• March 5. The exam and solution can be found in the Examination page.
  • January 9. The exam review will take place on Friday the 16th at 10:00-11:00 in room 5128.
  • December 18. A video for Lecture 12 is uploaded.
  • December 18. The slides for Lectures 13 and Lecture 14 are updated.
  • December 15. Last date to submit assignments is the 9th of January 2018 at midnight.
  • December 14. The slides for Lecture 14 are online.
  • December 10. The slides for Lecture 13 are online.
  • December 9. A short video for Lecture 9 has been uploaded
  • December 8. The slides for Lectures 12 are updated.
  • December 7. The slides for Lecture 12 are online.
  • December 5. Partecipate anonymously to the poll for the recap exercise session here (live results)
  • December 5. An updated version of the slides for the Lecture 11 is uploaded.
  • December 4. The slides for Lecture 11 are online.
  • December 1. The slides for Lectures 9 and 10 are updated.
  • November 30. The slides for Lecture 10 are uploaded.
  • November 28. An updated version of the slides for Lecture 9 is uploaded.
  • November 27. The slides for Lecture 9 are uploaded.
  • November 27. Two short videos related to Lectures 7 and 8 have been uploaded.
  • November 24. An updated version of the slides for Lecture 8 is uploaded.
  • November 23. The slides for Lecture 8 are uploaded.
  • November 21. An updated version of the slides for Lecture 7 is uploaded.
  • November 20. The slides for Lecture 7 are uploaded.
  • November 20. The slides for Lecture 6 are uploaded.
  • November 14. An updated version of the slides for Lecture 5 is uploaded.
  • November 14. Two short videos for Lecture 4 and Lecture 5 are uploaded.
  • November 14. The lecture on Friday 17th of Nov. is postponed to Tuesday the 21st of Nov. (08:00-10:00 in room KC) due to the EU- Motet that will cause disruptions in public transport and traffic.
  • November 14. Lecture 6 will take place on Tuesday the 21st of Nov. at 08:00-10:00 (room KC) and Lecture 7 will take place on Tuesday the 21st of Nov at 10:00-12:00 (room HA3).
  • November 14. The 3rd exercise session will be given on Friday the 24th of Nov. at 08:00-10:00 (room HA3) before the lecture that takes place at 10:00-12:00 (24/11 in room HA3).
  • November 13. The slides for Lecture 5 are online.
  • November 10. An updated version of the slides for Lecture 4 is uploaded.
  • November 8. The slides for Lecture 4 are online.
  • November 8. In order to avoid delayed reply, use emails to ask questions about the assignments. To submit your work, use the Fire system.
  • November 7. The GPG fingerprint in the first Assignment is updated and it is now correct.
  • November 7. An updated version of the slides for Lecture 3 is uploaded.
  • November 7. The first Assignment is online.
  • November 5. A short video for Lecture 2 is uploaded.
  • November 3. An updated version of the slides for Lecture 2 is uploaded.
  • November 2. The slides for Lecture 2 are online.
  • November 1. An updated version of the slides and a short video for the first Lecture is uploaded.
  • October 26. The exam date is already announced and it is on the 12th of January 2018. Last day to sign up for the exam is on the 20th of Dec. 2017
  • October 26. Welcome to the Cryptography course (TDA 352 - DIT 250) website.
  • October 4. The first Lecture will be on the 31st of October at 10:00 in the room KA.
  • October 4. First version of web site for autumn 2017.


Lectures are on Tuesdays 10:00 - 12:00 and on Fridays 10:00 - 12:00. See the schedule for details.

Lecture # Week # Date (mmdd) Room Topic (slides) Stallings Katz-Lindell
1 1 1031 KA Introduction - Historical Cipher ; Introduction Video 1.1, 2.1 - 2.4 1.1 - 1.3
2 1 1103 HA3 OTP, semantically security, stream cipher, PRG ; Semantic Security Video 2.1, 2.2, 7.1 1.4, 2, 3.3.1
3 2 1107 KA PRG/PRF/PRP, Block cipher (DES/AES/CBC) 3.1 - 3.5, 5.2 - 5.6, 7.1, 6.2, 6.3 6.2, 3.5.1, 3.6.2
4 2 1111 HA3 Block Cipher and their security, intro Pub. Key Crypto ; Security of ECB Video 8.1, 9.1, 9.2, 14.5 3.4.2, 10.4, 8.1.1, 8.1.2, 11.1, 11.2.0, 11.5.1, 12.1
5 3 1114 KA PKCryptography, PKEncryption, Signatures (RSA, EEA, modular inverses, Primality Test) ; EEA Video 4.1 - 4.3, 8.1, 8.3, 9.1 - 9.2 4.1.1 - 4.1.2, 8.2.2, 11.5.1, 11.2, B.1 - B.2
6 3 1121 : 0800 - 1000 KC Number Theory and Group Theory for Public-Key Cryptography 2.5, 2.7, 4.4, 5.1, 8.1 - 8.3, 8.5, 9.2 7.1.1, 7.1.3, 7.1.4, 7.2
7 4 1121 HA3 RSA, ElGamal, Security (DLog) + Intro Protocols ; El Gamal Homomorphism Video 8.5, 10.2 8.3.1, 8.3.2, 9.0, 11.4.1
8 4 1124 HA3 DH, KeyExchange, Identification protocols (Fiat-Shamir), Zero Knowledge ; Diffie-Hellman Protocol Video 10.1 10.1
9 5 1128 HA3 Secure MultiParty Computation, Secret Sharing ; SMPC Addition Video
10 5 1201 HA3 Recap Zero Knowledge (Schnorr Protocol), Secret Sharing ; ZK & Schnorr Protocol Video 10.1 10.3
11 6 1205 HA3 Hash function, Birthday Paradox, One Way 11.1, 11.3, 11.4, 13.1, 13.6 4.1, 5.1, 5.4.2, 12.1, 12.2, 12.4
12 6 1208 HA3 Data integrity / Authentication Digital Signatures, MACs ; MAC security Video 11.3, 11.5, 12.1-12.4, 13.2 4.2, 4.3, 5.3, 5.4
13 7 1212 HA3 Course Recap (quizzes, old exams) ; Recap & Farewell Video
14 7 1215 HB2 Crypto Fun: Relay attacks and Cryptocurrencies (Bitcoin)


Course responsible, lectures, exam responsible

Katerina Mitrokotsa
Phone: +46 31 772 1040
Email: aikmitr "at"
Office: Room 5111A, floor 5 in the EDIT building.
Office hours: Wednesday 1400 - 1600

Tutors (home assignments, laborations and exercise sessions)

Carlo Brunetta
Email: brunetta "at"
Office: Room 5125, EDIT building.
Office hours: Friday 1400-1500.
Wissam Aoudi
Email: wissam.aoudi "at"
Office: Room 5121A, EDIT building.
Office hours: Tuesday 1400-1500.
Georgia Tsaloli
Email: tsaloli "at"
Office: Room 4103, EDIT building.
Office hours: Thursday 1400-1500.
Christos Profentzas
Email: chrpro "at"
Office: Room 4103, EDIT building.
Office hours: Friday 1500-1600.

Student representatives

Seyed Reza Esmaeili
Email: seyedr "at"
Karl Kangur
Email: karlkan "at"
Antoine Lepers
Email: guslepan "at"
Oleksii Prykhodko
Email: olepry "at"
Benedikt Sigurleifsson
Email: bensig "at"


Cryptography is becoming increasingly important to enhance security in connection with data storage and communication and various kinds of electronic transactions. This course aims to give students

  • an overview of basic cryptographic concepts and methods
  • a good knowledge of some commonly used cryptographic primitives and protocols
  • a sound understanding of theory and implementation, as well as limitations and vulnerabilities
  • an appreciation of the engineering difficulties involved in employing cryptographic tools to build secure systems

Course content

Classical cryptosystems

We will cover only a small selection of classical (paper-and-pencil) cryptosystems, including substitution and transposition (permutation) ciphers as Vigènere. You should know how these work and how to cryptanalyse them. Among tools here you should know how to make use of mono-, bi- and n-gram frequencies, the Kasiski test and coincidence index.

You should also know the principles behind rotor machines such as Enigma and have an understanding of the importance of these machines and their cryptanalysis during World War II.

This material is covered in Chapter 2 of the course book. There is also a large number of web sites devoted to these topics, easily found by Google search.

Block ciphers

We discuss SP networks and Feistel networks as general constructions for block ciphers and examplify concrete constructions with DES and AES/Rijndael. We also discuss modes of operation, including at least ECB, CBC and CTR mode and how to combine encryption and MAC authentication. Finally, we discuss key management for symmetric encryption. Book references: chapters 3, 5 and 6. MAC's are covered in chapter 12.

Public-Key Cryptography

We will discuss the basic ideas of public-key cryptography as based on one-way functions with trapdoors. Then we will discuss ElGamal and RSA encryption/decryption in detail, on the way reviewing necessary number theory, (modular arithmetic, Chinese remainder theorem). Hash functions, in particular iterative constructions such as MD5 and SHA-1 and their properties are discussed before we turn to use of RSA for digital signatures. Diffie-Hellman key exchange and the discrete logarithm problem is covered. We will also discuss prime number generation, in particular the Rabin-Miller test.

A brief overview on algorithms for factoring and discrete logs is included to give an understanding of how recommended key lengths are chosen. The analysis of algorithms for discrete logs will also suggest the use of other cyclic groups than (subgroups of) Zp for cryptographic purposes. We will introduce elliptic curves as an important example.

This is covered in chapters 9, 10 and 13 of the course book.

Stream ciphers

In this brief part we discuss Linear Feedback Shift Registers as a way of implementing stream ciphers and analyze their properties and give some examples. We also discuss RC4. Stream ciphers are discussed in chapter 7, but LFSR's are not mentioned.

Cryptographic Protocols

Cryptographic primitives need to be embedded in protocols in order to provide useful services. We will discuss a number of such services as examples; in particular protocols for key management and identification. We will also discuss some examples of broken protocols. Book reference: chapters 14 and 15.

Information theory

We will briefly discuss probabilistic models of encryption and Shannon's notion of perfect security. We discuss Shannon's bound on key length for perfect security and show that the one-time pad achieves this. We introduce the notion of entropy and redundancy of a language and show how the redundancy of the plaintext language affects the amount of ciphertext that is needed for unique decryption.

This material is not covered in the course book.