A cryptographic portfolio · 2026

0000000000000
00000000000

Master’s student in computer science. University of Illinois Springfield.

The claim · VisiLock

π ⊢ Φ(D) = Φ(T)

e : 𝔾₁ × 𝔾₂ → 𝔾_T·Groth16 over BN254·192-byte π·8 ms verify

H_D0x00000000000000000000

Epoch τ2,180,000

π0x00000000000000000000

§ 01About

A graduate researcher writing protocols where trust becomes proof.

Every interface between a human and a machine encodes an unverified promise. Cryptography replaces that promise with a proof. The proof is small enough to publish, fast enough to verify, sound enough that lying breaks mathematics itself.

01.1Graduate researcher at the University of Illinois Springfield, working in applied cryptography under Dr. Goutham Reddy Alavalapati. Focus: zero-knowledge protocols that bind what users see to what their systems sign.

01.2A publicly verifiable display attestation protocol for cryptocurrency wallets. 4.0 GPA. Teaching assistant, applied cryptography lab.

01.3Outside the lab: top 2% globally on TryHackMe, CCNA certified, maintainer of an open source threat intelligence CLI and an autonomous SOC agent. The trajectory is a PhD in applied cryptography.

UIS · Graduate
4.0 GPA
CCNA · Cisco
Top 2% · TryHackMe

§ 02Flagship research

VisiLock. Eliminating blind signing.

A Groth16 circuit that binds what users see to what their wallets sign, without exposing private transaction data.

Problem · 02.0

A compromised wallet, browser extension, or front end shows the user a benign transaction and signs a different one. The summary and the payload come from independent code paths. The architecture provides no guarantee that what the user sees matches what gets signed. Over $1.5 billion has been stolen this way. $120M on BadgerDAO. $1.46B on ByBit. Neither attack involved a smart contract bug.

02.1VisiLock names the missing property: a rendered display and its signed transaction must be semantically equivalent. A TEE module modeled on ARM TrustZone reads the framebuffer directly from the display controller and computes a Poseidon commitment H_Dover the rendered semantic regions. The transaction summary is drawn through a canonical UI overlay whose layout the wallet cannot alter. H_D therefore reflects what the display hardware actually rendered, not what the wallet claims to display.

02.2A Groth16 zk-SNARK over BN254 then proves, without revealing any witness, that an extraction function Φ produces equal results on both sides. Φ maps either object to a canonical tuple of (recipient, value, contract, function, parameters). The circuit asserts Φ(D) ≡ Φ(T). If a single field disagrees the constraints become unsatisfiable and no valid proof can be constructed. The failure shows up at witness generation, not at verification.

02.3The baseline 48 byte semantic summary circuit compiles to 228,514 R1CS constraints. An on chain batch mode aggregates per call commitments into a Poseidon Merkle tree and produces a single proof. Gas drops by 75% (1.08M to 270K) for typical DeFi sequences. On L2, the cost of public verifiability falls under one cent.

~1.2sProof gen

~8msVerify

228KR1CS

128-bitSecurity

What is displayed ≢ What is signed

Read the full VisiLock paper

In development02.b · Active research · 2026

Proof-Carrying Information Flow for multi-agent systems.

Cryptographic enforcement for autonomous agent ecosystems where trust cannot be assumed and content-level filters fail.

Motivation · 02.b

Today's LLM agents process trusted instructions and adversarial data over the same channel. Indirect prompt injection, tool poisoning, memory corruption, and chained compromise propagate through agent ecosystems with no cryptographic accountability. Published bypass rates against content level filters sit near 85%.

02.b.1Replace content level guardrails with information flow cryptography. Every piece of data carries a label. User instructions, tool outputs, memory entries, retrieved documents, all of it. Labels propagate as the agent reasons, recording exactly what influenced what in a provenance DAG.

02.b.2Before any dangerous action, an admissibility gate evaluates the policy across the action's ancestry. It admits the action only if a zero knowledge proof attests the lineage is compliant. The verifier learns whether the proof is valid and nothing else.

02.b.3Trust composes across agents. When one agent forwards output to another, it attaches a proof. The receiver folds that proof into a recursive aggregate. A final verifier checks one constant size proof regardless of chain length.

9Protocol layers

ZKEnforcement

DAGProvenance

n → 1Aggregation

Status. Threat model and protocol design complete. Circuits and prover under construction. Target venue 2026.

Read the full PCIF paper

Long form research notes · two papers

Read the full constructions.

First-person accounts of both research lines, written with the engineering decisions and security reductions intact. Includes an interactive protocol diagram for VisiLock and the derisking benchmarks from the PCIF circuit on commodity GPU.

VisiLock Proof-Carrying Information Flow

All notes

§ 03Applied constructs

Beyond the proof. Instruments of defense.

Cryptography reasons about absolute trust. Security operations live in the noisy middle, where signals are partial and time is hostile. Two production tools that sit between.

§ 03.1

IOC-Enrich

Threat intelligence, unified.

Problem · 03.1

An analyst staring at a suspicious IP, hash, or domain has thirty browser tabs and ten minutes.

A professional grade enrichment CLI. It detects an IOC's type (IPv4, IPv6, domain, URL, MD5, SHA1, SHA256, email) and concurrently queries VirusTotal, AbuseIPDB, Shodan, URLScan, ThreatFox, and the rest. Risk scores collapse into a single CRITICAL / HIGH / MEDIUM / LOW / CLEAN verdict. Output is rich color coded terminal, JSON, Markdown, or CSV.

6+Intel sources

8IOC types

5Risk tiers

3Export formats

Stack. Python 3.8+ · CLI · concurrent enrichment · risk scoring · batch processing

Read project notes View source

§ 03.2

SOC-AI Agent

Autonomous incident triage.

Problem · 03.2

A SOC at 3 a.m. is one analyst, four hundred alerts, and a coffee.

An end to end autonomous SOC analyst. It parses Sysmon XML, Windows Event Logs, firewall logs, .eml phishing, PCAP, and raw text. It extracts every IOC. It concurrently enriches against seven threat intel APIs. It correlates against a SQLite history of prior investigations. It maps observed behavior against an 80 technique MITRE ATT&CK database using 30+ behavioral rules. The output is a weighted verdict with a reasoning chain, delivered as streaming HTML and PDF reports through a React dashboard.

7Intel APIs

80+ATT&CK techniques

30+Behavioral rules

Real-timeStreaming

Stack. Python 3.11 · FastAPI · aiohttp · SQLAlchemy · React 18 · Vite · WebSockets · Docker

Read project notes View source

§ 04Mathematical primitives

The cathedral of trust is mathematical.

Nine primitives compose every protocol that follows. Each one is a small theorem with global consequences.

04.01

zk-SNARK

Proofs without revelation.

succinct · non-interactive

04.02

Groth16

Three elements. Constant size.

192 bytes · 8 ms verify

04.03

BN254

254-bit pairing-friendly curve.

128-bit security

04.04

Poseidon

ZK-native sponge hash.

8× fewer constraints than SHA-256

04.05

Semantic Binding

Display ≡ payload.

commitment ↔ rendered state

04.06

Pairings

Bilinear maps. The geometry of proof.

e : 𝔾₁ × 𝔾₂ → 𝔾_T

04.07

R1CS

The rank-one constraint system.

circom → witness → proof

04.08

Trusted Setup

Powers of Tau. One honest ceremony.

τ kept secret · τ destroyed

04.09

Pedersen

Hiding + binding commitments.

C = mG + rH

§ 05Arsenal

What I build with.

05.01 · Cryptographic

Groth16
Circom
snarkjs
Risc0 zkVM
Poseidon
BN254
Pedersen
R1CS
EIP-712

05.02 · Blockchain

Solidity
Foundry
EVM
ARM TrustZone
BN254 precompiles

05.03 · Systems

Rust
Python
FastAPI
WebSockets
SQLite
Docker
Splunk
MITRE ATT&CK

§ 06Contact

Send a message.

For research collaborations, security work, or PhD discussions.

000000000000000000000000