**Open positions**

Funding for PhD students is available through the Royal Holloway Centre for Doctoral Training in Cyber Security.

I have no funding or positions for interns. I have no funding for postdoc positions at the moment.

**Postal address and contact details**

**Biography**

I obtained a B.Sc. in 1990 from the University of Glasgow and a Ph.D. from the University of London in 1993, both in Mathematics. I was then a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, from 1993 to 1994. After that, I was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London from 1994 to 1996.

In 1996, I joined Hewlett-Packard Laboratories Bristol, becoming a project manager in 1999.

I then joined the Information Security Group at Royal Holloway in 2001, becoming a Reader in 2002 and Professor in 2004. In March 2010, I commenced an EPSRC Leadership Fellowship entitled Cryptography: Bridging Theory and Practice.

**Research interests:**

- Theoretical and Applied Cryptography
- Network Security
- Coding Theory and Mathematics of Communications

**Projects:**

- Cryptography: Bridging Theory and Practice, a Leadership Fellowship funded by EPSRC.
- Multilinear Maps in Cryptography.
- Royal Holloway's Centre for Doctoral Training in Cyber Security.

**Conferences, workshops and other activities:**

- PKC 2014, Buenos Aires, Argentina, March 26-28, 2014.
- ACNS 2014, Lausanne, Switzerland, June 10-13, 2014.
- LATINCRYPT 2014, Costao do Santinho Resort, Brazil, September 17-19, 2014.
- CANS 2014, Heraklion, Crete, Greece, October 22-24, 2014.
- Real World Cryptography 2015, London, UK, January 7-9, 2015.

I am on the Editorial Board of the Journal of Cryptology.

I am co-editor in chief of Springer's Information Security and Cryptography book series.

I am a member of the IACR.

**Current postdocs:**

**Current Ph.D. students:**

- Jean Paul Degabriele
- Daniel Hutchinson
- Robert Lee
- Thyla van der Merwe
- Tony Palmer
- Dale Sibborn
- Susan Thomson

**Completed Ph.D. students:**

- Sattam Al-Riyami (2004) - Ph.D. thesis (pdf format)
- Hoon Wei Lim (2006) - Ph.D. thesis (pdf format)
- Caroline Kudla (2006) - Ph.D. thesis (pdf format)
- Shane Balfe (2009) - Ph.D. thesis (pdf format)
- Arnold Yau (2009) - Ph.D. thesis (pdf format)
- Sriramkrishnan Srinivasan (2010) - Ph.D. thesis (pdf format)
- Gaven Watson (2010) - Ph.D. thesis (pdf format)
- Elizabeth Quaglia (2012) - Ph.D. thesis (pdf format)
- Eduarda Freire (2014) - Ph.D. thesis (pdf format)
- Nadhem AlFardan (2014) - Ph.D. thesis (pdf format)

**Recent research papers:**

Here's a selection of preprints, unpublished work, recent papers and technical reports. Please contact me if you would like a copy of anything not available electronically here.

- W. Mao and K.G. Paterson, On The Plausible Deniability Feature of Internet Protocols (preprint, 2002, postscript format).

**Publications by year, most recent first.**

**2014:**

- M. Abdalla, F. Benhamouda, A. Passelegue and K.G. Paterson.
Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier
In
*Juan Garay and Rosario Gennaro (eds.),CRYPTO 2014 (1)*, Lecture Notes in Computer Science Vol. 8616, pp. 77-94, Springer, 2014. Full version. - M. Bellare, K.G. Paterson, and P. Rogaway.
Security of symmetric encryption against mass surveillance.
In
*Juan Garay and Rosario Gennaro (eds.),CRYPTO 2014 (1)*, Lecture Notes in Computer Science Vol. 8616, pp. 1-19, Springer, 2014. Full version. - K.G. Paterson, D.L. Sibborn and J.C.N. Schuldt.
Related Randomness Attacks for Public Key Encryption.
In
*H. Krawczyk (ed.), PKC 2014*, Lecture Notes in Computer Science Vol. 8383, pp. 465-482, Springer, 2013. Full version. - K.G. Paterson, B. Poettering and J.C.N. Schuldt.
Plaintext recovery attacks against WPA/TKIP.
In
*C. Cid and C. Rechberger (eds.), FSE 2014*. Lecture Notes in Computer Science, to appear. Full version.

**2013:**

- N.J. AlFardan, D.J. Bernstein, K.G. Paterson, B. Poettering and J.C.N. Schuldt.
On the Security of RC4 in TLS.
In
*USENIX Security Symposium 2013*. Full version; website. - N.J. AlFardan and K.G. Paterson.
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols.
In
*IEEE Symposium on Security and Privacy*, pp. 526-540, IEEE Computer Society, 2013. Full version; website. - A. Boldyreva, J.P. Degabriele, K.G. Paterson and M. Stam,
On Symmetric Encryption with Distinguishable Decryption Failures.
In
*S. Moriai (ed.), FSE 2013*, Lecture Notes in Computer Science Vol. 8424, pp. 1-24, Springer, 2014. Full version. - C. Boyd, C. Cremers, M. Feltz, K.G. Paterson, B. Poettering and D. Stebila.
ASICS: Authenticated Key Exchange Security Incorporating Certification Systems.
In
*J. Crampton, S. Jajodia and K. Mayes (eds.), ESORICS*, Lecture Notes in Computer Science Vol. 8134, pp. 381-399, Springer, 2013. Full version. - C. Capar, D. Goeckel, K.G. Paterson, E.A. Quaglia, D. Towsley and M. Zafer,
A Signal Flow Based Toolbox for the Quantitative Analysis of Wireless Security Protocols.
*Information and Computation*,**226**(2013), 37-56. - P. Farshim, B. Libert, K.G. Paterson and E.A. Quaglia, Robust Encryption, Revisited.
In
*K. Kurosawa and G. Hanaoka (eds.), PKC 2013*, Lecture Notes in Computer Science Vol. 7778, pp. 352-368, Springer, 2013. Full version. - E.S.V. Freire, D. Hofheinz, E. Kiltz and K.G. Paterson, Non-Interactive Key Exchange.
In
*K. Kurosawa and G. Hanaoka (eds.), PKC 2013*, Lecture Notes in Computer Science Vol. 7778, pp. 254-271, Springer, 2013. Full version. - E.S.V. Freire, D. Hofheinz, K.G. Paterson and C. Striecks.
Programmable Hash Functions in the Multilinear Setting.
In
*R. Canetti, J.A. Garay (eds.), CRYPTO 2013 (1)*, Lecture Notes in Computer Science Vol. 8042, pp. 513-530, Springer, 2013. Full version. - E.S.V. Freire, K.G. Paterson and B. Poettering.
Simple, Efficient and Strongly KI-Secure Hierarchical Key Assignment Schemes.
In
*E. Dawson (ed.), CT-RSA 2013*, Lecture Notes in Computer Science Vol. 7779, pp.101-114, Springer, 2013. Full version. - T. Jager, K.G. Paterson and J. Somorovsky.
One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography.
In
*Network and Distributed System Security Symposium (NDSS 2013)*. Full version. - H. Krawczyk, K.G. Paterson and H. Wee.
On the Security of the TLS Protocol: A Systematic Analysis.
In
*R. Canetti, J.A. Garay (eds.), CRYPTO 2013 (1)*, Lecture Notes in Computer Science Vol. 8042, pp. 429-448, Springer, 2013. Full version.

**2012:**

- N.J. AlFardan and K.G. Paterson,
Plaintext-Recovery Attacks Against Datagram TLS.
In
*Network and Distributed System Security Symposium (NDSS 2012)*. Distinguished Paper Award. - M. Bellare, K.G. Paterson and S. Thomson,
RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures.
In
*X. Wang and K. Sako (eds.), ASIACRYPT 2012*, Lecture Notes in Computer Science Vol. 7658, pp. 331-348, Springer, 2012. Full version. - A. Boldyreva, J.P. Degabriele, K.G. Paterson and M. Stam,
Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation.
In
*D. Pointcheval and T. Johansson (eds.), EUROCRYPT 2012*, Lecture Notes in Computer Science, Springer Vol. 7237, pp. 682-699, Springer 2012. - J.P. Degabriele, A. Lehmann, K.G. Paterson, N.P. Smart and M. Strefler,
On the Joint Security of Encryption and Signature in EMV.
In
*O. Dunkelmann (ed.), CT-RSA 2012*, Lecture Notes in Computer Science Vol. 7178, pp. 116-135, Springer, 2012. Full version. - B. Libert, K.G. Paterson and E.A. Quaglia,
Anonymous Broadcast Encryption.
In
*M. Fischlin, J. Buchmann, M. Manulis (eds.), PKC 2012*, Lecture Notes in Computer Science, Vol. 7293, pp. 206-224, Springer, 2012. Full version. - K.G. Paterson, A. Polychroniadou and D.L. Sibborn,
A Coding-Theoretic Approach to Recovering Noisy RSA Keys.
In
*X. Wang and K. Sako (eds.), ASIACRYPT 2012*, Lecture Notes in Computer Science Vol. 7658, pp. 386-403, Springer, 2012. Full version. - K.G. Paterson and G.J. Watson, Authenticated-Encryption with Padding: A Formal Security Treatment.
In
*D. Naccache (ed.), Cryptography and Security: From Theory to Applications - Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday*, Lecture Notes in Computer Science Vol. 6805, pp. 83-107, Springer, 2011.

**2011:**

- M.R. Albrecht and K.G. Paterson,
Breaking An Identity-Based Encryption Scheme based on DHIES.
In
*L. Chen (ed.), IMA International Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 7089, pp. 344-355, Springer, 2011. - M.R. Albrecht, P. Farshim, K.G. Paterson, and G.J. Watson,
On Cipher-Dependent Related-Key Attacks in the Ideal Cipher Model.
In
*A. Joux (ed.), FSE 2011*, Lecture Notes in Computer Science Vol. 6733, pp. 128-145, Springer, 2011. - J. Crampton, H.W. Lim, K.G. Paterson and G. Price,
User-Friendly and Certificate-Free Grid Security Infrastructure.
*International Journal of Information Security*,**10(3)**(2011), 137-153. - J.P. Degabriele, K.G. Paterson and G.J. Watson,
Provable Security in the Real World.
*IEEE Security and Privacy Magazine*,**9(3)**, pp. 33-41, May/June 2011. - E.S.V. Freire and K.G. Paterson,
Provably Secure Key Assignment Schemes from Factoring.
In
*U. Parampalli and P. Hawkes (eds.), ACISP 2011*, Lecture Notes in Computer Science Vol. 6812, pp. 292-309, Springer, 2011. - H.W. Lim and K.G. Paterson, Identity-Based Cryptography for Grid Security.
*International Journal of Information Security*,**10(1)**(2011), 15-32. - K.G. Paterson (editor),
*Eurocrypt 2011*, Lecture Notes in Computer Science Vol. 6632, Springer, 2011. - K.G. Paterson, J.C.N. Schuldt, M. Stam and S. Thomson,
On the Joint Security of Encryption and Signature, Revisited.
In
*D.H. Lee and X. Wang (eds.), ASIACRYPT 2011*, Lecture Notes in Computer Science Vol. 7073, pp. 161-178, Springer, 2011. Full version. - K.G. Paterson, T.E. Shrimpton and T. Ristenpart,
Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol.
In
*D.H. Lee and X. Wang (eds.), ASIACRYPT 2011*, Lecture Notes in Computer Science Vol. 7073, pp. 372-389, Springer, 2011. Version with typos fixed.

**2010:**

- N.J.A. AlFardan and K.G. Paterson,
An Analysis of DepenDNS.
In
*M. Burmester, G. Tsudik, S.S. Magliveras and I. Ilic (eds.), Information Security - 13th International Conference, ISC 2010*, Lecture Notes in Computer Science, Vol. 6531, pp. 31-37, Springer 2010. Full version. - S. Balfe, A.D. McDonald, K.G. Paterson and H. Phillips,
Identity crisis: on the problem of namespace design for ID-PKC and MANETs.
*Security and Communication Networks*,**3(6)**(2010), 535-545. - S. Balfe, P.-W. Yau and K.G. Paterson,
A guide to trust in mobile ad hoc networks.
*Security and Communication Networks*,**3(6)**(2010), 503-516. - J.P. Degabriele and K.G. Paterson,
On the (In)security of IPsec in MAC-then-Encrypt Configurations.
In
*E. Al-Shaer, A.D. Keromytis and V. Shmatikov (eds.), Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010)*, pp. 493-504, ACM, 2010. - K.G. Paterson and E.A. Quaglia,
Time Specific Encryption,
In
*J. Garay and R. De Prisco (eds.), SCN 2010*, Lecture Notes in Computer Science Vol. 6280, pp. 1-16, Springer, 2010. Best paper award. - K.G. Paterson and D. Stebila,
One-time-password-authenticated key exchange.
In
*R. Steinfeld and P. Hawkes (eds.), ACISP 2010*, Lecture Notes in Computer Science Vol. 6168, pp. 264-281, Springer, 2010. Full version. - K.G. Paterson and G.J. Watson,
Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR.
In
*H. Gilbert (ed.), EUROCRYPT 2010*, Lecture Notes in Computer Science Vol. 6110, pp. 345-361, Springer, 2010. Full version.

**2009:**

- M.R. Albrecht, K.G. Paterson and G.J. Watson,
Plaintext Recovery Attacks Against SSH,
*IEEE Symposium on Security and Privacy*, IEEE Computer Society 2009, pp. 16-26. - C. Boyd, Y. Cliff, J.M. Gonzalez Nieto and K.G. Paterson,
Efficient one round key exchange in the standard model.
*International Journal of Applied Cryptography*, Vol. 1(3) (2009), 181-199. - T. Etzion, N. Kalouptsidis, N. Kolokotronis, K. Limniotis and K.G. Paterson,
Properties of the Error Linear Complexity Spectrum.
*IEEE Transactions on Information Theory*, Vol. 55(10) (2009), 4681-4686. - H.W. Lim and K.G. Paterson,
Secret Public Key Protocols Revisited.
In
*B. Christianson et al. (eds.), Security Protocols 2006*, Lecture Notes in Computer Science, Vol. 5087, pp 237-256, Springer, 2009. - K.G. Paterson and S. Srinivasan,
On the Relations Between Non-Interactive Key Distribution, Identity-Based Encryption and
Trapdoor Discrete Log Groups.
*Designs, Codes and Cryptography*, Vol. 52 (2009), 219-241. - K.G. Paterson and S. Srinivasan, Building key-private, public-key encryption schemes,
In
*C. Boyd and J. Neito (eds.), ACISP 2009*, Lecture Notes in Computer Science Vol. 5594, pp. 276-292, Springer, 2009.

**2008: **

- S. Balfe, E. Gallery, C.J. Mitchell and K.G. Paterson,
Crimeware and Trusted Computing. Chapter 15 in
*M. Jacobsson and Z. Ramzan (eds.), Crimeware*, Addison-Wesley/Symantec Press, 2008. - S. Balfe, E. Gallery, C.J. Mitchell and K.G. Paterson, Challenges for Trusted Computing. IEEE Security and Privacy Magazine, Nov./Dec. 2008, pp. 60-66.
- S. Balfe and K.G. Paterson,
Augmenting Internet-based Card-not-present Transactions with Trusted Computing: An Analysis.
*In G. Tsudik (ed.), Financial Cryptography 2008*, Lecture Notes in Computer Science Vol. 5143, pp. 171-175, Springer, 2008. Updated, full version (.pdf). - S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Payments with Trusted Computing Technologies.
In
*S. Xu, C. Nita-Rotaru, J.-P. Seifert (eds.), Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008)*, pp. 81-92, ACM 2008. - K.D. Boklan, Z. Klagsbrun, K.G. Paterson and S. Srinivasan. Flexible and Secure Communications in an Identity-Based, Coalition Environment. IEEE Milcom, 2008.
- C. Boyd, Y. Cliff, J.M. Gonzalez Nieto and K.G. Paterson,
Efficient one round key exchange in the standard model.
In
*Y. Mu, W. Susilo and J. Seberry (eds.), ACISP 2008*, Lecture Notes in Computer Science Vol.5107, pp. 69-83, Springer, 2008. Full version. - A.W. Dent, B. Libert and K.G. Paterson,
Certificateless Encryption Schemes Strongly Secure in the Standard Model.
In
*R. Cramer (ed.), PKC 2008*, Lecture Notes in Computer Science Vol. 4939, pp. 141-161, Springer, 2008. Full version. - S.D. Galbraith and K.G. Paterson (eds.),
*Pairing 2008*, Lecture Notes in Computer Science Vol. 5209, Springer, 2008. - S.D. Galbraith, K.G. Paterson and N.P. Smart,
Pairings for Cryptographers.
*Discrete Applied Mathematics*156(2008), 3113-3121. - K.G. Paterson and S. Srinivasan,
Security and Anonymity of Identity-based Encryption with Multiple Trusted Authorities.
In
*S.D. Galbraith and K.G. Paterson (eds.), Pairing 2008*, Lecture Notes in Computer Science Vol. 5209, pp.354-375, Springer, 2008. - K.G. Paterson and G.J. Watson,
Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment.
In
*R. Ostrovsky, R. De Prisco and I. Visconti (eds.), SCN 2008*, Lecture Notes in Computer Science Vol. 5229, pp. 340-357, Springer, 2008. - J.C.N. Schdult, K. Matsuura and K.G. Paterson,
Proxy Signatures Secure Against Proxy Key Exposure.
In
*R. Cramer (ed.), PKC 2008*, Lecture Notes in Computer Science Vol. 4939, pp. 344-359, Springer, 2008. - M. Srivatsa, S. Balfe, K.G. Paterson and P. Rohatgi,
Trust Management For Secure Information Flows,
In
*P. Ning, P.F. Syverson, S. Jha (eds.), Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008)*, pp. 175-188, ACM Press 2008.

**2007: **

- S. Balfe, K. Boklan, Z. Klagsbrun and K.G. Paterson,
Key Refreshing in Identity-based Cryptography and its Applications in MANETs.
In
*IEEE Milcom 2007.* - J. Crampton, H.W. Lim and K.G. Paterson,
What Can Identity-Based Cryptography Offer to Web Services?
In
*Proceedings of the 5th ACM Workshop on Secure Web Services (SWS 2007)*, Alexandria, Virginia, USA. ACM Press, pp. 26-36, 2007. - J. Crampton, H.W. Lim, K.G. Paterson and G. Price,
A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication.
*6th Annual PKI R&D Workshop*, NIST, Gaithersburg, Maryland, USA, April 2007. - J.P. Degabriele and K.G. Paterson,
Attacking the IPsec Standards in Encryption-only Configurations.
In
*IEEE Symposium on Privacy and Security*, pp. 335-349, IEEE Computer Society, 2007. Full version. - H.W. Lim and K.G. Paterson,
Multi-key Hierarchical Identity-based Signatures. In
*S.D. Galbraith (ed.), Eleventh IMA International Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 4887, pp. 384-402, Springer, 2007. - K.G. Paterson, F.C. Piper and R. Schack,
Quantum Cryptography: A Practical Information Security Perspective.
In
*M. Zukowski, S. Kilin and J. Kowalik (eds.), Quantum Communication and Security*, pp. 175-180, IOS Press, 2007. An earlier version of this paper can be found here.

**2006: **

- J. Crampton, K.G. Paterson, F. Piper and M.J.B. Robshaw,
Information Security,
In
*M. Gill (ed.), Handbook of Security*, Palgrave Macmillan, 2006. pp. 358-379. - K.G. Paterson,
A cryptographic tour of the IPsec standards,
*Information Security Technical Report*, Vol. 11(2) (2006), 72-81. Full version. - K.G. Paterson,
An attack on some multi-party key agreement protocols.
*IEE Proceedings on Information Security*, Vol. 153(2) (2006), 59-60. - K.G. Paterson and J.C.N. Schuldt,
Efficient identity-based signatures secure in the standard model.
In
*L.M. Batten and R. Safavi-Naini (eds.), ACISP 2006*, Lecture Notes in Computer Science Vol. 4058, pp. 207-222, Springer, 2006. Full version. - K.G. Paterson and A.K.L. Yau,
Cryptography in theory and practice: The case of encryption in IPsec.
In
*S. Vaudenay (ed.), EUROCRYPT 2006*, Lecture Notes in Computer Science Vol. 4004, pp. 12-29, Springer, 2006. Full version. - K.G. Paterson and A.K.L. Yau,
Lost in translation: theory and practice in cryptography.
*IEEE Security and Privacy*, Vol. 4, No. 3, May/June 2006, pp. 69-72.

**2005: **

- S.S. Al-Riyami and K.G. Paterson,
CBE from CL-PKE: a generic construction and efficient schemes.
In
*S. Vaudenay (ed.), PKC 2005*, Lecture Notes in Computer Science Vol. 3386, pp. 398-415, Springer, 2005. - S. Balfe, A.D. Lakhani and K.G. Paterson,
Securing Peer-to-Peer networks using Trusted Computing.
In
*C.J. Mitchell (ed.), Trusted Computing*, IEE Press, 2005, pp.271-298. - S. Balfe, A.D. Lakhani and K.G. Paterson,
Trusted Computing: Providing security for Peer-to-Peer Networks.
In
*G. Caronni et al., Proc. Fifth International Conference on Peer-to-Peer Computing*, IEEE Computer Society, 2005, pp. 117-124. - C. Boyd, W. Mao and K.G. Paterson,
Deniable authenticated key establishment for Internet protocols.
In
*B. Christianson, B. Crispo, J.A. Malcolm, M. Roe (eds.), Security Protocols, 11th International Workshop, Revised Selected Papers.*Lecture Notes in Computer Science Vol. 3364, pp. 255-271, Springer, 2005. - T. Etzion and K.G. Paterson,
Zero/positive capacities of two-dimensional runlength constrained arrays.
*IEEE Transactions on Information Theory*, Vol. 51 (9) (2005), 3186-3199. - C.J. Kudla and K.G. Paterson,
Modular security proofs for key agreement protocols.
In
*B. Roy (ed.), ASIACRYPT 2005*, Lecture Notes in Computer Science, Vol. 3788, pp. 549-565, Springer, 2005. - C.J. Kudla and K.G. Paterson,
Non-interactive designated verifier proofs and undeniable signatures.
In
*N.P. Smart (ed.), IMA Conference on Cryptography and Coding*, Lecture Notes in Computer Science, Vol. 3796, pp. 136-154, Springer, 2005. - H.W. Lim and K.G. Paterson,
Identity-Based Cryptography for Grid Security.
In
*H. Stockinger, R. Buyya and R. Perrott (eds.), Proceedings of the 1st IEEE International Conference on e-Science and Grid Computing (e-Science 2005)*, pp. 395-404, IEEE Computer Society Press, 2005. - K.G. Paterson,
Cryptography from Pairings.
In
*I.F. Blake, G. Seroussi and N.P. Smart (eds.), Advances in Elliptic Curve Cryptography*, London Mathematical Society Lecture Note Series Vol. 317, Cambridge University Press, 2005, pp. 215-251. - A.K.L. Yau, K.G. Paterson and C.J. Mitchell,
Padding oracle attacks on CBC-mode encryption with random and secret IVs.
In
*H. Gilbert and H. Handschuh (eds.), FSE 2005*, Lecture Notes in Computer Science Vol. 3557, pp. 299-319, Springer, 2005.

**2004: **

- S.R. Blackburn and K.G. Paterson,
Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan.
In
*B. Roy and W. Meier (eds.), FSE 2004*, Lecture Notes in Computer Science Vol. 3017, pp. 446-453, Springer, 2004. - C. Boyd, W. Mao and K.G. Paterson,
Key agreement using statically keyed authenticators.
In
*M. Jakobsson, M. Yung and J. Zhou (eds.), ACNS 2004*, Lecture Notes in Computer Science Vol. 3089, pp. 248-262, Springer, 2004. - L. Chen, C.J. Kudla and K.G. Paterson,
Concurrent Signatures.
In
*C. Cachin and J. Camenisch (eds.), EUROCRYPT 2004*, Lecture Notes in Computer Science Vol. 3027, pp. 287-305, Springer, 2004. - R.J. Hulsebosch, C. Gunther, G. Horn, S. Holtmanns, K. Howker, K.G. Paterson, J. Claessens and M. Schuba.
Pioneering advanced mobile privacy and security.
In
*Security for Mobility, C.J. Mitchell, ed.*, IEE Telecommunications Series Vol. 51, pp.383-432, IEE Press, 2004. - K.G. Paterson,
On Codes with Low Peak-to-Average Power Ratio for Multi-Code CDMA,
*IEEE Transactions on Information Theory*, Vol. 50 (3) (2004), 550-559. - K.G. Paterson and A. Yau,
Padding Oracle Attacks on the ISO CBC Mode Encryption Standard.
in
*T. Okamoto (ed.), Proc. CT-RSA04*, Lecture Notes in Computer Science Vol. 2964, pp. 305-323, Springer, 2004.

**2003: **

- S.S. Al-Riyami and K.G. Paterson, Certificateless public key cryptography,
in
*C.S. Laih (ed.), ASIACRYPT 2003*, Lecture Notes in Computer Science Vol. 2894, pp. 452-473, Springer, 2003. Full version. - S.S. Al-Riyami and K.G. Paterson,
Tripartite authenticated key agreement protocols from pairings,
in
*K.G. Paterson (ed.), Proc. IMA Conference on Cryptography and Coding*, Lecture Notes in Computer Science Vol. 2898, pp.332-359, Springer, 2003. - A.G.B. Lauder and K.G. Paterson,
Computing the error linear complexity spectrum of a binary sequence of period 2^n,
*IEEE Transactions on Information Theory*, Vol. 49(1) (2003), 273-280. Some code implementing the algorithm in this paper is available here. - M.G. Parker, C. Tellambura and K.G. Paterson,
Golay Complementary Sequences,
in
*Wiley Encyclopedia of Telecommunications, John G. Proakis, ed.*, Wiley, 2003. - K.G. Paterson and G. Price,
A comparison between traditional Public Key Infrastructures and Identity-Based Cryptography,
*Information Security Technical Report*, Vol. 8(3) (2003), 57-72. - G. Price, F. Piper and K.G. Paterson, editors,
*PKI revisited - current issues and future trends, Information Security Technical Report*, Vol. 8(3) (2003).

**2002: **

- S. Galbraith, W. Mao and K.G. Paterson,
RSA-based undeniable signatures for general moduli,
in
*B. Preneel (ed.), Topics in Cryptology - CT-RSA 2002*, Lecture Notes in Computer Science, Vol. 2271, 200-217, Springer, 2002. - K.G. Paterson,
Sequences for OFDM and Multi-Code CDMA: Two Problems in Algebraic Coding Theory,
in
*Proceedings of Sequences and Their Applications - SETA01*, T. Helleseth, P.V. Kumar and K. Yang, eds., Discrete Mathematics and Theoretical Computer Science Series, Springer, 2002, 46-71. - K.G. Paterson,
Cryptography from pairings: a snapshot of current research,
*Information Security Technical Report*, Vol. 7(3) (2002), 41-54. - K.G. Paterson,
ID-based signatures from pairings on elliptic curves,
*Electronics Letters*, Vol. 38 (18) (2002), 1025-1026. - K.G. Paterson, F. Piper and M. Robshaw,
Smart cards and the associated infrastructure problem,
*Information Security Technical Report*, Vol. 7(3) (2002), 20-29. - K.G. Paterson and V. Tarokh, Existence of good codes with low peak-to-average power ratios.
*Chapter 11 in R.E. Blahut and R. Koetter (eds.), Codes, Graphs, and Systems: A Celebration of the Life and Career of G. David Forney*, pp. 187-197, Kluwer Academic Publishers, 2002.

**2001: **

- A.P. Hiltgen and K.G. Paterson,
Single Track Circuit Codes,
*IEEE Transactions on Information Theory*, Vol. 47 (6) (2001), 2587-2595.

**2000: **

- K.G. Paterson,
Generalised Reed-Muller Codes and Power Control in OFDM,
*IEEE Transactions on Information Theory*, Vol. 46 (1) (2000), 104-120. - K.G. Paterson and A.E. Jones,
Efficient Decoding Algorithms for Generalised Reed-Muller Codes,
*IEEE Transactions on Communications*, Vol. 48 (8) (2000), 1272-1285. - K.G. Paterson and V. Tarokh,
On the existence and construction of good codes with low peak-to-average power ratios,
*IEEE Transactions on Information Theory*, Vol. 46 (6) (2000), 1974-1987.

**1999: **

- K.G. Paterson,
Imprimitive permutation groups and trapdoors in iterated block ciphers,
in
*L.R. Knudsen (ed.), Proceedings, Fast Software Encryption Workshop*, Lecture Notes in Computer Science, Vol. 1636, Springer, 1999, 201-214. - J.A. Davis, J. Jedwab and K.G. Paterson,
Codes, Correlations and Power Control in OFDM,
in
*Difference Sets, Sequences and their Correlation Properties*, A. Pott et al, eds., NATO Science Series C, Vol. 542, Kluwer Academic Publishers, Dordrecht, 1999, 113-132. - K.G. Paterson,
Applications of Exponential Sums in Communications Theory,
in
*Cryptography and Coding*, Michael Walker, ed., LNCS Vol. 1746, Springer, 1999, 1-24.

**1998: **

- C.J. Mitchell, and K.G. Paterson, Perfect Factors from Cyclic Codes
and Interleaving,
*SIAM Journal on Discrete Mathematics,*Vol. 11 (1998), 241--264. - K.G. Paterson, Root Counting, the DFT and the Linear Complexity of
Nonlinear Filtering,
*Designs, Codes and Cryptography,*Vol. 14 (1998), 247--259. - K.G. Paterson, Binary Sequence Sets with Favourable Correlation Properties
from Difference Sets and MDS Codes,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 172--180. - K.G. Paterson and P.J.G. Lothian ,
Bounds on Partial Correlations of Sequences,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 1164-1175. - K.G. Paterson and J. Tuliani,
Some New Circuit Codes,
*IEEE Transactions on Information Theory,*Vol. 44 (1998), 1305-1309. - K.G. Paterson,
Coding Techniques for Power Controlled OFDM,
in
*Proceedings of 9th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC '98)}*, Vol. 2, IEEE Press, 1998, 801-805.

**1997: **

- S.R. Blackburn, S. Murphy and K.G. Paterson, Comments on `Theory
and Applications of Cellular Automata in Cryptography',
*IEEE Transactions on Computers,*Vol. 46 (1997), 637--638. - S.R. Blackburn, S. Murphy and K.G. Paterson, A Comment on `A New
Public-Key Cipher System Based Upon the Diophantine Equations',
*IEEE Transactions on Computers,*Vol. 46 (1997), 512. - K.G. Paterson, Interconnection Networks Based on Two-dimensional
de Bruijn Graphs, in
*Applications of Combinatorial Mathematics*, The Institute of Mathematics and Its Applications Conference Series, Vol. 60, C.J. Mithcell, ed., Clarendon Press, Oxford, 1997.

**1996: **

- S.R. Blackburn, T. Etzion and K.G. Paterson, Permutation Polynomials,
de Bruijn Sequences and Linear Complexity,
*Journal of Combinatorial Theory Series A,*Vol. 76 (1996), 55-82. - T. Etzion and K.G. Paterson, Near Optimal Single-Track Gray Codes,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 779-789. - A. Fuchsberger, D. Gollmann, P. Lothian, K.G. Paterson and A. Sidiropoulos,
Public-key Cryptography on Smart Cards,
*Cryptography: Policy and Algorithms, Proceedings,*Lecture Notes in Computer Science, Vol. 1029, 250-269, Springer, 1996. - A.P. Hiltgen, K.G. Paterson and M. Brandestini, Single Track Gray
Codes,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 1555-1561. - C.J. Mitchell, T. Etzion and K.G. Paterson, A method for constructing
decodable de Bruijn sequences,
*IEEE Transactions on Information Theory,*Vol. 42 (1996), 1472-1478. - K.G. Paterson, New Classes of Perfect Maps I,
*Journal of Combinatorial Theory Series A,*Vol. 73 (1996), 302-334. - K.G. Paterson, New Classes of Perfect Maps II,
*Journal of Combinatorial Theory Series A,*Vol. 73 (1996), 335-345. - G. Hurlbert, C.J. Mitchell and K.G. Paterson, On the Existence of
de Bruijn Tori with Two by Two Windows,
*Journal of Combinatorial Theory Series A,*Vol. 76 (1996), 213-230.

**1995: **

- K.G. Paterson, Perfect Factors in the de Bruijn Graph,
*Designs, Codes and Cryptography,*Vol. 5 (1995), 115-138. - K.G. Paterson and P.R. Hoare, Enumerating Perfect Maps,
*Codes and Cyphers: Cryptography and Coding IV,*P.G. Farrell, ed., Formara Ltd., Southend-On-Sea, Essex, 1995. - K.G. Paterson and M.J.B. Robshaw, Storage efficient decoding for
a class of binary de Bruijn sequences,
*Discrete Mathematics,*Vol. 138 (1995), 327-341.

** 1994: **

- S.R. Blackburn, G. Carter, D. Gollmann, S. Murphy, K. Paterson, F.
Piper and P. Wild, Aspects of Linear Complexity,
*Communications and Cryptography: Two Sides of One Tapestry,*R.E. Blahut, D.J. Costello, Jr., U. Maurer and T. Mittelholzer, eds., Kluwer Academic Publishers, Boston, 1994. - C.J. Mitchell and K.G. Paterson, Decoding Perfect Maps,
*Designs, Codes and Cryptography,*Vol. 4 (1994), 11-30. - S. Murphy, K.G. Paterson and P.R. Wild,
A Weak Cipher that Generates the Symmetric Group,
*Journal of Cryptology,*Vol. 7 (1994), 61-65. - K.G. Paterson, Perfect Maps,
*IEEE Transactions on Information Theory,*IT-40 (1994), 743-753.

** 1993: **

- K.G. Paterson, On sequences and arrays with specific window properties, Ph.D. thesis, University of London, 1993.

**Presentations from various conferences and
workshops.**

- TLS Security - Where Do We Stand?. Invited talk at Ruhr University Bochum, 2013.
- Key Reuse in Public Key Cryptography. Invited talk at EuroPKI 2012, Pisa, Italy, September 2012.
- TLS and DTLS: A Tale of Two Protocols. Distinguished invited lecture at T.U. Darmstadt, Germany, July 2012.
- Cryptography and Secure Channels. Invited talk at Cryptographer's Track, RSA Conference, San Francisco, USA, April 2009.
- From Fish to Phishing. Professorial Inaugural Lecture, Royal Holloway, University of London, February 2008.
- Certificateless Cryptography I and Certificateless Cryptography II. Invited talks at ICE-EM RNSA 2007 Workshop on Pairing Based Cryptography, Queensland University of Technology, Brisbane, Australia, June 2007.
- What can quantum cryptographers learn from history? Invited talk at Workshop on Quantum Cryptography and Computing, Fields Institute, University of Toronto, Toronto, Canada, October 2006.
- Identity-based cryptography - Panacea or Pandemonium? Invited talk at 9th Workshop on Elliptic Curve Cryptography (ECC 2005), Technical University of Denmark, Copenhagen, Denmark, September 2005 .

**Patents and patent applications (US only).**

**US granted patents: **

- K.G. Paterson, "Decoder system capable of performing a plural-stage process", U.S. Patent 7173610. Issued 06/02/2007.
- J.A. Davis, J. Jedwab, S. Morley, K.G. Paterson, F. Perner, K.K. Smith and S.R. Wyatt, "Manufacturing test for a fault tolerant magnetoresistive solid-state storage device", U.S. Patent 7149948. Issued 12/12/2006.
- J. Jedwab, J.A. Davis, K.G. Paterson and G. Seroussi, "Manufacturing test for a fault tolerant magnetoresistive solid-state storage device", U.S. Patent 7107508. Issued 12/09/2006.
- J.A. Davis, J. Jedwab, S. Morley, and K.G. Paterson, "Magnetoresistive solid-state storage device and data storage methods for use therein", U.S. Patent 7107507. Issued 12/09/2006.
- J.A. Davis, J. Jedwab, D.H. McIntyre, K.G. Paterson, F.A. Perner, G. Seroussi, K.K. Smith and S.R. Wyatt, "Error correction coding and decoding in a solid-state storage device", U.S. Patent 7036068. Issued 25/04/2006.
- J.A. Davis, J. Jedwab, K.G. Paterson and G. Seroussi, "Method for error correction decoding in an MRAM device (historical erasures)", U.S. Patent 6990622. Issued 24/01/2006.
- J.A. Davis, J. Jedwab, K.G. Paterson, G. Seroussi and K.K. Smith, "Data storage method for use in a magnetoresistive solid-state storage device", U.S. Patent 6981196. Issued 27/12/2005.
- K.G. Paterson, "Error detection for data storage and transmission", U.S. Patent 6898754. Issued 24/05/2005.
- A.P. Aitken and K.G. Paterson, "Addressing arrays of electrically-controllable elements", U.S. Patent 6850212. Issued 01/02/2005.
- G. Seroussi, W. Mao, M.T. Smith and K.G. Paterson, "Access control through secure channel using personal identification system", U.S. Patent 6836843. Issued 28/12/2004.
- K.G. Paterson, "Decoder system capable of performing a plural-stage process", U.S. Patent 6697075. Issued 24/02/2004.
- J.A. Davis, J. Jedwab and K.G. Paterson, "Methods and apparatus for decoding data", U.S. Patent 6487258. Issued 26/11/2002.
- K.G. Paterson, "Methods and apparatus for encoding data", U.S. Patent 6301221. Issued 09/10/2001.
- S.E. Crouch, J.A. Davis, M.J.F. Mowbray and K.G. Paterson, "System and method for transmitting data", U.S. Patent 6119263. Issued 12/09/2000.

**US patent applications: **

- J.A. Davis, K. Eldredge, J. Jedwab, D. McCarthy, S. Morley, K.G. Paterson, F. Perner, K.K. Smith and S. Wyatt, "Fault tolerant magnetoresistive solid-state storage device," U.S. Patent Application No. 2003/0023922, filed 25 Jul 2001.