Skip to content

Privacy-Enhancing Technologies

CSC2231 Winter 2026

Overview

Personal information is central to our identity, and protecting it is crucial to preserving our fundamental right to privacy. Yet, rapid advances in technology often challenge our ability to safeguard it. In this course, we will explore how privacy can be formally defined and protected. We will examine how techniques from cryptography and statistics can be applied to build systems that enable data-driven applications while protecting individual privacy.

The first part of the course introduces key cryptographic concepts, including secure multiparty computation (MPC), fully homomorphic encryption (FHE), zero-knowledge proofs (ZKPs), private information retrieval, oblivious RAM, and anonymous communication protocols. The second part covers statistical approaches to privacy, with a particular focus on differential privacy. Toward the end of the course, we will discuss real-world applications of these privacy-enhancing technologies.

Course Information

  • Instructor: Anwar Hithnawi
  • TA: Nikolay Avramov
  • E-mail: ahithnawi@cs.toronto.edu
  • Class Time & Location: Wednesday 9:00 AM – 11:00 AM. Room: KP 113
  • Office Hours: Wednesday, 11:00 AM – 12:00 PM, or by appointment. Room: BA 5222

Important Links

All course materials, including the schedule, lecture slides, and readings, will be available on the course website.

Prerequisites

A general background in computer systems and cryptography is required. There is no required textbook for this course. For a refresher on security concepts, you can consult the Berkeley Introduction to Security Textbook and for cryptography, see A Graduate Course in Applied Cryptography.

Course Evaluation

  • 30% – Paper presentation (slides due at the start of your presentation)
  • 20% – Participation and paper reviews (reviews due at the start of class)
  • 10% – Project proposal (due Feb 11)
  • 40% – Final project (due April 8)

Deliverables

Presentations and Reviews: All students are required to read both papers assigned for each class before the session. You must submit a written review for one of those two papers (of your choice) by 9:00 AM on the day of the lecture. Each paper will be presented by a designated student in a 30-minute conference-style talk. The presenter will then lead a discussion lasting about 55 minutes in total for both presentation and Q&A. We will have a 10-minute break at the midpoint of class. One week before your scheduled presentation, please meet with me during office hours to get feedback on your slides and talk. In addition to the two assigned papers per class, recommended readings will sometimes be posted. You are encouraged to read as many of these additional materials as possible to get the most out of the course.

Projects: Students will work in pairs on a research project related to privacy-enhancing technologies. Each pair must submit a proposal to the instructor no later than Feb 11 at 9:00 AM. Near the end of the term, you will present your work to the class in a 30-minute (including Q&A) conference-style presentation. In addition, by April 8, you must submit a workshop-quality paper of 8--10 pages describing your project. We encourage you to consult with the instructor regularly to ensure you are making progress. If you have difficulty finding a project topic, please reach out early; we can provide a list of suggested topics.

Format

Please submit your presentation slides, project proposal, and final project write-up in PDF format via email. We strongly encourage typesetting your deliverables in LaTeX. Use the course’s HotCRP submission system to submit paper reviews for assigned readings.

Late Policy

  • Paper reviews: No reviews are accepted once the class has started. You may skip reviews for two papers without penalty.

  • Project proposal and final report: If your project proposal or final report is submitted late, 20% will be deducted from the grade for each day it is overdue.

Policy on the Use of Artificial Intelligence

Large-language model-based tools (e.g., ChatGPT) can be very helpful, and you are encouraged to leverage them. However, please do not use them in any way that trivializes the assignments or bypasses the course's learning objectives. If you have doubts about permissible usage, please check with the instructor first.

Schedule and Readings

The schedule may be adjusted as the semester progresses; any changes will be announced in class and on Quercus. If you have questions, please contact the instructor. Check this link to find out when you're presenting.

#DateTopicsReadings
1Jan 14Logistics & OverviewRecommended:
  1. Computing on Encrypted Data.
2Jan 21Societal & Ethical Considerations of PETsAssigned Papers:
  1. The Moral Character of Cryptographic Work.
In-Class Case Study: E2E Encryption and Client-Side Scanning
  1. Bugs in our Pockets: the Risks of Client-side Scanning.
  2. EFF’s Critique of Apple’s Plans.
Recommended:
  1. Chat Control or Child Protection?
  2. 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy.
  3. Privacy in Context: Technology, Policy, and the Integrity of Social Life.(§1)
  4. Constitutional Podcast: Privacy. The Washington Post.
3Jan 28Private Statistics CollectionAssigned Papers:
  1. Practical Secure Aggregation for Privacy-Preserving Machine Learning.
  2. RoFL: Robustness of Secure Federated Learning.
Recommended:
  1. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics.
  2. Secure Single-Server Aggregation with (Poly)Logarithmic Overhead.
  3. ACORN: Input Validation for Secure Aggregation.
4Feb 4Differential PrivacyAssigned Reading:
  1. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response.
  2. Deep Learning with Differential Privacy.
Recommended Reading:
  1. The Algorithmic Foundations of Differential Privacy (§1.1-3.5).
  2. How to DP-fy ML: A Practical Guide to ML with Differential Privacy.
  3. What Can We Learn Privately?.
5Feb 11Private Information Retrieval
Assigned Papers:
  1. PIR with Compressed Queries and Amortized Query Processing.
  2. One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval.
Recommended:
  1. Scalable Private Search with Wally.
  2. Apple’s Deployment of PIR in Production.
-Feb 18Reading Week - No Class-
6Feb 25Secure Multiparty Computation
Assigned Papers:
  1. Protocols for Secure Computations.
  2. BumbleBee: Secure Two-party Inference Framework for Large Transformers.
Recommended:
  1. How to Share a Secret.
  2. A Pragmatic Introduction to Secure Multi-Party Computation (§2 and §3).
  3. MP-SPDZ: A Versatile Framework for Multi-Party Computation (§1-§5)
7Mar 4Zero-Knowledge ProofsAssigned Papers:
  1. Pinocchio: Nearly Practical Verifiable Computation.
  2. Zerocash: Decentralized Anonymous Payments from Bitcoin.
Recommended Reading:
  1. Zero Knowledge Proofs: An Illustrated Primer.
  2. Boneh-Shoup (§20.1-20.3).
  3. Proofs, Arguments, and Zero-Knowledge.
  4. Bulletproofs: Short Proofs for Confidential Transactions and More.
8Mar 11Anonymous AuthorizationAssigned Papers:
  1. zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure.
  2. An Efficient System for Non-transferable Anonymous Credentials.
9Mar 18AI & Data Provenance
(Invited Speaker: Bruce Schneier)		Assigned Papers:
  1. VerITAS: Verifying Image Transformations at Scale.
Recommended Reading:
  1. C2PA Technical Specification.
  2. Holding Secrets Accountable: Auditing Privacy-Preserving Machine Learning.
10Mar 25Privacy, Anonymity, & CensorshipAssigned Papers:
  1. Slitheen: Perfectly imitated decoy routing through traffic replacement.
  2. Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis.
Recommended:
  1. SoK: Metadata-Protecting Communication Systems.
  2. Riposte: An Anonymous Messaging System Handling Millions of Users.
  3. Tor: The Second-Generation Onion Router.
11April 1Research Project Presentations-