Eran Tromer (ערן טרומר)

Postdoctoral Associate
Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology

E-mail:	or
Office:	32-G606 at the MIT Stata Center
PGP key:	[public] [private]
Mailing address:	MIT CSAIL 32-G606 32 Vassar St. Cambridge, MA 02139 USA

I am a postdoctoral associate at the Cryptography and Information Security Group of the MIT CSAIL.

My research focus is cryptography, information security and algorithms. I'm particularly interested in what happens when cryptographic systems meet the real world, where computation is faulty and leaky.

My Ph.D. dissertation in Computer Science, 2007, at the Weizmann Institute of Science, investigated Hardware-Based Cryptanalysis.

Publications and preprints

Sebastian Faust, Tal Rabin, Leonid Reyzin, Eran Tromer, Vinod Vaikuntanathan, Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases, to appear in proc. Eurocrypt 2010.
Preliminary version: Protecting Circuits from Computationally-Bounded Leakage [abstract] [pdf] [eprint]
Slides: [PowerPoint] [PDF]
Alessandro Chiesa, Eran Tromer, Proof-Carrying Data and Hearsay Arguments from Signature Cards, proc. Symposium on Innovations in Computer Science (ICS) 2010, proc. Innovations in Computer Science (ICS) 2010, Tsinghua University Press, 2010.
[abstract] [pdf]
Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM Conference on Computer and Communications Security (CCS) 2009, 199--212, ACM, 2009.
[abstract] [pdf]
Eran Tromer, Dag Arne Osvik, Adi Shamir, Efficient Cache Attacks on AES, and Countermeasures, Journal of Cryptology, vol. 23 no. 1, 37-71, Springer, 2010.
[pdf] (convenient format) ©1 [pdf] (official journal format) ©1
(first presented at the FSE 2005 rump session, February 2005 — see below)
Maxwell Krohn, Eran Tromer, Non-Interference for a Practical DIFC-Based Operating System, proc. IEEE Symposium on Security and Privacy 2009, 61-76, IEEE, 2009.
[pdf] [ps.gz] ©2
Ronald L. Rivest, Benjamin Agre, Daniel V. Bailey, Christopher Crutchfield, Yevgeniy Dodis, Kermin Elliott Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Drew Sutherland, Eran Tromer, Yiqun Lisa Yin, The MD6 hash function — a proposal to NIST for SHA-3, submission to the National Institute of Standards and Technology hash function competition, 2008.
[web page] [pdf report]
Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford, Path-quality monitoring in the presence of adversaries, proc. SIGMETRICS 2008, 193-204, ACM, 2008.
[pdf] (full version) ©4
Ran Canetti, Ron Rivest, Eran Tromer, Comments on NIST Draft Requirements and Criteria for Hash Algorithm, letter to the National Institute of Standards and Technology, April 2007.
[pdf]
Eran Tromer, Hardware-Based Cryptanalysis, Ph.D. dissertation, 2007.
[web page]
Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, Fault-tolerance in hardware for sparse systems of linear equations, with applications to integer factorization, Chapter 8 in N. Nedjah, L. de Macedo Mourelle (Eds.), New Trends in Cryptographic Systems, Nova Science Publishers, 2006.
Dag Arne Osvik, Adi Shamir, Eran Tromer, Cache attacks and countermeasures: the case of AES, proc. RSA Conference Cryptographers Track (CT-RSA) 2006, LNCS 3860, 1-20, Springer, 2006.
[pdf] [ps.gz] (extended version) ©3
(see journal version above; first presented at the FSE 2005 rump session, February 2005 — see below)
Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, Scalable hardware for sparse systems of linear equations, with applications to integer factorization, proc. CHES 2005, LNCS 3659, 131-146, Springer, 2005.
[pdf] [ps.gz] ©1
Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, Scalable hardware for sparse systems of linear equations, with applications to integer factorization, invited paper, proc. Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS), 2005.
(see revised CHES 2005 version above)
Adi Shamir, Eran Tromer, Special-purpose hardware for factoring: the NFS sieving step, proc. Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS), 2005.
[pdf] [ps.gz] (see slides below)
Willi Geiselmann, Hubert Köpfer, Rainer Steinwandt, Eran Tromer, Improved routing-based linear algebra for the Number Field Sieve, proc. International Conference on Information Technology: Coding and Computing (ITCC'05), Volume 1, 636-641, IEEE, 2005.
[pdf] [ps.gz] ©2
Moni Naor, Asaf Nussboim, Eran Tromer, Efficiently constructible huge graphs that preserve first order properties of random graphs, proc. Theory of Cryptography Conference (TCC) 2005, LNCS 3378, 66-85, Springer, 2005.
[pdf] [ps.gz] ©1
Arjen K. Lenstra, Eran Tromer, Adi Shamir, Wil Kortsmit, Bruce Dodson, James Hughes, Paul Leyland, Factoring estimates for a 1024-bit RSA modulus, proc. Asiacrypt 2003, LNCS 2894, 331-346,Springer, 2003.
[pdf] [ps.gz] ©1
Boaz Barak, Ronen Shaltiel, Eran Tromer, True random number generators secure in a changing environment, proc. CHES 2003, LNCS 2779, 166-180, Springer, 2003.
[pdf] [ps.gz] ©1
Adi Shamir, Eran Tromer, On the cost of factoring RSA-1024, RSA CryptoBytes, vol. 6 no. 2, 10-19, 2003.
[pdf] [ps.gz]
Adi Shamir, Eran Tromer, Factoring large numbers with the TWIRL device, proc. CRYPTO 2003, LNCS 2729, 1-26, Springer, 2003.
[pdf] [ps.gz] ©1 [dedicated webpage]
Arjen K. Lenstra, Adi Shamir, Jim Tomlinson, Eran Tromer, Analysis of Bernstein's factorization circuit, proc. Asiacrypt 2002, LNCS 2501, 1-26, Springer, 2002.
[pdf] [ps.gz] [html] ©1

Presentations

Workshops and conferences, partial list.

Architectural Attacks and their Mitigation by Binary Transformation, ACM Symposium on Operating Systems Principles (SOSP) 2009 work-in-progress session, 2009.
[PDF]
Architectural Side Channels in Cloud Computing, invited talk, Crypto in the Cloud workshop, MIT, August 5 2009.
[PowerPoint] [PDF]
Protecting Circuits from Computationally-Bounded Leakage, invited talk, Crypto in the Cloud workshop, MIT, August 4 2009.
[PowerPoint] [PDF] (see paper above)
MIT CSAIL Industry Affiliates Program, Cloud Computing and Virtualization panel, MIT, May 27, 2009.
Cache-based side channel attacks and their implications, invited talk at the Quo Vadis Cryptography workshop, Warsaw, May 2007.
Invited talks at Microsoft Research Summer School, Indian Institute of Science, 2006.
Cryptanalytic applications of the PlayStation 3: the case of DES, SHARCS 2006 rump session, April 2006.
[PDF]
Special-purpose hardware for factoring, invited talk at the Quo Vadis Cryptography workshop, Warsaw, May 2005.
Other people's cache: Hyper Attacks on HyperThreaded processors, FSE 2005 rump session, February 2005.
Full AES key extraction in 65 milliseconds using cache attacks, Crypto 2005 rump session, August 2005.
[PowerPoint] (see paper above)
Special-Purpose Hardware for Factoring: the NFS sieving step, invited talk at SHARCS 2005, February 2005.
[PowerPoint XP] [PDF without animated illustrations] (see paper above)
Appendix: video of an actual TWINKLE device (joint work with Adi Shamir, Eli Biham and Orr Dunkelman): [avi]
Acoustic cryptanalysis: on nosy people and noisy machines, Eurocrypt 2004 rump session, May 2004.
[web page] (work in progress)
Hardware-based implementations of factoring algorithms, invited talk at ECC 2003, August 2003.
[PowerPoint XP] [PDF without animated illustrations]

Resource pages

Gpcode.ak Cryptographic Challenge
Wonderful Cryptography — topics for a motivational "introduction to cryptography" lecture
Special-purpose cryptanalytic devices — an annotated taxonomy

Course pages

Secret Key Cryptography (Spring 2006) course page
Public Key Cryptography (Spring 2005) course page
Secret Key Cryptography (Spring 2004) course page
Public Key Cryptography (Spring 2003) course page
Foundations of Cryptography (Winter 2001/2002) course page

Humor

On the design and cryptanalysis of a one-way hash, Journal of Craptology volume 5, 2008.
Presented with Carl Ellison, Victor Miller and Rebecca Wright, CRYPTO 2007 rump session, August 2007.
[PDF]

Affiliated websites

Haayal Hakore

Technical tidbits

pages2pdf: a shell script for converting a bunch of images (say, scanned pages or transparencies), given in any common format, into a single PDF files. Optionally, reduces resolution and includes multiple images per page. See also slides2pdf, an older and somewhat inferior evrsion (which produced these outputs: [1] [2] [3] [4] [5]).
Forcing OpenSSH to use a hard-coded password
Installing Mathematica fonts in Exceed
LyX FAQ
rexecsync: a shell script for saving the output of an arbitrary command on a remote computer into a local file, such that on repeated invocations only differences are transferred (requires librsync).
Java Instrumentation Engine — a flexible Java sourcecode instrumentation program (unmaintained).