My primary research interests are within the area of cryptography. Specific interests include:

• Elliptic curve cryptography
• Key establishment protocols
• Practice-oriented provable security
• Algorithmic number theory

• "Reusing static keys in key agreement protocols" (with S. Chatterjee and B. Ustaoglu)
  Indocrypt 2009, to appear.

• "On cryptographic protocols employing asymmetric pairings - The role of Ψ revisited" (with S. Chatterjee)
  preprint, 2009.

• "Comparing two pairing-based aggregate signature schemes" (with S. Chatterjee, D. Hankerson and E. Knapp)
  Designs, Codes and Cryptography, to appear.

• "Elliptic curve cryptography: The serpentine course of a paradigm shift" (with A. Hibner Koblitz and N. Koblitz)
  Journal of Number Theory, to appear. The eprint version is available here. The video abstract is here.

• "On reusing ephemeral public keys in Diffie-Hellman key agreement protocols" (with B. Ustaoglu)
  International Journal of Applied Cryptography, to appear.

• "Analyzing the Galbraith-Lin-Scott point multiplication method for elliptic curves over binary fields" (with K. Karabina and D. Hankerson)
  IEEE Transactions on Computers, 58 (2009), 1411-1420.

• "An introduction to pairing-based cryptography"
  Recent Trends in Cryptography, edited by I. Luengo, volume 477 of Contemporary Mathematics, AMS-RSME, 2009, 47-65.

• "Comparing the pre- and post-specified peer models for key agreement" (with B. Ustaoglu)
  International Journal of Applied Cryptography, 1 (2009), 236-250.
  An earlier version appeared in Proceedings of ACISP 2008, Lecture Notes in Computer Science, 5107 (2008), 53-68.

• "Software implementation of pairings" (with D. Hankerson and M. Scott)
  Identity-Based Cryptography, edited by M. Joye and G. Neven, IOS Press, 2008.

• "Another look at non-standard discrete log and Diffie-Hellman problems" (with N. Koblitz)
  Journal of Mathematical Cryptology, 4 (2008), 311-326.

• "Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard" (with B. Ustaoglu)
  Proceedings of ASIACCS '08, ACM Press, 261-270.

• "Software implementation of arithmetic in F_3^m" (with O. Ahmadi and D. Hankerson)
  Proceedings of WAIFI 2007, Lecture Notes in Computer Science, 4547 (2007), 85-102.

• Advances in Cryptology - CRYPTO 2007 (edited volume)
  Lecture Notes in Computer Science, 4622, Springer-Verlag, 2007.

• "Formulas for cube roots in F_3^m" (with O. Ahmadi and D. Hankerson)
  Discrete Applied Mathematics, 155 (2007), 260-270.

• "Irreducible polynomials of maximum weight" (with O. Ahmadi)
  Utilitas Mathematica, 72 (2007), 111-123.

• "Another look at HMQV"
  Journal of Mathematical Cryptology, 1 (2007), 47-64.

• "Another look at generic groups" (with N. Koblitz)
  Advances in Mathematics of Communications, 1 (2007), 13-28.

• "Another look at "provable security"" (with N. Koblitz)
  Journal of Cryptology, 20 (2007), 3-37.

• "Another look at "provable security". II" (with N. Koblitz)
  Progress in Cryptology - Indocrypt 2006, Lecture Notes in Computer Science, 4329 (2006), 148-175.

• "On the importance of public-key validation in the MQV and HMQV key agreement protocols" (with B. Ustaoglu)
  Progress in Cryptology - Indocrypt 2006, Lecture Notes in Computer Science, 4329 (2006), 133-147.

• "Software multiplication using Gaussian normal bases" (with R. Dahab, D. Hankerson, F. Hu, M. Long and J. López)
  IEEE Transactions on Computers, 55 (2006), 974-984.

• "Cryptographic implications of Hess' generalized GHS attack" (with E. Teske)
  Applicable Algebra in Engineering, Communication and Computing, 16 (2006), 439-460.

• "On the number of trace-one elements in polynomial bases for GF(2 ⁿ)" (with O. Ahmadi)
  Designs, Codes and Cryptography, 37 (2005), 493-507.

• "Pairing-based cryptography at high security levels" (with N. Koblitz)
  Cryptography and Coding: 10th IMA International Conference, Lecture Notes in Computer Science, 3796 (2005), 13-36.

• "Algebraic curves and cryptography" (with S. Galbraith)
  Finite Fields and Their Applications, 11 (2005), 544-577.

• Several sections on elliptic curve cryptography (with D. Hankerson)
  "Encyclopedia of Cryptography and Security", edited by Henk van Tilborg, Springer-Verlag, 2005.

• Topics in Cryptology - CT-RSA 2005 (edited volume)
  Lecture Notes in Computer Science, 3376, Springer-Verlag, 2005.

• "A survey of public-key cryptosystems" (with N. Koblitz)
  SIAM Review, 46 (2004), 599-634.

• "Security of signature schemes in a multi-user setting" (with N. Smart)
  Designs, Codes and Cryptography, 33 (2004), 261-274.

• "Hyperelliptic curves and cryptography" (with M. Jacobson and A. Stein)
  High Primes and Misdemeanours: Lectures in Honour of the 60th Birthday of Hugh Cowie Williams,
  Fields Institute Communications Series, 41 (2004), 255-282.

• "Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman problem" (with N. Koblitz)
  Mathematics of Computation, 73 (2004), 2027-2041.

• "Field inversion and point halving revisited" (with K. Fong, D. Hankerson and J. López)
  IEEE Transactions on Computers, 53 (2004), 1047-1059.

• "Weak fields for ECC" (with E. Teske and A. Weng)
  Topics in Cryptology - CT-RSA 2004, Lecture Notes in Computer Science, 2964 (2004), 366-386.

• Guide to Elliptic Curve Cryptography (with D. Hankerson and S. Vanstone)
  Springer, 2004.

• "An efficient protocol for authenticated key agreement" (with L. Law, M. Qu, J. Solinas and S. Vanstone)
  Designs, Codes and Cryptography, 28 (2003), 119-134.

• "Validation of elliptic curve public keys" (with A. Antipa, D. Brown, R. Struik and S. Vanstone)
  Proceedings of PKC 2003, Lecture Notes in Computer Science, 2567 (2003), 211-223.

• "A small subgroup attack on a key agreement protocol of Arazi" (with D. Brown)
  Bulletin of the ICA, 37 (2003), 45-50.

• Progress in Cryptology - INDOCRYPT 2002 (edited with P. Sarkar)
  Lecture Notes in Computer Science, 2551, Springer-Verlag, 2002.

• "Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree" (with M. Maurer and E. Teske)
  LMS Journal of Computation and Mathematics, 5 (2002), 127-174
  An earlier version appeared in Proceedings of Indocrypt 2001, Lecture Notes in Computer Science, 2247 (2001), 195-213.

• "Isomorphism classes of genus-2 hyperelliptic curves over finite fields" (with L. Encinas and J. Masque)
  Applicable Algebra in Engineering, Communication and Computing, 13 (2002), 57-65.

• "Solving elliptic curve discrete logarithm problems using Weil descent" (with M. Jacobson and A. Stein)
  Journal of the Ramanujan Mathematical Society, 16 (2001), 231-260.

• "The elliptic curve digital signature algorithm (ECDSA)" (with D. Johnson and S. Vanstone)
  International Journal on Information Security, 1 (2001), 36-63.

• "Software implementation of the NIST elliptic curves over prime fields" (with M. Brown, D. Hankerson and J. Hernandez)
  Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, 2020 (2001), 250-265.

• "Analysis of the Weil descent attack of Gaudry, Hess and Smart" (with M. Qu)
  Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, 2020 (2001), 308-318.

• "Software implementation of elliptic curve cryptography over binary fields" (with D. Hankerson and J. Hernandez)
  Proceedings of CHES 2000, Lecture Notes in Computer Science, 1965 (2000), 1-24.

• "PGP in constrained wireless devices" (with M. Brown, D. Cheung, D. Hankerson, J. Hernandez and M. Kirkup)
  Proceedings of the 9th USENIX Security Symposium, 2000, 247-261.

• "The state of elliptic curve cryptography" (with N. Koblitz and S. Vanstone)
  Designs, Codes and Cryptography, 19 (2000), 173-193.

• "Coding Theory and Cryptology" (with P. van Oorschot)
  chapter in Handbook of Discrete and Combinatorial Mathematics, CRC Press, 1999, pages 889-954.

• "Authenticated Diffie-Hellman key agreement protocols" (with S. Blake-Wilson)
  Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC '98), Lecture Notes in Computer Science, 1556 (1999), 339-361.

• "Unknown key-share attacks on the station-to-station (STS) protocol" (with S. Blake-Wilson)
  Proceedings of PKC '99, Lecture Notes in Computer Science, 1560 (1999), 154-170.

• "Entity authentication and authenticated key transport protocols employing asymmetric techniques" (with S. Blake-Wilson)
  Proceedings of the 5th International Workshop on Security Protocols, Lecture Notes in Computer Science, 1361 (1998), 137-158.

• "The discrete logarithm problem in GL(n,q)" (with Yi-Hong Wu)
  Ars Combinatoria, 47 (1998), 23-32.

• "An elementary introduction to hyperelliptic curves" (with Yi-Hong Wu and R. Zuccherato)
  appendix in Algebraic Aspects of Cryptography by Neal Koblitz, Springer-Verlag, 1998, pages 155-178.

• "Key agreement protocols and their security analysis" (with D. Johnson and S. Blake-Wilson)
  Proceedings of the Sixth IMA International Conference on Cryptography and Coding, Lecture Notes in Computer Science, 1355 (1997), 30-45.
  Full version.

• Handbook of Applied Cryptography (with P. van Oorschot and S. Vanstone)
  CRC Press, 1997.

• "Elliptic curves and cryptography" (with A. Jurisic)
  Dr. Dobb's Journal, April 1997, 23-36.

• "Some new key agreement protocols providing mutual implicit authentication" (with M. Qu and S. Vanstone)
  Workshop on Selected Areas in Cryptography (SAC '95), 22-32, 1995.

• "Elliptic curve cryptosystems"
  CryptoBytes - The Technical Newsletter of RSA Laboratories, Volume 1, Number 2, Summer 1995, 1-4.

• Elliptic Curve Public Key Cryptosystems
  Kluwer Academic Publishers, 1993.

• "Reducing elliptic curve logarithms to logarithms in a finite field" (with T. Okamoto and S. Vanstone)
  IEEE Transactions on Information Theory, 39 (1993), 1639-1646.

• "Elliptic curve cryptosystems and their implementation" (with S. Vanstone)
  Journal of Cryptology, 6 (1993), 209-224

• "Public-key cryptosystems with very small key lengths" (with G. Harper and S. Vanstone)
  Advances in Cryptology - EUROCRYPT '92, Lecture Notes in Computer Science, 658 (1993), 163-173.

• "Counting points on elliptic curves over F_2^m" (with S. Vanstone and R. Zuccherato)
  Mathematics of Computation, 60 (1993), 407-420.

• Applications of Finite Fields (with I. Blake, S. Gao, R. Mullin, S. Vanstone and T. Yaghoobian)
  Kluwer Academic Publishers, 1992.

• "Subgroup refinement algorithms for root finding in GF(q)" (with P. van Oorschot and S. Vanstone)
  SIAM Journal on Computing, 21 (1992), 228-239.

• "A note on cyclic groups, finite fields, and the discrete logarithm problem" (with S. Vanstone)
  Applicable Algebra in Engineering, Communication and Computing, 3 (1992), 67-74.

• Advances in Cryptology - Proceedings of CRYPTO '90 (edited with S. Vanstone)
  Lecture Notes in Computer Science, 537, Springer-Verlag, 1991.

• The implementation of elliptic curve cryptosystems" (with S. Vanstone)
  Advances in Cryptology - AUSCRYPT '90, Lecture Notes in Computer Science, 453 (1990), 2-13.

• "Isomorphism classes of elliptic curves over finite fields of characteristic 2" (with S. Vanstone)
  Utilitas Mathematica, 38 (1990), 135-154.

• "On the number of self-dual bases of GF(_q^m) over GF(q)" (with D. Jungnickel and S. Vanstone)
  Proceedings of the American Mathematics Society, 109 (1990), 23-29.

• "Some computational aspects of root finding in GF(_q^m)" (with S. Vanstone and P. van Oorschot)
  Symbolic and Algebraic Computation, Lecture Notes in Computer Science, 358 (1989), 259-270.