• Publications
  • Influence
Curve25519: New Diffie-Hellman Speed Records
  • D. Bernstein
  • Computer Science
  • Public Key Cryptography
  • 24 April 2006
This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles (with several sideExpand
  • 610
  • 125
Cache-timing attacks on AES
This paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer. This attack should be blamed on the AES design, not on the particular AESExpand
  • 695
  • 86
Twisted Edwards Curves
This paper introduces "twisted Edwards curves," a generalization of the recently introduced Edwards curves; shows that twisted Edwards curves include more curves over finite fields, and in particularExpand
  • 335
  • 60
High-speed high-security signatures
This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 109000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128Expand
  • 399
  • 59
Faster Addition and Doubling on Elliptic Curves
Edwards recently introduced a new normal form for elliptic curves. Every elliptic curve over a non-binary field is birationally equivalent to a curve in Edwards form over an extension of the field,Expand
  • 400
  • 43
The Salsa20 Family of Stream Ciphers
  • D. Bernstein
  • Computer Science
  • The eSTREAM Finalists
  • 1 April 2008
Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project. Salsa20 has progressed to the third round of eSTREAM without any changes.Expand
  • 340
  • 35
The Poly1305-AES Message-Authentication Code
Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byteExpand
  • 259
  • 35
Attacking and defending the McEliece cryptosystem
This paper presents several improvements to Stern's attack on the McEliece cryptosystem and achieves results considerably better than Canteaut et al. This paper shows that the system with theExpand
  • 293
  • 33
SPHINCS: Practical Stateless Hash-Based Signatures
This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, publicExpand
  • 194
  • 31
Binary Edwards Curves
This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves,Expand
  • 117
  • 31