# Cryptography

## News

- The exam results are now available in UniWorX. If you would like to see your marked exam, you can do so at the following date:

Thursday, 24 August, 6pm-7pm

Room L109, Oettingenstr. 67 - The date and time for the make up exam are now fixed. Please register at UniWorX.
- Please note the remarks for the examination below.
- Note that there is no teaching at LMU on Whit Tuesday (June 6), so that there will be no tutorial on June 6.

## Content

The course provides an introduction to modern cryptography and covers both theoretical concepts and practical aspects. In particular, on the theory side we will get to know the basics of semantic security and rigorous proofs of security by reduction. On the practical side we will learn about popular cryptographic schemes like AES, RSA, and ECC as well as hash functions and digital signatures. If time permits we will also take a glimpse at cryptanalysis and at cryptographic protocols and their security.

The course is based on the book "Introduction to Modern Cryptography" by Jonathan Katz and Yehuda Lindell, Chapman & Hall, 2008.

The lectures will be presented on the whiteboard and there will therefore be no transparencies available for download. We will, however, indicate the sections of the textbook covered in each lecture and provide ASCII summaries of the material.

## Organization

**Volume:**3+2 academic hours per week, 6 ECTS**Lecture:**Prof. Dr. Martin Hofmann**Tutorials:**Dr. Ulrich Schöpp

## Place and Time

Session | Time | Begin | |
---|---|---|---|

Lecture | Monday, noon-2pm | Geschw.-Scholl-Pl. 1, M 114 | 24.04.2017 |

Lecture | Thursday, 2pm-4pm | Schellingstr. 3, S 002 | |

Tutorial | Tuesday, 2pm-4pm | Theresienstr. 41, C 111 | 02.05.2017 |

To reach the planned 3 hours per week, lectures will only be held on the dates shown in the table below. Tutorials are held every week.

**Table is still provisional. Please check again later!**

Nr |
Date |
Topic |
Sections in textbook |
Notes |
Lecturer |

L1 |
24.04.17 | Organisation, overview, historic ciphers: shift cipher, frequency analysis | 1.1-1.4 | Ch.1 | MH |

L2 |
27.04.17 | Vigenere cipher, one-time pad, Shannon's theorem | 2 |
Ch. 2 (updated 05/05) |
MH |

01.05.17 | (Public holiday) |
||||

L3 |
04.05.17 | Forms of attack, kpa, cpa etc. Semantic security | 3.1, 3.2 | Ch. 3 | MH |

08.05.17 | x | ||||

11.05.17 | x | ||||

L4 |
15.05.17 | Pseudorandom generators | 3.3 | Ch. 4 | MH |

L5 |
18.05.17 | Security against chosen plaintext attacks, pseudorandom functions | 3.4 | Ch. 5 | MH |

L6 |
22.05.17 |
Block ciphers, modes of operation Optional: multiple encryptions from cpa-secure |
3.6 | Ch. 6, Ch. 6a | MH |

25.05.17 | (Public holiday) |
||||

L7 |
29.05.17 | Practical block ciphers. Principles: s/p- and Feistel networks | 5.1, 5.2 | Ch. 7 | MH |

L8 |
01.06.17 | DES, AES | 5.3-5.5 | Ch. 8 | MH |

05.06.17 | (Public holiday) |
||||

L9 |
08.06.17 | Cryptanalysis | 5.6, LSFR insecure (Buchmann) | Ch. 9 (updated 12/06/17) | MH |

L10 |
12.06.17 | Differential Cryptanalysis Message integrity, hashing | 4.1-4.5 | Ch. 10 | MH |

15.06.17 | (Public holiday) |
||||

L11 |
19.06.17 | Merkle-Damgard construction, SHA. MACs from hash functions and HMAC omitted. | 4.6 | Ch. 11 | MH |

L12 |
22.06.17 | Number theory and hardness assumptions | 7.1-7.3 | Ch. 12 | Sabine Bauer |

L13 |
26.06.17 | MACs from hash functions, HMAC (from Ch. 11). Diffie-Hellman key exchange, RSA | 9, 10.5 | Ch. 13 | MH |

L14 |
29.06.17 | El Gamal, Elliptic curve cryptography | 10.5 | Ch. 14 | MH |

L15 |
03.07.17 | Factoring and computing discrete logarithms | 8 | Ch. 15 | MH |

06.07.17 | x | x | |||

10.07.17 | x | x | |||

13.07.17 | x | x | |||

17.07.17 | x | x | |||

L16 |
20.07.17 | Semantic security of public key cryptography with random oracles | 13 | Ch. 16 | US |

L17 |
24.07.17 | Digital signatures, hash-and-sign | 12 | Ch. 17 | MH |

L18 |
27.07.17 | Q&A. A glimpse at quantum and post quantum crypto (not relevant for exam) |
PQCrypto: a portal on post quantum cryptography. Contains an instructive introductory book chapter by D Bernstein. |
MH |

Legend: **L** means **lecture.**

**Tutorials**

- Sheet 1, file vigenere.txt for Exercise 1-2; solutions will be discussed in the Tutorial on 2 May
- File vigenere.hs to solve Exercise 1-2
- Sheet 2; (with solutions) discussed in the Tutorial on 9 May
- Sheet 3; (with solutions) discussed in the Tutorial on 23 May
- Sheet 4; (with solutions) discussed in the Tutorial on 30 May
- Sheet 5; (with solutions) updated, moved to the Tutorial on 20 June
- File exercise5_2.c to solve Exercise 5-2
- Sheet 6; (with solutions) discussed in the Tutorial on 27 June
- File exercise6_2.c to solve Exercise 6-2
- File exercise6_3.c to solve Exercise 6-3
- File differential.c to compute all bits of the last subkey by applying the differential cryptanalysis from Exercise 6-2 repeatedly with different input differentials.
- Sheet 7 (with solutions); discussed in the Tutorial on 4 July
- Sheet 8 (with solutions); discussed in the Tutorial on 11 July
- Sheet 9 (with solutions); discussed in the Tutorial on 18 July
- Sheet 10 (with solutions); discussed in the Tutorial on 25 July

**Material**

- Katz and Lindell, Introduction to Modern Cryptography

(Unless otherwise stated, the references in the lecture notes refer to the first edition of this book.)

**Exam**

- Wednesday, 9 August, 10am - 12am
- Room M 118, Main Building, Geschwister-Scholl-Platz
- Duration: 90 minutes
- Please be at room M 118 at 10am. The examination will begin once everyone is seated, at approximately 10:10.
- The examination is closed-book, i.e. no written notes or technical devices may be used in the examination.
- Please bring the following:
- Photo ID, e.g. ID-card, passport, driver's licence
- Student ID
- Pens (no green or red ink, no pencil) and other writing utensils. Paper will be supplied and may not be brought to the examination.

## Make up Exam

- Monday, 2 October, 4pm - 6pm
- Room B U101, Oettingenstr. 67

Participants that did not partake in the first exam are also allowed to register for the make-up exam, provided that they acknowledge that there will not be third exam offered.

Document Actions