I work on applied cryptography at Cloudflare Research. Most of my work also takes place in the IETF: I contributed to the design of the Encrypted Client Hello extension for TLS; I participate in the CFRG research group; and I'm leading a significant amount of work in the PPM working group, which aims to bring MPC to bear on user measurement.
I finished my PhD in 2020 under Tom Shrimpton at the University of Florida. My thesis focused on bridging the gap between the proven security of cryptographic protocols and their security in the real world. I began my crypto education with Phil Rogaway at the University of California, Davis, where I earned my master's and bachelor's. I interned on the Crypto team at Cloudflare (SF) during the summer of 2018. I've done two internships at Google, the first on the Cloud Security team (KIR, 2015) and the second on the Chrome Protector team (MON, 2016).
- Verifiable Distributed Aggregation Functions (ia.cr/2023/130). H. Davis, C. Patton, M. Rosulek, and P. Schoppmann. PETS 2023.
- SMS OTP Security (SOS): Hardening SMS-Based Two Factor Authentication (10.1145/3488932). C. Peeters, C. Patton, I. Munyaka, D. Olszewski, T. Shrimpton, and P. Traynor. AsiaCCS 2022.
- Quantifying the security cost of migrating protocols to practice (ia.cr/2020/573). C. Patton and T. Shrimpton. Crypto 2020.
- Probabilistic data structures in adversarial environments. D. Clayton, C. Patton, and T. Shrimpton. CCS 2019.
- Security in the presence of key reuse: Context-separable interfaces and their applications (ia.cr/2019/519). C. Patton and T. Shrimpton. Crypto 2019.
- A hybrid approach to secure function evaluation using SGX. J. Choi, D. Tian, G. Hernandez, C. Patton, B. Mood, T. Shrimpton, K. Butler, and P. Traynor. AsiaCCS 2019.
- Digital healthcare-associated infection: A case study on the security of a major multi-campus hospital system. L. Vargas, L. Blue, V. Frost, C. Patton, N. Scaife, K. Butler, and P. Traynor. NDSS 2019.
- Partially specified channels: The TLS 1.3 record layer without elision (ia.cr/2018/634). C. Patton and T. Shrimpton. CCS 2018.
- Hedging public-key encryption in the real world (ia.cr/2017/510). A. Boldyreva, C. Patton, and T. Shrimpton. Crypto 2017.
- Verifiable Distributed Aggregation Functions (draft-irtf-cfrg-vdaf). R. Barnes, D. Cook, C. Patton, and P. Schoppmann.
- Distributed Aggregation Protocol for Privacy Preserving Measurement (draft-ietf-ppm-dap). T. Geoghegan, C. Patton, E. Rescorla, and C. Wood.
- VDAF (prio). Rust implementations of the Verifiable Distributed Aggregation Functions specification. While I am not the maintainer of this crate, I have contributed a ton of code, including the FLP implementation.
- DAP (daphne). Rust implementation of the Distributed Aggregation Protocol specification, targeting the Cloudflare Workers platform. Still a work-in-progress.
- TLS Encrypted Client Hello (cloudflare/go). Cloudflare Research maintains a fork of the Go standard library in order to facilitate experiments. I contributed a significant amount of code to this library, including its implementation of the Encrypted Client Hello extension for TLS (draft-ietf-tls-esni).
- Delegated credentials for TLS (boringSSL server / NSS client). A protocol extension (RFC9345) that allows a TLS operator to delegate credentials for terminating connections on its behalf.
- Roughtime (roughtime). A simple protocol for synchronizing clocks with enough accuracy for common cryptographic applications. I deployed the server on Cloudflare's infrastructure during my internship.
- Standardizing MPC for Privacy-preserving Measurement (RWC 2022). Available on YouTube. Please forgive the terrible recording. There was an AV issue during our session, the result of which is that only the Zoom recording survived.
- Quantifying the Security Cost of Migrating Protocols to Practice (Crypto 2020). Available on YouTube, prerecorded.
- Interpretation of Provable Security for Cryptographic Practice (PhD defense, delivered via Zoom). Available on YouTube.
- Partially specified channels (CCS 2018). Available on YouTube.
- Hedging public-key encryption in the real world (Crypto 2017). Available on YouTube.