photo of Nadia Heninger

Nadia Heninger

Associate Professor
Computer Science and Engineering
University of California, San Diego

9500 Gilman Drive, MC 0404
La Jolla, CA 92093-0404

Office: EBU3B 3138 (the index toe)
Email: nadiah at cs dot ucsd dot edu

Guidance for prospective students

My primary research interests are in cryptography and security, with particular interest in mathematical cryptanalysis aimed at real-world applications. My usual toolkit includes lattice techniques, computational number theory, coding theory, and network measurement.

From 2013 until 2018, I was an assistant professor in the Computer and Information Science Department at the University of Pennsylvania. Before then, I was a postdoctoral visiting researcher at Microsoft Research New England in Cambridge, MA, and an NSF mathematical sciences postdoctoral fellow in the Department of Computer Science and Engineering at UC San Diego. I have a Ph.D. in computer science from Princeton University and a B.S. in electrical engineering and computer science from UC Berkeley.

curriculum vitae      short bio     bigger picture


CSE 291: Cryptanalysis Spring 2024
CSE 107: Intro to Modern Cryptography Winter 2024, Fall 2021
CSE 209B: Cryptanalysis Reading Group Fall 2023
CSE 207B: Applied Cryptography Fall 2023, Fall 2022, Spring 2022, Fall 2020, Spring 2020
CSE 127: Intro to Computer Security Winter 2023, Winter 2022, Winter 2021, Fall 2019

At the University of Pennsylvania:
CIS 331: Introduction to Networks & Security Fall 2017, Spring 2017, Spring 2016, Spring 2015, Spring 2014
CIS 556: Cryptography Fall 2018, Fall 2016, Fall 2015, Fall 2014
CIS 800: Topics in Cryptography Fall 2013
CIS 800: Security Reading Group 2013-2018.

PhD Students

Miro Haller
Keegan Ryan
Laura Shea
Adam Suhl
George Sullivan


Shaanan Cohney
Annie Dai
Gabrielle De Micheli
Josh Fried
Daniel Genkin
Marcella Hastings
Kaiwen He
Paul Lou
Daniel Moghimi
Richard Roberts
Michael Rudow
Barak Shani
Terry Sun
Luke Valenta


On the Semidirect Discrete Logarithm Problem in Finite Groups. Christopher Battarbee, Giacomo Borin, Ryann Cartor, Nadia Heninger, David Jao, Laura Maddison, Edoardo Persichetti, Angela Robinson, Daniel Smith-Tone, Rainer Steinwandt. [ePrint]

Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem. Gabrielle Beck, Harry Eldridge, Matthew Green, Nadia Heninger, and Abhishek Jain. To appear at Usenix Security 2024. [ePrint]

On the Possibility of a Backdoor in the Micali-Schnorr Generator. Hannah Davis, Matthew D. Green, Nadia Heninger, Keegan Ryan, and Adam Suhl. PKC 2024. [ePrint]

Survey: Recovering cryptographic keys from partial information, by example. Gabrielle De Micheli and Nadia Heninger. IACR Communcations in Cryptology, volume 1, issue 1. 2024. [CiC] [ePrint]

Passive SSH Key Compromise via Lattices. Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger. CCS 2023. [ePrint]

Fast Practical Lattice Reduction through Iterated Compression. Keegan Ryan and Nadia Heninger. Crypto 2023. Best paper award! [GitHub]

The curious case of the half-half Bitcoin ECDSA nonces. Dylan Rowe, Joachim Breitner, and Nadia Heninger. AfricaCrypt 2023. [ePrint]

The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications. Keegan Ryan and Nadia Heninger. PKC 2023. Best paper award! [ePrint]

Two variable polynomial congruences and capacity theory. Ted Chinburg, Brett Hemenway Falk, Nadia Heninger, Zachary Scherr. Mathematical Cryptology vol. 3 no. 1, 2023. [Journal] [ArXiv]

Open to a fault: On the passive compromise of TLS keys via transient errors. George Arnold Sullivan, Jackson Sippe, Nadia Heninger, and Eric Wustrow. Usenix Security 2022. [Usenix Security]

RSA, DH, and DSA in the Wild. Nadia Heninger. Book Chapter from Computational Cryptography: Algorithmic Aspects of Cryptography. 2021. [ePrint] [Book Web Page]

On Bounded Distance Decoding with Predicate: Breaking the "Lattice Barrier" for the Hidden Number Problem. Martin R. Albrecht and Nadia Heninger. EuroCrypt 2021. [ePrint] [GitHub]

Comparing the difficulty of factorization and discrete logarithm: a 240-digit experiment. Fabrice Boudot, Pierrick Gaudry, Aurore Guillevic, Nadia Heninger, Emmanuel Thomé, and Paul Zimmermann. Crypto 2020. [ePrint]

CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction. Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. Usenix Security 2020. [arXiv]

Properties of Constacyclic Codes Under the Schur Product. Brett Hemenway Falk, Nadia Heninger, and Michael Rudow. Designs, Codes, and Cryptography 2020. [arXiv] [Springer]

TPM-FAIL: TPM meets Timing and Lattice Attacks. Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Usenix Security 2020. [web site] [arXiv]

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG. Shaanan Cohney, Andrew Kwong, Shachar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen, and Yuval Yarom. Oakland 2020. [blog post] [ePrint]

Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies. Joachim Breitner and Nadia Heninger. Financial Cryptography 2019. [ePrint]

The Proof is in the Pudding: Proofs of Work for Solving Discrete Logarithms. Marcella Hastings, Nadia Heninger, and Eric Wustrow. Financial Cryptography 2019. [ePrint]

Practical state recovery attacks against legacy RNG implementations. Shaanan Cohney, Matthew D. Green, and Nadia Heninger. CCS 2018. [web site]

Characterizing overstretched NTRU attacks. Gabrielle De Micheli, Nadia Heninger, and Barak Shani. MathCrypt 2018. [ePrint]

CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks. Fergus Dall, Gabrielle De Micheli, Thomas Eisenbarth, Daniel Genkin, Nadia Heninger, Ahmad Moghimi, and Yuval Yarom. TCHES 2018.

In search of CurveSwap: Measuring elliptic curve implementations in the wild. Luke Valenta, Nick Sullivan, Antonio Sanso, and Nadia Heninger. EuroS&P 2018. [ePrint]

Sliding right into disaster: Left-to-right sliding windows leak. Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom. CHES 2017. [ePrint]

Post-Quantum RSA. Daniel J. Bernstein, Nadia Heninger, Paul Lou, and Luke Valenta. PQCrypto 2017. [ePrint]

A kilobit hidden SNFS discrete logarithm computation. Joshua Fried, Pierrick Gaudry, Nadia Heninger, and Emmanuel Thomé. Eurocrypt 2017. [ePrint] [web site]

Measuring small subgroup attacks against Diffie-Hellman. Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, and Nadia Heninger. NDSS 2017. [ePrint]

Cryptographic applications of capacity theory: On the optimality of Coppersmith's method for univariate polynomials. Ted Chinburg, Brett Hemenway, Nadia Heninger, and Zachary Scherr. Asiacrypt 2016. [arXiv]

Weak Keys Remain Widespread in Network Devices. Marcella Hastings, Joshua Fried, and Nadia Heninger. IMC 2016. [ACM version]

A Systematic Analysis of the Juniper Dual EC Incident. Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham. CCS 2016. Best paper award! [ePrint]

DROWN: Breaking TLS using SSLv2. Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. Usenix Security 2016. [web site]

CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. Yuval Yarom, Daniel Genkin, and Nadia Heninger. CHES 2016. [web site] [ePrint]

Factoring as a Service. Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, and Nadia Heninger. Financial Cryptography 2016. [ePrint] [web site] [source code]

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. CCS 2015. Best paper award! [web site]

Elliptic Curve Cryptography in Practice. Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig, and Eric Wustrow. Financial Cryptography 2014. [ePrint]

Factoring RSA keys from certified smart cards: Coppersmith in the wild. Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, and Nicko van Someren. Asiacrypt 2013. [web site]

Torchestra: Reducing interactive traffic delays over Tor. Deepika Gopal and Nadia Heninger. WPES 2012.

Mining your Ps and Qs: Detection of widespread weak keys in network devices. Nadia Heninger, Zakir Durumeric, Eric Wustrow, J. Alex Halderman. Usenix Security 2012. Best paper award! [web site]

Optimally robust private information retrieval. Casey Devet, Ian Goldberg, and Nadia Heninger. Usenix Security 2012. [ePrint]

Approximate common divisors via lattices. Henry Cohn and Nadia Heninger. Algorithmic Number Theory Symposium 2012. [ePrint] [higgledy piggledy]

Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding. Henry Cohn and Nadia Heninger. Innovations in Computer Science 2011. [arXiv] [slides]

Computational complexity and information asymmetry in election audits with low-entropy randomness. Nadia Heninger. EVT/WOTE 2010. [slides] [higgledy piggledy]

Defeating Vanish with low-cost Sybil attacks against large DHTs. Scott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, Emmett Witchell. NDSS 2010. [web site]

Reconstructing RSA private keys from random key bits. Nadia Heninger and Hovav Shacham. Crypto 2009. [ePrint] [slides] [source]

Fingerprinting blank paper using commodity scanners. William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J. Alex Halderman, and Edward W. Felten. Oakland 2009. [web site]

Lest we remember: Cold boot attacks on encryption keys. J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Usenix Security 2008. Best student paper award! [web site]

On the integrality of n-th roots of generating functions. Nadia Heninger, Eric Rains and N. J. A. Sloane. Journal of Combinatorial Theory Series A, v.113 n.8, p.1732-1745, November 2006. [arXiv]