This website is no longer updated.

As of 1.10.2022, the Faculty of Physics has been merged into the TUM School of Natural Sciences with the website For more information read Conversion of Websites.

de | en


Module IN2197

This Module is offered by TUM Department of Informatics.

This module handbook serves to describe contents, learning outcome, methods and examination type as well as linking to current dates for courses and module examination in the respective sections.

Module version of WS 2011/2

There are historic module descriptions of this module. A module description is valid until replaced by a newer one.

Whether the module’s courses are offered during a specific semester is listed in the section Courses, Learning and Teaching Methods and Literature below.

available module versions
SS 2017SS 2012WS 2011/2

Basic Information

IN2197 is a semester module in German or English language at Bachelor’s level and Master’s level which is offered in winter semester.

This module description is valid to SS 2022.

Total workloadContact hoursCredits (ECTS)
150 h 60 h 5 CP

Content, Learning Outcome and Preconditions


- Theoretical foundations:
++ Definitions of security: perfect secrecy, computational security (IND-CPA,IND-CCA,IND-CC2), semantic security
++ Cryptographic primitives and pseudorandomness: pseudorandomnumbergenerators (PRG), -functions (PRF) and -permutations (PRP), one-way functions (OWF) and -permutations (OWP) (with trapdoor (TDP)), cryptographic hashfunktions, tweakable blockciphers (TBC)
++ Basics of group- and number theory, and elliptic curves
- Symmetric cryptography:
++ Blockcipher: AES, DES
++ Construction of encryption schemes using blockciphers: rOFB, rCTR, rCBC, OCB
++ Construction of message-authentication-codes: CBC-MAC, NMAC, HMAC
- Asymmetric cryptography:
++ The RSA-problem and derived encryption and signature schemes: RSA-OAEP, RSA-FDH, RSA-PSS
++ The discrete logarithm and derived schemes: Diffie-Hellman protocol, El Gamal, DH-KEM, DSA

Learning Outcome

After completing the module students are able to
- remember the basic primitives used in symmetric and asymmetric cryptography, and
- understand their theoretical foundations,
- analyse cryptographic schemes derived from these primitives,
- understand the basic definitions of security.


IN0011 Introduction to Theory of Computation, IN0015 Discrete Structures, IN0018 Discrete Probability Theory

Courses, Learning and Teaching Methods and Literature

Courses and Schedule

Learning and Teaching Methods

The module consists of a lecture and a tutorial. In the lecture the content of the module is presented and the participants are motivated to reflect on the topics using the provided references. In the tutorial concrete problems and examples are discussed and solved, where applicable, in team work.


Slides and blackboard


- Introduction to modern cryptography, J. Katz, Y. Lindell, Chapman&Hall/CRC, 2007
- Lecture Notes on Cryptography, S. Goldwasser, M. Bellare, online version
- Einführung in die Kryptographie, Johannes Buchmann, Springer Verlag, 4. erweitere Auflage, 2007
- Elliptic Curves: Number Theory and Cryptography, Lawrence C. Washington, Chapman&Hall/CRC, 2nd edition, 2003
- Handbook of Applied Cryptography, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press, 1996

Module Exam

Description of exams and course work

The assessment takes the form of a written exam of 90 minutes.
The exercises of the exam test if the examinee has acquired a subset of the skills in the following list.

List of skills: The student
- understands the needs for (pseudo)randomization in cryptography, and the difference between randomness and pseudorandomness;
- can explain the definition of secure cryptographic scheme under different kinds of attacks, and the definitions of the most important cryptographic primitives;
- can explain the assumptions underlying public-key cryptography;
- can apply the definitions to decide if a simple cryptographic scheme is secure or not;
- can describe basic cryptographic schemes and constructions (i.a. rCTR, NMAC, CBC-MAC, ENC-THEN-MAC, OAEP, FDH, PSS, DH, Elgamal, hybrid encryption);
- can construct provably-secure cryptographic schemes based on these constructions and primitives;
- can explain the advantages and disadvantages of private-key and public-key cryptography;
- can describe and apply the algebraic and number theoretic results underlying RSA- and DLP-based cryptography, spefically properties of finite commutative groups, distribution of primes, and generation of pseudorandom primes;
- can compute in the algebraic structures underlying RSA- and DLP-based cryptographic primitives;
- can explain the basic advantages and disadvantages of elliptic curves in DLP-based cryptography.

Exam Repetition

The exam may be repeated at the end of the semester.

Top of page