Michele Orrù

I am an Associate Research Professor at CNRS, working on cryptography for privacy-preserving authentication.

Research


My research seeks to build cryptographic systems for privacy-preserving authentication, with a focus on anonymous credentials, zero-knowledge proofs, and confidential transactions.

Zero-knowledge proofs. Much of my work is on zero-knowledge proofs. I have worked on zero-knowledge proof systems that remain secure under implementation subversion, and on new proof systems relying on discrete logarithm and learning with errors. I also co-designed Gemini, an elastic proof system whose techniques have influenced deployed and industrial ZK systems.

Anonymous credentials. Anonymous credentials are protocols that let users obtain and present credentials without being tracked. I have worked on blind issuance, keyed verification, and the security of related primitives such as blind signatures, threshold signatures, and multisignatures. Some of this research has informed systems for anonymous tokens and rate-limited anonymous credentials.

Confidential transactions. I have also worked on the cryptographic foundations of confidential transaction systems, including security analyses of MimbleWimble, a protocol used in several cryptocurrencies.

In the past, I contributed to open-source projects including Python, Debian, and Tor.




In theoretical cryptography authors are listed in alphabetical order, regardless of their contribution amount.

  • A Modular Approach for Keyed-Verification Anonymous Credentials [ePrint]
    Michele Orrù, Lindsey Tulloch, Victor Snyder-Graf, Ian Goldberg
    USENIX 2026 (Proceedings of the 35th USENIX Security Symposium)

  • A Fiat–Shamir Transformation From Duplex Sponges [ePrint]
    Alessandro Chiesa, Michele Orrù
    TCC 2025 (Proceedings of the 23rd Theory of Cryptography Conference)

  • Revisiting keyed-verification anonymous credentials [ePrint]
    Michele Orrù
    ACM CCS 2025 (Proceedings of the 32nd ACM Conference on Computer and Communications Security)

  • Beyond the circuit: How to Minimize Foreign Arithmetic in ZKP Circuits [ePrint],
    Michele Orrù, George Kadianakis, Mary Maller, Greg Zaverucha
    IACR Communications in Cryptology (Volume 2, Issue 1)

  • Oblivious issuance of proofs [ePrint],
    Michele Orrù, Stefano Tessaro, Greg Zaverucha, Chenzhi Zhu
    CRYPTO 2024 (Proceedings of the 44th Annual International Cryptology Conference)

  • zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs [ePrint],
    Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, Michele Orrù
    SCN 2024 (Proceedings of the 14th International Conference on Security in Communication Networks)

  • Non-interactive Mimblewimble transactions, revisited [ePrint],
    Georg Fuchsbauer, Michele Orrù
    ASIACRYPT 2022 (Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security)

  • Gemini: an elastic proof system for diverse environments [ePrint] [Talk] [Code],
    Jonathan Bootle, Alessandro Chiesa, Yuncong Hu, Michele Orrù
    EUROCRYPT 2022 (Proceedings of the 42nd Annual International Conference on Theory and Application of Cryptographic Techniques)

  • Publicly verifiable anonymous tokens with private metadata bit [ePrint],
    Fabrice Benhamouda, Tancrède Lepoint, Michele Orrù, Mariana Raykova
    Preprint.

  • A proposal for the standardization of ∑-protocols [PDF] [Talk] [Talk at NIST]
    Michele Orrù, Stephan Krenn
    4th ZKProof Workshop

  • On the (in)security of ROS [ePrint] [Talk],
    Best paper award
    Fabrice Benhamouda, Tancrède Lepoint, Julian Loss, Michele Orrù, Mariana Raykova
    EUROCRYPT 2021 (Proceedings of the 41st Annual International Conference on Theory and Application of Cryptographic Techniques)

  • Efficient Anonymous Tokens with Private Metadata Bit [ePrint] [Talk] [Code],
    Ben Kreuter, Tancrède Lepoint, Michele Orrù, Mariana Raykova
    CRYPTO 2020 (Proceedings of the 40th Annual International Cryptology Conference)

  • Aggregate cash systems: A cryptographic investigation of Mimblewimble [ePrint] [Talk],
    Georg Fuchsbauer, Michele Orrù, Yannick Seurin
    EUROCRYPT 2019 (Proceedings of the 38th Annual International Conference on Theory and Applications of Cryptographic Techniques)

  • Lattice-Based zk-SNARKs from SSPs [ePrint] [Talk] [Code],
    Rosario Gennaro, Michele Minelli, Michele Orrù, Anca Niţulescu
    ACM CCS 2018 (Proceedings of the 25th ACM Conference on Computer and Communications Security)

  • Non-Interactive Zaps of Knowledge [ePrint],
    Best paper award
    Georg Fuchsbauer, Michele Orrù
    ACNS 2018 (Proceedings of the 16th International Conference on Applied Cryptography and Network Security)

  • Homomorphic Secret Sharing: Optimizations and Applications [ePrint],
    Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orrù
    ACM CCS 2017 (Proceedings of the 24th ACM Conference on Computer and Communications Security)

  • Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection [ePrint],
    Michele Orrù, Emmanuela Orsini, Peter Scholl
    CT-RSA 2017 (Proceedings of The Cryptographers’ Track at the RSA Conference 2017)

  • A Fiat–Shamir Transformation From Duplex Sponges 12 Mar 2026 · Beijing, China · Tsinghua University 11 Feb 2026 · Vienna, Austria · TU Wien 2 Dec 2025 · Aarhus, Denmark · TCC 2025 24 Sep 2025 · Amsterdam, Netherlands · CWI 7 Aug 2025 · Stanford, California · Stanford Theory Seminar 20 May 2025 · London, United Kingdom · King’s College 4 May 2025 · Madrid, Spain · EUROCRYPT Permutation-Based Crypto Workshop

  • On the (in)security of ROS 11 Mar 2026 · Beijing, China · Peking University

  • A new software stack for building anonymous credential systems 4 Feb 2026 · Stanford, USA · Stanford Security Seminar 21 Jan 2026 · Berkeley, USA · UC Berkeley Sky Security Seminar

  • Des preuves zero-knowledge à l’anonymat en ligne 11 Dec 2025 · Paris, France · College de France

  • Sigma Protocols and Fiat–Shamir 17 Mar 2026 · Shenzhen, China · IETF 125 Crypto Forum 6 Nov 2025 · Montreal, Canada · IETF 124 Crypto Forum 25 Mar 2025 · Sofia, Bulgaria · ZKProofs 7 18 Mar 2025 · remote · IETF 122 CFRG

  • Revisiting Keyed-Verification Credentials 14 Oct 2025 · Taipei, Taiwan · ACM CCS 2025 4 May 2025 · Madrid, Spain · EUROCRYPT Cryptographic Applications Workshop 24 Apr 2025 · Cambridge, USA · MIT CSAIL Security Seminar 12 Dec 2024 · Paris, France · Université de Versailles


I love writing code. Side-quests involve orchestrating old electronic robot toys (I have a bunch of Furbys still that can be used for an art project), proving AES-encrypted messages, and other useless things.

I help maintain arkworks.rs, one of the most popular zero-knowledge proof libraries, and sigma-rs, an anonymous credential stack. I am the author of an up-and-coming library for the Fiat–Shamir transformation, the OCaml letsencrypt library for μ-kernels, and of a whistleblowing software Globaleaks.