CIS-700: Privacy enhancing technologies

Spring 2020

Instructor: Sebastian Angel

Room: Moore 102

Time: M/W 1:30 - 3:00 PM

Email: sebastian.angel at

Discussion: Piazza

Office hours: By appointment

Course Description

This course will cover selected topics on privacy-enhancing technologies. The first two-thirds of the course will primarily discuss systems that preserve privacy with the use of cryptography. These systems include encrypted databases, anonymous networks, blockchains, machine learning on encrypted data, among others. We will also discuss attacks on these systems. These systems use a variety of amazing building blocks including public key encryption, order-preserving encryption, homomorphic encryption, functional encryption, private information retrieval, oblivious RAM, secret sharing, oblivious pseudorandom functions, garbled circuits, and differential privacy.

The last part of the course will cover zero-knoweldge succinct non-interactive arguments of knowledge (zkSNARKs). We will cover interactive proofs, sum check protocols, arithmetic cirtcuits, polynomial commitments, and finally the Hyrax zkSNARK protocol.

This course is discussion-based and every student is expected to read the paper(s) assigned for each lecture

This course includes 3 reading comprehension assignments and a research project.

Reading assignments

Provide a written critique of three of the assigned readings. Each critique consits of a summary of the assigned paper, a discussion of its limitations, a list of applications, and extensions.

Research project

Propose and complete a research project in a related area (can be done in pairs). Example projects include (but are not limited to):

Students should submit a project proposal by February 21, and are encouraged to discuss with me their ideas prior to selecting a project. Students are expected to give an oral presentation of their project in class and turn in a final report by May 1.


Familiarity with the content of CIS 331, CIS 551, or CIS 556 (or their equivalent) is recommended. Students with a strong math background who are willing to learn some of the basics on their own may also take this course.


Reference book

A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup

Tentative Schedule

Date Topic Reading


class outline, computational assumptions, trapdoor functions

B&S chapter 2 (optional)

B&S chapter 10 (optional)


MLK holiday

No class


Blind signatures and anonymous cash

RSA digital signatures, RSA blind signatures, digital cash

B&S chapter 13 (optional background)

Untraceable Electronic Cash


Private and verifiable auctions

Additively homomorphic encryption, time-lapse cryptography

Practical Secrecy-Preserving, Verifiably Correct and Trustworthy Auctions

Class cancelled


Encrypted query processing

Order-preserving encryption, encrypted databases

CryptDB: Protecting Confidentiality with Encrypted Query Processing

Attacks on encrypted databases

Persistent vs snapshot attacker models

Why Your Encrypted Database Is Not Secure

Broadcast encryption

Secret sharing, broadcast encryption

How to share a secret

How to broadcast a secret


Searchable Encryption

Practical Techniques for Searches on Encrypted Data

Oblivious RAM

Path ORAM: An Extremely Simple Oblivious RAM Protocol

SGX and oblivious memory

ZeroTrace: Oblivious Memory Primitives from Intel SGX

Metadata-private messaging

PIR, metadata-private messaging

Unobservable communication over fully untrusted infrastructure

Anonymous messaging

Distributed point functions, anonymous upload

Riposte: An Anonymous Messaging System Handling Millions of Users

Tracing end-to-end encrypted messages

End-to-end encryption, accountability

Traceback for End-to-End Encrypted Messaging

Elliptic curve cryptography

Elliptic Curve Cryptography: a gentle introduction

Elliptic Curve Cryptography: finite fields and discrete logarithms

Elliptic Curve Cryptography: ECDH and ECDSA

Elliptic Curve Cryptography: breaking security and a comparison with RSA

Revisit seed homomorphic PRG from 2/26


Spring break


Spring break


Functional encryption

More SGX, functional encryption

Iron: Functional Encryption using Intel SGX

Oblivious transfer

The Simplest Protocol for Oblivious Transfer

Inference with private data

secure multiparty computation

DELPHI: A Cryptographic Inference Service for Neural Networks

Training over encrypted data

functional encryption, secure dot-product

CryptoNN: Training Neural Networks over Encrypted Data


Unbiased randomness

Scalable Bias-Resistant Distributed Randomness

Contextual integrity

Privacy and Contextual Integrity: Framework and Applications

Differential privacy

A Firm Foundation for Private Data Analysis

Sum-check protocol

Low-degree and multilinear extensions, Sum-check protocol

Justin Thaler's intro lecture

The Power of Randomness: Fingerprinting and Freivalds’ Algorithm

Low-Degree & Multilinear Extensions

Sum-Check Protocol


Interactive proofs

GKR interactive proof protocol

Delegating Computation: Interactive Proofs for Muggles

The GKR Protocol and Its Efficient Implementation


Verifiable computation

PCPs, IPs, constraints

Verifying computations without reexecuting them



The Complexity of Zero Knowledge


QAPs, knowledge of exponent assumption, pairings

What are zkSNARKs

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

4/27 Project presentations
4/29 Project presentations