Interested in Working With Me?

If you are reading this, you might be interested in working with me as a PhD student. Wonderful! I put this together for a couple of reasons: (1) I want to be transparent, both to increase the chances of a good fit and to keep myself accountable, and (2) I acknowledge that it might be a little tricky to figure out what I’m about just by looking at my publications.

Before emailing me about working with me, I would appreciate it if you could take the time to read this page and reflect on whether or not we would be a good fit.

As you can see, I do not tend to write briefly—apologies in advance.

My Interests

I am an applied cryptographer who is currently in the process of unpacking what it means to do human-centered cryptography. This means that I use the technical tools provided by cryptography to do work at the intersection of many subdisciplines, including theoretical cryptography, systems security, usable security, and cybersecurity policy. I am also interested in the emerging area of CS+Law and have co-taught a law school class.

As a corollary of having interests at this intersection, my published work might appear to be a little broad. I actively work on several core technical areas, including secure multiparty computation (MPC), zero knowledge (ZK), and steganography. I also work on building new cryptosystems (with a focus on social accountability) and studying how end users will interact with cryptosystems.

Two popular areas that are not first order interests of mine are blockchains and privacy preserving machine learning. There is a lot of fantastic work going on in these areas, but neither currently features significantly in what I hope to focus on in the near future. If you find yourself primarily drawn to these areas, we may not be the best fit.

Who Would Fit Well With Me?

Because the meat of the work I do is cryptography, I’m looking for students who are interested in investing in learning the foundational skills of modern cryptography—including protocol design, definition writing, proof writing, and implementation. If you aren’t interested in spending time getting into the technical weeds of cryptography, we probably aren’t a great fit. If you are most interested in the usability of cryptography stuff I have been working on, you might want to consider applying to work with one of my collaborators (eg. Elissa Redmiles, Allison McDonald, or Michelle Mazurek) and we can discuss the potential of some kind of co-advising arrangement.

Some other indicators that we might be a good match:

• You have a strong background in math and/or computer science, have experience writing proofs, and preferably some prior exposure to cryptography.
• You are interested in keeping up to date with current events and developments in the digital privacy world. These are sources of new problems in my work.
• You are interested in reflecting on the way that structural power shapes both your life and the way the world around you operates. Information is power, and thus engaging in applied cryptography means grappling with power dynamics. Additionally, some of my work involves engaging directly with non-academic communities, and building trust within those relationships requires reflecting on the power we hold as individuals.
• You are interested in or are open to other epistemologies (ways of knowing). I try to work interdisciplinarily, which requires appreciating that other fields have other ways of establishing facts and norms that are legitimate. As Mayank Varia likes to say, “cryptography is a social science masquerading as mathematics,” and I always find it refreshing to engage directly with those social science roots.

What is Applied Cryptography?

Applied cryptography, as a term, only really makes sense when it is compared to the alternative — theoretical cryptography (or cryptographic theory). The latter is a branch of CS Theory, while applied cryptography occupies a space between Theory and Systems.

Applied cryptography can sometimes feel like a grab-bag of a field, because in practice there are many different ways/motivations for studying applied cryptography. Some folks are primarily driven by making cryptographic primitives efficient enough to run in the real world—that is, they are a cryptographer who cares about constants more than they care about asymptotics. Others are motivated to build new things with cryptography that have either commercial or social implications. For example, not just how to build efficient MPC, but also what to do with efficient MPC or figuring out how the study of MPC needs to change in order to enable new applications. The divide between these two is not absolute and most applied cryptographers do both, as both drive important contributions to the field.

My work in applied cryptography is motivated by the observation, best articulated by Phil Rogaway, that “cryptography rearranges power… [making it] an inherently political tool.” Put another way, cryptography provides a formal language with which we can reason about power. As such, I try to study cryptography directly within political and social contexts. This means building cryptosystems whose requirements are explicitly shaped by events in the world, and I’m most drawn to cryptography with requirements that are explicitly social in nature (as opposed to commercial).

This particular brand of applied cryptography requires becoming a little bit of a generalist, in that you need to be familiar with lots of different branches of cryptography. This is because you never know what primitive you will need to construct the next system, so knowing your options is key. The best way to do this is to go to all the seminars you can, and actually try to retain some of the information you hear. There’s too much cryptography to be an expert in everything, but it’s possible to have a rough idea of the new exciting ideas coming out of the theory world. This process can be (and sound) intimidating, but don’t worry — there’ll be plenty of resources and support available to make it approachable.

Potential Upsides of Working With Me

I hope to support my students as best I can. Here are some upsides you can expect when working with me:

• My advising style is quite hands-on and pretty flexible. We will find a meeting cadence that works for both of us and you can expect to see me multiple times a week (if that’s what you want). I was only a successful student because of the holistic advising I received (ie. being supported both as an aspiring academic and as a person), and I hope to pay that forward.
• I have every intention of getting into the technical weeds of problems with you, assuming that is what you want.
• I believe that learning happens best within a community. As such, I will do my best to foster a lab environment in which students want to collaborate with one another. We should all be invested in each other's successes and ready to support each other when things go poorly.
• I personally think studying cryptography within social contexts is the most exciting and engaging way to study the subject. It keeps you fresh and prevents you from getting stuck on a single problem forever. Plus, cryptography is magic and you get to really see the magic of it when considered in an applied setting.
• Working with me, you will have the option to engage with researchers from multiple other subdisciplines and be exposed to a wide range of ideas. In other words, I hope to provide an environment that is both technically challenging and intellectually rich.
• UMD is a leading program in security and cryptography. This means there is a lot of ability to explore different parts of the field and collaborate with lots of students and faculty. Also, if we decide that we aren’t a great fit, there is a chance of finding another advisor who has overlapping interests.

Potential Downsides of Working With Me

Grad school can be a hard endeavor. When things are going well, your advisor should not be an additional source of hardship. In an attempt to be forthright and transparent, I acknowledge that there are ways in which I need to continue growing. Here are some potential downsides of working with me:

• The spending power of UMD’s PhD stipend is lower than peer institutions, although it has been raised significantly in last year such that hopefully this will not be prohibative.
• I believe teamwork is necessary to be successful as an applied cryptographer, as you will need a deep bench of colleagues to work with as you navigate new areas of cryptography. I will require working in teams, which may not be your cup of tea.
• I try to always be available to talk to, but I can be mediocre about logistics. I will probably ask you to do some managing up.
• I am pretty forthright about my progressivism (as it informs much of my academic work). If that’s not something you are comfortable with, it may strain our working relationship--we don't need to agree, but you can expect my feelings on these issues to be present in my work.
• I'm strict about protecting much of my weekend time (ie. I will not respond to messages) because I'm an observant Jew. Similarly, there will be sporadic holidays throughout the year during which I will be offline. This means we will occasionaly need to work around some hard scheduling limmitations.

Concluding Thoughts

Ok. You read the thing. Now what?

Take a little bit of time to digest the above and consider if we are a good fit and maybe read Dave Even's blog post on sending good prospective student emails. If you think so, you should apply to the CS PhD program at UMD, marking me as a potential advisor. I strongly suggest writing your research statement in a way that will clearly demonstrate why we would be a good fit, informed by this post. If you want to chat with me about the PhD, you can send me an email with the following:

• A subject line “Pineapple Salesman Position”
• A copy of your resume & transcript
• A paragraph describing your research interests
• A paragraph describing why you think we would be a good fit
• A way in which one of my papers could be better or an approach that might improve on the results in one of my papers. (Yes, I know its weird to include what feels like criticism in an initial email. I promise I won't take it personally - improving on what is already known is what you do as a researcher!)

If it seems like there's potential, we can find time to chat and discuss more.