Here you may find some of my publications, papers, unpublished manuscripts, and other writings. Comments welcomed.

Also available are some of my talks, as well as my posts on cryptography and related issues.

Papers

Secure Verification of Location Claims
Naveen Sastry, Umesh Shankar, and David Wagner. ACM Workshop on Wireless Security (WiSe 2003), September 19, 2003. [pdf]
Cryptanalysis of an Algebraic Privacy Homomorphism (revised version)
David Wagner. ISC 2003, October 1-3, 2003.
Warning: The proceedings version has a bug. See this erratum.
[slides: pdf, ps]
Hidden Markov Model Cryptanalysis
Chris Karlof and David Wagner. CHES 2003. Full version available as tech report UCB//CSD-03-124.
Private Circuits: Securing Hardware against Probing Attacks
Yuval Ishai, Amit Sahai, and David Wagner. CRYPTO 2003. [pdf]
Security flaws in 802.11 data link protocols
Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. Communications of the ACM, 46(5), May 2003, Special Issue on Wireless networking security, pp.35-39. [ACM's archive]
A Critique of CCM
P. Rogaway and D. Wagner. Unpublished manuscript. February 2, 2003.
A Conventional Authenticated-Encryption Mode
M. Bellare, P. Rogaway, and D. Wagner. Unpublished manuscript. April 14, 2003.
Secure Routing in Sensor Networks: Attacks and Countermeasures
Chris Karlof and David Wagner. To appear in Elsevier's AdHoc Networks journal, Special Issue on Sensor Network Applications and Protocols. [Also: the conference version, as it appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003.]
Comments on RMAC
David Wagner. Formal contribution to the NIST Advanced Encryption Standard modes of operation standardization process, December 5, 2002.
Markov truncated differential cryptanalysis of Skipjack
Ben Reichardt and David Wagner. SAC 2002. [pdf]
MOPS: an Infrastructure for Examining Security Properties of Software
Hao Chen and David Wagner. ACM CCS 2002. [pdf]
Mimicry Attacks on Host-Based Intrusion Detection Systems
David Wagner and Paolo Soto. ACM CCS 2002. [pdf] [slides: ps, ppt]
Tweakable Block Ciphers
Moses Liskov, Ronald L. Rivest, and David Wagner. CRYPTO 2002. [pdf]
A Generalized Birthday Problem
David Wagner. Extended abstract published in CRYPTO 2002. [slides; errata]
Setuid Demystified
Hao Chen, David Wagner, and Drew Dean. 11th USENIX Security Symposium, 2002. [pdf]
Insecurity in ATM-based passive optical networks
Stephen Thomas and David Wagner. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium. [pdf]
Multiplicative Differentials
Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner. Fast Software Encryption 2002.
Integral Cryptanalysis (Extended abstract)
Lars Knudsen and David Wagner. Fast Software Encryption 2002.
A Cryptanalysis of the High-Bandwidth Digital Content Protection System
Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner. Workshop on Security and Privacy in Digital Rights Management 2001 (proceedings here).
Homomorphic Signature Schemes
Robert Johnson, David Molnar, Dawn Song, and David Wagner. RSA 2002, Cryptographer's track. [pdf]
A Note on NSA's Dual Counter Mode of Encryption
Pompiliu Donescu, Virgil D. Gligor, and David Wagner. Preliminary version, September 28, 2001. [pdf]
Intercepting Mobile Communications: The Insecurity of 802.11
Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001. [ps]
Detecting Format String Vulnerabilities With Type Qualifiers
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. 10th USENIX Security Symposium, 2001. [pdf]
Timing Analysis of Keystrokes and Timing Attacks on SSH
Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001. [pdf] [a review of our work]
Intrusion Detection via Static Analysis
David Wagner and Drew Dean. 2001 IEEE Symposium on Security and Privacy. [pdf, slides]
Static analysis and computer security: New techniques for software assurance
David Wagner. Ph.D. dissertation, Dec. 2000, University of California at Berkeley.
Comments to NIST Concerning AES-modes of Operations: CTR-mode Encryption
Helger Lipmaa, Phillip Rogaway, and David Wagner. Contribution to the NIST Modes of Operation Workshop (unpublished).
On The Structure of Skipjack
Lars Knudsen and David Wagner. Discrete Applied Mathematics, special issue on coding and cryptology, volume 111, issue 1-2, 15 July 2001, pp.103--116, C. Carlet (ed.).
Proofs of security for the Unix password hashing algorithm
David Wagner and Ian Goldberg. ASIACRYPT 2000. [slides]
Cryptanalysis of the Yi-Lam hash
David Wagner. ASIACRYPT 2000. [slides]
Real Time Cryptanalysis of A5/1 on a PC
Alex Biryukov, Adi Shamir, and David Wagner. FSE 2000.
Security Weaknesses in Maurer-Like Randomized Stream Ciphers
Niels Ferguson, Bruce Schneier, and David Wagner. ACISP 2000.
Practical Techniques for Searches on Encrypted Data
Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000 IEEE Symposium on Security and Privacy (`Oakland').
Advanced Slide Attacks
Alex Biryukov and David Wagner. EUROCRYPT 2000.
Improved Cryptanalysis of Rijndael
Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. FSE 2000.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. NDSS 2000. [pdf, slides]
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Bruce Schneier, Mudge, and David Wagner. Secure Networking--CQRE [Secure] '99, Springer-Verlag LNCS 1740. [pdf]
The Ninja Jukebox
Ian Goldberg, Steven D. Gribble, David Wagner, and Eric A. Brewer. USITS'99.
Janus: an approach for confinement of untrusted applications
David A. Wagner. Master's thesis. Also available as tech. report UCB//CSD-99-1056, UC Berkeley, Computer Science division.
Truncated differentials and Skipjack
Lars R. Knudsen, M.J.B. Robshaw, and David Wagner. CRYPTO'99. [slides]
Equivalent keys for HPC
David Wagner. Rump session talk at AES'99.
Slide attacks
Alex Biryukov and David Wagner. FSE'99.
The boomerang attack
David Wagner. FSE'99. [slides]
Mod n Cryptanalysis, with Applications Against RC5P and M6
John Kelsey, Bruce Schneier, and David Wagner. FSE'99. [pdf]
New Results on the Twofish Encryption Algorithm
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Key Schedule Weaknesses in SAFER+
John Kelsey, Bruce Schneier, and David Wagner. AES'99.
Performance Comparison of the AES Submissions
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Empirical Verification of Twofish Key Uniqueness Properties
Doug Whiting and David Wagner. Counterpane technical report (Twofish #2).
Cryptanalysis of ORYX.
D. Wagner, L. Simpson, E. Dawson, John Kelsey, W. Millan, and B. Schneier. SAC'98. [slides]
On the Twofish Key Schedule
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. SAC'98.
Cryptanalysis of FROG.
David Wagner, Niels Ferguson, and Bruce Schneier. Corrected version of a paper that appeared at AES'99. [slides, old version (submitted to AES'99), very old version (handed out at AES'98)]
Cryptanalysis of SPEED.
Chris Hall, John Kelsey, Vincent Rijmen, Bruce Schneier, and David Wagner. SAC'98.
Cryptanalysis of SPEED (extended abstract).
Chris Hall, John Kelsey, Bruce Schneier, and David Wagner. Financial Cryptography '98. [pdf]
Architectural considerations for cryptanalytic hardware.
Ian Goldberg and David Wagner. Chapter 10 of Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, O'Reilly, July 1998. (Initially submitted as a term paper for CS 252, May 1996.) [html, more info]
Twofish: a 128-bit block cipher.
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Submission to the AES competition. [pdf]
Building PRFs from PRPs.
Chris Hall, David Wagner, John Kelsey, and Bruce Schneier. CRYPTO '98. [published version, full version]
Side Channel Cryptanalysis of Product Ciphers.
John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Journal of Computer Security, vol 8, pp. 141--158, 2000. (An earlier version was published in ESORICS 1998.)
Cryptanalysis of TWOPRIME.
Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey. Fast Software Encryption 1998. [slides]
Cryptanalytic Attacks on Pseudorandom Number Generators.
John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Fast Software Encryption 1998.
Differential Cryptanalysis of KHF.
David Wagner. Fast Software Encryption 1998. [slides]
Cryptanalysis of some recently-proposed multiple modes of operation.
David Wagner. Fast Software Encryption 1998. [slides]
Secure Applications of Low-Entropy Keys.
John Kelsey, Bruce Schneier, Chris Hall, and David Wagner. 1997 Information Security Workshop.
Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA.
John Kelsey, Bruce Schneier, and David Wagner. 1997 International Conference on Information and Communications Security, Beijing.
Protocol Interactions and the Chosen Protocol Attack.
John Kelsey, Bruce Schneier, and David Wagner. 1997 Security Protocols Workshop, Cambridge.
Cryptanalysis of the Cellular Message Encryption Algorithm.
David Wagner, Bruce Schneier, and John Kelsey. CRYPTO '97. [html version, slides]
TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web.
Ian Goldberg and David Wagner. Published in the First Monday electronic journal, vol 3 no 4. [local copy]
System Security: A Management Perspective.
David Oppenheimer, David Wagner, and Michele Crabb. Booklet from the SAGE Short Topics in System Administration Series.
Privacy-enhancing technologies for the Internet.
Ian Goldberg, David Wagner, and Eric A. Brewer. IEEE COMPCON '97, February 1997. [html version, slides]
Analysis of the SSL 3.0 protocol (revised version).
David Wagner and Bruce Schneier. 2nd USENIX Workshop on Electronic Commerce, November 1996. [slides, a summary of the talk]
A secure environment for untrusted helper applications: confining the wily hacker.
Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996 USENIX Security Symposium. [source availability] [other formats: DVI]
Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES.
John Kelsey, Bruce Schneier, and David Wagner. CRYPTO '96.
Time-lock puzzles and timed-release Crypto.
Ronald Rivest, Adi Shamir, and David Wagner. Unpublished manuscript, February 1996.
Randomness and the Netscape Browser. and the Netscape Browser.
Ian Goldberg and David Wagner. Dr. Dobb's Journal, January 1996, pp. 66--70. [resources, DDJ's copy, copy at ACM digital library]
A ``bump in the stack'' encryptor for MS-DOS systems.
David Wagner and Steven M. Bellovin. Proceedings of the 1996 ISOC Symposium on Network & Distributed System Security. [slides]
The security of MacGuffin.
June 1995. Accepted by Cryptologia. [more info]
The security of MacGuffin.
Princeton University senior thesis, April 1995. [more info]
A programmable plaintext recognizer.
David Wagner and Steven M. Bellovin. Unpublished manuscript, September 1994.

Links to coauthors:
Alexander Aiken
http://www.cs.berkeley.edu/~aiken/
Steven M. Bellovin
http://www.research.att.com/~smb/
Alex Biryukov
http://www.cs.technion.ac.il/~albi/
Nikita Borisov
http://www.cs.berkeley.edu/~nikitab/
Eric A. Brewer
http://www.cs.berkeley.edu/~brewer/
Monica Chew
http://www.cs.berkeley.edu/~mmc/
Drew Dean
http://www.csl.sri.com/people/ddean/
Niels Ferguson
http://www.xs4all.nl/~vorpal/
Jeffrey S. Foster
http://www.cs.berkeley.edu/~jfoster/
Ian Goldberg
http://www.cs.berkeley.edu/~iang/
Virgil D. Gligor
http://www.ece.umd.edu/~gligor/
Steven D. Gribble
http://www.cs.berkeley.edu/~gribble/
Rob Johnson
http://www.cs.berkeley.edu/~rtjohnso/
Lars Knudsen
http://www.ii.uib.no/~larsr/
Helger Lipmaa
www.tcs.hut.fi/~helger/
Moses Liskov
http://theory.lcs.mit.edu/~mliskov/
Stefan Lucks
http://th.informatik.uni-mannheim.de/m/lucks/
David Oppenheimer
http://www.cs.berkeley.edu/~davidopp/
Adrian Perrig
http://paris.cs.berkeley.edu/~perrig/
Vincent Rijmen
http://www.esat.kuleuven.ac.be/~rijmen/
Ronald Rivest
http://theory.lcs.mit.edu/~rivest/
Phillip Rogaway
http://www.cs.ucdavis.edu/~rogaway/
Bruce Schneier
http://www.counterpane.com/schneier.html
Dawn Xiaodong Song
http://paris.cs.berkeley.edu/~dawnsong/
Kunal Talwar
http://www.cs.berkeley.edu/~kunal/
Randi Thomas
http://www.cs.berkeley.edu/~randit/
Stephen Thomas
http://www.wave7optics.com/biographies.html