CPSC 4440/5440: Real-World Cryptography

Course information⬆️

• Time & Location: MW 11:35am-12:50pm in WTS A46 (Watson Center 60 Sachem Street A46)
• Instructor: Fan Zhang
  • OH: 4 - 5pm Wednesday in AKW 503
• TA: Yunhao Wang
  • OH: 4-5pm Thursday

Course Description⬆️

Cryptography provides strong security and privacy guarantees in well-defined mathematical models, but applying it to real-world systems is an art that must account for performance, cost, evolving adversarial threats, and even user behavior. This course examines how cryptographic tools underpin today’s digital infrastructure and protect users against powerful and evolving threats, including rogue governments, privacy-prying corporations, and malicious AI content. Topics include TLS, anonymity (e.g., Tor, DC Nets), secure messaging (e.g., Signal, WhatsApp), anonymity credentials (e.g., Cloudflare’s Privacy Pass, Google and Apple’s Private Tokens), Digital Identity, and Trusted Execution Environments (e.g., Intel SGX).

Prerequisites⬆️

Familiarity with basic concepts in computer security and cryptography is recommended. We will cover the necessary background in the first few lectures.

Grading⬆️

Coursework includes homework and written responses to reading assignments. Graduate students will present at the end of the semester.

• For undergraduate students: Participation (20%), Paper critiques (20%), Problem sets and labs (60%)
• For graduate students: Participation (20%), Paper critiques (20%), Problem sets and labs (40%), Presentation (20%)

Homeworks

We provide a LaTeX templates for homework submissions: template.

Late days

• Each student gets 1 free late days
• One late day equals a 24-hour extension.
• 10% grade reduction for each non-free late day
• We honor Dean’s extensions. No other late days will be granted.

📆 Schedule⬆️

Basic

1. (01-12) Course intro
2. (01-14) Crash course on useful cryptographic tools

TLS

3. (01-21) Authenticated Key Exchange (AKE), TLS Handshake, and Real-world Attacks
4. (01-23) Encryption, TLS Record layer, and Real-world Attacks
5. (01-26) Watching the Gatekeepers: Certificate Transparency
6. (01-28) Provenance of TLS sessions (“zkTLS”)
   • Proxying Is Enough: Security of Proxying in TLS Oracles and AEAD Context Unforgeability (AFT'25)
7. (02-02) Revocation:
   • Clubcards for the WebPKI: smaller certificate revocation tests in theory and practice (IEEE S&P'25)
   • AccuRevoke: Enhancing Certificate Revocation with Distributed Cryptographic Accumulators (IEEE S&P'25)

Messaging under Strong Adversary

8. (02-04) Mixnets, Onion routing, Tor
   • Suggestion: Loopix (USENIX'17)
9. (02-09) DC nets, Dissent
10. (02-11) E2EE encrypted messaging
11. (02-16) Censorship
    • How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic (USENIX'23)
12. (02-18) Presentations:
    • Attacking and Improving the Tor Directory Protocol (S&P'24, RWC'25)
    • Pudding: Private User Discovery in Anonymity Networks

Identity and Credentials

13. (02-23) Passwords, Password Authenticated Key Exchange, OPAQUE
14. (02-25) Anonymous tokens
15. (03-02) OAuth & zkLogin
16. (03-04) Key transparency
    • CONIKS, Parakeet, etc
17. (03-23) DID and Decentralized Social Network
    • atproto
18. (03-25) Presentations:
    • “Modern” Anonymous Credential (zk-cred)
    • Protecting End-to-End Encryption from a Malicious Zoom Server

Securing data in use (Trustworthy Computing)

19. (03-30) Secure enclave
20. (04-01) SGX in-depth (Memory Isolation)
21. (04-06) SGX in-depth (Remote Attestation & Sealing)
22. (04-08) TEE side channel attacks
23. (04-13) TEE and everything we’ve learned so far

AI <> Cryptography

24. (04-15) What crypto can/cannot do for AI?
25. (04-20) How to curb the potential negative impacts of AI?
    • Watermarking
26. (04-22) Presentation of final projects

Prior versions⬆️

• 2025 Spring