Course Information
- Instructor: Prof. Yupeng Zhang (zhangyp@tamu.edu)
- Lectures: MW 4:10 pm - 5:25 pm
- Office Hour: By appointment
Course Description and Prerequisites
This course covers techniques in applied cryptography and their applications in machine learning and blockchain to enhance data privacy. Related cryptographic techniques include secure multiparty computations, verifiable computations and zero knowledge proofs. We will discuss their basic concepts and state-of-the-art constructions. Additionally, we will talk about how to use these techniques to construct privacy-preserving machine learning, crypto-currencies and blockchain. We will focus on efficiency and functionality constraints in practice, and discuss challenges and solutions to efficiently realize these cryptographic protocols.
The course has no specific prerequisites. Basic knowledge of algorithms, data structures and programming is recommended.
Textbook and Resource Materials
No textbook is required for the course. Reading materials will be posted online during the semester
Schedule (tentative)
| Date | Sections | Topic | Readings | Deadline |
|---|---|---|---|---|
| 1/19 | Introduction | Introduction and logitics, background on Cryptography | ||
| 1/24 | Verifiable Computation, Zero Knowledge Proof and Blockchain | Introduction to verifiable computation and zero knowledge proof | Merkle Hash Tree | |
| 1/26 | Introduction to blockchain and cryptocurrency | Bitcoin | ||
| 1/31 | Pricacy-preserving crypto-currencies | |||
| 2/2 | Customized solutions: RSA accumulators | RSA Accumulator | Team Formation | |
| 2/7 | Customized solutions: Bilinear accumulators | Bilinear Accumulator | ||
| 2/9 | Generic solutions:SNARK | SNARK | ||
| 2/14 | ||||
| 2/16 | Smart contract | |||
| 2/21 | Privacy-preserving smart contract | Hawk | ||
| 2/23 | Generic solutions: interactive proofs | Proposal due 2/25 | ||
| 2/28 | ||||
| 3/2 | ||||
| 3/7 | Zero-knowledge proofs for machine learning CNN | zkCNN | ||
| 3/9 | Zero-knowledge decision tree | Zero-knowledge decision trees | ||
| 3/14 | Spring break | |||
| 3/16 | ||||
| 3/21 | Midterm Presentation | |||
| 3/23 | ||||
| 3/28 | Secure Multiparty Computation and Privacy-Preserving Machine learning | Introduction to secure multiparty computation and Oblivious Transfer | Wikipedia | |
| 3/30 | Yao's Garbled circuit | |||
| 4/4 | GMW protocol | Youtube tutorial | ||
| 4/6 | Malicious security and fairness | Cut and choose | ||
| 4/11 | Privacy-preserving machine learning and linear regression | |||
| 4/13 | Privacy-preserving logistic regression | |||
| 4/18 | Canceled due to traveling | |||
| 4/20 | Privacy-preserving neural networks |
|
||
| 4/25 | Project Q&A | |||
| 4/27 | Canceled due to traveling | Videos of presentations due 5/1 | ||
| 5/2 | No class, watch presentations | Final report due 5/8 |
Grading
Class Participation: 10%.
Reading assignments: 30%. Students will submit reviews for one of the reading materials every 1-2 weeks. The reviews should include a brief summary of the paper, the contributions and potential improvements.
Course project: 60%. Project (60%): Students will form groups and complete research projects related to the topics of the course. The grading consists of a project proposal, a mid-term progress report, a final presentation and a final project report. Students may propose their own topics or choose from a list of suggested topics on secure multiparty computations, verifiable computations and zero knowledge proof, privacy-preserving machine learning and blockchain.
- Proposal (10%)
- Mid-term presentation (10%)
- Final presentation (20%)
- Final report (20%)
Links
Assignments and Gradebook: https://canvas.tamu.edu/
Piazza: https://piazza.com/tamu/spring2022/csce749/home/
Suggested topics for projects:
Blockchains
- Information inference from public data on Bitcoin blockchain: 1. Understand the public data posted on the blockchain of Bitcoin and figure out ways to download the data. 2. Repeat data analysis from existing papers. 3. Design new attacks to infer sensitive information from the public data, such as dead coins and large volume transactions and its correlations with the price of bitcoin.
- Information inference from public data on Ethereum: Same as bitcoin. In addition, analyze the smart contracts.
- Scaling up blockchains: Understand zk-rollup and its relationship to zero knowledge proofs. Survey existing protocols and challenges. Other techinques: sharding, optimistim rollup etc.
Zero Knowledge Proof
- Zero knowledge proof for machine learning model predictions: generate a proof that the predictions of a secret model on a public testing dataset reaches certain accuracy. Design efficient ZKP protocols for neural networks, CNN, GNN, RNN etc.
- Contingent payment on blockchain with zero knowledge proof: design fair exchange protocols on blockchains using zero knowledge proofs.
- Privacy-preserving smart contracts: 1. Understand the mechanism of smart contract. 2. Find commonly used smart contracts on existing blockchains and cryptocurrencies. 3. Given general purpose ZKP, design protocols for privacy-preserving smart contracts. 4. Implement the ZKP protocol using existing libraries and optimize for those commonly used smart contracts.
Secure Multiparty Computations
- Privacy-preserving alternating direction method of multipliers (ADMM): apply MPC techniques to train models on encrypted data using ditributed training algorithms (such as ADMM). 1. Understand ADMM. 2. Collect datasets and implement training and predictions on plaintext data. 3. Use only those computations efficiently supported by MPC, compare the accuracy to the baseline. 4. Implement the MPC protocol.
- Privacy-preserving decision trees and random forest training and/or predictions: apply MPC techniques to train decision tree and random forest models on encrypted data. 1. Understand decision tree and random forest. 2. Collect datasets and implement training and predictions on plaintext data. 3. Use only those computations efficiently supported by MPC, compare the accuracy to the baseline. 4. Implement the MPC protocol using existing libraries.
- Privacy-preserving SVM training and/or predictions: apply MPC techniques to train SVM models on encrypted data. 1. Understand SVM. 2. Collect datasets and implement training and predictions on plaintext data. 3. Use only those computations efficiently supported by MPC, compare the accuracy to the baseline. 4. Implement the MPC protocol using existing libraries.
Ethics & Academic Integrity Statement and Policy
“An Aggie does not lie, cheat, or steal or tolerate those who do.” For additional information, please visit: http://aggiehonor.tamu.edu.
Upon accepting admission to Texas A&M University, a student immediately assumes a commitment to uphold the Honor Code, to accept responsibility for learning, and to follow the philosophy and rules of the Honor System. Students will be required to state their commitment on examinations, research papers, and other academic work. Ignorance of the rules does not exclude any member of the TAMU community from the requirements or the processes of the Honor System.