cryptography, especially end-to-end encryption

* [ ] Abadi and Rogaway (2001), ["Reconciling Two Views of Cryptography"](https://courses.cs.washington.edu/courses/cse590q/03au/abadi00reconciling.pdf) * [x] Abdalla et al. (2001), ["DHIES: An Encryption Scheme based on the Diffie-Hellman Problem"](https://web.cs.ucdavis.edu/~rogaway/papers/dhies.pdf) * [ ] Abe et al. (2007), ["Tag-KEM/DEM: A New Framework for Hybrid Encryption"](https://link.springer.com/article/10.1007/s00145-007-9010-x) * [ ] Alwen et al. (2020), ["Analyzing the HPKE Standard"](https://eprint.iacr.org/2020/1499) * [x] An (2001), ["Authenticated Encryption in the Public-Key Setting: Security Notions and Analyses"](https://eprint.iacr.org/2001/079) * [ ] Ari and Brainard (1999), ["Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks"](http://www.arijuels.com/wp-content/uploads/2013/09/JB99.pdf) * [ ] Barak (2021), ["An Intensive Introduction to Cryptography"](https://intensecrypto.org/) * [ ] Beck et al. (2019), ["Automating the Development of Chosen Ciphertext Attacks"](https://eprint.iacr.org/2019/958.pdf) * [ ] Bellare et al. (1999), ["Relations among Notions of Security for Public-Key Encryption Schemes"](https://www.di.ens.fr/david.pointcheval/Documents/Papers/1998_crypto.pdf) * [ ] Bellare et al. (2020), ["Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements"](https://eprint.iacr.org/2020/800.pdf) * [ ] Bernstein et al. (2015), ["Dual EC: A Standardized Back Door"](https://eprint.iacr.org/2015/767) * [ ] Boneh (2023), ["A Graduate Course in Applied Cryptography"](https://toc.cryptobook.us) * [ ] Bjørstad and Dent (2005), ["Building Better Signcryption Schemes with Tag-KEMs"](https://eprint.iacr.org/2005/405) * [ ] Canetti et al. (1997), ["Deniable Encryption"](https://eprint.iacr.org/1996/002)[^1] * [ ] Canetti (2001), "Universally Composable Security: A New Paradigm for Cryptographic Protocols"[^2] * [ ] Cheval et al. (2022), ["Hash Gone Bad: Automated Discovery of Protocol Attacks That Exploit Hash Function Weaknesses"](https://eprint.iacr.org/2022/1314) * [x] Chou and Orlandi (2015), ["The Simplest Protocol for Oblivious Transfer"](https://eprint.iacr.org/2015/267.pdf) * [ ] Dent (2005), ["Hybrid Signcryption Schemes with Outsider Security"](https://cogentcryptography.com/papers/outer.pdf) * [ ] Dent (2009), ["Hybrid Cryptography"](https://eprint.iacr.org/2004/210.pdf) * [ ] Diffie (1988), ["The First Ten Years of Public-Key Cryptography"](https://cr.yp.to/bib/1988/diffie.pdf) * [ ] Diffie and Hellman (1977), "New Directions in Cryptography" * [ ] Dolev and Yao (1983), ["On the Security of Public Key Protocols"](http://www.cs.huji.ac.il/~dolev/pubs/dolev-yao-ieee-01056650.pdf) * [ ] Haber and Pinkas (2001), ["Securely Combining Public-Key Cryptosystems"](https://static.aminer.org/pdf/20170130/pdfs/ccs/osakzu1jb67tm0oqfvyqgea9j5lsxevz.pdf) * [ ] Fenske and Johnson (2023), ["Security Notions for Fully Encrypted Protocols"](https://www.petsymposium.org/foci/2023/foci-2023-0004.pdf) ([via](https://github.com/net4people/bbs/issues/383)) * [ ] Fenske and Johnson (2024), ["Bytes to Schlep? Use a FEP: Hiding Protocol Metadata with Fully Encrypted Protocols"](https://arxiv.org/abs/2405.13310) ([via](https://github.com/net4people/bbs/issues/383)) * [ ] Goldwasser (2015), ["Cryptographic Assumptions: A Position Paper"](https://eprint.iacr.org/2015/907.pdf)[^3] * [ ] Kerckhoffs (1883), [*Military Cryptography: or, Ciphers Used in Time of War*](https://militarycryptography.xyz/book/lcm.pdf) * [ ] Kobeissi (2021), ["An Analysis of the the ProtonMail Cryptographic Architecture"](https://eprint.iacr.org/2018/1121.pdf) * [ ] Kuhn et al. (2021), ["Plausible Deniability for Anonymous Communication"](https://www.intellisec.org/pubs/2021-wpes.pdf) * [x] Lai et al. (2020), ["Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer"](https://eprint.iacr.org/2020/1012.pdf) * [ ] Martínez et al. (2010), ["A Comparison of the Standardized Versions of ECIES"](https://ieeexplore.ieee.org/abstract/document/5604194) * [ ] Patton and Shrimpton (2019), [“Security in the Presence of Key Reuse: Context-Separable Interfaces and Their Applications”](https://eprint.iacr.org/2019/519) * [ ] Raghunathan (2011), ["Proofs in Cryptography"](https://crypto.stanford.edu/~ananthr/docs/crypto-proofs.pdf) * [x] Rivest (1998), ["Chaffing and Winnowing: Confidentiality without Encryption"](https://people.csail.mit.edu/rivest/pubs/Riv98a.pdf) * [ ] Rogaway (2015), ["The Moral Character of Cryptographic Work"](https://eprint.iacr.org/2015/1162.pdf) * [ ] Roagway and Shrimpton (2007), ["Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem"](https://web.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf) * [ ] Shoup (2006), ["Sequences of Games: A Tool for Taming Complexity in Security Proofs"](https://eprint.iacr.org/2004/332.pdf) * [ ] Steele and Wood (2023), [“New Cryptography at the IETF”](https://datatracker.ietf.org/meeting/118/materials/slides-118-saag-new-cryptography-at-the-ietf-00) * [ ] Thormaker (2021), ["On Using the Same Key Pair for Ed25519 and X25510-based KEM"](https://eprint.iacr.org/2021/509.pdf) * [ ] Unger (2001), [*End-to-End Encrypted Group Messaging with Insider Security*](https://uwspace.uwaterloo.ca/handle/10012/17196) ## Authentication and key agreement - [ ] Alwen et al. (2024), ["How Multi-Recipient KEMs Can Help the Deployment of Post-Quantum Cryptography"](https://pqshield.com/wp-content/uploads/2024/09/how-multi-recipient-kems.pdf) * [x] Barnes et al. (2022), ["Hybrid Public Key Encryption"](https://datatracker.ietf.org/doc/html/rfc9180) (RFC 9180) * [ ] Cremers et al. (2023), ["Keeping Up with the KEMs: Stronger Security Notions for KEMs and Automated Analyses of KEM-based Protocols"](https://eprint.iacr.org/2023/1933) * [ ] Connolly (2024), ["How to Hold KEMs"](https://durumcrustulum.com/2024/02/24/how-to-hold-kems/) * [ ] der Have (2022), ["The X3DH Protocol: A Proof of Security"](https://www.cs.ru.nl/bachelors-theses/2021/Ferran_van_der_Have___4104145___The_X3DH_Protocol_-_A_Proof_of_Security.pdf) * [ ] Dowling et al. (2022), ["Strongly Anonymous Ratcheted Key Exchange"](https://eprint.iacr.org/2022/1187.pdf) * [ ] Madden (2021), ["From KEMs to Protocols"](https://neilmadden.blog/2021/04/08/from-kems-to-protocols/) * [ ] NIST (2024), FIPS 203, "Module-Lattice-Based Key-Encapsulation Mechanism Standard"](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf) * NIST (forthcoming), SP 800-227, "Recommendations for Key-Encapsulation Mechanisms" * [ ] Perrin (2018), ["The Noise Protocol Framework"](https://noiseprotocol.org/noise.html) * [ ] Poettering et al. (2021), ["SoK: Game-based Security Models for Group Key Exchange"](https://eprint.iacr.org/2021/305.pdf) * [ ] Smart (2004), ["Efficient Key Encapsulation to Multiple Parties"](https://sci-hub.st/10.1007/978-3-540-30598-9_15) - [ ] Syverson and Traudt (2019), ["Self-Authenticating Traditional Domain Names"](https://blog.pastly.net/papers/secdev19-satdomains.pdf) * [x] Unger and Goldberg (2015), ["Deniable Key Exchanges for Secure Messaging"](http://www.cypherpunks.ca/~iang/pubs/dake-ccs15.pdf) ### Key derivation and combination - [ ] Aviram et al. (2022), ["Practical (Post-Quantum) Key Combiners from One-Wayness and Applications to TLS"](https://eprint.iacr.org/2022/065.pdf) - [ ] Backendal et al. (2023), ["When Messages Are Keys: Is HMAC a Dual-PRF?"](https://eprint.iacr.org/2023/861.pdf) - [ ] Bindel et al. (2018), ["Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange"](https://eprint.iacr.org/2018/903.pdf) - [ ] Campagna and Petcher (2020), ["Security of Hybrid Key Encapsulation"](https://assets.amazon.science/c2/a3/473dcc4149c6bc47002da7460dcc/security-of-hybrid-key-encapsulation.pdf) - [ ] Giacon et al. (2018), ["KEM Combiners"](https://eprint.iacr.org/2018/024) - [ ] Krawczyk and Eronen (2010), ["HMAC-based Extract-and-Expand Key Derivation Function (HKDF)"](https://datatracker.ietf.org/doc/html/rfc5869) (RFC 5869) - [ ] Ricci et al. (2024), ["Hybrid Keys in Practice: Combining Classical, Quantum, and Post-Quantum Cryptography"](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10430098) ## Messaging - [ ] Facebook (2023), ["Messenger End-to-End Encryption Overview"](https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf) - [x] Albrecht et al. (2022), ["Four Attacks and a Proof for Telegram"](https://eprint.iacr.org/2023/469) - [ ] Delaune et al. (2017), ["Formal Verification of Protocols based on Short Authenticated Strings"](https://inria.hal.science/hal-01528607/document) - [ ] Linker et al. (2024), ["A Formal Analysis of Apple’s iMessage PQ3 Protocol"](https://eprint.iacr.org/2024/1395) - [ ] Liu and Tromer (2022), ["Oblivious Message Retrieval"](https://eprint.iacr.org/2021/1256.pdf) - [x] Liu et al. (2024), ["Oblivious Message Retrieval"](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a115/1Ub23ocBmKI) - [ ] Pasini (2009), ["Secure Communication Using Authenticated Channels"](https://secu.famillepasini.ch/files/2009/phd/pasini_phd_thesis.pdf) * [ ] Rösler et al. (2021), ["More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema"](https://eprint.iacr.org/2017/713.pdf) * [ ] Unger et al. (2015), ["SoK: Secure Messaging"](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163029) * [ ] Vaudenay (2005), ["Secure Communication over Insecure Channels based on Short Authenticated Strings"](https://link.springer.com/content/pdf/10.1007/11535218_19.pdf) * [x] Wang et al. (2024), ["Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol"](https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/) ## Quantum/post-quantum cryptography * [ ] Bannerjee et al. (2024), ["Post-Quantum Cryptography for Engineers"](https://datatracker.ietf.org/doc/html/draft-ietf-pquip-pqc-engineers-04) * [ ] Castryck et al. (2018), ["CSIDH: An Efficient Post-Quantum Commutative Group Action"](https://eprint.iacr.org/2018/383.pdf) * [ ] Connolly (2024), ["Going Post Quantum"](https://archive.org/details/oscw-2024-deirdre-connolly-going-post-quantum) * [ ] Schmieg (2024), ["PQC for Non-Cryptographers"](https://keymaterial.net/2024/08/30/pqc-for-non-cryptographers/) - [ ] Young et al. (2024), ["Societal Implications of Quantum Technologies through a Technocriticism of Quantum Key Distribution"](https://firstmonday.org/ojs/index.php/fm/article/view/13571) ## Signatures - [ ] An et al. (2002), ["On the Security of Joint Signature and Encryption"](https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf) - [ ] Krawczyk (2001), ["The Order of Encryption and Authentication for Protecting Communications: or, How Secure Is SSL?"](https://www.iacr.org/archive/crypto2001/21390309.pdf) * [ ] Paterson et al. (2011), [“On the Joint Security of Encryption and Signature, Revisited”](https://eprint.iacr.org/2011/486.pdf) ## Specifications - [ ] [EasyCrypt](https://github.com/EasyCrypt/easycrypt) - [ ] [hacspec](https://github.com/hacspec/hacspec), superseded by [hax](https://github.com/hacspec/hax) - [ ] Erbsen et al. (2019), ["Simple High-Level Code for Cryptographic Arithmetic—with Proofs, without Compromises"](http://adam.chlipala.net/papers/FiatCryptoSP19/FiatCryptoSP19.pdf) - [ ] Sullivan and Wood (2023), [“Guidelines for Writing Cryptography Specifications”](https://datatracker.ietf.org/doc/draft-irtf-cfrg-cryptography-specification/) ## Testing - [ ] Costa et al. (2022), ["Asserting the Correctness of Shor Implementations Using Metamorphic Testing"](https://dl.acm.org/doi/abs/10.1145/3549036.3562062) - [ ] Pugh et al. (2019), ["Systematic Testing of Lightweight Cryptographic Implementations"](https://csrc.nist.gov/CSRC/media/Events/lightweight-cryptography-workshop-2019/documents/papers/systematic-testing-of-lightweight-crypto-lwc2019.pdf) - [ ] ["Developing Effective Test Strategies for Cryptographic Algorithm Implementations"](https://csrc.nist.gov/CSRC/media/Presentations/systematic-testing-of-lightweight-cryptographic-im/images-media/sesssion11-raunak-systematic-testing.pdf) - [ ] Pugh et al. (2019), ["Systematic Testing of Post-Quantum Cryptographic Implementations Using Metamorphic Testing"](https://dl.acm.org/doi/abs/10.1109/MET.2019.00009) - [ ] Wolf and Schönwälder (2021), ["Applying Metamorphic Testing to Homomorphic Cryptography"](https://ieeexplore.ieee.org/document/9477673) ## Transparency, verification, auditing - [ ] Brandt et al., (2024), ["A Formal Treatment of Key Transparency Systems with Scalability Improvements"](https://eprint.iacr.org/2024/1938) - [ ] Cheval et al. (2023), ["Automatic Verification of Transparency Protocols"](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10190509) - [ ] Hu et al. (2021), ["Merkle^2: A Low-Latency Transparency Log System"](https://eprint.iacr.org/2021/453) - [ ] Len et al. (2023), ["OPTIKS: An Optimized Key Transparency System"](https://eprint.iacr.org/2023/1515) - [x] Linker (2024), ["Formal Verification of Transparency Systems"](https://datatracker.ietf.org/doc/slides-interim-2024-keytrans-01-sessa-formal-verification-of-transparency-systems/) - [ ] Meiklejohn et al. (2020), ["Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures"](https://arxiv.org/abs/2011.04551) - [ ] Melara et al. (2014), ["CONIKS: Bringing Key Transparency to End Users"](https://eprint.iacr.org/2014/1004) - [ ] Miller et al. (2014), ["Authenticated Data Structures, Generically"](https://dl.acm.org/doi/10.1145/2535838.2535851) - [ ] Valsorda (2024), ["Modern Transparency Logs"](https://www.youtube.com/watch?v=SOfOe_z37jQ) [^1]: Rivest (1998), "Chaffing and Winnowing" [^2]: Unger and Goldberg (2015), ["Deniable Key Exchanges for Secure Messaging"](http://www.cypherpunks.ca/~iang/pubs/dake-ccs15.pdf) [^3]: Rogaway (2015), ["The Moral Character of Cryptographic Work"](https://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf)