Subscribe to wiki
Share wiki
Bookmark
Dmitry Khovratovich
The Agent Tokenization Platform (ATP):Build autonomous agents with the Agent Development Kit (ADK)
Dmitry Khovratovich
Dmitry Khovratovich is a distinguished cryptographer, security researcher, and software architect recognized for his foundational contributions to password security, blockchain technology, and zero-knowledge proof systems. He is a co-creator of several widely adopted cryptographic primitives, including the Argon2 password hashing algorithm, which won the 2015 Password Hashing Competition; the Equihash proof-of-work algorithm used by cryptocurrencies like Zcash; and the Poseidon hash function, which has become a standard for zero-knowledge proof applications. Khovratovich is currently a researcher at the Ethereum Foundation, where he contributes to the core cryptographic development of the Ethereum protocol. [1] [2]
Education
Khovratovich began his academic career in applied mathematics, earning a Specialist Degree from Moscow State University, which he attended from 2002 to 2007. He then pursued doctoral studies at the University of Luxembourg from 2008 to 2011, joining its prestigious cryptology and security research group, CryptoLUX. Under the supervision of renowned cryptographer Alex Biryukov, he completed his Ph.D. in Computer Science with a specialization in cryptography. His doctoral research focused primarily on symmetric-key cryptanalysis, where he developed novel techniques for analyzing the security of widely used algorithms. [1] [3]
Career
Following the completion of his Ph.D., Khovratovich continued his work at the University of Luxembourg as a Research Associate from 2011 to 2016. During this highly productive postdoctoral period, he collaborated extensively with Alex Biryukov and other researchers at the Interdisciplinary Centre for Security, Reliability and Trust (SnT). This research led to his most notable creations, including the Argon2 and Equihash algorithms. In 2016, he co-founded ABDK Consulting, a specialized firm providing high-level security audits and cryptographic consulting for blockchain and decentralized finance (DeFi) projects, where he served as CTO and Lead Auditor. The firm notably audited Matter Labs' zkSync v1.0 before its mainnet launch. After his time with ABDK Consulting, he briefly worked at the Fidelity Center for Applied Technology. [1] [2]
In 2018, Khovratovich joined the Ethereum Foundation as a researcher, a role he continues to hold. At the foundation, his work is central to core protocol research and development, focusing on cryptography for blockchain scalability, privacy, and security. His areas of research include statelessness, Verkle trees, and the design and analysis of zero-knowledge proof systems. In addition to his role at Ethereum, he serves as a cryptographer for the Dusk Network, a privacy-focused blockchain. [3] [4]
Major Contributions and Research
Khovratovich's research has significantly influenced several areas of applied cryptography. He is credited with co-designing cryptographic primitives that have become industry standards for password protection, cryptocurrency mining, and zero-knowledge applications.
Password Security and Argon2
Khovratovich is a principal co-author of Argon2, a state-of-the-art key derivation function designed for securely hashing passwords. He developed the algorithm alongside Alex Biryukov and Daniel Dinu. Argon2 was created to address the growing threat of brute-force attacks on stored password hashes, particularly attacks accelerated by custom hardware like GPUs and ASICs. [1] [4]
The algorithm's primary innovation is its memory-hard design, which requires a significant and tunable amount of RAM to compute a hash. This makes it expensive to parallelize the hashing process on hardware that has limited memory per processing unit, such as GPUs, thereby leveling the playing field between defenders and attackers. Argon2 was designed with three distinct versions:
- Argon2d: Maximizes resistance to GPU cracking attacks by having memory access patterns that depend on the input password.
- Argon2i: Uses password-independent memory access patterns to provide resistance against side-channel timing attacks.
- Argon2id: A hybrid version that combines the benefits of Argon2d and Argon2i, offering resistance to both GPU and side-channel attacks.
In July 2015, Argon2 was selected as the sole winner of the international Password Hashing Competition (PHC), a multi-year contest organized to find a next-generation standard for password protection. This achievement solidified its status as a leading security primitive, and it is now widely recommended by security organizations, including OWASP, for password storage and key derivation. [1] [3]
Proof-of-Work Algorithms
Khovratovich has also designed influential Proof-of-Work (PoW) algorithms aimed at decentralizing cryptocurrency mining by resisting centralization caused by specialized hardware.
Equihash
Co-authored with Alex Biryukov, Equihash is an asymmetric, memory-hard PoW algorithm based on the generalized birthday problem. Its "asymmetric" nature means that generating a proof is computationally and memory-intensive, while verifying the proof is fast and requires minimal resources. This is ideal for blockchain applications, as full nodes can validate blocks without needing powerful hardware. [1] [2]
The core design principle of Equihash is to make RAM capacity the primary bottleneck for mining performance, rather than raw processing speed. This was intended to make the algorithm "ASIC-resistant," allowing miners to compete effectively using consumer-grade hardware like CPUs and GPUs and thus promoting a more egalitarian mining ecosystem. Due to this design and his foundational work, Khovratovich is considered a founding scientist of Zcash. The algorithm was famously adopted by the privacy-focused cryptocurrency Zcash (ZEC) at its launch in 2016 and has also been used by other projects, including Horizen (ZEN), Bitcoin Gold (BTG), and in a modified form by Beam. [3] [4]
CryptoNight
Khovratovich was also a key author of the CryptoNight PoW algorithm, developed by the CryptoNote team. Like Equihash, CryptoNight was designed for egalitarian mining but uses a different technical approach. It relies on random access to a large scratchpad (several megabytes) and makes memory latency—the time it takes to retrieve data from RAM—the main performance bottleneck. This design made it efficient for CPUs, which have sophisticated cache hierarchies and low-latency memory access, while being less efficient for GPUs and highly resistant to ASICs. CryptoNight was the original PoW algorithm for Monero (XMR) and other cryptocurrencies based on the CryptoNote protocol. [4]
Zero-Knowledge Proof Primitives
With the rise of zero-knowledge (ZK) technology for blockchain privacy and scalability, Khovratovich has focused on creating cryptographic primitives optimized for this domain.
Poseidon Hash Function
Khovratovich is a co-designer of Poseidon, a hash function created specifically for efficiency within zero-knowledge proof systems like zk-SNARKs and zk-STARKs. Standard hash functions such as SHA-256 are computationally expensive to represent as the arithmetic circuits required by ZK proofs. Poseidon is optimized for this algebraic environment, using a construction that significantly reduces the number of constraints in a circuit. This makes generating ZK proofs faster and cheaper. [3] [2]
Co-authored with Lorenzo Grassi and others, Poseidon has become a de facto standard for many ZK-based applications, particularly within the Ethereum ecosystem, where it is used in protocols and libraries aiming for on-chain privacy and scalability. Recognizing the need to ensure its long-term security, Khovratovich helps manage the Poseidon Initiative through the Ethereum Foundation. This initiative, established in late 2024 with a $500,000 fund, provides grants and bounties for third-party cryptanalysis of the hash function to rigorously test its security assumptions. [2]
Cryptanalysis
In addition to designing cryptographic systems, Khovratovich is an active cryptanalyst who analyzes and challenges the security of cryptographic primitives.
Symmetric-Key Cryptanalysis
In his early career, Khovratovich made significant contributions to the analysis of symmetric-key ciphers. He is known for co-developing biclique cryptanalysis, a technique he and his colleagues used to mount the first key recovery attack on the full 10-round AES-128. While the attack is only marginally faster than a brute-force search, it was a theoretically important result that provided new insights into the security margins of the world's most widely used encryption standard. His work in this area also includes the cryptanalysis of the Russian standard GOST hash function. In 2008, he co-authored a paper presenting the first collision attack on the full 256-bit GOST hash function, a significant achievement in hash function security. [1] [3]
Blockchain and ZKP Cryptanalysis
Khovratovich applies his analytical skills to primitives used in the blockchain space. In June 2022, he co-published findings demonstrating that Algorand's original subset-sum hash function was not collision-resistant. In December 2018, he published a cryptanalysis of the STARK-friendly hash functions Jarvis and Friday, identifying several potential attacks. He is a vocal proponent of public security analysis and frequently promotes bug bounty programs for breaking or finding weaknesses in ZK-friendly hashes, including Rescue Prime and MiMC, in addition to Poseidon. [2]
Publications and Academic Impact
Khovratovich has a prolific publication record in top-tier security and cryptography conferences, including ACM CCS, NDSS, EUROCRYPT, EuroS&P, and USENIX Security. His work is highly influential in both academic and applied circles. As of January 2026, his research has garnered over 16,900 citations, and his h-index is approximately 52. [1] [3]
Key publications include:
- Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., & Schofnegger, M. (2021). Poseidon: A New Hash Function for Zero-Knowledge Proof Systems. In USENIX Security Symposium.
- Biryukov, A., & Khovratovich, D. (2016). Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem. In Network and Distributed System Security Symposium (NDSS).
- Biryukov, A., Dinu, D., & Khovratovich, D. (2016). Argon2: the memory-hard functions for password hashing and other applications. In IEEE European Symposium on Security and Privacy (EuroS&P).
- Khovratovich, D., Nikolic, I., Pieprzyk, J., & Sokolowski, P. (2008). Rotational Cryptanalysis of ARX. In Fast Software Encryption (FSE). The full list of his publications is available on DBLP and Google Scholar. [1] [4]
See something wrong?
The Agent Tokenization Platform (ATP):Build autonomous agents with the Agent Development Kit (ADK)