So You're Starting a PhD?
Mike Rosulek
School of EECS
Oregon State University

Congratulations on beginning your PhD! What are you going to do now? This page contains some (hopefully) helpful information about getting started out on the right track. I have curated my thoughts on this page for my own selfish purposes, so some of the material is very specific to my research interests (computer science → security → cryptography → multiparty computation).

Table of contents

What is a PhD?

In short, a PhD is is a journey to the frontier of human knowledge, where you expand the frontier by a tiny bit with a new contribution. Read this (very short) illustrated guide to a PhD by Matt Might for a good mental picture.

Foundational skills of research

One of the things that makes a PhD difficult is that research requires skills that your undergraduate education has probably not equipped you with.

During your PhD you should plan to actively develop these skills (not just as side-effects of whatever you happen to be doing).

What is research like?

My advisor Michael Loui always described research to me as "a manic-depressive activity." The highs are high and the lows are low. The transition from high to low can be instantaneous ([dancing up and down the hall] "holy shit, I finally did it!" ... [5 minutes later] "wait a second, but what about ..."). But did I mention, the highs are high?

You can expect to feel stupid all the time. If you're not feeling stupid, then you're not learning anything new. Read The importance of stupidity in scientific research by Martin A Schwartz.

Science makes me feel stupid too. It's just that I've gotten used to it. So used to it, in fact, that I actively seek out new opportunities to feel stupid. I wouldn't know what to do without that feeling. I even think it's supposed to be this way.

You can expect to feel like you are always banging your head against a figurative wall. Have more than one wall, and be persistent. Read Jeff Erickson's advice on how to deal with discouragement:

Eventually, you'll move from hoping that you'll be able to knock down a wall with your head someday, to being surprised at how often the walls you hit with your head actually fall, to finally believing that you really can knock down walls with your head sometimes.

Related reading

Advising relationship

Conceptual framework

In their paper A Developmental Model of Research Mentoring, Revelo & Loui discuss different conceptual models for the advisor-student relationship. These models are an extremely helpful way to think about the role of advisor and student.

The mentoring relationship should naturally evolve as the student develops in maturity. This paper presents a sequence of 4 different relationship archetypes, which should be traversed in this order:

  1. Novice & Director:
    ... the mentor is directive in setting expectations, goals, and objectives for the student. The mentor may assign specific tasks such as reading previous research articles and learning to operate laboratory equipment ... the student is unable to advance the research project without direction from the mentor. Stage 1 may be short in some mentoring relationships.
  2. Apprentice & Master:
    the mentor still holds the primary responsibility for progress in the research project, but the student may start to make progress independently ... the student should be more knowledgeable about the research project than in stage 1 ... the student should move beyond reproducing results to connecting results and knowledge to a bigger research picture ... the student starts focusing on the "why" of the research project in addition to the "what."
  3. Collaborator & Guide:
    the student contributes new ideas to the research project and gains an increasing sense of independence ... the mentor and student share responsibility for advancing the research project; the student may take ownership of some aspects of the project ... the student is motivated to advance the project with the mentor’s guidance.
  4. Colleague & Consultant:
    the student has the primary responsibility and the mentor serves as a consultant ... The student is now a colleague to the mentor ... the student is able to make progress on the research project independently ... the student may initiate new directions for the research ... the role of the mentor is to serve as a consultant to the student by providing advice when asked. [my emphasis added]

Many conflicts between the advisor & student can be understood in terms of a mismatch of levels, and a mismatch can happen in either direction. A "Novice" (stage 1) or "Apprentice" (stage 2) student will feel totally abandoned by a "Consultant" (stage 4) advisor, while the advisor in this situation will become frustrated with the student's apparent lack of progress. A "Collaborator" (stage 3) student will feel stifled and micromanaged by a "Director" (stage 1) advisor.

Roles & Responsibilities

What follows below is a partial list of some expectations of the advisor and student during graduate school. They can be summarized as "act like decent adults."

Advisor roles:

Student roles:

Related Reading

What to do now

Build foundational knowledge in crypto/MPC

Here are some things that you should know by the end of your first year of grad school, in order to do research in my area of secure multi-party computation. Aim for more than just a superficial understanding of these concepts. This list was inspired by a similar list from the Bristol cryptography group.


Computational Complexity:

Information theory / probability:

Crypto basics:

Number theory / algebra:


Some good resources for learning about the basic cryptographic concepts are:

However, the things you need to know in your first year go beyond typical classroom material, and take you into the research literature. So you'll have to get better at ...

Reading papers

Almost all papers in our field are posted for free at the ePrint archive. You can even subscribe to email alerts whenever new articles are posted, or receive them in a daily/weekly batch. (When the time comes, you can also use the same mechanism to subscribe to alerts about postdoc/job opportunities.)

Here's what I do when I have to learn about some result from the literature. If it's a fundamental one then I first try to find lecture notes that present the material (i.e., use "lecture notes" in my search terms). Otherwise, I try to find a video of the conference presentation. Only after this do I attempt to read the paper. Lecture notes and videos will prepare you to read and appreciate the details that are contained in the paper. Videos of recent IACR conferences are on Youtube.

To get up to speed on MPC specifically, I have some more concrete recommendations:

Improve your writing skills

I feel very strongly about the importance of writing. "Good writing" may be subjective when writing a novel for all I know, but for technical communication there are very clear "best practices" that you (yes, even you) can learn and use.

I encourage you to set aside some time and watch this video on writing by Steven Pinker. He lays out the basic principles of clear writing, with many positive and negative examples. It should convince you that it is possible to articulate why a certain piece of writing is effective or not. That ability already gets you over halfway to being a great writer. For more details and constructive advice, you should then read either Pinker's book or Style: Lessons in Clarity and Grace by Williams & Colomb.

You don't have to wait until you're churning out conference papers to work on writing. You can practice writing now:

Distilling a difficult concept into its core ideas, finding a good representative running example of a concept... these are the same skills you need to make a good presentation. Embrace the challenge of finding the best way to express every idea!

Related Reading

Unsolicited advice

Impostor Syndrome

Every student should know about impostor syndrome, the feeling that everyone around you absolutely has their shit together while you are only pretending to know what you're doing, and by the way your life will come crumbling down in shame when they finally discover how you incompetent you really are. The most important thing to know about impostor syndrome is that it is incredibly common in grad school (I certainly was a textbook case). Just knowing that fact can be comforting.

SMBC comics, by Zach Weinersmith

I don't think my advice for dealing with impostor syndrome is terribly useful (like saying "don't fall off" for advice on how to do a tightrope walk), and it might say more about my neuroses than yours, but here it is anyway:

Now that you know the term "impostor syndrome," you can feel empowered to find lots of information and support, and more constructive advice than what I just offered. We are lucky to live in a time where there is open discussion about impostor syndrome, especially in the academic community.

Think about the context of your work

While you are developing an incredibly narrow focus on some small aspect of cryptography, choose to also have a well-rounded foundation in security more generally. Most people have never heard of cryptography. When you meet new people, you will probably introduce yourself as a student of computer security. They'll ask what you think of the latest high-profile data breach, or hacking of election machines, or government surveillance. People will consider you an expert on all of these things (and despite your academic honesty about your narrow expertise, you probably are the closest they will get to a "real" expert in these things), so try to have an informed opinion! Learn about systems security, network security, physical security. Learn how to pick locks. Participate in capture-the-flag contests. Remember that not every security problem has a crypto solution. Not every security problem has a technological solution!

(I'm beginning to think that only the easy problems have a technological solution.)

Security is important. It has societal impact and therefore a moral dimension. Choose to be one of the "good guys", and not one of the adversaries. Read The Moral Character of Cryptographic Work by Phil Rogaway. This issue runs deeper than you might guess.

Develop a relationship with both theory & practice that you are comfortable with, and don't take either for granted. Accept and embrace your work as it truly is, without being apologetic. Don't try to market theory as practice, or vice-versa. Watch the first half of Mihir Bellare's distinguished lecture on theory vs practice in cryptography.

Being kind

Here's some good advice I first saw in this tweet:
We're all smart here. Distinguish yourself by being kind.

Being productive

Grad school involves a lot of time spent as a self-directed, independent researcher. Many students (and professors) struggle to be productive working on open-ended problems with only very long-term, vague external motivations (publish a paper, get a PhD, get tenure).

I have spent (wasted) lots of brain cycles thinking about productivity. My success has been mixed, but I can at least say that I've learned something about productivity and have even seen personal improvements. I can't prescribe exactly what things will help you be more productive, but I can share some good general principles that I have found useful.

Other links:

Some tools that I've found particularly valuable: