I'm a Research Scientist at VISA Research in Palo Alto, CA. Previously, I was a postdoctoral associate in Computer Science at Yale University. During my postdoc, I worked with Joan Feigenbaum (Yale) and Bryan Ford (EPFL) on low-latency anonymous communication and secure multi-party computation. I received my Ph.D. in Computer Science from University of New Mexico in 2016, an M.S. in Computer Science from UNM in 2012, and a B.S. in Computer Engineering from Amirkabir University of Technology in 2007.


Computer Security and Privacy, Distributed and Cloud Computing, Algorithms and Software Development [more]

I am interested in:
  1. Designing distributed algorithms that can scale to large networks;
  2. Making them provably robust against adversarial or non-adversarial faults;
  3. Guaranteeing their users' privacy;
  4. Rigorously analyzing their performance to find bottlenecks that limit their practicality;
  5. Building software systems based on them to solve a day-to-day problem.

Current projects

  • RapidChain: A scalable and churn-tolerant blockchain consensus protocol
  • PriFi: A low-latency protocol for anonymous communication in local-area networks [abstract]

    Popular anonymity mechanisms such as Tor provide small communication latency, but are vulnerable to traffic-analysis attacks that can de-anonymize users. Besides, known traffic-analysis resistant techniques such as Dissent are impractical for use in latency-sensitive settings such as wireless networks. We propose PriFi, a low-latency protocol for anonymous communication that is provably-secure against traffic-analysis attacks. PriFi allows members of an organization to access the Internet anonymously while they are on-site (via privacy-preserving WiFi networking) or off-site (via privacy-preserving virtual private networking or VPN).

    We reduce communication latency by using a client-relay-server architecture, where a set of servers pre-compute cryptographic material that can cause a major latency bottleneck in the anonymization process when computed on the fly. This architecture, however, introduces vulnerability to equivocation attacks that can be run by a malicious relay to de-anonymize the clients. We describe a simple technique that can prevent such attacks without adding extra latency to the communication.

  • TorBricks: A bridge distribution algorithm for Tor with blocking-resistance and privacy-preserving properties [abstract]
    Tor is currently the most popular network for anonymous Internet access. It critically relies on volunteer nodes called bridges for relaying Internet traffic when a user's ISP blocks connections to Tor. Unfortunately, current methods for distributing bridges are vulnerable to malicious users who obtain and block bridge addresses.

    We propose TorBricks, a protocol for distributing Tor bridges to $n$ users, even when an unknown number ${t < n}$ of these users are controlled by a malicious adversary. TorBricks distributes $O(t\log{n})$ bridges and guarantees that all honest users can connect to Tor with high probability after $O(\log{t})$ rounds of communication with the distributor. We also extend our algorithm to perform privacy-preserving bridge distribution when run among multiple untrusted distributors. This not only prevents the distributors from learning bridge addresses and bridge assignment information, but also provides resistance against malicious attacks from a $\lfloor m/3 \rfloor$ fraction of the distributors, where $m$ is the number of distributors.

Previous projects

  • Scalable Multi-Party Computation: A secure multi-party computation protocol scalable to millions of nodes [abstract]
    We propose scalable protocols for solving the secure multi-party computation (MPC) problem among a large number of parties. We consider both the synchronous and the asynchronous communication models. In the synchronous setting, our protocol is secure against a static malicious adversary corrupting less than a $1/3$ fraction of the parties. In the asynchronous setting, we allow the adversary to corrupt less than a $1/8$ fraction of parties.

    For any deterministic function that can be computed by an arithmetic circuit with $m$ gates, both of our protocols require each party to send a number of field elements and perform an amount of computation that is $\tilde{O}(m/n + \sqrt n)$. We also show that our protocols provide statistical and universally-composable security. To achieve our asynchronous MPC result, we define the threshold counting problem and present a distributed protocol to solve it in the asynchronous setting. This protocol is load balanced, with computation, communication and latency complexity of $O(\log{n})$, and can also be used for designing other load-balanced applications in the asynchronous communication model./>

  • Secure Decentralized Shuffling: A multi-party shuffling protocol robust against malicious faults [abstract]
    In secure multi-party shuffling, multiple parties, each holding an input, want to agree on a random permutation of their inputs while keeping the permutation secret. This problem is important as a primitive in many privacy-preserving applications such as anonymous communication, location-based services, and electronic voting. Known techniques for solving this problem suffer from poor scalability, load-balancing issues, trusted party assumptions, and/or weak security guarantees.

    We propose an unconditionally-secure protocol for multi-party shuffling that scales well with the number of parties and is load-balanced. In particular, we require each party to send only a polylogarithmic number of bits and perform a polylogarithmic number of operations while incurring only a logarithmic round complexity. We show security under universal composability against up to about $n/3$ fully-malicious parties. We also provide simulation results showing that our protocol improves significantly over previous work. For example, for one million parties, when compared to the state of the art, our protocol reduces the communication and computation costs by at least three orders of magnitude and slightly decreases the number of communication rounds.