References

October 25, 2025 · View on GitHub

AES-GCM

D. A. McGrew and J. Viega, "The Galois/Counter Mode of operation (GCM).", https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf

AbVaLo19

R. Abarzúa, C. Valencia and J. López, "Survey for Performance & Security Problems of Passive Side-channel Attacks Countermeasures in ECC", https://eprint.iacr.org/2019/010.pdf

ABMSV03

A. Antipa, D. Brown, A. Menezes, R. Struik, S. Vanstone, "Validation of Elliptic Curve Public Keys", PKC 2003, https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf

AkiTak03

T. Akishita, T. Takagi, "Zero-Value Point Attacks on Elliptic Curve Cryptosystem", ISC 2003, pp. 218-233. https://download.hrz.tu-darmstadt.de/pub/FB20/Dekanat/Publikationen/CDC/TI-03-01.zvp.pdf

BeMeMu00

I. Biehl, B. Meyer, V. Müller, "Differential Fault Attacks on Elliptic Curve Cryptosystems", Crypto '00, pp. 131-164

BelRog00

Bellare, Rogaway, "Encode-Then-Encipher Encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography", Asiacrypt 2000, pp.317--330.

BreHen19

J. Breitner and N. Heninger, "Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies",

https://eprint.iacr.org/2019/023

Brown07

D. R. L. Brown "What Hashes Make RSA-OAEP Secure?", IACR e-print, 2007, https://eprint.iacr.org/2006/223.pdf

BFKLSST12

R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, G. Steel, J.K. Tsay, "Efficient padding oracle attacks on cryptographic hardware", Crypto 2012

DSMMS16

D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk "On The (In-)Security Of JavaScript Object Signing And Encryption" https://www.nds.rub.de/media/ei/veroeffentlichungen/2017/10/17/main.pdf

Ferguson05

N. Ferguson, "Authentication weaknesses in GCM", https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/cwc-gcm/ferguson2.pdf

FGHT16

J. Fried, P. Gaudry, N. Heininger, E. Thome, "A kilobit hidden SNFS discrete logarithm computation". http://eprint.iacr.org/2016/961.pdf

Goubin03

L. Goubin, "A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems", PKC’03, pp. 199–210, https://www.iacr.org/archive/pkc2003/25670199/25670199.pdf

Gordon92

D. M. Gordon. "Designing and detecting trapdoors for discrete log cryptosystems." CRYPTO’92, pp. 66–75.

GPPT16

D. Genkin, L. Pachmanov, I. Pipman, E. Tromer, "ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs", http://cs.tau.ac.il/~tromer/papers/ecdh.pdf

HowSma99

N.A. Howgrave-Graham, N.P. Smart, "Lattice Attacks on Digital Signature Schemes", https://www.hpl.hp.com/techreports/1999/HPL-1999-90.pdf

Joux-Gcm

A. Joux, "Authentication failures in NIST version of GCM", http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Series-Drafts/GCM/Joux_comments.pdf.

LimLee98

C.H. Lim and P.J. Lee, "A key recovery attack on discrete log-based schemes using a prime order subgroup", CRYPTO' 98, pp 249--263.

KlPoRo03

V. Klima, O. Pokorny, and T. Rosa, "Attacking RSA-based Sessions in SSL/TLS", https://eprint.iacr.org/2003/052/

Krawczyk10

H. Krawczyk, "Cryptographic extraction and key derivation: the HKDF scheme", https://eprint.iacr.org/2010/264.pdf

Madden22

Neil Madden, "CVE-2022-21449: Psychic Signatures in Java", https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Nicolic14

I. Nicolic, "Tiaoxin -- 346", https://competitions.cr.yp.to/round3/tiaoxinv21.pdf

Nguyen04

P. Nguyen, “Can we trust cryptographic software? Cryptographic flaws in Gnu privacy guard 1.2.3”, Eurocrypt 2004, https://www.iacr.org/archive/eurocrypt2004/30270550/ProcEC04.pdf

NguSpa03

P.Q. Nguyen and I.E. Sparlinski, "The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces" Designs, Codes and Cryptography, 30, 201–217, 2003

RGGSWY18

E. Ronen, R. Gillham, D. Genkin, A. Shamir D. Wong, Y. Yarom "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations", https://eprint.iacr.org/2018/1173.pdf

Odlyzko90

A. M. Odlyzko, "The rise and fall of knapsack cryptosystems", Cryptology and Computational Number Theory, pp.75-88, 1990

OorWie96

P. C. van Oorschot, M. J. Wiener, "On Diffie-Hellman key agreement with short exponents", Eurocrypt 96, pp 332--343.

WeakDh

D. Adrian et al. "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" CCS '15 pp 5--17. https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

A good analysis of various DH implementations. Some misconfigurations pointed out in the paper are: p is composite, p-1 contains no large prime factor, q is used instead of the generator g.

Bleich98

D. Bleichenbacher, "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1", Crypto 98.

Manger01

J. Manger, "A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS# 1 v2.0", Crypto 2001.

This paper shows that OAEP is susceptible to a chosen ciphertext attack if error messages distinguish between different failure conditions.

Smart10

N. Smart, "Errors matter: Breaking RSA-based PIN encryption with thirty ciphertext validity queries", RSA conference, 2010.

This paper shows that padding oracle attacks can be successful with even a small number of queries.

VauViz17

S. Vaudenay, D. Vizár, "Under Pressure: Security of Caesar Candidates beyond their Guarantees" https://eprint.iacr.org/2017/1147.pdf

WuPre14

H. Wu, B. Preneel, "AEGIS: A fast authenticated encryption algorithm" CAESAR submission http://competitions.cr.yp.to/round1/aegisv1.pdf

ParanoidCrypto

Project Paranoid https://github.com/google/paranoid_crypto

Eurocrypt92 panel

"The Eurocrypt'92 Controversial Issue Trapdoor Primes and Moduli", EUROCRYPT '92, LNCS 658, pp. 194-199.

ECRYPT-II

Yearly Report on Algorithms and Keysizes (2011-2012), http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf

NIST-SP800-38d

"Recommendation for block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC", http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

NIST-SP800-56A

NIST SP 800-56A, revision 3, April 2018. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf

NIST-SP800-57

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

Transitioning the Use of Cryptographic Algorithms and Key Lengths https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf Some notable changes in revision 2: Keys with less than 112 bit security are now disallowed. EdDSA will be added with FIPS 186-5. TDES is disallowed after 2023. RSA PKCS 1 v.1.5 for encryption is disallowed after 2023.