- 2010-09-01: the re-exam will take place on Friday, October 15, 10:00 am, in Lecture Hall 001, building E1 3.
- 2010-07-21: seating plan for the final exam is available.
- 2010-05-31: seating plan for the midterm exam is available.
- 2010-04-16: tutorials are assigned, registration is closed.
- 2010-03-31: time tables for lectures and tutorials are online.
- 2010-02-14: registration is open. Please register until Friday, 16th.
- 2009-12-09: the website is online.
DescriptionThis course is an introduction to Modern Cryptography. It will introduce cryptography from scratch, i.e., no previous knowledge in cryptography or computer security is required. The list of topics comprises:
- Information-theoretic security and the One-time Pad
- Symmetric encryption, stream ciphers, block ciphers, Data Encryption Standard (DES), Advanced Encryption Standard (AES)
- Asymmetric encryption, cryptosystems based on RSA and on the discrete logarithm problem, Cramer-Shoup encryption
- Digital signature schemes
- Cryptographic hash functions
- Selected cryptographic protocols and their security
- Crypto in the "real world"
- Basic concepts of advanced cryptographic primitives and current research topics: Bit commitment, zero-knowledge proofs, simulatability, linking formal verification and cryptography
- Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography. Chapman & Hall/Crc, 2008
- Douglas R. Stinson: Cryptography: Theory and Practice. CRC Press, 2005
- Nigel Smart: Cryptography: An Introduction. McGraw-Hill, 2003
PrerequisitesThis course is a core theory lecture. Basic knowledge in computability, complexity theory, and number theory is useful, but not utterly necessary, as it can be acquired during the course.
TutorialsThe following tutorials are available:
|1||Thu, 14-16||E2.1, SR007 (map)||Dominik Feld|
|2||Thu, 14-16||E1.4, R023 (map)||Ines Ciolacu|
|3||Thu, 14-16||E1.3, SR 16 (map)||Anton Krohmer|
|4||Thu, 14-16||E1.1, U12 (map)||Sebastian Meiser|
|5||Thu, 16-18||E2.1, SR007 (map)||Dominik Feld|
|6||Thu, 16-18||E1.7, R001 (map)||Ines Ciolacu|
|7||Thu, 16-18||E1.1, U12 (map)||Sebastian Meiser|
Why are all tutorials at the same day?
→ See the section on quizzes below.
Michael Backes will be available for your questions on Friday, 12-13.
Office: building E1.1, room 211.
Raphael Reischuk will be available for your questions whenever his door is open.
Office: building E1.1, room 217.
The tutors will be available for your questions at the following times in building E1.1, room 218:
- Mon, 12:00 to 14:00
- Wed, 12:30 to 14:30
HomeworksWeekly homework exercises will be handed out in class and posted to the course page each Tuesday, after the lecture. Their solutions will be posted one week later. No homeworks have to be submitted, but you are encouraged to ask any question you might have concerning the course in the office hours. Homework exercises will thus not influence your grade, however, by presenting solutions in the tutorials you may gain a better grading in the quiz, see below.
Weekly QuizEach tutorial starts with a short (approx. 15 minutes) quiz covering the topics of the same lectures that were addressed in the corresponding homework assignment. Your overall quiz-grade is determined by dropping the quiz with the lowest grading, and calculating the average of the remaining quizzes.
You can further improve your quiz-grade by a "good presentation" of your solutions of the homework exercises in the tutorials. In this case, you may drop another quiz, i.e., at most two quizzes may be dropped. Please be aware that there is a limited number of exercises, and if more than one student opts for one particular solution, a random student will be drawn. So start early enough!
Quizzes will affect your final grading by 30%, and you need an overall quiz-grading of at least 50% to pass the course.
ExamsThere will be two mandatory exams: A mid-term exam, and a final exam.
The mid-term exam will be approx. one hour and consist of multiple-choice and simple questions intended to test your basic understanding of the course material covered so far. Your mid-term grade will affect your final grading by 20%, however, there is no lower bound that has to be reached in order to pass the course.
The final exam will be a written test of two hours. It will make up 50% of your final grade, you need at least 50% to pass the course.
Grading & Requirements for Passing the CourseLet Q be your quiz score, M your score in the mid-term exam, E your score in the final exam, and B your score in the backup exam, each in percent. Then your final overall score Final is calculated as
Final = 0.3*Q + 0.2*M + 0.5*Max(E,B)
You pass the course if
Q ≥ 50% and Max(E,B) ≥ 50% and Final ≥ 50%
Q: I got only 49% in the quizzes, but 100% in both exams, will I pass?
A: No, you need 50% in your quizzes to pass.
Q: I got only 49% in the final exam, but 100% in the quizzes and the mid-term exam, will I pass?
A: No, you need 50% in your final exam to pass. Consider participating in the backup exam.
Q: I got only 30% in the mid-term exam, but 100% in final exam and in the quizzes, will I pass?
A: Yes, there is no minimum requirement on the mid-term exam. However, of course, you need a final score of 50% to pass.
Backup ExamsDate and time of the backup exam will be announced. You may take part in the backup exam if you qualified for the final exam, i.e., you got at least 50% score in the quizzes.
The backup exam will be written. Please note that if you have passed the final exam and also take the backup exam, the better score between the two will count for your final grade.
Lecture Overview, Material & Tutorials
|1||2010-04-13||Organizatorial aspects. Historical overview of cryptography. Information theoretic security. Perfect secrecy. One-time pad.||
Lecture Notes 1 - 2.3,
Katz/Lindell p. 3-27, 29-36,
|2||2010-04-16||Stream ciphers, randomness||
Lecture Notes 2.4
|3||2010-04-20||Pseudorandom permutations, pseudorandom functions, switching lemma, modes of operation||
Lecture Notes 3
|4||2010-04-23||Definitions of security, DES, Feistel networks||Lecture Notes 3.3 - 4.2|
Lecture Notes 4.2 - 4.5
|6||2010-04-30||Message authentication codes||
Lecture Notes 5.1 - 5.2
Katz/Lindell 4.1 - 4.5
|7||2010-05-07||Collision resistant hash functions||Lecture Notes 5.3 - 5.5|
|8||2010-05-11||Basic number theory facts||Lecture Notes 6|
|9||2010-05-18||The ElGamal public-key encryption scheme||Lecture Notes 7|
|10||2010-05-21||CCA2 security, keyed hash functions, Cramer-Shoup||Lecture Notes 8.1 - 8.2|
|11||2010-05-28||Proof: Cramer-Shoup is CCA2-secure assuming DDH||–||Lecture Notes 8.3|
|12||2010-06-01||The RSA trapdoor permutation||Lecture Notes 9.1 - 9.3|
|13||2010-06-08||The RSA trapdoor permutation (attacks)||Lecture Notes 9.4 - 9.5|
|14||2010-06-11||Digital Signature Schemes||
Lecture Notes 10
|15||2010-06-15||Certificates||Lecture Notes 11|
|17||2010-06-22||Protocols for Authentication, SSL||Lecture Notes 12|
|18||2010-06-25||Commitment Schemes||Lecture Notes 13|
|19||2010-06-29||Secret Sharing||Lecture Notes 14|
|20||2010-07-06||Secret Sharing, Zero-Knowledge||Lecture Notes 15|
|21||2010-07-09||Zero-Knowledge, Formal Methods||Dominique Unruh's notes on formal methods|
|24||2010-07-20||Question and Answer Session|
There are the following tutorials:
|I||Thu, 2010-04-22||1,2||1||exception: group 6 (Ines) will be in E1.4, R019|
|II||Thu, 2010-04-29||3,4||2||exception: group 6 (Ines) will be in E1.7, R323|
|Thu, 2010-05-13||Ascension Day|
|VI||Thu, 2010-06-03||-||Corpus Christi|
|VIII||Thu, 2010-06-24||7||exception: group 2 (Ines) will be in E1.3, R528|
|XI||Thu, 2010-07-15||10||exception: group 6 (Ines) will be in E1.7, R323|
Registration and Mailing ListRegistration is closed. In case you still want to register, please contact Raphael Reischuk.
- Summary of basic probability theory by David Joyce (pdf): A very concise introduction to probability theory.
- Introduction to probability by Albert Meyer (pdf): Provides more material on probability theory.
- A Primer on number theory for computer scientists by Victor Shoup (pdf): Provides more material and more details on number theory and algebra.