about blog contact cv work

work

Want know my work?


Mentoring

I've mentored or I'm mentoring (as part of the Brave or Cloudflare internship program):

  • Shai Levin. His website can be found here.
  • Joe Rowell. His website can be found here. Mentoring with Alex Davidson and Gonçalo Pestana.
  • Lenka Mareková. Her website can be found here. Mentoring with Bas Westerbaan.
  • Thom Wiggers. His website can be found here.
  • Goutam Tamvada. His website can be found here.

Academic texts
  • 'A Fast and Simple Partially Oblivious PRF, with Applications' with Nirvan Tyagi, Thomas Ristenpart, Nick Sullivan, Stefano Tessaro, and Christopher A. Wood.
    Conference paper. International Conference on the Theory and Applications of Cryptographic Techniques in Europe 2022.
    Find it here and an extended version here.

  • 'Implementing and Measuring KEMTLS' with Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan and Christopher A. Wood.
    Conference paper. International Conference on Cryptology and Information Security in Latin America 2021.
    Find it here, and an extended version here.

  • 'A tale of two models: formalizing KEMTLS in Tamarin' with Thom Wiggers, Jonathan Hoyland, Douglas Stebila.
    Conference paper. 27th European Symposium on Research in Computer Security (ESORICS) 2022.
    Find it here, and an extended version here.
    Runner-up for best paper award at ESORICS2022.

  • 'FrodoPIR: Simple, Scalable, Single-Server Private Information Retrieval' with Alex Davidson and Gonçalo Pestana.
    Peer-reviewed journal. Proceedings on Privacy Enhancing Technologies (PETS). Vol. 2023, Issue 1. To appear.
    Find an extended version here.

  • 'Practically-exploitable Cryptographic Vulnerabilities in Matrix' with Martin R. Albrecht, Benjamin Dowling and Daniel Jones.
    Symposium Proceedings. 44th IEEE Symposium on Security and Privacy (IEEE S&P) 2023.
    Find an extended version here. See our website here.
    Awarded with Distinguished Paper Award (DPA) at IEEES&P 2023.

  • 'Constellation: Privacy-Preserving Measurement of Fine-Grained Data'. Under Review/Submission.

  • 'DiStefano: Decentralized Infrastructure for Sharing Trusted Encrypted Facts and Nothing More'. Under Review/Submission.

Published text

I have some other informal published texts:

  • 'No evidence of communication: Off-The-Record Protocol version 4'. Find it here. This extended abstract was written for HotPETS from PETS2018.
  • 'Privacy and deniability by design: Off-the-Record messaging version 4'. Find it here. This extended abstract was written for PUT2019.
  • 'The current state of denial'. Find it here. This extended abstract was written for HotPETS from PETS2020. This is a joint collaboration with Iraklis Symeonidis.
  • Contributor at 'Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups'. Find it here.
  • Author of 'Privacy Pass: The Protocol'. Find it here.
  • Author of 'Definition of End-to-end Encryption'. Find it here.
  • Reviewer and happy collaborator to 'Crypto Dictionary' from the amazing JP Aumasson. Find it here.
  • Blogpost at Cloudflare with Thom Wiggers: "KEMTLS: Post-quantum TLS without signatures". Find it here.
  • "On the Importance of Understanding Memory Handling" for Welcome to the Jungle. Find it here.
  • Blog post at Cloudflare with Pop Chunhapany and Armando Faz-Hernández: "Privacy Pass v3: the new privacy bits". Find it here.
  • Blog post at Cloudflare: "The quantum solace and spectre". Find it here.
  • Blog post at Cloudflare: "The post-quantum state: a taxonomy of challenges". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Deep dive into a post-quantum signature scheme". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Deep dive into a post-quantum key encapsulation algorithm". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada: "Using EasyCrypt and Jasmin for post-quantum verification". Find it here.
  • Blog post at Cloudflare with Goutam Tamvada and Thom Wiggers: "Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless". Find it here.
  • Blog post at Cloudflare with Nick Sullivan: "The post-quantum future: challenges and opportunities". Find it here.
  • Blog post at Cloudflare with Angela Huang: "International Women’s Day 2022". Find it here.
  • Blog post at Brave with Alex Davidson and Gonçalo Pestana: "FrodoPIR: a new privacy-preserving approach for retrieving data". Find it here.
  • IRTF draft: "Intimate Partner Violence Digital Considerations" with Juliana Guerra and Mallory Knodel. Find it here.

Notes

Some informal notes and thoughts:

  • 'A note on Privacy-Preserving Measurements Techniques'. Find it here. Extra material for a PEARG presentation.
  • 'STAR and verifiability of shares'. Find it here. Extra material for a PPM presentation.

Groups I'm part of
  • The amazing Brave Research Team
  • Collaborating with Open Quantum Safe (OQS)
  • Criptógrafas Latinoamericanas
  • Criptolatino
  • Women in Cryptography
  • PQC MAYO scheme team. Find our website here.

Organizer

I love organizing summits and gatherings:

  • Latin American cryptographers group. Are you a Latin American working in Cryptography? Ping me!
  • OTRv4 summit colocated with PETS2019, Stockholm, Sweden. Find more information here and here.
  • Secure messaging summit 2020. Find more information here.
  • Meeting around Deniability at Real World Crypto 2021. Find more information here.
  • Informal meeting around Anonymous Credentials at Real World Crypto 2021. Find more information here.
  • Workshop on digital rights for Latin American women at Taller de Comunicación Mujer.
  • Second meeting around Anonymous Credentials. Find more information here.
  • Post-quantum cryptography and networks (PQNet). Find more information here.
  • Criptolatino: the Latin American community of cryptographers workshop at LatinCrypt2021. Find more information here.
  • Post-quantum cryptography and networks (PQNet) at RWC2022. Find more information here.

Reviews/Advisor

I am/I was part of the review committee for these events:

  • PETS2020, PETS 2021, PETS 2022, PETS 2023: Artifact Review Committee. See what is it about here.
  • USENIX: Artifact Review Committee. See what is it about here.
  • Journal of Cryptographic Engineer 2022.
  • Subreviewer: LATIN: The 15th Latin American Theoretical Informatics Symposium, 2022.

I'm a technical advisor for:

I moderate talks on:


Program Committee
  • Security Standardisation Research Conference 2022 (SSR22). See what it is about here.
  • Security Standardisation Research Conference 2023 (SSR23).
  • ACM Workshop on SW Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 2022. See what it is about here.
  • Workshop on High Assurance Crypto Software (HACS). See what it is about here.
  • Workshop on Real World and PQC. 2023. See what it is about here.
  • Real World Crypto (RWC). 2023. See what it is about here.
  • Workshop on Offensive Technologies (WOOT). 2023. See what it is about here.
  • ACM Workshop on SW Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 2023. See what it is about here.
  • International Conference on Cryptology and Information Security in Latin America (Latincrypt). 2023. See what it is about here.
  • Privacy Enhancing Technologies Symposium (PETS). 2024. See what it is about here.
  • IEEE Symposium on Security and Privacy (S&P). 2024. See what it is about here.
  • ETSI-IQC Quantum-Safe Cryptography Workshop. 2024. See what it is about here.
  • Conference for Failed Approaches and Insightful Losses in Cryptology (CFAIL). 2024. See what it is about here.
  • International Conference on Applied Cryptography and Network Security (ACNS). 2024. See what it is about here.
  • 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS). 2024. See what it is about here.

Ethics Committee
  • Research Ethics Comittee at IEEE Symposium on Security and Privacy (S&P). 2024. See what it is about here.

Award Committee
  • Applied Networking Research Prize. See what it is about here.

IETF/IRTF/W3C Chair
  • Co-chair of the Human Rights Protocols Considerations group (HRPC) at IRTF. See what it is about here. Chairing with Mallory Knodell.
  • Co-chair of the Post-Quantum Use In Protocols (PQUIP) at IETF. See what it is about here. Chairing with Paul Hoffman.
  • Co-chair of the Anti-Fraud community group at W3C. See what it is about here. Chairing with Mohamed Allibhai and Steven Valdez.

Conference Chair
  • Co-chair of Advanced School in Cryptography (ASCrypto), 2023, as part of LatinCrypt2023.

Grants/Sponsorships received

For my work, I sometimes receive grants or sponsorships:

  • NLnet and NGIO Zero: NGI0 PET Fund, 2020. A grant received for continue working on the OTRv4 project. Find more information here.
  • Cloudflare: Sponsorship for Cryptography Research, 2020.
  • USENIX Security '20: Diversity grant.
  • Grant to attend HACS.
  • Article19: Grant to attend IETF106.

Awards
  • Academic scholarship for high school studies.
  • Academic scholarship for University studies from Universidad Católica del Ecuador: 2012-2017.
  • Roll of honour: Conservatorio Nacional de Música.

Interviews

I've given some interviews:

  • Cryptography FM. Find it here.
  • Radios Libres. Find it here.
  • The Daily Swig, around KEMTLS. Find it here.
  • GK, around learning to program and childhood. Find it here.
  • Portrait de Sofía Celi, Ingénieure en cryptographie chez CloudFare. Find it here.
  • 'Modern and Quantum Cryptography - what does the future hold?' at Distributed Future. Find it here.
  • 'Da criptografia à computação quântica' at Made In Tech. Find it here.
  • 'Serious vulnerabilities in Matrix’s end-to-end encryption have been patched' at Ars Technica. Find it here.
  • 'IETF launches post-quantum encryption working group' at IETF News. Find it here.
  • 'Criptografia na América Latina e no Caribe - Entrevista com Sofía Celi' at ObCrypto. Find it here.

Talks

I've given tons of talks:

  • Elliptic Curves: from magic to Goldilocks at CryptoRave2018, São Paulo, Brazil (2018).
  • "No evidence of communication: Off-The-Record Protocol version 4" at PETS2018, Barcelona, Spain. Watch the talkhere.
  • "No evidence of communication: OTRv4 (Off-the-Record) v4" at the Privacy Enhancements and Assessments Proposed Research Group (PEARG) from IETF 103 (2018).
  • "No evidence of communication and morality in protocols: Off-the-Record protocol version 4", at the 35th Chaos Computer Congress (35c3), Leipzig, Germany. Watch the talkhere.
  • "Deniability in a group chat setting" at the Message Layer Security (MLS) group from IETF (2019).
  • "Deniability in a group chat setting" at the Message Layer Security (MLS) group from IETF (2019).
  • "No evidence of communication and implementing a protocol: Off-the-Record protocol version 4" at FOSDEM 2018, Brussels, Belgium. Watch the talkhere.
  • "Clang tools for implementing cryptographic protocols like OTRv4" at Euro Developers meeting 2018, Brussels, Belgium. Watch the talkhere.
  • "A case around secure messaging: OTRv4" at the Computer Security and Industrial Cryptography (COSIC) from the Katholieke Universiteit Leuven, Leuven, Belgium. Watch the talkhere.
  • "The loss of the sovereignty in privacy" at Security in Times of Surveillance event, Eindhoven, The Netherlands. Watch the talk here.
  • "A case around secure messaging: OTRv4" at EI/Ψ seminar from the Eidenhoven University of Technology, Eindhoven, The Netherlands, 2019. Find more informationhere.
  • "A case around secure messaging: OTRv4" at DS Colloquium from the Radboud University in Nijmegen, The Netherlands, 2019. Find the information here.
  • "Privacy and deniability by design: Off-the-Record messaging version 4" at the Open Day for Privacy, Usability, and Transparency (PUT 2019) from PETS2019 at Stockholm, Sweden. Find the information here.
  • "A case around secure messaging: OTRv4" at the Ss. Cyril and Methodius University in Skopje, Macedonia, 2019. Find the information here.
  • "Off-the-Record" at HotRFC from IETF 106 at Singapore, Singapore, 2019. Find the information here.
  • "Security and privacy, an unsustainable balance" at Our Data, Our Future: Radical Tech for a Democratic Digital Society from DECODE, Turin, Italy, 2019. Find the information here.
  • "The state of secure messaging: the case of OTR" at "Critical Decentralisation Cluster" at the 36th Chaos Computer Congress (36c3), Leipzig, Germany, 2019. Find the information here.
  • "Communicating in private way: should we care?" at "Critical Decentralisation Cluster": part of the panel, 2020. Find the information here.
  • "A case around secure messaging: OTRv4" at the University of Luxembourg City, Luxembourg, 2020.
  • "Communicating in private way: should we care?" at "Legal Hackers Meetup": part of the panel, 2020. Find the information here.
  • "Why Golang" at Women Who Go Paris, 2020. Find the information here.
  • "The current state of denial" at HotPETS from PETS2020. Find the information here.
  • "The devil is in the detail: designing and implementing the 4th version of the Off-the-Record messaging protocol" at The 8th Technion Summer School on Cyber and Computer Security Privacy in Challenging Times. Find the information here.
  • "The double-ratchet algorithm: its security and privacy properties" at Cryptography Meetup. Find the information here.
  • "Las siete vidas de un gato post-quántico" with Armando Faz for CFTV from Cloudflare. Find the information here.
  • "The state of digital rights in Latin America", happening at rc3.Find the recording here.
  • "Post-quantum TLS without handshake signatures" with Peter Schwabe, Douglas Stebila, Thom Wiggers and Armando Faz at Real World Crypto 2021. Find the information here.
  • "'I thought I was being strong with a complicated person': the tales of intimate gender-based online abuse in the Global South" at Enigma2021, a Usenix Conference. Find the information here.
  • "The state of denial" at the Research Seminar in the Information Security Group at Royal Holloway. Find the information here.
  • "DMLS: Deniable MLS" at MLS Working Group, IETF110. Find the information here.
  • "OPAQUE with TLS 1.3" at TLS Working Group, IETF110. Find the information here.
  • "Anonymous Credentials: Highlights from the meeting" at Privacy Pass Working Group, IETF110.
  • "KEMTLS" with Thom Wiggers for CFTV from Cloudflare. Find the information here.
  • "Introducción a la Criptografía" at Kriptos (internal talk).
  • "A Fast and Simple Partially Oblivious PRF, with Applications" with Nirvan Tyagi at Brave Browser Meeting (internal talk).
  • "PO-PRFs" at CFRG at IETF111 with Armando Faz-Hernández. Find the information here.
  • "Public Metadata and Privacy Pass" at IETF111. Find the information here.
  • "Authentication with KEMs for TLS1.3" with Thom Wiggers at IETF111. Find the information here.
  • "End-to-end encryption" with Mallory Knodell at SecDispatch at IETF111. Find the information here.
  • "Gallery of Latin American Malware" at SOUPS2021. Find the information here.
  • "Implementing and Measuring KEMTLS" at Google Cryptographic Group with Armando-Faz Hernández.
  • "Introductions to networks and post-quantum algorithms using isogenies" at Isogeny-based Cryptography School. Find the information here.
  • "How private is secure messaging?". Invited Lecture at the Conference on Selected Areas in Cryptography (SAC2021). Find the information here.
  • "OPRFs: what they are, new constructions and new applications" at TII CRC Seminar Series. Find the information here.
  • "Implementing and Measuring KEMTLS" at Latincrypt2021. Find the information here.
  • "Privacy Pass attacks in practice" at Anti-Fraud for the Web breakout session at TPAC2021. Find the information here.
  • "OPRFs: past and future" at the Cornell's Security Seminar.
  • "Desde curvas elípticas a teoría quántica: Qué es la criptografía?" at the Congreso Trascendencias, Universidad Campus Mexicali.
  • "Introduction to Cryptography" at the 21st edition of Semana de Informática at the Faculty of Engineering of the University of Porto, Portugal. Find the information here.
  • Cancelled: "Challenges of isogenies in post-quantum cryptography for the real-world" at the Isogeny School.
  • "TLS and post-quantum" at PQNet, 2022. Find the information here.
  • "De Turing a Shor: la computación" at Días de las Niñas en TIC, 2022. Find the information here.
  • Panellist at 'Introducing a pro-encryption agenda in Latin America' at AC-LAC with ELAC. Find the information here.
  • "Secure Messaging" at the Applied Cryptography course at Radboud University, 2022.
  • "KEMTLS: Post-quantum TLS without signatures; Lessons-Learnt from PQC Implementations" at ESA Workshop on "Secure Communications for Space Missions in the Post-Quantum Era", 2022.
  • "Challenges and Opportunities in Post-Quantum Cryptography for networks and protocols" at HotRFC at IETF 114. Find the information here.
  • "PPM techniques: informal comparison" at the Privacy Enhancements and Assessments Research Group (PEARG) at IETF 114. Find the information here.
  • "Post-Quantum NIST Process" at the Crypto Forum Research Group (CFRG) at IETF 114. Find the information here.
  • "NIST PQC Announcement " at the Transport Layer Security Group (TLS) at IETF 114. Find the information here.
  • "TLS and post-quantum" at Summer School in Post-Quantum Cryptography, 2022. Find the information here.
  • "Post-quantum cryptography" at Computer Webinar Series 2022 at Amirkabir University. Find the information here.
  • "Private Browsing" at OpenLabEC. Find the information here.
  • "Anonymous Tokens" at TPAC2023 at W3C. Find the information here.
  • Panellist at 'High-level multi-stakeholder event on the Future of the Internet' by the European Comission in collaboration with the Czech Presidency to the Council of the EU. Find the information here.
  • "Practically-exploitable vulnerabilities in Matrix" at the Privacy Enhancements and Assessments Research Group (PEARG) at IETF 115. Find the information here.
  • "Methodology to classify IPV aided by digital tools" at the Human Rights and Protocols Considerations Group (HRPC) at IETF 115. Find the information here
  • "Practical Cryptography" at the University of Bristol.
  • "Latin America and Cryptography" at "Beyond the Usual Suspects: A Workshop on Latin American Cyber Security", Royal Holloway, University of London.
  • "Practically-exploitable vulnerabilities in Matrix" at Blackhat Europe. Find the information here.
  • Expert consultation discussing the relationship between human rights and technical standard-setting at UN Human Rights Council. Find the information here.
  • "FrodoPIR: Simple, Scalable, Single-Server Private Information Retrieval" at Chalmers University of Technology. Find the information here.
  • "Designing cryptography for small organizations and projects" at Real World Crypto 2023. Joint submission with Alex Davidson and Peter Snyder. Find the information here.
  • "Report from Real World Crypto (RWC) 2023" at Security Area Open Meeting (SAAG) at IETF116. Find the information here.
  • "POPLAR/STAR measurements" at PPM WG at IETF 116. Find the information here.
  • "Failures of security/privacy in practice" at University of Twente.
  • Panellist at CrossFyre2023. Find the information here.
  • "Practically-exploitable Cryptographic Vulnerabilities in Matrix" at NOVA School of Science and Technology at Lisbon, Portugal. Find the information here.
  • Upcoming: TBA at 14º Coloquio nacional de códigos, criptografía y áreas relacionadas.
  • Upcoming: TBA at RISE: Research Insights and Stories for Enlightenment, co-located with CRYPTO2023
  • Upcoming: "PPM techniques and privacy" at IETF en América Latina.
  • Upcoming: "New privacy mechanism and PQC" at VictorCrypto from the University of Michigan. Find the information here.