•   J. Jean, I. Nikolić, Y. Sasaki, and L. Wang
  
"Practical Forgeries and Distinguishers against PAES"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E99-A, 2016 (to appear)

•   Y. Sasaki, and L. Wang
  
"Message Extension Attack against Authenticated Encryption: Application to PANDA"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E99-A, 2016 (to appear)

•   Y. Sasaki, and L. Wang
  
"Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E99-A, 2016 (to appear)

•   I. Nikolić, L. Wang, and S. Wu
  
"The parallel-cut meet-in-the-middle attack"
Cryptography and Communications
[paper]

•   Y. Sasaki, and L. Wang
  
"Bitwise Partial-sum: A New Tool for Integral Analysis against ARX Designs"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E98-A, No.1, pp.49-60, 2015
[paper]

•   Y. Sasaki, G. Wang and L. Wang
  
"Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 and MD5-MAC"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E98-A, No.1, pp.26-38, 2015
[paper]

•   Y. Sasaki and L. Wang
  
"Comprehensive Study of Integral Analysis on LBlock"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E97-A, No.1, pp.127-138, 2014.
[paper]

•   Y. Sasaki and L. Wang
  
"Distinguishers on Double-Branch Compression Function and Applications to Round-Reduced RIPEMD-128 and RIPEMD-160"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E97-A, No.1, pp.177-190, 2014.
[paper]

•  L. Wang, Y. Sasaki,  W. Komatsubara, K. Ohta and K. Sakiyama
  
"Meetin-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E95-A, No.1, pp.100-110, 2012.
[paper]

•  Y. Naito, K. Yoneyama, L. Wang and K. Ohta
  
"Security of Cryptosystems Using Merkle-Damgård in the Random Oracle Model"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E94-A, No.1, pp.57-70, 2011.
[paper]

•  L. Wang and Y. Sasaki
  
"Preimage Attack on 23-Step Tiger"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E94-A, No.1, pp.110-120, 2011.
[paper]

•  L. Wang, Kazuo Ohta, Y. Sasaki, K. Sakiyama and N. Kunihiro
  
"Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC"
IEICE Trans. on Information and Systems,
Vol.E93-D, No.5, pp.1087-1095, 2010.
[paper]

•  Y. Sasaki, L. Wang, K. Ohta, K. Aoki and N. Kunihiro
  
"Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E93-A, No.1, pp.84-92, 2010.
[paper]

•  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  
"Extended Password Recovery Attacks against APOP, SIP, and Digest Authenticaiton"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E92-A, No.1, pp.96-104, 2009.
IEICE Trans. Best Paper Award (2010)
[paper]

•  L. Wang, K. Ohta, and N. Kunihiro
  
"Near-Collision Attacks on MD4: Applied to MD4-Based Protocols"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E92-A, No.1, pp.76-86, 2009.
[paper]

•  Y. Sasaki, L. Wang, N. Kunihiro and K. Ohta
  
"New Message Differences for Collision Attacks on MD4 and MD5"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E91-A, No.1, pp.55-63, 2008.
[paper]

•  M. Iwamoto, L. Wang, K. Yoneyama, N. Kunihiro and K. Ohta
  
"Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares"
IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
Vol.E89-A, No.5, pp.1382-1395, 2006.
[paper]

•   J. Jean, Y. Sasaki, L. Wang
  
"Analysis of the CAESAR Candidate Silver"
SAC 2015

•   C. Blondeau, T. Peyrin, L. Wang
  
"Known-key Distinguisher on Full PRESENT"
CRYPTO 2015

•   T. Peyrin, S. M. Sim, L. Wang , G. Zhang
  
"Cryptanalysis of JAMBU"
FSE 2015

•   G. Leurent, L. Wang
  
"The Sum Can Be Weaker Than Each Part"
EUROCRYPT 2015

•   Y. Sasaki, L. Wang
  
"Message Extension Attack against Authenticated Encryptions: Application to PANDA"
CANS 2014

•   J. Guo, J. Jean, G. Leurent, T. Peyrin, L. Wang
  
"The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function"
SAC 2014
The first Prize winner of Streebog Competition [Announcement]

•   J. Jean, I. Nikolić, Y. Sasaki, L. Wang
  
"Practical Cryptanalysis of PAES"
SAC 2014

•   Y. Sasaki, L. Wang
  
"Generic Attacks on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks"
SCN 2014

•   J. Guo, T. Peyrin, Y. Sasaki, L. Wang
  
"Updates on Generic Attacks against HMAC and NMAC"
CRYPTO 2014

•   S. Sim, L. Wang
  
"Practical Forgery Attacks on SCREAM and iSCREAM"
[paper]

•   Y. Sasaki, L. Wang
  
"A Practical Universal Forgery Attack against PAES-8"
[eprint]

•   Y. Sasaki, L. Wang
  
"A Forgery Attack against PANDA-s"
[eprint]

•   J. Guo, J. Jean, T. Peyrin, L. Wang
  
"Breaking POET Authentication with a Single Query"
[eprint]

•   T. Iwata, L. Wang
  
"Impact of ANSI X9.24-1:2009 Key Check Value on ISO/IEC 9797-1:2011 MACs"
FSE 2014
[eprint]

•   J. Guo, Y. Sasaki, L. Wang , M. Wang, L. Wen
  
"Equivalent Key Recovery Attacks against HMAC and NMAC with Whirlpool Reduced to 7 Rounds"
FSE 2014

•   T. Peyrin, L. Wang
  
"Generic Universal Forgery Attack on Iterative Hash-based MACs"
EUROCRYPT 2014
[paper]   [eprint]

•   J. Guo, P. Karpman, I. Nikolić, L. Wang , S. Wu
  
"Analysis of BLAKE2"
CT-RSA 2014
[paper]   [eprint]

•   Y. Sasaki, Y. Tokushige, L. Wang , M. Iwamoto, K. Ohta
  
"An Automated Evaluation Tool for Improved Rebound Attack: New ShiftBytes Parameters for Grøstl"
CT-RSA 2014
[paper]

•   J. Guo, I. Nikolić, T. Peyrin, L. Wang
  
"Cryptanalysis of Zorro"
[eprint]

•  I. Nikolić, L. Wang , S. Wu
  
"The Parallel-Cut Meet-In-The-Middle Attack"
[eprint]

•   J. Guo, Y. Sasaki, L. Wang , S. Wu
  
"Cryptanalysis of HMAC/NMAC-Whirlpool"
ASIACRYPT 2013  
[paper]

•   G. Leurent, T. Peyrin, L. Wang
  
"New Generic Attacks Against Hash-based MACs"
ASIACRYPT 2013  
[paper]   [eprint]

•   F. Mendel, T. Peyrin, M. Schläffer, L. Wang , S. Wu
  
"Improved Cryptanalysis of Reduced RIPEMD-160"
ASIACRYPT 2013  
[paper]   [eprint]

•   J. Jean, I. Nikolić, T. Peyrin, L. Wang , S. Wu
  
"Security Analysis of PRINCE"
FSE 2013  

•   I. Nikolić, L. Wang , S. Wu
  
"Cryptanalysis of Round-Reduced LED"
FSE 2013  

•   Y. Sasaki, L. Wang
  
"Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5"
SAC 2013  
[paper]

•   Y. Sasaki, L. Wang
  
"Bitwise Partial-sum: A New Tool for Integral Analysis against ARX Designs"
ICISC 2013  

•   Y. Naito, Y. Sasaki, L. Wang , K. Yasuda
  
"Generic State-Recovery and Forgery Attacks on ChopMD-MAC and NMAC/HMAC"
IWSEC 2013  
[paper]

•   Y. Sasaki, W. Komatsubara, Y. Sakai, L. Wang , M. Iwamoto, K. Ohta, K. Sakiyama
  
"Meet-in-the-Middle Preimage Attacks Revisited: New Results on MD5 and HAVAL"
SECRYPT 2013  

•   Y. Sasaki, L. Wang, S. Wu, W.L. Wu
  
"Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks"  
ASIACRYPT 2012 
[paper]

•   T. Peyrin, Y. Sasaki, L. Wang
  
"Generic Related-key Attacks for HMAC"  
ASIACRYPT 2012 
[paper]   [eprint]

•  Y. Sasaki, L. Wang
  
"Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers"  
SAC 2012 
[paper]

•   Y. Sasaki, L. Wang
  
"Comprehensive Study of Integral Analysis on 22-Round LBlock"  
ICISC 2012 
[paper]

•   Y. Sasaki, L. Wang, Y. Sakai, K. Sakiyama, K. Ohta
  
"Three-Subset Meet-in-the-Middle Attack on Reduced XTEA"  
AFRICACRYPT 2012 
[paper]

•  L. Wang, Y. Sasaki, K. Sakiyama, K. Ohta
  
"Polynomial-Advantage Cryptanalysis of 3D Cipher and 3D-Based Hash Function"  
IWSEC 2012 
[paper]

•  Y. Sasaki, L. Wang, Y. Takasaki, K. Sakiyama, K. Ohta
  
"Boomerang Distinguishers for Full HAS-160 Compression Function"  
IWSEC 2012 
Best Paper Award
[paper]

•  Y. Sasaki, L. Wang
  
"Distinguishers Beyond Three Rounds of RIPEMD-128/-160 Compression Function"  
ACNS 2012 
[paper]   [eprint]

•  T. Koyama, L. Wang, Y. Sasaki, K. Sakiyama, and K. Ohta
  
"New Truncated Differential Cryptanalysis on 3D Block Cipher"  
ISPEC 2012 
[paper]

•  L. Wang, Y. Sasaki, W. Komatsubara, K. Ohta and K. Sakiyama
  
"(Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach" 
CT-RSA 2011 
[paper]

•  Y. Naito, K. Yoneyama, L. Wang, K. Ohta
  
"Security of Practical Cryptosystems Using Merkle-Damg{\aa}rd Hash Function in the Ideal Cipher Model"  
ProvSec 2011 
[paper]   [eprint]

•  Y. Sakai, Y. Sasaki, L. Wang, K. Sakiyama, and K. Ohta
  
"Preimage Attacks on 5-Pass HAVAL Reduced to 158-Steps and One-Block 3-Pass HAVAL" 
ACNS 2011 (Industrial Track)
[slide]

•  Y. Sasaki, Y. Li, L. Wang, K. Sakiyama, and K. Ohta
  
"Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl"
ASIACRYPT 2010
[paper]

• L. Wang and Y. Sasaki
  
"Finding Preimages of Tiger Up to 23 Steps" 
FSE 2010
[paper]   [full version]

•  K. Aoki, J. Guo, K. Matusiewicz, Y. Sasaki and L. Wang
  
"Preimages for Step-Reduced SHA-2"
ASIACRYPT 2009
[paper]   [eprint]

•  Y. Naito, K. Yoneyama, L. Wang and K. Ohta
  
"How to Confirm Cryptosystems Security: The Original Merkle-Damgard is Still Alive!"
ASIACRYPT 2009
[paper]   [eprint]

•  L. Wang, Y. Sasaki, K. Sakiyama and K. Ohta
  
"Bit-Free Collision: Application to APOP Attack"
IWSEC 2009
Best Paper Award
[paper]

•  L. Wang, K. Ohta and N. Kunihiro
  
"New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5"
EUROCRYPT 2008
[paper]

•  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  
"Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack"
CT-RSA 2008
[paper]

•  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  
"Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function"
AFRICACRYPT 2008
[paper]

•  L. Wang, K. Ohta and N. Kunihiro
  
"Password Recovery Attack on Authentication Protocol MD4(Password||Chellenge)"
ASIACCS 2008
[paper]

•  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  
"New Message Difference for MD4"
FSE 2007
[paper]

•  小松原 航, 王 磊, 佐々木 悠, 崎山 一男, 太田 和夫,
  
"54ステップのSHA-0への原像攻撃"
SCIS 2012.

•  五味澤 重友, 王 磊, 太田 和夫, 山口 和彦, 崎山 一男
  
"HMAC-MD5へのフォールト解析攻撃"
SCIS 2011, 3D3-3.

•  酒井 靖英, 佐々木 悠, 王 磊, 崎山 一男, 太田 和夫
  
"158stepの5-pass HAVALと1-Block 3-pass HAVALへの原像攻撃"
SCIS 2011, 4B1-2.

•  小松原 航, 王 磊, 佐々木 悠, 太田 和夫,
  
"RIPEMD，RIPEMD-128に対する新しいLocal collisionを用いた 中間一致型(第二)原像攻撃"
SCIS 2011, 4B1-3.

•  内藤 祐介, 王 磊, 米山 一樹, 太田 和夫
  
"New Analysis of Davies-Meyer Merkle-Damgard"
SCIS 2010, 4D1-2.
Best Paper Award

•  L. Wang and Y. Sasaki
  
"Preimages of Step-Reduced Tiger"
SCIS 2010, 4D1-3

•  Y. Naito, Lei Wang and K. Ohta
  
"How to Construct Cryptosystems and Hash functions in Weakened Random Oracle Models"
ISEC 2009-07

•  Y. Li, M. Zhu, L. Wang, K. Ohta and K. Sakiyama
  
"Visual Secret Sharing Schemes for Multiple Secret Images Allowing the 90-degree Rotation of Shares"
SCIS 2009, 1F1-3

•  内藤祐介, 太田和夫, 王磊, 米山一樹
  
"Merkle-Damgard構造の強識別不可能性(Indifferentiability)の再考"
SCIS 2009, 2A4-6 

•  L. Wang, Y. Sasaki, K. Ohta, and K. Sakiyama
  
"A faster attack on MD5-based challenge and response protocols"
SCIS 2009, 2A2-1

•  佐々木悠, 王磊，太田和夫，青木和麻呂, 國廣昇
  
"MD4を用いたチャレンジ&レスポンス認証に対する現実的な攻撃"
IEICE ソサイエティ大会

•  L. Wang，K. Ohta and N. Kunihiro
  
"Password Recovery Attack on Authentication Protocol MD4(Password || Challenge)"
SCIS2008 3A3-3
Best Paper Award

•  佐々木悠，王磊，太田和夫，國廣昇
  
"MD5チャレンジ・レスポンス方式の安全性について：APOPパスワード復元攻撃の拡張"
SCIS2008 3A3-1

•  L. Wang，Y. Sasaki, K. Ohta and N. Kunihiro
  
"Differential Path Search Algorithm for First Round of MD4"
SCIS2007 1A1-2

•  岩本貢，王磊，米山一樹，國廣昇，太田和夫
  
"回転を許す視覚復号型秘密分散法"
SITA2005, pp. 689-692, 2005

• 清田耕一朗, 王磊, 岩本貢, 米山一樹, 國廣昇, 太田和夫
  
"画像の回転に関して複数画像が復号可能な視覚復号型秘密分散法"
SCIS2005