Key Rotation for Authenticated Encryption
Adam Everspaugh, Kenneth G. Paterson, Thomas Ristenpart, and Sam Scott
Advances in Cryptology - Crypto 2017

Message Franking via Committing Authenticated Encryption
Paul Grubbs, Jiahui Lu, and Thomas Ristenpart
Advances in Cryptology - Crypto 2017

A New Distribution-Sensitive Secure Sketch and Popularity-Proportional Hashing
Joanne Woodage, Rahul Chatterjee, Yevgeniy Dodis, Ari Juels, and Thomas Ristenpart
Advances in Cryptology - Crypto 2017

Why Your Encrypted Database Is Not Secure
Paul Grubbs, Thomas Ristenpart, and Vitaly Shmatikov
HotOS 2017

Leakage-Abuse Attacks against Order-Revealing Encryption
Paul Grubbs, Kevin Sekniqi, Vincent Bindschaedler, Muhammad Naveed, and Thomas Ristenpart
IEEE Symposium on Security and Privacy - Oakland 2017

Side-Channel Attacks on Shared Search Indexes
Liang Wang, Paul Grubbs, Jiahui Lu, Vincent Bindschaedler, David Cash, and Thomas Ristenpart
IEEE Symposium on Security and Privacy - Oakland 2017

Modifying an Enciphering Scheme After Deployment
Paul Grubbs, Thomas Ristenpart, and Yuval Yarom
Advances in Cryptology - Eurocrypt 2017

Using Program Analysis to Synthesize Sensor Spoofing Attacks
Ivan Pustogarov, Thomas Ristenpart, and Vitaly Shmatikov
Asia CCS - 2017

Network Protocol Obfuscation and Automated Internet Censorship
Lucas Dixon, Thomas Ristenpart, and Thomas Shrimpton
IEEE Security and Privacy Magazine - 2016

Breaking Web Applications Built on Top of Encrypted Data
Paul Grubbs, Richard McPherson, Muhammad Naveed, Thomas Ristenpart, and Vitaly Shmatikov
Computer and Communications Security - CCS 2016

CQSTR: Securing Cross-tenant Applications with Cloud Containers
Yan Zhai, Lichao Yin, Jeffrey Chase, Thomas Ristenpart, and Michael Swift
Symposium on Cloud Computing 2016

Stealing Machine Learning Models via Prediction APIs
Florian Tramer, Fan Zhang, Ari Juels, Michael Reiter, and Thomas Ristenpart
USENIX Security 2016

Controlling UAVs with Sensor Input Spoofing Attacks
Drew Davidson, Hao Wu, Rob Jellinek, Vikas Singh, and Thomas Ristenpart
Workshop on Offensive Technologies - WOOT 2016

pASSWORD tYPOS and How to Correct Them Securely
Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart
IEEE Symposium on Security and Privacy - Oakland 2016
Received Distinguished Student Paper Award

Honey Encryption Beyond Message Recovery Security
Joseph Jaeger, Thomas Ristenpart, and Qiang Tang
Advances in Cryptology - Eurocrypt 2016

Leakage-abuse Attacks against Searchable Encryption
David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart
Computer and Communications Security - CCS 2015

Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
Matthew Fredrikson, Somesh Jha, and Thomas Ristenpart
Computer and Communications Security - CCS 2015

Seeing through Network Protocol Obfuscation
Liang Wang, Kevin Dyer, Aditya Akella, Thomas Ristenpart, and Thomas Shrimpton
Computer and Communications Security - CCS 2015

The Pythia PRF Service
Adam Everspaugh, Rahul Chatterjee, Sam Scott, Ari Juels, and Thomas Ristenpart
USENIX Security 2015

A Placement Vulnerability Study in Multi-tenant Public Clouds
Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael Swift
USENIX Security 2015

Cracking-resistant Password Vaults using Natural Language Encoders
Rahul Chatterjee, Joseph Bonneau, Ari Juels, and Thomas Ristenpart
IEEE Symposium on Security and Privacy - Oakland 2015

A Formal Treatment of Backdoored Pseudorandom Generators
Yevgeniy Dodis, Chaya Ganesh, Alexander Golovnev, Ari Juels and Thomas Ristenpart
Advances in Cryptology - Eurocrypt 2015

Surreptitiously Weakening Cryptographic Systems
Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart
Unpublished survey article 2015

Cross-tenant Side-Channel Attacks in PaaS Clouds
Yinqian Zhang, Ari Juels, Michael Reiter, and Thomas Ristenpart
Computer and Communications Security - CCS 2014

Formatted Enryption Beyond Regular Languages
Daniel Luchaup, Thomas Shrimpton, Thomas Ristenpart, and Somesh Jha
Computer and Communications Security - CCS 2014

WhoWas: A Platform for Measuring Web Deployments on IaaS Clouds
Liang Wang, Antonio Nappa, Juan Caballero, Thomas Ristenpart, and Aditya Akella
Internet Measurement Conference - IMC 2014

Scheduler-based Defenses against Cross-VM Side-channels
Venkatanathan Varadarajan, Thomas Ristenpart, and Michael Swift
USENIX Security 2014

LibFTE: A Toolkit for Constructing Practical Format-Abiding Encryption Schemes
Daniel Luchaup, Kevin Dyer, Somesh Jha, Thomas Ristenpart, and Thomas Shrimpton
USENIX Security 2014

Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart
USENIX Security 2014
Received Best Paper Award

On the Practical Exploitability of Dual EC in TLS Implementations
Stephen Checkoway, Matt Fredrikson, Ruben Niederhagen, Adam Everspaugh, Matt Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, and Hovav Shacham
USENIX Security 2014

A Day Late and a Dollar Short: The Case for Research on Cloud Billing Systems
Robert Jellinek, Yan Zhai, Thomas Ristenpart, and Michael Swift
HotCloud 2014

Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG
Adam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, and Michael Swift
IEEE Symposium on Security and Privacy - Oakland 2014

Honey Encryption: Security Beyond the Brute-force Barrier
Ari Juels and Thomas Ristenpart
Advances in Cryptology - Eurocrypt 2014

Protocol Misidentification Made Easy with Format-Transforming Encryption
Kevin Dyer, Scott Coull, Thomas Ristenpart, and Thomas Shrimpton
Computer and Communications Security - CCS 2013

Next Stop, the Cloud: Understanding Modern Web Service Deployment in EC2 and Azure
Keqiang He, Alexis Fisher, Liang Wang, Aaron Gembler, Aditya Akella, and Thomas Ristenpart
Internet Measurement Conference - IMC 2013

The Mix-and-Cut Shuffle: Small-domain Encryption Secure against N Queries
Thomas Ristenpart and Scott Yilek
Advances in Cryptology - Crypto 2013

DupLESS: Server-aided Encryption for Deduplicated Storage
Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart
USENIX Security 2013

Fie on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution
Drew Davidson, Benjamin Moench, Somesh Jha, and Thomas Ristenpart
USENIX Security 2013

Message-Locked Encryption and Secure Deduplication
Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart
Advances in Cryptology - Eurocrypt 2013

More for Your Money: Exploiting Performance Heterogeneity in Public Clouds
Benjamin Farley, Venkatanathan Varadarajan, Kevin Bowers, Ari Juels, Thomas Ristenpart, and Michael Swift
Symposium on Cloud Computing - SOCC 2012

Cross-VM Side Channels and Their Use to Extract Private Keys
Yinqian Zhang, Ari Juels, Mike Reiter, and Thomas Ristenpart
Computer and Communications Security - CCS 2012

Resource-freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense)
Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael Swift
Computer and Communications Security - CCS 2012

Multi-instance Security and its Application to Password-based Cryptography
Mihir Bellare, Thomas Ristenpart, and Stefano Tessaro
Advances in Cryptology - Crypto 2012

To Hash or Not to Hash Again? (In)differentiability Results for H^2 and HMAC
Yevgeniy Dodis, Thomas Ristenpart, John Steinberger, and Stefano Tessaro
Advances in Cryptology - Crypto 2012

Security Analysis of Smartphone Point-of-Sale Devices
WesLee Frisby, Benjamin Moench, Benjamin Recht, and Thomas Ristenpart
Workshop on Offensive Technologies - WOOT 2012

Peek-a-boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail
Kevin Dyer, Scott Coull, Thomas Ristenpart, and Thomas Shrimpton
IEEE Symposium on Security and Privacy - Oakland 2012 [Systemization of Knowledge]

Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources
Yevgeniy Dodis, Thomas Ristenpart, and Salil Vadhan
Theory of Cryptography Conference - TCC 2012

Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol
Kenneth G. Paterson, Thomas Ristenpart, and Thomas Shrimpton
Advances in Cryptology - Asiacrypt 2011

Got Traffic? An Evaluation of Click Traffic Providers
Qing Zhang, Thomas Ristenpart, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the WICOM/AIRWeb Workshop on Web Quality - WebQuality 2011

Careful with Composition: Limitations of the Indifferentiability Framework
Thomas Ristenpart, Hovav Shacham, and Thomas Shrimpton
Advances in Cryptology - Eurocrypt 2011

Random Oracles with(out) Programmability
Marc Fischlin, Anja Lehmann, Thomas Ristenpart, Thomas Shrimpton, Martijn Stam, and Stefano Tessaro
Advances in Cryptology - Asiacrypt 2010

When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography
Thomas Ristenpart and Scott Yilek
Network and Distributed Systems Security - NDSS 2010

Hedged Public-key Encryption: How to Protect against Bad Randomness
Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham, and Scott Yilek
Advances in Cryptology - Asiacrypt 2009

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage
Computer and Communications Security - CCS 2009

Format-Preserving Encryption
Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers
Selected Areas in Cryptography - SAC 2009

Simulation without the Artificial Abort: Simpler Proof and Improved Concrete Security for Waters' IBE Scheme
Mihir Bellare and Thomas Ristenpart
Advances in Cryptology - Eurocrypt 2009

Salvaging Merkle-Damgard for Practical Applications
Yevgeniy Dodis, Thomas Ristenpart, and Thomas Shrimpton
Advances in Cryptology - Eurocrypt 2009

Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles
Mihir Bellare, Marc Fischlin, Adam O'Neill, and Thomas Ristenpart
Advances in Cryptology - Crypto 2008

Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs
Thomas Ristenpart, Gabriel Maganis, Arvind Krishnamurthy, and Tadayoshi Kohno
USENIX Security 2008

How to Build a Hash Function from any Collision-Resistant Function
Thomas Ristenpart and Thomas Shrimpton
Advances in Cryptology - Asiacrypt 2007

Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms
Mihir Bellare and Thomas Ristenpart
International Colloquim on Automata, Languages, and Programming - ICALP 2007

The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks
Thomas Ristenpart and Scott Yilek
Advances in Cryptology - Eurocrypt 2007

How to Enrich the Message Space of a Cipher
Thomas Ristenpart and Phillip Rogaway
Fast Software Encryption 2007 [Retracted February 2015]

Back to the Future: A Framework for Automatic Malware Removal
Francis Hsu, Hao Chen, Thomas Ristenpart, Jason Li, and Zhendong Su
In Proc. Annual Computer Security Applications Conference, ACSAC 2006

Multi-Property-Preserving Hash Domain Extension and the EMD Transform
Mihir Bellare and Thomas Ristenpart
Advances in Cryptology - Asiacrypt 2006, an earlier version appeared at the NIST Second Cryptographic Hash Workshop



Time Stamp Synchronization of Distributed Sensor Logs: Impossibility Results and Approximation Algorithms (pdf)
Thomas Ristenpart
UC Davis Masters thesis, September 2005

Insecurity of Tweak Chain Hashing
Thomas Ristenpart
Unpublished Manuscript, December 2003