Hugo Krawczyk

Early Life and Education

Hugo Mario Krawczyk completed a Bachelor of Arts in mathematics at the University of Haifa before pursuing graduate studies at the Technion – Israel Institute of Technology, where he earned both his Master of Science and Ph.D. in computer science. His doctoral thesis advisor was Oded Goldreich, a prominent figure in theoretical cryptography.

Career

Krawczyk began his professional research career at the IBM T.J. Watson Research Center in New York, where he was a member of the Cryptography Research group from 1992 to 1997. He then joined the Technion as an associate professor in the Department of Electrical Engineering, a position he held from 1997 until 2004, before returning to IBM Watson from 2004 to 2019. At IBM he held the titles of IBM Fellow and Distinguished Research Staff Member. Between 2019 and 2023, he served as a Principal Researcher at the Algorand Foundation and was part of its founding team. He subsequently joined Amazon Web Services (AWS) as a Senior Principal Scientist.

Across his career, Krawczyk has published over 100 papers accumulating more than 35,000 citations and is named as an inventor on 30 issued patents.

Notable Work

Krawczyk's contributions span both theoretical and applied cryptography, with a sustained focus on internet security, privacy, and authentication.

He is best known for co-inventing HMAC, the widely deployed message authentication algorithm that became a foundational primitive in internet security protocols. His SIGMA protocol forms the cryptographic core of the key exchange procedures in IKEv2 and TLS 1.3, making it one of the most consequential protocol designs in modern network security.

His HKDF (HMAC-based Key Derivation Function) became the standard key derivation scheme adopted by TLS 1.3, the Signal protocol, WhatsApp, Facebook Messenger, and others. He also designed OPAQUE, a password authentication protocol being standardized by the IRTF, which has been deployed by Facebook in WhatsApp's end-to-end encrypted chat backup system.

Additional algorithms and protocols attributed to Krawczyk include the HMQV key-exchange protocol, the LFSR-based Toeplitz Hash Algorithm, the Shrinking Generator encryption scheme, the UMAC message authentication code, and a randomized hashing scheme for strengthening digital signatures. His earlier work on SKEME, a versatile secure key exchange mechanism published in 1996, is recognized as a precursor to KEM-based key exchange protocols central to post-quantum cryptography standards.

Beyond protocol design, Krawczyk has made foundational contributions to threshold and proactive cryptosystems — including distributed key generation — searchable symmetric encryption, zero-knowledge proofs, and pseudorandomness.

Recognition

Krawczyk is a Fellow of the International Association for Cryptologic Research (IACR) and was named an IBM Fellow in 2017. His awards include the RSA Conference Award for Excellence in Mathematics (2015), the Levchin Prize for Contributions to Real-World Cryptography (2018), the ACM Paris Kanellakis Theory and Practice Award (2025), and two IBM corporate awards received in 2005 and 2008.

He is also the recipient of two Test-of-Time awards: one in 2019 for his 1996 NDSS paper "SKEME: A Versatile Secure Key Exchange Mechanism for Internet," and one in 2025 for his CRYPTO 2010 paper "Cryptographic Extraction and Key Derivation: The HKDF Scheme," recognized for formalizing key derivation and introducing the widely adopted extract-then-expand construction.