Cryptanalysis I -- Practical Cryptanalysis of SFLASH -- Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5 -- Secure Searching -- How Should We Solve Search Problems Privately? -- Public Key Encryption That Allows PIR Queries -- Invited Talk -- Information Security Economics – and Beyond -- Theory I -- Cryptography with Constant Input Locality -- Universally-Composable Two-Party Computation in Two Rounds -- Indistinguishability Amplification -- Lattices -- A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU -- Improved Analysis of Kannan’s Shortest Lattice Vector Algorithm -- Random Oracles -- Domain Extension of Public Random Functions: Beyond the Birthday Barrier -- Random Oracles and Auxiliary Input -- Hash Functions -- Security-Amplifying Combiners for Collision-Resistant Hash Functions -- Hash Functions and the (Amplified) Boomerang Attack -- Amplifying Collision Resistance: A Complexity-Theoretic Treatment -- Theory II -- How Many Oblivious Transfers Are Needed for Secure Multiparty Computation? -- Simulatable VRFs with Applications to Multi-theorem NIZK -- Cryptography in the Multi-string Model -- Quantum Cryptography -- Secure Identification and QKD in the Bounded-Quantum-Storage Model -- A Tight High-Order Entropic Quantum Uncertainty Relation with Applications -- Cryptanalysis II -- Finding Small Roots of Bivariate Integer Polynomial Equations: A Direct Approach -- A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 -- Encryption -- Invertible Universal Hashing and the TET Encryption Mode -- Reducing Trust in the PKG in Identity Based Cryptosystems -- Pirate Evolution: How to Make the Most of Your Traitor Keys -- Protocol Analysis -- A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator -- A Generalization of DDH with Applications to Protocol Analysis and Computational Soundness -- Chernoff-Type Direct Product Theorems -- Public-Key Encryption -- Rerandomizable RCCA Encryption -- Deterministic and Efficiently Searchable Encryption -- Secure Hybrid Encryption from Weakened Key Encapsulation -- Multi-party Computation -- Scalable and Unconditionally Secure Multiparty Computation -- On Secure Multi-party Computation in Black-Box Groups -- A Note on Secure Computation of the Moore-Penrose Pseudoinverse and Its Application to Secure Linear Algebra.