Cryp­to­graphy - Prov­able Se­cur­ity


We discuss several advanced security concepts like semantic security and plaintext indistinguishability. We also describe several techniques to design cryptosystems that meet these strong security requirements. In particular, we discuss one-way functions, pseudorandom generators, and pseudorandom functions. Finally, we compare the security of cryptosystems used in practice (like AES and RSA) with advanced security concepts.

Mod­ule In­form­a­tion

  • Module III.2.2: Algorithmen II (algorithms II)
  • Module III.2.3: Komplexität und Kryptographie (complexity and cryptography)
  • Course: L.079.05829
  • V2 + Ü1 SWS (contact time)
  • 4 ECTS credits (workload)
  • Useful previos knowledge: Einführung in Kryptographie (German) or any equivalent course
  • This course will be held in english.

For further information see the corresponding section in the module handbook.


  • Important Note: the lecture will only take place during the first half of the semester.
  • Important Note: on June 6th, the 11:15 lecture will not take place
  • Lecture:
    • Tuesday, 11:15, F2.211
    • Tuesday, 14:00, F2.211
  • Tutorials:
    • Tuesday, 15:45, F2.211
    • The first tutorial will take place on 2017-04-18

Lec­ture Notes

This course will make use of the literature given below. Beside this, there will be no lecture notes for this course. Extensive lecture notes in cryptography of Luca Trevisan are available online.

0. Introduction[PDF]
1. Perfect Secrecy[PDF]
2. Pseudorandom Generators[PDF]
3. Pseudorandom Functions and Chosen-Plaintext Security[PDF]
4. Counter Mode of Operation[PDF]
5. Block Ciphers[PDF]
6. One-Way Functions[PDF]
7. Public Key Cryptography[PDF]
8. CCA and MACs[PDF]


Dates for oral exams have to be planned individually. To request a date, send a timely request to Claudia Jahn and the second professor for the exam, using an appropriate e-mail form from

Make sure you are registered for the exam within the PAUL system before requesting a date for your examination.


Here we will publish the home exercises. Note that we won't publish any solutions to these exercises. Solutions to selected exercises will be discussed in the tutorials. You can submit your solutions in the box at F2.108.  We encourage submissions of solutions by small groups of up to four students.

The first exercise will take place on April, 2017-04-18.

Handout 12017-04-07
Handout 22017-04-21
Handout 32017-04-28
Handout 42017-05-05
Handout 52017-05-12
Handout 62017-05-19
Handout 72017-05-26
Handout 82017-06-06


  • Bellare, Rogaway: Lecture Notes on "Introduction to Modern Cryptography", University of California, San Diego, 2004--2005. Lecture notes available online!
  • Goldreich: "Foundations of Cryptography, Volume 1: Basic Tools", Cambridge University Press, 2001. ISBN: 0-521-79172-3. Early draft version available online!
  • Goldreich: "Foundations of Cryptography, Volume 2: Basic Applications", Cambridge University Press, 2004. ISBN: 0-521-83084-2.
  • Goldwasser, Bellare: Lecture Notes on "Cryptography", MIT, 1996--2001. Lecture notes available online!
  • Katz, Lindell: "Introduction to Modern Cryptography", Chapman & Hall / CRC Press, 2007. ISBN: 1-5848-8551-3
  • Lindell: Lecture Notes on "Introduction to Cryptography", Bar-Ilan University, 2005. Lecture notes available online!
  • Menezes, van Oorschot, Vanstone: "Handbook of Applied Cryptography", CRC Press, 1996. ISBN: 0-8493-8523-7. Complete book available online!
  • Shoup: "A Computational Introduction to Number Theory and Algebra", Cambridge University Press, 2005. ISBN: 0-521-85154-8. Complete book available online!
  • Stinson: "Cryptography: Theory and Practice", 2nd edition, Chapman & Hall / CRC Press, 2001. ISBN: 1-5848-8206-9.
  • Trappe, Washington: "Introduction to Cryptography with Coding Theory", 3rd edition, Chapman & Hall / CRC Press, 2005. ISBN: 1-5848-8508-4.