let π : 𝕏 → 𝟙{accept, reject}∀ x ∈ 𝕏 : Pr[π(x) accepts | x ∈ ℒ ] = 1(Q.E.D.)
✦ A CRYPTOGRAPHIC PORTFOLIO · 2026

GOKULKRISHNAN

VENKATESAN

H(NAME) = 0xa1·b2·c3·9f·77·d2·8e·44·6c·b1·05·ee·3a·90·f8·12

Designing zero-knowledge protocols at the boundary of human intent and mathematical certainty.

CRYPTOGRAPHYZERO-KNOWLEDGESECURITY OPSUIS · GRADUATE
↓ TRAVERSE
∂(prover) / ∂(intent) := mathematical certainty
01/ ABOUT THE PROVER

A graduate researcher
writing protocols where trust becomes
proof.

POSTULATE · 01.0
Every interface between a human and a machine encodes an unverified promise. Cryptography lets us replace that promise with a proof — small enough to publish, fast enough to verify, sound enough that lying breaks mathematics itself.
01.1

Graduate researcher at the University of Illinois Springfield, working in applied cryptography under Dr. Goutham Reddy Alavalapati. Focus: zero-knowledge protocols that bind what users see to what their systems sign.

01.2

One paper currently under review at IEEE CNS 2026 — a publicly verifiable display-attestation protocol for cryptocurrency wallets (§ 02). 4.0 GPA. Teaching assistant, applied cryptography lab.

01.3

Outside the lab: top 2% globally on TryHackMe; CCNA-certified; maintainer of an open-source threat-intel CLI and an autonomous SOC agent (§ 03). Trajectory → PhD in applied cryptography.

UIS · GRADUATE4.0 GPAIEEE CNS 2026 · UNDER REVIEWCCNA · CISCOTOP 2% · TRYHACKME
§ 01 · about
prove( hash(rendered_display) ≡ hash(signed_payload) )
02/ FLAGSHIP RESEARCH

VisiLock —
eliminating blind signing

A Groth16 circuit binding what users see to what their wallets sign — without exposing private transaction data.
PROBLEM · 02.0
A compromised wallet, browser extension, or front-end shows the user a benign transaction and signs a different one. The summary and the payload are produced by independent code paths, so the architecture provides no guarantee that what the user sees matches what gets signed. Over $1.5 billion has been stolen this way — $120 M on BadgerDAO, $1.46 B on ByBit — without exploiting a single smart-contract bug.
02.1

VisiLock formalizes the missing property as display–transaction semantic alignment and constructs a publicly verifiable proof that it holds. A TEE module running in the Secure World — modeled on ARM TrustZone — reads the framebuffer directly from the display controller and computes a Poseidon commitment H_D over the rendered semantic regions. The transaction summary itself is rendered through a canonical UI overlay whose layout the wallet cannot alter, so H_D reflects what the display hardware is actually rendering rather than what the wallet claims to display.

02.2

A Groth16 zk-SNARK over the BN254 pairing-friendly curve then proves, without revealing any witness, that the extraction function Φ — mapping either object to a canonical tuple of (recipient, value, contract, function, parameters) — produces equal results on both sides: Φ(D) ≡ Φ(T). The R1CS circuit enforces that H_D and H_T are consistent with their preimages, that Φ has been applied correctly to each, and that every field matches component-wise. If a single field disagrees, the constraints become unsatisfiable and no valid proof can be constructed — the failure is detected at witness generation, not at verification.

02.3

Rather than parse arbitrary unbounded calldata in-circuit, VisiLock uses three fixed-size semantic-summary buckets: 48 bytes covers ETH and ERC-20 transfers and simple approvals; 100 bytes covers compact router-style swap summaries; 175 bytes covers larger bridge-intent and lending summaries (e.g., Across bridge intents, Aave V3 borrows). The 48-byte baseline circuit compiles to 228,514 R1CS constraints — text rendering through a depth-7 Poseidon Merkle font tree dominates at 52%, SHA-256 message hashing at 27%, comparators and routing at 20%. Crossing the Groth16 2¹⁸ → 2¹⁹ FFT-domain boundary at 175 bytes drives a 1.56× proof-time jump, which is precisely why the protocol routes between buckets rather than running one maximal circuit.

02.4

The on-chain verifier enforces five checks in sequence: chain-ID binding (cross-chain replay protection), canonical transaction commitment, TEE attestation against an allowlisted firmware- measurement registry with 5-minute quote freshness and a 24-hour validity window, Groth16 proof verification through Ethereum's BN254 precompiles, and quote authentication. A four-call batch mode aggregates per-call display and transaction commitments into a Poseidon binary Merkle tree and produces a single proof — reducing on-chain gas by 75% (1.08 M → 270 K) for typical DeFi sequences such as approve + swap.

02.5

The security argument is a reduction. Display Integrity follows from TEE isolation and Poseidon collision resistance. Semantic Binding reduces to Groth16 knowledge soundness under q-SDH and KEA, plus Poseidon collision resistance: any prover producing an accepting proof on (H_D, H_T) for which Φ(D) ≠ Φ(T) is converted, by Groth16's knowledge extractor, into a Poseidon collision — which occurs with negligible probability. The DisplayBind adversarial game generates 100 misaligned (D, T) pairs across recipient swaps, value inflation, selector mismatches, hidden-call injection, and parameter reorder, plus incident-driven scenarios reproducing the BadgerDAO and ByBit attack patterns. Every misalignment was rejected at witness generation.

02.6

The deployment cost of public verifiability over a TEE-only baseline is 2.4× — 192 K gas (signed assertion) versus 462 K gas (Groth16 proof). On L1 this is roughly $28 per transaction at 30 gwei; on Optimism it is under one cent, on Arbitrum and Base under ten. The deployment story is therefore L2-native: routine transactions stay on the cheaper TEE-only path, while high-value flows that need a publicly checkable alignment claim — bridges, large transfers, treasury moves — pay 2.4× for a property the wallet ecosystem has been missing for a decade.

~1.2 s/ PROOF GEN
~8 ms/ VERIFY
~45 K/ R1CS
128-bit/ SECURITY
↳ INTERACTIVE DEMO · OBSERVE THE RIFT
DISPLAY LAYER · WHAT YOU SEE
TO0x7a3F…b92E
VALUE1.500 ETH
CALLtransfer()
CHAINmainnet · 1
SIGNING LAYER · WHAT YOU SIGN
TO0x7a3F…b92E
VALUE1.500 ETH
CALLtransfer()
CHAINmainnet · 1
AWAITING VERIFICATION

SEMANTIC RIFT

WHAT IS DISPLAYED ≢ WHAT IS SIGNED
02.b · IN DEVELOPMENT◌ active research · 2026

Proof-Carrying Information Flow for multi-agent systems.

Cryptographic enforcement for autonomous agent ecosystems where trust cannot be assumed and content-level filters fail.
MOTIVATION
Today's LLM agents process trusted instructions and adversarial data over the same channel. Indirect prompt injection, tool poisoning, memory corruption, and chained compromise propagate through agent ecosystems with no cryptographic accountability. Published bypass rates against content-level filters and classifiers sit near 85%.
02.b.1

Replace content-level guardrails with information-flow cryptography. Every piece of data — user instructions, tool outputs, memory entries, retrieved documents — carries a label. Labels propagate as the agent reasons, recording exactly what influenced what in a provenance DAG that grows alongside execution.

02.b.2

Before any dangerous action, an admissibility gate evaluates whether the policy is satisfied across the action's entire ancestry — and admits the action only if a zero-knowledge proof attests that the lineage is policy-compliant. The verifier learns whether the proof is valid and nothing else: no internal documents, no memory contents, no reasoning traces ever leak.

02.b.3

Trust composes across agents. When one agent forwards output to another, it attaches a proof; the receiver verifies it and folds it into a recursive aggregate so a final verifier checks one constant-size proof regardless of chain length. A compromise at any agent breaks the chain at that boundary — and a tamper-evident commitment log enables retroactive blast-radius mapping when a source is later reclassified as malicious.

9/ PROTOCOL LAYERS
ZK/ ENFORCEMENT
DAG/ PROVENANCE
n→1/ PROOF AGGREGATION
STATUS · threat model + protocol design complete · circuits + prover under construction · target venue 2026
ZK PROOFSINFORMATION FLOWMULTI-AGENTPROVENANCE DAGRECURSIVE AGGREGATIONHOMOMORPHIC ENCRYPTION
§ 02 · research / visilock + agent flow
applied(theory) := { tools s.t. SOC analyst sleeps tonight }
03Σ/ APPLIED CONSTRUCTS

Beyond the proof —
instruments of defense.

Cryptography reasons about absolute trust. Security operations live in the noisy in-between, where signals are partial and time is hostile. Two production tools that bridge the two.
§ 03.1

IOC-Enrich

threat intelligence, unified.
PROBLEM
An analyst staring at a suspicious IP, hash, or domain has thirty browser tabs and ten minutes.

A professional-grade enrichment CLI. It detects an IOC's type — IPv4, IPv6, domain, URL, MD5, SHA1, SHA256, email — then concurrently queries VirusTotal, AbuseIPDB, Shodan, URLScan, ThreatFox and friends. Risk scores collapse into a single CRITICAL / HIGH / MEDIUM / LOW / CLEAN verdict, with rich color-coded terminal output and JSON / Markdown / CSV exports.

6+/ INTEL SOURCES
8/ IOC TYPES
5/ RISK TIERS
3/ EXPORT FORMATS
STACK · Python 3.8+ · CLI · concurrent enrichment · risk scoring · batch processing · free-tier friendly
→ VIEW SOURCE
§ 03.2

SOC-AI Agent

autonomous incident triage.
PROBLEM
A SOC at 3 a.m. is one analyst, four hundred alerts, and a coffee.

An end-to-end autonomous SOC analyst. It parses Sysmon XML, Windows Event Logs, firewall logs, .eml phishing, PCAP and raw text; extracts every IOC; concurrently enriches against seven threat-intel APIs; correlates against a SQLite history of past investigations; maps observed behavior against an 80-technique MITRE ATT&CK database via 30+ behavioral rules; and synthesizes a weighted verdict with a reasoning chain — delivered as streaming HTML and PDF incident reports through a React dashboard.

7/ INTEL APIS
80+/ ATT&CK TECHNIQUES
30+/ BEHAVIORAL RULES
REAL-TIME/ STREAMING
STACK · Python 3.11 · FastAPI · aiohttp · SQLAlchemy · React 18 · Vite · Tailwind · WebSockets · Docker
→ VIEW SOURCE
§ 03 · projects
∀ proof ∃ primitive s.t. proof = compose(primitives)
04ζ/ MATHEMATICAL PRIMITIVES

The cathedral
of trust is mathematical.

Nine primitives compose every protocol that follows. Each one is a small theorem with global consequences.
04.01
ζzk-SNARKProofs without revelation.succinct · non-interactive
04.02
πGroth16Three elements. Constant size.192 bytes · 8 ms verify
04.03
𝔼BN254254-bit pairing-friendly curve.128-bit security
04.04
ψPoseidonZK-native sponge hash.8× fewer constraints than SHA-256
04.05
ΣSemantic BindingDisplay ≡ payload.commitment ↔ rendered state
04.06
ΦPairingsBilinear maps. The geometry of proof.e : 𝔾₁ × 𝔾₂ → 𝔾_T
04.07
ΔR1CSThe rank-one constraint system.circom → witness → proof
04.08
ΩTrusted SetupPowers of Tau. One honest ceremony.τ kept secret · τ destroyed
04.09
μPedersenHiding + binding commitments.C = mG + rH
§ 04 · primitives
ARSENAL := { x : x is sharp ∧ x has been used in production }
05π/ ARSENAL

What I build
with.

05.01 · CRYPTOGRAPHIC
Groth16·Circom·snarkjs·Poseidon·BN254·Pedersen·TEE Attestation·EIP-712
05.02 · BLOCKCHAIN
Smart Contract Audit·DeFi Analysis·Wallet Security·Consensus·EVM·Solidity
05.03 · SECURITY OPERATIONS
Splunk·MITRE ATT&CK·Threat Intel·Malware Analysis·SOC Triage·IR Playbooks
§ 05 · toolkit
□ : end of proof. signature := { content || hash || pk }
06/ SIGNATURE / CONTACT

Send a signed
message.

For research collaborations, security work, or PhD discussions.
EMAILkrishngokulv@gmail.comGITHUBgithub.com/krishngokulvLINKEDINlinkedin.com/in/gokulkrishnan-v-324832212
Where human intent meets cryptographic certainty.
§ 06 · contact