Daniel J. Bernstein - Wikipedia
Jump to content
From Wikipedia, the free encyclopedia
American mathematician, cryptologist and computer scientist (born 1971)
For the American businessman and activist, see
Daniel J. Bernstein (businessman)
Daniel J. Bernstein
Bernstein at
27C3
in 2010
Born
1971-10-29
October 29, 1971
(age 54)
East Patchogue, New York
Citizenship
American
German
Alma mater
University of California, Berkeley
PhD
New York University
BA
Known for
qmail
djbdns
Salsa20
ChaCha20
Poly1305
Curve25519
Scientific career
Fields
Mathematics
Cryptography
Computer Security
Institutions
University of Illinois at Chicago
Eindhoven University of Technology
Doctoral advisor
Hendrik Lenstra
Website
cr
.yp
.to
/djb
.html
Daniel Julius Bernstein
(born October 29, 1971) is an American
mathematician
cryptologist
, and
computer scientist
. He is a
professor
of computer science at the
University of Illinois Chicago
He was a visiting professor in the department of mathematics and computer science at the
Eindhoven University of Technology
and a
visiting professor
at CASA at
Ruhr University Bochum
through 2023.
Early life
edit
Bernstein attended
Bellport High School
, a public high school on
Long Island
, graduating in 1987 at the age of 15.
The same year, he ranked fifth in the
Westinghouse Science Talent Search
In 1987, he achieved a Top 10 ranking in the
William Lowell Putnam Mathematical Competition
and was a member of the second-place team from
Princeton University
the following year.
Bernstein earned a B.A. in mathematics from
New York University
(1991) and a Ph.D. in mathematics from the
University of California, Berkeley
(1995), where he studied under
Hendrik Lenstra
Bernstein v. United States
edit
Main article:
Bernstein v. United States
The
export of cryptography from the United States
was controlled as a
munition
starting from the
Cold War
until recategorization in 1996, with further relaxation in the late 1990s.
In 1995, Bernstein brought the court case
Bernstein v. United States
. The ruling in the case declared that software was
protected speech
under the
First Amendment
, which contributed to regulatory changes reducing controls on encryption.
10
Bernstein was originally represented by the
Electronic Frontier Foundation
11
He later
represented himself
12
Cryptography
edit
Bernstein designed the
Salsa20
stream cipher
in 2005 and submitted it to
eSTREAM
for review and possible standardization. He later published the
ChaCha20
variant of Salsa in 2008. In 2005, he proposed the
elliptic curve
Curve25519
as a basis for
public-key
schemes. He worked as the lead researcher on the
Ed25519
version of
EdDSA
. The algorithms made their way into popular software. For example, since 2014, when
OpenSSH
is compiled without
OpenSSL
, they power most of its operations.
OpenBSD
package
signing
is based on Ed25519.
13
14
Nearly a decade later,
Edward Snowden
disclosed mass surveillance
by the
National Security Agency
, and researchers discovered a
backdoor
in the Agency's
Dual EC DRBG
algorithm. These events raised suspicions of the elliptic curve parameters proposed by NSA and standardized by
NIST
15
Many researchers feared
16
that the NSA had chosen curves that gave them a
cryptanalytic
advantage.
17
18
Google
selected ChaCha20 along with Bernstein's
Poly1305
message authentication code
for use in
TLS
, which is widely used for Internet security.
19
Many protocols based on his works have been adopted by various
standards organizations
and are
used in a variety of applications
, such as
Apple iOS
20
the
Linux
kernel,
21
OpenSSH
22
23
and
Tor
24
In spring 2005, Bernstein taught a course on "high speed cryptography."
25
He introduced new
cache attacks
against implementations of
AES
in the same time period.
26
In April 2008,
27
Bernstein's
stream cipher
Salsa20
" was selected as a member of the final portfolio of the
eSTREAM
project, part of a
European Union
research directive.
In 2011, Bernstein published RFSB, a variant of the
fast syndrome-based (FSB) hash
function.
He is one of the editors of the 2009 book
Post-Quantum Cryptography
28
In 2022, Bernstein filed a second lawsuit against the U.S. government under the
Freedom of Information Act
, seeking records on the National Security Agency's role in influencing NIST's
post-quantum cryptography
standards, a case that remains ongoing as of 2025.
29
30
Software
edit
Starting in the mid-1990s, Bernstein wrote a number of security-aware programs, including
qmail
ezmlm
djbdns
ucspi-tcp
daemontools
, and
publicfile
Bernstein criticized the leading
DNS
package at the time,
BIND
, and wrote djbdns as a DNS package with security as a primary goal.
31
Bernstein offers "security guarantees" for qmail and djbdns in the form of monetary rewards for the identification of flaws.
32
33
A purported exploit targeting qmail running on
64-bit platforms
was published in 2005,
34
35
but Bernstein believes that the exploit does not fall within the parameters of his qmail security guarantee. In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security flaw in
djbdns
36
In August 2008, Bernstein announced
37
DNSCurve
, a proposal to secure the
Domain Name System
. DNSCurve applies techniques from
elliptic curve cryptography
with the goal of providing a vast increase in performance over the
RSA
public-key algorithm used by
DNSSEC
. It uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted,
backward-compatible
DNS records.
Bernstein proposed
Internet Mail 2000
, an alternative system for electronic mail, which he intended to replace the
Simple Mail Transfer Protocol
(SMTP), the
Post Office Protocol
(POP3) and the
Internet Message Access Protocol
(IMAP).
38
Bernstein is also known for his
string hashing function
djb2
39
40
and the
cdb
database library.
41
Mathematics
edit
Bernstein has published a number of papers on
mathematics
and
computation
. Many of his papers deal with
algorithms
or implementations.
In 2001, Bernstein circulated "Circuits for
integer factorization
: a proposal,"
42
which suggested that, if physical hardware implementations could be brought close to their theoretical efficiency, the then-popular estimates of adequate security parameters might be off by a factor of three. Since 512-bit
RSA
was breakable at the time, so might be 1536-bit RSA. Bernstein was careful not to make any actual predictions, and emphasized the importance of correctly interpreting
asymptotic
expressions. Several prominent researchers (among them
Arjen Lenstra
Adi Shamir
, Jim Tomlinson, and
Eran Tromer
) disagreed strongly with Bernstein's conclusions.
43
Bernstein is also the author of the mathematical
libraries
DJBFFT, a fast
portable
FFT
library, and
primegen
, an asymptotically fast small prime
sieve
with low
memory footprint
based on the
sieve of Atkin
(rather than the more usual
sieve of Eratosthenes
).
Sieve of Atkin
was co-authored by Atkin and Bernstein. Both have been used effectively in the search for large
prime numbers
In 2007, Bernstein proposed the use of a
(twisted) Edwards curve
Curve25519
, as a basis for
elliptic curve cryptography
; it is employed in Ed25519 implementation of
EdDSA
In February 2015, Bernstein and others published a paper on a stateless
post-quantum
hash-based signature scheme
called
SPHINCS
44
In July 2022,
SPHINCS+
, a signature scheme adapted from SPHINCS by Bernstein and others, was one of four algorithms selected as winners of the
NIST Post-Quantum Cryptography Standardization
competition. It was the only hash-based algorithm of the four winners.
45
46
In April 2017, Bernstein and others published a paper on Post-Quantum RSA that includes an integer factorization algorithm claimed to be "often much faster than
Shor's
".
47
Teaching
edit
In 2004, Bernstein taught a course on
computer software security
where he assigned each student to find ten
vulnerabilities
in published software.
48
The 25 students discovered 44 vulnerabilities, and the class published
security advisories
about the issues.
48
See also
edit
CubeHash
, Bernstein's submission to the
NIST hash function competition
SipHash
NaCl
, a Networking and Cryptography library
Quick Mail Queuing Protocol
(QMQP)
Quick Mail Transport Protocol
(QMTP)
References
edit
Bernstein, Daniel J.
"Curriculum vitae"
(PDF)
cr.yp.to
. Retrieved
March 20,
2019
Bernstein, Daniel.
"Positions"
cr.yp.to
. Retrieved
May 26,
2025
"Ruhr University Bochum and other places"
ResearchGate
. December 8, 2023
. Retrieved
December 9,
2024
"CASA team"
. December 18, 2023. Archived from the original on December 18, 2023
. Retrieved
November 16,
2024
{{
cite web
}}
: CS1 maint: bot: original URL status unknown (
link
"New Yorkers Excel In Contest"
New York Times
. January 21, 1987
. Retrieved
November 9,
2008
"TWO GIRLS WIN WESTINGHOUSE COMPETITION"
New York Times
. January 21, 1987
. Retrieved
March 14,
2011
L. F. Klosinski;
G. L. Alexanderson
; L. C. Larson (October 1988). "The William Lowell Putnam Mathematical Competition".
The American Mathematical Monthly
. Vol. 95, no. 8. pp.
717–
727.
JSTOR
2322251
L. F. Klosinski;
G. L. Alexanderson
; L. C. Larson (October 1989). "The William Lowell Putnam Mathematical Competition".
The American Mathematical Monthly
. Vol. 96, no. 8. pp.
688–
695.
JSTOR
2324716
Koops, Bert-Jaap (August 2004).
"Crypto Law Survey - Overview per country"
Bert-Jaap Koops homepage
. Retrieved
March 21,
2019
Dame-Boyle, Alison (April 16, 2015).
"EFF at 25: Remembering the Case that Established Code as Speech"
Electronic Frontier Foundation
. Retrieved
March 21,
2019
Cassidy, Peter (June 1, 1996).
"Reluctant Hero"
Wired
ISSN
1059-1028
. Retrieved
March 21,
2019
"Plaintiff's Notice Of Substitution of Counsel"
(PDF)
. October 7, 2002
. Retrieved
March 20,
2019
Murenin, Constantine A. (April 30, 2014). Soulskill (ed.).
"OpenSSH No Longer Has To Depend On OpenSSL"
Slashdot
. Retrieved
December 26,
2014
Murenin, Constantine A. (January 19, 2014). Soulskill (ed.).
"OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto"
Slashdot
. Retrieved
December 27,
2014
Bernstein, Daniel J.; Lange, Tanja (January 22, 2017).
"SafeCurves: choosing safe curves for elliptic-curve cryptography"
. Retrieved
March 20,
2019
Maxwell, Gregory (September 8, 2013).
"[tor-talk] NIST approved crypto in Tor?"
. Retrieved
May 20,
2015
"SafeCurves: Rigidity"
safecurves.cr.yp.to
. Retrieved
May 20,
2015
"The NSA Is Breaking Most Encryption on the Internet - Schneier on Security"
www.schneier.com
. September 5, 2013
. Retrieved
May 20,
2015
A. Langley; W. Chang; N. Mavrogiannopoulos; J. Strombergson; S. Josefsson (December 16, 2015).
"ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)"
Internet Draft
iOS Security Guide
Corbet, Jonathan.
"Replacing /dev/urandom"
Linux Weekly News
. Retrieved
September 20,
2016
Miller, Damien (May 3, 2016).
"ssh/PROTOCOL.chacha20poly1305"
Super User's BSD Cross Reference: PROTOCOL.chacha20poly1305
. Retrieved
September 7,
2016
Murenin, Constantine A. (December 11, 2013). Unknown Lamer (ed.).
"OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein"
Slashdot
. Retrieved
September 7,
2016
Roger Dingledine & Nick Mathewson.
"Tor's Protocol Specifications - Blog"
. Retrieved
December 20,
2014
Daniel J. Bernstein.
"MCS 590, High-Speed Cryptography, Spring 2005"
Authenticators and signatures
. Retrieved
September 23,
2005
Daniel J. Bernstein (April 17, 2004).
"Cache timing attacks on AES"
(PDF)
cr.yp.to
Steve Babbage; Christophe De Canniere;
Anne Canteaut
; Carlos Cid; Henri Gilbert; Thomas Johansson; Matthew Parker; Bart Preneel; Vincent Rijmen; Matthew Robshaw.
"The eSTREAM Portfolio"
(PDF)
. Archived from
the original
(PDF)
on August 13, 2012
. Retrieved
April 28,
2010
Bernstein, Daniel J.; Buchmann, Johannes; Dahmen, Erik, eds. (2009).
Post-Quantum Cryptography
. Berlin Heidelberg: Springer-Verlag.
doi
10.1007/978-3-540-88702-7
ISBN
978-3-540-88701-0
S2CID
24166515
Bernstein, Daniel J. (August 5, 2022).
"NSA, NIST, and post-quantum cryptography"
The cr.yp.to blog
. Retrieved
November 24,
2025
Bernstein, Daniel J. (2025).
"NSA-NIST-PQC FOIA responses"
Post-quantum cryptography
. Retrieved
November 24,
2025
Bauer, Michael D. (2005).
Linux Server Security
. O'Reilly Media, Inc. pp.
172–
173.
ISBN
978-0-596-00670-9
Hagen, William von (March 26, 2007).
Ubuntu Linux Bible
. John Wiley & Sons. p. 769.
ISBN
978-0-470-12454-3
Binnie, Chris.
"Lighten Your DNS Load with TinyDNS"
ADMIN Magazine
. Retrieved
March 21,
2019
Georgi Guninski (May 31, 2005).
"Georgi Guninski security advisory #74, 2005"
. Retrieved
September 23,
2005
James Craig Burley (May 31, 2005).
"My Take on Georgi Guninski's qmail Security Advisories"
. Archived from
the original
on August 25, 2007
. Retrieved
August 24,
2007
Daniel J. Bernstein (March 4, 2009).
"djbdns<=1.05 lets AXFRed subdomains overwrite domains"
. Archived from
the original
on March 5, 2009
. Retrieved
March 4,
2009
Daniel J. Bernstein.
"High-speed cryptography"
"Internet Mail 2000"
cr.yp.to
Archived
from the original on January 25, 2023
. Retrieved
March 13,
2023
Yigit, Ozan.
"String hash functions"
"Hash function constants selection discussion"
"cdb"
Daniel J. Bernstein (November 9, 2001).
"Circuits for integer factorization: a proposal"
cr.yp.to
Arjen K. Lenstra
Adi Shamir
; Jim Tomlinson;
Eran Tromer
(2002).
"Analysis of Bernstein's Factorization Circuit"
Proc. Asiacrypt
. LNCS 2501:
1–
26.
"SPHINCS: practical stateless hash-based signatures"
sphincs.cr.yp.to
. Retrieved
December 25,
2024
"NIST Announces First Four Quantum-Resistant Cryptographic Algorithms"
NIST
. July 5, 2022.
Computer Security Division, Information Technology Laboratory (January 3, 2017).
"Selected Algorithms 2022 - Post-Quantum Cryptography | CSRC | CSRC"
CSRC | NIST
. Retrieved
March 27,
2024
"Post-quantam RSA"
(PDF)
cr.yp.to
. Retrieved
June 11,
2024
Lemos, Robert (December 16, 2004).
"Students uncover dozens of Unix software flaws"
CNET
. Retrieved
March 21,
2019
External links
edit
Wikimedia Commons has media related to
Daniel J. Bernstein
Wikiquote has quotations related to
Daniel J. Bernstein
Official website
DJBFFT
Daniel Bernstein on the Faculty Page at UIC
Faculty page at Eindhoven University of Technology
Archived
2016-11-23 at the
Wayback Machine
Daniel J. Bernstein
at the
Mathematics Genealogy Project
Authority control databases
International
ISNI
VIAF
GND
WorldCat
National
United States
Czech Republic
Israel
Academics
CiNii
Mathematics Genealogy Project
Association for Computing Machinery
Scopus
zbMATH
Google Scholar
DBLP
MathSciNet
People
DDB
Other
IdRef
Open Library
SNAC
Yale LUX
Retrieved from "
Categories
1971 births
Courant Institute of Mathematical Sciences alumni
Living people
Modern cryptographers
American computer programmers
American people of German-Jewish descent
20th-century American mathematicians
21st-century American mathematicians
UC Berkeley College of Letters and Science alumni
American computer security academics
University of Illinois Chicago faculty
American computer science educators
Academic staff of the Eindhoven University of Technology
Open content activists
People from East Patchogue, New York
Hidden categories:
CS1 maint: bot: original URL status unknown
CS1: long volume value
Articles with short description
Short description is different from Wikidata
Use mdy dates from November 2025
Articles with hCards
Commons category link from Wikidata
Webarchive template wayback links
Daniel J. Bernstein
Add topic
US