption by Seth D. Bergmann
Info
Degenerate Curve Attacks by Samuel Neves and Mehdi Tibouchi

Fault Attacks

Fault-resistant calculcations on elliptic curves by Marc Joye

Diffie Hellman

New directions in Cryptography by Diffie and Hellman.
Diffie-Hellman key exchange by Nikos Drakos
Diffie-Hellman Key Agreement Method by E. Rescorla
Diffie-Hellman parameters by OpenSSL
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice by David Adrian et al
Diffie-hellman by Crypto++
Public key parameters
A One Round Protocol for Tripartite Diffie–Hellman by Antoine Joux
The Decision Diffie-Hellman Problem by Dan Boneh
On Diffie-Hellman key agreement with short exponents by P. C. van Oorschot and M. J. Wiener
Diffie-Hellman Key Agreement Method by E. Rescorla
Additional Diffie-Hellman Groups for Use with IETF Standards by M. Lepinski and S. Kent
HMQV: A High-Performance Secure Diffie-Hellman Protocol by Hugo Krawczyk
More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) by T. Kivinen and M. Kojo
IEEE Standard Specifications for Public-Key Cryptography
HMQV: A High-Performance Secure Diffie-Hellman Protocol by Hugo Krawczyk

Validation

Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 by Y. Sheffer Porticor, S. Fluhrer
Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME by R. Zuccherato

Attacks

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems by Paul C. Kocher
On reusing ephemeral keys in Diffie-Hellman key agreement protocols by Alfred Menezes and Berkant Ustaoglu
A lesson in timing attacks by codahale
Measuring small subgroup attacks against Diffie-Hellman by Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman and Nadia Heninger. Slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh
Why Constant-Time Crypto?

Cramer-Shoup

Cramer Shoup Cryto-System Java implementation by omoeller (not audited).
Cramer Shoup Cryto-System Python implementation by benkreuter.

ElGamal

A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms by Taher ElGamal
ElGamal:Public-Key Cryptosystem by Jaspreet Kaur Grewal

Dual Receiver Encryption

The Dual Receiver Cryptosystem and Its Applications by Theodore Diament, Homin K. Lee, Angelos D. Keromytis and Moti Yung
Practical Dual-Receiver Encryption Soundness, Complete Non-Malleability, and Applications by Sherman S.M. Chow, Matthew Franklin, and Haibin Zhang

Elliptic Curve

Theory

Elliptic Curves Number Theory and Cryptography by Lawrence C. Washington
Isogenincs for a MIT class.
Compact representation of an elliptic curve point: This document defines a format for efficient storage representation of an elliptic curve point over prime fields, suitable for use with any IETF format or protocol by A. Jivsov
Point Generation And Base Point Selection In ECC: An Overview by Moumita Roy1, Nabamita Deb2, Amar Jyoti Kumar.
SEC 1: Elliptic Curve Cryptography by Certicom Research.
Elliptic Curves for Security by A. Langley and M. Hamburg. This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.
ECC2015-Notes by Frederic Jacobs
Graphs
How to design an elliptic-curve signature system by blog.cr.yp.to
Generating Elliptic Curves of Prime Order by Erkay Sava, Thomas A. Schmidt, and Cetin K. Koc
Extended coordinates with a=-1 for twisted Edwards curves
Elliptic Curves Suitable for Cryptosystems by Atsuko Miyaji
Elliptic curves by Bjorn Poonen
Rigid Parameter Generation for Elliptic Curve Cryptography by B. Black, J. Bos, C. Costello, A. Langley, P. Longa and M. Naehrig
Tutorial by Tanja Lange
ECC hacks by Tanja Lange
Curves Formulas by Tanja Lange
512-bit twisted Edwards curve and curve generation methods in Russian standardization by Stanislav V. Smyshlyaev
Programming: Sage: Elliptic curves over a general field
Weierstrass coefficients of the canonical lifting by Luis R. A. Finotti
Weierstrass equation or model
Elliptic Curves, Lattices, and the Upper Half-Plane
Elliptic Curve Cryptography: a gentle introduction by Andrea Corbellini
Curves with a Twist
Elliptic vs Hyperelliptic by Tanja Lange
Sign Change Fault Attacks On Elliptic Curve Cryptosystems by Johannes Blömer, Martin Otto and Jean-Pierre Seifert
An exploration of affine group laws for elliptic curves by Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter and Ed Dawson
A Las Vegas algorithm to solve the elliptic curve discrete logarithm problem by Ayan Mahalanobis and Vivek Mallick
On isogeny classes of Edwards curves over finite fields by Omran Ahmadi and Robert Granger
Explicit-Formulas Database by Tanja Lange
Validation of Elliptic Curve Public Keys by Adrian Antipa, Daniel Brown, Alfred Menezes, René Struik and Scott Vanstone
Fast genus 2 arithmetic based on Theta functions by P. Gaudry
Point Generation And Base Point Selection In ECC: An Overview by Moumita Roy, Nabamita Deb and Amar Jyoti Kumar
Fundamental Elliptic Curve Cryptography Algorithms by D. McGrew, K. Igoe and M. Salter
Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 by D. Fu and J. Solinas
Elliptic Curve Cryptography in Practice by Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig and Eric Wustrow
Why Ellipses Are Not Elliptic Curves by Adrian Rice and Ezra Brown
Visualization by Wolfgang Glas
Elliptic Curves, Group Law, and Efficient Computation by Hüseyin Hisil. The presentation
Some notes by Benn Lynn
SEC 1: Elliptic Curve Cryptography by Daniel R. L. Brown
BLS signatures, hashing to curves, and more dispatches from the IETF
Sage
[The Jacobi Model of an Elliptic Curve and Side-Channel Analysis])https://eprint.iacr.org/2002/125.pdf) by Olivier Billet and Marc Joye

Encoding

Rational points on certain hyperelliptic curves over finite fields by Maciej Ulas
Construction of Rational Points on Elliptic Curves over Finite Fields by Andrew Shallue and Christiaan E. van de Woestijne
Compression and decompression of elliptic curve data points
Encoding points in hyperelliptic curves over finite fields in deterministic polynomial time by Jean-Gabriel Kammerer, Reynald Lercier, and Guénaël Renault

Twist

Twist Insecurity by Manfred Lochter and Andreas Wiemers
Twist security

Jacobic

The Jacobi Model of an Elliptic Curve and Side-Channel Analysis by Olivier Billet and Marc Joye

Kummer varieties

Arithmetic on Abelian and Kummer Varieties by David Lubicz And Damien Robert

In general

Elliptic Curves for Security draft-irtf-cfrg-curves-02: an algorithm for deterministically generating parameters for elliptic curves over prime fields by A. Langley.
Elliptic Curves for Security by A. Langley and M. Hamburg.
A brief discussion on selecting new elliptic curves by Craig Costello, Patrick Longa, and Michael Naehrig
Curve41417: Karatsuba revisited by Daniel J. Bernstein, Chitchanok Chuengsatiansup, and Tanja Lange
Cryptography in NaCl by Daniel J. Bernstein. Pretty interesnting for sage.
Subtraction
Elliptic curve point multiplication in Wikipedia.
Explicit Addition Formulae
Elliptic curve point multiplication
Elliptic vs. hyperelliptic by Daniel Bernstein
Operations by Tanja Lange

Courses

MIT course

Conversions

Fault Attacks on Projective-to-Affine Coordinates Conversion by Diana Maimut, C´edric Murdica, David Naccache and Mehdi Tibouchi. Presentation
Fault Attacks on Projective-to-Affine Coordinates Conversion by Diana Maimut, C´edric Murdica, David Naccache and Mehdi Tibouchi. Pdf

wNafs

wNAF*, an Efficient Left-to-Right Signed Digit Recoding Algorithm by Brian King
Signed Binary Representations Revisited by Katsuyuki Okeya, Katja Schmidt-Samoa, Christian Spahn, and Tsuyoshi Takagi

Ideas

DNS Curves

EC255219

Curve25519: new Diffie-Hellman speed records by Daniel J. Bernstein
A state-of-the-art Diffie-Hellman function by Daniel J. Bernstein
Usage
A state-of-the-art Diffie-Hellman function - Code by Daniel J. Bernstein
Benchmark
Toy implementatio
High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers by Michael Düll, Björn Haase, Gesine Hinterwälder, Michael Hutter, Christof Paar and Ana Helena Sánchez
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 by Daniel Genkin, Luke Valenta and Yuval Yarom

Edwards Curve

Twist Insecurity by Manfred Lochter and Andreas Wiemers
Faster Addition and Doubling on Elliptic Curves by Daniel J. Bernstein and Tanja Lange.
Twisted Edwards Curves by Daniel J. Bernstein, Peter Birkner, Marc Joye, Tanja Lange, and Christiane Peters
Twisted Edwards Curves Revisited by Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson.
On isogeny classes of Edwards curves over finite fields by Omran Ahmadi and Robert Granger
Collective Edwards-Curve Digital Signature Algorithm
Multiquadratics

X448

Implementation

Theory

Encoding

Deterministic Encoding into Twisted Edwards Curves by Wei Yu, Kunpeng Wang, Bao Li and Song Tian.

ed448

Ed448-Goldilocks by sourceforge.
Mike Hamburg Implementation.
STRIKE implementation.
Ed448-Goldilocks, a new elliptic curve by Mike Hamburg.
Ed448-Goldilocks, a new elliptic curve by Cryptology ePrint Archive
Decaf: Eliminating cofactors through point compression by Mike Hamburg
Implementation on C, on github
Fast and compact elliptic-curve cryptography by Mike Hamburg
Ed448-Goldilocks, a new elliptic curve by Mike Hamburg
Some simple ECC tricks by Mike Hamburg
Spec by Mike Hamburg

elligator

Mike Hamburg's explanation
Elligator: Elliptic-curve points indistinguishable from uniform random strings by Daniel J. Bernstein, Mike Hamburg, Anna Krasnova and Tanja Lange
Implementing Elligator for Curve25519 by Adam Langley
Implementation by Kleshni.

ed225519

Implementation by Daniel J. Bernstein.
Donna-edition by Adam Langley

Attacks

New algorithm for the discrete logarithm problem on elliptic curves by Igor Semaev.

BenchMarking

eBACS: ECRYPT Benchmarking of Cryptographic Systems: SUPERCOP

extra

Hierarchical Deterministic keys over non-linear Keyspace by Khovratovich and Law

Hash Functions

Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance by P. Rogaway and T. Shrimpton
The Sponge Functions Corner by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
The Keccak SHA-3 submission by by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
Stribog
FIPS 202 and KeccakDerived Functions by John Kelsey
SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash by NIST
A new Design Criteria for Hash-Functions by Jean-Sebastien Coron, Yevgeniy Dodis, , Cecile Malinaud, and Prashant Puniya
BLAKE2: simpler, smaller, fast as MD5 by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn and Christian Winnerlein
Analysis of BLAKE2 by Jian Guo, Pierre Karpman, Ivica Nikolic, Lei Wang and Shuang Wu
BLAKE2: “Harder, Better, Faster, Stronger” Than MD5 by Zooko Wilcox-O'Hearn
BLAKE 2: slides
BLAKE2 — fast secure hashing

Key generation function

Argon2

Random Number Generators

Recommendation for Random Number Generation Using Deterministic Random Bit Generators by NIST
Random number generation: An illustrated primer by Matthew Green
Surviving a bad RNG by Matthew Green
Computational Alternatives to Random Number Generators by David M’Raıhi, David Naccache, David Pointcheval, and Serge Vaudenay

Message Authentification Code (MAC)

SHA3-based MACs by Ray Perlner.
New Proofs for NMAC and HMAC: Security without Collision-Resistance by Mihir Bellare.

Key derivation functions

Key derivation functions by cryptography.io.
Recommendation for Key Derivation Using Pseudorandom Functions by Lily Chen in NIST.

Digital Signatures

New variant of Guillou-Quisquater digital signature scheme by J. Ettanfouhi, O. Khadir
RSA signatures and Rabin–Williams signatures: the state of the art by Daniel J. Bernstein.
Proving tight security for Rabin–Williams signatures by Daniel J. Bernstein.
Short signatures from the Weil pairing by Dan Boneh, Ben Lynn, and Hovav Shacham.
A Provably Secure Nyberg-Rueppel Signature Variant with Applications by Giuseppe Ateniese and Breno de Medeiros.
Performance of Batch-based Digital Signatures by William C. Cheng, Cheng-Fu Chou and Leana Golubchik
How To Prove Yourself: Practical Solutions to Identification and Signature Problems by Amos Fiat and Adi Shamir

Schnorr signatures

Schnorr Signatures: An Overview by Christopher Allen.
Multi-user Schnorr security, revisited by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe and Bo-Yin Yang
Fast and compact elliptic-curve cryptography by Mike Hamburg
Efficient Ring Signatures without Random Oracles by Hovav Shacham and Brent Waters
Efficient Signature Generation by Smart Cards by C. P. Schnorr
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols by Ronald Cramer, Ivan Damgard, Aarhus University and Berry Schoenmakers

Hash-based signatures

SPHINCS: practical stateless hash-based signatures by Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe and Zooko Wilcox-O’Hearn

EdDSA

Edwards-curve Digital Signature Algorithm (EdDSA): The elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA) is described by S. Josefsson.
Ed25519 and Ed448 for DNSSEC by O. Sury
EdDSA notes
High-speed high-security signatures by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe and Bo-Yin Yang
EdDSA for more curves by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe and Bo-Yin Yang
The Elliptic Curve Digital Signature Algorithm (ECDSA) by American National Standards
Edwards-curve Digital Signature Algorithm (EdDSA) by S. Josefsson and I. Liusvaara (draft)
Edwards-curve Digital Signature Algorithm (EdDSA) by S. Josefsson and I. Liusvaara (draft)
Edwards-Curve Digital Signature Algorithm (EdDSA) by S. Josefsson and I. Liusvaara
Breaking Ed25519 in WolfSSL by Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen, and Ruggero Susella
A Side-Channel Assisted Cryptanalytic Attack Against QcBits by Melissa Rossi, Mike Hamburg, Michael Hutter and Mark E. Marson
EdDSA for more curves by Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe and Bo-Yin Yang