about me

photo of me Photo credit: Nimantha Baranasuriya

I am a PhD candidate in computer science at Stanford, advised by Dan Boneh.

The Applied Crypto Group is my academic home on campus, and I collaborate with folks from the Secure Computer Systems Group.

If I am not in the Gates Building, you can find me out enjoying the hills.


I build systems that use cryptography to empower and protect their users. Descriptions of a few major projects are below. For more details on my past research, please see my full list of publications.

Prio: Private Computation of Aggregate Statistics
Shipping in the Firefox browser (version 64).
Prio is a system for the privacy-preserving collection of aggregate statistics. The system achieves 50-100x speed-ups over comparable systems by using a new type of zero-knowledge proof on secret-shared data. A browser vendor could use Prio to learn how many users turn on "private browsing" mode, without learning which users these are. Prio supports a variety of common aggregation functions, including average, variance, approximate most-popular, and linear regression. (Joint work with Dan Boneh.)   Paper, NSDI 2017  •   Slides (.pdf)   •   Video   •   Experimental code
Deployment in Firefox:   Mozilla's blog post  •  Production code

Riposte: Anonymous Messaging at Million-User Scale
IEEE S&P Distinguished Paper Award.     Caspar Bowden PET Award.
Riposte is the first system for anonymous broadcast messaging that simultaneously protects against traffic-analysis attacks, prevents anonymous denial-of-service attacks by malicious clients, and scales to million-user anonymity sets. To achieve these properties, Riposte makes novel use of techniques from the domains of private information retrieval and secure multi-party computation. (Joint work with Dan Boneh and David Mazières.)   Paper, Oakland 2015  •   Slides (.pdf)   •   Video   •   Code My other work on anonymous messaging includes:Atom, SOSP 2017. Scaling mix-net systems to thousands of nodes.
Verdict, USENIX Sec. 2013. DoS-resistant anonymous communication.
Dissent, OSDI 2012. Making DC-nets closer to practical for messaging.

Preprocessing Attacks on the Discrete-Log Problem
Best Young Researcher Paper Award.
In a preprocessing attack, an adversary precomputes a data structure in an offline phase that lets it break a particular cryptosystem faster in a subsequent online phase. These attacks are relevant when many people use the same cryptographic parameters, as is the case with the standard discrete-log-based systems used on the Internet (e.g., in TLS and SSH). We prove that the existing discrete-log preprocessing attacks are essentially the best ones possible, amongst preprocessing attacks that operate in all groups. Our results imply that any improved preprocessing attack against standard elliptic-curve cryptosystems would somehow have to exploit the special structure of a particular curve. (Joint work with Dmitry Kogan.)   Paper, Eurocrypt 2018   •   Slides (.pdf)   •   Blog Post
Recently, we have studied preprocessing attacks against one-way functions and other cryptographic primitives.


An NSF Graduate Research Fellowship and an NDSEG Graduate Fellowship have generously funded my research at Stanford.

I graduated from Yale University in 2010 with a B.S. in computer science. Before that, I grew up in Berkeley, California and was a student at Berkeley High School