Tarik Moataz
I am a Principal Research Scientist and the research manager of the MongoDB Cryptography Research group. Before MongoDB’s acquisition, I co-founded and served as Chief Technology Officer at Aroki Systems. Prior to that, I worked as a postdoctoral research associate under the mentorship of Seny Kamara, followed by a role as a visiting scientist in the Computer Science Department at Brown University.
My research interests lie in cryptography and security, with a particular focus on both the theoretical and practical aspects of encrypted search. My recent work has particularly focused on enhancing search functionality, mitigating and formalizing leakage, and designing cryptanalytic attacks to assess practical security guarantees. I am also interested in seeing my work applied in real-world settings. One of my significant contributions is the cryptographic co-design of MongoDB Queryable Encryption.
While affiliated with Brown University, I co-directed the Encrypted Systems Lab. I have also been affiliated as a research visitor or intern with Bell Labs, Microsoft Research, Airbus, Northeastern University and the National University of Singapore.
news
| Dec 02, 2025 | Our paper, Leafblower: a Leakage Attack Against TEE-Based Encrypted Databases will appear at IEEE S&P ‘26. In this work, we propose a new leakage attack against TEE-based EDBs which use B+-trees in the multi-snapshot external memory model, a weaker adversary which only observes snapshots of the encrypted database index files after each operation. |
|---|---|
| Nov 01, 2025 | Our paper, Updatable Private Set Intersection from Structured Encryption will appear at CiC ‘26 (Volume 4, Issue 2). We propose a new framework for the problem of updatable PSI — with elements being inserted and deleted — in the semi-honest model based on structured encryption. |
| Oct 01, 2025 | Our paper, Structured Encryption and Distribution-Aware Leakage Suppression will appear at Asiacrypt ‘25. We propose a new query equality (qeq) suppressor for dictionary encryption schemes that results in practical, static qeq-hiding encrypted dictionaries at the cost of revealing the distribution of the queries. |
| Aug 01, 2025 | Our paper, PolySys: an Algebraic Leakage Attack Engine will appear at USENIX Security ‘25. In this paper, we propose a novel framework called PolySys for modeling and designing leakage attacks as constraint-solving algorithms over polynomial systems. |
| Apr 01, 2025 | Our paper, Bayesian Leakage Analysis: A Framework for Analyzing Leakage in Cryptography will appear at CiC ‘25 (Volume 2, Issue 1). In this work, we propose a Bayesian framework to evaluate cryptographic leakage and its vulnerability to inference attacks. |