Thomas Holenstein is a software engineer at Google with 12 years of experience, currently serving as technical lead for Google's internal cryptographic libraries and co-technical lead for the open-source Tink project. He specializes in backend cryptography engineering—serialization, key management, and secure APIs—and has contributed important correctness and format checks to Tink's core key handling. His background includes a PhD from ETH Zürich and academic roles as a professor in theoretical cryptography, plus postdoctoral research at Princeton and Microsoft, giving him deep theoretical foundations paired with production-grade implementation skills. Based in Uster, Zurich, he blends rigorous research pedigree with hands-on open-source stewardship, helping make cryptographic primitives harder to misuse in real-world systems.
12 years of coding experience
Doktor (Ph.D.), Computer Science, Doktor (Ph.D.), Computer Science at ETH Zürich
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Role in this project:
Back-end Developer
Contributions:890 commits, 15 PRs, 13 pushes in 4 years 5 months
Contributions summary:Thomas's contributions focus on the backend aspects of the Tink project, including the serialization and deserialization of keys. Their work involved registering a serialization for LegacyProtoKey within the MutableSerializationRegistry and JwkSetConverter. In addition, they made changes to key creation by ensuring that certain parameters are in a specific format. They also added checks in the KmsEnvelopeAeadKeyManager and JwtKeyManager and ensure that the correct functionality is implemented in the code.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.