about me

photo of me Photo credit: Nimantha Baranasuriya

I am a PhD candidate in computer science at Stanford, advised by Dan Boneh.

The Applied Crypto Group is my academic home on campus, and I collaborate with folks from the Secure Computer Systems Group.

If I am not in the Gates Building, you can find me out enjoying the hills.


research

I build systems that use cryptography to empower and protect their users. Descriptions of a few major projects are below. For more details on my past research, please see my full list of publications.

Prio: Private Computation of Aggregate Statistics
Prio is a system for the privacy-preserving collection of aggregate statistics. The system achieves 50-100x speed-ups over comparable systems by using a new type of zero-knowledge proof on secret-shared data. A browser vendor could use Prio to learn how many users turn on "private browsing" mode, without learning which users these are. Prio supports a variety of common aggregation functions, including average, variance, approximate most-popular, and linear regression. (Joint work with Dan Boneh.)
Paper (NSDI 2017)   •   Slides (.pdf)   •   Video
Experimental code   •   Mozilla's production code

Riposte: Anonymous Messaging at Million-User Scale
IEEE S&P Distinguished Paper Award.     Caspar Bowden PET Award.
Riposte is the first system for anonymous broadcast messaging that simultaneously protects against traffic-analysis attacks, prevents anonymous denial-of-service attacks by malicious clients, and scales to million-user anonymity sets. To achieve these properties, Riposte makes novel use of techniques from the domains of private information retrieval and secure multi-party computation. (Joint work with Dan Boneh and David Mazières.)
Paper (Oakland 2015)   •   Slides (.pdf)   •   Video   •   Code
My other work on anonymous messaging includes:
Atom (SOSP 2017),   Verdict (USENIX Sec. 2013),   Dissent (OSDI 2012)

Preprocessing Attacks on the Discrete-Log Problem
Best Young Researcher Paper Award.
In a preprocessing attack, an adversary precomputes a data structure in an offline phase that lets it break a particular cryptosystem faster in a subsequent online phase. These attacks are relevant when many people use the same cryptographic parameters, as is the case with the standard discrete-log-based systems used on the Internet (e.g., in TLS and SSH). We prove that the existing discrete-log preprocessing attacks are essentially the best ones possible, amongst preprocessing attacks that operate in all groups. Our results imply that any improved preprocessing attack against standard elliptic-curve cryptosystems would somehow have to exploit the special structure of a particular curve. (Joint work with Dmitry Kogan.)
Paper (Eurocrypt 2018)   •   Slides (.pdf)   •   Blog Post


history

An NSF Graduate Research Fellowship and an NDSEG Graduate Fellowship have generously funded my research at Stanford.

I graduated from Yale University in 2010 with a B.S. in computer science. Before that, I grew up in Berkeley, California and was a student at Berkeley High School