Cryptographic Systems for Protecting Privacy

6.893: Cryptographic Systems for Protecting Privacy

MIT – Fall 2020


Modern cryptography allows us, in theory, to build computer systems that provide extraordinary privacy properties: An Internet user can search Wikipedia without revealing her query to Wikipedia’s servers. A pharmaceutical company can run a statistical analysis over patient data without ever seeing the patient data in the clear. A programmer can prove to Apple that she knows an iPhone exploit without showing the exploit code to Apple.

And yet, in spite of the theoretical power of cryptography to protect privacy, the computer systems we use on a daily basis offer meagre privacy protections, if any. On some days, it even feels like our computers are doing more to undermine our privacy than to safeguard it.

In this course, we will consider both aspects of this state of affairs: We will explore a number of beautiful cryptographic ideas for keeping sensitive data safe. In parallel, we will try to understand why so few of these ideas make their way into real systems. What are the technical, economic, and social barriers to deploying privacy technologies? And even if we could deploy them, to what extent would these systems address the most important privacy threats we face?

MIT is a particularly exciting place to study these questions, since it has been at the center of developments in modern cryptography (RSA encryption, digital signatures, zero knowledge, secret sharing, …). In addition, MIT graduates are behind many ambitious attempts to incorporate cryptographic ideas into real-world systems (the original PGP key server, the Tor Project, Keybase, …).

By the end of the course, my hope is that you both understand today’s privacy problems more deeply and that you are better prepared to solve them.

Meeting place and time

Location: Zoom (see Piazza for the link)

Time: Mondays and Wednesdays, 1:00pm - 2:30pm (Boston time)


We will primarily use Piazza for sending out course announcements and answering questions. Please make sure to sign up. Additional contact information, as well as the office hours, are available on the Course Staff page. To submit anonymous feedback to us at any point during the semester, you may use this form.


The prerequisites to this course are (a) 6.033 and (b) 6.857, 6.875, or an equivalent introductory cryptography course. Another important prerequisite is that you are curious about cryptography and excited to study some beautiful theory and clever cryptographic constructions. An introductory algorithms course is not a formal prerequisite, but will be very useful to you in this course (and beyond!).


All registered students must attend the course’s online lectures in real time. Real-time attendance is especially important when we have guest speakers. If you would like to take the course but attending the online lectures would present a hardship (e.g., because you are in a far-away time zone or because you do not have reliable Internet access), please contact me directly by email or a Piazza private question to ask for an exception to the attendance policy.


Each of the six problem sets will be worth one sixth of your grade. Make sure to carefully review the section below on late submissions.

This is a small seminar course and interaction and discussion is an important part of making the course fun and worthwhile. If you have an unexcused absence from any guest lecture or from two other lectures over the course of the semester, I may reduce your letter grade by one full letter. For each additional unexcused absence, I may reduce your grade by an additional letter.

Problem Sets

You must use LaTeX to write up your problem sets using the provided template. All problem sets are due at 5pm on the listed Friday, every two weeks. We will post the problem sets at least two weeks before their due date.

Problem Set Submission: You must submit your problem set via Gradescope. Please use course code MGWNYV to sign up. Note that Gradescope requires that the solution to each problem starts on a new page.

Collaboration Policy: You may discuss the problem sets in groups of up to three students total. (The limit on group size is to encourage every group member to actively contribute.) You must not have more than two other collaborators on any single problem set, though you can collaborate with different people on each problem set. If you collaborate, you must list the name of your collaborators on the first page of your submission. Each student must write up their problem set independently.

External Resources: You may use the Boneh-Shoup textbook, other textbooks, lectures notes from other courses, and other online materials for reference. If you use any of these resources in the course of solving a problem, please cite the source in your write-up. Please do not search the Internet for answers to problem-set problems. If you have questions about these policies, please just ask.

Late Submissions: You get three “late days” in total during the semester. You may use a late day for any reason to submit a problem set after the deadline. Please submit the late submission as usual via Gradescope. You may use at most three late days for any single assignment, and you may only use late days in one-day increments (no partial late days). To make sure that your final grades are submitted on time, you may not use late days on the last problem set.

If you submit an assignment more than 72 hours after the deadline, or if you submit an assignment late after running out of late days, you will receive no credit for the submission. Please save your late days for when you need them.

Extraordinary situations

If something comes up in your life that is interfering with your ability to succeed in the course, please first get in touch with MIT’s Student Support Services (for undergraduates) or GradSupport (for grad students). They can work with us to come up with a plan.


Thanks to Deian Stefan of UCSD for giving us permission to use the design of his CSE 130 course website for CS 355. Thanks to Dan Boneh, David Wu, Dima Kogan, Florian Tramèr, and Saba Eskandarian for providing the inspiration and materials for many of the problem sets and lecture notes we use in this course.