I’m a research scientist at Protocol Labs.
I mostly work on efficient *zero-knowledge proof systems*, their building blocks, their foundations and their applications. My interest is in cryptography at large.

I previously worked as a post-doctoral researcher at Aarhus University with Claudio Orlandi (2020-2021) and at the IMDEA Software Institute with Dario Fiore (2018-2020).

While at the Graduate Center of the City University of New York (CUNY), I worked with Rosario Gennaro; in 2018 both Rosario and CUNY made the careless blunder of giving me a PhD.

## Research

^{My work has appearead at top- and high-rank cryptographic conferences. For a full list of publications, see my Google Scholar page. Below you can find my work organized by question/topic rather than year/conference.}

*In some of my latest projects I worked on questions as:*

### SNARKs (and related primitives)

- How can we best combine techniques from fast proof schemes (e.g., Spartan) with those from extremely succinct proofs (e.g., Groth16) obtaining a small (
*universal*) setup? [Testudo paper] [Testudo blog post] - What are the efficiency tradeoffs of SNARKs with a single (universal) setup? [Lunar paper] [Anaïs Querol’s slides] [Lunar code]](https://github.com/imdea-software/lunar)
- Can we construct efficient commit-and-prove SNARKs (SNARKs over committed inputs) with a single (universal) setup? [Lunar paper] [ECLIPSE paper] [Lunar&ECLIPSE slides]
- Can we design and compose specialized
*SNARKs*efficiently and simply? [LegoSNARK paper] [slides] [LegoSNARK code] - How much can we decentralize authenticated data structures? [paper]
- How can we prove set-membership efficiently and privately (applications to whitelisting, anonymous cryptocurrencies, etc.)? [paper]
*(see also Veksel and Curve Trees below)* - How can we prove
*batch*set-membership succinctly and efficiently compose it with other SNARKs? [HARiSA paper] [Talk by Dario Fiore] - Can we construct
*linear-map*vector commitments from already deployed setups? How to make them maintainable generically? How to use them? [paper] - Can we extend existing
*lookup arguments*so to apply them efficiently to zero-knowledge for machine learning? [paper]

### Witness-Encryption-like Primitives

*Encryption to the Future*: How can we emulate WE to pass state long-term in decentralized networks? [paper]- How to simply approximate witness encryption through witness-authenticated key exchange? [paper]
- How to marry
*witness encryption*and*succinct functional commitments*for fun and (theoretical&practical) profit? [paper] [slides]

### On Theory for Cryptographic Proofs

- What are theoretical limits for extractable arguments with nice composability features? [paper] [slides]
- How much can we push designated-verifier primitives to achieve some level of public-verifiability? [paper]
- How to use obfuscation to compile designated-verifier primitives into publically verifiable ones? And can we compile other primitives in a similar manner? [paper]

### Efficient Proofs in Cryptocurrencies

- Can we go beyond Merkle Trees for fast, transparent, succinct zero-knowledge proofs of set membership? [Curve Trees paper] [Slides USENIX talk] [Curve Trees code]
- How can we obtain efficient anonymous payments from well-studied assumptions? [Veksel paper] [Veksel code]
- How (not) to pay for digital goods and services on
*Bitcoin*? [paper] - How to construct Zero-Knowledge on Homomorphic commitments to KV maps (a
*“Z-KeyWee”*, or Z🥝) and how to use them for anonymous cryptocurrencies? [paper]

### Proofs of Space

- How to apply (non-trivially) polynomial evaluation techniques to make decentralized storage more scalable? [paper]

### Rationality and Fine-Grained Cryptography

- Is expressive, efficient “higher” crypto (e.g. MPC, FHE, VC) possible
*without cryptographic assumptions*(at the cost of being secure against “weaker” adversaries)? [paper] - How to design protocols for verifiable computation when a server is
*economically incentivized*(and with no cryptographic assumptions)? [thesis] [Sequential composability paper] [Space bounded computation paper]

## ZK Standards

I was co-chair of the working group leading the effort to standardize (commit/encrypt)-and-prove in zero-knowledge proofs. Some resources:

- A proposal for the standardization of the notion of
*commit-and-prove*(as well as*encrypt-and-prove*) accepted at the 4th ZKProof Workshop. - Slides on commit-and-prove used at the 2nd ZKProof Workshop.

## Teaching

- Seminar @ Aaarhus University: Techniques for Efficient ZK Arguments (Fall 2021)
- Seminar @ Hanyang University, Seoul: Techniques for Efficient Non-Interactive Probabilist Proofs (February ‘20) [some of the material]
- Discrete Mathematical Structures @ The City College of New York (Spring 2016)

## Program Committees

- Asiacrypt 2023
- CCS 2023
- CIFRIS 2023
- ACNS 2023
- ACNS 2022
- ICPC 2021