1. https://archiv.infsec.ethz.ch/education/fs08/secsem/bleichen... - This is necessary to scare newbies away from implementing textbook RSA
2. https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e0... - Vaudenay's attack on CBC mode is essential to practitioners
3. https://mega-awry.io/pdf/mega-malleable-encryption-goes-awry... - A real world attack on Mega's encryption
Unfortunately, most interesting cryptanalysis results are easier to find as blog posts than academic papers.
For example: the Frozen Heart vulnerability in zero-knowledge proof systems that rely on the weak Fiat-Shamir transform.
https://blog.trailofbits.com/2022/04/13/part-1-coordinated-d...
https://blog.trailofbits.com/2022/04/15/the-frozen-heart-vul...
https://blog.trailofbits.com/2022/04/18/the-frozen-heart-vul...
These blog posts are great, but they aren't academic papers, so they may not qualify for your list.
1. https://archiv.infsec.ethz.ch/education/fs08/secsem/bleichen... - This is necessary to scare newbies away from implementing textbook RSA
2. https://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e0... - Vaudenay's attack on CBC mode is essential to practitioners
3. https://mega-awry.io/pdf/mega-malleable-encryption-goes-awry... - A real world attack on Mega's encryption
Unfortunately, most interesting cryptanalysis results are easier to find as blog posts than academic papers.
For example: the Frozen Heart vulnerability in zero-knowledge proof systems that rely on the weak Fiat-Shamir transform.
https://blog.trailofbits.com/2022/04/13/part-1-coordinated-d...
https://blog.trailofbits.com/2022/04/15/the-frozen-heart-vul...
https://blog.trailofbits.com/2022/04/18/the-frozen-heart-vul...
These blog posts are great, but they aren't academic papers, so they may not qualify for your list.