COMP 590/790: Privacy Enhancing Technologies

Spring 2022
Instructor: Saba Eskandarian
Lectures: Mon/Wed 2:30-3:45pm, FB009
Contact: saba@cs.unc.edu
Office Hours: by appointment
Gradescope (Entry Code GEXYZY)
Syllabus
Anonymous Feedback

Course Description

This class covers a combination of fundamental tools and recent developments in privacy-enhancing technologies. The first half of the course will cover cryptographic tools that can be used to build privacy-preserving systems, and the second half will cover various privacy-enhancing technologies, including both research contributions and deployed systems. Along the way we will discuss how to think about the technology we create and its impact on society.

This class is intended for undergraduate or graduate students who are interested in thinking about what technology can do to protect privacy and why modern technology so often fails to do so. Prior experience in cryptography or security, while welcome, is by no means required.

Class meetings will consist of a mix of lectures and discussions, with discussion participation being an important component. Students will also complete a semester-long project on a relevant topic of their choosing. See the syllabus for more details.

Course Schedule

Class titles followed by required readings for the discussion that day. Lecture days do not have assigned readings.

A Crash Course in Cryptography

• Jan 10: How to Share a Secret
  
• Jan 12: Cryptography Concepts: Data Confidentiality
  
• Jan 19: Cryptography Concepts: Data Integrity
  
• Jan 24: Cryptography Concepts: Prime Time
  

Private Computation Tools

• Jan 26: Privacy and Anonymity Today
  
• Jan 31: Multiparty Computation
  
• Feb 2: Differential Privacy
  
• Feb 7: Introductions
  
  • Optional: How to Read a Paper
• Feb 9: MPC and DP Deployments
  
  • Deploying MPC for Social Good (slides)
  • Callisto: A Cryptographic Approach to Detecting Serial Perpetrators of Sexual Misconduct
  • Issues Encountered Deploying Differential Privacy
  • Differential privacy deployments from the US Census and Apple
• Feb 14: Hardware Enclaves
  Guest Lecture: Yan Michalevsky
  • Processor Security (Just for background, Slides 1-18)
  • Private Contact Discovery for Signal
  • IRON: Functional Encryption using Intel SGX (Sections 1-5)

Digital Money

• Feb 16: Bitcoin, Blockchains, and Cryptocurrencies
  Project proposals due
  
• Feb 21: Bitcoin, Blockchains, and Cryptocurrencies continued
  
• Feb 23: More Blockchains
  
  • Ethereum Whitepaper
  • ZCash Basics
  • Hard Problems in Cryptocurrency: Five Years Later
  • Optional (for fun): The Ceremony

Attacking Cryptography

• Feb 28: Side Channel Attacks
  
  • Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks
  • Gyrophone: Recognizing Speech from Gyroscope Signals
• Mar 2: Internet Attacks
  
  • Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
  • Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Contextualizing Cryptography

• Mar 7: Story Time!
  The history of cryptography is full of amazing stories. Today we will each take turns telling one such story. The following books are good places to consider looking for a story. They are all available in the university libararies, and I also have copies in my office that you can use.
  • The Codebreakers, by David Kahn
  • Code Girls, by Liza Mundy
  • Crypto, by Steven Levy
  • The Code Book, by Simon Singh
• Mar 9: Crypto for the People
  Project update 1 due
  We'll watch and then discuss Seny Kamara's CRYPTO 2020 talk Crypto for the People.
• Mar 21: The Moral Character of Cryptographic Work
  
  • Do Artifacts Have Politics?
  • The Moral Character of Cryptographic Work

Privacy, Anonymity, and Surveillance

• Mar 23: Anonymity, Mixnets, DC-nets
  
• Mar 28: Surveillance
  
  • SuperVision: An Introduction to the Surveillance Society (only introduction required)
  • The Whole World is Watching
  • Vernacular Resistance to Data Collection and Analysis: A Political Theory of Obfuscation
• Mar 30: Anonymity and Censorship
  
  • Tor: The Second-Generation Onion Router
  • Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
• Apr 4: Private Messaging Today
  Project update 2 due
  
  • The Double Ratchet Algorithm
  • Signal blog posts on sealed sender and private groups
  • Improving Signal's Sealed Sender
• Apr 6: More Deployed Privacy Technologies
  
  • Messenger Secret Conversations Whitepaper
  • Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
  • Mozilla and ISRG blog posts about Prio deployment
• Apr 11: Other Real-World Threat Models
  
  • The Million Dollar Dissident
  • "A Stalker's Paradise": How Intimate Partner Abusers Exploit Technology
• Apr 13: Research on Metadata-Hiding Communication
  
  • Riposte: An Anonymous Messaging System Handling Millions of Users
  • Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis
• Apr 18: Policy Questions
  
  • What's New in the US Crypto Wars? (first 30 min)
  • Keys Under Doormats
  • The State of Consumer Data Privacy Laws in the US
  • Apple CSAM Detection Technical Summary

Project Presentations and Conclusion

• Apr 20: Project Presentations
  
• Apr 25: Project Presentations
  
• Apr 27: Story Time 2!
  Just like the previous Story Time, but this time you can tell us about anything vaguely crypto or security related, not necessarily just history.
  Project final report due