Tanja Lange's Homepage
Coding Theory and Cryptology
Eindhoven Institute for the Protection of Systems and Information
Department of Mathematics and Computer Science
Room MF 6.104B
Technische Universiteit Eindhoven
P.O. Box 513
5600 MB Eindhoven
Netherlands
Phone: +31 (0) 40 247 4764
Fax.: +31 (0)40 247 5366
The easiest ways to reach me whereever I am:
email:tanja@hyperelliptic.org
Photo
Seite auf deutsch
News
 We're organizing the Ei/PSI workshop Security in Times
of Surveillance on 8 May 2015.
 Master Math course Cryptology (Spring 2015, with Marc Stevens).
 2WF50 Algebra en Discrete Wiskunde (Spring 2014)
 Bachelor course Introduction to Cryptology(Fall 2014, second quarter)
 We got the beststudent paper award at CARDIS 2014 for Kangaroos in SideChannel
Attacks
 We showed our first results on using EMR against AMR processors at
the rump session of CHES. We can distinguish constant time operations
based on input, see pictures in slides
 We designed a stateless hashbased signature scheme. Sphincs is postquantum secure and
practical.
 Kerckhoff Master Course:
Cryptography I (Fall 2014)
 Coding Theory and Cryptology I (Fall 2014)
 We've added some totally random bada55 curves
to complement our SafeCurves
study. A new requirement for the threadmodel: the designer of the
cryptosystem may be malicious. Matching paper: How to manipulate curve standards: a white paper for the black hat
 We're organizing the Ei/PSI workshop Security in Times
of Surveillance on 28 April 2014.
 More information about our attack on the Dual EC random number generator is vailable here
 2WF50 Algebra en Discrete Wiskunde (Spring 2014)
 Our attack on certified smart cards
will appear at Asiacrypt 2013 and now has its own webpage
 Elligator  Ellipticcurve points indistinguishable from uniform random strings, with Daniel J. Bernstein, Mike Hamburg, and Anna Krasnova will appear at ACMCCS
 Together with Kristin Lauter and Petr Lisonek I'm chair of SAC 2013
 You can find me on twitter as hyperelliptic
 I'm leading the EU FP7 project Physically unclonable functions found in standard PC components (PUFFIN)
 Research retreat Internet crypto, January 21  22, 2013, Tenerife, Spain
 Workshop on Cryptography for the Internet of Things, November 20  21, 2012, Antwerp, Belgium
 PostQuantum Cryptography and Quantum Algorithmsfrom 5 Nov 2012 through 9 Nov 2012 at the LorentzCenter in Leiden, Netherlands
 DIAC  Directions in Authenticated Ciphers, July 05  06, 2012
 Codebased Cryptography Workshop 2012911 May 2012, Lyngby, Denmark
 Registration is open Pairing 2012. The workshop will take place in Cologne right before PKC.
 Workshop on Elliptic Curves in Cryptography, Oct 2012 Mexico.
 SHARCS 2012. The workshop will take place in Washington right before FSE and SHA3.
 YouTube video on Faster Computation of the Tate Pairing about paper with Christophe Arne, Michael Naehrig, Christophe Ritzenthaler. Michael's whole family in action!
 We're working on the ECC2K130 challenge. Our preprint is now on ePrint as 2009/541 and we present regular updates on our twitter page
ECCchallenge.
 Our team, posting as @hashbreaker and @CodingCrypto has won Engineyard's
SHA1 challenge! For details on the computation see here.
 The
Coding and Cryptography Computer Cluster (CCCC) has its own page.
 Our paper
ECM on graphics cards
got accepted to Eurocrypt 2009.
 Our attack on the McEliece cryptosystem finished succesfully! The
paper
describing the background appeared at the second PQCrypto 2008
workshop. The attack finished after 8000 CPUdays. See also the press coverage.
 Binary Edwards Curves; also have a look at the Slides from the Eurocrypt RumpSession or those from Dan's and my presentation in Madrid
 ExplicitFormulas Database
 Edwards coordinates
 We are a node of ECRYPT  European Network of Excellence in Cryptology.

CACE  Computer Aided Cryptography Engineering got funding in the 7th EUFramework program.
Editorships and Steering Committees
Conferences
I serve(d) on the following program committees:
PhD Students
Projects
 Physically unclonable functions found in standard PC components (PUFFIN) (FP7)
 PACE Pairing Acceleration for Cryptography using Elliptic Curves (NWO)
 ECRYPT II Network of Excellence in Cryptology (FP7)
 CACE
Computer Aided Cryptography Engineering (FP7)
 VELUX Visiting Professor
 Digital Signatures (FTP, together with Lars Knudsen)
 ECRYPT Network of Excellence in Cryptology (FP6)
 STORK Strategic Roadmap for Crypto (FP5)
 AREHCC  Advanced Research on Elliptic and Hyperelliptic Curve Cryptographyi(FP5)
Publications
All publications since 2004 are linked from my TU/e homepage.
 Factoring polynomials over arbitrary finite fields,(with A. Winterhof)
Theoretical Computer Science 234 (2000), 301308.
 Algorithms for factoring polynomials over arbitrary finite fields, (with A. Winterhof),
Proceedings of the Fifth International Conference on Finite Fields and Applications 2000, (Springer 2001), 319328.
 Speeding up the Arithmetic on Hyperelliptic Koblitz Curves of Genus 2, (with C. Günther and A. Stein)
Selected Areas in Cryptography, SAC 2001, Lecture Notes in Computer Science 2012, (Springer 2001), 106117.
 Interpolation of the Discrete Logarithm in Finite Fields by Boolean
Functions, (with A. Winterhof)
in: Electronic Notes in Discrete Mathematics 6 as Proocedings of: International Workshop on Coding and Cryptography (WCC 2001).
 Incomplete character sums over finite fields and their applications to the interpolation of the discrete logarithm by Boolean functions, (with A. Winterhof)
Acta Arithmetica 101 (2002), 223229.
 Linear Complexity of the Discrete Logarithm, (with S. Konyagin and I. Shparlinski), Designs, Codes and Cryptography 28 (2003), 135146.
 Interpolation of the Discrete Logarithm in F_{q} by Boolean Functions and by Polynomials in Several Variables Modulo a Divisor of q1, (with A. Winterhof), Discrete Applied Mathematics 128/1 (2003), 193  206.
 Polynomial Interpolation of the Elliptic Curve and XTR Discrete Logarithm, (with A. Winterhof)
Proceedings of the 8th Annual International Computing and Combinatorics Conference (COCOON'02) (Singapore, 2002), LNCS 2387, 137143.
 Koblitz Curve Cryptosystems, STJournal of System Research 4 (2003), 2936.
 Improved Algorithms for Efficient Arithmetic on Elliptic Curve using
Fast Endomorphisms, (with M. Ciet,
F. Sica and
J.J. Quisquater
) Proceedings of Eurocrypt 2003, LNCS 2656, 388400.
 Interpolation of the EllipticCurve DiffieHellman
Mapping, (with A. Winterhof), Proceedings of AAECC 2003, LNCS 2643, 5160.
 TraceZero Subvariety for Cryptosystems, to appear in
Journal of the Ramanujan Mathematical Society.
 On Using Expansions to the Base of $2$, (with R. Avanzi, G. Frey, and R. Oyono), to appear in International Journal on Computer Mathematics vol 81 no 4, 2004.
 Montgomery Addition for Genus Two Curves, to appear in Proceedings of
ANTS 2004.
 Certain exponential sums and random walks on elliptic curves, (with I. Shparlinski), submitted.
 Formulae for Arithmetic on Genus 2 Hyperelliptic Curves, to appear in J. AAECC.
 Mathematical Background of Public Key Cryptography, (with G. Frey ), see also Preprint 10/2003 of the IEM, Essen.
 Koblitz Curve Cryptosystems, to appear in FFA.
 Collisions in Fast Generation of Ideal Classes and Points
on Hyperelliptic and Elliptic Curves, (with I. Shparlinski), to appear in J. AAECC.
 tbc.
Some preprints are available electronically here
Slides of recent (well..) talks
The talks come in chronological order.
 Fast arithmetic on hyperelliptic Koblitz curves ,
invited talk at the MAGiC conference in Urbana/Champaign
Abstract
M1.ps M2.ps M3.ps Slides (3 files, middle one containing picture of DiffieHellman keyexchange)
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
talk at UCL Crypto Group  Seminar Series
Slides
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
invited talk at 2003 International Symposium on Next Generation Cryptography and Related Mathematics, Japan
Slides
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
invited talk at Computational Aspects of Algebraic Curves, and Cryptography, Gainesville
Slides
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
talk at Cryptography Seminar in Rennes
Slides
 Improved Algorithms for Efficient Arithmetic on Elliptic Curve using
Fast Endomorphisms,
talk given by Francesco Sica at Eurocrypt 2003
Slides in pdf
 Efficient arithmetic on (hyper) elliptic curves over finite fields,
invited talk at ECC 2003
Slides
 Cryptographic Applications of Trace Zero Varieties,
invited talk at Mathematics of Discrete Logarithms, Essen
Slides
 Cryptographic Applications of Trace Zero Varieties,
talk at Dagsthul Seminar 
Algorithms and Number Theory
Slides
 Mathematical Countermeasures Against SideChannel Attacks on
ECC/HECC,
talk at YACC 2004
Slides
 Introduction to SideChannel Attacks on elliptic and
hyperelliptic curves,
talk at ANTS VI 2004
Slides
 Montgomery Addition for Genus Two Curves,
talk at ANTS VI 2004
Slides
 Mathematical Countermeasures against SideChannel Attacks on
Elliptic and Hyperelliptic Curves,
invited talk at WARTACRYPT
'04
Slides
 Pseudorandom Number Generators Based on Elliptic Curves,
invited talk at
Number Theoretic Algorithms and Related Topics
Slides
 Hyperelliptic curves in cryptography,
talk at the
"Seminar on zeta functions'' at the Technical University Tokyo
Slides
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
talk at the ``COSIC Seminar'', KU Leuven
Slides
 Curve Cryptography  suitable primitives for embedded device
,
invited talk at Cryptologie et Algorithmique En Normandie (CAEN'05)
Slides
 Pairings on ordinary hyperelliptic curves,
invited talk at Pairings in Cryptography
Slides
 Arithmetic on Binary Genus $2$ Curves Suitable for Small Devices,
talk at Workshop on RFID and Lightweight Crypto
Slides
 Arithmetic of hyperelliptic curves over finite fields,
talk at
Discrete Mathematics Seminar, University of Calgary
Slides
 Efficient computation of pairings on nonsupersingular
hyperelliptic curves,
talk at Number Theory Inspired by Cryptography, Banff
Slides
 Efficient computation of pairings on nonsupersingular hyperelliptic curves,
invited talk at Algebraic Methods in Cryptography, Bochum
Slides
 Cryptographic Applications of Trace Zero Varieties,
seminar talk at Cryptology Research Group at the Indian Statistical Institute, Kolkata
Slides
 Pairings in Cryptography
,
tutorial at ASIACRYPT 2005
Slides
 Distribution of Some Sequences of Points on Elliptic Curves
,
invited talk at
AMS Sectional Meeting Program by Special Session, Special Session on Number Theory
Slides
 Arithmetic of hyperelliptic curves over finite fields
, part of lecture at
Summer School on "Computational Number Theory and Applications to Cryptography"
Slides
 Pairing Based Cryptography
, part of lecture at
Summer School on "Computational Number Theory and Applications to Cryptography"
Slides
 Analysis of pseudorandom number generators based on elliptic
curves,
talk at
31st Australasian Conference on Combinatorial Mathematics & Combinatorial Computing(ACCMCC)
Slides
 Fast bilinear maps from the TateLichtenbaum pairing on
hyperelliptic curves,
talk at
ANTS VII, Berlin
Slides
 Efficient arithmetic on (hyper)elliptic curves over finite fields,
invited talk at
2006 Workshop on Cryptography and Related Mathematics
Slides
 Hyperelliptic Curves,
talk at
Information Security Summer School (ISSS) 2006. Taiwan.
Slides
 Efficient arithmetic on hyperelliptic curves over finite fields,
talk at
Information Security Summer School (ISSS) 2006. Taiwan.
Slides
 Pairing Based Cryptography,
talk at
Information Security Summer School (ISSS) 2006. Taiwan.
Slides
 Public Key Cryptography  Performance Comparison and Benchmarking
,
keynote at
Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg)
Slides
 Index Calculus in Finite Fields & Hyperelliptic Curves
,
tutorial at
WCAP 2006  III Workshop on Cryptographic Algorithms and Protocols
Slides
 Efficient arithmetic on hyperelliptic curves over finite fields
& Pairings,
tutorial at
WCAP 2006  III Workshop on Cryptographic Algorithms and Protocols
Slides
 Elliptic vs. hyperelliptic, part 2,
invited talk at ECC 2006
Slides and Slides in ps.gz
Part 1 of the fight was excecuted by Daniel J. Bernstein, his slides can be found here.
 Open Problems in Pairings,
invited talk at
Number Theory and Cryptography  Open Problems
Slides
 Tanja Lange,
on the occasion of presentating the new
employees of the faculty for mathematics and computer science of the Technische Universiteit
Eindhoven
Slides
(pdf)
 Cryptographic applications of curves over finite fields,
invited talk at
General Mathematical Colloquium Utrecht
Slides
 Unified addition formulae for elliptic curves,
invited talk
at
AMS Special Session on Mathematical Aspects of Cryptography, 2007
Spring AMS Eastern Section Meeting
Slides
 Elliptic vs. hyperelliptic, part 2,
talk at EIDMA Seminar Combinatorial
Theory
Slides
 Mathematical Background of Pairings,
talk at ECRYPT PhD Summer School on
Emerging Topics in Cryptographic Design and Cryptanalysis
Slides
 Fast scalar multiplication on elliptic curves,
invited talk
at Conference on
Algorithmic Number Theory
Slides
 Elliptic vs. hyperelliptic, part 3  Elliptic Strikes
Back,
talk at
Eurocrypt 07 Rump Session
Slides
 Sidechannel attacks and countermeasures for curve based
cryptography,
invited talk at Quo vadis
cryptology ?  Threat of SideChannel Attacks
Slides in ps
Slides in pdf
 Fast scalar multiplication on elliptic curves,
talk
at 8th International Conference
on Finite Fields and Applications
Slides
 Elliptic vs. Hyperelliptic, part 3: Elliptic strikes
back,
invited presentation at 11th Workshop
on Elliptic Curve Cryptography 2007
Slides for my half
Slides for Dan
Bernstein's half
 The EFD thing,
presentation
at the rump session of CHES 2007 given jointly with Dan
Bernstein
Slides
 Edwards Curves for Cyptography,
presentation at
EIDMA/DIAMANT Cryptography Working Group
Slides
 Edwards coordinates for elliptic curves, part 1,
invited presentation at
Explicit Methods in Number Theory
In honour of Henri Cohen
Slides
Part 2 was given by Dan
Bernstein
Dan's slides
 Edwards Coordinates for Elliptic Curves, part 1
,
invited presentation at
SAGE Days 6: Cryptology, Number theory, and Arithmetic Geometry
Slides
Part 2 was given by Dan
Bernstein
Dan's slides
 Edwards Curves for Cryptography,
invited keynote presentation at
Kolloquium über Kombinatorik
Slides
 Faster Addition and Doubling on Elliptic Curves,
joint presentation with Dan Bernstein at
ASIACRYPT 2007
Slides
 Edwards Coordinates,
invited keynote presentation at
Applied Algebra, Algebraic Algorithms, and Error Correcting Codes (AAECC17)
Slides
 The power of mathematics to protect data and to break data protection,
presentation at
Research day at TU/e
Slides
 Revisiting pairing based group key exchange,
presentation at
Financial Cryptography and Data Security 2008
Slides
 Binary Edwards Curves,
presentation at the
Eurocrypt 2008 Rump Session
Slides
 Faster arithmetic on elliptic curves  blessing to ECC, harm to RSA,
presentation at
EIPSI Grand Opening
Slides
 Binary Edwards Curves,
invited presentation at
Seminario Matematico, Universidad Autonoma Madrid
Slides
 Scalar Multiplication and Weierstrass Curves,
presentation at 3rd
ECRYPT PhD SUMMER SCHOOL Advanced Topics in Cryptography
Slides
 Shapes of Elliptic Curves,
rumpsession presentation at
ANTS 2008
Slides
See also the
zoo pictures.
 Twisted Edwards Curves,
talk given by
Daniel J. Bernstein on our joint paper at
Africacrypt 2008
Slides
 Binary Edwards Curves,
invited presentation at
Séminaire de Cryptographie de Rennes
Slides
 Binary Edwards Curves,
presentation at
CHES 2008
Slides
 ECM on Graphics Cards,
presentation at
CADO workshop on integer factorization
Slides
 PostQuantum Cryptography,
invited presentation at
INDOCRYPT 2008
Slides in ps
Slides in pdf
 Elliptic Curve Cryptography,
invited presentation at
Malaviya National Institute of Technology, Jaipur, India (Department of Computer Engineering)
Slides
 Models of Elliptic Curves,
joint invited presentation with Dan Bernstein at
Curves, Coding Theory, And Cryptography, ESF Exploratory Workshop  PESC
Slides
 Pairings on Edwards Curves,
invited presentation at
Arithmétique, géométrie, cryptographie et théorie des codes
Slides
Preprint with more details
 Pairings on Edwards curves,
invited presentation at
Fields Cryptography Retrospective Meeting
Slides
 Pairings on Edwards Curves,
presentation at
Dagstuhl Seminar Algorithms and Number Theory
Slides
 PostQuantum Cryptography
,
presentation at
Dagstuhl Seminar 09311Classical and Quantum Information Assurance Foundations and Practice
Slides
 Efficient Implementation of Pairings,
invited key note presentation at
Pairing 2009
Slides
 Applied cryptanalysis or  how to win an iPhone,
rump session presentation at
ECC
Slides
 ECM using Edwards curves,
invited presentation at
Workshop on Factoring Large Integers
Slides
 ECM using Edwards curves,
invited presentation at
Workshop on Discovery and Experimentation in Number Theory
held at Fields Institute, Toronto and Simon Fraser University, Burnaby.
Slides
See also here for
audio recordings.
 What is a use case for quantum key exchange? Part I,
invited presentation at
Workshop on quantum information
Slides
PartII was given by Daniel J. Bernstein,
see his talks page.
 Coppersmith's factorization factory,
invited presentation at
General Colloquium Leiden
Slides
 PostQuantum Cryptography,
invited presentation at
ISI Seminar at QUT Brisbane
Slides
 Breaking ECC2K130,
presentation at
Early Symmetric Crypto (ESC) seminar
Slides
 Small highsecurity publickey encryption and signatures,
invited presentation at
The First Taiwanese Workshop on Security and SystemonChip
Slides
 ECC minicourse,
talk given jointly with Daniel J. Bernstein in a minicourse following Africacrypt 2010.
Slides
 Starsh on strike,
talk given jointly with Daniel J. Bernstein
at Latincrypt.
Slides
 Why CHES is better than CRYPTO,
talk given jointly with Daniel J. Bernstein
that the CHES 2010 Rump Session.
Slides
Movie
 Attacking Elliptic Curve Challenges,
presentation at
European Cryptography Day
Slides
 Breaking ECC2K130,
invited presentation at
Workshop on Elliptic Curves and Computation
Slides
 Elliptic Curve Cryptography,
key note presentation at
81. Arbeitstagung Allgemeine Algebra
Slides
 Codebased cryptography,
invited presentation at
Workshop on: Solving polynomial equations
Slides
 On the correct use of the negation map in the Pollard rho method
,
talk given jointly with Daniel J. Bernstein at
PKC 2011
Slides
 Minicourse on the ECDLP,
given jointly with Daniel J. Bernstein at CSIT (Centre for Strategic Infocomm Technologies), Singapore
day 1
my part of day 2
my part of day 3
my part of day 4
 Breaking ECC2K130,
key note presentation at
CrossFyre
Slides
 Syndromebased hash functions,
invited presentation at
International Workshop on Coding & Cryptology (IWCC)
Slides
 Codebased cryptography,
key note presentation at
The 10th International Conference on Finite Fields and their Applications
Slides
 Codebased cryptography,
invited presentation at
Aspects of Coding Theory
Slides
 Advances in EllipticCurve Cryptography,
invited
presentation at International Conference on
Coding and Cryptography
Slides
 Stateoftheart branchless techniques for elliptic curve scalar
multiplicationy,
talk at Dagstuhl seminar on Quantum Cryptanalysis
blackboard snapshots
 Advances in EllipticCurve Cryptography,
plenary talk
at SIAM
Conference on Applied Algebraic Geometry
Slides
 Advances in EllipticCurve Cryptography,
talk at the General Mathematics Colloquium
Slides
 Codebased cryptography,
invited talk at the
Spanish Cryptography Days
Slides
 Elliptic curves for applications,
tutorial at
Indocrypt 2011
Slides
 A battle of bits: building confidence in cryptography,
talk given jointly with Daniel J. Bernstein at
Mathematical and Statistical Aspects of Cryptography
Slides
 The new SHA3 software shootout,
Talk given jointly with Daniel J. Bernstein at the Third SHA3 Candidate Conference
Slides
 Two grumpy giants and a baby,
Talk given jointly with Daniel J. Bernstein at the Ei/PSI Cryptography Working Group
Slides
 Factorization (tutorial),
given jointly with Daniel J. Bernstein at the
CSIT (Centre for Strategic Infocomm Technologies), Singapore.
Slides are yet to come.
 The security impact of a new cryptographic library.,
Talk given jointly with Daniel J. Bernstein at the ACNS 2012
Slides
 Never trust a bunny,
Talk given jointly with Daniel J. Bernstein at the RFIDsec 2012
Slides
 Two grumpy giants and a baby,
Talk given jointly with Daniel J. Bernstein at the ANTS 2012
Slides
 The security impact of a new cryptographic library.,
Invited talk given jointly with Daniel J. Bernstein at the "Short
Subjects in Security seminar" at Qualcomm, San Diego,
Slides
 Two grumpy giants and a baby,
Talk given jointly with Daniel J. Bernstein at YACC 2012
Slides
 Postquantum cryptography  longterm confidentiality and integrity
for communication,
presentation at
This Week's Discoveries  science faculty Leiden
Slides
 Advances in EllipticCurve Cryptography,
presentation at
Academia Sinica, IIS seminar (Taiwan)
Slides
 Highspeed highsecurity cryptography on ARMs,
Talk given jointly with Daniel J. Bernstein at the escar 2012
Slides
Abstract:
Secure cryptography does not need to be big and slow. This talk
explains the cryptographic primitives behind the recordsetting
software in the NaCl library (http://nacl.cr.yp.to), reports
timings on a variety of CPUs, and then focuses on ARM processors, with
an emphasis on the popular ARM Cortex A8 CPU core.
 Computing small discrete logarithms faster,
Talk given jointly with Daniel J. Bernstein at Indocrypt 2012
Slides
 FactHacks  RSA factorization in the real world,
Talk given jointly with Daniel J. Bernstein and Nadia Heninger at
29C3
Slides
See also our related webpage http://facthacks.cr.yp.to/ and the video.
 The state of factoring algorithms and other cryptanalytic
threats to RSA ,
Talk given jointly with Daniel J. Bernstein and Nadia Heninger.
Slides
See also our
related webpage http://facthacks.cr.yp.to/
 Nonuniform cracks in the concrete: the power of free
precomputation ,
Talk given jointly with Daniel J. Bernstein at ESC 2013
Slides
 PostQuantum Cryptography ,
presentation at Crypto for 2020
Slides
 Crypto for Security and Privacy,
panel at Crypto for 2020
Slides
 Modeling the Security of Cryptography, Part 2: PublicKey Cryptography,
invited presentation at
Modeling Intractability workshop
Slides
Part 1: secretkey cryptography. was given by Daniel J. Bernstein.
 Never trust a bunny,
rump session presentation at
Modeling Intractability workshop
Slides
 The security impact of a new cryptographic library.,
Talk given jointly with Daniel J. Bernstein at the Security seminar at the University of Haifa and 2 days later at the
Theory Seminar at the Weizmann Institute of Science
Slides
 Security dangers of the NIST curves,
Talk given jointly with Daniel J. Bernstein at the International State of the Art in Cryptography  Security workshop in Athens.
Slides
 Publickey cryptography and the DiscreteLogarithm Problem,
first lecture in
Summer School  Number Theory for Cryptography
slides
 Signatures and DLPI,
second lecture in
Summer School  Number Theory for Cryptography
slides
 DLPII and curves with endomorphisms,
third lecture in
Summer School  Number Theory for Cryptography
slides
 Pairings and DLPIII,
fourth lecture in
Summer School  Number Theory for Cryptography
slides
 Factoring RSA keys from certified smart cards: Coppersmith in the wild
,
presentation at
Number Theory, Geometry and Cryptography
Slides
 PostQuantum Cryptography,
presentation at
SIAM conference on Applied Algebraic Geometry
Slides
 Spyin' NSA,
song with several others at
Crypto 2013 Rump Session
Slides
YouTube recording.
 Under Surveillance,
song with several others at
Crypto 2013 Rump Session
Slides
YouTube recording.
 Factoring RSA keys from certified smart cards: Coppersmith in the wild,
presentation at
Cryptography Working Group, Sep 6, 2013
Slides
 Factoring RSA keys from certified smart cards: Coppersmith in the wild,
presentation at
ECC Rump session
Slides
 Benchmarking of postquantum cryptographyi,
presentation at
ETSI QuantumSafeCrypto Workshop
Slides
 Factoring RSA keys from certified smart cards: Coppersmith in the wild,
presentations at
Computer Science Colloquium (Macquarie University) and
Computational Algebra Seminar (Sydney University)
Slides
 Presentation at Department Dialog (TU/e)
Slides
 Some Elliptic CUrve REsults
presentation at the
Asiacrypt 2013 rump session
slides
 Nonuniform cracks in the concrete: the power of free precomputation,
Talk given jointly with Daniel J. Bernstein at Asiacrypt 2013
Slides
 Factoring RSA keys from certified smart cards: Coppersmith in
the wild
Talk given jointly with Nadia Heninger at Asiacrypt 2013
slides
 Cleaning up crypto,
Talk given jointly with Daniel J. Bernstein at the International View of the StateoftheArt of Cryptography and Security and its Use in Practice (IV) in Bangalore
Slides
 The year in crypto,
Talk given jointly with Daniel J. Bernstein and Nadia Heninger at
30C3
Slides
 (Tweet)NaCl,
Talk given jointly with Daniel J. Bernstein and Peter Schwabe at
30C3 during the #youbroketheinternet assembly.
Slides
 Randomness,
Talk given jointly with Daniel J. Bernstein at the Dagstuhl Seminar "Symmetric Cryptography".
Slides
 A ``Challenge in Finesse'',
Talk given jointly with Matthew D. Green at the rump session of the Real World Cryptography Workshop.
Slides: censored.
 SafeCurves: choosing safe curves for ellipticcurve cryptography,
Talk given jointly with Daniel J. Bernstein at the ShmooCon 2014.
Slides
 On the Practical Exploitability of Dual EC DRBG in TLS
Implementations,
Talk at Theoretical and
Practical Aspects of the Discrete Logarithm Problem.
Slides
 Verifiably random secure curves,
Talk given jointly with Daniel J. Bernstein at the Eurocrypt 2014 Rump session
Slides
 Randomness generation,
Talk given jointly with Daniel J. Bernstein at the International State of the Art Cryptography Workshop
Slides
 Crypto news and views,
Talk given jointly with Daniel J. Bernstein and Nadia Heninger at
NCSC ONE
Slides
 Publickey cryptography and the DiscreteLogarithm Problem,
presentation at
The 9th annual AMSI Winter School
Slides
 Signatures and DLP,
presentation at
The 9th annual AMSI Winter School
Slides
 Curves with endomorphisms and DLPs in intervals,
presentation at
The 9th annual AMSI Winter School
Slides
 Pairings, index calculus, and hyperelliptic curves,
presentation at
The 9th annual AMSI Winter School
Slides
Teaching
Links
On this site you can obtain my PhD thesis "Fast Arithmetic on Hyperelliptic Curves"
GPG keys
My personal GPG key
for email tanja@hyperelliptic.org
84734D40 GPG key for press contacts at press (at) hyperelliptic.org.
Thanks to
Pierrick Gaudry for the favicon.