Introduction to Cryptography

Organization

The lecture "Introduction to Cryptography" (ItC) will be taught in a "flipped classroom" style. After registering in PAUL for our course, you are enrolled (up to 24 hours later) to our PANDA course via which ItC will be organized. Concretely, each week we will provide online lecturing material (mostly consisting of lecture recordings from a previous term and lecture notes). Based on these contents, which you have to work upon by yourself, we'll have weekly in-class discussion rounds. In these rounds we'll briefly summarize the contents, ask you some questions on the topics, and give you the opportunity to ask questions. The duration depends on your questions and discussions resulting from these. The better you prepare, the more you may benefit from these in-class events. Additionally, weekly we have mandatory as well as optional exercises and in-class tutorials (see details below and in our PANDA course).

Topics

This course is mainly split into topics from private-key cryptography and public-key cryptography. Throughout this course we define security notions, construct schemes satisfying them, and then formally analyze their security. Among others, these steps require understanding of basic probability theory, algorithm design, and basic complexity theory.

We plan to cover the following topics:

Private-key crypto (1st part)	Public-key crypto (2nd part)
Introduction and perfect secrecy	The RSA Cryptosystem
Computational ciphers, block ciphers and their security, AES and DES	Cryptosystems based on the Discrete Logarithm Problem
Modes of operation	ElGamal and its IND-CPA security, IND-CCA security via Fujisaki-Okamoto (and Cramer-Shoup?)
Pseudorandom generators, stream ciphers	Elliptic Curves and algorithms for the DLOG problem
Hash functions, MACs and PRFs, HMAC, Merkle-Damgård	Fiat-Shamir transform and Schnorr signatures, DSA and EC-DSA
Padding Oracle Attacks, IND-CCA security, Encrypt-then-MAC

Dates and Times

To discuss the lecture's current contents, we will meet once per week according to the times which are published in PAUL and PANDA. Each meeting will last roughly up to 2 hours. Additionally, there is a weekly tutorial which lasts 2 hours.

Exercises

The homework is split into two different exercises: type-1 and type-2. While type-1 exercises are mandatory (in order to get the course achievement) and easier, type-2 exercises are optional and may lead to bonus steps on passed exams.

Course achievement (Studienleistung) and bonus system

In order to be admitted to the exam, you have to obtain the course achievement. While concrete details are provided via PANDA, this could for example be something like reaching 50% of the points on 70% of all mandatory exercise sheets.

Given this requirement, you may achieve bonus steps on the grade of a passed exam (details via PANDA).

Exam

The exam will be an oral block exam. You need to register for the exam via PAUL. In PAUL you can also find further details regarding the registration phases. Please do not forget to register for the course achievement (Studienleistung). Relevant deadlines and phases are usually linked on the study service homepages.

We will offer two slots at the end of the semester, one at the beginning and one at the end of the lecture-free time. Concrete details will be announced via PAUL or PANDA.