Stefan Kölbl

Information Security Engineer



I am a cryptographer working at Google in the information security engineering team. Before, I have been the Senior Technology Manager at Cybercrypt.

After I obtained my PhD degree, I have been a postdoctoral researcher in the Cyber Security group at the Technical University of Denmark working on the H2020 PQCRYPTO project. I did my PhD under the supervision of Christian Rechberger and Lars Knudsen at DTU Compute, Technical University of Denmark, working on the design and analysis of symmetric key cryptographic algorithms.


  • Post-quantum Cryptography
  • Cryptographic Hash Functions and Block Ciphers
  • Secure and Efficient Implementations
  • Tools for Cryptanalysis


  • PhD in Cryptology, 2016

    Technical University of Denmark

  • MSc in Computer Science, 2013

    Graz University of Technology

  • BSc in Computer Science, 2011

    Graz University of Technology


Program Committee

Conference Refereeing

  • 2022: Crypto, FSE
  • 2021: FSE, PQCrypto
  • 2020: CHES, FSE
  • 2019: FSE, Latincrypt, PQCrypto
  • 2018: Asiacrypt, Designs, Codes and Cryptography, FSE, IET Information Security, Transactions on Computers, The Computer Journal, PQCrypto
  • 2017: Africacrypt, FSE, IET Information Security, PQCrypto
  • 2016: ACNS, Crypto, FSE, IET Information Security, Journal of Cryptographic Engineering
  • 2015: Asiacrypt, Eurocrypt, FSE, IET Information Security, Indocrypt, CT-RSA, SAC, ISISC
  • 2014: ACNS, Asiacrypt, CANS, FSE


Representative of Switzerland for ISO/IEC JTC 1 SC 27 (IT Security techniques) Work Group 2 (Cryptography and security mechanisms) from 2020 to now.

Representative of Denmark for ISO/IEC JTC 1 SC 27 (IT Security techniques) Work Group 2 (Cryptography and security mechanisms) from 2017 to 2019.



A tool for automating differential cryptanalysis for cryptographic primitives.


A cryptographic permutation designed for high performance. Gimli is part of the NIST Lightweight Project and is part of LibHydrogen.


A short-input hash function optimized for high performance on platforms supporting AES-NI. Used in SPHINCS+ and Gravity-SPHINCS.


A cipher designed for efficient software implementations with strong side-channel protections submitted to the NIST Lightweight Project …


A lightweight tweakable block cipher with strong security guarantees. Submitted to the NIST Lightweight Project.


A digital signature scheme submitted to the NIST Post-Quantum Project.


Post-quantum Cryptography
Update on the PQCrypto Project
Putting Wings on SPHINCS
How to instantiate Hash-based Signatures?