Ronald L. Rivest: Publications and Talks

Google Scholar also provides an excellent list of my publications.

List of Publications and Talks

• Publications list. A more-or-less complete list of my publications. Selected publications, many available on-line, are listed below.

• How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes
  by Kevin D. Bowers, Marten Van Dijk, Ari Juels, Alina Oprea and Ronald L. Rivest.
  18th Annual ACM Conference on Computer and Communications Security (CCS 2011),
  October 18, 2011 (Chicago, Ill.).
  • pdf

• Sharper p-Values for Stratified Election Audits
  by Michael J. Higgins, Ronald L. Rivest, and Philip B. Stark.
  Statistics, Politics, and Policy vol 2., Iss. 1, Article 7 (2011).
  DOI: 10.2202/2151-7509.1031
  
  • Official published journal version
  • author version (no significant differences)

• Remarks on On-Line Voting (aka "Internet Voting")
  On October 27th, 2011, I participated in a panel about on-line voting ("internet voting").
  This was held at Central Connecticut State University,
  and was organized by the office of Connecticut's Secretary of State, Denise Miller
  A summary of this event, including videos, can be found
  • here.

• Remarks on the Future of Election Integrity
  by Ronald L. Rivest.
  Panel remarks given at EIPPF 2011 (Election Integrity: Past, Present, and Future) workshop, held at MIT on October 1, 2011.
  
  • Text of remarks (roughly)
  • Videos of EIPPF 2011 (My talk is in the third panel on "The Future")

• Illegitimi non carborundum
  by Ronald L. Rivest.
  Invited keynote talk given August 15, 2011 at the CRYPTO 2011 conference (Santa Barbara).
  
  • pdf of slides
  • mov for embedded movie
  (This talk was given again, in brisker form, at the 2011-08-30 Celebration for Michael Rabin at Harvard.)
  More information on FlipIt, including a link to an interactive version of the game, will become available at http://www.rsa.com/flipit

• Computing the Margin of Victory in IRV Elections
  by Thomas R. Magrino, Ronald L. Rivest, Emily Shen, and David Wagner.
  In Proceedings 2011 EVT/WOTE Conference. August 8, 2011.
  • pdf

• The growth of cryptography
  by Ronald L. Rivest.
  Talk given February 8, 2011 at my Killian award lecture.
  • slides in pdf
  • videotaped lecture

• Thoughts on UOCAVA Voting
  by Ronald L. Rivest.
  Slides presented August 6, 2010 at Workshop on UOCAVA Remote Voting Systems.
  • pdf

• Towards Trustworthy Elections: New Directions in Electronic Voting
  edited by D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. A. Ryan, J. Benaloh, M. Kutylowski, and B. Adida.
  Springer, Lecture Notes in Computer Science, Vol. 6000 (2010).
  

• Climate Change and the Integrity of Science
  by P. H. Gleick et al.
  Science, 328 (May 7, 2010), 689--690.
  • pdf

• An Optimal Single-Winner Preferential Voting System Based On Game Theory
  by Ronald L. Rivest and Emily Shen.
  (Orig. 4/8/10; latest rev. 5/22/10. Draft. Comments appreciated.)
  • pdf for latest "conference" version (5/22/10)
  • pdf for latest "full" version (4/10/10)
  • code, examples, and earlier versions of paper

• Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy
  by Richard Carback, David Chaum, Jeremy Clark, John Conway, Aleksander Essex, Paul S. Herrnson, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Alan T. Sherman, and Poorvi L. Vora.
  In Proc. USENIX Security Conference 2010
  
  • pdf

• Introduction to Algorithms (Third Edition)
  by Cormen, Leiserson, Rivest, and Stein (MIT Press, 2009).
  
  • MIT Press site
  • Errata
  • FAQ by Tom Cormen

• Security of Voting Systems
  by Ronald L. Rivest.
  Updated slide set containing some discussion of Takoma Park election using Scantegrity II on 11/3/09;
  presented at George Washington University Computer Science Department talk on November 9, 2009.
  
  • ppt

• Audit Thoughts
  by Ronald L. Rivest.
  Slides for a brief talk on post-election auditing.
  Given at Post-Election Audit Workshop, American Statistical Assn., October 24, 2009.
  
  • ppt

• Perspectives on E2E Voting Systems
  by Ronald L. Rivest.
  Keynote talk given at NIST End-to-End Voting Systems Workshop.
  October 13, 2009.
  
  • ppt

• The ``Taint'' Leakage Model
  Rump session talk for the 2009 Crypto in the Clouds Workshop (MIT). August 4, 2009.
  
  • pptx

• On the invertibility of the XOR of rotations of a binary word.
  by Ronald L. Rivest.
  (July 18, 2009. Revised November 10, 2009.)
  (This is a preprint of an article whose final and definitive form will be published in the Intl. J. Computer Mathematics.)
  
  • pdf

• Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Application to MD6.
  by Yevgeniy Dodis, Leo Reyzin, Ronald L. Rivest, and Emily Shen.
  Proc. Fast Software Encryption 2009 Conference (February 23, 2009), Leuven, (Springer LNCS Vol. 5665), 104--121.
  
  • pdf

• The MD6 Hash Function---A Proposal to NIST for SHA-3
  by Ronald L. Rivest, with Benjamin Agre, Daniel V. Bailey, Christopher Crutchfield, Yevgeniy Dodis, Kermin Elliott Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Drew Sutherland, Eran Tromer, and Yiqun Lisa Yin.
  Submitted to NIST October 27, 2008.
  • pdf
  The MD6 website contains the latest version of this report, as well as other material about MD6, including reference C code.

• The MD6 Hash Function
  by Ronald L. Rivest.
  Invited talk given at CRYPTO '2008.
  
  • ppt

• Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes
  by David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y.A. Ryan, Emily Shen, and Alan T. Sherman.
  • pdf version of paper from online proceedings for EVT'08

• A "Sum of Square Roots" (SSR) Pseudorandom Sampling Method for Election Audits
  by Ronald L. Rivest.
  (April 25, 2008. Working paper; comments appreciated.)
  • pdf

• On the Notion of ``Software Independence'' in Voting Systems
  by Ronald L. Rivest.
  Final journal version: Phil. Trans. Royal Society A, doi:10.1098/rsta.2008.0149 (published online):
  • pdf
  An earlier version (7/28/2006), coauthored with John Wack, was posted on the NIST web site:
  • pdf.
  (John Wack was unfortunately unable to join me as a co-author on the final journal version.)

• On Auditing Elections When Precincts Have Different Sizes
  by Javed Aslam, Raluca A. Popa, and Ronald L. Rivest.
  Unpublished draft. Version 12/17/2007. Comments appreciated.
  • pdf
  Conference version--(EVT'08, July 28, 2008):
  • pdf
  • pdf for slides for talk given by Raluca Ada Popa

• A Simple Rule of Thumb for Election Audit Size Determination
  by Ronald L. Rivest.
  Unpublished draft. Version 10/31/2007. Comments appreciated.
  • pdf

• Voluntary Voting System Guidelines
  Developed by NIST and the TGDC (which included me) and delivered on September 4, 2007 to the EAC for consideration and public comment.
  • VVSG web page
  • Copy of draft VVSG, as delivered by TGDC to the EAC

• Engaging Privacy and Information Technology in a Digital Age
  Edited by James Waldo, Herbert S. Lin, and Lynette I. Millett.
  (I served on the committee that produced this report.)
  The National Academies Press, Washington, D.C., 2007
  Available here.

• ThreeVotingProtocols: ThreeBallot, VAV, and Twin
  by Ronald L. Rivest and Warren D. Smith.
  Proc. EVT'07 (Electronic Voting Technology Workshop, Boston, MA, August 6, 2007).
  • pdf
  • ppt (Slides from EVT'07 presentation).

• Amplifying Collision Resistance: A Complexity-Theoretic Treatment
  by Ran Canetti, Ron Rivest, Madhu Sudan, Luca Trevisan, Salil Vadhan, and Hoeteck Wee.
  Proceedings CRYPTO 2007 (Springer, LNCS Vol. 4622, 2007), pages 264--283.
  
  • pdf

• On Estimating the Size and Confidence of a Statistical Audit
  by Javed A. Aslam, Raluca A. Popa, and Ronald L. Rivest.
  Version of June 30, 2007.
  Proc. EVT'07 (Electronic Voting Technology Workshop, Boston, MA, August 6, 2007).
  • pdf
  • Slides (.ppt) prepared by Raluca Ada Popa and presented by her at EVT'07.

• On the Security of the EMV Secure Messaging API
  by Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ross Anderson, and Ronald L. Rivest.
  Extended abstract (3 pages) appears in Proc. Fifteenth International Workshop on Security Protocols (Brno, Czech Republic), (Springer, LNCS Volume 5964, April 2007), pages 147--149.
  
  • pdf (full version of paper)

• On Auditing Elections When Precincts Have Different Sizes
  by Ronald L. Rivest.
  Unpublished draft. Version 3/18/2007. Comments appreciated.
  • pdf
  • (Dataset used in experiment)

• Fourth-factor authentication: somebody you know
  by John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, and Moti Yung.
  Proceedings 2006 ACM Conference on Computer and Communications Security, (Oct. 2006), 168-178.
  • pdf

• The ThreeBallot Voting System.
  by Ronald L. Rivest.
  Unpublished draft. Version 10/1/06. Comments appreciated. (A revised version, with new co-author W.D. Smith, appears above, and was presented at EVT'07.)
  • pdf

• On Estimating the Size of a Statistical Audit
  by Ronald L. Rivest.
  Unpublished draft. Version 11/14/06.
  (Superseded by Aslam/Popa/Rivest paper, above.)
  • pdf

• Scratch & Vote---Self-contained Paper-based Cryptographic Voting
  by Ben Adida and Ronald L. Rivest.
  Proceedings WPES '06 (ACM Workshop on Privacy in the Electronic Society 2006), pages 29--40.
  • pdf
  • pdf for Ben's slides

• Perspectives on Financial Cryptography (Revisited)
  by Ronald L. Rivest.
  Financial Cryptography '06 Conference Keynote. (Update of talk given for Financial Cryptography '97)
  • PowerPoint slides

• Recollections of Stanford CS 1969--1973
  by Ronald L. Rivest.
  Talk given March 21, 2006 at Stanford Computer Science Forum meeting celebrating the 40th anniverssary of the Stanford CS Department.
  
  • ppt slides

• Preliminary Voting -- Prevoting
  by Ronald L. Rivest
  (Draft, to appear in larger report by CalTech/MIT Voting Technology Project.) August 6, 2005.
  • pdf

• Abelian square-free dithering for iterated hash functions
  by Ronald L. Rivest
  (draft; to appear). August 2005.
  • pdf
  • ppt (Presented at ECrypt Hash Function Workshop, June 21, 2005, Cracow).
  • Freeware C code for generating dither sequence.

• Lightweight Encryption for Email
  by Ben Adida, Susan Hohenberger, and Ronald L. Rivest
  USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI), July 2005, pages 93--99.
  • pdf

• Lightweight Email Signatures
  by Ben Adida, David Chau, Susan Hohenberger, and Ronald L. Rivest
  (Revised; a preliminary version was presented at the DIMACS Workshop on Theft in E-Commerce, April 2005.)
  In Fifth Conference on Security and Cryptography for Networks (SCN'06), vol. 4116 of Lecture Notes in Computer Science (Springer, 2006),288--302.
  A revised version appeared in Chapter 10.6 of Phishing and Countermeasures (ed. M. Jakobsson and S. Myers)(Wiley, 2006).
  • pdf (early version)
  • pdf (latest version 2/1/2006)

• Ad-Hoc-Group Signatures from Hijacked Keypairs
  by Ben Adida, Susan Hohenberger, and Ronald L. Rivest
  (Revised; a preliminary version was presented at the DIMACS Workshop on Theft in E-Commerce, April 2005.)
  • pdf

• Electronic Voting
  by Ronald L. Rivest
  Talk given at NSA, June 3, 2004.
  
  • Powerpoint

• Remarks on Electronic Voting
  by Ronald L. Rivest
  Text of remarks at the Harvard Kennedy School of Governmment Digital Voting Symposium, June 1, 2004.
  
  • text

• Some Thoughts on Electronic Voting
  by Ronald L. Rivest
  Talk given May 26, 2004 at DIMACS Workshop on Electronic Voting.
  
  • Powerpoint

• Peppercoin Micropayments
  by Ronald L. Rivest
  February 9, 2004. Proceedings Financial Cryptography '04. (ed. Ari Juels)
  Lecture Notes in Computer Science, Vol. 3110. (Springer, 2004), 2--8.
  • postscript or pdf
  • Powerpoint slides from FC'04

• On Permutation Operations in Cipher Design
  by Ruby B. Lee, Z. J. Shi, Y. L. Yin, Ronald L. Rivest, and M. J. B. Robshaw.
  January 24, 2004. To appear in Proceedings ITCC 2004.
  A version has appeared under the title Permutation Operations in Block Ciphers
  in: EMBEDDED CRYPTOGRAPHIC HARDWARE: - 2004 DESIGN AND SECURITY. (Nova, 2004).
  • pdf

• On The Notion of Pseudo-Free Groups
  by Ronald L. Rivest.
  Proceedings TCC 2004 (Copyright IACR.) (Ed. Moni Naor) Springer-Verlag Lecture Notes in Computer Science No. 2951. Pages 505--521.
  
  • postscript or pdf
  • Powerpoint slides from TCC 2004

• RSA Problem
  by Ronald L. Rivest and Burt Kaliski.
  December 10, 2003. (To appear in Encyclopedia of Cryptography and Security (Kluwer).)
  
  • postscript or pdf

• 2002 ACM A. M. Turing Award Lectures
  by Leonard Adleman, Ronald L. Rivest, and Adi Shamir.
  Given June 8, 2003 at FCRC in San Diego, California.
  
  • ACM citation and posting of videos of lectures

• The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy
  by Ari Juels, Ronald L. Rivest, and Michael Szydlo.
  May 16, 2003. (To appear in Proceedings 10th Annual ACM CCS 2003.)
  
  • pdf

• Does Anyone Really Need Micropayments?
  by Nicko van Someren, Andrew Odlyzko, Ronald L. Rivest, Tim Jones, and Duncan Goldie-Scot.
  in Proceedings Financial Cryptography 2003 (ed. Rebecca Wright)
  Lecture Notes in Computer Science, Vol. 2742 (Springer 2003), 69--76.
  
  • pdf

• Access-Controlled Resource Discovery for Pervasive Networks,
  by S. Raman, D. Clarke, M. Burnside, S. Devadas and R. L. Rivest.
  Proceedings of the 18th ACM Symposium on Applied Computing (Security Track), March 2003.
  (Also appeared in Concurrency and Computation: Practice and Experience 2004: 16: pages 1099--1120.)
  • ps or pdf

• Micropayments Revisited
  by Silvio Micali and Ronald L. Rivest.
  (Proceedings of the Cryptographer's Track at the RSA Conference 2002, Bart Preneel (ed.), Springer Verlag CT-RSA 2002, LNCS 2271, pages 149--163.)
  
  • postscript or pdf
  • RSA '02 powerpoint slides
  • FC '02 powerpoint slides ("Peppercorn Micropayments via Better Lottery Tickets", rump session talk)

• The Untrusted Computer Problem and Camera-Based Authentication,
  by D. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. van Dijk, S. Devadas, and R. L. Rivest.
  Lecture Notes in Computer Science 2414, Proceedings of the International Conference on Pervasive Computing (Pervasive2002), pages 114-124, August 2002.
  
  • pdf

• Tweakable Block Ciphers
  by Moses Liskov, Ronald L. Rivest, and David Wagner.
  Proceedings CRYPTO 2002 (Springer-Verlag, Lecture Notes in Computer Science No. 2442, Moti Yung(ed.), 2002), pages 31--46.
  To appear in J. Cryptology.
  
  • postscript or pdf

• Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
  by Markus Jakobsson, Ari Juels, and Ronald L. Rivest.
  In D. Boneh, ed., USENIX Security '02, pp. 339-353. 2002.
  (Also available as IACR eprint 2002/025.)
  
  • postscript or pdf

• Proxy-Based Security Protocols in Networked Mobile Devices
  by M. Burnside, D. Clarke, T. Mills, A. Maywah, S. Devadas, and R. Rivest.
  Proceedings of the 17th ACM Symposium on Applied Computing (Security Track), pages 265-272, March 2002.
  
  • postscript or pdf.

• A Modular Voting Architecture (``Frogs'')
  by Shuki Bruck, David Jefferson, and Ronald L. Rivest.
  
  • Paper in word or pdf
  • Slides from presentation at WOTE '01 in powerpoint or pdf

• Voting---What is, What Could Be
  (July 2001 Report of the CalTech-MIT Voting Technology Project)
  • CalTechMIT VTP Web Site for this Report
  • pdf copy
  • My remarks at the July 16, 2001 press conference.

• How to Leak A Secret
  by Ronald L. Rivest, Adi Shamir, and Yael Tauman.
  ASIACRYPT 2001, pages 552--565. Lecture Notes in Computer Science (ed. Colin Boyd), Volume 2248 (Springer).
  • postscript or pdf

• Testimony on Security Issues in Voting Technology
  (Testimony given before the U.S. House Committee on Administration, May 24, 2001.)
  
  • text or Word

• Electronic Voting
  (Slides for talk given for Cambridge Club at Harvard Faculty Club, March 5, 2001.)
  
  • ppt or pdf

• Electronic Voting
  (Corresponds to my remarks at a panel discussion at Financial Cryptography '01, 2/19--2/22.)
  Proc.Financial Cryptography '01 (Springer, LNCS Vol. 2339, 2001), pages 234--259.
  
  • Paper: postscript or pdf
  • Slides for talk: ppt or pdf

• Issues in Cryptography
  Short luncheon talk given March 7, 2001 at Computers, Freedom, and Privacy 2001 Conference.
  
  • Slides: powerpoint or pdf

• Certificate Chain Discovery in SPKI/SDSI
  by Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L. Rivest.
  (To appear in JCS.) Draft of September 13, 2001.
  
  • postscript or pdf

• Two Signature Schemes
  (Slides from talk given at Cambridge University October 17, 2000; one scheme (a transitive signature scheme for undirected graphs) is joint work with Silvio Micali, the other scheme (a prefix aggregation scheme) is joint work with Suresh Chari and Tal Rabin.)
  
  • pdf
  Here is the paper for the first scheme:
  Transitive Signature Schemes
  by Silvio Micali and Ronald L. Rivest.
  (Proceedings of the Cryptographer's Track at the RSA Conference 2002, Bart Preneel (ed.), Springer Verlag CT-RSA 2002, LNCS 2271, pages 236--243.)
  • postscript or pdf
  Here is the current draft of the paper for the second scheme, by Chari, Rabin, and Rivest:
  An Efficient Signature Scheme for Route Aggregation
  by Suresh Chari, Tal Rabin, and Ronald L. Rivest
  (Draft of February 1, 2002.)
  
  • postscript or pdf

• Pseudonym Systems
  by Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, and Stefan Wolf.
  Selected Areas in Cryptography '99 (Springer Verlag Lecture Notes in Computer Science No. 1758; edited by H. Heys and C. Adams, 2000), pages 184--199.
  
  • postscript or pdf

• Are ``Strong'' Primes Needed for RSA?
  by Ronald L. Rivest and Robert D. Silverman.
  
  • (version 11/22/1999) postscript or pdf
  • Paper 2001/007 of the IACR Cryptology ePrint archive (version 12/1/1998)

• Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer
  by Ronald L. Rivest.
  Unpublished manuscript, 11/8/99.
  
  • postscript or pdf

• Permutation Polynomials modulo 2^w
  by Ronald L. Rivest.
  October 6, 1999. Revised October 25, 1999.
  In Finite Fields and their Applications Volume 7 (2001), pages 287--292.
  
  • postscript or pdf ; (copyright notice)

• The Beer Bottle Cipher
  by Ronald L. Rivest.
  Posted here June 30, 1999.
  Published in CCE Quarterly Journal (PricewaterhouseCoopers Cryptographic Center of Excellence), Issue 3 (1999), 28--30.
  
  • text

• The LCS35 Time Capsule Crypto-Puzzle (description, java code, and puzzle parameters)
  by Ronald L. Rivest
  
  • description with java code and puzzle parameters or java code only or puzzle parameters only
  • LCS page on puzzle

• Improved Analysis of Some Simplified Variants of RC6
  by Scott Contini, Ronald L. Rivest, M.J.B. Robshaw, and Yiqun Lisa Yin.
  in Proceedings Fast Software Encryption '99 (Springer Verlag, Lecture Notes in Computer Science No. 1636, Lars Knudsen(ed.), 1999), pages 1--15.
  
  • postscript or pdf

• Some Thoughts on Serial Numbers on Intel CPU's
  by Ronald L. Rivest.
  Unpublished note, drafted January 26, 1999; revised in minor ways on August 23, 1999 and posted here.
  
  • text

• SPKI Certificate Theory
  by C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen.
  Internet Network Working Group RFC2693, September 1999.
  
  • text

• Simple Public Key Certificate
  by C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen.
  Internet Draft, July 26, 1999.
  
  • text

• Piecemeal Graph Exploration by a Mobile Robot
  by Baruch Awerbuch, Margrit Betke, Ronald L. Rivest, and Mona Singh.
  Information and Computation 152,2 (August 1999), 155--172.
  • postscript or pdf

• SPKI Examples
  by C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen.
  Internet Draft, March 10, 1998.
  
  • text

• The Case against Regulating Encryption Technology
  by Ronald L. Rivest.
  Scientific American, October 1998, pages 116--117.
  • text

• Self-Delegation with Controlled Propagation -- or -- What If You Lose Your Laptop
  by Oded Goldreich and Birgit Pfitzmann and Ronald L. Rivest
  Proceedings CRYPTO '98 (Springer-Verlag, Lecture Notes in Computer Science No. 1462, Hugo Krawczyk(ed), 1998), pages 153--168. (Also Cryptology ePrint Archive 1997/012.)
  
  • postscript or pdf

• The Security of the RC6 Block Cipher
  by Scott Contini, Ronald L. Rivest, M.J.B. Robshaw, and Yiqun Lisa Yin.
  Posted at RSA's RC6 page. (August 20, 1998)
  • postscript or pdf

• The RC6 Block Cipher
  by Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin
  Posted at RSA's RC6 page. (Version 1.1; August 20, 1998).
  • postscript or pdf
    
  • Powerpoint slides from AES1 conference (8/21/1998).
  • Further notes on RC6
  • Powerpoint slides from AES3 conference (4/14/2000).

• Can We Eliminate Certificate Revocation Lists?
  by Ronald L. Rivest
  (Proceedings of Financial Cryptography '98; Springer Lecture Notes in Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998), pages 178--183.
  
  • postscript or pdf

• On the Design and Security of RC2
  By Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, and M.J.B. Robshaw.
  (Proceedings Fifth Fast Software Encryption Workshop FSE '98, (Springer Lecture Notes in Computer Science, No. 1372, March 1998, Serge Vaudenay (ed.)), pages 206--221.
  
  • postscript or pdf

• Chaffing and Winnowing: Confidentiality without Encryption
  by Ronald L. Rivest.
  CryptoBytes (RSA Laboratories), volume 4, number 1 (summer 1998), 12--17.
  
  • Version of March 18, 1998
  • ``Chaffing and Winnowing'' and Comments on Crypto Policy (Powerpoint slides)
  • Version of July 1, 1998
  • Some further remarks on winnowing and chaffing. (November 14, 2000.

• Cryptography as Duct Tape
  by Ronald L. Rivest
  (a short note written to the Senate Commerce and Judiciary Committees in opposition to mandatory key recovery proposals).
  
  • Version of June 12, 1997

• The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption
  By Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffery I. Schiller, and Bruce Schneier.
  May, 1997.
  
  • Report Home Page at CDT
    

• Electronic Lottery Tickets as Micropayments,
  by Ronald L. Rivest.
  Proceedings of Financial Cryptography '97 Conference, Springer Lecture Notes in Computer Science #1318 (1997), 307--314.
  
  • postscript or pdf

• Perspectives on Financial Cryptography
  by Ronald L. Rivest.
  Proceedings of Financial Cryptography '97 Conference, Springer Lecture Notes in Computer Science #1318 (1997), 145--149.
  
  • postscript or pdf
  • PowerPoint slides

• SDSI---A Simple Distributed Security Infrastructure
  (By Ronald L. Rivest and Butler Lampson).
  (See also the SDSI Page)
  
  • [Version 1.0]
    
    • html or postscript
    • Powerpoint slides: USENIX '96, RSA-Labs '96, CRYPTO '96
  • [Version 1.1]
    
    • html
      
  • [Version 2.0]
    
    • PowerPoint slides for Maryland Theoretical Computer Science Day 4/11/97
      

• All-Or-Nothing Encryption and The Package Transform
  by Ronald L. Rivest.
  Proceedings of the 1997 Fast Software Encryption Conference. Springer Lecture Notes in Computer Science #1267 (1997), 210--218.
  
  • postscript or pdf

• Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security
  by Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, and Michael Wiener.
  
  • postscript or pdf or text

• Translucent Cryptography---An Alternative to Key Escrow, and its Implementation via Fractional Oblivious Transfer
  by Mihir Bellare and Ronald L. Rivest.
  MIT/LCS Technical Report 683 (18 Feb 1996):
  
  • postscript or pdf
  Journal of Cryptology (vol. 12, no. 2, Spring 1999, pages 117--140):
  
  • postscript or pdf

• Multi-grade cryptography
  by Ronald L. Rivest
  Unpublished manuscript.
  
  • postscript or pdf

• Time-lock puzzles and timed-release Crypto
  by Ronald L. Rivest, Adi Shamir, and David A. Wagner.
  (This has appeared as LCS technical memo MIT/LCS/TR-684 (February 1996).)
  
  • Version of 3/10/96: postscript or pdf
    

• Geometric Cryptography
  by Mike Burmester, Ronald L. Rivest, and Adi Shamir.
  Unpublished.
  
  • postscript or pdf

• PayWord and MicroMint--Two Simple Micropayment Schemes
  by Ronald L. Rivest and Adi Shamir.
  CryptoBytes, volume 2, number 1 (RSA Laboratories, Spring 1996), 7--11.
  Also in Proceedings of 1996 International Workshop on Security Protocols, (ed. Mark Lomas), (Springer, 1997), Lecture Notes in Computer Science No. 1189, pages 69--87.
  
  • postscript or pdf
  • PowerPoint slides for RSA '96 conference.

• The RC5 Encryption Algorithm
  by Ronald L. Rivest.
  Proceedings of the 1994 Leuven Workshop on Fast Software Encryption (Springer 1995), pages 86-96.
  
  • postscript or pdf
  • 3/20/97: correction note, revised postscript or pdf
  (Also see The RC5 Encryption Algorithm (pdf) in Dr. Dobbs Journal number 226 (January 1995), pages 146-148.)
  

• Piecemeal Learning of an Unknown Environment
  by Margrit Betke, Ronald L. Rivest, and Mona Singh. Machine Learning 18:2-3 (February 1995), 231--254.
  • postscript or pdf

• Being Taught Can be Faster than Asking Questions
  by Ronald L. Rivest and Yiqun Lisa Yin
  Proceedings 1995 COLT Conference (ACM, 1995), 144-151.
  
  • postscript or pdf

• Picking the Best Expert from a Sequence
  by Ruth Bergman and Ronald L. Rivest.
  Proceedings of the Fifth International Workshop on Artificial Intelligence and Statistics, (Fort Lauerdale FL, January 1995). 219--228.
  
  • postscript or pdf

• Complete Variable-Length `FixFree' Codes
  by David Gillman and Ronald L. Rivest.
  Designs, Codes, and Cryptography 5,2 (March 1995), 109--114.
  
  • postscript or pdf

• Diversity-Based Inference of Finite Automata
  by Ronald L. Rivest and Robert E. Schapire.
  Journal of the ACM 41, 3 (May 1994), 555--589.
  
  • postscript or pdf

• Cryptography and Machine Learning
  by Ronald L. Rivest.
  Proceedings ASIACRYPT '91 (Springer 1993), 427--439.
  
  • postscript or pdf

• Learning Binary Relations and Total Orders
  by Sally A. Goldman, Ronald L. Rivest, and Robert E. Schapire.
  SIAM J. Computing 22,5 (October 1993), 1006-1034.
  
  • postscript or pdf

• Inference of Finite Automata Using Homing Sequences
  by Ronald L. Rivest and Robert E. Schapire.
  Information and Computation 103,2 (April 1993), 299--347.
  
  • pdf
  • pdf (conference version - Proc. 21st STOC Conference, 1989, pages 411--420)

• The MD5 Message Digest Algorithm
  by Ronald L. Rivest.
  Internet RFC 1321 (April 1992).
  
  • text

• The MD4 Message Digest Algorithm
  by Ronald L. Rivest.
  Internet RFC 1320 (April 1992).
  
  • text

• Finding Four Million Large Random Primes
  by Ronald L. Rivest.
  Proc. CRYPTO 90 (Springer 1991), 625--626.
  
  • postscript or pdf

• Cryptography
  by Ronald L. Rivest.
  Chapter 13 of Handbook of Theoretical Computer Science, (ed. J. Van Leeuwen) vol. 1 (Elsevier, 1990), 717--755.
  
  • postscript or pdf ; (note)

• A Knapsack Type Cryptosystem Based on Arithmetic in Finite Fields
  by Benny Chor and Ronald L. Rivest.
  IEEE Trans. Information Theory 34,5 (Sep. 1988), 901--909.
  (Also in CRYPTO 84.)
  
  • postscript or pdf

• Is the Data Encryption Standard A Group?
  by Burton S. Kaliski, Ronald L. Rivest, and Alan T. Sherman.
  Journal of Cryptology 1,1 (1988),3--36.
  
  • pdf

• A Digital Signature Scheme Secure Against Adaptive Chosen Message Attacks
  by Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest.
  SIAM J. Computing 17,2 (April 1988), 281--308.
  (Note: This does not include the figures that were published with the paper.)
  • postscript or pdf or dvi

• Making Maximum Entropy Computations Easier By Adding Extra Constraints (Extended Abstract)
  by Sally A. Goldman and Ronald L. Rivest.
  in Maximum--Entropy and Bayesian Methods in Science and Engineering (Vol. 2), (Edited by G.J. Erickson and C.R. Smith) (Kluwer Academic Publishers, 1988), 323--340.
  
  • postscript or pdf or dvi

• Learning Decision Lists
  by Ronald L. Rivest.
  Machine Learning 2,3 (1987), 229--246.
  
  • postscript or pdf

• Game Tree Searching by Min/Max Approximation
  by Ronald L. Rivest.
  Artificial Intelligence 34,1 (Dec. 1987), 77-96.
  
  • postscript or pdf

• Efficient Factoring Based on Partial Information
  by Ronald L. Rivest and Adi Shamir
  Proceedings EUROCRYPT '85, LNCS 219, ed. F. Pichler (Springer), 31--34.
  • pdf

• Testing Implementations of DES
  by Ronald L. Rivest
  (Unpublished, 2/85)
  
  • text

• How to Expose an Eavesdropper
  by Ronald L. Rivest and Adi Shamir
  CACM 27,4 (April 1984), 393--395.
  • pdf

• How to Reuse a "Write-Once" Memory
  by Ronald L. Rivest and Adi Shamir.
  Information and Control 55,1-3 (October/November/December 1982), 1--19.
  
  • pdf

• Minimum Edge-Length Decomposition of Rectilinear Polygons
  by A. Lingas, R. Y. Pinter, R. L. Rivest, and A. Shamir.
  Proc. 1982 Allerton Conference on Communications, Control, and Computing (Oct. 1982), 53-63.
  
  • pdf

• Mental Poker
  by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman.
  in The Mathematical Gardner (ed. David A. Klarner), (Prindle, Weber, and Schmidt, 1981), pages 37-43.
  
  • pdf

• On Data Banks and Privacy Homomorphisms
  by R. Rivest, L. Adleman, and M. Dertouzos.
  in Foundations of Secure Computation (edited by R. DeMillo, D. Dobkin, A. Jones, and R. Lipton) (New York: Academic Press, 1978), 169-180.
  • pdf

• Remarks on a Proposed Cryptanalytic Attack on the M.I.T. Public-Key Cryptosystem
  Cryptologia 2,1 (January 1978), 62--65.
  
  • pdf

• A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
  by Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman.
  Communications of the ACM 21,2 (Feb. 1978), 120--126.
  
  • pdf

• Optimal Arrangements of Keys in a Hash Table
  by Ronald L. Rivest.
  Journal of the ACM 25,2 April 1978, 200--209.
  • pdf

• On Recognizing Graph Properties from Adjacency Matrices
  by Ronald L. Rivest and Jean Vuillemin.
  Theoretical Computer Science 3 1976, 371--384.
  
  • pdf

• Linear Expected Time Of A Simple Union-Find Algorithm
  by Jon Doyle and Ronald L. Rivest.
  Information Processing Letters 5,5 November 1976, 146--148.
  
  • pdf

• Partial-Match Retrieval Algorithms
  by Ronald L. Rivest.
  Siam J. Computing 5,1 March 1976, 19--50.
  
  • pdf

• Constructing Optimal Binary Decision Trees is NP-Complete
  by Laurent Hyafil and Ronald L. Rivest.
  Information Processing Letters 5,1 (May 1976), 15--17.
  
  • pdf

• Expected Time Bounds for Selection
  by Robert W. Floyd and Ronald L. Rivest.
  Communications of the ACM 18,3 (March 1975), 165--172.
  
  • pdf

• Time Bounds for Selection by Manual Blum, Robert W. Floyd, Vaughan Pratt, Ronald L. Rivest, and Robert E. Tarjan.
  Journal of Computer and System Sciences 7,4 August 1973, 448-460.
  
  • pdf