David Wong is Founder at zkSecurity, research at Archetype. Formerly, Security Engineer at Facebook, Senior Security Consultant at the Cryptography Services practice of NCC Group. He has taken part in several publicly funded open source audits such as OpenSSL and Let's Encrypt. He has spoken at various conferences including Black Hat and DEF CON as well as giving a recurrent cryptography course at Black Hat.
He has contributed to standards like TLS 1.3 and the Noise Protocol Framework. He has found vulnerabilities in many systems including CVE-2016-3959 in the Golang standard library, CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870 in various TLS libraries.
Among others, he is the author of the Disco protocol (www.discocrypto.com and www.embeddeddisco.com) and the Decentralized Application Security Project for smart contracts (www.dasp.co). His research includes cache attacks on RSA (http://cat.eyalro.net/), protocol based on QUIC (https://eprint.iacr.org/2019/028), timing attacks on ECDSA (https://eprint.iacr.org/2015/839), or backdoors in Diffie-Hellman (https://eprint.iacr.org/2016/644). Prior to NCC Group, David graduated from the University of Bordeaux with a Masters in Cryptography.
