Christopher Patton
![]() |
I work on applied cryptography at Cloudflare Research.
I finished my PhD in 2020 under Tom Shrimpton at the University of Florida. I began my crypto education with Phil Rogaway at the University of California, Davis, where I earned my master's and bachelor's. I interned on the Crypto team at Cloudflare (SF) during the summer of 2018. I've done two internships at Google, the first on the Cloud Security team (KIR, 2015) and the second on the Chrome Protector team (MON, 2016).
Papers
- Quantifying the security cost of migrating protocols to practice (ia.cr/2020/573). C. Patton, and T. Shrimpton. Crypto 2020.
- Probabilistic data structures in adversarial environments. D. Clayton, C. Patton, and T. Shrimpton. CCS 2019.
- Security in the presence of key reuse: Context-separable interfaces and their applications (ia.cr/2019/519). C. Patton, and T. Shrimpton. Crypto 2019.
- A hybrid approach to secure function evaluation using SGX. J. Choi, D. Tian, G. Hernandez, C. Patton, B. Mood, T. Shrimpton, K. Butler, and P. Traynor. AsiaCCS 2019.
- Digital healthcare-associated infection: A case study on the security of a major multi-campus hospital system. L. Vargas, L. Blue, V. Frost, C. Patton, N. Scaife, K. Butler, and P. Traynor. NDSS 2019.
- Partially specified channels: The TLS 1.3 record layer without elision (ia.cr/2018/634). C. Patton, and T. Shrimpton. CCS 2018.
- Hedging public-key encryption in the real world (ia.cr/2017/510). A. Boldyreva, C. Patton, and T. Shrimpton. Crypto 2017.
Code
- Delegated credentials for TLS (boringSSL server / NSS client). A protocol extension (draft-ietf-tls-subcerts) that allows a TLS operator to delegate credentials for terminating connections on its behalf.
- Roughtime (roughtime). A simple protocol for synchronizing clocks with enough accuracy for common cryptographic applications. I deployed the server on Cloudflare's infrastructure during my internship.
- Oblivious Go maps (store). A wacky idea for password management.
- Online AES-GCM (sgcm). Improvements to Go's implementation of AES-GCM.
- AEZ (aez). An implementation of the AEZv3 robust authenticated encryption scheme.