Cryptology I

Lecture spring 2019

Instructor Dominique Unruh <<surname> at ut dot ee>
Teaching assistant
Tore Vincent Carstens <<firstname dot thirdname at gmx dot de>
Lecture Period February 13 –
Lectures Wednesday, 10:15-11:45, room 220 (Paabel) (Unruh; may sometimes be switched with practice)
Practice sessions
Wednesday, 14:15-15:45, room 220 (Paabel) (Unruh/Carstens)
Course Material Lecture notes, blackboard photos (of practice), and exam study guide.
Language English
Mailing list
Contact Dominique Unruh <<surname> at ut dot ee>

Topics covered

2019-02-13 (lecture)Historical ciphers. Perfect secrecy. One-time pad.[video]
2019-02-20 (practice)Breaking a substitution cipher. Malleability of one-time-pad (bank transfer).
2019-02-27 (lecture)Limitations of one-time-pad/perfect security. Streamciphers. IND-OT-CPA security.[video]
2019-02-27 (practice)Brief introduction to PRGs. Security proof: If G is PRG, then H(x,y):=G(x)||y is PRG. Very short intro to linear feedback shift registers (LFSR).
2019-03-06 (lecture)Pseudo-random generators (PRG). Security proof for G(k)⊕m encryption scheme. Blockciphers. AES (started).[video]
2019-03-06 (practice)Game-based security of one-time pad.
2019-03-13 (lecture)AES (continued). Feistel networks. Definition: strong pseudorandom permutation (PRP).[video]
2019-03-13 (practice)Security of AES with missing AddRoundKey/SubBytes/MixColumns/ShiftRows. Insecurity of 1-round, 2-round and 3-round-Feistel.
2019-03-20 (lecture)Definition IND-CPA. ECB mode (and its weakness). CBC mode. IND-CPA security of CBC.[video]
2019-03-20 (practice)Malleability of CBC mode. Recap: Strong PRP. 3-round-Feistel is not strong PRP.


Your current amount of points in the homework can be accessed here.
Out Due Homework Solution
2019-03-022019-03-16Homework 1, wordlist.txtSolution 1,,


The course "Cryptology I" introduces the basics of cryptography. After discussing historic ciphers and their weaknesses, we introduce modern cryptographic primitives such as encryption and signature schemes, hash functions, one-way functions etc. We explain how the security of cryptographic schemes is defined and proven. We study advanced cryptographic schemes such as zero-knowledge proofs and secure function evaluation.


"Elements of Discrete Mathematics" or some comparable mathematical foundations.


The following reading supplements this lecture (optional!)

Lindell and Katz, Introduction to Modern Cryptography, Chapman & Hall, 2007.
Materials from the course "Topics of Mathematics in Cryptology" (especially the chapter on probability and the one on modular arithmetic).