Cloudflare Research logo



2024X-Wing: The Hybrid KEM You've Been Looking For

IACR Communications in Cryptology (Volume: 1, Issue: 1, March 2024).
Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner, Bas Westerbaan

2023RFC 9497: Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups

Internet Research Task Force (IRTF). 2023.
Alex Davidson, Armando Faz-Hernandez, Nick Sullivan, Christopher A. Wood

2023Verifiable Distributed Aggregation Functions

The 23rd Privacy Enhancing Technologies Symposium (PETS), July 10-15, Lausanne, Switzerland. 2023.
Hannah Davis, Christopher Patton, Mike Rosulek, Phillipp Schoppmann

2023Security Analysis of Signature Schemes with Key Blinding

Edward Eaton, Tancrède Lepoint, Christopher A. Wood

2023RFC 9380: Hashing to Elliptic Curves

Internet Research Task Force (IRTF). 2023.
Armando Faz-Hernandez, Sam Scott, Nick Sullivan, Riad S. Wahby, Christopher A. Wood

2023Password-Authenticated TLS via OPAQUE and Post-Handshake Authentication

Julia Hesse, Stanislaw Jarecki, Hugo Krawczyk, Christopher A. Wood

2023Portunus: Re-imagining access control in distributed systems

2023 USENIX Annual Technical Conference (USENIX ATC 23), pp. 35-52, Boston, MA, 2023.
Watson Ladd, Marloes Venema, Tanya Verma, Armando Faz-Hernandez, Brendan McMillion, Avani Wildani, Nick Sullivan

2023Portunus: Re-imagining access control in distributed systems using attribute-based encryption

Real World Crypto Symposium 2023. Tokyo, Japan. March 2023.
Watson Ladd, Marloes Venema, Tanya Verma

2023Post-Quantum Privacy Pass via Post-Quantum Anonymous Credentials

Real World Crypto Symposium 2023. Tokyo, Japan. March 2023.
Vamsi Policharla, Bas Westerbaan, Armando Faz-Hernandez, Christopher A. Wood

2023Evaluating practical QUIC website fingerprinting defenses for the masses

The 23rd Privacy Enhancing Technologies Symposium (PETS), July 10-15, Lausanne, Switzerland. 2023.
Sandra Siby, Ludovic Barman, Christopher A. Wood, Marwan Fayed, Nick Sullivan, Carmela Troncoso

2023Global, Passive Detection of Connection Tampering

ACM SIGCOMM 2023 Conference (ACM SIGCOMM23), September 10–14, 2023, New York, NY, USA.
Ram Sundara Raman, Louis-Henri Merino, Kevin Bock, Marwan Fayed, Dave Levin, Nick Sullivan, Luke Valenta

2023Hot Topics in Security and Privacy Standardization at the IETF and Beyond

IEEE Security & Privacy (Volume: 21, Issue: 2, March-April 2023).
Christopher A. Wood

2022This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting

IETF 113 Conference. 2022.
Ludovic Barman, Sandra Siby, Christopher A. Wood, Marwan Fayed, Nick Sullivan, Carmela Troncoso

2022RFC 9180: Hybrid Public Key Encryption

Internet Research Task Force (IRTF). 2022.
Richard Barnes, Karthik Bhargavan, Benjamin Lipp, Christopher A. Wood

2022RFC 9258: Importing External Pre-Shared Keys (PSKs) for TLS 1.3

Internet Engineering Task Force (IETF). 2022.
David Benjamin, Christopher A. Wood

2022A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello

ACM Conference on Computer and Communications Security (CCS) 2022, November 7-11, Los Angeles, U.S.A. 2022.
Karthikeyan Bhargavan, Vincent Cheval, Christopher A. Wood

2022Gossamer: Securely Measuring Password-based Logins

31st USENIX Security Symposium (USENIX Security 22), Boston, MA. 2022.
Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael Swift, Thomas Ristenpart, Rahul Chatterjee

2022A tale of two models: Formal verification of KEMTLS via Tamarin

27th European Symposium on Research in Computer Security (ESORICS) 2022, Denmark. 2022.
Sofía Celi, Jonathan Hoyland, Douglas Stebila, Thom Wiggers

2022Standardizing MPC for Privacy Preserving Measurement

Real World Crypto Symposium 2022. Amsterdam, Netherlands. April 2022.
Tim Geoghegan, Christopher Patton, Eric Rescorla, Christopher A. Wood

2022RFC 9257: Guidance for External Pre-Shared Key (PSK) Usage in TLS

Internet Engineering Task Force (IETF). 2022.
Russ Housley, Jonathan Hoyland, Mohit Sethi, Christopher A. Wood

2022RFC 9230: Oblivious DNS over HTTPS

Internet Engineering Task Force (IETF). 2022.
Eric Kinnear, Patrick McManus, Tommy Pauly, Tanya Verma, Christopher A. Wood

2022Might I Get Pwned: A Second Generation Compromised Credential Checking Service

31th USENIX Security Symposium (USENIX Security 22).
Bijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher A. Wood, Thomas Ristenpart, Rahul Chattejee

2022RFC 9149: TLS Ticket Requests

Internet Engineering Task Force (IETF). 2022.
Tommy Pauly, David Schinazi, Christopher A. Wood

2022Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists

IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference, Pages 374–387, October 25-27, France. 2022.
Kimberly Ruth, Deepak Kumar, Brandon Wang, Luke Valenta, Zakir Durumeric

2022The Decoupling Principle: A Practical Privacy Framework

The 21st ACM Workshop on Hot Topics in Networks (HotNets’22), November 14–15, 2022, Austin, TX, USA
Paul Schmitt, Jana Iyengar, Christopher A. Wood, Barath Raghavan

2022Respect the ORIGIN! A Best-case Evaluation of Connection Coalescing

ACM Internet Measurement Conference 2022, October 25-27, France. 2022.
Sudheesh Singanamalla, Talha Paracha, Suleman Ahmad, Jonathan Hoyland, Luke Valenta, Yevgen Safronov, Peter Wu, Andrew Galloni, Kurtis Heimerl, Nick Sullivan, Christopher A. Wood, Marwan Fayed

2022RFC 9261: Exported Authenticators in TLS

Internet Engineering Task Force (IETF). 2022.
Nick Sullivan

2022RFC 9292: Binary Representation of HTTP Messages

Internet Engineering Task Force (IETF). 2022.
Martin Thomson, Christopher A. Wood

2022A Fast and Simple Partially Oblivious PRF, with Applications

Advances in Cryptology – EUROCRYPT 2022: 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 – June 3, pp. 674–705, 2022.
Nirvan Tyagi, Sofía Celi, Thomas Ristenpart, Nick Sullivan, Stefano Tessaro, Christopher A. Wood

2022Let The Right One In: Attestation as a Usable CAPTCHA Alternative

Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), Boston, MA. 2022.
Tara Whalen, Thibault Meunier, Mrudula Kodali, Alex Davidson, Marwan Fayed, Armando Faz-Hernandez, Watson Ladd, Deepak Maram, Nick Sullivan, Benedikt Christoph Wolters, Maxime Guerreiro, Andrew Galloni

2021Round-optimal verifiable oblivious pseudorandom functions from ideal lattices

IACR International Conference on Public-Key Cryptography, pp. 261-289. Springer, Cham, 2021.
Martin Albrecht, Alex Davidson, Amit Deo, Nigel P. Smart

2021Implementing and measuring KEMTLS

Progress in Cryptology – LATINCRYPT 2021, Lecture Notes in Computer Science(), vol 12912. Springer, 2021.
Sofía Celi, Armando Faz-Hernandez, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan, Christopher A. Wood

2021Post-quantum TLS without handshake signatures

Real World Crypto Symposium 2021. Virtual. January 2021.
Sofía Celi, Armando Faz-Hernandez, Peter Schwabe, Douglas Stebila, Thom Wiggers

2021The Ties that un-Bind: Decoupling IP from web services and sockets for robust addressing agility at CDN-scale

Proceedings of the 2021 ACM SIGCOMM 2021 Conference, pp. 433–446. 2021.
Marwan Fayed, Lorenz Bauer, Vasileios Giotsas, Sami Kerola, Marek Majkowski, Pavel Odinstov, Jakub Sitnicki, Taejoong Chung, Dave Levin, Alan Mislove, Christopher A. Wood, Nick Sullivan

2021ZKAttest: Ring and Group Signatures for Existing ECDSA Keys

Selected Areas in Cryptography (SAC 2021). Lecture Notes in Computer Science, vol 13203, Springer, Cham, 2021.
Armando Faz-Hernandez, Watson Ladd, Deepak Maram

2021Quality of Experience in ICN: Keep Your Low-Bitrate Close and High-Bitrate Closer

IEEE/ACM Transactions on Networking, Volume 29, Issue 2, April 2021, pp. 557–570, 2021.
Wenjie Li, Sharief M. A. Oteafy, Marwan Fayed, Hossam S. Hassanein

2021Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Proceedings on Privacy Enhancing Technologies 2021, Volume 4, pp. 575–592. 2021.
Sudheesh Singanamalla, Suphanat Chunhapanya, Jonathan Hoyland, Marek Vavruša, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, Christopher A. Wood

2020RFC 8937: Randomness Improvements for Security Protocols

Internet Research Task Force (IRTF). 2020.
Cas Cremers, Luke Garratt, Stanislav Smyshlyaev, Nick Sullivan, Christopher A. Wood

2020Adaptively secure constrained pseudorandom functions in the standard model

Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, vol 12170, pp. 559-589. Springer, Cham, 2020.
Alex Davidson, Shuichi Katsumata, Ryo Nishimaki, Shota Yamada, Takashi Yamakawa

2020RFC 8922: A Survey of the Interaction between Security Protocols and Transport Services

Internet Engineering Task Force (IETF). 2020.
Theresa Enghardt, Tommy Pauly, Colin Perkins, Kyle Rose, Christopher A. Wood

2019RPKI is coming of age: A longitudinal study of RPKI deployment and invalid route origins

Proceedings of the Internet Measurement Conference, pp. 406-419. 2019.
Taejoong Chung, Emile Aben, Tim Bruijnzeels, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Roland van Rijswijk-Deij, John Rula, Nick Sullivan

2019Strong post-compromise secure proxy re-encryption

Australasian Conference on Information Security and Privacy, pp. 58-77. Springer, Cham, 2019.
Alex Davidson, Amit Deo, Ela Lee, Keith Martin

2019Measuring TLS key exchange with post-quantum KEM

Workshop Record of the Second PQC Standardization Conference. 2019.
Krzysztof Kwiatkowski, Nick Sullivan, Adam Langley, Dave Levin, Alan Mislove

2019Protocols for checking compromised credentials

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1387-1403. 2019.
Lucy Li, Bijeeta Pal, Junade Ali, Nick Sullivan, Rahul Chatterjee, Thomas Ristenpart

2019RFC 8586: Loop Detection in Content Delivery Networks (CDNs)

Internet Engineering Task Force (IETF). 2019.
Stephen Ludin, Mark Nottingham, Nick Sullivan

2019Does certificate transparency break the web? Measuring adoption and error rate

2019 IEEE Symposium on Security and Privacy (SP), pp. 211-226. 2019.
Emily Stark, Ryan Sleevi, Rijad Muminovic, Devon O'Brien, Eran Messeri, Adriana Porter Felt, Brendan McMillion, Parisa Tabriz

2018Is the web ready for OSCP must-staple?

Proceedings of the Internet Measurement Conference 2018, pp. 105-118. 2018.
Taejoong Chung, Jay Lok, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, John Rula, Nick Sullivan, Christo Wilson

2018Privacy Pass: Bypassing Internet Challenges Anonymously

Proceedings on Privacy Enhancing Technologies, no. 3 (2018), pp. 164-180. 2018.
Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, Filippo Valsorda

2018nQUIC: Noise-based QUIC packet protection

EPIQ'18: Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, pp. 22-28. 2018.
Mathias Hall-Andersen, David Wong, Nick Sullivan, Alishah Chator

2018403 Forbidden: A Global View of CDN Geoblocking

Proceedings of the Internet Measurement Conference 2018, pp. 218-230. 2018.
Allison McDonald, Matthew Bernhard, Luke Valenta, Benjamin VanderSloot, Will Scott, Nick Sullivan, J. Alex Halderman, Roya Ensafi

2018Geo Key Manager

Real World Crypto Symposium 2018. Zurich, Switzerland. January 2018.
Nick Sullivan, Brendan McMillion

2018In search of CurveSwap: Measuring elliptic curve implementations in the wild

2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 384-398. IEEE, 2018.
Luke Valenta, Nick Sullivan, Antonio Sanso, Nadia Heninger

2017Understanding the mirai botnet

26th USENIX security symposium (USENIX Security 17), pp. 1093-1110. 2017.
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou

2017The Security Impact of HTTPS Interception

Network and Distributed System Security Symposium (NDSS) 2017.
Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson

2016Attacking White-Box AES Constructions

Proceedings of the 2016 ACM Workshop on Software Protection, pp. 85-90. 2016.
Brendan McMillion, Nick Sullivan

2015An analysis of TLS handshake proxying

2015 IEEE Trustcom/BigDataSE/ISPA, volume 1, pp. 279-286. 2015.
Douglas Stebila, Nick Sullivan