These are the Proceedings of the 11th International Workshop on Practice and Theory in Public Key Cryptography - PKC 2008. The workshop was held in Barcelona, Spain, March 9-12, 2008. It was sponsored by the International Association for Cryptologic Research (IACR; seewww. iacr. org), this year in cooperation with MAK, the Research GrouponMathematicsAppliedtoCryptographyatUPC,thePolytechnicalU- versityofCatalonia. The GeneralChair,CarlesPadr¿ o,was responsiblefor cha- ing the LocalOrganizationCommittee, for handling publicity and for University attracting funding from sponsors. The PKC 2008 Program Committee (PC) consisted of 30 internationally renowned experts. Their names and a?liations are listed further on in these proceedings. By the September 7, 2007submission deadline the PC had received 71 submissions via the IACR Electronic Submission Server. The subsequent - lection process was divided into two phases, as usual. In the review phase each submissionwascarefullyscrutinizedbyatleastthreeindependentreviewers,and the review reports, often extensive,werecommittedtotheIACRWebReview System. These were taken as the starting point for the PC-wide Web-based d- cussion phase. During this phase, additional reports were provided as needed, and the PC eventually had some 258 reports at its disposal. In addition, the discussions generated more than 650 messages, all posted in the system. During the entire PC phase, which started on April 12, 2006 with the invitation by the PKC Steering Committee, and which continued until March 2008, more than 500 e-mail messages were communicated. Moreover, the PC received much - preciated assistance by a large body of external reviewers. Their names are also listed in these proceedings.

Session I: Algebraic and Number Theoretical Cryptanalysis (I).- Total Break of the ?-IC Signature Scheme.- Recovering NTRU Secret Key from Inversion Oracles.- Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?.- Session II: Theory of Public Key Encryption.- Relations Among Notions of Plaintext Awareness.- Completely Non-malleable Encryption Revisited.- Invited Talk I.- Cryptographic Test Correction.- Session III: Digital Signatures (I).- Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results.- Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures.- Proxy Signatures Secure Against Proxy Key Exposure.- Session IV: Identification, Broadcast and Key Agreement.- Lattice-Based Identification Schemes Secure Under Active Attacks.- Efficient Simultaneous Broadcast.- SAS-Based Group Authentication and Key Agreement Protocols.- Session V: Implementation of Fast Arithmetic.- An Optimized Hardware Architecture for the Montgomery Multiplication Algorithm.- New Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields.- Session VI: Digital Signatures (II).- Online-Untransferable Signatures.- Security of Digital Signature Schemes in Weakened Random Oracle Models.- A Digital Signature Scheme Based on CVP ???.- Session VII: Algebraic and Number Theoretical Cryptanalysis (II).- An Analysis of the Vector Decomposition Problem.- A Parameterized Splitting System and Its Application to the Discrete Logarithm Problem with Low Hamming Weight Product Exponents.- Session VIII: Public Key Encryption.- Certificateless Encryption Schemes Strongly Secure in the Standard Model.- Unidirectional Chosen-Ciphertext SecureProxy Re-encryption.- Public Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time.