David Wagner's technical work

Here you may find some of my publications, papers, unpublished manuscripts, and other writings. Comments welcomed.

Also available are some of my talks, as well as my posts on cryptography and related issues.

Papers

A Survey of Mobile Malware in the Wild: Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner. ACM Workshop on Security and Privacy in Mobile Devices (SPSM) 2011, October 17, 2011. [malware data set]
Android Permissions Demystified: Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. ACM CCS 2011. [data and tools are available at android-permissions.org]
Computing the Margin of Victory in IRV Elections: Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner. EVT/WOTE 2011, August 8, 2011.
An Analysis of Write-in Marks on Optical Scan Ballots: Theron Ji, Eric Kim, Raji Srikantan, Alan Tsai, Arel Cordero, and David Wagner. EVT/WOTE 2011, August 8, 2011.
Tweakable Block Ciphers: Moses Liskov, Ronald L. Rivest, and David Wagner. Journal of Cryptology, volume 24, number 3, July 2011.
Analyzing Inter-Application Communication in Android: Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. MobiSys 2011, June 30, 2011. [tool available at comdroid.org]
The Effectiveness of Application Permissions: Adrienne Porter Felt, Kate Greenwood, and David Wagner. WebApps 2011, June 15, 2011.
Exploring the Relationship Between Web Application Development Tools and Security: Matthew Finifter and David Wagner. WebApps 2011, June 15, 2011.
Phishing on Mobile Devices: Adrienne Porter Felt and David Wagner. W2SP 2011, May 26, 2011.
Defeating UCI: Building Stealthy and Malicious Hardware: Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King. IEEE Security & Privacy 2011.
Diesel: Applying Privilege Separation to Database Access: Adrienne Porter Felt, Matthew Finifter, Joel Weinberger, David Wagner. ASIACCS 2011, March 23, 2011. [the full version]
Efficient User-Guided Ballot Image Verification: Arel Cordero, Theron Ji, Alan Tsai, Keaton Mowery, and David Wagner. EVT/WOTE 2010, August 9, 2010.
Voting Systems Audit Log Study: David Wagner. Report commissioned by the California Secretary of State. June 1, 2010.
Class Properties for Security Review in an Object-Capability Subset of Java (Short Paper): Adrian Mettler and David Wagner. PLAS 2010, June 10, 2010.
Fine-Grained Privilege Separation for Web Applications: Akshay Krishnamurthy, Adrian Mettler, and David Wagner. WWW 2010, April 26-30, 2010.
Joe-E: A Security-Oriented Subset of Java: Adrian Mettler, David Wagner, and Tyler Close. ISOC NDSS 2010, March 3, 2010.
Efficient Character-level Taint Tracking for Java: Erika Chin and David Wagner. 2009 ACM Workshop on Secure Web Services, November 13, 2009.
On Voting Machine Design for Verification and Testability: Cynthia Sturton, Susmit Jha, Sanjit A. Seshia, and David Wagner. ACM CCS 2009.
Weight, Weight, Don't Tell Me: Using Scales to Select Ballots for Auditing: Cynthia Sturton, Eric Rescorla, and David Wagner. EVT/WOTE '09.
Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs: David Molnar, Xue Cong Li, and David A. Wagner. Usenix Security 2009.
Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication: Chris Karlof, J.D. Tygar, and David Wagner. 16th Annual Network and Distributed Systems Security Symposium (NDSS 2009), February 11, 2009.
Portably solving file races with hardness amplification: Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. ACM Transactions on Storage, volume 4, issue 3, November 2008.
Software Review and Security Analysis of Scytl Remote Voting Software: Michael Clarkson, Brian Hay, Meador Inge, abhi shelat, David Wagner, Alec Yasinsac. Report commissioned by the Florida Division of Elections. September 19, 2008.
Verifiable Functional Purity in Java: Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner. 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.
The Murky Issue of Changing Process Identity: Revising "Setuid Demystified": Dan Tsafrir, Dilma Da Silva, and David Wagner. ;login:, June 2008, Volume 33, Number 3, pp.55-66.
You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems: J. Alex Halderman, Eric Rescorla, Hovav Shacham, and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
Replayable Voting Machine Audit Logs: Arel Cordero and David Wagner. USENIX/ACCURATE Electronic Voting Workshop (EVT 2008), July 28, 2008.
A User Study Design for Comparing the Security of Registration Protocols: Chris Karlof, J.D. Tygar, and David Wagner. Proceedings of the First USENIX Workshop on Usability, Psychology, and Security (UPSEC 2008), April 15, 2008.
Portably Solving File TOCTTOU Races with Hardness Amplification: Dan Tsafrir, Tomer Hertz, David Wagner, and Dilma Da Silva. USENIX Conference on File and Storage Technologies (FAST 2008), February 28, 2008.
Algebraic and Slide Attacks on KeeLoq: Nicolas T. Courtois, Gregory V. Bard, and David Wagner. Fast Software Encryption (FSE 2008), February 11, 2008.
Risks of e-voting: Matt Bishop and David Wagner. Communications of the ACM, Inside Risks column, volume 50, issue 11, p.120, November 2007.
Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers: Chris Karlof, J.D. Tygar, David Wagner, and Umesh Shankar. ACM CCS 2007. November 2007. [ps]
Source Code Review of the Diebold Voting System: Joseph A. Calandrino, Ariel J. Feldman, J. Alex Halderman, David Wagner, Harlan Yu, William P. Zeller. Report commissioned as part of the California Secretary of State's Top-To-Bottom Review of California voting systems. July 20, 2007.
Large-Scale Analysis of Format String Vulnerabilities in Debian Linux: Karl Chen and David Wagner. ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), June 14, 2007. [ps]
Software Review and Security Analysis of the ES&S iVotronic 8.0.1.2 Voting Machine Firmware: Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. February 23, 2007. Report commissioned by the Florida State Division of Elections.
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract): Philippe Golle and David Wagner. IEEE Security & Privacy 2007, May 21, 2007. (Earlier version: IACR ePrint Archive, Report 2006/258, July 31, 2006.)
From Weak to Strong Watermarking: Nicholas Hopper, David Molnar, and David Wagner. TCC 2007, February 23, 2007. (Full version: IACR ePrint Archive, Report 2006/430, November 18, 2006.)
Prerendered User Interfaces for Higher-Assurance Electronic Voting: Ka-Ping Yee, David Wagner, Marti Hearst, and Steven M. Bellovin. USENIX/ACCURATE Electronic Voting Technology Workshop, August 1, 2006. [html]
The Role of Dice in Election Audits -- Extended Abstract: Arel Cordero, David Wagner, and David Dill. IAVoSS Workshop On Trustworthy Elections (WOTE 2006), June 29, 2006.
Security considerations for incremental hash functions based on pair block chaining: Raphael C.-W. Phan and David Wagner. Computers & Security, 25(2):131-136, 2006.
Designing voting machines for verification: Naveen Sastry, Tadayoshi Kohno, and David Wagner. Usenix Security 2006, August 4, 2006. [ps]
Private Circuits II: Keeping Secrets in Tamperable Circuits: Yuval Ishai, Manoj Prabhakaran, Amit Sahai, and David Wagner. Eurocrypt 2006, May 31, 2006.
Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage -or- How to Store Ballots on a Voting Machine (Extended Abstract): David Molnar, Tadayoshi Kohno, Naveen Sastry, and David Wagner. 2006 IEEE Symposium on Security and Privacy, May 24, 2006. [ps] [full version]
Generic On-line/Off-line Threshold Signatures: Chris Crutchfield, David Molnar, David Turner, and David Wagner. Public Key Cryptography (PKC) 2006, April 24, 2006. [ps]
Preventing Secret Leakage from fork(): Securing Privilege-Separated Applications: Umesh Shankar and David Wagner. Proceedings of the 2006 IEEE International Conference on Communications (Network Security and Information Assurance Symposium at ICC 2006), June 2006. [ps]
Statewide Databases of Registered Voters: Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues: Paula Hawthorn, Barbara Simons, Chris Clifton, David Wagner, Steven M. Bellovin, Rebecca N. Wright, Arnon Rosenthal, Ralph Spencer Poore, Lillie Coney, Robert Gellman, Harry Hochheiser. Study commissioned by the U.S. Public Policy Committee of the Association for Computing Machinery, February 16, 2006. [overview; ACM's copy]
Security Analysis of the Diebold AccuBasic Interpreter: David Wagner, David Jefferson, Matt Bishop, Chris Karlof, Naveen Sastry. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), February 14, 2006. [CA SOS copy]
Analysis of Volume Testing of the AccuVote TSx/AccuView: Matt Bishop, Loretta Guarino, David Jefferson, David Wagner. Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB), October 11, 2005. [CA SOS copy]
The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks: David Molnar, Matt Piotrowski, David Schultz, and David Wagner. ICISC 2005, December 1, 2005. [proceedings version (abridged): pdf, ps]
Model Checking An Entire Linux Distribution for Security Violations: Benjamin Schwarz, Hao Chen, David Wagner, Geoff Morrison, Jacob West, Jeremy Lin, and Wei Tu. ACSAC 2005, December 6, 2005. [ps] [proceedings version (abridged): pdf, ps]
Fault Attacks on Dual-Rail Encoded Systems: Jason Waddle and David Wagner. ACSAC 2005, December 8, 2005. [ps]
A class of polynomially solvable range constraints for interval analysis without widenings: Zhendong Su and David Wagner. Theoretical Computer Science, November 21, 2005, pp.122-138. [TCS web page]
Privacy For RFID Through Trusted Computing (Short Paper): David Molnar, Andrea Soppera, and David Wagner. WPES 2005, November 7, 2005. [ps]
A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags: David Molnar, Andrea Soppera, and David Wagner. SAC 2005, August 11-12, 2005. [ps]
Killing, Recoding, and Beyond: David Molnar, Ross Stapleton-Gray, and David Wagner. Chapter 23 of RFID Applications, Security and Privacy, Addison Wesley Professional, July 6, 2005. [ps]
Security and Privacy Issues in E-passports: Ari Juels, David Molnar, and David Wagner. Proceedings of SECURECOMM 2005, September 6, 2005. [ps]
Fixing Races for Fun and Profit: How to abuse atime: Nikita Borisov, Rob Johnson, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 5, 2005. [ps]
Cryptographic Voting Protocols: A Systems Perspective: Chris Karlof, Naveen Sastry, and David Wagner. Proceedings of the Fourteenth USENIX Security Symposium (USENIX Security 2005), August 3, 2005. [ps]
The Promise of Cryptographic Voting Protocols: Chris Karlof, Naveen Sastry, and David Wagner. June 2005. [ps]
An Analysis of PMF Based Tests for Detection of Least Significant Bit Image Steganography: Stark Draper, Prakash Ishwar, David Molnar, Vinod Prabhakaran, Kannan Ramchandran, Daniel Schonberg, and David Wagner. Information Hiding Workshop 2005, June 8, 2005. [ps]
Towards a Privacy Measurement Criterion for Voting Systems: Lillie Coney, Joseph L. Hall, Poorvi L. Vora, David Wagner. Poster Paper, National Conference on Digital Government Research, May 2005.
Radio Frequency Id and Privacy with Information Goods: Nathan Good, David Molnar, Jennifer M. Urban, Deirdre Mulligan, Elizabeth Miles, Laura Quilter, and David Wagner. 2004 ACM Workshop on Privacy in the Electronic Society (WPES 2004), October 28, 2004.
Analyzing Internet Voting Security: David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Communications of the ACM, 47(10), October 2004, Special issue: The problems and potentials of voting systems, pp.59-64. [ACM's archive]
Resilient Aggregation in Sensor Networks: David Wagner. 2004 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04), October 25, 2004. [ps]
Cryptanalysis of a Provably Secure CRT-RSA Algorithm: David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Security Considerations for IEEE 802.15.4 Networks: Naveen Sastry and David Wagner. ACM WiSe 2004, October 1, 2004. [ps]
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks: Chris Karlof, Naveen Sastry, and David Wagner. ACM SenSys 2004, November 3-5, 2004. [ps]
Privacy and Security in Library RFID: Issues, Practices, and Architectures: David Molnar and David Wagner. ACM CCS 2004, October 26-28, 2004. [ps]
Towards Efficient Second-Order Power Analysis: Jason Waddle and David Wagner. CHES 2004, August 11, 2004.
Finding User/Kernel Pointer Bugs With Type Inference: Rob Johnson and David Wagner. 13th USENIX Security Symposium, August 12, 2004. [proceedings version (abridged)]
Security in wireless sensor networks: Adrian Perrig, John Stankovic, and David Wagner. Communications of the ACM, 47(6), June 2004, Special Issue on Wireless sensor networks, pp.53-57. [ACM's archive]
Model Checking One Million Lines of C Code: Hao Chen, Drew Dean, and David Wagner. Network and Distributed System Security (NDSS 2004), February 2004.
A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE): David Jefferson, Aviel D. Rubin, Barbara Simons, and David Wagner. Report to the Department of Defense (DoD) Federal Voting Assistance Program (FVAP), January 20, 2004. [more info]
Towards a unifying view of block cipher cryptanalysis: David Wagner. Fast Software Encryption 2004, invited paper, February 7, 2004. [slides, powerpoint]
The EAX Mode of Operation: A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and Efficiency: Mihir Bellare, Phillip Rogaway, and David Wagner. Fast Software Encryption 2004. [slides, powerpoint]
A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings: Zhendong Su and David Wagner. TACAS 2004. [ps, slides]
On Compressing Encrypted Data Without the Encryption Key: Mark Johnson, David Wagner, and Kannan Ramchandran. Theory of Cryptography Conference (TCC 2004).
Secure Verification of Location Claims: Naveen Sastry, Umesh Shankar, and David Wagner. CryptoBytes volume 6, no 1, Spring 2004, RSA Labs. Shortened version of our WiSe conference paper (below). [ps]
Secure Verification of Location Claims: Naveen Sastry, Umesh Shankar, and David Wagner. ACM Workshop on Wireless Security (WiSe 2003), September 19, 2003. [pdf]
Cryptanalysis of an Algebraic Privacy Homomorphism (revised version): David Wagner. ISC 2003, October 1-3, 2003.
Warning: The proceedings version has a bug. See this erratum.
[slides: pdf, ps]
Hidden Markov Model Cryptanalysis: Chris Karlof and David Wagner. CHES 2003. Full version available as tech report UCB//CSD-03-124.
Private Circuits: Securing Hardware against Probing Attacks: Yuval Ishai, Amit Sahai, and David Wagner. CRYPTO 2003. [ps]
Security flaws in 802.11 data link protocols: Nancy Cam-Winget, Russ Housley, David Wagner, and Jesse Walker. Communications of the ACM, 46(5), May 2003, Special Issue on Wireless networking security, pp.35-39. [ACM's archive]
A Critique of CCM: P. Rogaway and D. Wagner. IACR ePrint Archive, Report 2003/070, April 13, 2003.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures: Chris Karlof and David Wagner. Ad Hoc Networks, vol 1, issues 2--3 (Special Issue on Sensor Network Applications and Protocols), pp. 293-315, Elsevier, September 2003. [Also: the conference version, as it appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003.]
Comments on RMAC: David Wagner. Formal contribution to the NIST Advanced Encryption Standard modes of operation standardization process, December 5, 2002.
Markov truncated differential cryptanalysis of Skipjack: Ben Reichardt and David Wagner. SAC 2002. [ps]
MOPS: an Infrastructure for Examining Security Properties of Software: Hao Chen and David Wagner. ACM CCS 2002. [ps]
Mimicry Attacks on Host-Based Intrusion Detection Systems: David Wagner and Paolo Soto. ACM CCS 2002. [ps] [slides: ps, ppt]
Tweakable Block Ciphers: Moses Liskov, Ronald L. Rivest, and David Wagner. CRYPTO 2002. [ps]
A Generalized Birthday Problem: David Wagner. Extended abstract published in CRYPTO 2002. [slides; errata]
Setuid Demystified: Hao Chen, David Wagner, and Drew Dean. 11th USENIX Security Symposium, 2002. [ps]
Insecurity in ATM-based passive optical networks: Stephen Thomas and David Wagner. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium. [ps]
Multiplicative Differentials: Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner. Fast Software Encryption 2002.
Integral Cryptanalysis (Extended abstract): Lars Knudsen and David Wagner. Fast Software Encryption 2002.
A Cryptanalysis of the High-Bandwidth Digital Content Protection System: Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner. Workshop on Security and Privacy in Digital Rights Management 2001 (proceedings here).
Homomorphic Signature Schemes: Robert Johnson, David Molnar, Dawn Song, and David Wagner. RSA 2002, Cryptographer's track. [ps]
A Note on NSA's Dual Counter Mode of Encryption: Pompiliu Donescu, Virgil D. Gligor, and David Wagner. Preliminary version, September 28, 2001. [ps]
Intercepting Mobile Communications: The Insecurity of 802.11: Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001. [ps]
Detecting Format String Vulnerabilities With Type Qualifiers: Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. 10th USENIX Security Symposium, 2001. [pdf]
Timing Analysis of Keystrokes and Timing Attacks on SSH: Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001. [ps] [a review of our work]
Intrusion Detection via Static Analysis: David Wagner and Drew Dean. 2001 IEEE Symposium on Security and Privacy. [ps, slides]
Static analysis and computer security: New techniques for software assurance: David Wagner. Ph.D. dissertation, Dec. 2000, University of California at Berkeley.
Comments to NIST Concerning AES-modes of Operations: CTR-mode Encryption: Helger Lipmaa, Phillip Rogaway, and David Wagner. Contribution to the NIST Modes of Operation Workshop (unpublished).
On The Structure of Skipjack: Lars Knudsen and David Wagner. Discrete Applied Mathematics, special issue on coding and cryptology, volume 111, issue 1-2, 15 July 2001, pp.103--116, C. Carlet (ed.).
Proofs of security for the Unix password hashing algorithm: David Wagner and Ian Goldberg. ASIACRYPT 2000. [slides]
Cryptanalysis of the Yi-Lam hash: David Wagner. ASIACRYPT 2000. [slides]
Real Time Cryptanalysis of A5/1 on a PC: Alex Biryukov, Adi Shamir, and David Wagner. FSE 2000.
Security Weaknesses in Maurer-Like Randomized Stream Ciphers: Niels Ferguson, Bruce Schneier, and David Wagner. ACISP 2000.
Practical Techniques for Searches on Encrypted Data: Dawn Xiaodong Song, David Wagner, and Adrian Perrig. 2000 IEEE Symposium on Security and Privacy (`Oakland').
Advanced Slide Attacks: Alex Biryukov and David Wagner. EUROCRYPT 2000.
Improved Cryptanalysis of Rijndael: Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. FSE 2000.
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities: David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. NDSS 2000. [ps, slides]
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2): Bruce Schneier, Mudge, and David Wagner. Secure Networking--CQRE [Secure] '99, Springer-Verlag LNCS 1740. [ps]
The Ninja Jukebox: Ian Goldberg, Steven D. Gribble, David Wagner, and Eric A. Brewer. USITS'99.
Janus: an approach for confinement of untrusted applications: David A. Wagner. Master's thesis. Also available as tech. report UCB//CSD-99-1056, UC Berkeley, Computer Science division.
Truncated differentials and Skipjack: Lars R. Knudsen, M.J.B. Robshaw, and David Wagner. CRYPTO'99. [slides]
Equivalent keys for HPC: David Wagner. Rump session talk at AES'99.
Slide attacks: Alex Biryukov and David Wagner. FSE'99.
The boomerang attack: David Wagner. FSE'99. [slides]
Mod n Cryptanalysis, with Applications Against RC5P and M6: John Kelsey, Bruce Schneier, and David Wagner. FSE'99. [ps]
New Results on the Twofish Encryption Algorithm: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Key Schedule Weaknesses in SAFER+: John Kelsey, Bruce Schneier, and David Wagner. AES'99.
Performance Comparison of the AES Submissions: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. AES'99.
Empirical Verification of Twofish Key Uniqueness Properties: Doug Whiting and David Wagner. Counterpane technical report (Twofish #2).
Cryptanalysis of ORYX.: D. Wagner, L. Simpson, E. Dawson, John Kelsey, W. Millan, and B. Schneier. SAC'98. [slides]
On the Twofish Key Schedule: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. SAC'98.
Cryptanalysis of FROG.: David Wagner, Niels Ferguson, and Bruce Schneier. Corrected version of a paper that appeared at AES'99. [slides, old version (submitted to AES'99), very old version (handed out at AES'98)]
Cryptanalysis of SPEED.: Chris Hall, John Kelsey, Vincent Rijmen, Bruce Schneier, and David Wagner. SAC'98.
Cryptanalysis of SPEED (extended abstract).: Chris Hall, John Kelsey, Bruce Schneier, and David Wagner. Financial Cryptography '98. [ps]
Architectural considerations for cryptanalytic hardware.: Ian Goldberg and David Wagner. Chapter 10 of Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, O'Reilly, July 1998. (Initially submitted as a term paper for CS 252, May 1996.) [html, ps]
Twofish: a 128-bit block cipher.: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Submission to the AES competition. [ps]
Building PRFs from PRPs.: Chris Hall, David Wagner, John Kelsey, and Bruce Schneier. CRYPTO '98. [published version, full version]
Side Channel Cryptanalysis of Product Ciphers.: John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Journal of Computer Security, vol 8, pp. 141--158, 2000. (An earlier version was published in ESORICS 1998.)
Cryptanalysis of TWOPRIME.: Don Coppersmith, David Wagner, Bruce Schneier, and John Kelsey. Fast Software Encryption 1998. [slides]
Cryptanalytic Attacks on Pseudorandom Number Generators.: John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Fast Software Encryption 1998.
Differential Cryptanalysis of KHF.: David Wagner. Fast Software Encryption 1998. [slides]
Cryptanalysis of some recently-proposed multiple modes of operation.: David Wagner. Fast Software Encryption 1998. [slides]
Secure Applications of Low-Entropy Keys.: John Kelsey, Bruce Schneier, Chris Hall, and David Wagner. 1997 Information Security Workshop.
Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA.: John Kelsey, Bruce Schneier, and David Wagner. 1997 International Conference on Information and Communications Security, Beijing.
Protocol Interactions and the Chosen Protocol Attack.: John Kelsey, Bruce Schneier, and David Wagner. 1997 Security Protocols Workshop, Cambridge.
Cryptanalysis of the Cellular Message Encryption Algorithm.: David Wagner, Bruce Schneier, and John Kelsey. CRYPTO '97. [html version, slides]
TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web.: Ian Goldberg and David Wagner. Published in the First Monday electronic journal, vol 3 no 4. [local copy]
System Security: A Management Perspective.: David Oppenheimer, David Wagner, and Michele Crabb. Booklet from the SAGE Short Topics in System Administration Series.
Privacy-enhancing technologies for the Internet.: Ian Goldberg, David Wagner, and Eric A. Brewer. IEEE COMPCON '97, February 1997. [html version, slides]
Analysis of the SSL 3.0 protocol (revised version).: David Wagner and Bruce Schneier. 2nd USENIX Workshop on Electronic Commerce, November 1996. [slides, a summary of the talk]
A secure environment for untrusted helper applications: confining the wily hacker.: Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996 USENIX Security Symposium. [source availability] [other formats: DVI]
Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES.: John Kelsey, Bruce Schneier, and David Wagner. CRYPTO '96.
Time-lock puzzles and timed-release Crypto.: Ronald Rivest, Adi Shamir, and David Wagner. Unpublished manuscript, March 1996.
Randomness and the Netscape Browser.: Ian Goldberg and David Wagner. Dr. Dobb's Journal, January 1996, pp. 66--70. [resources, DDJ's copy, copy at ACM digital library]
A ``bump in the stack'' encryptor for MS-DOS systems.: David Wagner and Steven M. Bellovin. Proceedings of the 1996 ISOC Symposium on Network & Distributed System Security. [slides]
The security of MacGuffin.: June 1995. Accepted by Cryptologia. [more info]
The security of MacGuffin.: Princeton University senior thesis, April 1995. [more info]
A programmable plaintext recognizer.: David Wagner and Steven M. Bellovin. Unpublished manuscript, September 1994.