Computer-aided cryptography is an active area of research that develops and applies
formal, machine-checkable approaches to the design, analysis, and implementation of …

The TLS protocol is intended to enable secure end-to-end communication over insecure
networks, including the Internet. Unfortunately, this goal has been thwarted a number of …

TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate
design is a reaction both to the increasing demand for low-latency HTTPS connections and …

DROWN: Breaking TLS using SSLv2 Page 1 This paper is included in the Proceedings of the
25th USENIX Security Symposium August 10–12, 2016 • Austin, TX ISBN 978-1-931971-32-4 …

Virtual private network (VPN) is the traditional approach for an end-to-end secure
connection between two endpoints. Most existing VPN solutions are intended for wired …

The Transport Layer Security (TLS) protocol supports various authentication modes, key
exchange methods, and protocol extensions. Confusingly, each combination may prescribe …

The first edition of this book was published in 2003. Inevitably, certain parts of the book
became outdated quickly. At the same time new developments have continued apace …

Many popular web applications incorporate end-toend secure messaging protocols, which
seek to ensure that messages sent between users are kept confidential and authenticated …

We study the interaction of the programming construct “new,” which generates statically
scoped names, with communication via messages on channels. This interaction is crucial in …

We present Low*, a language for low-level programming and verification, and its application
to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a …