Eran Tromer (ערן טרומר)

Publications and preprints

• Sebastian Faust, Tal Rabin, Leonid Reyzin, Eran Tromer, Vinod Vaikuntanathan, Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases, proc. Eurocrypt 2010, LNCS 6110, 135-156, Springer, 2010.
      [pdf]
• Alessandro Chiesa, Eran Tromer, Proof-Carrying Data and Hearsay Arguments from Signature Cards, proc. Symposium on Innovations in Computer Science (ICS) 2010, proc. Innovations in Computer Science (ICS) 2010, Tsinghua University Press, 2010.
      [abstract] [pdf]
• Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds, proc. ACM Conference on Computer and Communications Security (CCS) 2009, 199-212, ACM, 2009.
      [abstract] [pdf]
• Eran Tromer, Dag Arne Osvik, Adi Shamir, Efficient Cache Attacks on AES, and Countermeasures, Journal of Cryptology, vol. 23 no. 1, 37-71, Springer, 2010.
     [pdf] (convenient format) ©1    [pdf] (official journal format) ©1
  (first presented at the FSE 2005 rump session, February 2005 — see below)
• Maxwell Krohn, Eran Tromer, Non-Interference for a Practical DIFC-Based Operating System, proc. IEEE Symposium on Security and Privacy 2009, 61-76, IEEE, 2009.
      [pdf] [ps.gz] ©2
• Ronald L. Rivest, Benjamin Agre, Daniel V. Bailey, Christopher Crutchfield, Yevgeniy Dodis, Kermin Elliott Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Drew Sutherland, Eran Tromer, Yiqun Lisa Yin, The MD6 hash function — a proposal to NIST for SHA-3, submission to the National Institute of Standards and Technology hash function competition, 2008.
      [web page] [pdf report]
• Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford, Path-quality monitoring in the presence of adversaries, proc. SIGMETRICS 2008, 193-204, ACM, 2008.
     [pdf] (full version) ©4
• Ran Canetti, Ron Rivest, Eran Tromer, Comments on NIST Draft Requirements and Criteria for Hash Algorithm, letter to the National Institute of Standards and Technology, April 2007.
      [pdf]
• Eran Tromer, Hardware-Based Cryptanalysis, Ph.D. dissertation, 2007.
      [web page]
• Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, Fault-tolerance in hardware for sparse systems of linear equations, with applications to integer factorization, Chapter 8 in N. Nedjah, L. de Macedo Mourelle (Eds.), New Trends in Cryptographic Systems, Nova Science Publishers, 2006.
• Dag Arne Osvik, Adi Shamir, Eran Tromer, Cache attacks and countermeasures: the case of AES, proc. RSA Conference Cryptographers Track (CT-RSA) 2006, LNCS 3860, 1-20, Springer, 2006.
     [pdf] [ps.gz] (extended version) ©3
  (see journal version above; first presented at the FSE 2005 rump session, February 2005 — see below)
• Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, Scalable hardware for sparse systems of linear equations, with applications to integer factorization, proc. CHES 2005, LNCS 3659, 131-146, Springer, 2005.
      [pdf] [ps.gz] ©1
• Willi Geiselmann, Adi Shamir, Rainer Steinwandt, Eran Tromer, A systolic design for supporting Wiedemann's algorithm, , invited paper, proc. Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS), 13-17, 2005.
     (see revised CHES 2005 version above)
• Adi Shamir, Eran Tromer, Special-purpose hardware for factoring: the NFS sieving step, proc. Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS), 1-12, 2005.
      [pdf] [ps.gz] (see slides below)
• Willi Geiselmann, Hubert Köpfer, Rainer Steinwandt, Eran Tromer, Improved routing-based linear algebra for the Number Field Sieve, proc. International Conference on Information Technology: Coding and Computing (ITCC'05), Volume 1, 636-641, IEEE, 2005.
     [pdf] [ps.gz] ©2
• Moni Naor, Asaf Nussboim, Eran Tromer, Efficiently constructible huge graphs that preserve first order properties of random graphs, proc. Theory of Cryptography Conference (TCC) 2005, LNCS 3378, 66-85, Springer, 2005.
     [pdf] [ps.gz] ©1
• Arjen K. Lenstra, Eran Tromer, Adi Shamir, Wil Kortsmit, Bruce Dodson, James Hughes, Paul Leyland, Factoring estimates for a 1024-bit RSA modulus, proc. Asiacrypt 2003, LNCS 2894, 331-346,Springer, 2003.
     [pdf] [ps.gz] ©1
• Boaz Barak, Ronen Shaltiel, Eran Tromer, True random number generators secure in a changing environment, proc. CHES 2003, LNCS 2779, 166-180, Springer, 2003.
     [pdf] [ps.gz] ©1
• Adi Shamir, Eran Tromer, On the cost of factoring RSA-1024, RSA CryptoBytes, vol. 6 no. 2, 10-19, 2003.
      [pdf] [ps.gz]
• Adi Shamir, Eran Tromer, Factoring large numbers with the TWIRL device, proc. CRYPTO 2003, LNCS 2729, 1-26, Springer, 2003.
      [pdf] [ps.gz] ©1    [dedicated webpage]
• Arjen K. Lenstra, Adi Shamir, Jim Tomlinson, Eran Tromer, Analysis of Bernstein's factorization circuit, proc. Asiacrypt 2002, LNCS 2501, 1-26, Springer, 2002.
      [pdf] [ps.gz] [html] ©1

©1: Copyright © IACR in part or whole.
©2: Copyright © IEEE in part or whole.
©3: Copyright © Springer-Verlag in part or whole.
©4: Copyright © ACM in part or whole.

Presentations

• Architectural Attacks and their Mitigation by Binary Transformation, ACM Symposium on Operating Systems Principles (SOSP) 2009 work-in-progress session, 2009.
      [PDF]
• Architectural Side Channels in Cloud Computing, invited talk, Crypto in the Cloud workshop, MIT, August 5 2009.
      [PowerPoint] [PDF]
• Protecting Circuits from Computationally-Bounded Leakage, invited talk, Crypto in the Cloud workshop, MIT, August 4 2009.
      [PowerPoint] [PDF] (see paper above)
• MIT CSAIL Industry Affiliates Program, Cloud Computing and Virtualization panel, MIT, May 27, 2009.
• Cache-based side channel attacks and their implications, invited talk at the Quo Vadis Cryptography workshop, Warsaw, May 2007.
• Invited talks at Microsoft Research Summer School, Indian Institute of Science, 2006.
• Cryptanalytic applications of the PlayStation 3: the case of DES, SHARCS 2006 rump session, April 2006.
      [PDF]
• Special-purpose hardware for factoring, invited talk at the Quo Vadis Cryptography workshop, Warsaw, May 2005.
• Other people's cache: Hyper Attacks on HyperThreaded processors, FSE 2005 rump session, February 2005.
  Full AES key extraction in 65 milliseconds using cache attacks, Crypto 2005 rump session, August 2005.
      [PowerPoint] (see paper above)
• Special-Purpose Hardware for Factoring: the NFS sieving step, invited talk at SHARCS 2005, February 2005.
      [PowerPoint XP] [PDF without animated illustrations] (see paper above)
      Appendix: video of an actual TWINKLE device (joint work with Adi Shamir, Eli Biham and Orr Dunkelman): [avi]
• Acoustic cryptanalysis: on nosy people and noisy machines, Eurocrypt 2004 rump session, May 2004.
      [web page] (work in progress)
• Hardware-based implementations of factoring algorithms, invited talk at ECC 2003, August 2003.
      [PowerPoint XP] [PDF without animated illustrations]

Resource pages

• Gpcode.ak Cryptographic Challenge
  
• Wonderful Cryptography — topics for a motivational "introduction to cryptography" lecture
  
• Special-purpose cryptanalytic devices — an annotated taxonomy

Course pages

• Secret Key Cryptography (Spring 2006) course page
• Public Key Cryptography (Spring 2005) course page
• Secret Key Cryptography (Spring 2004) course page
• Public Key Cryptography (Spring 2003) course page
• Foundations of Cryptography (Winter 2001/2002) course page

Humor

• On the design and cryptanalysis of a one-way hash, Journal of Craptology volume 5, 2008.
  Presented with Carl Ellison, Victor Miller and Rebecca Wright, CRYPTO 2007 rump session, August 2007.
     [PDF]

Affiliated websites

• Haayal Hakore