CIS-700: Privacy enhancing technologies
Spring 2020
Instructor: Sebastian Angel
Room: Moore 102
Time: M/W 1:30 - 3:00 PM
Course Description
This course will cover selected topics on privacy-enhancing technologies. The first two-thirds of the course will primarily discuss systems that preserve privacy with the use of cryptography. These systems include encrypted databases, anonymous networks, blockchains, machine learning on encrypted data, among others. We will also discuss attacks on these systems. These systems use a variety of amazing building blocks including public key encryption, order-preserving encryption, homomorphic encryption, functional encryption, private information retrieval, oblivious RAM, secret sharing, oblivious pseudorandom functions, garbled circuits, and differential privacy.
The last part of the course will cover zero-knoweldge succinct non-interactive arguments of knowledge (zkSNARKs). We will cover interactive proofs, sum check protocols, arithmetic cirtcuits, polynomial commitments, and finally the Hyrax zkSNARK protocol.
This course is discussion-based and every student is expected to read the paper(s) assigned for each lecture
This course includes 3 reading comprehension assignments and a research project.
Reading assignments
Provide a written critique of three of the assigned readings. Each critique consits of a summary of the assigned paper, a discussion of its limitations, a list of applications, and extensions.
Research project
Propose and complete a research project in a related area (can be done in pairs). Example projects include (but are not limited to):
- Propose a new attack on an existing system or protocol
- Test the effectiveness of previously proposed attacks
- Design a (or adapt an existing) privacy-preserving system for a compelling application
- Extend or improve an existing system to provide additional features or achieve better performance
- Propose an extension to existing work (perhaps target a different threat model or use different assumptions)
- Propose a new primitive or abstraction and its applications
Students should submit a project proposal by February 21, and are encouraged to discuss with me their ideas prior to selecting a project. Students are expected to give an oral presentation of their project in class and turn in a final report by May 1.
Prerequisites
Familiarity with the content of CIS 331, CIS 551, or CIS 556 (or their equivalent) is recommended. Students with a strong math background who are willing to learn some of the basics on their own may also take this course.
Grading
- Participation: 10%
- Reading assignments: 45%
- Project: 45%
Reference book
A Graduate Course in Applied Cryptography by Dan Boneh and Victor ShoupTentative Schedule
| Date | Topic | Reading |
|---|---|---|
| 1/15 |
Introduction class outline, computational assumptions, trapdoor functions |
B&S chapter 2 (optional) B&S chapter 10 (optional) |
| 1/20 |
MLK holiday No class |
|
| 1/22 |
Blind signatures and anonymous cash RSA digital signatures, RSA blind signatures, digital cash |
B&S chapter 13 (optional background) |
1/27 |
Private and verifiable auctions Additively homomorphic encryption, time-lapse cryptography |
Practical Secrecy-Preserving, Verifiably Correct and Trustworthy Auctions | 1/29 |
Class cancelled |
| 2/3 |
Encrypted query processing Order-preserving encryption, encrypted databases |
CryptDB: Protecting Confidentiality with Encrypted Query Processing |
| 2/5 |
Attacks on encrypted databases Persistent vs snapshot attacker models |
Why Your Encrypted Database Is Not Secure |
| 2/10 |
Broadcast encryption Secret sharing, broadcast encryption |
|
| 2/12 | Searchable Encryption |
Practical Techniques for Searches on Encrypted Data |
| 2/17 |
Oblivious RAM |
Path ORAM: An Extremely Simple Oblivious RAM Protocol |
| 2/19 |
SGX and oblivious memory |
ZeroTrace: Oblivious Memory Primitives from Intel SGX |
| 2/24 |
Metadata-private messaging PIR, metadata-private messaging |
Unobservable communication over fully untrusted infrastructure |
| 2/26 |
Anonymous messaging Distributed point functions, anonymous upload |
Riposte: An Anonymous Messaging System Handling Millions of Users |
| 3/2 |
Tracing end-to-end encrypted messages End-to-end encryption, accountability |
Traceback for End-to-End Encrypted Messaging |
| 3/5 |
Elliptic curve cryptography |
Elliptic Curve Cryptography: a gentle introduction Elliptic Curve Cryptography: finite fields and discrete logarithms Elliptic Curve Cryptography: ECDH and ECDSA Elliptic Curve Cryptography: breaking security and a comparison with RSA Revisit seed homomorphic PRG from 2/26 |
| 3/9 |
Spring break |
|
| 3/12 |
Spring break |
|
| 3/16 |
Functional encryption More SGX, functional encryption |
Iron: Functional Encryption using Intel SGX |
| 3/18 |
Oblivious transfer |
The Simplest Protocol for Oblivious Transfer |
| 3/23 |
Inference with private data secure multiparty computation |
DELPHI: A Cryptographic Inference Service for Neural Networks |
| 3/25 |
Training over encrypted data functional encryption, secure dot-product |
CryptoNN: Training Neural Networks over Encrypted Data |
| 3/30 |
Randomness Unbiased randomness |
Scalable Bias-Resistant Distributed Randomness |
| 4/1 |
Contextual integrity |
Privacy and Contextual Integrity: Framework and Applications |
| 4/6 |
Differential privacy |
A Firm Foundation for Private Data Analysis |
| 4/8 |
Sum-check protocol Low-degree and multilinear extensions, Sum-check protocol |
The Power of Randomness: Fingerprinting and Freivalds’ Algorithm |
| 4/13 |
Interactive proofs GKR interactive proof protocol |
|
| 4/15 |
Verifiable computation PCPs, IPs, constraints |
|
| 4/20 |
Zero-Knowledge |
The Complexity of Zero Knowledge |
| 4/22 |
zkSNARKs QAPs, knowledge of exponent assumption, pairings |
|
| 4/27 | Project presentations | |
| 4/29 | Project presentations |