Articles
  •   J. Jean, I. Nikolić, Y. Sasaki, and L. Wang
  • "Practical Forgeries and Distinguishers against PAES"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E99-A, 2016 (to appear)
  •   Y. Sasaki, and L. Wang
  • "Message Extension Attack against Authenticated Encryption: Application to PANDA"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E99-A, 2016 (to appear)
  •   Y. Sasaki, and L. Wang
  • "Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E99-A, 2016 (to appear)
  •   I. Nikolić, L. Wang, and S. Wu
  • "The parallel-cut meet-in-the-middle attack"
    Cryptography and Communications
    [paper]
  •   Y. Sasaki, and L. Wang
  • "Bitwise Partial-sum: A New Tool for Integral Analysis against ARX Designs"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E98-A, No.1, pp.49-60, 2015
    [paper]
  •   Y. Sasaki, G. Wang and L. Wang
  • "Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 and MD5-MAC"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E98-A, No.1, pp.26-38, 2015
    [paper]
  •   Y. Sasaki and L. Wang
  • "Comprehensive Study of Integral Analysis on LBlock"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E97-A, No.1, pp.127-138, 2014.
    [paper]
  •   Y. Sasaki and L. Wang
  • "Distinguishers on Double-Branch Compression Function and Applications to Round-Reduced RIPEMD-128 and RIPEMD-160"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences
    Vol.E97-A, No.1, pp.177-190, 2014.
    [paper]
  •  L. Wang, Y. Sasaki,  W. Komatsubara, K. Ohta and K. Sakiyama
  • "Meetin-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E95-A, No.1, pp.100-110, 2012.
    [paper]
  •  Y. Naito, K. Yoneyama, L. Wang and K. Ohta
  • "Security of Cryptosystems Using Merkle-Damgård in the Random Oracle Model"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E94-A, No.1, pp.57-70, 2011.
    [paper]
  •  L. Wang and Y. Sasaki
  • "Preimage Attack on 23-Step Tiger"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E94-A, No.1, pp.110-120, 2011.
    [paper]
  •  L. Wang, Kazuo Ohta, Y. Sasaki, K. Sakiyama and N. Kunihiro
  • "Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC"
    IEICE Trans. on Information and Systems,
    Vol.E93-D, No.5, pp.1087-1095, 2010.
    [paper]
  •  Y. Sasaki, L. Wang, K. Ohta, K. Aoki and N. Kunihiro
  • "Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E93-A, No.1, pp.84-92, 2010.
    [paper]
  •  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  • "Extended Password Recovery Attacks against APOP, SIP, and Digest Authenticaiton"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E92-A, No.1, pp.96-104, 2009.
    IEICE Trans. Best Paper Award (2010)
    [paper]
  •  L. Wang, K. Ohta, and N. Kunihiro
  • "Near-Collision Attacks on MD4: Applied to MD4-Based Protocols"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E92-A, No.1, pp.76-86, 2009.
    [paper]
  •  Y. Sasaki, L. Wang, N. Kunihiro and K. Ohta
  • "New Message Differences for Collision Attacks on MD4 and MD5"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E91-A, No.1, pp.55-63, 2008.
    [paper]
  •  M. Iwamoto, L. Wang, K. Yoneyama, N. Kunihiro and K. Ohta
  • "Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares"
    IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences,
    Vol.E89-A, No.5, pp.1382-1395, 2006.
    [paper]


International conferences

2015
  •   J. Jean, Y. Sasaki, L. Wang
  • "Analysis of the CAESAR Candidate Silver"
    SAC 2015
  •   C. Blondeau, T. Peyrin, L. Wang
  • "Known-key Distinguisher on Full PRESENT"
    CRYPTO 2015
  •   T. Peyrin, S. M. Sim, L. Wang , G. Zhang
  • "Cryptanalysis of JAMBU"
    FSE 2015
  •   G. Leurent, L. Wang
  • "The Sum Can Be Weaker Than Each Part"
    EUROCRYPT 2015

2014
  •   Y. Sasaki, L. Wang
  • "Message Extension Attack against Authenticated Encryptions: Application to PANDA"
    CANS 2014
  •   J. Guo, J. Jean, G. Leurent, T. Peyrin, L. Wang
  • "The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function"
    SAC 2014
    The first Prize winner of Streebog Competition [Announcement]
  •   J. Jean, I. Nikolić, Y. Sasaki, L. Wang
  • "Practical Cryptanalysis of PAES"
    SAC 2014
  •   Y. Sasaki, L. Wang
  • "Generic Attacks on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks"
    SCN 2014
  •   J. Guo, T. Peyrin, Y. Sasaki, L. Wang
  • "Updates on Generic Attacks against HMAC and NMAC"
    CRYPTO 2014
  •   S. Sim, L. Wang
  • "Practical Forgery Attacks on SCREAM and iSCREAM"
    [paper]
  •   Y. Sasaki, L. Wang
  • "A Practical Universal Forgery Attack against PAES-8"
    [eprint]
  •   Y. Sasaki, L. Wang
  • "A Forgery Attack against PANDA-s"
    [eprint]
  •   J. Guo, J. Jean, T. Peyrin, L. Wang
  • "Breaking POET Authentication with a Single Query"
    [eprint]
  •   T. Iwata, L. Wang
  • "Impact of ANSI X9.24-1:2009 Key Check Value on ISO/IEC 9797-1:2011 MACs"
    FSE 2014
    [eprint]
  •   J. Guo, Y. Sasaki, L. Wang , M. Wang, L. Wen
  • "Equivalent Key Recovery Attacks against HMAC and NMAC with Whirlpool Reduced to 7 Rounds"
    FSE 2014
  •   T. Peyrin, L. Wang
  • "Generic Universal Forgery Attack on Iterative Hash-based MACs"
    EUROCRYPT 2014
    [paper]   [eprint]
  •   J. Guo, P. Karpman, I. Nikolić, L. Wang , S. Wu
  • "Analysis of BLAKE2"
    CT-RSA 2014
    [paper]   [eprint]
  •   Y. Sasaki, Y. Tokushige, L. Wang , M. Iwamoto, K. Ohta
  • "An Automated Evaluation Tool for Improved Rebound Attack: New ShiftBytes Parameters for Grøstl"
    CT-RSA 2014
    [paper]

2013
  •   J. Guo, I. Nikolić, T. Peyrin, L. Wang
  • "Cryptanalysis of Zorro"
    [eprint]
  •  I. Nikolić, L. Wang , S. Wu
  • "The Parallel-Cut Meet-In-The-Middle Attack"
    [eprint]
  •   J. Guo, Y. Sasaki, L. Wang , S. Wu
  • "Cryptanalysis of HMAC/NMAC-Whirlpool"
    ASIACRYPT 2013  
    [paper]
  •   G. Leurent, T. Peyrin, L. Wang
  • "New Generic Attacks Against Hash-based MACs"
    ASIACRYPT 2013  
    [paper]   [eprint]
  •   F. Mendel, T. Peyrin, M. Schläffer, L. Wang , S. Wu
  • "Improved Cryptanalysis of Reduced RIPEMD-160"
    ASIACRYPT 2013  
    [paper]   [eprint]
  •   J. Jean, I. Nikolić, T. Peyrin, L. Wang , S. Wu
  • "Security Analysis of PRINCE"
    FSE 2013  
  •   I. Nikolić, L. Wang , S. Wu
  • "Cryptanalysis of Round-Reduced LED"
    FSE 2013  
  •   Y. Sasaki, L. Wang
  • "Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5"
    SAC 2013  
    [paper]
  •   Y. Sasaki, L. Wang
  • "Bitwise Partial-sum: A New Tool for Integral Analysis against ARX Designs"
    ICISC 2013  
  •   Y. Naito, Y. Sasaki, L. Wang , K. Yasuda
  • "Generic State-Recovery and Forgery Attacks on ChopMD-MAC and NMAC/HMAC"
    IWSEC 2013  
    [paper]
  •   Y. Sasaki, W. Komatsubara, Y. Sakai, L. Wang , M. Iwamoto, K. Ohta, K. Sakiyama
  • "Meet-in-the-Middle Preimage Attacks Revisited: New Results on MD5 and HAVAL"
    SECRYPT 2013  

2012
  •   Y. Sasaki, L. Wang, S. Wu, W.L. Wu
  • "Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks"  
    ASIACRYPT 2012 
    [paper]
  •   T. Peyrin, Y. Sasaki, L. Wang
  • "Generic Related-key Attacks for HMAC"  
    ASIACRYPT 2012 
    [paper]   [eprint]
  •  Y. Sasaki, L. Wang
  • "Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers"  
    SAC 2012 
    [paper]
  •   Y. Sasaki, L. Wang
  • "Comprehensive Study of Integral Analysis on 22-Round LBlock"  
    ICISC 2012 
    [paper]
  •   Y. Sasaki, L. Wang, Y. Sakai, K. Sakiyama, K. Ohta
  • "Three-Subset Meet-in-the-Middle Attack on Reduced XTEA"  
    AFRICACRYPT 2012 
    [paper]
  •  L. Wang, Y. Sasaki, K. Sakiyama, K. Ohta
  • "Polynomial-Advantage Cryptanalysis of 3D Cipher and 3D-Based Hash Function"  
    IWSEC 2012 
    [paper]
  •  Y. Sasaki, L. Wang, Y. Takasaki, K. Sakiyama, K. Ohta
  • "Boomerang Distinguishers for Full HAS-160 Compression Function"  
    IWSEC 2012 
    Best Paper Award
    [paper]
  •  Y. Sasaki, L. Wang
  • "Distinguishers Beyond Three Rounds of RIPEMD-128/-160 Compression Function"  
    ACNS 2012 
    [paper]   [eprint]
  •  T. Koyama, L. Wang, Y. Sasaki, K. Sakiyama, and K. Ohta
  • "New Truncated Differential Cryptanalysis on 3D Block Cipher"  
    ISPEC 2012 
    [paper]

2011
  •  L. Wang, Y. Sasaki, W. Komatsubara, K. Ohta and K. Sakiyama
  • "(Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach" 
    CT-RSA 2011 
    [paper]
  •  Y. Naito, K. Yoneyama, L. Wang, K. Ohta
  • "Security of Practical Cryptosystems Using Merkle-Damg{\aa}rd Hash Function in the Ideal Cipher Model"  
    ProvSec 2011 
    [paper]   [eprint]
  •  Y. Sakai, Y. Sasaki, L. Wang, K. Sakiyama, and K. Ohta
  • "Preimage Attacks on 5-Pass HAVAL Reduced to 158-Steps and One-Block 3-Pass HAVAL" 
    ACNS 2011 (Industrial Track)
    [slide]

2010
  •  Y. Sasaki, Y. Li, L. Wang, K. Sakiyama, and K. Ohta
  • "Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl"
    ASIACRYPT 2010
    [paper]

2009
  •  K. Aoki, J. Guo, K. Matusiewicz, Y. Sasaki and L. Wang
  • "Preimages for Step-Reduced SHA-2"
    ASIACRYPT 2009
    [paper]   [eprint]
  •  Y. Naito, K. Yoneyama, L. Wang and K. Ohta
  • "How to Confirm Cryptosystems Security: The Original Merkle-Damgard is Still Alive!"
    ASIACRYPT 2009
    [paper]   [eprint]
  •  L. Wang, Y. Sasaki, K. Sakiyama and K. Ohta
  • "Bit-Free Collision: Application to APOP Attack"
    IWSEC 2009
    Best Paper Award
    [paper]

2008
  •  L. Wang, K. Ohta and N. Kunihiro
  • "New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5"
    EUROCRYPT 2008
    [paper]
  •  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  • "Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack"
    CT-RSA 2008
    [paper]
  •  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  • "Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function"
    AFRICACRYPT 2008
    [paper]
  •  L. Wang, K. Ohta and N. Kunihiro
  • "Password Recovery Attack on Authentication Protocol MD4(Password||Chellenge)"
    ASIACCS 2008
    [paper]

2007
  •  Y. Sasaki, L. Wang, K. Ohta and N. Kunihiro
  • "New Message Difference for MD4"
    FSE 2007
    [paper]


Japan annual domestic workshop SCIS and ISEC

2012
  •  小松原 航, 王 磊, 佐々木 悠, 崎山 一男, 太田 和夫,
  • "54ステップのSHA-0への原像攻撃"
    SCIS 2012.

2011
  •  五味澤 重友, 王 磊, 太田 和夫, 山口 和彦, 崎山 一男
  • "HMAC-MD5へのフォールト解析攻撃"
    SCIS 2011, 3D3-3.
  •  酒井 靖英, 佐々木 悠, 王 磊, 崎山 一男, 太田 和夫
  • "158stepの5-pass HAVALと1-Block 3-pass HAVALへの原像攻撃"
    SCIS 2011, 4B1-2.
  •  小松原 航, 王 磊, 佐々木 悠, 太田 和夫,
  • "RIPEMD,RIPEMD-128に対する新しいLocal collisionを用いた 中間一致型(第二)原像攻撃"
    SCIS 2011, 4B1-3.

2010
  •  内藤 祐介, 王 磊, 米山 一樹, 太田 和夫
  • "New Analysis of Davies-Meyer Merkle-Damgard"
    SCIS 2010, 4D1-2.
    Best Paper Award
  •  L. Wang and Y. Sasaki
  • "Preimages of Step-Reduced Tiger"
    SCIS 2010, 4D1-3

2009
  •  Y. Naito, Lei Wang and K. Ohta
  • "How to Construct Cryptosystems and Hash functions in Weakened Random Oracle Models"
    ISEC 2009-07
  •  Y. Li, M. Zhu, L. Wang, K. Ohta and K. Sakiyama
  • "Visual Secret Sharing Schemes for Multiple Secret Images Allowing the 90-degree Rotation of Shares"
    SCIS 2009, 1F1-3
  •  内藤祐介, 太田和夫, 王磊, 米山一樹
  • "Merkle-Damgard構造の強識別不可能性(Indifferentiability)の再考"
    SCIS 2009, 2A4-6 
  •  L. Wang, Y. Sasaki, K. Ohta, and K. Sakiyama
  • "A faster attack on MD5-based challenge and response protocols"
    SCIS 2009, 2A2-1

2008
  •  佐々木悠, 王磊,太田和夫,青木和麻呂, 國廣昇
  • "MD4を用いたチャレンジ&レスポンス認証に対する現実的な攻撃"
    IEICE ソサイエティ大会
  •  L. Wang,K. Ohta and N. Kunihiro
  • "Password Recovery Attack on Authentication Protocol MD4(Password || Challenge)"
    SCIS2008 3A3-3
    Best Paper Award
  •  佐々木悠,王磊,太田和夫,國廣昇
  • "MD5チャレンジ・レスポンス方式の安全性について:APOPパスワード復元攻撃の拡張"
    SCIS2008 3A3-1

2007
  •  L. Wang,Y. Sasaki, K. Ohta and N. Kunihiro
  • "Differential Path Search Algorithm for First Round of MD4"
    SCIS2007 1A1-2

2005
  •  岩本貢,王磊,米山一樹,國廣昇,太田和夫
  • "回転を許す視覚復号型秘密分散法"
    SITA2005, pp. 689-692, 2005
  • 清田耕一朗, 王磊, 岩本貢, 米山一樹, 國廣昇, 太田和夫
  • "画像の回転に関して複数画像が復号可能な視覚復号型秘密分散法"
    SCIS2005