| Plaintext recovery attacks against SSH MR Albrecht, KG Paterson, GJ Watson 2009 30th IEEE Symposium on Security and Privacy, 16-26, 2009 | 151 | 2009 |
| Lost: location based storage GJ Watson, R Safavi-Naini, M Alimomeni, ME Locasto, S Narayan Proceedings of the 2012 ACM Workshop on Cloud computing security workshop, 59-70, 2012 | 75 | 2012 |
| Provable security in the real world JP Degabriele, K Paterson, G Watson IEEE Security & Privacy 9 (3), 33-41, 2010 | 55 | 2010 |
| An analysis of the EMV channel establishment protocol C Brzuska, NP Smart, B Warinschi, GJ Watson Proceedings of the 2013 ACM SIGSAC conference on Computer & communications …, 2013 | 48 | 2013 |
| Plaintext-dependent decryption: A formal security treatment of SSH-CTR KG Paterson, GJ Watson Advances in Cryptology–EUROCRYPT 2010: 29th Annual International Conference …, 2010 | 45 | 2010 |
| On cipher-dependent related-key attacks in the ideal-cipher model MR Albrecht, P Farshim, KG Paterson, GJ Watson Fast Software Encryption: 18th International Workshop, FSE 2011, Lyngby …, 2011 | 38 | 2011 |
| Anonymity guarantees of the UMTS/LTE authentication and connection protocol MF Lee, NP Smart, B Warinschi, GJ Watson International journal of information security 13, 513-527, 2014 | 34 | 2014 |
| Algorithms, key size and protocols report (2018) N Smart, M Abdalla, E Bjørstad, C Cid, B Gierlichs, A Hülsing, A Luykx, ... ECRYPT—CSA, H2020-ICT-2014—Project 645421, 2018 | 22 | 2018 |
| Immunising CBC mode against padding oracle attacks: A formal security treatment KG Paterson, GJ Watson International Conference on Security and Cryptography for Networks, 340-357, 2008 | 21 | 2008 |
| Unidirectional updatable encryption and proxy re-encryption from DDH P Miao, S Patranabis, G Watson IACR International Conference on Public-Key Cryptography, 368-398, 2023 | 19* | 2023 |
| Authenticated-encryption with padding: A formal security treatment KG Paterson, GJ Watson Cryptography and Security: From Theory to Applications: Essays Dedicated to …, 2012 | 18 | 2012 |
| Algorithms, key size and protocols report M Abdalla, TE Bjørstad, C Cid, B Gierlichs, A Hülsing, A Luykx, ... ECRYPT-CSA, Tech. Rep. H2020-ICT-2014–Project 645421, 2018 | 11 | 2018 |
| Avoiding lock outs: Proactive fido account recovery using managerless group signatures SS Arora, S Badrinarayanan, S Raghuraman, M Shirvanian, K Wagner, ... Cryptology ePrint Archive, 2022 | 8 | 2022 |
| Mobile payments using multiple cryptographic protocols S Agrawal, D Bannikov, A Luykx, P Mohassel, S Smirnoff, S Vasudevan, ... US Patent App. 16/583,634, 2020 | 7 | 2020 |
| The low-call diet: Authenticated Encryption for call counting HSM users M Bond, G French, NP Smart, GJ Watson Cryptographers’ Track at the RSA Conference, 359-374, 2013 | 6 | 2013 |
| Privacy-preserving identity attribute verification using policy tokens KR Wagner, SS Arora, GJ Watson, M Christodorescu, S Agrawal US Patent App. 16/928,367, 2022 | 4 | 2022 |
| A PKI-based framework for establishing efficient MPC channels D Masny, G Watson Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications …, 2021 | 4 | 2021 |
| White-box Cryptography with Device Binding from Token-based Obfuscation and more. S Agrawal, EA Bock, Y Chen, GJ Watson IACR Cryptol. ePrint Arch. 2021, 767, 2021 | 4 | 2021 |
| White-box cryptography with global device binding from message-recoverable signatures and token-based obfuscation S Agrawal, E Alpírez Bock, Y Chen, G Watson International Workshop on Constructive Side-Channel Analysis and Secure …, 2023 | 3 | 2023 |
| Provable Security in Practice: Analysis of SSH and CBC mode with Padding GJ Watson Royal Holloway, University of London, 2010 | 3 | 2010 |
