Colin Roberts: Why I’m Excited About the Future of Multifactor
2025-07-03
I’ve been a part of the Multifactor’s founding team for a while now, and have already made a few blog posts about what I’ve been working on, but I figure now is as good a time as any to share my personal thoughts on why I’m so excited to be a part of this journey.
The story of why I’m joining Multifactor as Co-Founder and CTO begins in 2022. I was at San Francisco Blockchain Week with a good friend, colleague, and former student of mine when I saw Vivek Nair give a talk on a new cryptographic primitive he invented: the Multi-Factor Key Derivation Function (MFKDF). It was immediately clear to me that this technology was a game-changer, not just for crypto wallets, but for the billions of devices and services that still rely on password-based authentication and key management. I believe that now more than ever.
Video: Colin Roberts, Co-Founder and CTO, shares his journey from pure mathematics to crypto-focused startups and now Multifactor, explaining why he's excited about the future of the company.
Who am I?
My journey to this moment has been guided by a deep-seated curiosity to work on as many different things as I can. That makes me the type of person that the mathematician Terence Tao would refer to as a fox. I love bridging disparate fields, because that’s where innovation happens. This path has taken me from pure mathematics to the fast-paced world of startups, and now, to Multifactor.
From Proofs to Programs
My Ph.D. was in pure mathematics and mathematical physics, which gave me a unique lens for architecting provably secure systems. Pure math is a synthesis of creativity and logic; it embodies both the builder mindset and the need for discipline. Mathematical physics grounds you in reality as you can’t fabricate abstract nonsense and get away with it!
This training taught me that mathematics and software are two sides of the same coin. Transitioning to systems engineering felt like a natural next step for me and it meant that I could finally turn abstract ideas into multi-threaded, memory and type-safe, and blazing-fast creations. Most of my side projects turned into building my ideas in software.
My time teaching also instilled a sense of compassion and patience. Seeing students switch their majors to math after my class, or writing a recommendation for a future Ph.D., brought me immense joy. It also gave me an appreciation for simplicity. Not everything takes cutting edge mathematics; polynomials rule the world.
Into the Startup Universe
After finishing my Ph.D. in 2022, I dove headfirst into startups. The academic world felt too slow for me. I wanted to move fast, take risks, and build things people could use. The high-energy, high-stakes environment of early-stage companies was a perfect fit. Over the next few years, I grew from a senior researcher to a staff-level research engineer, leading teams in both DeFi and applied cryptography.
My first role was at a DeFi company designing a new class of Automated Market Makers (AMMs) on Ethereum. These AMMs were novel in that they featured time-varying liquidity which was a complex problem that required careful state management and numerical analysis to get right.
During this time, I was the lead architect of Arbiter, a multi-agent simulator and my first major Rust project. I was thrilled to see it gain traction with real users. We used it for everything from testing financial strategies to performing multi-agent auditing, where its unique approach to extracting emergent behaviors allowed us to uncover critical bugs that other auditing teams had missed.
From DeFi, I moved deeper into applied cryptography, joining a team building products on cutting-edge techniques like Zero-Knowledge Proofs (ZKPs). Our goal was to use these tools to let users make verifiable statements about their private data—like proving their listening history to get early concert tickets without revealing their entire account.
As the architect of our proof system, I designed a solution that was both powerful and elegant. By integrating a ZK backend and carefully re-architecting the rustls implementation, we created a system of just three generalized circuits. These could authenticate, verify, and extract arbitrarily-long JSON data from TLS transcripts, all with proof times of around 20 seconds on an iPhone. To achieve this performance and generality, we leveraged folding schemes like SuperNova, avoiding the need for application-specific circuits or setups that would have degraded the user experience.
We also championed open source, developing widely used cryptographic primitives from scratch in our ronkathon repository, which I maintained. There’s no better way to understand these primitives than building them yourself. It’s a really great way to build intuition for the underlying mathematics!
These years gave me a lot of insight. I learned that the hardest part of building is not writing code, but managing people. My experience taught me how to lead teams, make split-second executive decisions, and foster collaboration. After the team comes the product; you have to find problems that real people or businesses have and then you must listen to your customers to see how to make it even better for them. Most importantly, I developed a mental model for taking ideas from concept to production.
Why Multifactor?
My journey through math, DeFi, and cryptography led me directly to Multifactor, for two simple reasons: the technology and the team.
The Technology
The idea that sparked my interest back in 2022, MFKDF, is one… factor… of Multifactor. MFKDF2 will be the secure, seamless authentication primitive I’d been eyeballing for both personal projects as well as products at my previous companies. Yet, it’s the combined suite of tools Multifactor has that compelled me.
Our roadmap includes Checkpoint, a tool for securely delegating credentials. We’ve all had personal experience trying to share a password with a friend or family member over the phone or on some messaging app. In a business or government context, this is actually a critical process that is currently flawed. One often needs the ability to grant temporary, limited access to accounts for specific operations and some organizations out there still rely on total account sharing by sending passwords via encrypted email.
The work I did with ZKPs focused on proving attributes about your data. Checkpoint is almost the reverse of this as it securely authorizes actions on your behalf via injection into TLS traffic rather than extracting from TLS transcripts as my previous work did. This is critical for the coming "agentic web," where AI assistants will need to perform tasks for us within carefully defined guardrails.
Then there's Switchboard, an attribute-based authorization layer that acts as the glue for the entire system. It allows for assigning granular privileges to users, agents, files, or any other entity. Crucially, Switchboard is backed by cryptography which allows all of these entities to retain privacy and avoid the “pure software” backed access management that is commonplace. All of us use something like Switchboard every day, but without all the features we have planned.
The combination of MFKDF for authentication, Checkpoint for authorization, and Switchboard for access control is a trifecta. It creates an entire platform for secure interaction for both people and enterprise. This makes the idea of being the “Cloudflare of identity” tantalizingly possible.
The Team
We’re a small, tight-knit team, and that’s a massive strength. Vivek, as CEO, provides me with a feeling of confidence. I was certain that I couldn’t let someone like Vivek pass me by. He's one of the most accomplished and driven people I've met.
His brilliance was on full display early on. He mentioned he was going to work on a Checkpoint demo over a weekend. I was excited but skeptical, knowing how hard these problems are. On Monday, he sent me a link. Like magic, I was streaming video from a paywalled site using his account, but with my access completely restricted to that single action and I couldn't see his credentials or do anything else. The performance was flawless. This is just one example that goes along with all the other research he’s already done. If you want to see what I mean, check out this video.
We’re also incredibly complementary. My background is in mathematical formalism and leading research-heavy engineering teams at startups. He has deep expertise in cybersecurity and AI, with the patents and business acumen to prove it. For the first time, I am a key leader from day one, with the ability to shape the company's direction using every lesson I've learned.
I'm beyond excited to build a company focused on long-term strategy, solving fundamental problems, and fostering a healthy, sustainable culture. We're building the future of the “triple A”: Authentication, Authorization and Auditing. I can't wait to get started!
Building for the Long Haul
This brings me to how we’re going to build Multifactor. I believe that to do truly great work, you have to prioritize the health and sustainability of the team. We are in this for the long run; this is a marathon, not a sprint. That means we will work hard, but we will also take care of ourselves and each other.
However, every marathon has moments where you have to dig deep and sprint. There will be times when we need to muster the courage to move incredibly fast, work with intense focus, and tackle the challenges we'd rather avoid.
That’s where strategy is key. We have to constantly think ahead to build products that are better than any competitor. We will win by being strategic, opportunistic, and relentless in our pursuit of excellence.
Let's Build the Future
This combination of world-class technology, a brilliant team, and a philosophy built for sustainable success is why I'm all in. I'm beyond excited to be a part of this journey and to help build a company that lasts.
I can't wait to show you what we build!
— Colin
We're redefining zero-trust — so you can protect your application with confidence.
Identity is your first and last line of defense, and the root cause of most application security breaches. Multifactor's provably secure zero-trust solution cryptographically guarantees that only authorized users can access sensitive data, turning identity into your greatest asset in the fight against cyber threats. Learn more about our research, or reach out to explore working together.
Related Posts
A Fresh Coat of Paint: Introducing Multifactor's New Look
2025-05-09
Multifactor has a new look today across our social media and digital presence. Our redesign stays true to our roots while embracing a more modern aesthetic that better represents the 'multi' part of 'multifactor'.
Why Multifactor is a Public Benefit Corporation
2025-05-19
Multifactor, Inc. is now officially a Public Benefit Corporation (PBC). Learn more about our commitment to improving computer security and privacy for all.
Solid Security is now Multifactor
2025-03-27
We're excited to announce the merger of Solid Security, MFKDF, MFCHF, and several new behind-the-scenes innovations into Multifactor - the unified home for the future of zero-trust post-quantum identity control and access management solutions.