**Publications** *[Hovav Shacham](.)* Reports and theses ======================================================================== [#IRSW07]: S. Inguva, E. Rescorla, H. Shacham, and D. Wallach. _[Source Code Review of the Hart InterCivic Voting System](https://votingsystems.cdn.sos.ca.gov/oversight/ttbr/Hart-source-public.pdf)_. Part of California Secretary of State Debra Bowen’s “Top-to-Bottom” Review of the voting machines used in California, 2007. [#S05]: H. Shacham. _[New Paradigms in Signature Schemes](dist/thesis.pdf)_. Ph.D. thesis, Stanford University, 2005. Journal papers ======================================================================== [#HZSS16]: S. Hill, Z. Zhou, L. Saul, and H. Shacham. “[On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction](https://doi.org/10.1515/popets-2016-0047).” _Proc. Privacy Enhancing Technologies_ 2016(4):403–17, Oct. 2016. Presented at PETS 2016. [#SW13]: H. Shacham and B. Waters. “[Compact Proofs of Retrievability](dist/verstore.pdf).” _J. Cryptology_ 26(3):442–83, Jul. 2013. [#LOSSW13]: S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. “[Sequential Aggregate Signatures and Multisignatures without Random Oracles](dist/agg-sig.pdf).” _J. Cryptology_ 26(2):340–73, Apr. 2013. [#SCS13]: A. Sarwate, S. Checkoway and H. Shacham. “[Risk-limiting Audits for Nonplurality Elections](dist/irv.pdf).” _Statistics, Politics, and Policy_ 3(3):29–64, Jan. 2013. [#RBSS12]: R. Roemer, E. Buchanan, H. Shacham, and S. Savage. “[Return-Oriented Programming: Systems, Languages, and Applications](dist/rop.pdf).” _ACM Trans. Info. & Sys. Security_ 15(1):2, Mar. 2012. [#SBR04]: H. Shacham, D. Boneh, and E. Rescorla. “[Client-Side Caching for TLS](dist/sslex.pdf).” _ACM Trans. Info. & Sys. Security_ 7(4):553–75, Nov. 2004. [#BLS04]: D. Boneh, B. Lynn, and H. Shacham. “[Short Signatures from the Weil Pairing](dist/sigs.pdf).” _J. Cryptology_ 17(4):297–319, Sep. 2004. Conference papers ======================================================================== [#OAM+24]: S. O'Connell, L. Aben Sour, R. Magen, D. Genkin, Y. Oren, H. Shacham, and Y. Yarom. “[Pixel Thief: Exploiting SVG Filter Leakage in Firefox and Chrome](https://www.usenix.org/conference/usenixsecurity24/presentation/oconnell).” In D. Balzarotti and W. Xu, eds., _Proceedings of USENIX Security 2024_. USENIX, Aug. 2024. To appear. [#WPG+24]: Y. Wang, R. Paccagnella, Z. Gang, W.R. Vasquez, D. Kohlbrenner, H. Shacham, and C.W. Fletcher. “[GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression](https://www.hertzbleed.com/gpu.zip).” In P. Traynor and W. Enck, eds., _Proceedings of IEEE Security and Privacy ("Oakland") 2024_. IEEE Computer Society, May 2024. To appear. [#KWK+23]: A. Kwong, W. Wang, J. Kim, J. Berger, D. Genkin, E. Ronen, H. Shacham, R. Wahby, and Y. Yarom. “[Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome’s Password Leak Detection Protocol](https://www.usenix.org/conference/usenixsecurity23/presentation/kwong).” In J. Calandrino and C. Troncoso, eds., _Proceedings of USENIX Security 2023_. USENIX, Aug. 2023. [#VCS23]: W.R. Vasquez, S. Checkoway, and H. Shacham. “[The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders](dist/h26forge.pdf).” In J. Calandrino and C. Troncoso, eds., _Proceedings of USENIX Security 2023_. USENIX, Aug. 2023. [#WPW+23]: Y. Wang, R. Paccagnella, A. Wandke, Z. Gang, G. Garrett-Grossman, C.W. Fletcher, D. Kohlbrenner, and H. Shacham. “[DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data](https://www.hertzbleed.com/2h2b.pdf).” In T. Ristenpart and P. Traynor, eds., _Proceedings of IEEE Security and Privacy ("Oakland") 2023_. IEEE Computer Society, May 2023. [#WPH+22]: Y. Wang, R. Paccagnella, E.T. He, H. Shacham, C.W. Fletcher, and D. Kohlbrenner. “[Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86](https://www.hertzbleed.com/).” In K. Butler and K. Thomas, eds., _Proceedings of USENIX Security 2022_. USENIX, Aug. 2022. **Pwnie Award for Best Cryptographic Attack!** **IEEE Micro Top Picks 2022!** [#NDM+21]: S. Narayan, C. Disselkoen, D. Moghimi, S. Cauligi, E. Johnson, Z. Gang, A. Vahldiek-Oberwagner, R. Sahita, H. Shacham, D. Tullsen, and D. Stefan. “[Swivel: Hardening WebAssembly against Spectre](https://arxiv.org/abs/2102.12730).” In M. Bailey and R. Greenstadt, eds., _Proceedings of USENIX Security 2021_. USENIX, Aug. 2021. [#PWSD20]: S. Pailoor, X. Wang, H. Shacham, and I. Dillig. “[Automated Policy Synthesis for System Call Sandboxing](dist/abhaya.pdf).” In D. Grove, ed., _Proceedings of OOPSLA 2020_. ACM Press, Nov. 2020. **[ACM SIGPLAN distinguished paper award!](https://2020.splashcon.org/attending/awards)** [#NDG+20]: S. Narayan, C. Disselkoen, T. Garfinkel, N. Froyd, E. Rahm, S. Lerner, H. Shacham, and D. Stefan. “[Retrofitting Fine Grain Isolation in the Firefox Renderer](https://arxiv.org/abs/2003.00572).” In S. Capkun and F. Roesner, eds., _Proceedings of USENIX Security 2020_. USENIX, Aug. 2020. **[Distinguished paper award!](https://www.usenix.org/conferences/best-papers?taxonomy_vocabulary_1_tid=2020&title_1=security)** **[First place, CSAW 2020 Applied Research Competition!](https://www.csaw.io/research)** **2022 IEEE Cybersecurity Award for Practice!** See also: [RLBox code](https://rlbox.dev/), [RLBox API documentation](https://docs.rlbox.dev/). [#BRN+20]: F. Brown, J. Renner, A. Nötzli, S. Lerner, H. Shacham, and D. Stefan. “[Towards a Verified Range Analysis for JavaScript JITs](dist/vera.pdf).” In E. Torlak, ed., _Proceedings of PLDI 2020_. ACM Press, Jun. 2020. [#S18]: H. Shacham. “[Short Unique Signatures from RSA with a Tight Security Reduction (in the Random Oracle Model)](dist/shortrsa.pdf).” In S. Meiklejohn and K. Sako, eds., _Proceedings of Financial Crypto 2018_. Feb. 2018. [#KS17]: D. Kohlbrenner and H. Shacham, “[On the Effectiveness of Mitigations Against Floating-Point Timing Channels](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-kohlbrenner.pdf).” In E. Kirda and T. Ristenpart, eds., _Proceedings of USENIX Security 2017_, pages 69–81. USENIX, Aug. 2017. [#LSS17]: W. Lian, H. Shacham, and S. Savage, “[A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations](dist/toarms.pdf).” In A. Juels, ed., _Proceedings of NDSS 2017_. Internet Society, Feb. 2017. [#CMG+16]: S. Checkoway, J. Maskiewicz, C. Garman, J. Fried, S. Cohney, M. Green, N. Heninger, R.-P. Weinmann, E. Rescorla, and H. Shacham, “[A Systematic Analysis of the Juniper Dual EC Incident](dist/juniper.pdf).” In C. Kruegel, A. Myers, and S. Halevi, eds., _Proceedings of CCS 2016_, pages 468–79. ACM Press, Oct. 2016. **[Best paper award!](https://www.sigsac.org/ccs/CCS2016/awards/index.html)** **[IRTF Applied Networking Research Prize!](https://irtf.org/anrp/)** [#KS16]: D. Kohlbrenner and H. Shacham. “[Trusted Browsers for Uncertain Times](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_kohlbrenner.pdf).” In T. Holz and S. Savage, eds., _Proceedings of USENIX Security 2016_, pages 463–80. USENIX, Aug. 2016. [#VSTS16]: A. Venkat, S. Shamasunder, D. Tullsen, and H. Shacham. “[HIPStR—Heterogeneous-ISA Program State Relocation](dist/hipstr.pdf).” In Y. Zhou, ed., _Proceedings of ASPLOS 2016_, pages 727–41. ACM Press, Apr. 2016. [#AKM+15]: M. Andrysco, D. Kohlbrenner, K. Mowery, R. Jhala, S. Lerner, and H. Shacham. “[On Subnormal Floating Point and Abnormal Timing](dist/subnormal.pdf).” In L. Bauer and V. Shmatikov, eds., _Proceedings of IEEE Security and Privacy ("Oakland") 2015_, pages 623–39. IEEE Computer Society, May 2015. [#LSS15]: W. Lian, H. Shacham, and S. Savage. “[Too LeJIT to Quit: Extending JIT Spraying to ARM](dist/lejit.pdf).” In E. Kirda, ed., _Proceedings of NDSS 2015_. Internet Society, Feb. 2015. [#CFN+14]: S. Checkoway, M. Fredrikson, R. Niederhagen, A. Everspaugh, M. Green, T. Lange, T. Ristenpart, D.J. Bernstein, J. Maskiewicz, and H. Shacham. “[On the Practical Exploitability of Dual EC in TLS Implementations](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf).” In K. Fu, ed., _Proceedings of USENIX Security 2014_, pages 319–35. USENIX, Aug. 2014. [#MWW+14]: K. Mowery, E. Wustrow, T. Wypych, C. Singleton, C. Comfort, E. Rescorla, S. Checkoway, J.A. Halderman, and H. Shacham. “[Security Analysis of a Full-Body Scanner](https://radsec.org/).” In K. Fu, ed., _Proceedings of USENIX Security 2014_, pages 369–84. USENIX, Aug. 2014. [#MEMS14]: J. Maskiewicz, B. Ellis, J. Mouradian, and H. Shacham. “[Mouse Trap: Exploiting Firmware Updates in USB Peripherals](https://www.usenix.org/system/files/conference/woot14/woot14-maskiewicz.pdf).” In S. Bratus and F. Lindner, eds., _Proceedings of WOOT 2014_. USENIX, Aug. 2014. [#CMSW14]: T. Calderon, S. Meiklejohn, H. Shacham, and B. Waters. “[Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions](dist/ves.pdf).” In J. Benaloh, ed., _Proceedings of CT-RSA 2014_, vol. 8366 of LNCS, pages 349–66. Springer-Verlag, Feb. 2014. [#LRSS13]: W. Lian, E. Rescorla, H. Shacham, and S. Savage. “[Measuring the Practical Impact of DNSSEC Deployment](dist/dnssec.pdf).” In S. King, ed., _Proceedings of USENIX Security 2013_. USENIX, Aug. 2013. [#MWKSS13]: K. Mowery, M. Wei, D. Kohlbrenner, H. Shacham, and S. Swanson. “[Welcome to the Entropics: Boot-Time Entropy in Embedded Devices](dist/earlyentropy.pdf).” In W. Lee, A. Perrig, and M. Backes, eds., _Proceedings of IEEE Security and Privacy (“Oakland”) 2013_, pages 589–603. IEEE Computer Society, May 2013. [#CS13]: S. Checkoway and H. Shacham. “[Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface](dist/iago.pdf).” In R. Bodik, ed., _Proceedings of ASPLOS 2013_, pages 253–64. ACM Press, Mar. 2013. [#BSW13]: K. Benson, H. Shacham, and B. Waters. “[The $k$-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions](dist/kbdh.pdf).” In E. Dawson, ed., _Proceedings of CT-RSA 2013_, vol. 7779 of LNCS, pages 310–25. Springer-Verlag, Feb. 2013. [#MKS12]: K. Mowery, S. Keelveedhi, and H. Shacham. “[Are AES x86 Cache Timing Attacks Still Feasible?](dist/aes_cache.pdf)” (Short Paper). In S. Capkun and S. Kamara, eds., _Proceedings of CCSW 2012_. ACM Press, Oct. 2012. [#MS12]: K. Mowery and H. Shacham. “[Pixel Perfect: Fingerprinting Canvas in HTML5](dist/canvas.pdf).” In M. Fredrikson, ed., _Proceedings of W2SP 2012_. IEEE Computer Society, May 2012. [#BDS11]: K. Benson, R. Dowsley, and H. Shacham. “[Do You Know Where Your Cloud Files Are?](dist/cloudloc.pdf)” In T. Ristenpart and C. Cachin, eds., _Proceedings of CCSW 2011_. ACM Press, Oct. 2011. [#VDS11]: B. Vattikonda, S. Das, and H. Shacham. “[Eliminating Fine Grained Timers in Xen](dist/xentimers.pdf)” (Short Paper). In T. Ristenpart and C. Cachin, eds., _Proceedings of CCSW 2011_. ACM Press, Oct. 2011. [#CMK+11]: S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. “[Comprehensive Experimental Analyses of Automotive Attack Surfaces](dist/cars-usenixsec2011.pdf).” In D. Wagner, ed., _Proceedings of USENIX Security 2011_. USENIX, Aug. 2011. [#MMCS11]: S. Meiklejohn, K. Mowery, S. Checkoway, and H. Shacham. “[The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion](dist/tolls.pdf).” In D. Wagner, ed., _Proceedings of USENIX Security 2011_. USENIX, Aug. 2011. [#MBYS11]: K. Mowery, D. Bogenreif, S. Yilek, and H. Shacham. “[Fingerprinting Information in JavaScript Implementations](dist/jspriv.pdf).” In H. Wang, ed., _Proceedings of W2SP 2011_. IEEE Computer Society, May 2011. [#JVSS11]: D. Jang, A. Venkataraman, G.M. Sawka, and H. Shacham. “[Analyzing the Crossdomain Policies of Flash Applications](dist/crossdomain.pdf).” In H. Wang, ed., _Proceedings of W2SP 2011_. IEEE Computer Society, May 2011. [#RSS11]: T. Ristenpart, H. Shacham, and T. Shrimpton, “[Careful with Composition: Limitations of the Indifferentiability Framework](dist/revindiff.pdf).” In K. Paterson, ed., _Proceedings of Eurocrypt 2011_, vol. 6632 of LNCS, pages 487–506. Springer-Verlag, May 2011. [#MSF10]: S. Meiklejohn, H. Shacham, and D.M. Freeman. “[Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures](dist/blindsigs.pdf).” In M. Abe, ed., _Proceedings of Asiacrypt 2010_, vol. 6477 of LNCS, pages 519–38. Springer-Verlag, Dec. 2010. [#JJLS10]: D. Jang, R. Jhala, S. Lerner, and H. Shacham. “[An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications](dist/history.pdf).” In A. Keromytis and V. Shmatikov, eds., _Proceedings of CCS 2010_, pages 270–83. ACM Press, Oct. 2010. [#CDD+10]: S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. “[Return-Oriented Programming without Returns](dist/noret-ccs.pdf).” In A. Keromytis and V. Shmatikov, eds., _Proceedings of CCS 2010_, pages 559–72. ACM Press, Oct. 2010. [#CSS10]: S. Checkoway, A. Sarwate, and H. Shacham. “[Single-Ballot Risk-Limiting Audits Using Convex Optimization](dist/audit.pdf).” In D. Jones, J.-J. Quisquater, and E. Rescorla, eds., _Proceedings of EVT/WOTE 2010_. USENIX/ACCURATE/IAVoSS, Aug. 2010. [#WRSB10]: K. Wang, E. Rescorla, H. Shacham, and S. Belongie. “[OpenScan: A Fully Transparent Optical Scan Voting System](dist/votescan.pdf).” In D. Jones, J.-J. Quisquater, and E. Rescorla, eds., _Proceedings of EVT/WOTE 2010_. USENIX/ACCURATE/IAVoSS, Aug. 2010. [#KCR+10]: K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. “[Experimental Security Analysis of a Modern Automobile](dist/cars-oakland2010.pdf)” In D. Evans and G. Vigna, eds., _Proceedings of IEEE Security and Privacy (“Oakland”) 2010_, pages 447–62. IEEE Computer Society, May 2010. **[Test of time award!](https://www.ieee-security.org/TC/SP2020/awards.html)** [#CSR10]: S. Checkoway, E. Rescorla, and H. Shacham. “[Are Text-Only Data Formats Safe? Or, Use This $\LaTeX$ Class File to Pwn Your Computer](dist/texhack.pdf).” In M. Bailey, ed., _Proceedings of LEET 2010_. USENIX, Apr. 2010. [#BBN+09]: M. Bellare, Z. Brakerski, M. Naor, T. Ristenpart, G. Segev, H. Shacham, and S. Yilek. “[Hedged Public-Key Encryption: How to Protect Against Bad Randomness](dist/hedge.pdf).” In M. Matsui, ed., _Proceedings of Asiacrypt 2009_, vol. 5912 of LNCS, pages 232–49. Springer-Verlag, Dec. 2009. [#RTSS09]: T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. “[Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds](dist/cloudsec.pdf).” In S. Jha and A. Keromytis, eds., _Proceedings of CCS 2009_, pages 199–212. ACM Press, Nov. 2009. **[Test of time award!](https://www.sigsac.org/ccs/CCS_awards/ccs-tta.html)** [#YRSES09]: S. Yilek, E. Rescorla, H. Shacham, B. Enright, and S. Savage. “[When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability](dist/debiankey.pdf).” In A. Feldmann and L. Mathy, eds., _Proceedings of IMC 2009_, pages 15–27. ACM Press, Nov. 2009. [#HS09]: N. Heninger and H. Shacham. “[Reconstructing RSA Private Keys from Random Key Bits](dist/reconstruction.pdf).” In S. Halevi, ed., _Proceedings of Crypto 2009_, vol. 5677 of LNCS, pages 1–17. Springer-Verlag, Aug. 2009. [#BCC+09]: M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham. “[Randomizable Proofs and Delegatable Anonymous Credentials](dist/delcred.pdf).” In S. Halevi, ed., _Proceedings of Crypto 2009_, vol. 5677 of LNCS, pages 108–25. Springer-Verlag, Aug. 2009. [#CFK+09]: S. Checkoway, A.J. Feldman, B. Kantor, J.A. Halderman, E.W. Felten, and H. Shacham. “[Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage](dist/avc.pdf).” In D. Jefferson, J.L. Hall, and T. Moran, eds., _Proceedings of EVT/WOTE 2009_. USENIX/ACCURATE/IAVoSS, Aug. 2009. [#SW08]: H. Shacham and B. Waters. “Compact Proofs of Retrievability.” In J. Pieprzyk, ed., _Proceedings of Asiacrypt 2008_, vol. 5350 of LNCS, pages 90–107. Springer-Verlag, Dec. 2008. Extended abstract of [#SW13] journal paper above. [#BRSS08]: E. Buchanan, R. Roemer, H. Shacham, and S. Savage. “[When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC](dist/sparc.pdf).” In P. Syverson and S. Jha, eds., _Proceedings of CCS 2008_, pages 27–38. ACM Press, Oct. 2008. Superseded by [#RBSS12] journal paper above. [#ARSW08]: J.A. Halderman, E. Rescorla, H. Shacham, and D. Wagner. “[You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems](dist/voting-paper.pdf).” In D. Dill and T. Kohno, eds., _Proceedings of EVT 2008_. USENIX/ACCURATE, July 2008. [#S07]: H. Shacham. “[The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](dist/geometry.pdf).” In S. De Capitani Di Vimercati and P. Syverson, eds., _Proceedings of CCS 2007_, pages 552–561. ACM Press, Oct. 2007. Superseded by [#RBSS12] journal paper above. **[Test of time award!](https://www.sigsac.org/ccs/CCS_awards/ccs-tta.html)** [#SW07]: H. Shacham and B. Waters. “[Efficient Ring Signatures Without Random Oracles](dist/ring.pdf).” In T. Okamoto and X. Wang, eds., _Proceedings of PKC 2007_, vol. 4450 of LNCS, pages 166–80. Springer-Verlag, Apr. 2007. [#BSSW06]: X. Boyen, H. Shacham, E. Shen, and B. Waters. “[Forward-Secure Signatures with Untrusted Update](dist/fsig.pdf).” In R. Wright, ed., _Proceedings of CCS 2006_, pages 191–200. ACM Press, Oct. 2006. [#LOSSW06]: S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. “Sequential Aggregate Signatures and Multisignatures without Random Oracles.” In S. Vaudenay, ed., _Proceedings of Eurocrypt 2006_, vol. 4004 of LNCS, pages 465–85. Springer-Verlag, May 2006. Extended abstract of [#LOSSW13] journal paper above. [#BS04]: D. Boneh and H. Shacham. “[Group Signatures with Verifier-Local Revocation](dist/preteripsistic.pdf).” In B. Pfitzmann and Peng Liu, eds., _Proceedings of CCS 2004_, pages 168–77. ACM Press, Oct. 2004. [#SPP+04]: H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. “[On the Effectiveness of Address-Space Randomization](dist/asrandom.pdf).” In B. Pfitzmann and Peng Liu, eds., _Proceedings of CCS 2004_, pages 298–307. ACM Press, Oct. 2004. [#BBS04]: D. Boneh, X. Boyen, and H. Shacham. “[Short Group Signatures](dist/groupsigs.pdf).” In M. Franklin, ed., _Proceedings of Crypto 2004_, vol. 3152 of LNCS, pages 41–55. Springer-Verlag, Aug. 2004. [#LMRS04]: A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. “[Sequential Aggregate Signatures from Trapdoor Permutations](dist/rsaagg.pdf).” In C. Cachin and J. Camenisch, eds., _Proceedings of Eurocrypt 2004_, vol. 3027 of LNCS, pages 74–90. Springer-Verlag, May 2004. [#BGLS03]: D. Boneh, C. Gentry, B. Lynn, and H. Shacham. “[Aggregate and Verifiably Encrypted Signatures from Bilinear Maps](dist/sigexts.pdf).” In E. Biham, ed., _Proceedings of Eurocrypt 2003_, vol. 2656 of LNCS, pages 416–32. Springer-Verlag, May 2003. [#GSMB03]: E.-J. Goh, H. Shacham, N. Modadugu, D. Boneh. “[SiRiUS: Securing Remote Untrusted Storage](dist/xxfs.pdf).” In M. Tripunitara, ed., _Proceedings of NDSS 2003_, pages 131–45. Internet Society, Feb. 2003. [#SB02]: H. Shacham and D. Boneh. “Fast-Track Session Establishment for TLS.” In M. Tripunitara, ed., _Proceedings of NDSS 2002_, pages 195–202. Internet Society, Feb. 2002. Extended abstract of [#SBR04] journal paper above, with E. Rescorla. [#BLS01]: D. Boneh, B. Lynn, and H. Shacham. “Short Signatures from the Weil Pairing.” In C. Boyd, ed., _Proceedings of Asiacrypt 2001_, vol. 2248 of LNCS, pages 514–32. Springer-Verlag, Dec. 2001. Extended abstract of [#BLS04] journal paper above. [#SB01]: H. Shacham and D. Boneh. “[Improving SSL Handshake Performance via Batching](dist/batching.pdf).” In D. Naccache, ed., _Proceedings of CT-RSA 2001_, vol. 2020 of LNCS, pages 28–43. Springer-Verlag, Apr. 2001. Manuscripts ======================================================================== [#NGLSS19]: S. Narayan, T. Garfinkel, S. Lerner, H. Shacham, and D. Stefan. “[Gobi: WebAssembly as a Practical Path to Library Sandboxing](https://arxiv.org/abs/1912.02285).” Manuscript, Dec. 2019. [#SS18]: H. Shacham and S. Savage. “[JIT-MEOW: Extracting ROP Chains from MPEG-Encoded Cat Movies](https://www.usenix.org/conference/usenixsecurity18/presentation/mickens).” Manuscript, Aug. 2018. [#LSS16]: W. Lian, H. Shacham, and S. Savage. “[An Investigation of the FreeBSD r278907 RNG Bugfix](dist/freebsd.pdf).” Manuscript, Oct. 2016. [#MS13]: S. Meiklejohn and H. Shacham. “[New Trapdoor Projection Maps for Composite-Order Bilinear Groups](dist/composite.pdf).” Cryptology ePrint Archive, [report 2013/657](https://eprint.iacr.org/2013/657), Oct. 2013. [#AAA+13]: B. Adida, C. Anderson, A.I. Anton, M. Blaze, R. Dingledine, E.W. Felten, M.D. Green, J.A. Halderman, D.R. Jefferson, C. Jennings, S. Landau, N. Mitter, P.G. Neumann, E. Rescorla, F.B. Schneider, B. Schneier, H. Shacham, M. Sherr, D. Wagner, and P. Zimmermann. “[CALEA II: Risks of Wiretap Modifications to Endpoints](https://www.cdt.org/files/pdfs/CALEAII-techreport.pdf).” May 2013. Report, coordinated by the Center for Democracy & Technology. [#WLB+11]: G. Wang, H. Liu, S. Becerra, K. Wang, S. Belongie, H. Shacham, and S. Savage. “[Verilogo: Proactive Phishing Detection via Logo Recognition](dist/verilogo.pdf).” Aug. 2011. UCSD Technical Report CS2011-0969. [#CS10]: S. Checkoway and H. Shacham. “[Escape from Return-Oriented Programming: Return-Oriented Programming without Returns (on the x86)](dist/noret.pdf).” Feb. 2010. UCSD Technical Report CS2010-0954. Merged into [#CDD+10] conference paper above. [#S07c]: H. Shacham. “[The BBG HIBE Has Limited Delegation](dist/deleg.pdf).” Cryptology ePrint Archive, [report 2007/201](https://eprint.iacr.org/2007/201), May 2007. [#S07b]: H. Shacham. “[A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants](dist/linear.pdf).” Cryptology ePrint Archive, [report 2007/074](https://eprint.iacr.org/2007/074), Feb. 2007. Survey papers ======================================================================== [#WPH+23]: Y. Wang, R. Paccagnella, E.T. He, H. Shacham, C. Fletcher, and D. Kohlbrenner. “[Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86](https://ieeexplore.ieee.org/document/10122602)” (top pick). _IEEE Micro_ 43(4):19–27, Jul.–Aug. 2023. [#GNDSS20]: T. Garfinkel, S. Narayan, C. Disselkoen, H. Shacham, and D. Stefan. “[The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing](https://www.usenix.org/publications/login/winter2020/garfinkel-tal).” USENIX ;login:, 45(4):15–22, 2020. [#CMG+18]: S. Checkoway, J. Maskiewicz, C. Garman, J. Fried, S. Cohney, M. Green, N. Heninger, R.-P. Weinmann, E. Rescorla, and H. Shacham, “[Where Did I Leave My Keys? Lessons from the Juniper Dual EC Incident](https://cacm.acm.org/magazines/2018/11/232227-where-did-i-leave-my-keys)” (research highlight). _Communications of the ACM_ 61(11):148–55, Nov. 2018. Available locally: [authors' version](dist/juniper-cacm.pdf). [#CSR10b]: S. Checkoway, H. Shacham, and E. Rescorla. “[Don’t take $\LaTeX$ Files from Strangers](dist/tex-login.pdf)” (survey). USENIX ;login:, 35(4):17–22, 2010. [#BGLS03b]: D. Boneh, C. Gentry, B. Lynn, and H. Shacham. “[A Survey of Two Signature Aggregation Techniques](dist/aggsurvey.pdf)” (survey). _RSA CryptoBytes_, 6(2):1–9, 2003. [#BS02]: D. Boneh and H. Shacham. “[Fast Variants of RSA](dist/survey.pdf)” (survey). _RSA CryptoBytes_, 5(1):1–9, 2002. Talks ======================================================================== [#WS14]: “[Security Analysis of a Full-Body X-Ray Scanner](https://media.ccc.de/v/31c3_-_6332_-_en_-_saal_g_-_201412291130_-_security_analysis_of_a_full-body_x-ray_scanner_-_eric_wustrow_-_hovav_shacham).” Presented with E. Wustrow; joint work with K. Mowery, T. Wypych, C. Singleton, C. Comfort, E. Rescorla, S. Checkoway, and J.A. Halderman. Given at the 31st Chaos Communication Congress (31C3). Dec. 2014. [#S08]: “[Return-Oriented Programming: Exploitation without Code Injection](https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf).” Joint work with E. Buchanan, R. Roemer, and S. Savage. Given at Black Hat USA 2008 Briefings. Aug. 2008. Edited volumes ======================================================================== [#SB18]: H. Shacham and A. Boldyreva, eds., _Proceedings of [Crypto 2018](https://crypto.iacr.org/2018/)_, vols. [10991](https://link.springer.com/book/10.1007/978-3-319-96884-1), [10992](https://link.springer.com/book/10.1007/978-3-319-96881-0), and [10993](https://link.springer.com/book/10.1007/978-3-319-96878-0) of LNCS. Springer-Verlag, Aug. 2018. [#KS17]: J. Katz and H. Shacham, eds., _Proceedings of [Crypto 2017](https://www.iacr.org/conferences/crypto2017/)_, vols. [10401](https://link.springer.com/book/10.1007/978-3-319-63688-7), [10402](https://link.springer.com/book/10.1007/978-3-319-63715-0), and [10403](https://link.springer.com/book/10.1007/978-3-319-63697-9) of LNCS. Springer-Verlag, Aug. 2017. [#SW09]: H. Shacham and B. Waters, eds., _Proceedings of [Pairing 2009](https://cseweb.ucsd.edu/pairing09/)_, [vol. 5671](https://link.springer.com/book/10.1007/978-3-642-03298-1) of LNCS. Springer-Verlag, Aug. 2009.