Here you may find some of my publications, papers, unpublished
manuscripts, and other writings. Comments welcomed.
Also available are some of
my talks, as well as
my posts
on cryptography and related issues.
Papers
- Secure Verification of Location Claims
- Naveen Sastry, Umesh Shankar, and David Wagner.
ACM
Workshop on Wireless Security (WiSe 2003),
September 19, 2003.
[pdf]
- Cryptanalysis of an Algebraic
Privacy Homomorphism (revised version)
- David Wagner.
ISC 2003,
October 1-3, 2003.
Warning: The proceedings version has a bug.
See this erratum.
[slides: pdf,
ps]
- Hidden Markov Model Cryptanalysis
- Chris Karlof and David Wagner.
CHES 2003.
Full version available as
tech
report UCB//CSD-03-124.
- Private Circuits:
Securing Hardware against Probing Attacks
- Yuval Ishai, Amit Sahai, and David Wagner.
CRYPTO 2003.
[pdf]
- Security flaws in 802.11 data link protocols
- Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker.
Communications of the ACM, 46(5), May 2003, Special Issue on Wireless
networking security, pp.35-39.
[ACM's archive]
- A Critique of CCM
- P. Rogaway and D. Wagner.
Unpublished manuscript. February 2, 2003.
- A Conventional Authenticated-Encryption Mode
- M. Bellare, P. Rogaway, and D. Wagner.
Unpublished manuscript. April 14, 2003.
- Secure Routing in Sensor Networks:
Attacks and Countermeasures
- Chris Karlof and David Wagner.
To appear in Elsevier's
AdHoc Networks journal,
Special Issue on Sensor Network Applications and Protocols.
[Also: the conference version, as it appeared
at the First IEEE
International Workshop on Sensor Network Protocols and Applications,
May 11, 2003.]
- Comments on RMAC
- David Wagner.
Formal contribution to the NIST Advanced Encryption Standard
modes of operation standardization process, December 5, 2002.
- Markov truncated differential
cryptanalysis of Skipjack
- Ben Reichardt and David Wagner.
SAC 2002.
[pdf]
- MOPS: an Infrastructure for
Examining Security Properties of Software
- Hao Chen and David Wagner.
ACM CCS 2002.
[pdf]
- Mimicry Attacks on Host-Based Intrusion
Detection Systems
- David Wagner and Paolo Soto.
ACM CCS 2002.
[pdf]
[slides: ps,
ppt]
- Tweakable Block Ciphers
- Moses Liskov, Ronald L. Rivest, and David Wagner.
CRYPTO 2002.
[pdf]
- A Generalized Birthday Problem
- David Wagner.
Extended abstract published in
CRYPTO 2002.
[slides;
errata]
- Setuid Demystified
- Hao Chen, David Wagner, and Drew Dean.
11th USENIX
Security Symposium, 2002.
[pdf]
- Insecurity in ATM-based
passive optical networks
- Stephen Thomas and David Wagner.
IEEE International Conference
on Communications (ICC 2002),
Optical
Networking Symposium.
[pdf]
- Multiplicative Differentials
- Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner.
Fast
Software Encryption 2002.
- Integral Cryptanalysis (Extended abstract)
- Lars Knudsen and David Wagner.
Fast
Software Encryption 2002.
- A Cryptanalysis of the
High-Bandwidth Digital Content Protection System
- Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner.
Workshop on Security
and Privacy in Digital Rights Management 2001
(proceedings here).
- Homomorphic Signature Schemes
- Robert Johnson, David Molnar, Dawn Song, and David Wagner.
RSA
2002, Cryptographer's track.
[pdf]
- A Note on NSA's Dual Counter Mode of Encryption
- Pompiliu Donescu, Virgil D. Gligor, and David Wagner.
Preliminary version, September 28, 2001.
[pdf]
- Intercepting Mobile Communications:
The Insecurity of 802.11
- Nikita Borisov, Ian Goldberg, and David Wagner.
MOBICOM
2001. [ps]
- Detecting Format String Vulnerabilities
With Type Qualifiers
- Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner.
10th USENIX
Security Symposium, 2001.
[pdf]
- Timing Analysis of Keystrokes and
Timing Attacks on SSH
- Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
10th USENIX
Security Symposium, 2001.
[pdf]
[a review of our work]
- Intrusion Detection via Static Analysis
- David Wagner and Drew Dean.
2001
IEEE Symposium on Security and Privacy.
[pdf,
slides]
- Static analysis and computer security:
New techniques for software assurance
- David Wagner.
Ph.D. dissertation, Dec. 2000, University of California at Berkeley.
- Comments to NIST Concerning AES-modes of
Operations: CTR-mode Encryption
- Helger Lipmaa, Phillip Rogaway, and David Wagner.
Contribution to the
NIST Modes of Operation Workshop
(unpublished).
- On The Structure of Skipjack
- Lars Knudsen and David Wagner.
Discrete Applied Mathematics,
special issue on coding and cryptology,
volume 111, issue 1-2, 15 July 2001, pp.103--116, C. Carlet (ed.).
- Proofs of security for the
Unix password hashing algorithm
- David Wagner and Ian Goldberg.
ASIACRYPT
2000.
[slides]
- Cryptanalysis of the Yi-Lam hash
- David Wagner.
ASIACRYPT
2000.
[slides]
- Real Time Cryptanalysis of A5/1 on a PC
- Alex Biryukov, Adi Shamir, and David Wagner.
FSE 2000.
- Security Weaknesses in
Maurer-Like Randomized Stream Ciphers
- Niels Ferguson, Bruce Schneier, and David Wagner.
ACISP 2000.
- Practical Techniques for Searches
on Encrypted Data
- Dawn Xiaodong Song, David Wagner, and Adrian Perrig.
2000
IEEE Symposium on Security and Privacy (`Oakland').
- Advanced Slide Attacks
- Alex Biryukov and David Wagner.
EUROCRYPT 2000.
- Improved Cryptanalysis of Rijndael
- Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier,
Mike Stay, David Wagner, and Doug Whiting.
FSE 2000.
- A First Step Towards Automated Detection
of Buffer Overrun Vulnerabilities
- David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken.
NDSS 2000.
[pdf,
slides]
- Cryptanalysis of Microsoft's PPTP Authentication
Extensions (MS-CHAPv2)
- Bruce Schneier, Mudge, and David Wagner.
Secure Networking--CQRE [Secure] '99,
Springer-Verlag LNCS 1740.
[pdf]
- The Ninja Jukebox
- Ian Goldberg, Steven D. Gribble, David Wagner, and Eric A. Brewer.
USITS'99.
- Janus: an approach for confinement
of untrusted applications
- David A. Wagner. Master's thesis.
Also available as
tech. report UCB//CSD-99-1056,
UC Berkeley, Computer Science division.
- Truncated differentials and Skipjack
- Lars R. Knudsen, M.J.B. Robshaw, and David Wagner.
CRYPTO'99.
[slides]
- Equivalent keys for HPC
- David Wagner.
Rump session talk at AES'99.
- Slide attacks
- Alex Biryukov and David Wagner.
FSE'99.
- The boomerang attack
- David Wagner.
FSE'99.
[slides]
- Mod n Cryptanalysis,
with Applications Against RC5P and M6
- John Kelsey, Bruce Schneier, and David Wagner.
FSE'99.
[pdf]
- New Results on the Twofish Encryption
Algorithm
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner,
Chris Hall, and Niels Ferguson.
AES'99.
- Key Schedule Weaknesses in SAFER+
- John Kelsey, Bruce Schneier, and David Wagner.
AES'99.
- Performance Comparison of the AES Submissions
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner,
Chris Hall, and Niels Ferguson.
AES'99.
- Empirical Verification of Twofish Key
Uniqueness Properties
- Doug Whiting and David Wagner.
Counterpane technical report (Twofish #2).
- Cryptanalysis of ORYX.
- D. Wagner, L. Simpson, E. Dawson, John Kelsey, W. Millan,
and B. Schneier.
SAC'98.
[slides]
- On the Twofish Key Schedule
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner,
Chris Hall, and Niels Ferguson.
SAC'98.
- Cryptanalysis of FROG.
- David Wagner, Niels Ferguson, and Bruce Schneier.
Corrected version of a paper that appeared at AES'99.
[slides,
old version (submitted to AES'99),
very old version (handed out at AES'98)]
- Cryptanalysis of SPEED.
- Chris Hall, John Kelsey, Vincent Rijmen, Bruce Schneier, and
David Wagner.
SAC'98.
- Cryptanalysis of SPEED (extended abstract).
- Chris Hall, John Kelsey, Bruce Schneier, and David Wagner.
Financial Cryptography '98.
[pdf]
- Architectural
considerations for cryptanalytic hardware.
- Ian Goldberg and David Wagner.
Chapter 10 of
Cracking DES:
Secrets of Encryption Research, Wiretap Politics & Chip Design,
O'Reilly, July 1998.
(Initially submitted as a term paper for CS 252, May 1996.)
[html,
more
info]
- Twofish: a 128-bit block cipher.
- Bruce Schneier, John Kelsey, Doug Whiting, David Wagner,
Chris Hall, and Niels Ferguson.
Submission to the AES competition.
[pdf]
- Building PRFs from PRPs.
- Chris Hall, David Wagner, John Kelsey, and Bruce Schneier.
CRYPTO '98.
[published version,
full version]
- Side Channel Cryptanalysis
of Product Ciphers.
- John Kelsey, Bruce Schneier, David Wagner,
and Chris Hall.
Journal of Computer Security, vol 8, pp. 141--158, 2000.
(An earlier version was published
in ESORICS 1998.)
- Cryptanalysis of TWOPRIME.
- Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey.
Fast Software Encryption 1998.
[slides]
- Cryptanalytic Attacks on Pseudorandom
Number Generators.
- John Kelsey, Bruce Schneier, David Wagner, and Chris Hall.
Fast Software Encryption 1998.
- Differential Cryptanalysis of KHF.
- David Wagner.
Fast Software Encryption 1998.
[slides]
- Cryptanalysis of some recently-proposed
multiple modes of operation.
- David Wagner.
Fast Software Encryption 1998.
[slides]
- Secure Applications of Low-Entropy Keys.
- John Kelsey, Bruce Schneier, Chris Hall, and David Wagner.
1997 Information Security Workshop.
- Related-Key Cryptanalysis of 3-WAY,
Biham-DES, CAST, DES-X, NewDES, RC2, and TEA.
- John Kelsey, Bruce Schneier, and David Wagner.
1997
International Conference on Information and Communications
Security, Beijing.
- Protocol Interactions and the Chosen
Protocol Attack.
- John Kelsey, Bruce Schneier, and David Wagner.
1997
Security Protocols Workshop, Cambridge.
- Cryptanalysis of the Cellular Message
Encryption Algorithm.
- David Wagner, Bruce Schneier, and John Kelsey.
CRYPTO '97.
[html version,
slides]
- TAZ Servers and the Rewebber Network:
Enabling Anonymous Publishing on the World Wide Web.
- Ian Goldberg and David Wagner.
Published in the
First Monday
electronic journal,
vol 3 no 4.
[local copy]
- System
Security: A Management Perspective.
- David Oppenheimer, David Wagner, and Michele Crabb.
Booklet from the SAGE
Short
Topics in System Administration Series.
- Privacy-enhancing technologies
for the Internet.
- Ian Goldberg, David Wagner, and Eric A. Brewer.
IEEE COMPCON '97, February 1997.
[html version,
slides]
- Analysis of the SSL 3.0 protocol (revised version).
- David Wagner and Bruce Schneier.
2nd USENIX
Workshop on Electronic Commerce, November 1996.
[slides,
a summary of the talk]
- A secure environment
for untrusted helper applications: confining the wily hacker.
- Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer.
1996 USENIX
Security Symposium.
[source availability]
[other formats: DVI]
- Key-schedule cryptanalysis
of IDEA, G-DES, GOST, SAFER, and triple-DES.
- John Kelsey, Bruce Schneier, and David Wagner.
CRYPTO '96.
- Time-lock
puzzles and timed-release Crypto.
- Ronald Rivest, Adi Shamir, and David Wagner.
Unpublished manuscript, February 1996.
- Randomness and the Netscape Browser.
and the Netscape Browser.
- Ian Goldberg and David Wagner.
Dr. Dobb's Journal, January 1996,
pp. 66--70.
[resources,
DDJ's copy,
copy at ACM digital library]
- A ``bump in the stack''
encryptor for MS-DOS systems.
- David Wagner and Steven M. Bellovin.
Proceedings
of the
1996 ISOC
Symposium on Network & Distributed System Security.
[slides]
- The security of MacGuffin.
- June 1995. Accepted by
Cryptologia.
[more info]
- The security of MacGuffin.
- Princeton University senior thesis, April 1995.
[more info]
- A programmable plaintext recognizer.
- David Wagner and Steven M. Bellovin.
Unpublished manuscript, September 1994.
Links to coauthors:
- Alexander Aiken
-
http://www.cs.berkeley.edu/~aiken/
- Steven M. Bellovin
-
http://www.research.att.com/~smb/
- Alex Biryukov
-
http://www.cs.technion.ac.il/~albi/
- Nikita Borisov
-
http://www.cs.berkeley.edu/~nikitab/
- Eric A. Brewer
-
http://www.cs.berkeley.edu/~brewer/
- Monica Chew
-
http://www.cs.berkeley.edu/~mmc/
- Drew Dean
-
http://www.csl.sri.com/people/ddean/
- Niels Ferguson
-
http://www.xs4all.nl/~vorpal/
- Jeffrey S. Foster
-
http://www.cs.berkeley.edu/~jfoster/
- Ian Goldberg
-
http://www.cs.berkeley.edu/~iang/
- Virgil D. Gligor
-
http://www.ece.umd.edu/~gligor/
- Steven D. Gribble
-
http://www.cs.berkeley.edu/~gribble/
- Rob Johnson
-
http://www.cs.berkeley.edu/~rtjohnso/
- Lars Knudsen
-
http://www.ii.uib.no/~larsr/
- Helger Lipmaa
-
www.tcs.hut.fi/~helger/
- Moses Liskov
-
http://theory.lcs.mit.edu/~mliskov/
- Stefan Lucks
-
http://th.informatik.uni-mannheim.de/m/lucks/
- David Oppenheimer
-
http://www.cs.berkeley.edu/~davidopp/
- Adrian Perrig
-
http://paris.cs.berkeley.edu/~perrig/
- Vincent Rijmen
-
http://www.esat.kuleuven.ac.be/~rijmen/
- Ronald Rivest
-
http://theory.lcs.mit.edu/~rivest/
- Phillip Rogaway
-
http://www.cs.ucdavis.edu/~rogaway/
- Bruce Schneier
-
http://www.counterpane.com/schneier.html
- Dawn Xiaodong Song
-
http://paris.cs.berkeley.edu/~dawnsong/
- Kunal Talwar
-
http://www.cs.berkeley.edu/~kunal/
- Randi Thomas
-
http://www.cs.berkeley.edu/~randit/
- Stephen Thomas
-
http://www.wave7optics.com/biographies.html