MIT 6.S976 and 18.S996 (Spring 2026)
Cryptography and Machine Learning: Foundations and Frontiers
Cryptography and Machine Learning: Foundations and Frontiers
Course Description
Cryptography offers a playbook for building trust on untrusted platforms. This course applies that playbook to modern machine learning. We will study how cryptographic modeling and tools—ranging from privacy-preserving algorithms to interactive proofs and debate protocols—can endow ML systems with privacy, verifiability, and reliability. Topics include mechanisms for data and model privacy; methods to verify average-case quality and certify worst-case correctness; and strategies for robustness and alignment across discriminative and generative models. The course will start to draw the contours of a new field at the Crypto × ML interface and identify concrete problems in trustworthy ML that benefit from cryptographic thinking and techniques.Prerequisites: 6.1220 (Algorithms) AND 6.390 (Intro to Machine Learning); or equivalent. Alternatively, permission from the instructors.
Course Information
| INSTRUCTORS |
Shafi Goldwasser Email: shafi at csail dot mit dot edu |
|
Vinod Vaikuntanathan Email: vinodv at csail dot mit dot edu |
|
| LOCATION AND TIME | Tuesday and Thursday 11:00-12:30pm in 24-115 |
| TAs |
Neekon Vafa Email: nvafa at mit dot edu |
| ASSIGNMENTS AND GRADING |
Grading will be based on 1-2 problem sets, a final project and class participation.
|
Schedule (tentative and subject to change)
| Lecture | Topic |
| Module 1: Introduction to the Course and ML/Crypto Basics | |
| Lecture 1 (Tue Feb 3) | Overview of the course. Shafi's Slides and Vinod's Slides. |
| Lecture 2 (Thu Feb 5) | ML basics: Classification, Regression, Generation; Access models to data. |
| Lecture 3 (Tue Feb 10) | Crypto basics: Secure communication, one-time pads, pseudorandomness (computational indistinguishability). |
| Lecture 4 (Thu Feb 12) | Crypto basics, continued: pseudorandom generators (one-time pad) and functions (encryption, MAC), private-key encryption |
| No Lecture (Tue Feb 17) | No classes |
| Lecture 5 (Thu Feb 19) | Watermarking: problem definition, digital signatures, classical approaches, watermarking LLM outputs. |
| Lecture 6 (Tue Feb 24) | Watermarking: pseudorandom codes and robust watermarking; open problems. |
| Lecture 7 (Thu Feb 26) | Robustness: adversarial examples. |
| Lecture 8 (Tue Mar 3) | Hallucinations and how to mitigate them. |
| Lecture 9 (Thu Mar 5) | Verification: crypto tools, interactive proofs, zero knowledge. |
| Lecture 10 (Tue Mar 10) | PAC verification: how to verify properties of models? |
| Lecture 11 (Thu Mar 12) | Self-proving LLM, modify interactive proofs to the learning setting. |
| Lecture 12 (Tue Mar 17) | Self-proving LLM (contd.) |
| Lecture 13 (Thu Mar 19) | Lean: a different take on verification. |
| Lecture 14 (Tue Mar 31) | Robust statistics (in training). |
| Lecture 15 (Thu Apr 2) | Backdoors in ML. |
| Lecture 16 (Tue Apr 7) | Backdoors in ML. |
| Lecture 17 (Thu Apr 9) | Alignment. |
| Lecture 18 (Tue Apr 14) | Alignment: Inference-time Compute |
| Lecture 19 (Thu Apr 16) | Privacy 1: differential privacy, copyright protection. |
| Lecture 20 (Tue Apr 21) | Privacy 2: machine unlearning. |
| Lecture 21 (Thu Apr 23) | Privacy 3: model stealing. |
| Lecture 22 (Tue Apr 28) | Privacy 3: model stealing (continued) |
| Lecture 23 (Thu Apr 30) | Privacy 4: cryptographic techniques, Homomorphic Encryption, Private Information Retrieval. ML techniques, embeddings. |
| Lecture 24 (Tue May 5) | Cryptographic techniques, continued. Federated learning. |
| Lecture 25 (Tue May 7) | Crypto for ML efficiency. |
| Lecture 26 (Tue May 12) | Project presentations. |