Publications
list.
A more-or-less complete list of my publications.
Selected publications, many available on-line, are listed below.
How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes
by Kevin D. Bowers, Marten Van Dijk, Ari Juels, Alina Oprea and Ronald L. Rivest.
18th Annual ACM Conference on Computer and Communications Security (CCS 2011),
October 18, 2011 (Chicago, Ill.).
Sharper p-Values for Stratified Election Audits
by Michael J. Higgins, Ronald L. Rivest, and Philip B. Stark.
Statistics, Politics, and Policy vol 2., Iss. 1, Article 7 (2011).
DOI: 10.2202/2151-7509.1031
Remarks on On-Line Voting (aka "Internet Voting")
On October 27th, 2011, I participated in a panel about on-line voting ("internet voting").
This was held at Central Connecticut State University,
and was organized by the office of Connecticut's Secretary of State, Denise Miller
A summary of this event, including videos, can be found
Remarks on the Future of Election Integrity
by Ronald L. Rivest.
Panel remarks given at EIPPF 2011 (Election Integrity: Past, Present, and
Future) workshop, held at MIT on October 1, 2011.
Computing the Margin of Victory in IRV Elections
by Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner.
In Proceedings 2011 EVT/WOTE Conference. August 8, 2011.
Towards Trustworthy Elections: New Directions in Electronic Voting
edited by D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. A. Ryan, J. Benaloh,
M. Kutylowski, and B. Adida.
Springer,
Lecture Notes in Computer Science, Vol. 6000 (2010).
Climate Change and the Integrity of Science
by P. H. Gleick et al. Science, 328 (May 7, 2010), 689--690.
An Optimal Single-Winner Preferential Voting System Based On Game Theory
by Ronald L. Rivest and Emily Shen.
(Orig. 4/8/10; latest rev. 5/22/10. Draft. Comments appreciated.)
Scantegrity II Municipal Election at Takoma Park:
The First E2E Binding Governmental Election with Ballot Privacy
by Richard Carback, David Chaum, Jeremy Clark, John Conway,
Aleksander Essex, Paul S. Herrnson, Travis Mayberry,
Stefan Popoveniuc, Ronald L. Rivest, Emily Shen,
Alan T. Sherman, and Poorvi L. Vora.
In Proc. USENIX Security Conference 2010
Security of Voting Systems
by Ronald L. Rivest.
Updated slide set containing some discussion of Takoma Park
election using Scantegrity II on 11/3/09;
presented at
George Washington University Computer Science Department talk
on November 9, 2009.
Audit Thoughts
by Ronald L. Rivest.
Slides for a brief talk on post-election auditing.
Given at Post-Election Audit Workshop, American Statistical Assn.,
October 24, 2009.
On the invertibility of the XOR of rotations of a binary word.
by Ronald L. Rivest.
(July 18, 2009. Revised November 10, 2009.)
(This is a preprint of an article whose final and definitive form will be
published in the Intl. J. Computer Mathematics.)
Indifferentiability of Permutation-Based Compression Functions
and Tree-Based Modes of Operation, with Application to MD6.
by Yevgeniy Dodis, Leo Reyzin, Ronald L. Rivest, and Emily Shen.
Proc. Fast Software Encryption 2009 Conference (February 23, 2009), Leuven,
(Springer LNCS Vol. 5665), 104--121.
The MD6 Hash Function---A Proposal to NIST for SHA-3
by Ronald L. Rivest, with
Benjamin Agre,
Daniel V. Bailey,
Christopher Crutchfield,
Yevgeniy Dodis,
Kermin Elliott Fleming,
Asif Khan,
Jayant Krishnamurthy,
Yuncheng Lin,
Leo Reyzin,
Emily Shen,
Jim Sukha,
Drew Sutherland,
Eran Tromer,
and Yiqun Lisa Yin.
Submitted to NIST October 27, 2008.
Scantegrity II: End-to-End Verifiability for Optical Scan
Election Systems using Invisible Ink Confirmation Codes
by David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex,
Stefan Popoveniuc, Ronald L. Rivest, Peter Y.A. Ryan,
Emily Shen, and Alan T. Sherman.
pdf version of paper from online proceedings for
EVT'08
A "Sum of Square Roots" (SSR) Pseudorandom Sampling Method for
Election Audits
by Ronald L. Rivest.
(April 25, 2008. Working paper; comments appreciated.)
On the Notion of ``Software Independence'' in Voting Systems
by Ronald L. Rivest.
Final journal version: Phil. Trans. Royal Society A, doi:10.1098/rsta.2008.0149 (published online):
(John Wack was unfortunately unable to join me as a co-author on the final journal version.)
On Auditing Elections When Precincts Have Different Sizes
by Javed Aslam, Raluca A. Popa, and Ronald L. Rivest.
Unpublished draft. Version 12/17/2007. Comments appreciated.
Voluntary Voting System Guidelines
Developed by
NIST
and the
TGDC
(which included me) and delivered
on September 4, 2007
to the
EAC
for consideration and public comment.
Engaging Privacy and Information Technology in a Digital Age
Edited by James Waldo, Herbert S. Lin, and Lynette I. Millett.
(I served on the committee that produced this report.)
The National Academies Press, Washington, D.C., 2007
Available here.
ThreeVotingProtocols: ThreeBallot, VAV, and Twin
by Ronald L. Rivest and Warren D. Smith. Proc. EVT'07
(Electronic Voting Technology Workshop, Boston, MA, August 6, 2007).
On Estimating the Size and Confidence of a Statistical Audit
by Javed A. Aslam, Raluca A. Popa, and Ronald L. Rivest.
Version of June 30, 2007. Proc. EVT'07
(Electronic Voting Technology Workshop, Boston, MA, August 6, 2007).
On the Security of the EMV Secure Messaging API
by Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ross Anderson, and Ronald L. Rivest.
Extended abstract (3 pages) appears in
Proc. Fifteenth International Workshop on Security Protocols
(Brno, Czech Republic), (Springer, LNCS Volume 5964, April 2007),
pages 147--149.
Fourth-factor authentication: somebody you know
by John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, and
Moti Yung. Proceedings 2006 ACM Conference on Computer and Communications Security, (Oct. 2006), 168-178.
The ThreeBallot Voting System.
by Ronald L. Rivest.
Unpublished draft. Version 10/1/06. Comments appreciated.
(A revised version, with new co-author W.D. Smith, appears above,
and was presented at EVT'07.)
On Estimating the Size of a Statistical Audit
by Ronald L. Rivest.
Unpublished draft. Version 11/14/06.
(Superseded by Aslam/Popa/Rivest paper, above.)
Scratch & Vote---Self-contained Paper-based Cryptographic Voting
by Ben Adida and Ronald L. Rivest. Proceedings WPES '06 (ACM Workshop on Privacy in the Electronic
Society 2006), pages 29--40.
Perspectives on Financial Cryptography (Revisited)
by Ronald L. Rivest.
Financial Cryptography '06 Conference Keynote.
(Update of talk given for Financial Cryptography '97)
Recollections of Stanford CS 1969--1973
by Ronald L. Rivest.
Talk given March 21, 2006 at Stanford Computer Science
Forum meeting celebrating the 40th anniverssary of the
Stanford CS Department.
Lightweight Encryption for Email
by Ben Adida, Susan Hohenberger, and Ronald L. Rivest
USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI), July 2005, pages 93--99.
Lightweight Email Signatures
by Ben Adida, David Chau, Susan Hohenberger, and Ronald L. Rivest
(Revised; a preliminary version was presented at the DIMACS Workshop on Theft in E-Commerce, April 2005.)
In Fifth Conference on Security and Cryptography for Networks (SCN'06),
vol. 4116 of Lecture Notes in Computer Science (Springer, 2006),288--302.
A revised version appeared in Chapter 10.6 of
Phishing and Countermeasures (ed. M. Jakobsson and S. Myers)(Wiley, 2006).
Ad-Hoc-Group Signatures from Hijacked Keypairs
by Ben Adida, Susan Hohenberger, and Ronald L. Rivest
(Revised; a preliminary version was presented at the DIMACS Workshop on Theft in E-Commerce, April 2005.)
Peppercoin Micropayments
by Ronald L. Rivest
February 9, 2004. Proceedings Financial Cryptography '04.
(ed. Ari Juels)
Lecture Notes in Computer Science, Vol. 3110. (Springer, 2004), 2--8.
On Permutation Operations in Cipher Design
by Ruby B. Lee, Z. J. Shi, Y. L. Yin, Ronald L. Rivest, and M. J. B. Robshaw.
January 24, 2004. To appear in Proceedings ITCC 2004.
A version has appeared under the title
Permutation Operations in Block Ciphers
in: EMBEDDED CRYPTOGRAPHIC HARDWARE: - 2004 DESIGN AND SECURITY.
(Nova, 2004).
On The Notion of Pseudo-Free Groups
by Ronald L. Rivest.
Proceedings TCC 2004 (Copyright IACR.)
(Ed. Moni Naor) Springer-Verlag Lecture Notes in Computer Science No. 2951.
Pages 505--521.
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy
by Ari Juels, Ronald L. Rivest, and Michael Szydlo.
May 16, 2003. (To appear in Proceedings 10th Annual ACM CCS 2003.)
Does Anyone Really Need Micropayments?
by Nicko van Someren, Andrew Odlyzko, Ronald L. Rivest, Tim Jones,
and Duncan Goldie-Scot.
in Proceedings Financial Cryptography 2003 (ed. Rebecca Wright)
Lecture Notes in Computer Science, Vol. 2742 (Springer 2003), 69--76.
Access-Controlled Resource Discovery for Pervasive Networks,
by S. Raman, D. Clarke, M. Burnside, S. Devadas and R. L. Rivest. Proceedings of the 18th ACM Symposium on Applied Computing
(Security Track), March 2003.
(Also appeared in Concurrency and Computation: Practice and Experience
2004: 16: pages 1099--1120.)
Micropayments Revisited
by Silvio Micali and Ronald L. Rivest.
(Proceedings of the Cryptographer's Track at the RSA Conference 2002,
Bart Preneel (ed.), Springer Verlag CT-RSA 2002, LNCS 2271, pages 149--163.)
The Untrusted Computer Problem and Camera-Based Authentication,
by D. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas,
and R. L. Rivest. Lecture Notes in Computer Science 2414,
Proceedings of the International Conference on Pervasive Computing
(Pervasive2002), pages 114-124, August 2002.
Tweakable Block Ciphers
by Moses Liskov, Ronald L. Rivest, and David Wagner. Proceedings CRYPTO 2002
(Springer-Verlag, Lecture Notes in Computer Science No. 2442,
Moti Yung(ed.), 2002), pages 31--46.
To appear in J. Cryptology.
Making Mix Nets Robust for Electronic Voting by Randomized
Partial Checking
by Markus Jakobsson, Ari Juels, and Ronald L. Rivest.
In D. Boneh, ed., USENIX Security '02, pp. 339-353. 2002.
(Also available as IACR eprint 2002/025.)
Proxy-Based Security Protocols in Networked Mobile Devices
by M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas,
and R. Rivest.
Proceedings of the 17th ACM Symposium on Applied Computing
(Security Track),
pages 265-272, March 2002.
How to Leak A Secret
by Ronald L. Rivest, Adi Shamir, and Yael Tauman.
ASIACRYPT 2001, pages 552--565.
Lecture Notes in Computer Science (ed. Colin Boyd),
Volume 2248 (Springer).
Electronic Voting
(Corresponds to my remarks at a panel discussion at Financial Cryptography '01, 2/19--2/22.)
Proc.Financial Cryptography '01 (Springer, LNCS Vol. 2339, 2001), pages 234--259.
Certificate Chain Discovery in SPKI/SDSI
by Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L. Rivest.
(To appear in JCS.) Draft of September 13, 2001.
Two Signature Schemes
(Slides from talk given at Cambridge University October 17, 2000;
one scheme (a transitive signature scheme for undirected graphs) is
joint work with Silvio Micali, the other scheme (a prefix aggregation scheme)
is joint work with Suresh Chari and Tal Rabin.)
Here is the paper for the first scheme: Transitive Signature Schemes
by Silvio Micali and Ronald L. Rivest.
(Proceedings of the Cryptographer's Track at the RSA Conference 2002,
Bart Preneel (ed.), Springer Verlag CT-RSA 2002, LNCS 2271, pages 236--243.)
Here is the current draft of the paper for the second scheme, by
Chari, Rabin, and Rivest: An Efficient Signature Scheme for Route Aggregation
by Suresh Chari, Tal Rabin, and Ronald L. Rivest
(Draft of February 1, 2002.)
Pseudonym Systems
by Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, and Stefan Wolf. Selected Areas in Cryptography '99 (Springer Verlag Lecture Notes in Computer
Science No. 1758; edited by H. Heys and C. Adams, 2000), pages 184--199.
Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer
by Ronald L. Rivest.
Unpublished manuscript, 11/8/99.
Permutation Polynomials modulo 2^w
by Ronald L. Rivest.
October 6, 1999. Revised October 25, 1999.
In Finite Fields and their Applications Volume 7 (2001), pages 287--292.
The Beer Bottle Cipher
by Ronald L. Rivest.
Posted here June 30, 1999.
Published in CCE Quarterly Journal
(PricewaterhouseCoopers Cryptographic Center of Excellence),
Issue 3 (1999), 28--30.
Improved Analysis of Some Simplified Variants of RC6
by Scott Contini, Ronald L. Rivest, M.J.B. Robshaw, and Yiqun Lisa Yin.
in Proceedings Fast Software Encryption '99
(Springer Verlag, Lecture Notes in Computer Science No. 1636,
Lars Knudsen(ed.), 1999), pages 1--15.
Some Thoughts on Serial Numbers on Intel CPU's
by Ronald L. Rivest.
Unpublished note, drafted January 26, 1999; revised in minor ways on August 23, 1999 and posted here.
SPKI Certificate Theory
by C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas,
and T. Ylonen.
Internet Network Working Group RFC2693, September 1999.
Piecemeal Graph Exploration by a Mobile Robot
by Baruch Awerbuch, Margrit Betke, Ronald L. Rivest, and Mona Singh. Information and Computation 152,2 (August 1999), 155--172.
Self-Delegation with Controlled Propagation -- or -- What If You Lose Your Laptop
by Oded Goldreich and Birgit Pfitzmann and Ronald L. Rivest Proceedings CRYPTO '98
(Springer-Verlag, Lecture Notes in Computer Science No. 1462, Hugo Krawczyk(ed), 1998), pages 153--168.
(Also Cryptology ePrint Archive 1997/012.)
The Security of the RC6 Block Cipher
by Scott Contini, Ronald L. Rivest, M.J.B. Robshaw, and Yiqun Lisa Yin.
Posted at RSA's RC6 page.
(August 20, 1998)
Can We Eliminate Certificate Revocation Lists?
by Ronald L. Rivest
(Proceedings of Financial Cryptography '98; Springer Lecture Notes
in Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998),
pages 178--183.
On the Design and Security of RC2 By Lars R. Knudsen,
Vincent Rijmen, Ronald L. Rivest, and M.J.B. Robshaw. (Proceedings
Fifth Fast Software Encryption Workshop FSE '98, (Springer Lecture
Notes in Computer Science, No. 1372, March 1998, Serge Vaudenay
(ed.)), pages 206--221.
Chaffing and Winnowing: Confidentiality without Encryption
by Ronald L. Rivest. CryptoBytes (RSA Laboratories), volume 4, number 1 (summer 1998), 12--17.
Cryptography as Duct Tape
by Ronald L. Rivest
(a short note written to the Senate Commerce and Judiciary Committees
in opposition to mandatory key recovery proposals).
The Risks of Key Recovery, Key Escrow, and Trusted Third Party
Encryption
By Hal Abelson, Ross Anderson, Steven M. Bellovin,
Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann,
Ronald L. Rivest, Jeffery I. Schiller, and Bruce Schneier.
May, 1997.
Electronic Lottery Tickets as Micropayments,
by Ronald L. Rivest.
Proceedings of Financial Cryptography '97 Conference,
Springer Lecture Notes in Computer Science #1318 (1997), 307--314.
Perspectives on Financial Cryptography
by Ronald L. Rivest.
Proceedings of Financial Cryptography '97 Conference,
Springer Lecture Notes in Computer Science #1318 (1997), 145--149.
All-Or-Nothing Encryption and The Package Transform
by Ronald L. Rivest.
Proceedings of the 1997 Fast Software Encryption Conference.
Springer Lecture Notes in Computer Science #1267 (1997), 210--218.
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security
by Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu
Shimomura, Eric Thompson, and Michael Wiener.
Translucent Cryptography---An Alternative to Key Escrow, and its Implementation
via Fractional Oblivious Transfer
by Mihir Bellare and Ronald L. Rivest.
MIT/LCS Technical Report 683 (18 Feb 1996):
Time-lock puzzles and timed-release Crypto
by Ronald L. Rivest, Adi Shamir, and David A. Wagner.
(This has appeared as LCS technical memo MIT/LCS/TR-684 (February 1996).)
PayWord and MicroMint--Two Simple Micropayment Schemes
by Ronald L. Rivest and Adi Shamir.
CryptoBytes, volume 2, number 1 (RSA Laboratories, Spring 1996), 7--11.
Also in Proceedings of 1996 International Workshop on Security Protocols,
(ed. Mark Lomas), (Springer, 1997), Lecture Notes in Computer Science No. 1189, pages 69--87.
Picking the Best Expert from a Sequence
by Ruth Bergman and Ronald L. Rivest.
Proceedings of the Fifth
International Workshop on Artificial Intelligence and Statistics,
(Fort Lauerdale FL, January 1995). 219--228.
Learning Binary Relations and Total Orders
by Sally A. Goldman, Ronald L. Rivest, and Robert E. Schapire. SIAM J. Computing 22,5 (October 1993), 1006-1034.
Inference of Finite Automata Using Homing Sequences
by Ronald L. Rivest and Robert E. Schapire. Information and Computation 103,2 (April 1993), 299--347.
A Knapsack Type Cryptosystem Based on Arithmetic in Finite Fields
by Benny Chor and Ronald L. Rivest.
IEEE Trans. Information Theory 34,5 (Sep. 1988), 901--909.
(Also in CRYPTO 84.)
A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks
by Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. SIAM J. Computing 17,2 (April 1988), 281--308.
(Note: This does not include the figures that were published with the paper.)
Making Maximum Entropy Computations Easier By Adding Extra Constraints (Extended Abstract)
by Sally A. Goldman and Ronald L. Rivest.
in Maximum--Entropy and Bayesian Methods in Science and Engineering
(Vol. 2), (Edited by G.J. Erickson and C.R. Smith) (Kluwer Academic
Publishers, 1988), 323--340.
Efficient Factoring Based on Partial Information
by Ronald L. Rivest and Adi Shamir Proceedings EUROCRYPT '85, LNCS 219, ed. F. Pichler (Springer), 31--34.
Minimum Edge-Length Decomposition of Rectilinear Polygons
by A. Lingas, R. Y. Pinter, R. L. Rivest, and A. Shamir. Proc. 1982 Allerton Conference on Communications, Control, and Computing
(Oct. 1982), 53-63.
Mental Poker
by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman.
in The Mathematical Gardner (ed. David A. Klarner),
(Prindle, Weber, and Schmidt, 1981), pages 37-43.
On Data Banks and Privacy Homomorphisms
by R. Rivest, L. Adleman, and M. Dertouzos.
in Foundations of Secure Computation
(edited by R. DeMillo, D. Dobkin, A. Jones, and R. Lipton)
(New York: Academic Press, 1978), 169-180.
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. Communications of the ACM 21,2 (Feb. 1978), 120--126.
Constructing Optimal Binary Decision Trees is NP-Complete
by Laurent Hyafil and Ronald L. Rivest. Information Processing Letters 5,1 (May 1976), 15--17.
Time Bounds for Selection
by Manual Blum, Robert W. Floyd, Vaughan Pratt, Ronald L. Rivest,
and Robert E. Tarjan. Journal of Computer and System Sciences 7,4 August 1973,
448-460.