About

My name is Zach. My pronouns are he/him/his. I’m currently a researcher at MongoDB in the Cryptography Research Group.

My research goal is to advance the state-of-the-art in privacy-preserving, efficient systems for multi-party computation, data processing, and retrieval. To do this, I combine a broad set of interests in cryptography, data structures, formal methods and optimization, and algorithms. I also like to study cryptanalysis attacks that are motivated by practical, real-world systems but grounded in theoretically interesting formalisms. As a corollary to all of these goals, I also like to ask questions about the practicality and usability of cryptography research itself—specifically, how we can build practical tooling and infrastructure to enable researchers to perform research (both in theory and in practice).

I completed a concurrent Sc.B. and Sc.M. at Brown University with a focus in security, systems, and theory. My studies were generously supported by grants from Brown CS, CrowdStrike, (ISC)2, and the CIT Group. I was also affiliated with the following research groups:

I am passionate about teaching computer security. While at Brown, I spent a lot of time thinking about creatively designing effective mechanisms for developing security mindsets. I was the course designer and Head Teaching Assistant of the Computer Science department’s flagship computer systems security course from 2019 to 2021.

Previously, I worked as a security engineer at D. E. Shaw. & Co. and interned at Google and Order.

I spend a lot of time long distance running and thinking about things like: theatrical lighting design, immersive theater, tabletop gaming, public transit, speech and debate, and Dance Dance Revolution.

News
Aug 2025

I’ve joined the inaugural IEEE Security & Privacy 2026 Artifact Evalaution Committee! I’ve also joined the PETS 2026 Artifact Evaluation Committee!

Aug 2025

Our paper “Structured Encryption and Distribution-aware Leakage Suppression” will appear at Asiacrypt 2025 in Melbourne, Australia!

May 2025

Our paper “PolySys: an Algebraic Leakage Attack Engine” will appear at the 34th USENIX Security Symposium in Seattle, WA, USA!

Mar 2025

Our paper “Bayesian Leakage Analysis” was published in IACR Communications of Cryptography!

Jan 2025

Our paper “Sequentially Consistent Concurrent Encrypted Multimaps” will appear at IEEE Euro Security & Privacy 2025 in Venice, Italy!

Oct 2024

Range Search is now generally available in MongoDB’s Queryable Encryption!

Dec 2023

Our paper “Synq: Public Policy Analytics Over Encrypted Data” will appear at IEEE Security & Privacy 2024 in San Francisco, CA!

Aug 2023

Our new product at MongoDB—Queryable Encryption, the first industry database product implementing structured encryption—is now generally available!

Feb 2023

I reunited with some of my former collaborators from the Encrypted Systems Lab at Brown University by joining the Cryptography Research Group at MongoDB!

Nov 2022

Our paper “Range Search over Encrypted Multi-Attribute Data” will appear at VLDB 2023 in Vancouver, Canada!

May 2022

Five months after completing my requirements, I “officially” graduated with a Sc.B. in Computer Science (with Honors) and an Sc.M. in Computer Science at Brown University’s annual Commencement.

May 2022

I was awarded a Senior Prize in Computer Science “for academic work as well as service to Brown CS” (awarded to 6.8% of the graduating class in CS). I also received the Norman K. Meyrowitz ’81 Award for “exceptionally meritorious service to Brown CS” (second to receive the award in the award’s history).

May 2022

Our paper “Time- and Space- Efficient Aggregate Range Queries on Encrypted Databases” will appear at PETS 2022!

Dec 2021

I defended my honors thesis on “Time- and Space- Efficient Aggregate Range Queries on Encrypted Databases” and finished my Bachelor’s and Master’s requirements at Brown!

Aug 2021

I received an Crowdstrike NextGen Scholarship for 2021!

Apr 2021

Received an (ISC)2 Undergraduate Information Security Scholarship for 2021.

Mar 2021

I received the Randy Pausch Undergraduate Research Award from Brown CS to support my research with Roberto Tamassia on encrypted databases!

Show older news
Publications

denotes authors listed alphabetically. Click abstracts to expand.

2025
1
Structured Encryption and Distribution-aware Leakage Suppression
Zachary Espiritu, Marilyn George, Seny Kamara, Tarik Moataz
To appear at ASIACRYPT 2025 (Melbourne, Australia)
2
PolySys: an Algebraic Leakage Attack Engine
Zachary Espiritu, Seny Kamara, Tarik Moataz, Andrew Park
34th USENIX Security Symposium (Seattle, WA, USA)
Proceedings  
3
Bayesian Leakage Analysis: A Framework for Analyzing Leakage in Encrypted Search
Zachary Espiritu, Seny Kamara, Tarik Moataz
IACR Communications of Cryptology, Volume 2, Issue 1
Article  
4
Sequentially Consistent Concurrent Encrypted Multimaps
Archita Agarwal, Zachary Espiritu
10th IEEE European Symposium on Security and Privacy (Venice, Italy)
Proceedings  
2024
5
Synq: An Encrypted Database for Public Policy Studies
Zachary Espiritu, Marilyn George, Seny Kamara, Lucy Qin
45th IEEE Symposium on Security and Privacy (San Francisco, CA, USA)
Proceedings  
2023
6
Range Search over Encrypted Multi-Attribute Data
Evangelia Anna Markatou, Francesca Falzon, Zachary Espiritu, Roberto Tamassia
49th International Conference on Very Large Data Bases (Vancouver, Canada)
Article  
7
Attacks on Encrypted Response-Hiding Range Search Schemes in Multiple Dimensions
Francesca Falzon, Evangelia Anna Markatou, Zachary Espiritu, Roberto Tamassia
Privacy Enhancing Technologies Symposium 2023 (Lausanne, Switzerland)
Article  
2022
8
Time- and Space-Efficient Aggregate Range Queries on Encrypted Databases
Zachary Espiritu, Evangelia Anna Markatou, Roberto Tamassia
Privacy Enhancing Technologies Symposium 2022 (Sydney, Australia)
Article  
Teaching

I served as a teaching assistant every semester I was at Brown University, sometimes even during semesters I wasn't enrolled. denotes a Head Teaching Assistant role.

CSCI 1650: Software Security and Exploitation
Fall 2021

Software exploitation techniques and state-of-the-art mechanisms for hardening software. With Vasileios Kemerlis.

CSCI 1660: Computer Systems Security
Spring 2019, Spring 2020, Spring 2021

An introduction to principles of computer security from an applied viewpoint and provides hands-on experience on security threats and countermeasures. Topics include cryptosystems, web security, network security, malware, code execution vulnerabilities, access control, cryptocurrencies, machine learning, and human and social issues. With Roberto Tamassia (2019, 2020) and Bernardo Palazzi (2021).

  • 2021 contributions:
    • Interviewed, hired, trained, and coordinated staff of 10 undergraduate and graduate TAs.
    • Recurrent guest lecturer in 9 lectures during the semester; delivered over 4 hours of lecture content during the semester.
    • Co-developed and hosted 8 “sections” covering supplementary course content during the semester; developed “discussion” handouts for the sections to help foster community and student-to-student interaction in a remote learning environment.
    • Developed new course project on cloud storage security and secure systems design. Co-designed and developed an implementation-agnostic, adversarial autograder for evaluating and discovering attacks against student implementations, reducing grading workload from 100+ hours of combined TA work hours to ~10 hours of combined TA work hours.
    • Coordinated homework and exam design with staff and professor. Wrote ~50% of the exam problems for 2021.
  • 2020 contributions:
    • Interviewed, hired, trained, and coordinated staff of 11 undergraduate and graduate TAs.
    • Organized creation of new homeworks with a more open-ended, design-based focus; modernized homework content (with questions on cryptography, MPC, web security, networks, data compression, anonymization networks, etc.) and wrote +30 new questions for the entire semester with additional “reserve questions” for future years.
    • Designed new “midterm” component of course focused on open-ended design and security analysis questions; wrote ~80% of the exam problems for 2020.
    • Redeveloped the web security and operating security technical projects to improve learning outcomes and increase efficiency of internal grading processes; facilitiated technical project logistics.
    • Created UTA Manual outlining internal staff processes and responsibilities.
  • 2019 contributions:
    • Interviewed, hired, trained, and coordinated staff of 8 undergraduate and graduate TAs.
    • Ported technical components of projects written in Bash, PHP, Javascript, and Go to Google Cloud Platform’s Compute Engine.
    • Automated setup process of sandbox Linux virtual machines for each project using the Compute Engine API, reducing setup times by up to ~92%.
    • Co-gave “Passwords” lecture with hashcat password recovery demonstration (slide deck, video starting @ 33:27).
CSCI 1730: Design and Implementation of Programming Languages
Fall 2019, Fall 2020

Explores the principles of modern programming languages by implementation; studies data and their types, including polymorphism, type inference, and type soundness; examines compiler and run-time system topics: continuation-passing style and garbage collection. With Shriram Krishnamurthi.

  • 2020 contributions:
    • Interviewed and hired staff of 6 undergraduate TAs.
    • Heavily rewrote 9 assignment specifications on programming language feature implementations in Plait and Racket (examples include “Interpreter”, “Type Checker”, “Type Inference”, “Generators”).
    • Transitioned internal staff infrastructure to Gradescope to automate the majority of grading and feedback distribution; developed autograder framework to emulate a Racket version of Examplar, a research IDE helping students assess their understanding of specifications via example-driven development.
  • 2019 contributions:
    • Interviewed and hired staff of 6 undergraduate TAs.
    • Remotely answered student-submitted questions throughout the semester.
    • Copy-edited several assignment specifications written by other TAs.
CSCI 0190: Accelerated Introduction to Computer Science
Fall 2018

Functional programming, data structures, and algorithms in Racket and Pyret. Includes a summer component taught using the first half of How to Design Programs, then transitions to content based on portions of Programming and Programming Languages during the semester. With Shriram Krishnamurthi.

  • Interviewed, hired, trained, and coordinated staff of 9 undergraduate TAs.
  • Remotely organized summer placement process and grading for 174 students.
  • Rewrote old assignments (“Tour Guide”) and developed new labs (“Iterating Over Trees”, “Tensorflow”).
  • Maintained and added new features to existing, end-to-end Google Apps Script-based pipeline for grading management and distribution.
  • Wrote internal handbook for future iterations of course staff, covering suggestions for recruiting and hiring future teaching assistants, organizing course logistics, running existing course scripts, and more.
CSCI 0040: Introduction to Scientific Computing and Problem-Solving
Spring 2018

Introduction to programming in MATLAB and Python, with an emphasis on STEM data analysis and simulation problems. With Dan Potter.

CSCI 0050: A Data-Centric Introduction to Programming
Fall 2017

Data-focused introduction to computer science using Pyret. With Kathi Fisler.