News
Exam RegistrationWritten on 10.07.25 (last change on 10.07.25) by Tim Rausch Hi everyone, this is a gentle reminder to register for the exam which will take place on August 1, 9:30-11:30. For students at Saarland University: If you have note registered on LSF for the exam yet, do not forget to do this before the usual deadline (which is one week before the exam). We… Read more Hi everyone, this is a gentle reminder to register for the exam which will take place on August 1, 9:30-11:30. For students at Saarland University: If you have note registered on LSF for the exam yet, do not forget to do this before the usual deadline (which is one week before the exam). We suggest to sign up now if you are planning to take the exam and have not done so yet. The exam will take place in lecture hall HS001 in E1.3. For students in Hamburg and Dortmund: Please follow your local procedures to sign up for the exam. Due to scheduling conflicts, there will unfortunately be no office hour on July 30 (the week of the exam). Please use one of the two remaining office hours before the exam or use the Mattermost if you have any questions. If you have any more questions, do not hesitate to reach out on Mattermost! |
Project 3 ReleaseWritten on 25.06.25 by Tim Rausch Hi everyone,
we're releasing Project 3 today. The submission is due on August 15. As with the previous projects, there is a handout in the materials section and here are further instructions on how to access the skeleton, use our remote development environment, and to submit your… Read more Hi everyone,
we're releasing Project 3 today. The submission is due on August 15. As with the previous projects, there is a handout in the materials section and here are further instructions on how to access the skeleton, use our remote development environment, and to submit your solution:
To get the skeleton code for project 3, you need to pull the
project3 branch from the reference repo. Below is an example of how this can be done:# check if you have added the reference repo as an upstream $ git remote -v # if not, add the reference repo as an upstream # if you use git over SSH, consider using ssh://git@lab-pets.privacy-preserving.systems:2224/pets25-h/ref/ref.git $ git remote add ref https://lab-pets.privacy-preserving.systems/pets25-h/ref/ref.git # pull the new branches and checkout $ git pull $ git checkout project3 # if you so wish, you can create a separate branch to host your work $ git checkout -b project3-wip This project requires collecting traces of traffic over the Tor network. For this, we have set up a test Tor network as well as a remote developing environment with the necessary facilities pre-installed. Use the following information to access your personal dev env:
- Host:
lab-pets.privacy-preserving.systems- Port: 6565
- Username & password: as per CMS notes (same as for project 2)
Once you have successfully logged into the remote environment, you can toy around and start working:
- You can safely save your code and traces under
/persist, this directory persists through server maintenance and restart, while files stored elsewhere will be lost.- You should be able to use the
petrelic package in Python as well as other necessary tools for capturing the traffic (e.g. tcpdump)A few points to note:
- As always, please use the persistent storage with courtesy, do not use it as your Google Drive.
- Use this environment only for collecting traces. In particular, do not run resource-intensive tasks.
- Start early on. Collecting traces needs time. Our test Tor network is also configured to mimic real network's delay & jitter. Leaving things until the last minute might expose you to all kinds of unforeseen problems.
- If you need addition Python packages, use
pip inside a virtual environment.- If you need any other tools that are otherwise impossible to install or run without root privilege, please get in touch. However, you shouldn't need extra tools than the ones provided for this project.
- In the rare case where your dev env or our test Tor network requires a restart, we will issue a notification in advance, so you can plan accordingly.
- Backup your progress often, including your traces. We have configured the persistent storage to persist, of course, but backing up is always a good idea.
To submit:
- Push your code to the
project3-submission branch of your personal repo before the deadline.Should you have any questions or run into unexpected issues, don't hesitate to ask on Mattermost.
|
Privacy-Enhancing Technologies
Digital technologies have become an essential part of our day-to-day lives. While often beneficial, these technologies also bring great privacy risks. In this course, you will learn how to mitigate these risks by designing privacy-friendly systems and how to evaluate the privacy protections offered by systems.
To reason about the privacy of systems you will learn how to define desirable privacy properties and how to reason about privacy attackers. Privacy can be violated both at the application level (i.e., what data parties exchange) as well as on the meta-data level (i.e., how parties exchange data). You will learn about techniques to offer protection at both of these layers.
On the application layer, we’ll discuss cryptographic techniques such as secure multi-party computation, homomorphic encryption, and anonymous authentication that together can be used to ensure privacy at the application layer. We will also discuss data anonymisation techniques such as k-anonymity and differential privacy to enable privacy-friendly data publishing. On the meta-data level, we’ll explore techniques for anonymous communication, censorship resistance, (browser) tracking, and location privacy.
At the end of this course you will be able to:
- Explain basic building blocks for designing privacy-friendly systems
- Combine these building blocks to solve simple problems while maintaining privacy
- Evaluate the privacy of simple proposed systems.
Prerequisites
The privacy-enhancing technologies class is an advanced lecture. You will learn a lot about how to design and analyse privacy-friendly systems, but this is not an easy 6EC course. A basic understanding of security and cryptography (as taught for example in CySec1/CySec2 or the Security course) is essential to be able to follow the material in this course. If you have not mastered this material we strongly recommend you to take this course next year instead.
Schedule
Main Lecture: Tuesday from 2pm c.t. to 4pm
Exercises/Discussion: Tuesday from 4pm s.t. to 5pm
Room: E9.1 (CISPA building), room 0.05 (main lecture room)
Schedule
The following schedule is subject to small changes.
- April 8: Introduction to Privacy
- April 15: Secure Multi-Party Computation (remote)
- April 22: Crypto Recap + Zero-knowledge Proofs (recorded)
- Apr 29: Attribute-Based Credentials
- May 6: Tracking
- May 13: Fully-Homomorphic Encryption
- May 20: Anonymous Communication
- May 27: Censorship Resistance
- June 3: no class
- June 10: Website Fingerprinting
- June 17: Anonymization / Protected Data Release (online)
- June 24: Differential Privacy
- July 1: (Bonus) End-to-End Privacy-Friendly Systems
Format
The course will be hybrid, but attending the lectures and exercise sessions is strongly recommended for UdS students. Attending online only possible in exceptional cases. We will publish recordings of the lectures. We will not publish recordings of the exercise/discussion sessions. Learning to reason about privacy is difficult. We strongly recommend that you attend the exercise/discussion sessions to practice your reasoning skills.
Exercise Class / Office Hours
We offer office hours to answer questions regarding the content of the lecture, exercise sheets, and projects. Feel free to drop by in person or remotely if you have any questions.
In Person
Times: Wednesday, 3pm s.t. -- 4pm
Location: CISPA building (E9.1), Room 1.02
Remote
The remote office hours are primarily intended for those who cannot attend the in-person office hour. Please book a time slot in advance via the sheet linked in the Materials section.
Times: Wednesday, 2pm s.t. -- 3pm
Location: Zoom (Link in Materials section)
Grading
The final grade for this course consists of 60% for the final exam and 40% for the projects.
Grading subject to small changes. Details will be explained in the first lecture.
Projects
As part of this class you will work on three projects to implement and evaluate a privacy-preserving system. The projects contribute 40% to the final grade: 10% for the first project and 15% for each of the second and third projects. There is no option to improve the grade for the projects.
Final Exam
Exam date: August 1, 2025, 9:30am s.t. -- 11:30am
Format: Written exam
Location: E1.3, HS001
The final written exam tests your understanding of the material covered in the class, exercises, and projects. You must receive a passing grade on the exam alone. If you do, the exam is graded and contributes 60% to the final grade.
The re-exam will take place on:
Exam date: September 19, 2025, 9:30am s.t. -- 11:30am
Format: Written Exam
Location: tbd