Research

I am particularly excited to understand how cryptography gets used in practice and to apply principled approaches for improving the security and privacy of deployed protocols and applications. These approaches range from identifying flaws in existing protocols to developing new theory and definitions and then designing new cryptographic schemes.

My recent interests include:

• Interoperable end-to-end encrypted messaging, which allows users to communicate across providers. This is mandated in the E.U. by the Digital Markets Act, and WhatsApp and Messenger have proposed interoperable protocols for their applications. I’m investigating the security and privacy of this setting and proposing new designs.
• Abuse prevention mechanisms for secure messaging, like abuse reporting and blocklisting.
• Identifying vulnerabilities with widely-used authenticated encryption schemes (partitioning oracle attacks, MLGR23) and designing new authenticated encryption schemes that better meet needs in practice (LGR22).

I also frequently collaborate with industry. In the past, I have worked with Zoom and Microsoft Research on developing new key transparency systems (ELEKTRA and OPTIKS). I am currently participating as a member of Meta’s Messaging Encryption & Privacy Roundtable group.

Impact:

• My work on Partitioning Oracle Attacks has resulted in updates to the popular anti-censorship tool Shadowsocks, the age file encryption tool, and the IETF draft standards for OPAQUE and HPKE.
• Partitioning Oracle Attacks were also featured as a challenge in the Google Capture the Flag competition in 2021.

Check out my publications page for more details.