I’m a research scientist at Protocol Labs. I mostly work on efficient zero-knowledge proof systems and other cryptography-flavored topics.
While at the Graduate Center of the City University of New York (CUNY), I worked with Rosario Gennaro; in 2018 both Rosario and CUNY made the careless blunder of giving me a PhD.
You can find a full list of publications on my Google Scholar page.
In some of my latest projects I worked on questions as:
SNARKs and Such
- What are the efficiency tradeoffs of SNARKs with a single (universal) setup? [Lunar paper] [Anaïs Querol’s slides]
- Can we construct efficient commit-and-prove SNARKs (SNARKs over committed inputs) with a single (universal) setup? [Lunar paper] [ECLIPSE paper] [Lunar&ECLIPSE slides]
- Can we compose SNARKs in an efficient and general manner? [LegoSNARK paper] [slides] [LegoSNARK code]
- How much can we decentralize authenticated data structures? [paper]
- How can we prove set-membership efficiently and privately (applications to whitelisting, anonymous cryptocurrencies, etc.)? [paper] (see also Veksel below)
- Encryption to the Future: How can we emulate WE to pass state long-term in decentralized networks? [paper]
- How to simply approximate witness encryption through witness-authenticated key exchange? [paper]
- Witness Encryption over Succinct Functional Commitments [paper]
On Theory for Cryptographic Proofs
- What are theoretical limits for extractable arguments with nice composability features? [paper] [slides]
- How much can we push designated-verifier primitives to achieve some level of public-verifiability (in a certain setting)? [paper]
Efficient Proofs in Cryptocurrencies
- How can we obtain efficient anonymous payments from well-studied assumptions? [Veksel paper] [Veksel code]
- How (not) to pay for digital goods and services on Bitcoin? [paper]
- How to construct Zero-Knowledge on Homomorphic commitments to KV maps (a “Z-KeyWee”, or Z🥝) and how to use them for anonymous cryptocurrencies? [paper]
Rationality and Fine-Grained Cryptography
- Is expressive, efficient “higher” crypto (e.g. MPC, FHE, VC) possible without cryptographic assumptions (at the cost of being secure against “weaker” adversaries)? [paper]
- How to design protocols for verifiable computation when a server is economically incentivized (and with no cryptographic assumptions)? [thesis] [Sequential composability paper] [Space bounded computation paper]
I am co-chair of the working group leading the effort to standardize (commit/encrypt)-and-prove in zero-knowledge proofs. Some resources:
- A proposal for the standardization of the notion of commit-and-prove (as well as encrypt-and-prove) accepted at the 4th ZKProof Workshop.
- Slides on commit-and-prove used at the 2nd ZKProof Workshop.