I am Mathias Hall-Andersen (“rot256” on the internet), a PhD in theoretical cryptology (from Aarhus University) with a broad interest in both theoretical and practical information security, as well as privacy enhancing technologies including: cryptography, cryptanalysis, coding theory, reverse engineering, vulnerability research and anything which lies in the intersection. I love building and breaking real-world systems; particularly when they involve cryptography, with a soft spot for succinct arguments (SNARKs).
Now I am part of ZKSecurity which does security auditing and engineering for advanced cryptography with a focus on zero-knowledge type applications: SNARKs, recursive proofs, anonymous credentials etc. If you are building with such technologies, or planning to build with them, you should reach out to us: because of our strong team and focus, we find bugs that many others miss.
In my free time I play/organize CTFs with Kalmarunionen / Norsecode, I also work on open source software and enjoy various types of swing dancing. On this site I post cryptography related technical content, ideas too small for a paper, projects I have been working on and write-ups for CTF challenges (usually exploitation / reversing / cryptography challenges).
Education
| Period | Title | Institution |
|---|---|---|
| 2020 - 2024 | PhD in Theoretical Cryptography | Aarhus University (CS Dept.) |
| 2022 (fall) | Visiting Researcher | Boston University (BUSec) |
| 2017 - 2020 | Master in Computer Science | University of Copenhagen |
| 2019 (fall) | Master Thesis (Contingent Payments) | Aarhus University |
| 2018 (fall) | Exchange | ETH Zürich (D-INFK) |
| 2017 | Bachelor Thesis (Linear Cryptanalysis) | Technical University of Denmark |
| 2014 - 2017 | Bachelor in Computer Science | University of Copenhagen |
Work
| Period | Title | Institution |
|---|---|---|
| 2024 - | Senior Consultant/Cryptographer. | ZKSecurity |
| 2020 - 2024 | PhD Student | Aarhus University |
| 2023 (summer) | Internship, Research / Engineering, Fromager | Galois |
| 2022 (summer) | Internship, Cryptographic Engineering (Rust) | O(1) Labs |
| 2021 (summer) | Internship (Development/Research on DARPA SIEVE) | Trail of Bits |
| 2020 (fall) | Instructor in Distributed Systems and Security | Aarhus University |
| 2020 (summer) | Internship (Development/Research on DARPA SIEVE) | Trail of Bits |
| 2020 (spring) | External lecturer in Proactive Computer Security | University of Copenhagen |
| 2019 (fall) | Open source development on WireGuard-rs (NGI; Next-Generation Internet grant) | NLnet (Sponsor) |
| 2019 (spring) | Instructor in Proactive Computer Security | University of Copenhagen |
| 2018 (summer) | Internship (Security Consultant – Cryptography) | NCC Group, New York (Cryptography Services) |
| 2017 (fall) - 2018 | Teaching Assistant in Practical Cryptology | Technical University of Denmark |
| 2017 (summer) | Google Summer of Code (created WireGuard-go) | WireGuard (Linux Foundation) |
| 2016 (fall) | Instructor in Computer Systems | University of Copenhagen |
| 2016 | Student Assistant | Deloitte Cyber Risk Services |
| 2015 | Java Programmer | Skandinaviska Enskilda Banken |
Research
Preprints
- Jackpot: Non-Interactive Aggregatable Lotteries
Nils Fleischhacker, Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner. - Dora: Processor Expressiveness is (Nearly) Free in Zero-Knowledge for RAM Programs
Aarushi Goel, Mathias Hall-Andersen, Gabriel Kaptchuk. - Foundations of Data Availability Sampling
Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner.
Publications
- Curve Trees: Practical and Transparent Zero-Knowledge Accumulators for USENIX 2023.
Matteo Campanelli, Mathias Hall-Andersen and Simon Holmgaard Kamp. - Speed-Stacking: Fast Sublinear Zero-Knowledge Proofs for Disjunctions for Eurocrypt 2023.
Aarushi Goel, Mathias Hall-Andersen, Gabriel Kaptchuk and Nicholas Spooner. Presentation - On Valiant’s Conjecture: Impossibility of IVC from Random Oracles for Eurocrypt 2023.
Mathias Hall-Andersen and Jesper Buus Nielsen. Presentation (by me) - Efficient Proofs of Software Exploitability for Real-world Processors for PoPETs 2023.
Matthew Green, Mathias Hall-Andersen, Eric Hennenfent, Gabriel Kaptchuk, Benjamin Perez and Gijs Van Laer. - Automated Analysis of Halo2 Circuits for SMT 2023.
Fatemeh Heidari Soureshjani, Mathias Hall-Andersen,
Mohammad Mahdi Jahanara, Jeffrey Kam, Jan Gorzny, Mohsen Ahmadvand. - Secure Multiparty Computation with Free Branching for Eurocrypt 2022.
Aarushi Goel, Mathias Hall-Andersen, Aditya Hegde and Abhishek Jain. Presentation. - Stacking Sigmas: A Framework to Compose Σ-Protocols for Disjunctions for Eurocrypt 2022.
Aarushi Goel, Matthew Green, Mathias Hall-Andersen and Gabriel Kaptchuk. Presentation (by me). - Efficient Set Membership Proofs using MPC-in-the-Head for PoPETs 2022.
Aarushi Goel, Matthew Green, Mathias Hall-Andersen, and Gabriel Kaptchuk. Presentation. - Count me in! Extendability for Threshold Ring Signatures for Asiacrypt 2022.
Diego F. Aranha, Mathias Hall-Andersen, Anca Nitulescu, Elena Pagnin and Sophia Yakoubov. Presentation. - Veksel: Simple, Efficient, Anonymous Payments with Large Anonymity Sets… for AsiaCCS 2022.
Matteo Campanelli and Mathias Hall-Andersen. Presentation (by me) - Game Theory on the Blockchain: A Model for Games with Smart Contracts, for SAGT 2021.
Mathias Hall-Andersen and Nikolaj I. Schwartzbach - Generating Graphs Packed with Paths, for IACR-FSE-2019.
Mathias Hall-Andersen and Philip S. Vejre Presentation (by me). - nQUIC: Noise-Based QUIC Packet Protection, for EPIQ'18 (ACM)
Mathias Hall-Andersen, David Wong, Nick Sullivan and Alishah Chator.
Languages
Fluent in Danish, English, Rust, Python, Sage, C, Go, LaTex, a slew of assembly languages and cryptographic jargon. Shaky in a lot more…
Writing
A few examples of my technical writing:
- Blog post about FRI proximity test. (SNARKs / coding theory)
- Blog post about git-ring. (ring signatures)
- Blog post about differential fault attacks. (hardware attacks)
- Blog post about zero-correlation linear cryptanalysis. (symmetric cryptanalysis)
- Documentation/explainer of accumulation schemes. (recursive zero-knowledge proofs)
- Blog post about Reverie. (fast zero-knowledge proofs)
Contact
| Github | https://github.com/rot256 |
| Personal Email | \(\text{math}\)\(\text{ias}\)\(@\)\(\text{hall-an}\text{dersen.dk}\) |
| PGP Key | /key.asc or keybase.io, Fingerprint: 71e1ec2b778745710667d51dae331b20b3c8a5c2 |
| Website | rot256.dev – you are looking at it. |
| DBLP | https://dblp.org/pid/225/9829.html |
Questions? Comments? Interesting projects? Need help building/breaking cryptography?
Feel free to drop me an email :)