| Publication | Date of Publication | Type |
|---|
| Too many hints -- when LLL breaks LWE | 2024-09-13 | Paper |
| How to enumerate LWE keys as narrow as in \textsc{Kyber}/\textsc{Dilithium} | 2024-06-05 | Paper |
| New NTRU Records with Improved Lattice Bases | 2024-04-26 | Paper |
| Low memory attacks on small key CSIDH | 2023-11-10 | Paper |
| Decoding McEliece with a hint -- secret Goppa key parts reveal everything | 2023-07-25 | Paper |
| Breaking Goppa-based McEliece with hints | 2023-07-17 | Paper |
| How to backdoor (classic) McEliece and how to guard against backdoors | 2023-07-07 | Paper |
| Partial key exposure attacks on BIKE, Rainbow and NTRU | 2023-06-30 | Paper |
| Partial key exposure attack on short secret exponent CRT-RSA | 2023-05-12 | Paper |
| Subset Sum Quantumly in 1.17 n . | 2023-04-26 | Paper |
| The Power of Few Qubits and Collisions – Subset Sum Below Grover’s Bound | 2022-10-13 | Paper |
| Approximate divisor multiples -- factoring with only a third of the secret CRT-exponents | 2022-08-30 | Paper |
| McEliece needs a break -- solving McEliece-1284 and quasi-cyclic-2918 with modern ISD | 2022-08-30 | Paper |
| How to find ternary LWE keys using locality sensitive hashing | 2022-06-29 | Paper |
| Towards quantum large-scale password guessing on real-world distributions | 2022-06-29 | Paper |
| How to meet ternary LWE keys | 2022-04-22 | Paper |
| Quantum key search for ternary LWE | 2022-03-22 | Paper |
| Lattice-based integer factorisation: an introduction to Coppersmith's method | 2022-02-25 | Paper |
| Noisy Simon period finding | 2021-12-20 | Paper |
| Low weight discrete logarithm and subset sum in \(2^{0.65n}\) with polynomial memory | 2021-12-01 | Paper |
| Can we beat the square root bound for ECDLP over \(\mathbb{F}_p^2\) via representation? | 2021-05-03 | Paper |
| Improved low-memory subset sum and LPN algorithms via multiple collisions | 2020-05-06 | Paper |
| Dissection-BKW | 2018-09-26 | Paper |
| Decoding linear codes with high error rate and its impact for LPN security | 2018-06-22 | Paper |
| Grover meets Simon -- quantumly attacking the FX-construction | 2018-03-08 | Paper |
| On the asymptotic complexity of solving LWE | 2018-01-26 | Paper |
| LPN decoded | 2017-11-15 | Paper |
| LP solutions of vectorial integer subset sums -- cryptanalysis of Galbraith's binary matrix LWE | 2017-06-13 | Paper |
| Parallel implementation of \textsf{BDD} enumeration for \textsf{LWE} | 2016-10-04 | Paper |
| A Generic Algorithm for Small Weight Discrete Logarithms in Composite Groups | 2016-04-13 | Paper |
| On computing nearest neighbors with applications to decoding of binary linear codes | 2015-09-30 | Paper |
| Certifying RSA | 2013-03-19 | Paper |
| Decoding Random Binary Linear Codes in 2 n/20: How 1 + 1 = 0 Improves Information Set Decoding | 2012-06-29 | Paper |
| On CCA-Secure Somewhat Homomorphic Encryption | 2012-06-08 | Paper |
| Decoding random linear codes in \(\tilde{\mathcal{O}}(2^{0.054n})\) | 2011-12-02 | Paper |
| Correcting errors in RSA private keys | 2010-08-24 | Paper |
| Maximizing small root bounds by linearization and applications to small secret exponent RSA | 2010-05-28 | Paper |
| Using LLL-reduction for solving RSA and factorization problems | 2010-03-05 | Paper |
| Attacking power generators using unravelled linearization: when do we output too much? | 2009-12-15 | Paper |
| Public Key Cryptography – PKC 2004 | 2009-05-14 | Paper |
| Public Key Cryptography – PKC 2004 | 2009-05-14 | Paper |
| Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint | 2009-03-24 | Paper |
| A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 | 2009-03-10 | Paper |
| Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits | 2009-02-10 | Paper |
| Partial Key Exposure Attacks on RSA up to Full Size Exponents | 2008-05-06 | Paper |
| A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers | 2008-05-06 | Paper |
| A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants | 2008-04-24 | Paper |
| Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? | 2008-03-05 | Paper |
| Advances in Cryptology - CRYPTO 2003 | 2007-11-28 | Paper |
| Deterministic polynomial-time equivalence of computing the RSA secret key and factoring | 2007-05-24 | Paper |
| Public Key Cryptography - PKC 2006 | 2007-05-02 | Paper |
| Advances in Cryptology – CRYPTO 2004 | 2005-08-23 | Paper |
| https://portal.mardi4nfdi.de/entity/Q4736445 | 2004-08-09 | Paper |
| https://portal.mardi4nfdi.de/entity/Q4409122 | 2003-06-30 | Paper |
| https://portal.mardi4nfdi.de/entity/Q4787203 | 2003-01-09 | Paper |
| https://portal.mardi4nfdi.de/entity/Q4787195 | 2003-01-09 | Paper |
