I build secure production systems spanning AI engineering, confidential computing, and applied cryptography. Recently, I developed a confidential AI agent running inside Intel SGX enclaves with remote attestation and cryptographic verification.
Designed and built a LangGraph-based AI agent where the Anthropic API key and ECDSA signing key live inside an Intel SGX enclave, encrypted with a hardware-derived key that binds them to this specific enclave on this specific CPU. The host process never holds secrets. Every response is cryptographically signed and independently verifiable.
What the enclave protects:
/sealed/ using _sgx_mrenclave, unreadable outside this exact enclave on this exact CPUapi.anthropic.com originates from inside SGX; the host forwards ciphertext it cannot readWhat a verifier can prove without trusting the host:
report_data in the quote contains SHA256(signing_public_key) — the signing key was present inside that specific enclaveSHA256(prompt ‖ result ‖ timestamp ‖ MRENCLAVE) is valid — the response was not tampered with in transit2024 – 2025 · Caslano, Switzerland
Agentic AI
Built an AI-agent test automation system (OpenAI SDK, Python, Gradio, SendGrid) that runs satellite-processing test suites via a chat interface and auto-generates email reports. Presented to the CEO as the foundation of the company's future internal testing platform.
Engineered a multi-agent web application (CrewAI, OpenAI API, Claude API) using a crew of specialized agents (frontend, backend, lead engineer, tester) to build an ML training data editor — reducing delivery from months to under one week.
Cloud Migration (ESA initiative)
Migrated SNAP and MAPscape satellite-processing systems to the CGI cloud platform; built Python/Docker pipelines for multi-terabyte datasets, eliminating 5 hours/week of manual work.
2022 – 2023 · New York, USA (Remote)
Architected enclave-based key management for Bitcoin and Ethereum, preventing plaintext exposure and protecting over $2 billion in digital assets.
Migrated and redesigned Ethereum bridge infrastructure from Intel SGX SDK to OpenEnclave, eliminating memory corruption and preventing daily bridge restarts.
Stabilized integration tests by resolving Docker and Linux system-level issues, reducing deployment failures by 50%.
Hardened Shamir secret sharing CLI for secure handling of mnemonic-based cryptographic secrets.
2019 – 2021 · Milan, Italy
Led the implementation of arithmetic and cryptographic primitives for Ginger-lib, a Rust library for zk-SNARKs.
Implemented the Poseidon hash function optimized for zk-SNARK systems across elliptic curves (MNT4, MNT6, BN382), achieving a 246× performance improvement in production.
Integrated hash primitives into large-scale Merkle tree constructions, enabling efficient zero-knowledge proof generation at scale.
Optimized multi-scalar multiplication using Pippenger's algorithm with signed-digit recoding.
1st Place — Horizen Labs Private Proof of Ownership Hackathon Track (ZeroKnowledgeVoting)
2019 · Geneva, Switzerland
Integrated the TON blockchain and developed a secure wallet on a Hardware Security Module (HSM).
2018 – 2019 · Sion, Switzerland
2011 – 2016 · Bern, Switzerland
Designed banknote recognition algorithms using machine learning and image processing for embedded systems. Implementation in C++; simulation in MATLAB.
2006 – 2011 · Lausanne, Switzerland
Set a computational record by solving a 112-bit elliptic curve discrete logarithm problem on a cluster of 200 PlayStation 3s, in collaboration with Microsoft Research.
General Chair of the 11th Workshop on Cryptographic Hardware and Embedded Systems — CHES 2009 (300+ attendees).
Implemented cryptographic algorithms on GPUs using CUDA and OpenCL.
2000 – 2006 · Nagoya, Japan
Designed massively parallel algorithms for cryptography in hardware. RTL simulation in Verilog for ASICs.
Best Paper Award — CHES 2005
Computer Arithmetic and Cryptography
"Studies on Modular Arithmetic Hardware Algorithms for Public-Key Cryptography"
Computer Arithmetic and Cryptography
"A VLSI Algorithm for Modular Multiplication/Division"
Scroll to pan · Click image to fit
Host-side session: The host process forwards requests and receives a cryptographically signed response — it never has access to the API key or the signing key.
Scroll to pan · Click image to fit
Independent verification: a third party validates the DCAP
quote (Intel root CA → genuine SGX hardware), confirms the MRENCLAVE matches
the published measurement, and verifies the ECDSA signature over
SHA256(prompt ‖ result ‖ timestamp ‖ MRENCLAVE)
— proving the response was produced by the audited enclave and not tampered with.
Ask me about Marcelo's background