Portrait of Tolga Acar

Tolga Acar

Principal Software Engineer

Connect on LinkedIn


I am a security SME in Commerce Financial Services focusing on threat models and guidance with breadth and high value services in depth. I continue to serve on various Microsoft-wide groups including Cryptography Board.

I managed Azure Sphere Security Services catalog and identity team focusing on security, distributed systems security, PKI, certificates, security protocols, device identity, attestation, code signing, high-scale distributed services, security intrusions, and any other services targeted at IoT devices.

I was the security and Token Services lead in the Payments team, working on all security aspects of payments security, secure web services for finance, PCI and a variety of other financial standards, and 5×5 tokens. While I maintain my ties to security and cryptography research, cyber currencies, block chains, web payments, secure device and scalable web services for payments (Azure and other environments), high-assurance systems for finance, security monitoring and detection, blurred hardware/firmware/software security architectures, operating systems and network security, and machine learning techniques for security are within my view.

I was the Cryptography Incubation Team lead in the Security and Cryptography team in Microsoft Research. This was an applied security & cryptography research group working on cryptographic algorithms, security architectures in operating systems, mobile devices, and cloud computing platforms. My focus ranged from low level, fast, and side-channel secure cryptographic algorithm implementations (think Elliptic Curve and big integer arithmetic), to heterogonous security architectures spanning multiple devices and cloud services (think payment systems). My projects included payments security (think credit cards), post-quantum cryptographic algorithms, JavaScript cryptography, cloud-scale key management, TLS, and IoT security. I worked on the open source AllJoyn Core security in the AllSeen Alliance.

I completed my B.S. (summa cum laude) and M.Sc. (cum laude) at the Istanbul Technical University in 1992 and 1994, and my Ph.D. at the Oregon State University in December of 1998, respectively. I designed and implemented a multi-tasking operating system on Intel 386 systems entirely in assembly language in 1992. Halfway through my B.S. thesis, I heard of an open-source project going on somewhere in Finland and swiftly ignored it after discovering that my system was well ahead of what was to become Linux. In my master’s thesis, I created new image compression, edge detection, and surface reconstruction algorithms based on non-convex optimization techniques, and implemented them on Sun IPX systems. I had also setup the computer science department’s first working network with CAT5 cables running across hallways intermingled with the coaxial bus cables and various other antiquity, while TAing for undergrad Computer Engineering and Science classes.

While I had started my PhD on parallel computing algorithms, I changed my area to cryptography in the first semester while working on a project for RSA DSI. My PhD thesis focused on high-speed software and hardware architectures for number-theoretical cryptographic algorithms. Most of my graduate work was sponsored by grants from Intel, RSA DSI, and US Navy Research Labs across several projects. These projects include high-performance core cryptographic and math libraries on Intel Pentium and MMX, Sparc V8/V9, and TMS320C16 architectures. I was proud to have the fastest and meanest modular exponentiation implementation. I proposed several new SIMD instructions to speed up cryptographic algorithms in integer rings and characteristic 2 fields. Some of them appeared in later MMX versions now known as Intel SSE.

I worked at Novell from 1997 through 2003 on various aspects of cryptography and authentication, directory services security, directory services key management, TLS, security protocols, and joined Microsoft in January of 2004 as a developer in Windows Security. At Microsoft, I worked as a Developer, Developer Lead, and Program Manager in Windows Core Security and Online Services groups. I moved to CSRO Incubations to start the Cryptography Incubation group which was later rolled into Microsoft Research and eXtreme Computing Group in 2009.

In 2012, I moved to Software and Services Group (SSG) in Intel Corporation as a Security Architect, and worked on Intel’s Cloud Services Platform as the lead security architect, and also worked with SGX. I returned to Microsoft Research NeXT/Technologies in 2013 and worked on TLS, payment systems security, IoT/AllSeen security, ECC, post-quantum cryptography, and cloud security before I joined the Payments group.

I was an affiliate faculty at University of Washington Computer Science & Engineering department, and taught Cryptography  in Fall 2016.