Stanford University

Applied Cryptography Group

The Applied Crypto Group is a part of the Security Lab in the Computer Science Department at Stanford University. Research projects in the group focus on various aspects of network and computer security. In particular the group focuses on applications of cryptography to real-world security problems. For more information follow the links below.

Lattices in Cryptography

Integer lattices have found many applications in cryptography: in proofs of security, in attacks, and in constructing cryptosystems.

Crypto currencies and blockchains

Developing cryptographic tools for crypto currencies and blockchain applications. Also teaching a course on the topic, CS251, offered in the fall quarter.


Can multi-user services operate without sending all user data to the cloud in the clear? Some examples include private location-based services, private computation of aggregate statistics, private recommendation systems, private queries to a database, and anonymous messaging.

Computer and Web Security

Computer security research explores architectures that improve software security and enhances our understanding of attack strategies. Our research covers SSL and TLS, Web security, and areas of operating systems security.

Past Projects

Bullteproofs: Short Proofs for Confidential Transactions and More
Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
Order-Revealing Encryption
Balloon Hashing: Memory-Hard Password Hashing
PowerSpy: Location Tracking using Mobile Device Power Analysis
Riposte: An Anonymous Messaging System Handling Millions of Users
Gyrophone: Recognizing Speech from Gyroscope Signals
PORTIA: Managing sensitive information in a wired world
Location privacy
Identity Based Encryption email system (IBE secure email)
The ITTC project: Intrusion tolerance via threshold cryptography
Electronic wallets project: wallets for desktops and handheld devices

Export Control Warning: The US Government regulates the physical export or transmission of cryptographic source and corresponding object code outside the borders of the US and within the US when the recipient is an embassy or an affiliate of a foreign government. Posting encrypted code to the internet and making it publicly available is considered an export and may entail US government notification requirements. Please see Stanford's Export Control Encryption Page if you have a need to take, transfer or transmit Stanford-generated encryption code outside of the US or to share it with US-based representatives of foreign governments.