About Me

I’m David Stainton, a self-taught hacker and protocol implementer. I lead the post-quantum cryptography work on Katzenpost, a mix network I’ve been building since the EU Horizon 2020 Panoramix project in 2017.

Recent work

• Two post-quantum hybrid variants of the Sphinx packet format. A NIKE Sphinx and a KEM Sphinx, both supporting hybrid post-quantum constructions. Code: core/sphinx. Specs: classical Sphinx, KEM Sphinx.

• Pigeonhole. Unlinkable message storage for mixnets, from our Echomix paper. Pseudorandom BACAP box locations sharded across replicas, fronted by couriers that never learn box IDs. Implementation currently in PR #985. Docs: protocol spec, group chat design, thin client howto, thin client API reference.

• Post-quantum Noise mixnet wire protocol. PQ Noise handshake integration in the Katzenpost wire protocol, via a fork of Yawning Angel’s Nyquist pq/experimental branch. Code: core/wire.

• hpqc. My post-quantum Go cryptography library. Ships a secure KEM combiner and an ad-hoc ElGamal-style NIKE-to-KEM adapter, so you can hybridize arbitrary numbers of NIKEs and KEMs together. Used throughout Katzenpost.

• IETF TLS working group. Active participant in both the post-quantum signatures discussion (pure ML-DSA vs. composite) and the ML-KEM pure-vs-hybrid discussion. My position on both: use hybrids. PQ cryptanalysis has already broken a handful of candidates in recent years, and lattices are young compared to elliptic curves. I’d rather not bet there are no more breaks coming.

Open to

Senior cryptography engineering roles at privacy-focused teams, full-time or contract. I work from Spain on a digital nomad visa, which means I can work remote for any company based outside Spain.

I’ve been in this space since before it was fashionable. Back in 2014, not long after the Snowden leaks, I wrote Honeybadger, at the time the most sophisticated detector of TCP injection attacks, including the NSA’s so-called “quantum insert” (a silly way to say “TCP injection”). I named it after the original honeybadger meme video. Since then my focus has been on cryptographic protocols and anonymous communication networks.

After a stretch of Tor-ecosystem research and development, in 2017 I joined the European Commission funded Horizon 2020 Panoramix project (Privacy and Accountability in Networks via Optimized Randomized Mix-nets), collaborating with some of the top European academic researchers to design and implement Katzenpost. I’ve been at it ever since.

I’ll describe the mix network threat model in detail if you want to talk about it: privacy notions, decoy traffic, messaging system design, timing attacks, cryptographic protocol construction, mitigating long-term passive statistical disclosure attacks by sufficiently global adversaries, mitigating active attacks such as n-1, sybil, and tagging. I give public talks about this work at security, hacker, and privacy conferences around Europe.

Katzenpost is an active open-source project.