Skip to content

Topics in Computer Systems: Privacy-Enhancing Technologies

CSC2231 Winter 2025

Overview

Personal information is central to our identity, and protecting it is crucial to preserving our fundamental right to privacy. Yet, rapid advances in technology often challenge our ability to safeguard it. In this course, we will explore how privacy can be formally defined and protected. We will examine how techniques from cryptography and statistics can be applied to build systems that enable data-driven applications while protecting individual privacy.

The first part of the course introduces key cryptographic concepts, including secure multiparty computation (MPC), fully homomorphic encryption (FHE), zero-knowledge proofs (ZKPs), private information retrieval, oblivious RAM, and anonymous communication protocols. The second part covers statistical approaches to privacy, with a particular focus on differential privacy. Toward the end of the course, we will discuss real-world applications of these privacy-enhancing technologies.

Course Information

  • Instructor: Anwar Hithnawi
  • E-mail: ahithnawi@cs.toronto.edu
  • Location: Zoom (link on Quercus)
  • Time: Tuesday 9:00 AM – 11:00 AM
  • Office hours: Tuesday 11:00 AM – 12:00 PM or by appointment (Zoom link on Quercus)

Lecture Structure

This course is run as a reading and discussion seminar. With the exception of the first week, each week, students will read and present two papers selected from the topics in the course schedule. Every student will present a paper once during the course.

Important Links

All course materials, including the schedule, lecture slides, and readings, will be available on the course website.

Prerequisites

A general background in computer systems and cryptography is required. There is no required textbook for this course. For a refresher on security concepts, you can consult the Berkeley Introduction to Security Textbook and for cryptography, see A Graduate Course in Applied Cryptography.

Course Evaluation

  • 30% – Paper presentation (slides due at the start of your presentation)
  • 20% – Participation and paper reviews (reviews due at the start of class)
  • 10% – Project proposal (due Feb 11)
  • 40% – Final project (due April 8)

Deliverables

Presentations and Reviews: All students are required to read both papers assigned for each class before the session. You must submit a written review for one of those two papers (of your choice) by 9:00 AM on the day of the lecture. Each paper will be presented by a designated student in a 30-minute conference-style talk. The presenter will then lead a discussion lasting about 55 minutes in total for both presentation and Q&A. We will have a 10-minute break at the midpoint of class. One week before your scheduled presentation, please meet with me during office hours to get feedback on your slides and talk. In addition to the two assigned papers per class, recommended readings will sometimes be posted. You are encouraged to read as many of these additional materials as possible to get the most out of the course.

Projects: Students will work in pairs on a research project related to privacy-enhancing technologies. Each pair must submit a proposal to the instructor no later than Feb 11 at 9:00 AM. Near the end of the term, you will present your work to the class in a 30-minute (including Q&A) conference-style presentation. In addition, by April 8, you must submit a workshop-quality paper of 8--10 pages describing your project. We encourage you to consult with the instructor regularly to ensure you are making progress. If you have difficulty finding a project topic, please reach out early; we can provide a list of suggested topics.

Format

Please submit your presentation slides, project proposal, and final project write-up in PDF format via email. We strongly encourage typesetting your deliverables in LaTeX. Use the course’s HotCRP submission system to submit paper reviews for assigned readings.

Late Policy

  • Paper reviews: No reviews are accepted once the class has started. You may skip reviews for two papers without penalty.

  • Project proposal and final report: If your project proposal or final report is submitted late, 20% will be deducted from the grade for each day it is overdue.

Policy on the Use of Artificial Intelligence

Large-language model-based tools (e.g., ChatGPT) can be very helpful, and you are encouraged to leverage them. However, please do not use them in any way that trivializes the assignments or bypasses the course's learning objectives. If you have doubts about permissible usage, please check with the instructor first.

Schedule and Readings

The schedule may be adjusted as the semester progresses; any changes will be announced in class and on Quercus. If you have questions, please contact the instructor.

#DateTopicsReadings
1Jan 14Logistics & OverviewRecommended:
  1. Computing on Encrypted Data.
2Jan 21Societal & Ethical Considerations of PETsAssigned Papers:
  1. The Moral Character of Cryptographic Work.
In-Class Case Study: E2E Encryption and Client-Side Scanning
  1. Bugs in our Pockets: the Risks of Client-side Scanning
  2. Chat Control or Child Protection?
  3. EFF’s Critique of Apple’s Plans
  4. Can E2EE Systems Detect CSAM Imagery?
Recommended:
  1. 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy.
  2. Privacy in Context: Technology, Policy, and the Integrity of Social Life.(§1)
  3. Constitutional Podcast: Privacy. The Washington Post.
3Jan 28Secure Multiparty ComputationAssigned Papers:
  1. Protocols for Secure Computations
  2. A Decentralized and Encrypted National Gun Registry
Recommended:
  1. How to Share a Secret
  2. A Pragmatic Introduction to Secure Multi-Party Computation (§2 and §3)
  3. MP-SPDZ: A Versatile Framework for Multi-Party Computation (§1-§5)
4Feb 4Zero-Knowledge ProofsAssigned Papers:
  1. Pinocchio: Nearly Practical Verifiable Computation
  2. Aurora: Transparent Succinct Arguments for R1CS
Recommended Reading:
  1. Zero Knowledge Proofs: An Illustrated Primer
  2. Boneh-Shoup (§20.1-20.3)
  3. Bulletproofs: Short Proofs for Confidential Transactions and More
5Feb 11Private Information RetrievalAssigned Papers:
  1. PIR with compressed queries and amortized query processing
  2. Scalable Private Search with Wally
Recommended:
  1. A Survey of Single-Database PIR
  2. Apple’s deployment of PIR in production.
  3. Spiral: Fast, High-Rate Single-Server PIR via FHE Composition
-Feb 18Reading Week - No Class-
6Feb 25Differential PrivacyAssigned Reading:
  1. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response
  2. Deep Learning with Differential Privacy
Recommended Reading:
  1. The Algorithmic Foundations of Differential Privacy (§1.1-3.5)
  2. How to DP-fy ML: A Practical Guide to ML with Differential Privacy
  3. What Can We Learn Privately?
7March 4Private Statistics CollectionAssigned Papers:
  1. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
  2. RoFL: Robustness of Secure Federated Learning
Recommended:
  1. Practical Secure Aggregation for Privacy-Preserving Machine Learning
  2. ACORN: Input Validation for Secure Aggregation
8March 11Privacy, Anonymity, & CensorshipAssigned Papers:
  1. Tor: The Second-Generation Onion Router
  2. Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis
Recommended:
  1. SoK: Metadata-Protecting Communication Systems
9March 18Anonymous AuthorizationAssigned Papers:
  1. Security Without Identification: Transaction Systems to Make Big Brother Obsolete
  2. An Efficient System for Non-transferable Anonymous Credentials
10March 25Privacy Preserving ML & Private ML AuditingAssigned Papers:
  1. GAZELLE: A Low Latency Framework for Secure Neural Network Inference
  2. Holding Secrets Accountable: Auditing Privacy-Preserving Machine Learning
11April 1Research Project Presentations-