Ethan Heilman

Biography:

I was currently a principal software engineer at Cloudflare. I am the inventer of OpenPubkey and develop and maintain the OpenPubkey Linux Foundation project. I do research on network security, cryptography and cryptocurrency. I was the CTO of BastionZero, a company I co-founded, where I was helping to build the authentication protocols of the future. I joined Cloudflare after BastionZero was acquired by Cloudflare in 2024.

In 2022 I graduated with a Phd from Boston University's Computer Science Department and was member of the security research group BUSec. Sharon Goldberg was my advisor. At Boston University my research focus was on the RPKI and Bitcoin. I have done research on novel attacks on hash functions, differential cryptanalysis, Intelligent Transit Systems and cache based side channel attacks. In 2009 I broke Spectral Hash the SHA3 contestant as part of the NIST Hash Function Competition. In 2017 I broke Curl-P the hash function used by the cryptocurrency IOTA.

Prior to graduate school I worked as a software engineer at the Broad Institute where I wrote microbial bioinformatics annotation software. I've also worked as a software developer at two successful startups, Pubget and Jumptap.
My email address is ethan.r.heilman@gmail.com, my github, on mastodon @ethan_heilman@hexagon.space, on twitter @Ethan_Heilman and my CV is available here.

Publications:

ColliderScript: Covenants in Bitcoin via 160-bit hash collisions

OpenPubkey: Augmenting OpenID Connect with User-held Signing Keys

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Vulnerability Disclosure and Proof-of-Concept

FSE2020: IACR Transactions on Symmetric Cryptology (2020),

BlackHat USA (2018),

Real World Crypto (2019),

The Arwen Trading Protocols

FC'20: 20th International Conference of Financial Cryptography,

The rewards of selfish mining: technical perspective

Communications of the ACM,