I’m a teaching assistant and PhD candidate at the Vrije Universiteit Brussel, at the ETRO-IRIS lab.

My research interests are cryptography and privacy engineering. In particular, I research tools that support building peer-to-peer online social networks.


  • : SHA 3 and Keccak variants computation speeds on constrained devices.

    (, , , and )
    The final publication is available via Elsevier at https://dx.doi.org/10.1016/j.future.2021.09.042 or download the


    In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible.

    In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms. All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C.

    Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-f[800] always outperforms other permutations based on Keccak- when the capacity stays below 276 bits. In addition, Keccak-f[800] has the added advantage of using less flash memory on 32-bit platforms.

  • : Circuitree: A Datalog Reasoner in Zero-Knowledge.

    (, , , , , and )
    The final publication is available as open access at IEEE Access via https://dx.doi.org/10.1109/ACCESS.2022.3153366 download the


    Driven by the increased consciousness in data ownership and privacy, zero-knowledge proofs (ZKPs) have become a popular tool to convince a third party of the truthfulness of a statement without disclosing any further information. As ZKPs are rather complex to design, frameworks that transform high-level languages into ZKPs have been proposed. We propose Circuitree, a Datalog reasoner in zero-knowledge. Datalog is a high-level declarative logic language that is generally used for querying. Furthermore, as a logic language, it can also be used to solve logic problems. An application using Circuitree can efficiently generate ZKPs, based on Datalog rules and encrypted data, to prove that a certain conclusion follows from a Datalog ruleset and encrypted input data. Compared to existing frameworks, which generally use their own limited imperative languages, Circuitree uses an existing high-level declarative language. We point out several applications for Circuitree, including EU Digital COVID Certificates and privacy-preserving access control for peer-to-peer (p2p) networks. Circuitree’s performance is evaluated for access control in a p2p network. First results show that our approach allows for fast proofs and proof verification for this application.

  • : Glycos: the basis for a peer-to-peer, private online social network.

    (, , , and )
    The final publication is available at Springer via https://dx.doi.org/10.1007/978-3-030-16744-8_9 or download the


    Typical Web 2.0 applications are built on abstractions, allowing developers to rapidly and securely develop new features. For decentralised applications, these abstractions are often poor or non-existent. By proposing a set of abstract but generic building blocks for the development of peer-to-peer (decentralised), private online social networks, we aim to ease the development of user-facing applications. Additionally, an abstract programming system decouples the application from the data model, allowing to alter the front-end independently from the back-end. The proposed proof-of-concept protocol is based on existing cryptographic building blocks, and its viability is assessed in terms of performance.

  • : Glycos: an extensible, resilient and private peer-to-peer online social network.

    (, , and )
    download the


    Online privacy typically comes in two forms. At one hand, users can typically choose with whom of their connections to share information, and have plenty of social privacy controls. The so-called \textit{privacy problem} is more about institutional privacy, whereby the service provider fails to securely store users’ data, be it on purpose or not (danah boyd & Hargittai, 2010). When on purpose, these data are often mined for profit through resale of profiles; often called profiling.

    One way of giving back this institutional privacy to citizens, is by taking away the institution as a whole, by decentralising the application. Care has to be taken as not to make potential “re-centralisation” possible, as is happening to email, where a few large email server providers take up large portions of worldwide email traffic. Mailchimp, a large email marketing company, reports GMail having over 1.8 billion more email delivered than Hotmail (Khan, 2015), and online resources seem to suggest that both Microsoft and GMail are by far the world most popular email service providers (Datanyze, 2018; Lewkowicz, 2017).

    By opting for a carefully designed peer-to-peer design, the risk of this “re-centralisation” can be minimised.

    Several noteworthy efforts have been made to “re-decentralise” online social media platforms, not only academic, also commercial and community projects. These efforts often adapt underlying protocols on a per-feature basis, slowing down the development process, and often scaring off non-domain-specialist developers. This is in contrast with how web development and mobile app development works, where developers have APIs such as cookies, SQL (often with ORM), and REST. These APIs offer developers an abstract method of reasoning about their application.

    We explore a peer-to-peer, fully trustless, obfuscated graph-database model, that is only readable and efficiently traversable by legitimate users. Outsiders only learn a minimal amount of metadata, without revealing content nor structure of the graph database.

    This database model is designed as building block for development of online social media, keeping in mind mobile-friendliness, scalability, and efficiency.

Master Thesis supervision

  • Godden, T. (2020). Blindly enforcing access control policies on encrypted data using zero-knowledge: access control for privacy-focussed, peer-to-peer online social media applications (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Assi, G. (2020). Efficient control of secured wireless sensor and actuator networks using a Keccak sponge: an implementation for a competitive chess environment (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • El Khattuti, Y. (2020). Implementation and evaluation of a Keccak-based symmetric authentication Protocol on RFID (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Contryn, A. (2019). Secure communication between IoT devices for short messages (Master Thesis). Vrije Universiteit Brussel. Belgium.

Project management and contribution

  • RustIEC VLAIO TETRA HBC.2021.0066