**Open positions**

Funding for PhD students is available through the Royal Holloway Centre for Doctoral Training in Cyber Security. Applications for the 2017 cohort, to being in September 2017, will open soon. The funding is aimed primarily at UK-based students, but some very limited funding may be available for EU and International students.

I have no funding or positions for interns.

I am currently looking for a postdoc. See here for further details.

**Postal address and contact details**

**Biography**

I obtained a B.Sc. in 1990 from the University of Glasgow and a Ph.D. from the University of London in 1993, both in Mathematics. I was then a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, from 1993 to 1994. After that, I was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London from 1994 to 1996.

In 1996, I joined Hewlett-Packard Laboratories Bristol, becoming a project manager in 1999.

I then joined the Information Security Group at Royal Holloway in 2001, becoming a Reader in 2002 and Professor in 2004. From March 2010 to May 2015, I was an EPSRC Leadership Fellow working on a project entitled Cryptography: Bridging Theory and Practice. In May 2015, I reverted to being a Professor of Information Security.

My research over the last decade has mostly been in the area of Cryptography, with a strong emphasis being on the analysis of deployed cryptographic systems and the development of provably secure solutions to real-world cryptographic problems. I co-founded the Real World Cryptography series of workshops to support the development of this broad area and to strengthen the links between academia and industry. I am co-chair of the IRTF's research group on Cryptography, CFRG. This group is working to provide expert advice to the IETF in an effort to strengthen the Internet's core security protocols.

My research on the security of TLS (the Lucky 13 attack on CBC-mode encryption in TLS and attacks on RC4) received significant media attention, helped to drive the widespread adoption of TLS 1.2 with its support for modern encryption schemes, and was an important factor in the TLS Working Group's decision to abandon legacy encryption mechanisms in TLS 1.3.

I am lucky to have been the recipient of several prizes and awards for my research. These include a Google Distinguished Paper Award for my joint work with Nadhem AlFardan presenting plaintext recovery attacks against DTLS published at NDSS 2012; an Applied Networking Research Prize from the IRTF for my work with Nadhem AlFardan on the Lucky 13 attack; and an Award for Outstanding Research in Privacy Enhancing Technologies for my work with Mihir Bellare and Phil Rogaway on the Security of symmetric encryption against mass surveillance published at CRYPTO 2014.

Other career highlights include being selected as Programme Chair for EUROCRYPT 2011, and being an invited speaker at ASIACRYPT 2014.

**Research interests:**

- Theoretical and Applied Cryptography
- Network Security
- Coding Theory and Mathematics of Communications

**Projects:**

- Multilinear Maps in Cryptography, a research project funded by the EPSRC looking into cryptanalysis of, and cryptographic constructions using, multilinear maps.
- Royal Holloway's Centre for Doctoral Training in Cyber Security.
- UK Quantum Technology Hub for Quantum Communications Technologies, for which my team is providing technical expertise in the area of "classical" Cryptography.
- ECRYPT-NET, a Marie Sklodowska-Curie Integrated Training Network grant.
- An investigation into secure channel protocols, funded by Huawei Technologies and delivered through the Institute for Cyber Security Innovation at Royal Holloway, University of London.

**Conferences, workshops and other activities:**

- Security Standardisation Research (program committee member), 5-6 December 2016.
- Real World Cryptography 2017 (organising committee member), 4-6 January 2017.
- USENIX Security Symposium 2017 (program committee member), August 16-18, 2017.

I serve on the Editorial Board of the Journal of Cryptology.

I am co-editor in chief of Springer's Information Security and Cryptography book series.

I am a member of the IACR.

**Current postdocs:**

**Current Ph.D. students:**

- Simon Bell (CDT)
- Amit Deo (CDT)
- Torben Hansen (CDT)
- Daniel Hutchinson
- Marie-Sarah Lacharité (ECRYPT-NET)
- Jake Massimo (CDT)
- Sam Scott (CDT)
- Ricardo Villanueva Polanco (Colciencias)
- Thyla van der Merwe (CDT)
- Joanne Woodage (CDT)

**Completed Ph.D. students:**

- Sattam Al-Riyami (2004) - Cryptographic Schemes based on Elliptic Curve Pairings (pdf).
- Hoon Wei Lim (2006) - On the Application of Identity-Based Cryptography in Grid Security (pdf).
- Caroline Kudla (2006) - Special Signature Schemes and Key Agreement Protocols (pdf).
- Shane Balfe (2009) - Secure Payment Architectures and Other Applications of Trusted Computing (pdf).
- Arnold Yau (2009) - Side Channel Analyses of CBC Mode Encryption (pdf).
- Sriramkrishnan Srinivasan (2010) - New Security Notions for Identity Based Encryption (pdf).
- Gaven Watson (2010) - Provable Security in Practice: Analysis of SSH and CBC mode with Padding (pdf).
- Elizabeth Quaglia (2012) - Anonymity and Time in Public-Key Encryption (pdf).
- Eduarda Freire (2014) - Non-Interactive Key Exchange and Key Assignment Schemes (pdf).
- Nadhem AlFardan (2014) - On the Design and Implementation of Secure Network Protocols (pdf).
- Susan Thomson (2014) - Public-Key Cryptography with Joint and Related-Key Security (pdf).
- Jean Paul Degabriele (2014) - Authenticated Encryption in Theory and in Practice (pdf).
- Anthony Palmer (2015) - On Methodologies to Select Systems for Automated Personal Identification (pdf).
- Dale Sibborn (2015) - Analysis of Public-key Encryption Schemes in Extended Attack Models (pdf).

**Recent research papers:**

Here's a selection of preprints, unpublished work, recent papers and technical reports. Please contact me if you would like a copy of anything not available electronically here.

- R. Bricout, S. Murphy, K.G. Paterson, T. van der Merwe. Analysing and Exploiting the Mantin Biases in RC4. IACR Cryptology ePrint Archive 2016: 63 (2016).
- W. Mao and K.G. Paterson, On The Plausible Deniability Feature of Internet Protocols (preprint, 2002, postscript format).

**Publications by year, most recent first.**

**2016:**

- M.R. Albrecht, J.P. Degabriele, T.B. Hansen and K.G. Paterson.
A surfeit of SSH cipher suites.
In
*Proceedings of the 2016 ACM Conference on Computer and Communications Security (CCS 2016)*, to appear. - M.R. Albrecht, P. Farshim, D. Hofheinz, E. Larraia and K.G. Paterson.
Multilinear Maps from Obfuscation.
In
*E. Kushilevtiz and T. Malkin (eds.), TCC 2016-A*, Lecture Notes in Computer Science, Vol. 9562, pp. 446-473, Springer, 2016. Full version. - M.R. Albrecht and K.G. Paterson.
Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS.
In
*M. Fischlin and J.-S. Coron (eds.), EUROCRYPT 2016 (1)*, Lecture Notes in Computer Science, Vol. 9665, pp. 622-633, Springer, 2016. Full version. - J.P. Degabriele, K.G. Paterson, J.C.N. Schuldt and J. Woodage.
Backdoors in Pseudorandom Number Generators: Possibility and Impossibility Results.
In
*M. Robshaw and J. Katz (eds.), CRYPTO 2016 (1)*, Lecture Notes in Computer Science, Vol. 9814, pp. 403-432, Springer 2016. Full version. - K.G. Paterson and T. van der Merwe.
Reactive and proactive standardisation of TLS.
In
*D. McGrew and C.J. Mitchell (eds.), Security Standardisation Research (SSR)*, Lecture Notes in Computer Science, Springer, to appear. - C. Boyd, C. Cremers, M. Feltz, K.G. Paterson, B. Poettering and D. Stebila.
ASICS: authenticated key exchange security incorporating certification systems.
*International Journal of Information Security*, to appear. - J.P. Degabriele, V. Fehr, M. Fischlin, T. Gagliardoni, F. Günther, G.A. Marson A. Mittelbach and K.G. Paterson.
Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol.
*International Journal of Information Security*, to appear.

**2015:**

- C. Garman, K.G. Paterson and T.J. van der Merwe.
Attacks only get better: Password recovery attacks against RC4 in TLS.
In
*USENIX Security Symposium 2015.*Full version; wesbite. - M. Fischlin, F. Günther, G.A. Marson and K.G. Paterson.
Data Is a Stream: Security of Stream-Based Channels.
In
*R. Gennaro and M.J.B. Robshaw (eds.), CRYPTO 2015 (2)*, Lecture Notes in Computer Science, Vol. 9216, pp. 545-564, Springer 2015. - S. Liu and K.G. Paterson.
Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms.
In
*J. Katz (ed.), PKC 2015*, Lecture Notes in Computer Science, Vol. 9020, pp. 3-26, Springer, 2015. Full version. - K.G. Paterson, D.L. Sibborn, J.C.N. Schuldt and H. Wee.
Security against Related Randomness Attacks via Reconstructive Extractors.
In
*J. Groth (ed.), IMACC 2015*, Lecture Notes in Computer Science, Vol. 9496, pp. 23-40, Springer, 2015. Full version; Best paper award. - K.G. Paterson and M. Strefler.
A Practical Attack Against the Use of RC4 in the HIVE Hidden Volume Encryption System.
In
*F. Bao, S. Miller, J. Zhou and G.-J. Ahn (eds.), Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS'15*, pp 475-482, ACM, 2015. Full version.

**2014:**

- M. Abdalla, F. Benhamouda, A. Passelegue and K.G. Paterson.
Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier
In
*Juan Garay and Rosario Gennaro (eds.), CRYPTO 2014 (1)*, Lecture Notes in Computer Science, Vol. 8616, pp. 77-94, Springer, 2014. Full version. - M. Bellare, K.G. Paterson, and P. Rogaway.
Security of symmetric encryption against mass surveillance.
In
*Juan Garay and Rosario Gennaro (eds.), CRYPTO 2014 (1)*, Lecture Notes in Computer Science, Vol. 8616, pp. 1-19, Springer, 2014. Full version; Award for Outstanding Research in Privacy Enhancing Technologies. - J.P. Degabriele, V. Fehr, M. Fischlin, T. Gagliardoni, F. Günther, G.A. Marson, A. Mittelbach and K.G. Paterson.
Unpicking PLAID - A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
In
*L. Chen and C.J. Mitchell (eds.), Security Standardisation Research (SSR)*, Lecture Notes in Computer Science, Vol. 8893, pp. 1-25, Springer, 2014. Full version. - K.G. Paterson, D.L. Sibborn and J.C.N. Schuldt.
Related Randomness Attacks for Public Key Encryption.
In
*H. Krawczyk (ed.), PKC 2014*, Lecture Notes in Computer Science Vol. 8383, pp. 465-482, Springer, 2013. Full version. - K.G. Paterson, B. Poettering and J.C.N. Schuldt.
Plaintext recovery attacks against WPA/TKIP.
In
*C. Cid and C. Rechberger (eds.), FSE 2014*, Lecture Notes in Computer Science, Vol. 8540, pp. 325-349, Springer 2014. Full version. - K.G. Paterson, B. Poettering and J.C.N. Schuldt.
Big Bias Hunting in Amazonia: Large-scale Computation and Exploitation of RC4 Biases (Invited Paper)
In
*T. Iwata and P. Sarkar (eds.), ASIACRYPT 2014*, Lecture Notes in Computer Science Vol. 8873, pp. 398-419, Springer, 2014.

**2013:**

- N.J. AlFardan, D.J. Bernstein, K.G. Paterson, B. Poettering and J.C.N. Schuldt.
On the Security of RC4 in TLS.
In
*USENIX Security Symposium 2013*. Full version; website. - N.J. AlFardan and K.G. Paterson.
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols.
In
*IEEE Symposium on Security and Privacy*, pp. 526-540, IEEE Computer Society, 2013. Full version; website; Applied Networking Research Prize from the IRTF. - A. Boldyreva, J.P. Degabriele, K.G. Paterson and M. Stam,
On Symmetric Encryption with Distinguishable Decryption Failures.
In
*S. Moriai (ed.), FSE 2013*, Lecture Notes in Computer Science Vol. 8424, pp. 1-24, Springer, 2014. Full version. - C. Boyd, C. Cremers, M. Feltz, K.G. Paterson, B. Poettering and D. Stebila.
ASICS: Authenticated Key Exchange Security Incorporating Certification Systems.
In
*J. Crampton, S. Jajodia and K. Mayes (eds.), ESORICS*, Lecture Notes in Computer Science Vol. 8134, pp. 381-399, Springer, 2013. Full version. - C. Capar, D. Goeckel, K.G. Paterson, E.A. Quaglia, D. Towsley and M. Zafer,
A Signal Flow Based Toolbox for the Quantitative Analysis of Wireless Security Protocols.
*Information and Computation*,**226**(2013), 37-56. - P. Farshim, B. Libert, K.G. Paterson and E.A. Quaglia, Robust Encryption, Revisited.
In
*K. Kurosawa and G. Hanaoka (eds.), PKC 2013*, Lecture Notes in Computer Science Vol. 7778, pp. 352-368, Springer, 2013. Full version. - E.S.V. Freire, D. Hofheinz, E. Kiltz and K.G. Paterson, Non-Interactive Key Exchange.
In
*K. Kurosawa and G. Hanaoka (eds.), PKC 2013*, Lecture Notes in Computer Science Vol. 7778, pp. 254-271, Springer, 2013. Full version. - E.S.V. Freire, D. Hofheinz, K.G. Paterson and C. Striecks.
Programmable Hash Functions in the Multilinear Setting.
In
*R. Canetti, J.A. Garay (eds.), CRYPTO 2013 (1)*, Lecture Notes in Computer Science Vol. 8042, pp. 513-530, Springer, 2013. Full version. - E.S.V. Freire, K.G. Paterson and B. Poettering.
Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes.
In
*E. Dawson (ed.), CT-RSA 2013*, Lecture Notes in Computer Science Vol. 7779, pp.101-114, Springer, 2013. Full version. - T. Jager, K.G. Paterson and J. Somorovsky.
One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography.
In
*Network and Distributed System Security Symposium (NDSS 2013)*. Full version. - H. Krawczyk, K.G. Paterson and H. Wee.
On the Security of the TLS Protocol: A Systematic Analysis.
In
*R. Canetti, J.A. Garay (eds.), CRYPTO 2013 (1)*, Lecture Notes in Computer Science Vol. 8042, pp. 429-448, Springer, 2013. Full version.

**2012:**

- N.J. AlFardan and K.G. Paterson,
Plaintext-Recovery Attacks Against Datagram TLS.
In
*Network and Distributed System Security Symposium (NDSS 2012)*. Distinguished Paper Award. - M. Bellare, K.G. Paterson and S. Thomson,
RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures.
In
*X. Wang and K. Sako (eds.), ASIACRYPT 2012*, Lecture Notes in Computer Science Vol. 7658, pp. 331-348, Springer, 2012. Full version. - A. Boldyreva, J.P. Degabriele, K.G. Paterson and M. Stam,
Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation.
In
*D. Pointcheval and T. Johansson (eds.), EUROCRYPT 2012*, Lecture Notes in Computer Science, Springer Vol. 7237, pp. 682-699, Springer 2012. Full version. - J.P. Degabriele, A. Lehmann, K.G. Paterson, N.P. Smart and M. Strefler,
On the Joint Security of Encryption and Signature in EMV.
In
*O. Dunkelmann (ed.), CT-RSA 2012*, Lecture Notes in Computer Science Vol. 7178, pp. 116-135, Springer, 2012. Full version. - B. Libert, K.G. Paterson and E.A. Quaglia,
Anonymous Broadcast Encryption.
In
*M. Fischlin, J. Buchmann, M. Manulis (eds.), PKC 2012*, Lecture Notes in Computer Science, Vol. 7293, pp. 206-224, Springer, 2012. Full version. - K.G. Paterson, A. Polychroniadou and D.L. Sibborn,
A Coding-Theoretic Approach to Recovering Noisy RSA Keys.
In
*X. Wang and K. Sako (eds.), ASIACRYPT 2012*, Lecture Notes in Computer Science Vol. 7658, pp. 386-403, Springer, 2012. Full version. - K.G. Paterson and G.J. Watson, Authenticated-Encryption with Padding: A Formal Security Treatment.
In
*D. Naccache (ed.), Cryptography and Security: From Theory to Applications - Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday*, Lecture Notes in Computer Science Vol. 6805, pp. 83-107, Springer, 2011.

**2011:**

- M.R. Albrecht and K.G. Paterson,
Breaking An Identity-Based Encryption Scheme based on DHIES.
In
*L. Chen (ed.), IMA International Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 7089, pp. 344-355, Springer, 2011. - M.R. Albrecht, P. Farshim, K.G. Paterson, and G.J. Watson,
On Cipher-Dependent Related-Key Attacks in the Ideal Cipher Model.
In
*A. Joux (ed.), FSE 2011*, Lecture Notes in Computer Science Vol. 6733, pp. 128-145, Springer, 2011. - J. Crampton, H.W. Lim, K.G. Paterson and G. Price,
User-Friendly and Certificate-Free Grid Security Infrastructure.
*International Journal of Information Security*,**10(3)**(2011), 137-153. - J.P. Degabriele, K.G. Paterson and G.J. Watson,
Provable Security in the Real World.
*IEEE Security and Privacy Magazine*,**9(3)**, pp. 33-41, May/June 2011. - E.S.V. Freire and K.G. Paterson,
Provably Secure Key Assignment Schemes from Factoring.
In
*U. Parampalli and P. Hawkes (eds.), ACISP 2011*, Lecture Notes in Computer Science Vol. 6812, pp. 292-309, Springer, 2011. - H.W. Lim and K.G. Paterson, Identity-Based Cryptography for Grid Security.
*International Journal of Information Security*,**10(1)**(2011), 15-32. - K.G. Paterson (editor),
*EUROCRYPT 2011*, Lecture Notes in Computer Science Vol. 6632, Springer, 2011. - K.G. Paterson, J.C.N. Schuldt, M. Stam and S. Thomson,
On the Joint Security of Encryption and Signature, Revisited.
In
*D.H. Lee and X. Wang (eds.), ASIACRYPT 2011*, Lecture Notes in Computer Science Vol. 7073, pp. 161-178, Springer, 2011. Full version. - K.G. Paterson, T.E. Shrimpton and T. Ristenpart,
Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol.
In
*D.H. Lee and X. Wang (eds.), ASIACRYPT 2011*, Lecture Notes in Computer Science Vol. 7073, pp. 372-389, Springer, 2011. Version with typos fixed.

**2010:**

- N.J.A. AlFardan and K.G. Paterson,
An Analysis of DepenDNS.
In
*M. Burmester, G. Tsudik, S.S. Magliveras and I. Ilic (eds.), Information Security - 13th International Conference, ISC 2010*, Lecture Notes in Computer Science, Vol. 6531, pp. 31-37, Springer 2010. Full version. - S. Balfe, A.D. McDonald, K.G. Paterson and H. Phillips,
Identity crisis: on the problem of namespace design for ID-PKC and MANETs.
*Security and Communication Networks*,**3(6)**(2010), 535-545. - S. Balfe, P.-W. Yau and K.G. Paterson,
A guide to trust in mobile ad hoc networks.
*Security and Communication Networks*,**3(6)**(2010), 503-516. - J.P. Degabriele and K.G. Paterson,
On the (In)security of IPsec in MAC-then-Encrypt Configurations.
In
*E. Al-Shaer, A.D. Keromytis and V. Shmatikov (eds.), Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010)*, pp. 493-504, ACM, 2010. - K.G. Paterson and E.A. Quaglia,
Time Specific Encryption,
In
*J. Garay and R. De Prisco (eds.), SCN 2010*, Lecture Notes in Computer Science Vol. 6280, pp. 1-16, Springer, 2010. Best paper award. - K.G. Paterson and D. Stebila,
One-time-password-authenticated key exchange.
In
*R. Steinfeld and P. Hawkes (eds.), ACISP 2010*, Lecture Notes in Computer Science Vol. 6168, pp. 264-281, Springer, 2010. Full version. - K.G. Paterson and G.J. Watson,
Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR.
In
*H. Gilbert (ed.), EUROCRYPT 2010*, Lecture Notes in Computer Science Vol. 6110, pp. 345-361, Springer, 2010. Full version.

**2009:**

- M.R. Albrecht, K.G. Paterson and G.J. Watson,
Plaintext Recovery Attacks Against SSH,
*IEEE Symposium on Security and Privacy*, IEEE Computer Society 2009, pp. 16-26. - C. Boyd, Y. Cliff, J.M. Gonzalez Nieto and K.G. Paterson,
Efficient one round key exchange in the standard model.
*International Journal of Applied Cryptography*, Vol. 1(3) (2009), 181-199. - T. Etzion, N. Kalouptsidis, N. Kolokotronis, K. Limniotis and K.G. Paterson,
Properties of the Error Linear Complexity Spectrum.
*IEEE Transactions on Information Theory*, Vol. 55(10) (2009), 4681-4686. - H.W. Lim and K.G. Paterson,
Secret Public Key Protocols Revisited.
In
*B. Christianson et al. (eds.), Security Protocols 2006*, Lecture Notes in Computer Science, Vol. 5087, pp 237-256, Springer, 2009. - K.G. Paterson and S. Srinivasan,
On the Relations Between Non-Interactive Key Distribution, Identity-Based Encryption and
Trapdoor Discrete Log Groups.
*Designs, Codes and Cryptography*, Vol. 52 (2009), 219-241. - K.G. Paterson and S. Srinivasan, Building key-private, public-key encryption schemes,
In
*C. Boyd and J. Neito (eds.), ACISP 2009*, Lecture Notes in Computer Science Vol. 5594, pp. 276-292, Springer, 2009.

**2008: **

- S. Balfe, E. Gallery, C.J. Mitchell and K.G. Paterson,
Crimeware and Trusted Computing. Chapter 15 in
*M. Jacobsson and Z. Ramzan (eds.), Crimeware*, Addison-Wesley/Symantec Press, 2008. - S. Balfe, E. Gallery, C.J. Mitchell and K.G. Paterson, Challenges for Trusted Computing. IEEE Security and Privacy Magazine, Nov./Dec. 2008, pp. 60-66.
- S. Balfe and K.G. Paterson,
Augmenting Internet-based Card-not-present Transactions with Trusted Computing: An Analysis.
*In G. Tsudik (ed.), Financial Cryptography 2008*, Lecture Notes in Computer Science Vol. 5143, pp. 171-175, Springer, 2008. Updated, full version (.pdf). - S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Payments with Trusted Computing Technologies.
In
*S. Xu, C. Nita-Rotaru, J.-P. Seifert (eds.), Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008)*, pp. 81-92, ACM 2008. - K.D. Boklan, Z. Klagsbrun, K.G. Paterson and S. Srinivasan. Flexible and Secure Communications in an Identity-Based, Coalition Environment. IEEE Milcom, 2008.
- C. Boyd, Y. Cliff, J.M. Gonzalez Nieto and K.G. Paterson,
Efficient one round key exchange in the standard model.
In
*Y. Mu, W. Susilo and J. Seberry (eds.), ACISP 2008*, Lecture Notes in Computer Science Vol.5107, pp. 69-83, Springer, 2008. Full version. - A.W. Dent, B. Libert and K.G. Paterson,
Certificateless Encryption Schemes Strongly Secure in the Standard Model.
In
*R. Cramer (ed.), PKC 2008*, Lecture Notes in Computer Science Vol. 4939, pp. 141-161, Springer, 2008. Full version. - S.D. Galbraith and K.G. Paterson (eds.),
*Pairing 2008*, Lecture Notes in Computer Science Vol. 5209, Springer, 2008. - S.D. Galbraith, K.G. Paterson and N.P. Smart,
Pairings for Cryptographers.
*Discrete Applied Mathematics*156(2008), 3113-3121. - K.G. Paterson and S. Srinivasan,
Security and Anonymity of Identity-based Encryption with Multiple Trusted Authorities.
In
*S.D. Galbraith and K.G. Paterson (eds.), Pairing 2008*, Lecture Notes in Computer Science Vol. 5209, pp.354-375, Springer, 2008. - K.G. Paterson and G.J. Watson,
Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment.
In
*R. Ostrovsky, R. De Prisco and I. Visconti (eds.), SCN 2008*, Lecture Notes in Computer Science Vol. 5229, pp. 340-357, Springer, 2008. - J.C.N. Schdult, K. Matsuura and K.G. Paterson,
Proxy Signatures Secure Against Proxy Key Exposure.
In
*R. Cramer (ed.), PKC 2008*, Lecture Notes in Computer Science Vol. 4939, pp. 344-359, Springer, 2008. - M. Srivatsa, S. Balfe, K.G. Paterson and P. Rohatgi,
Trust Management For Secure Information Flows,
In
*P. Ning, P.F. Syverson, S. Jha (eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008)*, pp. 175-188, ACM Press 2008.

**2007: **

- S. Balfe, K. Boklan, Z. Klagsbrun and K.G. Paterson,
Key Refreshing in Identity-based Cryptography and its Applications in MANETs.
In
*IEEE Milcom 2007.* - J. Crampton, H.W. Lim and K.G. Paterson,
What Can Identity-Based Cryptography Offer to Web Services?
In
*Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2007)*, Alexandria, Virginia, USA. ACM Press, pp. 26-36, 2007. - J. Crampton, H.W. Lim, K.G. Paterson and G. Price,
A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication.
*6th Annual PKI R&D Workshop*, NIST, Gaithersburg, Maryland, USA, April 2007. - J.P. Degabriele and K.G. Paterson,
Attacking the IPsec Standards in Encryption-only Configurations.
In
*IEEE Symposium on Privacy and Security*, pp. 335-349, IEEE Computer Society, 2007. Full version. - H.W. Lim and K.G. Paterson,
Multi-key Hierarchical Identity-based Signatures. In
*S.D. Galbraith (ed.), Eleventh IMA International Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 4887, pp. 384-402, Springer, 2007. - K.G. Paterson, F.C. Piper and R. Schack,
Quantum Cryptography: A Practical Information Security Perspective.
In
*M. Zukowski, S. Kilin and J. Kowalik (eds.), Quantum Communication and Security*, pp. 175-180, IOS Press, 2007. An earlier version of this paper can be found here.

**2006: **

- J. Crampton, K.G. Paterson, F. Piper and M.J.B. Robshaw,
Information Security,
In
*M. Gill (ed.), Handbook of Security*, Palgrave Macmillan, 2006. pp. 358-379. - K.G. Paterson,
A cryptographic tour of the IPsec standards,
*Information Security Technical Report*, Vol. 11(2) (2006), 72-81. Full version. - K.G. Paterson,
An attack on some multi-party key agreement protocols.
*IEE Proceedings on Information Security*, Vol. 153(2) (2006), 59-60. - K.G. Paterson and J.C.N. Schuldt,
Efficient identity-based signatures secure in the standard model.
In
*L.M. Batten and R. Safavi-Naini (eds.), ACISP 2006*, Lecture Notes in Computer Science Vol. 4058, pp. 207-222, Springer, 2006. Full version. - K.G. Paterson and A.K.L. Yau,
Cryptography in theory and practice: The case of encryption in IPsec.
In
*S. Vaudenay (ed.), EUROCRYPT 2006*, Lecture Notes in Computer Science Vol. 4004, pp. 12-29, Springer, 2006. Full version. - K.G. Paterson and A.K.L. Yau,
Lost in translation: theory and practice in cryptography.
*IEEE Security and Privacy*, Vol. 4, No. 3, May/June 2006, pp. 69-72.

**2005: **

- S.S. Al-Riyami and K.G. Paterson,
CBE from CL-PKE: a generic construction and efficient schemes.
In
*S. Vaudenay (ed.), PKC 2005*, Lecture Notes in Computer Science Vol. 3386, pp. 398-415, Springer, 2005. - S. Balfe, A.D. Lakhani and K.G. Paterson,
Securing Peer-to-Peer networks using Trusted Computing.
In
*C.J. Mitchell (ed.), Trusted Computing*, IEE Press, 2005, pp.271-298. - S. Balfe, A.D. Lakhani and K.G. Paterson,
Trusted Computing: Providing security for Peer-to-Peer Networks.
In
*G. Caronni et al., Proc. Fifth International Conference on Peer-to-Peer Computing*, IEEE Computer Society, 2005, pp. 117-124. - C. Boyd, W. Mao and K.G. Paterson,
Deniable authenticated key establishment for Internet protocols.
In
*B. Christianson, B. Crispo, J.A. Malcolm, M. Roe (eds.), Security Protocols, 11th International Workshop, Revised Selected Papers.*Lecture Notes in Computer Science Vol. 3364, pp. 255-271, Springer, 2005. - T. Etzion and K.G. Paterson,
Zero/positive capacities of two-dimensional runlength constrained arrays.
*IEEE Transactions on Information Theory*, Vol. 51 (9) (2005), 3186-3199. - C.J. Kudla and K.G. Paterson,
Modular security proofs for key agreement protocols.
In
*B. Roy (ed.), ASIACRYPT 2005*, Lecture Notes in Computer Science, Vol. 3788, pp. 549-565, Springer, 2005. - C.J. Kudla and K.G. Paterson,
Non-interactive designated verifier proofs and undeniable signatures.
In
*N.P. Smart (ed.), IMA Conference on Cryptography and Coding*, Lecture Notes in Computer Science, Vol. 3796, pp. 136-154, Springer, 2005. - H.W. Lim and K.G. Paterson,
Identity-Based Cryptography for Grid Security.
In
*H. Stockinger, R. Buyya and R. Perrott (eds.), Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005)*, pp. 395-404, IEEE Computer Society Press, 2005. - K.G. Paterson,
Cryptography from Pairings.
In
*I.F. Blake, G. Seroussi and N.P. Smart (eds.), Advances in Elliptic Curve Cryptography*, London Mathematical Society Lecture Note Series Vol. 317, Cambridge University Press, 2005, pp. 215-251. - A.K.L. Yau, K.G. Paterson and C.J. Mitchell,
Padding oracle attacks on CBC-mode encryption with random and secret IVs.
In
*H. Gilbert and H. Handschuh (eds.), FSE 2005*, Lecture Notes in Computer Science Vol. 3557, pp. 299-319, Springer, 2005.

**2004: **

- S.R. Blackburn and K.G. Paterson,
Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan.
In
*B. Roy and W. Meier (eds.), FSE 2004*, Lecture Notes in Computer Science Vol. 3017, pp. 446-453, Springer, 2004. - C. Boyd, W. Mao and K.G. Paterson,
Key agreement using statically keyed authenticators.
In
*M. Jakobsson, M. Yung and J. Zhou (eds.), ACNS 2004*, Lecture Notes in Computer Science Vol. 3089, pp. 248-262, Springer, 2004. - L. Chen, C.J. Kudla and K.G. Paterson,
Concurrent Signatures.
In
*C. Cachin and J. Camenisch (eds.), EUROCRYPT 2004*, Lecture Notes in Computer Science Vol. 3027, pp. 287-305, Springer, 2004. - R.J. Hulsebosch, C. Gunther, G. Horn, S. Holtmanns, K. Howker, K.G. Paterson, J. Claessens and M. Schuba.
Pioneering advanced mobile privacy and security.
In
*Security for Mobility, C.J. Mitchell, ed.*, IEE Telecommunications Series Vol. 51, pp.383-432, IEE Press, 2004. - K.G. Paterson,
On Codes with Low Peak-to-Average Power Ratio for Multi-Code CDMA,
*IEEE Transactions on Information Theory*, Vol. 50 (3) (2004), 550-559. - K.G. Paterson and A. Yau,
Padding Oracle Attacks on the ISO CBC Mode Encryption Standard.
in
*T. Okamoto (ed.), Proc. CT-RSA04*, Lecture Notes in Computer Science Vol. 2964, pp. 305-323, Springer, 2004.

**2003: **

- S.S. Al-Riyami and K.G. Paterson, Certificateless public key cryptography,
in
*C.S. Laih (ed.), ASIACRYPT 2003*, Lecture Notes in Computer Science Vol. 2894, pp. 452-473, Springer, 2003. Full version. - S.S. Al-Riyami and K.G. Paterson,
Tripartite authenticated key agreement protocols from pairings,
in
*K.G. Paterson (ed.), Proc. IMA Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 2898, pp.332-359, Springer, 2003. - A.G.B. Lauder and K.G. Paterson,
Computing the error linear complexity spectrum of a binary sequence of period 2^n,
*IEEE Transactions on Information Theory*, Vol. 49(1) (2003), 273-280. Some code implementing the algorithm in this paper is available here. - M.G. Parker, C. Tellambura and K.G. Paterson,
Golay Complementary Sequences,
in
*Wiley Encyclopedia of Telecommunications, John G. Proakis, ed.*, Wiley, 2003. - K.G. Paterson and G. Price,
A comparison between traditional Public Key Infrastructures and Identity-Based Cryptography,
*Information Security Technical Report*, Vol. 8(3) (2003), 57-72. - G. Price, F. Piper and K.G. Paterson, editors,
*PKI revisited - current issues and future trends, Information Security Technical Report*, Vol. 8(3) (2003).

**2002: **

- S. Galbraith, W. Mao and K.G. Paterson,
RSA-based undeniable signatures for general moduli,
in
*B. Preneel (ed.), Topics in Cryptology - CT-RSA 2002*, Lecture Notes in Computer Science, Vol. 2271, 200-217, Springer, 2002. - K.G. Paterson,
Sequences for OFDM and Multi-Code CDMA: Two Problems in Algebraic Coding Theory,
in
*Proceedings of Sequences and Their Applications - SETA01*, T. Helleseth, P.V. Kumar and K. Yang, eds., Discrete Mathematics and Theoretical Computer Science Series, Springer, 2002, 46-71. - K.G. Paterson,
Cryptography from pairings: a snapshot of current research,
*Information Security Technical Report*, Vol. 7(3) (2002), 41-54. - K.G. Paterson,
ID-based signatures from pairings on elliptic curves,
*Electronics Letters*, Vol. 38 (18) (2002), 1025-1026. - K.G. Paterson, F. Piper and M. Robshaw,
Smart cards and the associated infrastructure problem,
*Information Security Technical Report*, Vol. 7(3) (2002), 20-29. - K.G. Paterson and V. Tarokh, Existence of good codes with low peak-to-average power ratios.
*Chapter 11 in R.E. Blahut and R. Koetter (eds.), Codes, Graphs, and Systems: A Celebration of the Life and Career of G. David Forney*, pp. 187-197, Kluwer Academic Publishers, 2002.

**2001: **

- A.P. Hiltgen and K.G. Paterson,
Single Track Circuit Codes,
*IEEE Transactions on Information Theory*, Vol. 47 (6) (2001), 2587-2595.

**2000: **

- K.G. Paterson,
Generalised Reed-Muller Codes and Power Control in OFDM,
*IEEE Transactions on Information Theory*, Vol. 46 (1) (2000), 104-120. - K.G. Paterson and A.E. Jones,
Efficient Decoding Algorithms for Generalised Reed-Muller Codes,
*IEEE Transactions on Communications*, Vol. 48 (8) (2000), 1272-1285. - K.G. Paterson and V. Tarokh,
On the existence and construction of good codes with low peak-to-average power ratios,
*IEEE Transactions on Information Theory*, Vol. 46 (6) (2000), 1974-1987.

**1999: **

- K.G. Paterson,
Imprimitive permutation groups and trapdoors in iterated block ciphers,
in
*L.R. Knudsen (ed.), Proceedings, Fast Software Encryption Workshop*, Lecture Notes in Computer Science, Vol. 1636, Springer, 1999, 201-214. - J.A. Davis, J. Jedwab and K.G. Paterson,
Codes, Correlations and Power Control in OFDM,
in
*Difference Sets, Sequences and their Correlation Properties*, A. Pott et al, eds., NATO Science Series C, Vol. 542, Kluwer Academic Publishers, Dordrecht, 1999, 113-132. - K.G. Paterson,
Applications of Exponential Sums in Communications Theory,
in
*Cryptography and Coding*, Michael Walker, ed., LNCS Vol. 1746, Springer, 1999, 1-24.

**1998: **

- C.J. Mitchell, and K.G. Paterson, Perfect Factors from Cyclic Codes
and Interleaving,
*SIAM Journal on Discrete Mathematics,*Vol. 11 (1998), 241--264. - K.G. Paterson, Root Counting, the DFT and the Linear Complexity of
Nonlinear Filtering,
*Designs, Codes and Cryptography,*Vol. 14 (1998), 247--259. - K.G. Paterson, Binary Sequence Sets with Favourable Correlation Properties
from Difference Sets and MDS Codes,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 172--180. - K.G. Paterson and P.J.G. Lothian ,
Bounds on Partial Correlations of Sequences,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 1164-1175. - K.G. Paterson and J. Tuliani,
Some New Circuit Codes,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 1305-1309. - K.G. Paterson,
Coding Techniques for Power Controlled OFDM,
in
*Proceedings of 9th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC '98)}*, Vol. 2, IEEE Press, 1998, 801-805.

**1997: **

- S.R. Blackburn, S. Murphy and K.G. Paterson, Comments on `Theory
and Applications of Cellular Automata in Cryptography',
*IEEE Transactions on Computers,*Vol. 46 (1997), 637--638. - S.R. Blackburn, S. Murphy and K.G. Paterson, A Comment on `A New
Public-Key Cipher System Based Upon the Diophantine Equations',
*IEEE Transactions on Computers,*Vol. 46 (1997), 512. - K.G. Paterson, Interconnection Networks Based on Two-dimensional
de Bruijn Graphs, in
*Applications of Combinatorial Mathematics*, The Institute of Mathematics and Its Applications Conference Series, Vol. 60, C.J. Mithcell, ed., Clarendon Press, Oxford, 1997.

**1996: **

- S.R. Blackburn, T. Etzion and K.G. Paterson, Permutation Polynomials,
de Bruijn Sequences and Linear Complexity,
*Journal of Combinatorial Theory Series A,*Vol. 76 (1996), 55-82. - T. Etzion and K.G. Paterson, Near Optimal Single-Track Gray Codes,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 779-789. - A. Fuchsberger, D. Gollmann, P. Lothian, K.G. Paterson and A. Sidiropoulos,
Public-key Cryptography on Smart Cards,
*Cryptography: Policy and Algorithms, Proceedings,*Lecture Notes in Computer Science, Vol. 1029, 250-269, Springer, 1996. - A.P. Hiltgen, K.G. Paterson and M. Brandestini, Single Track Gray
Codes,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 1555-1561. - C.J. Mitchell, T. Etzion and K.G. Paterson, A method for constructing
decodable de Bruijn sequences,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 1472-1478. - K.G. Paterson, New Classes of Perfect Maps I,
*Journal of Combinatorial Theory Series A,*Vol. 73 (1996), 302-334. - K.G. Paterson, New Classes of Perfect Maps II,
*Journal of Combinatorial Theory Series A,*Vol. 73 (1996), 335-345. - G. Hurlbert, C.J. Mitchell and K.G. Paterson, On the Existence of
de Bruijn Tori with Two by Two Windows,
*Journal of Combinatorial Theory Series A,*Vol. 76 (1996), 213-230.

**1995: **

- K.G. Paterson, Perfect Factors in the de Bruijn Graph,
*Designs, Codes and Cryptography,*Vol. 5 (1995), 115-138. - K.G. Paterson and P.R. Hoare, Enumerating Perfect Maps,
*Codes and Cyphers: Cryptography and Coding IV,*P.G. Farrell, ed., Formara Ltd., Southend-On-Sea, Essex, 1995. - K.G. Paterson and M.J.B. Robshaw, Storage efficient decoding for
a class of binary de Bruijn sequences,
*Discrete Mathematics,*Vol. 138 (1995), 327-341.

** 1994: **

- S.R. Blackburn, G. Carter, D. Gollmann, S. Murphy, K. Paterson, F.
Piper and P. Wild, Aspects of Linear Complexity,
*Communications and Cryptography: Two Sides of One Tapestry,*R.E. Blahut, D.J. Costello, Jr., U. Maurer and T. Mittelholzer, eds., Kluwer Academic Publishers, Boston, 1994. - C.J. Mitchell and K.G. Paterson, Decoding Perfect Maps,
*Designs, Codes and Cryptography,*Vol. 4 (1994), 11-30. - S. Murphy, K.G. Paterson and P.R. Wild,
A Weak Cipher that Generates the Symmetric Group,
*Journal of Cryptology,*Vol. 7 (1994), 61-65. - K.G. Paterson, Perfect Maps,
*IEEE Transactions on Information Theory,*IT-40 (1994), 743-753.

** 1993: **

- K.G. Paterson, On sequences and arrays with specific window properties, Ph.D. thesis, University of London, 1993.

**Presentations from various conferences and
workshops.**

- Lectures on Encryption Modes and Attacks, Bar-Ilan Winter School on Symmetric Cryptography in Theory and Practice. Lecture 1 (youtube), Lecture 2 (youtube), Lecture 3 (youtube), Lecture 4 (youtube).
- TLS Security - Where Do We Stand?. Invited talk at Ruhr University Bochum, 2013.
- Key Reuse in Public Key Cryptography. Invited talk at EuroPKI 2012, Pisa, Italy, September 2012.
- TLS and DTLS: A Tale of Two Protocols. Distinguished invited lecture at T.U. Darmstadt, Germany, July 2012.
- Cryptography and Secure Channels. Invited talk at Cryptographer's Track, RSA Conference, San Francisco, USA, April 2009.
- From Fish to Phishing. Professorial Inaugural Lecture, Royal Holloway, University of London, February 2008.
- Certificateless Cryptography I and Certificateless Cryptography II. Invited talks at ICE-EM RNSA 2007 Workshop on Pairing Based Cryptography, Queensland University of Technology, Brisbane, Australia, June 2007.
- What can quantum cryptographers learn from history? Invited talk at Workshop on Quantum Cryptography and Computing, Fields Institute, University of Toronto, Toronto, Canada, October 2006.
- Identity-based cryptography - Panacea or Pandemonium? Invited talk at 9th Workshop on Elliptic Curve Cryptography (ECC 2005), Technical University of Denmark, Copenhagen, Denmark, September 2005 .

**Patents and patent applications (US only).**

**US granted patents: **

- K.G. Paterson, "Decoder system capable of performing a plural-stage process", U.S. Patent 7173610. Issued 06/02/2007.
- J.A. Davis, J. Jedwab, S. Morley, K.G. Paterson, F. Perner, K.K. Smith and S.R. Wyatt, "Manufacturing test for a fault tolerant magnetoresistive solid-state storage device", U.S. Patent 7149948. Issued 12/12/2006.
- J. Jedwab, J.A. Davis, K.G. Paterson and G. Seroussi, "Manufacturing test for a fault tolerant magnetoresistive solid-state storage device", U.S. Patent 7107508. Issued 12/09/2006.
- J.A. Davis, J. Jedwab, S. Morley, and K.G. Paterson, "Magnetoresistive solid-state storage device and data storage methods for use therein", U.S. Patent 7107507. Issued 12/09/2006.
- J.A. Davis, J. Jedwab, D.H. McIntyre, K.G. Paterson, F.A. Perner, G. Seroussi, K.K. Smith and S.R. Wyatt, "Error correction coding and decoding in a solid-state storage device", U.S. Patent 7036068. Issued 25/04/2006.
- J.A. Davis, J. Jedwab, K.G. Paterson and G. Seroussi, "Method for error correction decoding in an MRAM device (historical erasures)", U.S. Patent 6990622. Issued 24/01/2006.
- J.A. Davis, J. Jedwab, K.G. Paterson, G. Seroussi and K.K. Smith, "Data storage method for use in a magnetoresistive solid-state storage device", U.S. Patent 6981196. Issued 27/12/2005.
- K.G. Paterson, "Error detection for data storage and transmission", U.S. Patent 6898754. Issued 24/05/2005.
- A.P. Aitken and K.G. Paterson, "Addressing arrays of electrically-controllable elements", U.S. Patent 6850212. Issued 01/02/2005.
- G. Seroussi, W. Mao, M.T. Smith and K.G. Paterson, "Access control through secure channel using personal identification system", U.S. Patent 6836843. Issued 28/12/2004.
- K.G. Paterson, "Decoder system capable of performing a plural-stage process", U.S. Patent 6697075. Issued 24/02/2004.
- J.A. Davis, J. Jedwab and K.G. Paterson, "Methods and apparatus for decoding data", U.S. Patent 6487258. Issued 26/11/2002.
- K.G. Paterson, "Methods and apparatus for encoding data", U.S. Patent 6301221. Issued 09/10/2001.
- S.E. Crouch, J.A. Davis, M.J.F. Mowbray and K.G. Paterson, "System and method for transmitting data", U.S. Patent 6119263. Issued 12/09/2000.

**US patent applications: **

- J.A. Davis, K. Eldredge, J. Jedwab, D. McCarthy, S. Morley, K.G. Paterson, F. Perner, K.K. Smith and S. Wyatt, "Fault tolerant magnetoresistive solid-state storage device," U.S. Patent Application No. 2003/0023922, filed 25 Jul 2001.