Danny Willems -- Work In Progress

A mathematician fighting for privacy and security on the Internet, while dreaming about describing the Universe with equations and symbols.

Research Publications Public Talks Open source software contributions CV Education Blog PGP public key Recommended softwares Contact Proton calendar for cryptography and cybersecurity events

Senior Cryptography Engineer & Researcher @ o1Labs/Mina
Co-founder @ LeakIX

Cryptography engineer @ Nomadic Labs/Tezos
First Software engineer @ B2C2
Software engineer @ Be Sport (Intern)
Intern researcher - Gallium team @ INRIA Paris

Hi! I am Danny Willems. I am a mathematician with multiple interests, mostly related to computer sciences and theoretical physics.
I spend most of my time trying to provide a better Internet for everyone. With this mission in mind, I co-founded LeakIX in 2021 with Gregory Boddin and we aim to be the Internet red team. I am also a senior cryptography engineer at o1Labs, a company catalyzing a new generation of applications powered by zero-knowledge cryptography.
My current interest in cryptography is incrementally verifiable computation. I have also been interested in arithmetization-oriented cryptographic primitives. On my free-time I read about cybersecurity, low-level code optimizations, formal verification and mathematics applied to physics. I also enjoy doing recreational mathematics.
Nowadays, I like getting my hands dirty coding in C, OCaml, Rust and read assembly code. Constantly requiring to be in an intellectually stimulating environment.
Regarding my personality, I am a curious person, I appreciate debating respectfully. I enjoy being surrounded by self-minded and respectful people, but I need to be in my world more than the average. In public, I might act as an introvert, but you will see sparkles in my eyes if you start talking about maths, computer sciences or sciences in general.

Research publications

New Design Techniques for Efficient Arithmetization-Oriented Hash Functions:Anemoi Permutations and Jive Compression Mode

Advanced cryptographic protocols such as Zero-knowledge (ZK) proofs of knowledge, widely used in cryptocurrency applications such as Zcash, Monero, Filecoin, demand new cryptographic hash functions that are efficient not only over the binary field $\mathbb{F}_{2}$, but also over large fields of prime characteristic $\mathbb{F}_{p}$. This need has been acknowledged by the wider community and new so-called Arithmetization-Oriented (AO) hash functions have been proposed, e.g. MiMC-Hash, Rescue–Prime, Poseidon, Reinforced Concrete and Griffin to name a few.

Clémence Bouvier and Pierre Briaud and Pyrros Chaidos and Léo Perrin and Robin Salen and Vesselin Velichkov and Danny Willems

New optimization techniques for PlonK’s arithmetization

PlonK is a universal and updatable zk-SNARK for general circuit satisfiability that allows a verifier to check the validity of a certain NP statement very efficiently, optionally in zero-knowledge. PlonK requires that the NP relation of interest be expressed as a system of so-called PlonK constraints. Such conversion is complex and can be implemented in various ways, having a great impact on the prover complexity (which is typically linearithmic in the number of PlonK constraints).
We propose several general results for simplifying PlonK constraint systems, which produce more compact but equivalent systems and can lead to significant performance improvements. We also develop an automated optimizer of constraints, based on our techniques, that can be used to construct very compact and less error-prone constraint systems, favoring a more auditable circuit design.

Miguel Ambrona, Anne-Laure Schmitt, Raphael R. Toledo, and Danny Willems

To a typed language for modular programming

Modular programming consists of splitting programs in components called modules. In the functional programming language OCaml, the core and the module language are ruled by different typing systems. In this work, based on the calculus DOT, we develop a typing system and a subtyping algorithm for a language where the core and module languages are indistinguishable. For instance, functions and functors have the same types and records and modules are not different objects. We also describe a surface language "à la ML" making it easy to write programs. In addition to that, we provide an OCaml implementation of the typing and subtyping algorithm.

Danny Willems, master thesis directed by François Pottier

Public talks

ZK11: o1VM: Building a Real-World zkVM for MIPS

Invited talks on main stage to talk about o1VM: a zkVM we are building at o1Labs. In this talk, we will present o1vm, a general-purpose zkVM which can be used to prove the correct execution of MIPS programs. Learn about the ISA specifics supported by this zkVM, as well as an encoding technique for bitwise operations that was used to efficiently implement standard hash functions with high algebraic complexities like Keccak. I also dive into the implementation of a folding scheme and RAMLookups, our distinctive take on "additive lookups", and how they were leveraged to handle long execution traces and to efficiently represent random-memory access, an expensive component of zkVMs.

Danny Willems

A zkVM for the MIPs architecture and OP fault proofs

Invite from SevenX Venture to talk about the recent work about the zkVM we have been working on at O(1) Labs

Danny Willems

ZKProof5 - Anemoi & Jive: New Arithmetization-Oriented tools for Plonk app

Invitation to give a talk during ZKProof5 in Tel Aviv to present the work on Anemoi & Jive, available here.

Clémence Bouvier and Danny Willems

Open source software contributions

Octez: an OCaml implementation of the Tezos protocol (Dec 2019 - Present)

Tezos is a blockchain that offers both consensus and meta-consensus, by which we mean that Tezos comes to consensus both about the state of its ledger, and also about how the protocol and the nodes should adapt and upgrade. For more information about the project, see https://tezos.com.

ocaml-bls12-381: an efficient OCaml implementation of the pairing-friendly curve BLS12-381 (January 2020 - Present)

This library provides a fast implementation of operations over the scalar field, including (i)FFT, operations over the groups G1 and G2, including EC-FFT, hash_to_curve as described in this specification and the pippenger algorithm for fast multi scalar exponentiation, operations over the target group of the pairing (GT), written additively, and pairing from $G1 x G2 to GT$. Notable users include Octez, an OCaml implementation of the Tezos protocol to allow arithmetic operations over BLS12-381 in the smart contract language Michelson.

ocaml-bls12-381-hash: efficient C and OCaml implementation of hash functions over the scalar field of BLS12-381 (Aug. 2022 - Present)

This library provides efficient C and OCaml factory implementations of hash functions like Anemoi, Poseidon, Rescue or Griffin over the scalar field of BLS12-381. Notable users include Plompiler, a monadic Domain Specific Language embedded in OCaml that can be used to build circuits for aPlonK.

ocaml-bls12-381-signature: OCaml implementation of BLS signature for BLS12-381 (June 2021 - Present)

The library provides BLS signatures for the pairing friendly curve BLS12-381. The code follows the specification available here. Notable users include Transactionnal Rollups (TORU) and Smart Contract Rollups (SCORU), scaling solutions implemented in Octez, an OCaml implementation of the Tezos protocol.

Plompiler: a monadic Domain Specific Language embedded in OCaml than can be used to build circuits for aPlonK (2021 - Present)

Programs written in Plompiler are typed to increase safety and can be compiled to their circuit representations or interpreted directly in OCaml for testing. Together with the circuit, Plompiler also returns an efficient one-pass solver that given an input finds a valid assignment for the wires of the circuit. Additionally, Plompiler contains a generic optimizer capable of significantly reducing the size of commonly developed circuits. Flamegraphs can be generated to inspect the generated circuits and guide the optimization of each primitives. The library also features a highly performant set of primitives for hashing (Poseidon and Anemoi) and signing. My contribution are sporadic, e.g. when a new primitive has to be implemented or when peer-coding with the cryptography team at Nomadic Labs.

Mec: Modular Experimental Cryptography library in OCaml (April 2020 - Present)

Mec provides modular implementations of (prime) finite field and elliptic curve cryptographic primitives like hash functions and signature schemes. The library aims to ease the development of (modular) experimental protocols in OCaml and does not aim to be used in a production environment. Notable users include Epoxy, an implementation of validity rollups integrated as a first class citizen in the Tezos protocol, for testing purposes.

ocaml-ff: Finite Field library in OCaml (April 2020 - Present)

Ff provides module types to describe (prime) finite fields $\mathbb{F}_{p^n}$ and provides functors to easily instantiate implementations.

ocaml-polynomial: polynomial over finite fields in OCaml (April 2020 - Present)

The library provides implementations of polynomials over finite fields, including routines like (i)FFT.

ocaml-chia-vdf: OCaml wrapper for Chia's class group based VDF (May 2022)

OCaml wrapper for Chia's class group based VDF project.
Notable users include the Tezos' protocol Kathmandu to improve the randomness generation.
My contribution has been mostly at the beginning of the project, consisting of writing the OCaml bindings to the C++ codebase.

ocaml-carray: contiguous C arrays in OCaml (May 2022 - Present)

OCaml arrays are not always contiguous piece of memory, requiring accessing different chunks of memory when accessing individual elements. When requiring a value in memory, the CPU will fetch the RAM and load not only the particular value but a memory page (a contiguous piece of memory) and add it to its cache. The CPU will use its cache to load the values in its registers. It is not efficient with large OCaml arrays as the CPU will constantly fetch the RAM to load different memory pages in its cache. Also, when using the C FFI, the user must know the memory representation of an array and use the non user-friendly low-level interface macro Field.
This library provides a polymorphic interface mocking a subset of the Array interface to work with contiguous piece of memory. Using the library should be as easy as adding module Array = Carray.

Seum: OCaml DSL and tool to write and compare programs in assembly, in a typed and "safe" fashion way (June 2022 - Present)

Writing performant applications might require to write low level assembly code following a specific assembler syntax like GAS or NASM and when the code is written, OCaml developers must write boilerplate code in C and in OCaml to bind the hand-written assembly routines to expose it into a library. Also, comparing two routines implementing the same algorithm in assembly is hard because they might be implemented in different assembler, might use different ISA or request access a different number of time the memory.
Seum aims to embed a syntax close to the NASM syntax in OCaml to write typed assembly program. Parsers for different assemblers are provided to be able to compare programs using the internal Seum representation. A cost model is implemented counting the number of CPU cycle each instruction requires in addition to counting the number of memory accesses and registers used, providing more precise comparisons of algorithm implementations. Additionnally, using the embedded syntax, OCaml bindings to the assembly code can be automatically generated. Calling the assembly code directly from OCaml like any other function should also be possible and straightforward. The OCaml developer has never to write assembly in a different file and can threat assembly code like pure OCaml functions.

ocaml-arkworks: OCaml binding to Rust library arkworks (Dec 2022 - Present)

WIP (Dec. 2022) - Optimised OCaml binding to the library arkworks. Investigating the replacement of the low level library used by Epoxy, the validity rollup framework built for the Tezos protocol. More info to come.

Ocsigen - Ocsigen Start (July 2016 - Dec 2016)

Ocsigen Start is a set of higher-level libraries for building client-server web applications with Ocsigen (Js_of_ocaml and Eliom). It provides modules for user managements (session management, registration, action — e.g., activation — keys, ...), managing groups of users, displaying tips, and easily sending notifications to the users.

ocaml-cordova: build mobile applications using OCaml and Cordova

A list of OCaml bindings to build mobile applications in OCaml using the web framework Cordova.


O(1) Labs - Cryptography Engineer --- 2023 - Present

O(1) Labs is a global and remote company that incubated the Mina Protocol. Our team operates on the cutting edge of Web3 and zero-knowledge-proofs.

LeakIX - CEO --- 2021 - Present

LeakIX is the first platform combining a search engine indexing public information by scanning Internet and an open reporting platform linked to the results.
We intent to provide a preemptive solution by trusting individual researchers and security companies on the most sensible data we index by delivering a clear report on the incidents, we also help to identify what information has/could be affected and how to resolve the issue.
Our first goal is one of prevention, all the voluntary reports are free and no sales attempts are made on LeakIX's side.
We ban sales attempt that would take advantage of the issue to sell shady security services.

Nomadic Labs - Cryptography Engineer --- 2020 - 2023

Nomadic Labs are Tezos blockchain experts. Working on the core development, evolution and adoption of the Tezos protocol in BENELUX.
Working in the cryptography team, focusing on the development on zero-knowledge protocols, mainly the project Epoxy, a validity rollup for the Tezos protocol. See my open source contributions for a (non-exhaustive) list of work contributiosn. Check my GitLab and my GitHub for my coding activity.

B2C2 - Blockchain lead & Software Engineer --- March 2017 - January 2020

Lead developer/engineer on the accounting system (partially the risk system), including a real time crypto/FIAT transaction detection across multiple blockchains.Managing the infrastructure, the development, the release and the new features around the blockchain and accounting projects. Working on some parts of the trading system too. In general, participating in the main developer tasks.
B2C2 is a leading cryptocurrency marketmaker.
Brokers, exchanges, hedge funds and family offices around the world trust us to deliver seamless execution in the major cryptocurrencies and fiat currency pairs.
We provide 24/7/365 liquidity for Bitcoin, Ethereum, Litecoin, Bitcoin Cash, Ripple, and Ethereum Classic in USD, GBP, EUR, JPY, SGD, AUD, CAD, CHF and more. We also offer synthetic exposure to crypto.

Be Sport - Intern --- July 2016 - November 2016

Social network around sports.
The platform is built using OCaml and the Ocsigen technology. During the internship, I was responsible to improve the framework Ocsigen Start, which consists of a template to bootstrap a complete standard applications require users management, displaying tips, sending notifications to the users. The template allows to build the server and the client services, and can generate mobile applications using Cordova.

Selfpharma - Cordova mobile applicaiton engineer --- August 2015 - February 2016

Online pharmacy shop based in Brussels, Belgium, built using Prestashop. Leading the iOS and Android mobile applications development, written in Cordova.


Master's Degree Mathematics and Computer Sciences - University of Mons (2012 -- 2017)

Grade: Summa Cum Laude
Bachelor degree: minor in Physics. Awarded with the price of the Mathematics Department.

42 - Paris (2014)

Pischine C in July 2014, joined in 2015. Stopped 1 year after to focus on master degree in mathematics at UMONS.


Le savoir est une arme, mais personne braque pour acheter des livres -- Kery James
A mathematician who is not also something of a poet will never be a complete mathematician. -- Karl Weierstrass
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say -- Edward Snowden
Never attribute to malice that which is adequately explained by stupidity -- Hanlon's razor
Je préfère l'eau potable pour tous que le champagne pour quelques potes -- Médine
Celui qui se contente de peu ne manque de rien
On est condamné à réussir, à franchir des barrières, construire des carrières. Regarde ce qu'on accomplit nos parents, ce qu'ils ont subi pour qu'on accède à l'éducation. Où serait-on sans leurs sacrifices ? Bien sûr que le travail a du mérite. O combien j'admire nos pères. Peut-être manutentionnaires mais fiers. Si on gâche tout où est le respect ? Si on échoue où est le progrès ? Chaque fils de pauvre doit avoir de l'ambition.
Hardly anybody actually understands money - Nick Szabo

Must read