Cryptography
Engineering cryptographic systems where misuse is the default threat: interfaces, key management, protocol composition, and side-channel hygiene.
Best starting points
PQC Research Series — Part 3
QROM is not “ROM but stronger.” It changes the oracle interface (superposition queries), breaks classical proof tactics (rewinding/programming), and turns Fiat–Shamir security into a tighter, system-bound claim.
PQC Research Series — Part 4
Reduction tightness is where PQC security meets operations: loose reductions consume margin, force parameter inflation, and turn “provably secure” into a bandwidth/RAM/latency problem.
PQC Research Series — Part 1
A formal adversary taxonomy for PQC deployments: classical vs quantum vs QROM, with explicit resource accounting (queries, memory, time) and system-boundary assumptions.
PQC Research Series — Part 2
LWE/SIS are not “magic hardness.” They are interface contracts with worst-case/average-case reductions, structural trade-offs (Ring/Module), and concrete security heuristics (BKZ/sieving) that real systems routinely violate.
Termination Is a Security Boundary: HotStuff Under UC, Delay Attacks, and the Uncomfortable Gap to Rust
Paper note (March 2026): a UC-style termination proof for HotStuff, the real invariant it relies on, and what changes when you ship it as a low-level Rust system under adversarial latency.
Roadmap
- Threat model and assumptions as interfaces
- Key lifecycle: generation, storage, rotation, erasure
- Protocol composition + downgrade resistance
- Operational readiness: audits, monitoring, incident playbooks