about me

photo of me Photo by Vanessa Däscher

I am an assistant professor in MIT's EECS department and a member of CSAIL. My research focuses on computer security, cryptography, and computer systems.

At MIT, I work with students and faculty in the PDOS and CSS research groups. I also co-host the MIT Security Seminar series.

A longer version of my bio is here.


students

Undergraduate researchers:
Katarina Cheng
Past students and researchers:
Listed here


research

I build systems that use cryptography to empower and protect their users. The projects that excite me the most: (1) serve the interests of the end user, (2) provide strong and precise forms of security, often using new cryptographic ideas, and (3) have impact through real-world deployment.

  • Private search. We built the Tiptoe system, which lets a client search a chunk of the web while hiding its query from the search engine itself.
  • Private information retrieval. These systems allow a client to query a remote database server while hiding its query from the server. Our work has reduced the computational cost of these schemes using preprocesing, the relative popularity of different database items, and lattice-based cryptography. We have also strengthened the security properties they provide, and applied them to practical private-search problems.
  • Privacy-preserving collection of aggregate statistics. Our Whisper, Poplar, and Prio systems have made it possible to gather user data at large scale in a privacy-protecting way.
  • Secure authentication. Our Larch, SafetyPin and True2F, systems for authentication that provide strong hardware-backed security protections, while still protecting against a wide class of hardware faults and backdoors.
For more details, please see my full list of publications.


impact

  • Apple's "Enhanced Visual Search" feature on iOS uses techniques derived from our work on private search.
  • Google and Apple used our systems for private-aggregation to measure the effectiveness of Covid-19 exposure-notification apps on iOS and Android.
  • Mozilla uses our private-aggregation systems to collect browser-usage data in a privacy-friendly way.
  • Apple uses our Prio system for private aggregation to improve the iOS Photos app.
  • Divvi Up is a non-profit (run by the same organization behind the Let's Encrypt) dedicated to deploying private-aggregation systems based on Prio and our zero-knowledge proofs on secret-shared data.
  • IETF standards formalizing our systems for private aggregation are in progress, and our work on password hashing influenced the Argon2 RFC.
  • NIST standards recommend our algorithm for password hashing.

activities

history

Before coming to MIT, I completed my PhD in computer science at Stanford, advised by Dan Boneh. I also spent one year as a postdoc at EPFL, hosted by Bryan Ford.

I graduated from Yale University in 2010 with a B.S. in computer science. Before that, I grew up in Berkeley, California and was a student at Berkeley High School.


disclosure

A variety of companies and government agencies fund my group's research. See the "acknowledgements" sections of my papers for details on funding sources.