about blog contact cv work

work

Want know my work?


Mentoring

I've mentored or I'm mentoring (as part of the Brave or Cloudflare internship program):

  • Shai Levin. His website can be found here.
  • Joe Rowell. His website can be found here. Mentoring with Alex Davidson and Gonçalo Pestana.
  • Lenka Mareková. Her website can be found here. Mentoring with Bas Westerbaan.
  • Thom Wiggers. His website can be found here.
  • Goutam Tamvada. His website can be found here.

Academic texts
  • 'A Fast and Simple Partially Oblivious PRF, with Applications' with Nirvan Tyagi, Thomas Ristenpart, Nick Sullivan, Stefano Tessaro, and Christopher A. Wood.
    Conference paper. International Conference on the Theory and Applications of Cryptographic Techniques in Europe 2022.
    Find it here and an extended version here.

  • 'Implementing and Measuring KEMTLS' with Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan and Christopher A. Wood.
    Conference paper. International Conference on Cryptology and Information Security in Latin America 2021.
    Find it here, and an extended version here.

  • 'A tale of two models: formalizing KEMTLS in Tamarin' with Thom Wiggers, Jonathan Hoyland, Douglas Stebila.
    Conference paper. 27th European Symposium on Research in Computer Security (ESORICS) 2022.
    Find it here, and an extended version here.
    Runner-up for best paper award at ESORICS2022.
    Invited to special issue on the Journal of Computer Security: authors decided not to submit.

  • 'FrodoPIR: Simple, Scalable, Single-Server Private Information Retrieval' with Alex Davidson and Gonçalo Pestana.
    Peer-reviewed journal. Proceedings on Privacy Enhancing Technologies (PETS). Vol. 2023, Issue 1. To appear.
    Find an extended version here.

  • 'Practically-exploitable Cryptographic Vulnerabilities in Matrix' with Martin R. Albrecht, Benjamin Dowling and Daniel Jones.
    Symposium Proceedings. 44th IEEE Symposium on Security and Privacy (IEEE S&P) 2023.
    Find an extended version here. See our website here.
    Awarded with Distinguished Paper Award (DPA) at IEEES&P 2023.
    Finalist for the 2023 Pwnie award. See it here.

  • 'DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More' with Alex Davidson, Hamed Haddadi, Gonçalo Pestana and Joe Rowell. Under Review/Submission.
    Find an extended version here.

  • 'SoK: Signatures With Randomizable Keys' with Scott Griffy, Lucjan Hanzlik, Octavio Perez Kempner and Daniel Slamanig. Under Review/Submission.
    Find an extended version here.

  • 'CDLS: Committed Discrete Logarithms with Soundness' with Shai Levin and Joe Rowell. Under Review/Submission.
    Find an extended version here.

  • 'Nibbling MAYO: Optimized Implementations for AVX2 and Cortex-M4' with Ward Beullens, Fabio Campos, Basil Hess and Matthias J. Kannwischer. Under Review/Submission.
    Find an extended version here.



Cryptographic/Technology design
  • 'MAYO PQC Signature scheme' with Ward Beullens, Fabio Campos, Basil Hess and Matthias J. Kannwischer.
    Find the specification here. See our website here.

  • 'OTR-mode' with Mark Pilgrim, Shivan Sahib and Pete Snyder.
    Find the blogpost here.

Published text

I have some other informal published texts:

  • 'No evidence of communication: Off-The-Record Protocol version 4'. Find it here. This extended abstract was written for HotPETS from PETS2018.
  • 'Privacy and deniability by design: Off-the-Record messaging version 4'. Find it here. This extended abstract was written for PUT2019.
  • 'The current state of denial'. Find it here. This extended abstract was written for HotPETS from PETS2020. This is a joint collaboration with Iraklis Symeonidis.
  • Contributor at 'Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups'. Find it here.
  • Author of 'Privacy Pass: The Protocol'. Find it here.
  • Author of 'Definition of End-to-end Encryption'. Find it here.
  • Reviewer and happy collaborator to 'Crypto Dictionary' from the amazing JP Aumasson. Find it here.
  • Blogpost at Cloudflare with Thom Wiggers: "KEMTLS: Post-quantum TLS without signatures". Find it here.
  • "On the Importance of Understanding Memory Handling" for Welcome to the Jungle. Find it here.
  • Blog post at Cloudflare with Pop Chunhapany and Armando Faz-Hernández: "Privacy Pass v3: the new privacy bits". Find it here.
  • Blog post at Cloudflare: "The quantum solace and spectre". Find it here.
  • Blog post at Cloudflare: "The post-quantum state: a taxonomy of challenges". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Deep dive into a post-quantum signature scheme". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Deep dive into a post-quantum key encapsulation algorithm". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Using EasyCrypt and Jasmin for post-quantum verification". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada and Thom Wiggers: "Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless". Find it here.
  • Blog post at Cloudflare with Nick Sullivan: "The post-quantum future: challenges and opportunities". Find it here.
  • Blog post at Cloudflare with Angela Huang: "International Women’s Day 2022". Find it here.
  • Blog post at Brave with Alex Davidson and Gonçalo Pestana: "FrodoPIR: a new privacy-preserving approach for retrieving data". Find it here.
  • IRTF draft: "Intimate Partner Violence Digital Considerations" with Juliana Guerra and Mallory Knodel. Find it here.

Notes

Some informal notes and thoughts:

  • 'A note on Privacy-Preserving Measurements Techniques'. Find it here. Extra material for a PEARG presentation.
  • 'STAR and verifiability of shares'. Find it here. Extra material for a PPM presentation.

Statements

Some statements to improve diversity and inclusion:

  • 'On Creating a More Inclusive and Supporting Community' with Elena Pagnin and Akira Takahashi. Find it here.

Groups I'm part of
  • The amazing Brave Research Team.
  • Collaborating with Open Quantum Safe (OQS).
  • Criptógrafas Latinoamericanas.
  • Red de investigación en criptografía.
  • Criptolatino. Ping me or any of the members for joining!
  • Women in Cryptography. Ping Allison Bishop, Katharina Boudgoust, Talita Rodrigues or myself for joining!
  • PQC MAYO scheme team. Find our website here.
  • The Lattice Club with Octavio Pérez Kempner. Find our website here.
  • The Steering Committee of Latincrypt.

Organizer

I love organizing summits and gatherings:

  • OTRv4 summit colocated with PETS2019, Stockholm, Sweden. Find more information here and here.
  • Secure messaging summit 2020. Find more information here.
  • Meeting around Deniability at Real World Crypto 2021. Find more information here.
  • Informal meeting around Anonymous Credentials at Real World Crypto 2021. Find more information here.
  • Workshop on digital rights for Latin American women at Taller de Comunicación Mujer.
  • Second meeting around Anonymous Credentials. Find more information here.
  • Post-quantum cryptography and networks (PQNet). Find more information here.
  • Criptolatino: the Latin American community of cryptographers workshop at LatinCrypt2021. Find more information here.
  • Post-quantum cryptography and networks (PQNet) at RWC2022. Find more information here.
  • Cryptography school in Caparica.

Reviews/Advisor

I am/I was part of the review committee for these events:

  • PETS2020, PETS 2021, PETS 2022, PETS 2023: Artifact Review Committee. See what is it about here.
  • USENIX: Artifact Review Committee. See what is it about here.
  • Journal of Cryptographic Engineer 2022.
  • Subreviewer: LATIN: The 15th Latin American Theoretical Informatics Symposium, 2022.

I'm a technical advisor for:

I moderate talks on:


Proposal Reviewer

I review proposals at:

  • Digital Infrastructure Insights Fund (D//F). See what is it about here.

Program Committee
  • Security Standardisation Research Conference 2022 (SSR22). See what it is about here.
  • Security Standardisation Research Conference 2023 (SSR23).
  • ACM Workshop on SW Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 2022. See what it is about here.
  • Workshop on High Assurance Crypto Software (HACS). See what it is about here.
  • Workshop on Real World and PQC. 2023. See what it is about here.
  • Real World Crypto (RWC). 2023. See what it is about here.
  • Workshop on Offensive Technologies (WOOT). 2023. See what it is about here.
  • ACM Workshop on SW Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 2023. See what it is about here.
  • International Conference on Cryptology and Information Security in Latin America (Latincrypt). 2023. See what it is about here.
  • Privacy Enhancing Technologies Symposium (PETS). 2024. See what it is about here.
  • IEEE Symposium on Security and Privacy (S&P). 2024. See what it is about here.
  • ETSI-IQC Quantum-Safe Cryptography Workshop. 2024. See what it is about here.
  • Conference for Failed Approaches and Insightful Losses in Cryptology (CFAIL). 2024. See what it is about here.
  • International Conference on Applied Cryptography and Network Security (ACNS). 2024. See what it is about here.
  • 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS). 2024. See what it is about here.
  • 1st Workshop on Cryptography Applied to Transparency Systems (CATS). 2024. See what it is about here.
  • Real World Crypto (RWC). 2024. See what it is about here.
  • Public Key Cryptography (PKC). 2024. See what it is about here.

Ethics Committee
  • Research Ethics Comittee at IEEE Symposium on Security and Privacy (S&P). 2024. See what it is about here.

Award Committee
  • Applied Networking Research Prize 2023, 2024. See what it is about here.

IETF/IRTF/W3C Roles
  • Co-chair of the Human Rights Protocols Considerations group (HRPC) at IRTF. See what it is about here. Chairing with Mallory Knodell.
  • Co-chair of the Post-Quantum Use In Protocols (PQUIP) at IETF. See what it is about here. Chairing with Paul Hoffman.
  • Co-chair of the Anti-Fraud community group at W3C. See what it is about here. Chairing with Steven Valdez.
  • Part of the IETF Ombudsteam. See what it is about here.
  • Part of the Public Interest Technology Group. See what it is about here.

Conference Chair

Grants/Sponsorships received

For my work, I sometimes receive grants or sponsorships:

  • NLnet and NGIO Zero: NGI0 PET Fund, 2020. A grant received for continue working on the OTRv4 project. Find more information here.
  • Cloudflare: Sponsorship for Cryptography Research, 2020.
  • USENIX Security '20: Diversity grant.
  • Grant to attend HACS.
  • Article19: Grant to attend IETF106.

Awards
  • Academic scholarship for high school studies.
  • Academic scholarship for University studies from Universidad Católica del Ecuador: 2012-2017.
  • Roll of honour: Conservatorio Nacional de Música.
  • First class honours, University of London.
  • Runner-up for best paper award at ESORICS2022.
  • Distinguished Paper Award (DPA) at IEEES&P 2023.

Interviews/Media Coverage

Some media coverage:

  • Cryptography FM. Find it here.
  • Radios Libres. Find it here.
  • The Daily Swig, around KEMTLS. Find it here.
  • GK, around learning to program and childhood. Find it here.
  • Portrait de Sofía Celi, Ingénieure en cryptographie chez CloudFare. Find it here.
  • 'Modern and Quantum Cryptography - what does the future hold?' at Distributed Future. Find it here.
  • 'Da criptografia à computação quântica' at Made In Tech. Find it here.
  • 'Serious vulnerabilities in Matrix’s end-to-end encryption have been patched' at Ars Technica. Find it here.
  • 'IETF launches post-quantum encryption working group' at IETF News. Find it here.
  • 'Criptografia na América Latina e no Caribe - Entrevista com Sofía Celi' at ObCrypto. Find it here.
  • 'FrodoPIR: New Privacy-Focused Database Querying System' at The Hacker News. Find it here.

Talks

I've given tons of talks:

  • Elliptic Curves: from magic to Goldilocks at CryptoRave2018, São Paulo, Brazil (2018).
  • "No evidence of communication: Off-The-Record Protocol version 4" at PETS2018, Barcelona, Spain. Watch the talkhere.
  • "No evidence of communication: OTRv4 (Off-the-Record) v4" at the Privacy Enhancements and Assessments Proposed Research Group (PEARG) from IETF 103 (2018).
  • "No evidence of communication and morality in protocols: Off-the-Record protocol version 4", at the 35th Chaos Computer Congress (35c3), Leipzig, Germany. Watch the talkhere.
  • "Deniability in a group chat setting" at the Message Layer Security (MLS) group from IETF (2019).
  • "Deniability in a group chat setting" at the Message Layer Security (MLS) group from IETF (2019).
  • "No evidence of communication and implementing a protocol: Off-the-Record protocol version 4" at FOSDEM 2018, Brussels, Belgium. Watch the talkhere.
  • "Clang tools for implementing cryptographic protocols like OTRv4" at Euro Developers meeting 2018, Brussels, Belgium. Watch the talkhere.
  • "A case around secure messaging: OTRv4" at the Computer Security and Industrial Cryptography (COSIC) from the Katholieke Universiteit Leuven, Leuven, Belgium. Watch the talkhere.
  • "The loss of the sovereignty in privacy" at Security in Times of Surveillance event, Eindhoven, The Netherlands. Watch the talk here.
  • "A case around secure messaging: OTRv4" at EI/Ψ seminar from the Eidenhoven University of Technology, Eindhoven, The Netherlands, 2019. Find more informationhere.
  • "A case around secure messaging: OTRv4" at DS Colloquium from the Radboud University in Nijmegen, The Netherlands, 2019. Find the information here.
  • "Privacy and deniability by design: Off-the-Record messaging version 4" at the Open Day for Privacy, Usability, and Transparency (PUT 2019) from PETS2019 at Stockholm, Sweden. Find the information here.
  • "A case around secure messaging: OTRv4" at the Ss. Cyril and Methodius University in Skopje, Macedonia, 2019. Find the information here.
  • "Off-the-Record" at HotRFC from IETF 106 at Singapore, Singapore, 2019. Find the information here.
  • "Security and privacy, an unsustainable balance" at Our Data, Our Future: Radical Tech for a Democratic Digital Society from DECODE, Turin, Italy, 2019. Find the information here.
  • "The state of secure messaging: the case of OTR" at "Critical Decentralisation Cluster" at the 36th Chaos Computer Congress (36c3), Leipzig, Germany, 2019. Find the information here.
  • "Communicating in private way: should we care?" at "Critical Decentralisation Cluster": part of the panel, 2020. Find the information here.
  • "A case around secure messaging: OTRv4" at the University of Luxembourg City, Luxembourg, 2020.
  • "Communicating in private way: should we care?" at "Legal Hackers Meetup": part of the panel, 2020. Find the information here.
  • "Why Golang" at Women Who Go Paris, 2020. Find the information here.
  • "The current state of denial" at HotPETS from PETS2020. Find the information here.
  • "The devil is in the detail: designing and implementing the 4th version of the Off-the-Record messaging protocol" at The 8th Technion Summer School on Cyber and Computer Security Privacy in Challenging Times. Find the information here.
  • "The double-ratchet algorithm: its security and privacy properties" at Cryptography Meetup. Find the information here.
  • "Las siete vidas de un gato post-quántico" with Armando Faz for CFTV from Cloudflare. Find the information here.
  • "The state of digital rights in Latin America", happening at rc3.Find the recording here.
  • "Post-quantum TLS without handshake signatures" with Peter Schwabe, Douglas Stebila, Thom Wiggers and Armando Faz at Real World Crypto 2021. Find the information here.
  • "'I thought I was being strong with a complicated person': the tales of intimate gender-based online abuse in the Global South" at Enigma2021, a Usenix Conference. Find the information here.
  • "The state of denial" at the Research Seminar in the Information Security Group at Royal Holloway. Find the information here.
  • "DMLS: Deniable MLS" at MLS Working Group, IETF110. Find the information here.
  • "OPAQUE with TLS 1.3" at TLS Working Group, IETF110. Find the information here.
  • "Anonymous Credentials: Highlights from the meeting" at Privacy Pass Working Group, IETF110.
  • "KEMTLS" with Thom Wiggers for CFTV from Cloudflare. Find the information here.
  • "Introducción a la Criptografía" at Kriptos (internal talk).
  • "A Fast and Simple Partially Oblivious PRF, with Applications" with Nirvan Tyagi at Brave Browser Meeting (internal talk).
  • "PO-PRFs" at CFRG at IETF111 with Armando Faz-Hernández. Find the information here.
  • "Public Metadata and Privacy Pass" at IETF111. Find the information here.
  • "Authentication with KEMs for TLS1.3" with Thom Wiggers at IETF111. Find the information here.
  • "End-to-end encryption" with Mallory Knodell at SecDispatch at IETF111. Find the information here.
  • "Gallery of Latin American Malware" at SOUPS2021. Find the information here.
  • "Implementing and Measuring KEMTLS" at Google Cryptographic Group with Armando-Faz Hernández.
  • "Introductions to networks and post-quantum algorithms using isogenies" at Isogeny-based Cryptography School. Find the information here.
  • "How private is secure messaging?". Invited Lecture at the Conference on Selected Areas in Cryptography (SAC2021). Find the information here.
  • "OPRFs: what they are, new constructions and new applications" at TII CRC Seminar Series. Find the information here.
  • "Implementing and Measuring KEMTLS" at Latincrypt2021. Find the information here.
  • "Privacy Pass attacks in practice" at Anti-Fraud for the Web breakout session at TPAC2021. Find the information here.
  • "OPRFs: past and future" at the Cornell's Security Seminar.
  • "Desde curvas elípticas a teoría quántica: Qué es la criptografía?" at the Congreso Trascendencias, Universidad Campus Mexicali.
  • "Introduction to Cryptography" at the 21st edition of Semana de Informática at the Faculty of Engineering of the University of Porto, Portugal. Find the information here.
  • Cancelled: "Challenges of isogenies in post-quantum cryptography for the real-world" at the Isogeny School.
  • "TLS and post-quantum" at PQNet, 2022. Find the information here.
  • "De Turing a Shor: la computación" at Días de las Niñas en TIC, 2022. Find the information here.
  • Panellist at 'Introducing a pro-encryption agenda in Latin America' at AC-LAC with ELAC. Find the information here.
  • "Secure Messaging" at the Applied Cryptography course at Radboud University, 2022.
  • "KEMTLS: Post-quantum TLS without signatures; Lessons-Learnt from PQC Implementations" at ESA Workshop on "Secure Communications for Space Missions in the Post-Quantum Era", 2022.
  • "Challenges and Opportunities in Post-Quantum Cryptography for networks and protocols" at HotRFC at IETF 114. Find the information here.
  • "PPM techniques: informal comparison" at the Privacy Enhancements and Assessments Research Group (PEARG) at IETF 114. Find the information here.
  • "Post-Quantum NIST Process" at the Crypto Forum Research Group (CFRG) at IETF 114. Find the information here.
  • "NIST PQC Announcement " at the Transport Layer Security Group (TLS) at IETF 114. Find the information here.
  • "TLS and post-quantum" at Summer School in Post-Quantum Cryptography, 2022. Find the information here.
  • "Post-quantum cryptography" at Computer Webinar Series 2022 at Amirkabir University. Find the information here.
  • "Private Browsing" at OpenLabEC. Find the information here.
  • "Anonymous Tokens" at TPAC2023 at W3C. Find the information here.
  • Panellist at 'High-level multi-stakeholder event on the Future of the Internet' by the European Comission in collaboration with the Czech Presidency to the Council of the EU. Find the information here.
  • "Practically-exploitable vulnerabilities in Matrix" at the Privacy Enhancements and Assessments Research Group (PEARG) at IETF 115. Find the information here.
  • "Methodology to classify IPV aided by digital tools" at the Human Rights and Protocols Considerations Group (HRPC) at IETF 115. Find the information here
  • "Practical Cryptography" at the University of Bristol.
  • "Latin America and Cryptography" at "Beyond the Usual Suspects: A Workshop on Latin American Cyber Security", Royal Holloway, University of London.
  • "Practically-exploitable vulnerabilities in Matrix" at Blackhat Europe. Find the information here.
  • Expert consultation discussing the relationship between human rights and technical standard-setting at UN Human Rights Council. Find the information here.
  • "FrodoPIR: Simple, Scalable, Single-Server Private Information Retrieval" at Chalmers University of Technology. Find the information here.
  • "Designing cryptography for small organizations and projects" at Real World Crypto 2023. Joint submission with Alex Davidson and Peter Snyder. Find the information here.
  • "Report from Real World Crypto (RWC) 2023" at Security Area Open Meeting (SAAG) at IETF116. Find the information here.
  • "POPLAR/STAR measurements" at PPM WG at IETF 116. Find the information here.
  • "Failures of security/privacy in practice" at University of Twente.
  • Panellist at CrossFyre2023. Find the information here.
  • "Practically-exploitable Cryptographic Vulnerabilities in Matrix" at NOVA School of Science and Technology at Lisbon, Portugal. Find the information here.
  • Moderator at CENTR Jamboree 2023 in the panel "Research Initiatives to Assess the Impact of Post Quantum Cryptography on DNS". Find the information here.
  • "Private Information Retrieval: from theory to practice" at 14º Coloquio nacional de códigos, criptografía y áreas relacionadas. Find the information here.
  • Expert consultation discussing the relationship between human rights and technical standard-setting for new and emerging technologies at UN Human Rights Council.
  • Panellist at European Council on Foreign Relations (ECFR) 2023.
  • Exploring the impact of PQC on Cryptographic Key Management at CryptoVillage at DEFCON2023.
  • Friendship and Research at RISE: Research Insights and Stories for Enlightenment, co-located with CRYPTO2023. Couldn't attend due to family tragedy. Find the information here.
  • Panellist at 2nd Oxford Post-quantum Cryptography Workshop at University of Oxford. Find the information here.
  • "Introduction to Cryptography" at INCACrypto. Find the information here.
  • "Intimate Partner Violence Considerations in design of technology" at University of Bristol.
  • "MAYO and multivariate" at University of Bristol.
  • "MAYO and multivariate" at TII CRC Seminar Series.
  • Panellist at 'For Whom and by Whom? Achieving Locally Sustainable Impact through Digital Security Capacity Building' workshop.
  • Upcoming: Panellist at 'Regional Roundtable: Internet Fragmentation and Human Rights in Europe' workshop.
  • Upcoming: "New privacy mechanism and PQC" at VictorCrypto from the University of Michigan. Find the information here.
  • Upcoming: "Sigma and proof of knowledge protocols: state, limitations and future" at Cryptography and Related Fields at the AMS Joint Mathematics Meetings: AMS Special Session on Cryptography and Related Fields. Find the information here.
  • Upcoming: TBA at "New Trends in Post-Quantum Cryptography" at Oxford University.
  • Upcoming: TBA at at Oxford University at Summer School in Croatia 2024.
  • Upcoming: TBA at 'Privacy-Preserving technologies' workshop at Eurocrypt, 2024.

News

Happy news that help me with my imposter syndrome:

  • Nominated to be SEC AD at IETF. See here. Thank you whoever nominated me ;).