CPSC 4440/5440: Real-World Cryptography

Course information

• Time & Location: MW 11:35am-12:50pm in WTS A46 (Watson Center 60 Sachem Street A46)
• Instructor: Fan Zhang
  • OH: 4 - 5pm Wednesday in AKW 503
• TA: Yunhao Wang
  • OH: 4-5pm Thursday

Course Description

Cryptography provides strong security and privacy guarantees in well-defined mathematical models, but applying it to real-world systems is an art that must account for performance, cost, evolving adversarial threats, and even user behavior. This course examines how cryptographic tools underpin today’s digital infrastructure and protect users against powerful and evolving threats, including rogue governments, privacy-prying corporations, and malicious AI content. Topics include TLS, anonymity (e.g., Tor, DC Nets), secure messaging (e.g., Signal, WhatsApp), anonymity credentials (e.g., Cloudflare’s Privacy Pass, Google and Apple’s Private Tokens), Digital Identity, and Trusted Execution Environments (e.g., Intel SGX).

Prerequisites

Familiarity with basic concepts in computer security and cryptography is recommended. We will cover the necessary background in the first few lectures.

Grading

Coursework includes homework and written responses to reading assignments. Graduate students will present at the end of the semester.

• For undergraduate students: Participation (20%), Paper critiques (20%), Problem sets and labs (60%)
• For graduate students: Participation (20%), Paper critiques (20%), Problem sets and labs (40%), Presentation (20%)

Homeworks

We provide a LaTeX templates for homework submissions: template.

Late days

• Each student gets 1 free late days
• One late day equals a 24-hour extension.
• 10% grade reduction for each non-free late day
• We honor Dean’s extensions. No other late days will be granted.

📆 Schedule

Basic

1. (01-12) Course intro
2. (01-14) Crash course on useful cryptographic tools

TLS

3. (01-21) Authenticated Key Exchange (AKE) [📝 Notes]
4. (01-23) AKE instantiation (PKE and Signature)
5. (01-26) Attacks against TLS
   • Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS (IEEE S&P'14)
6. (01-28) Watching the Gatekeepers: Certificate Transparency
7. (02-02) Provenance of TLS sessions (“zkTLS”)
   • An interview on zkTLS with Stanford Blockchain Review

Messaging under Strong Adversary

8. (02-04) Anonymity and Mixnets
9. (02-09) Onion routing, Tor, Hidden services
10. (02-11) DC nets, Dissent
11. (02-16) End-to-end encrypted (E2EE) messaging
12. (02-18) Censorship (guest lecture)
    • How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic (Sec'23)
13. (02-25) Presentations (two presentation by students):
    • Loopix (Sec'17)
    • Pudding: Private User Discovery in Anonymity Networks (S&P'24)

Identity and Credentials

14. (02-27) Passwords, Password Authenticated Key Exchange
15. (03-02) OPAQUE, Federated Authentication (SSO)
    • PASTA: PASsword-based Threshold Authentication (CCS'18)
16. (03-04) Anonymous Credentials
    • A good blog post by Matt Green that covers many of the concepts

==March Recess==

1. (03-23) Payments with Unlinkability
2. (03-25) Presentations:
   • Ben R.: Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking (Sec'25)
   • Amin: zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials (CCS'24)

Securing data in use (Trustworthy Computing)

19. (03-30) Secure enclave
20. (04-01) SGX in-depth (Memory Isolation)
21. (04-06) SGX in-depth (Remote Attestation & Sealing) Canceled due to NSF duties
22. (04-08) SGX in-depth (Remote Attestation & Sealing)
23. (04-13) TEE side channel attacks & TEE and everything we’ve learned so far
24. (04-15) Presentations (two students)
    • Circumventing Cryptographic Deniability with Remote Attestation (PETS'19)
    • EnigMap: External-Memory Oblivious Map for Secure Enclaves (Sec'23)
    • Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets (CCS'24)
    • TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition (S&P'26)

AI <> Cryptography

25. (04-20) How to curb the potential negative impacts of AI? What crypto can/cannot do for AI?
    • (Lecture + one presentation)
    • Unlinkable Inference as a User Privacy Architecture
    • A Watermark for Large Language Models
    • Provably Robust Multi-bit Watermarking for AI-generated Text (Sec'25)
    • LLMmap: Fingerprinting for Large Language Models (Sec'25)

Presentation

26. (04-22) Presentation of final projects

Prior versions

• 2025 Spring