I am a Senior Scientist at NTT Research in the Cryptography & Information Security Lab.
I am broadly interested in all aspects of
computer science theory, with an emphasis on cryptography and quantum computing. Previously, I was an Assistant Professor at
Princeton University, before going on leave to help
launch NTT's new industry research lab in California and ultimately making the move permanent. I completed a postdoc at MIT, my PhD at Stanford University and my bachelor's degree with Highest Honors at UC Berkeley. I am a recipient of the NSF CAREER Award and the Sloan Fellowship, as well as three Best Paper Awards, given every year to the top paper at each of the flagship cryptography conferences. Email: ![]() |
![]() |
![]() ![]() | Quantum Quantum computers — harnessing the strange features of quantum mechanics such as superpositions, entanglement, etc. — promise to revolutionize computer science. The enhanced computational power of such computers poses major threats to security, and new cryptosystems must be developed and analyzed to resist such threats. On the otherhand, quantum computers offer solutions to never-before-possible tasks, such as certifying random strings, validating the deletion of data, programs that cannot be copied, and more. |
![]() ![]() | Obfuscation Can you hide secrets in software? For decades, attempts at obfuscation applied code transformations such as inserting dummy operations or re-naming variables. These transformations make extracting secrets harder, but not impossible. A new, stronger form of obfuscation has emerged, however, that applies mathematical transformations to software, and has the potential to make extracting secrets effectively impossible. Obfuscation has numerous connections to cryptography and computer science generally. |
![]() ![]() | Idealized Models Many of the most practical cryptosystems lack a full security proof in the standard model. Nevertheless, we can gain confidence in their security by heuristically treating one or more of the building blocks as an "ideal" object implemented as an oracle. Prominent examples include random oracles, ideal ciphers, generic groups, etc. Proofs in idealized models are often very different from standard crypto proofs, requiring both reductions and query complexity arguments. |
![]() ![]() | Crypto Math Intractible mathematical problems are the heart of modern cryptography. Unfortunately, until someone proves that P≠NP, the intractability of such problems cannot be proven unconditionally and can only be conjectured. Then how do we discover novel mathematical structures, figure out how to use them, and gain confidence in their security? Through extensive study, development of new applications, attacks, and mitigations. |
![]() ![]() | Traitor Tracing Traitor tracing systems seek to deter piracy by enabling content distributors to identify the origin of pirate decryption boxes. The "usual" goal in traitor tracing is to achieve the shortest ciphertexts, secret keys, and public keys possible. But there is also a rich set of questions beyond parameter sizes: how to embed arbitrary information into a secret key? How to keep honest users' information private, while exposing traitors'? What happens when the decoder uses a quantum computer? |
![]() ![]() | Black-Box Impossibilities Can public key encryption be built from one-way functions? Is it just a matter of time before the community solves this problem, or are this problem and others like it actually impossible? This question is addressed by black box impossibilities, which show, relative to certain techniques, that such a result is indeed impossible. Black box impossibilities help guide protocol design by showing which techniques won't work. The proofs of such impossibilities can draw on interesting mathematical tools from linear algebra, graph theory, are more. |
![]() ![]() | Property Preserving Encryption Property Preserving Encryption (PPE) deliberately preserves certain relations on the plaintext data (e.g. equalities in the case of deterministic encryption, or order in the case of order revealing encryption). In addition to applications such as encrypted databases, PPE also has other interesting connections, such as security under bad randomness and differential privacy. The question is then: how to reveal such information without revealing other sensitive data, and what security, if any, remains. |
![]() ![]() | Bounded Storage Model Cryptography typically models adversaries as time-bounded, but what about adversaries that are space-bounded? The space-bounded model allows for unconditional and everlasting protocols, sometimes far simpler than their time-bounded counterparts. If we bound time and space, we can also achieve never-before-possible functionalities, such as ciphertexts that effectively disappear after transmission. |