Cryptography

- Theoretical foundations:
++ Definitions of security: perfect secrecy, computational security (IND-CPA,IND-CCA,IND-CC2), semantic security
++ Cryptographic primitives and pseudorandomness: pseudorandomnumbergenerators (PRG), -functions (PRF) and -permutations (PRP), one-way functions (OWF) and -permutations (OWP) (with trapdoor (TDP)), cryptographic hashfunktions, tweakable blockciphers (TBC)
++ Basics of group- and number theory, and elliptic curves
- Symmetric cryptography:
++ Blockcipher: AES, DES
++ Construction of encryption schemes using blockciphers: rOFB, rCTR, rCBC, OCB
++ Construction of message-authentication-codes: CBC-MAC, NMAC, HMAC
- Asymmetric cryptography:
++ The RSA-problem and derived encryption and signature schemes: RSA-OAEP, RSA-FDH, RSA-PSS
++ The discrete logarithm and derived schemes: Diffie-Hellman protocol, El Gamal, DH-KEM, DSA

After completing the module students are able to
- remember the basic primitives used in symmetric and asymmetric cryptography, and
- understand their theoretical foundations,
- analyse cryptographic schemes derived from these primitives,
- understand the basic definitions of security.

IN0011 Introduction to Theory of Computation, IN0015 Discrete Structures, IN0018 Discrete Probability Theory

The module consists of a lecture and a tutorial. In the lecture the content of the module is presented and the participants are motivated to reflect on the topics using the provided references. In the tutorial concrete problems and examples are discussed and solved, where applicable, in team work.

Slides and blackboard

- Introduction to modern cryptography, J. Katz, Y. Lindell, Chapman&Hall/CRC, 2007
- Lecture Notes on Cryptography, S. Goldwasser, M. Bellare, online version
- Einführung in die Kryptographie, Johannes Buchmann, Springer Verlag, 4. erweitere Auflage, 2007
- Elliptic Curves: Number Theory and Cryptography, Lawrence C. Washington, Chapman&Hall/CRC, 2nd edition, 2003
- Handbook of Applied Cryptography, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press, 1996

The assessment takes the form of a written exam of 90 minutes.
The exercises of the exam test if the examinee has acquired a subset of the skills in the following list.

List of skills: The student
- understands the needs for (pseudo)randomization in cryptography, and the difference between randomness and pseudorandomness;
- can explain the definition of secure cryptographic scheme under different kinds of attacks, and the definitions of the most important cryptographic primitives;
- can explain the assumptions underlying public-key cryptography;
- can apply the definitions to decide if a simple cryptographic scheme is secure or not;
- can describe basic cryptographic schemes and constructions (i.a. rCTR, NMAC, CBC-MAC, ENC-THEN-MAC, OAEP, FDH, PSS, DH, Elgamal, hybrid encryption);
- can construct provably-secure cryptographic schemes based on these constructions and primitives;
- can explain the advantages and disadvantages of private-key and public-key cryptography;
- can describe and apply the algebraic and number theoretic results underlying RSA- and DLP-based cryptography, spefically properties of finite commutative groups, distribution of primes, and generation of pseudorandom primes;
- can compute in the algebraic structures underlying RSA- and DLP-based cryptographic primitives;
- can explain the basic advantages and disadvantages of elliptic curves in DLP-based cryptography.