Updated July 7, 2022
`
`Thomas Ristenpart
`Associate Professor
`Cornell Tech
`273 Bloomberg Center, 2 West Loop Road, New York, NY 10044
`email : ristenpart@cornell.edu
`office: 1-646-971-3842
`web: https://rist.tech.cornell.edu
`
`Academic Background
`
`University of California, San Diego. Ph.D. in Computer Science, November 2010.
`Advisor: Prof. Mihir Bellare
`
`University of California, Davis. M.S. in Computer Science, June 2005.
`Advisor: Prof. Matt Bishop
`
`University of California, Davis. B.S. in Computer Science and Engineering, June 2003.
`
`Work History
`
`Associate Professor (with tenure)
`Cornell Tech & Department of Computer Science, Cornell University
`May 2019 – present
`
`Associate Professor (tenure track)
`Cornell Tech & Department of Computer Science, Cornell University
`May 2015 – May 2019
`
`Assistant Professor (tenure track)
`Department of Computer Sciences, University of Wisconsin
`January 2011 – May 2015
`
`Visiting researcher
`
`Microsoft Research
`June 2011
`
`University of Lugano
`April 2008 – June 2008
`
`University of Washington
`June 2007 – September 2007
`
`Graduate student researcher
`UC San Diego
`September 2005 – December 2010
`
`UC Davis
`July 2003 – June 2005
`
`Software engineering intern
`
`Center for Computing Sciences
`Summer 2004
`
`Microsoft
`Summers 2001, 2002
`
`Micron Technologies, Inc.
`Summers 1999, 2000
`
`Awards
`• Best Paper Award at CHI 2022 for paper [94]
`• Best Paper Award at CSCW 2020 for paper [88]
`
`1
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 1
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`• Distinguished Paper Award and Facebook Internet Defense Prize (third prize) for USENIX Security 2020
`paper [87]
`• Distinguished Paper Award for USENIX Security 2020 paper [86]
`• Test-of-time award for CCS 2009 paper [12]
`• Advocate of New York City 2019 award from New York City Mayor’s Office to End Domestic and Gender-
`Based Violence
`• Honorable Mention Award for CSCW 2019 paper [72]
`• Best Paper Award at ACM CHI 2018 for paper [72]
`• Distinguished Student Paper Award at IEEE Symposium on Security and Privacy 2016 for paper [55]
`• Sloan Foundation Research Fellow 2015
`• Best Paper at USENIX Security 2014 for paper [38]
`• Runner up for Award for Outstanding Research in Privacy Enhancing Technologies 2014 and New Digital
`Age grant from Google Executive Chairman Eric Schmidt for paper [31]
`• NSF CAREER Award 2013
`• Computer Science and Engineering Department Dissertation Award, University of California, San Diego,
`2011
`• Before graduate school: UC Regents Scholarship (2001-2003), Albert W. Bijou Scholarship (2000), Edward
`Frank Kraft Prize (2000), UC Davis College of Engineering Annual Fund Scholarship (2000), San Francisco
`Bay Area Engineering Council Scholarship (1999), Wakeman Scholarship from the UC Regents (1999), UC
`Davis Alumni Association Leadership Scholarship (1999)
`
`Publications
`
`[1] Mihir Bellare and Thomas Ristenpart. “Multi-Property-Preserving Hash Domain Extension and the EMD
`Transform”. In: ASIACRYPT. Vol. 4284. Lecture Notes in Computer Science. Springer, 2006, pp. 299–314.
`
`[2] Francis Hsu, Hao Chen, Thomas Ristenpart, Jason Li, and Zhendong Su. “Back to the Future: A Framework
`for Automatic Malware Removal and System Repair”. In: ACSAC. IEEE Computer Society, 2006, pp. 257–
`268.
`
`[3] Thomas Ristenpart and Phillip Rogaway. “How to Enrich the Message Space of a Cipher”. In: FSE. Vol. 4593.
`Lecture Notes in Computer Science. [Retracted February 2015]. Springer, 2007, pp. 101–118.
`
`[4] Thomas Ristenpart and Scott Yilek. “The Power of Proofs-of-Possession: Securing Multiparty Signatures
`against Rogue-Key Attacks”. In: EUROCRYPT. Vol. 4515. Lecture Notes in Computer Science. Springer,
`2007, pp. 228–245.
`
`[5] Mihir Bellare and Thomas Ristenpart. “Hash Functions in the Dedicated-Key Setting: Design Choices and
`MPP Transforms”. In: ICALP. Vol. 4596. Lecture Notes in Computer Science. Springer, 2007, pp. 399–410.
`
`[6] Thomas Ristenpart and Thomas Shrimpton. “How to Build a Hash Function from Any Collision-Resistant
`Function”. In: ASIACRYPT. Vol. 4833. Lecture Notes in Computer Science. Springer, 2007, pp. 147–163.
`
`[7] Thomas Ristenpart, Gabriel Maganis, Arvind Krishnamurthy, and Tadayoshi Kohno. “Privacy-Preserving
`Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties
`with DHTs”. In: USENIX Security Symposium. USENIX Association, 2008, pp. 275–290.
`
`2
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 2
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`[8] Mihir Bellare, Marc Fischlin, Adam O’Neill, and Thomas Ristenpart. “Deterministic Encryption: Definitional
`Equivalences and Constructions without Random Oracles”. In: CRYPTO. Vol. 5157. Lecture Notes in Com-
`puter Science. Springer, 2008, pp. 360–378.
`
`[9] Mihir Bellare and Thomas Ristenpart. “Simulation without the Artificial Abort: Simplified Proof and Im-
`proved Concrete Security for Waters’ IBE Scheme”. In: EUROCRYPT. Vol. 5479. Lecture Notes in Computer
`Science. Springer, 2009, pp. 407–424.
`
`[10] Yevgeniy Dodis, Thomas Ristenpart, and Thomas Shrimpton. “Salvaging Merkle-Damg˚ard for Practical Ap-
`plications”. In: EUROCRYPT. Vol. 5479. Lecture Notes in Computer Science. Springer, 2009, pp. 371–388.
`
`[11] Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. “Format-Preserving Encryption”. In:
`Selected Areas in Cryptography. Vol. 5867. Lecture Notes in Computer Science. Springer, 2009, pp. 295–312.
`
`[12] Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. “Hey, you, get off of my cloud: exploring
`information leakage in third-party compute clouds”. In: ACM Conference on Computer and Communications
`Security. ACM, 2009, pp. 199–212.
`
`[13] Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham, and Scott Yilek.
`“Hedged Public-Key Encryption: How to Protect against Bad Randomness”. In: ASIACRYPT. Vol. 5912.
`Lecture Notes in Computer Science. Springer, 2009, pp. 232–249.
`
`[14] Thomas Ristenpart and Scott Yilek. “When Good Randomness Goes Bad: Virtual Machine Reset Vulnera-
`bilities and Hedging Deployed Cryptography”. In: NDSS. The Internet Society, 2010.
`
`[15] Marc Fischlin, Anja Lehmann, Thomas Ristenpart, Thomas Shrimpton, Martijn Stam, and Stefano Tessaro.
`“Random Oracles with(out) Programmability”. In: ASIACRYPT. Vol. 6477. Lecture Notes in Computer
`Science. Springer, 2010, pp. 303–320.
`
`[16] Thomas Ristenpart, Hovav Shacham, and Thomas Shrimpton. “Careful with Composition: Limitations of the
`Indifferentiability Framework”. In: EUROCRYPT. Vol. 6632. Lecture Notes in Computer Science. Springer,
`2011, pp. 487–506.
`
`[17] Kenneth G. Paterson, Thomas Ristenpart, and Thomas Shrimpton. “Tag Size Does Matter: Attacks and Proofs
`for the TLS Record Protocol”. In: ASIACRYPT. Vol. 7073. Lecture Notes in Computer Science. Springer,
`2011, pp. 372–389.
`
`[18] Qing Zhang, Thomas Ristenpart, Stefan Savage, and Geoff Voelker. “Got Traffic? An Evaluation of Click
`Traffic Providers”. In: WICOM/AIRWeb Workshop on Web Quality. 2011.
`
`[19] Benjamin Farley, Ari Juels, Venkatanathan Varadarajan, Thomas Ristenpart, Kevin D. Bowers, and Michael
`M. Swift. “More for your money: exploiting performance heterogeneity in public clouds”. In: SoCC. ACM,
`2012, p. 20.
`
`[20] Yevgeniy Dodis, Thomas Ristenpart, and Salil P. Vadhan. “Randomness Condensers for Efficiently Samplable,
`Seed-Dependent Sources”. In: TCC. Vol. 7194. Lecture Notes in Computer Science. Springer, 2012, pp. 618–
`635.
`
`[21] Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. “Peek-a-Boo, I Still See You:
`Why Efficient Traffic Analysis Countermeasures Fail”. In: IEEE Symposium on Security and Privacy. IEEE
`Computer Society, 2012, pp. 332–346.
`
`[22] WesLee Frisby, Benjamin Moench, Benjamin Recht, and Thomas Ristenpart. “Security Analysis of Smart-
`phone Point-of-Sale Systems”. In: WOOT. USENIX Association, 2012, pp. 22–33.
`
`[23] Mihir Bellare, Thomas Ristenpart, and Stefano Tessaro. “Multi-instance Security and Its Application to
`Password-Based Cryptography”. In: CRYPTO. Vol. 7417. Lecture Notes in Computer Science. Springer, 2012,
`pp. 312–329.
`
`[24] Yevgeniy Dodis, Thomas Ristenpart, John P. Steinberger, and Stefano Tessaro. “To Hash or Not to Hash
`Again? (In)Differentiability Results for H 2 and HMAC”. In: CRYPTO. Vol. 7417. Lecture Notes in Computer
`Science. Springer, 2012, pp. 348–366.
`
`[25] Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M. Swift.
`“Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense)”. In: ACM Conference
`on Computer and Communications Security. ACM, 2012, pp. 281–292.
`
`[26] Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. “Cross-VM side channels and their
`use to extract private keys”. In: ACM Conference on Computer and Communications Security. ACM, 2012,
`pp. 305–316.
`
`3
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 3
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`[27] Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart. “Message-Locked Encryption and Secure Dedupli-
`cation”. In: EUROCRYPT. Vol. 7881. Lecture Notes in Computer Science. Springer, 2013, pp. 296–312.
`
`[28] Drew Davidson, Benjamin Moench, Thomas Ristenpart, and Somesh Jha. “FIE on Firmware: Finding Vul-
`nerabilities in Embedded Systems Using Symbolic Execution”. In: USENIX Security Symposium. USENIX
`Association, 2013, pp. 463–478.
`
`[29] Sriram Keelveedhi, Mihir Bellare, and Thomas Ristenpart. “DupLESS: Server-Aided Encryption for Dedupli-
`cated Storage”. In: USENIX Security Symposium. USENIX Association, 2013, pp. 179–194.
`
`[30] Thomas Ristenpart and Scott Yilek. “The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N
`Queries”. In: CRYPTO (1). Vol. 8042. Lecture Notes in Computer Science. Springer, 2013, pp. 392–409.
`
`[31] Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. “Protocol misidentification made
`easy with format-transforming encryption”. In: ACM Conference on Computer and Communications Security.
`ACM, 2013, pp. 61–72.
`
`[32] Keqiang He, Alexis Fisher, Liang Wang, Aaron Gember, Aditya Akella, and Thomas Ristenpart. “Next stop,
`the cloud: understanding modern web service deployment in EC2 and azure”. In: Internet Measurement
`Conference. ACM, 2013, pp. 177–190.
`
`[33] Ari Juels and Thomas Ristenpart. “Honey Encryption: Encryption beyond the Brute-Force Barrier”. In: IEEE
`Security & Privacy 12.4 (2014), pp. 59–62.
`
`[34] Ari Juels and Thomas Ristenpart. “Honey Encryption: Security Beyond the Brute-Force Bound”. In: EURO-
`CRYPT. Vol. 8441. Lecture Notes in Computer Science. Springer, 2014, pp. 293–310.
`
`[35] Adam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, and Michael M. Swift. “Not-So-Random
`Numbers in Virtualized Linux and the Whirlwind RNG”. In: IEEE Symposium on Security and Privacy. IEEE
`Computer Society, 2014, pp. 559–574.
`
`[36] Robert Jellinek, Yan Zhai, Thomas Ristenpart, and Michael M. Swift. “A Day Late and a Dollar Short: The
`Case for Research on Cloud Billing Systems”. In: HotCloud. USENIX Association, 2014.
`
`[37] Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Risten-
`part, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson. “On the Practical
`Exploitability of Dual EC in TLS Implementations”. In: USENIX Security Symposium. USENIX Association,
`2014, pp. 319–335.
`
`[38] Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. “Privacy
`in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing”. In: USENIX Security
`Symposium. USENIX Association, 2014, pp. 17–32.
`
`[39] Daniel Luchaup, Kevin P. Dyer, Somesh Jha, Thomas Ristenpart, and Thomas Shrimpton. “LibFTE: A
`Toolkit for Constructing Practical, Format-Abiding Encryption Schemes”. In: USENIX Security Symposium.
`USENIX Association, 2014, pp. 877–891.
`
`[40] Venkatanathan Varadarajan, Thomas Ristenpart, and Michael M. Swift. “Scheduler-based Defenses against
`Cross-VM Side-channels”. In: USENIX Security Symposium. USENIX Association, 2014, pp. 687–702.
`
`[41] Daniel Luchaup, Thomas Shrimpton, Thomas Ristenpart, and Somesh Jha. “Formatted Encryption Beyond
`Regular Languages”. In: ACM Conference on Computer and Communications Security. ACM, 2014, pp. 1292–
`1303.
`
`[42] Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. “Cross-Tenant Side-Channel Attacks in
`PaaS Clouds”. In: ACM Conference on Computer and Communications Security. ACM, 2014, pp. 990–1003.
`
`[43] Liang Wang, Antonio Nappa, Juan Caballero, Thomas Ristenpart, and Aditya Akella. “WhoWas: A Platform
`for Measuring Web Deployments on IaaS Clouds”. In: Internet Measurement Conference. ACM, 2014, pp. 101–
`114.
`
`[44] Yevgeniy Dodis, Chaya Ganesh, Alexander Golovnev, Ari Juels, and Thomas Ristenpart. “A Formal Treatment
`of Backdoored Pseudorandom Generators”. In: EUROCRYPT (1). Vol. 9056. Lecture Notes in Computer
`Science. Springer, 2015, pp. 101–126.
`
`[45] Rahul Chatterjee, Joseph Bonneau, Ari Juels, and Thomas Ristenpart. “Cracking-Resistant Password Vaults
`Using Natural Language Encoders”. In: IEEE Symposium on Security and Privacy. IEEE Computer Society,
`2015, pp. 481–498.
`
`4
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 4
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`[46] Adam Everspaugh, Rahul Chatterjee, Samuel Scott, Ari Juels, and Thomas Ristenpart. “The Pythia PRF
`Service”. In: USENIX Security Symposium. USENIX Association, 2015, pp. 547–562.
`
`[47] Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael M. Swift. “A Placement Vul-
`nerability Study in Multi-Tenant Public Clouds”. In: USENIX Security Symposium. USENIX Association,
`2015, pp. 913–928.
`
`[48] David Cash, Paul Grubbs, Jason Perry, and Thomas Ristenpart. “Leakage-Abuse Attacks Against Searchable
`Encryption”. In: ACM Conference on Computer and Communications Security. ACM, 2015, pp. 668–679.
`
`[49] Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. “Model Inversion Attacks that Exploit Confidence
`Information and Basic Countermeasures”. In: ACM Conference on Computer and Communications Security.
`ACM, 2015, pp. 1322–1333.
`
`[50] Liang Wang, Kevin P. Dyer, Aditya Akella, Thomas Ristenpart, and Thomas Shrimpton. “Seeing through
`Network-Protocol Obfuscation”. In: ACM Conference on Computer and Communications Security. ACM,
`2015, pp. 57–69.
`
`[51] Bruce Schneier, Matthew Fredrikson, Thomas Ristenpart, and Tadayoshi Kohno. Surreptitiously Weakening
`Cryptographic Systems. Non-peer-reviewed survey. 2015.
`
`[52] Lucas Dixon, Thomas Ristenpart, and Thomas Shrimpton. “Network Traffic Obfuscation and Automated
`Internet Censorship”. In: IEEE Security & Privacy 14.6 (2016), pp. 43–53.
`
`[53] Yan Zhai, Lichao Yin, Jeffrey S. Chase, Thomas Ristenpart, and Michael M. Swift. “CQSTR: Securing Cross-
`Tenant Applications with Cloud Containers”. In: SoCC. ACM, 2016, pp. 223–236.
`
`[54] Joseph Jaeger, Thomas Ristenpart, and Qiang Tang. “Honey Encryption Beyond Message Recovery Security”.
`In: EUROCRYPT (1). Vol. 9665. Lecture Notes in Computer Science. Springer, 2016, pp. 758–788.
`
`[55] Rahul Chatterjee, Anish Athayle, Devdatta Akhawe, Ari Juels, and Thomas Ristenpart. “pASSWORD tYPOS
`and How to Correct Them Securely”. In: IEEE Symposium on Security and Privacy. IEEE Computer Society,
`2016, pp. 799–818.
`
`[56] Drew Davidson, Hao Wu, Robert Jellinek, Vikas Singh, and Thomas Ristenpart. “Controlling UAVs with
`Sensor Input Spoofing Attacks”. In: WOOT. USENIX Association, 2016.
`
`[57] Florian Tram`er, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. “Stealing Machine Learning
`Models via Prediction APIs”. In: USENIX Security Symposium. USENIX Association, 2016, pp. 601–618.
`
`[58] Paul Grubbs, Richard McPherson, Muhammad Naveed, Thomas Ristenpart, and Vitaly Shmatikov. “Breaking
`Web Applications Built On Top of Encrypted Data”. In: ACM Conference on Computer and Communications
`Security. ACM, 2016, pp. 1353–1364.
`
`[59] Jay Aikat, Aditya Akella, Jeffrey S. Chase, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Vyas Sekar, and
`Michael M. Swift. “Rethinking Security in the Era of Cloud Computing”. In: IEEE Security & Privacy 15.3
`(2017), pp. 60–69.
`
`[60] Diana Freed, Jackeline Palmer, Diana Elizabeth Minchala, Karen Levy, Thomas Ristenpart, and Nicola Dell.
`“Digital Technologies and Intimate Partner Violence: A Qualitative Analysis with Multiple Stakeholders”. In:
`PACMHCI 1.CSCW (2017), 46:1–46:22.
`
`[61] Paul Grubbs, Thomas Ristenpart, and Yuval Yarom. “Modifying an Enciphering Scheme After Deployment”.
`In: EUROCRYPT (2). Vol. 10211. Lecture Notes in Computer Science. 2017, pp. 499–527.
`
`[62] Paul Grubbs, Thomas Ristenpart, and Vitaly Shmatikov. “Why Your Encrypted Database Is Not Secure”.
`In: HotOS. ACM, 2017, pp. 162–168.
`
`[63] Liang Wang, Paul Grubbs, Jiahui Lu, Vincent Bindschaedler, David Cash, and Thomas Ristenpart. “Side-
`Channel Attacks on Shared Search Indexes”. In: IEEE Symposium on Security and Privacy. IEEE Computer
`Society, 2017, pp. 673–692.
`
`[64] Paul Grubbs, Kevin Sekniqi, Vincent Bindschaedler, Muhammad Naveed, and Thomas Ristenpart. “Leakage-
`Abuse Attacks against Order-Revealing Encryption”. In: IEEE Symposium on Security and Privacy. IEEE
`Computer Society, 2017, pp. 655–672.
`
`[65] Paul Grubbs, Jiahui Lu, and Thomas Ristenpart. “Message Franking via Committing Authenticated Encryp-
`tion”. In: CRYPTO (3). Vol. 10403. Lecture Notes in Computer Science. Springer, 2017, pp. 66–97.
`
`5
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 5
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`[66] Adam Everspaugh, Kenneth G. Paterson, Thomas Ristenpart, and Samuel Scott. “Key Rotation for Au-
`thenticated Encryption”. In: CRYPTO (3). Vol. 10403. Lecture Notes in Computer Science. Springer, 2017,
`pp. 98–129.
`
`[67] Joanne Woodage, Rahul Chatterjee, Yevgeniy Dodis, Ari Juels, and Thomas Ristenpart. “A New Distribution-
`Sensitive Secure Sketch and Popularity-Proportional Hashing”. In: CRYPTO (3). Vol. 10403. Lecture Notes
`in Computer Science. Springer, 2017, pp. 682–710.
`
`[68] Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, and Thomas Ristenpart. “The TypTop
`System: Personalized Typo-Tolerant Password Checking”. In: ACM Conference on Computer and Communi-
`cations Security. ACM, 2017, pp. 329–346.
`
`[69]
`
`Ivan Pustogarov, Thomas Ristenpart, and Vitaly Shmatikov. “Using Program Analysis to Synthesize Sensor
`Spoofing Attacks”. In: AsiaCCS. ACM, 2017, pp. 757–770.
`
`[70] Congzheng Song, Thomas Ristenpart, and Vitaly Shmatikov. “Machine Learning Models that Remember Too
`Much”. In: ACM Conference on Computer and Communications Security. ACM, 2017, pp. 587–601.
`
`[71] Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, and Michael M. Swift. “Peeking Behind the
`Curtains of Serverless Platforms”. In: USENIX Annual Technical Conference. USENIX Association, 2018,
`pp. 133–146.
`
`[72] Diana Freed, Jackeline Palmer, Diana Elizabeth Minchala, Karen Levy, Thomas Ristenpart, and Nicola Dell.
`“”A Stalker’s Paradise”: How Intimate Partner Abusers Exploit Technology”. In: CHI. ACM, 2018, p. 667.
`
`[73] Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy,
`Nicola Dell, Damon McCoy, and Thomas Ristenpart. “The Spyware Used in Intimate Partner Violence”. In:
`IEEE Symposium on Security and Privacy. IEEE Computer Society, 2018, pp. 441–458.
`
`[74] Yevgeniy Dodis, Paul Grubbs, Thomas Ristenpart, and Joanne Woodage. “Fast Message Franking: From
`Invisible Salamanders to Encryptment”. In: CRYPTO (1). Vol. 10991. Lecture Notes in Computer Science.
`Springer, 2018, pp. 155–186.
`
`[75] Vincent Bindschaedler, Paul Grubbs, David Cash, Thomas Ristenpart, and Vitaly Shmatikov. “The Tao of
`Inference in Privacy-Protected Databases”. In: PVLDB 11.11 (2018), pp. 1715–1728.
`
`[76] Liang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, and Abhi Shelat. “Blind Certificate Authori-
`ties”. In: IEEE Symposium on Security and Privacy. IEEE, 2019, pp. 1015–1032.
`
`[77] Bijeeta Pal, Tal Daniel, Rahul Chatterjee, and Thomas Ristenpart. “Beyond Credential Stuffing: Password
`Similarity Models Using Neural Networks”. In: IEEE Symposium on Security and Privacy. IEEE, 2019,
`pp. 417–434.
`
`[78] Sam Havron, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart. “Clinical
`Computer Security for Victims of Intimate Partner Violence”. In: USENIX Security Symposium. USENIX
`Association, 2019, pp. 105–122.
`
`[79] Nirvan Tyagi, Paul Grubbs, Julia Len, Ian Miers, and Thomas Ristenpart. “Asymmetric Message Franking:
`Content Moderation for Metadata-Private End-to-End Encryption”. In: CRYPTO (3). Vol. 11694. Lecture
`Notes in Computer Science. Springer, 2019, pp. 222–250.
`
`[80] Diana Freed, Sam Havron, Emily Tseng, Andrea Gallardo, Rahul Chatterjee, Thomas Ristenpart, and Nicola
`Dell. “”Is my phone hacked?” Analyzing Clinical Computer Security Interventions with Survivors of Intimate
`Partner Violence”. In: PACMHCI 3.CSCW (2019), 202:1–202:24.
`
`[81] Nirvan Tyagi, Ian Miers, and Thomas Ristenpart. “Traceback for End-to-End Encrypted Messaging”. In:
`CCS. ACM, 2019, pp. 413–430.
`
`[82] Lucy Li, Bijeeta Pal, Junade Ali, Nick Sullivan, Rahul Chatterjee, and Thomas Ristenpart. “Protocols for
`Checking Compromised Credentials”. In: CCS. ACM, 2019, pp. 1387–1403.
`
`[83] Yiqing Hua, Thomas Ristenpart, and Mor Naaman. “Towards Measuring Adversarial Twitter Interactions
`against Candidates in the US Midterm Elections”. In: ICWSM. 2020.
`
`[84] Yiqing Hua, Mor Naaman, and Thomas Ristenpart. “Characterizing Twitter Users Who Engage in Adversarial
`Interactions against Political Candidates”. In: ACM Conference on Human Factors in Computing Systems –
`CHI. 2020.
`
`[85] Kevin A Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ris-
`tenpart, and Acar Tamersoy. “The Many Kinds of Creepware Used for Interpersonal Attacks”. In: IEEE
`Symposium on Security and Privacy. 2020.
`
`6
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 6
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`[86] Paul Grubbs, Anurag Khandelwal, Marie-Sarah Lacharit´e, Lloyd Brown, Lucy Li, Rachit Agarwal, and
`Thomas Ristenpart. “Pancake: Frequency smoothing for encrypted data stores”. In: USENIX Security Sym-
`posium. 2020.
`
`[87] Emily Tseng, Rosanna Bellini, Nora McDonald, Matan Danos, Rachel Greenstadt, Damon McCoy, Nicola
`Dell, and Thomas Ristenpart. “The Tools and Tactics Used in Intimate Partner Surveillance: An Analysis of
`Online Infidelity Forums”. In: USENIX Security Symposium. 2020.
`
`[88] Rosanna Bellini, Emily Tseng, Nora McDonald, Rachel Greenstadt, Damon McCoy, Thomas Ristenpart, and
`Nicola Dell. ““So-called privacy breeds evil” Narrative Justifications for Intimate Partner Surveillance in
`Online Forums”. In: Proceedings of the ACM on Human-Computer Interaction, Issue CSCW (2020).
`
`[89] Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell,
`Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart,
`and Gianluca Stringhini. “SoK: Hate, Harassment, and the Changing Landscape of Online Abuse”. In: IEEE
`Symposium on Security and Privacy – Oakland. 2021.
`
`[90] Emily Tseng, Diana Freed, Kristen Engel, Thomas Ristenpart, and Nicola Dell. “A Digital Safety Dilemma:
`Analysis of Remote Computer-Mediated Computer Security Interventions During COVID-19”. In: ACM Con-
`ference on Human Factors in Computing Systems – CHI. 2021.
`
`[91] Julia Len, Paul Grubbs, and Thomas Ristenpart. “Partitioning Oracle Attacks”. In: USENIX Security Sym-
`posium. 2021.
`
`[92] Min Xu, Armin Namavari, David Cash, and Thomas Ristenpart. “Searching Encrypted Data with Size-Locked
`Indexes”. In: USENIX Security Symposium. 2021.
`
`[93] Yixin Zou, Allison McDonald, Julia Narakornpichit, Nicola Dell, Thomas Ristenpart, Kevin Roundy, Florian
`Schaub, and Acar Tamersoy. “The Role of Computer Security Customer Support in Helping Survivors of
`Intimate Partner Violence”. In: USENIX Security Symposium. 2021.
`
`[94] Emily Tseng, Mehrnaz Sabet, Rosanna Bellini, Harkiran Kaur Sodhi, Thomas Ristenpart, and Nicola Dell.
`“Care Infrastructures for Digital Security in Intimate Partner Violence”. In: ACM Conference on Human
`Factors in Computing Systems – CHI. 2022.
`
`[95] Janet X. Chen, Allison McDonald, Yixin Zou, Emily Tseng, Kevin A. Roundy, Acar Tamersoy, Florian Schaub,
`Thomas Ristenpart, and Nicola Dell. “Trauma-Informed Computing: Towards Safer Technology Experiences
`for All”. In: ACM Conference on Human Factors in Computing Systems – CHI. 2022.
`
`[96] Nirvan Tyagi, Sof´ıa Celi, Thomas Ristenpart, Nick Sullivan, Stefano Tessaro, and Christopher A. Wood. “A
`Fast and Simple Partially Oblivious PRF, with Applications”. In: Advances in Cryptology – Eurocrypt. 2022.
`
`[97] Nirvan Tyagi, Julia Len, Ian Miers, and Thomas Ristenpart. “Orca: Blocklisting in Sender-Anonymous Mes-
`saging”. In: USENIX Security Symposium. 2022.
`
`[98] Yiqing Hua, Armin Namavari, Kaishuo Cheng, Mor Naaman, and Thomas Ristenpart. “Increasing Adversarial
`Uncertainty to Scale Private Similarity Testing”. In: USENIX Security Symposium. 2022.
`
`[99] Bijeeta Pal, Mazharul Islam, Marina Sanusi, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher Wood,
`Thomas Ristenpart, and Rahul Chattejee. “Might I Get Pwned: A Second Generation Compromised Credential
`Checking Service”. In: USENIX Security Symposium. 2022.
`
`[100] Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael Swift, Thomas Ristenpart, and Rahul
`Chatterjee. “Gossamer: Securely Measuring Password-based Logins”. In: USENIX Security Symposium. 2022.
`
`[101] Yiqing Hua, Manoel Horta Ribeiro, Thomas Ristenpart, Robert West, and Mor Naaman. “Characterizing
`Alternative Monetization Strategies on YouTube”. In: Proceedings of the ACM on Human-Computer Inter-
`action, Issue CSCW (2022).
`
`Research Impact & Media Attention
`• Results from [1, 5, 10] used during NIST SHA-3 competition to analyze new cryptographic hash function
`standard
`
`7
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 7
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`• Adeona privacy-preserving device tracking software [7] covered by The New York Times, Technology Review,
`ABC News, and many others. Adeona downloaded >113,000 times since July 2008.
`• Mozilla, Google developers acknowledge security vulnerabilities found in [14]
`• Cloud computing attacks [12] featured in Technology Review, PC World, and others. European Network and
`Information Security Agency cites our work [12] in report on best practices for cloud computing security.
`Cross-VM cryptographic side-channel attack [26] led to discussions with industry vendors regarding impli-
`cations, and has been covered by Hackernews, Threatpost, Technology Review, DarkReading, and others.
`• Proposed standard FFX for encryption methods for credit cards, SSNs, healthcare records based on [11].
`Companies now deploy FFX widely to protect credit card data and other sensitive information. Algorithms
`for FPE and FTE with regular expression formats [31, 39] used by Skyhigh Networks for rapid deployment.
`• TLS vulnerability found in [17] acknowledged by standardizers
`• Point-of-sale vulnerabilities found in [22] acknowledged and fixed by Intuit and IDTech.1 Bugs found by
`our tool Fie [28] fixed by TI.
`• Format-transforming encryption [31] deployed with Tor, and currently being integrated into other censorship
`circumvention tools such as Lantern and uProxy. Our regular language tools for building FPE and FTE
`schemes used in industry [39].
`• Discussion of issues uncovered in [35] with Linux kernel developers and Microsoft security, vulnerabilities
`in Microsoft patched.
`• Honey encryption [34] reported on by Technology Review, Business Week, Slashdot, Boston Globe, and
`others.
`• Study on typo tolerance in password entry [55] spawned changes in production Dropbox password login
`system (added a caps lock indicator). Typo tolerance reported on by Technology Review, Threatpost,
`Slashdot, and others. TypTop [68] released as public, open source software (https://typtop.info/).
`• Results on machine learning model confidentiality [57] reported on by Quartz, Wired, Medium.com, ACM.org,
`The Register.
`• Collaboration between Cornell Tech (led primarily by Nicola Dell, with some help from me) and the New
`York City’s Office to Combat Domestic Violence lead to NYC Hope web portal (https://www1.nyc.gov/
`nychope/site/page/home).
`• Paper [73] led Google to restrict advertisements on google.com and the Google Play store for search terms
`related to intimate partner violence, as well as changes to Play store policy. This work was reported on by
`the New York Times, Le Monde, The Times, and more.
`• Recognized as Advocate of New York City in 2019 by the New York City Mayor’s Office to End Domestic
`and Gender Based Violence (ENDGBV) (formerly the Office to Combat Domestic Violence) for our work
`on clinical computer security [78, 80].
`• Paper [82] helped motivate changes to Google’s breached password checking service, integrated into Google
`Chrome. Paper [99] deployed as breach alerting service at Cloudflare.
`
`1https://security.intuit.com/index.php/home/alerts/95-security-update-for-gray-gopayment-card-reader
`
`8
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 8
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`Invited Talks (selected)
`• University of Illinois, Urbana Champaign, ITI Distinguished Lecture Series, Computer Security for
`Victims of Abuse, October 2019
`• Princeton University, Tech Privacy and Safety in Intimate Partner Violence, February 2018
`• Facebook, Tech Privacy and Safety in Intimate Partner Violence, October 2017
`• Google, Tech Privacy and Safety in Intimate Partner Violence, October 2017
`• University of Chicago, Making Password Checking Systems Better, November 2016
`• DIMACS Workshop on Cryptography and its Interactions: Learning Theory, Coding The-
`ory, and Data Structures, Stealing Machine Learning Models and Using Them to Violate Privacy, July
`2016
`• DIMACS/MACS Workshop on Cryptography for the RAM Model of Computation, Making
`Password Checking Systems Better, June 2016
`• Carnegie Mellon University, Making Password Systems Better, March 2016
`• Crypto for Big Data Workshop at Columbia University, Exploiting Leakage in Searchable En-
`cryption and Machine Learning, December 2015
`• EPFL, Model Inversion and other Threats in Machine Learning, September 2015
`• ETH Zurich, Honey Encryption: Security Beyond the Brute-force Bound, September 2015
`• Fast Software Encryption 2014, New Encryption Primitives for Uncertain Times, March 2014
`• DIMACS Workshop on Current Trends in Cryptography, Message-locked Encryption and Secure
`Deduplication, April 2013
`• Royal Holloway University of London, Message-locked Encryption and Secure Deduplication, April
`2013
`• Real World Cryptography, Message-locked Encryption and Secure Deduplication, January 2013
`• Microsoft Research, Practice-driven Cryptographic Theory, August 2012
`• Stanford University, Practice-driven Cryptographic Theory, June 2012
`• Qualcomm, Practice-driven Cryptographic Theory, June 2012
`• NSF Workshop for Security of Cloud Computing, New Problems in Security for Cloud Computing,
`February 2012
`• Isaac Newton Institute for Mathematical Sciences, Practice-driven Cryptographic Theory, Jan-
`uary 2012
`• Dagstuhl Workshop on Public-key Cryptography, Careful with Composition: Limitations of the
`Indifferentiability Framework, September 2011
`• Microsoft Research, Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol, June 2011
`
`9
`
`Zoom Video Commc’ns, Inc. - Ex. 1004, Page 9
`Zoom Video Commc’ns, Inc. v. Cyph, Inc. (IPR2023-00140)
`
`

`

`• Microsoft Research, Careful with Composition: Limitations of the Indifferentiability Framework, June
`2011
`• VMWare, Virtual Security: Data Leakage in Third-Party Clouds and VM Reset Vulnerabilities, September
`2010
`• U. of Washington, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party
`Clouds, November 2009
`• U. of Washington,Virtual Machine Reset Vulnerabilities and Hedged Cryptography, November 2009
`• Microsoft Research, Virtual Security: Data Leakage in Third-Party Clouds and VM Reset Vulnerabil-
`ities, November 2009
`• Dagstuhl Workshop on Symmetric Cryptography, Salvaging Merkle-Damg˚ard for Practical Appli-
`cations, January 2009
`• Lorentz Center Workshop on Hash Functions, Design Paradigms for Building Multi-Property Hash
`Functions, June 2008
`• Ecole Polytechnique F´ed´erale de Lausanne, Privacy-Preserving Location Tracking of Lost or Stolen
`Devices, May 2008
`• Echternach Symmetric Cryptography Seminar, Design Paradigms for Building Multi-Property Hash
`Functions, January 2008
`• Microsoft Research, New Approaches f