Credits: 5

Schedule: 10.09.2018 - 05.12.2018

Teaching Period (valid 01.08.2018-31.07.2020): 

I - II (Autumn)

Learning Outcomes (valid 01.08.2018-31.07.2020): 

Having completed the course, you understand the security that commonly used cryptographic primitives provide as well as their limits. You are able to judge whether a cryptographic building block is suitable for use in a particular application, and you can assess security models for applications critically. You can construct reductions between cryptographic primitives and recognize whether small modifications to a cryptographic primitive compromise their security.

Content (valid 01.08.2018-31.07.2020): 

We introduce cryptographic security models and concepts and understand the relations between them. We then apply the learnt concepts and techniques to real-world problems. In particular, we cover:

  • One-way functions
  • Pseudorandomness
  • Pseudorandom generators
  • Pseudorandom functions
  • symmetric encryption
  • asymmetric encryption
  • message authentication codes
  • signature schemes
  • secure channels
  • recent attacks on real-life protocols such as TLS, IPsec,...

Assessment Methods and Criteria (valid 01.08.2018-31.07.2020): 

Weekly exercises, course feedback (no exam)

Elaboration of the evaluation criteria and methods, and acquainting students with the evaluation (applies in this implementation): 

Individual Feedback (learning/teaching)

Please put your own name and the name of your teaching assistant onto your solution sheet. Your teaching assistant will give you individual, written feedback on your written solutions so that you can practice thorough reasoning in the context of cryptography. You can hand in solutions into the letterboxes on the left of office C210 (in the CS building) or in the lecture hall before the lectures on Monday. You can collect your individual feedback in the next exercise session or by individual agreement with your teaching assistant (please contact them via eMail). Feedback is aimed at helping to build skills successively, so we suggest to collect feedback timely if you want to make use of it.

The mapping from teaching assistants to groups H1, H2, H3, H4, H5 and H6 is:

Group H1: Joshua Stock (

Group H2: Valtteri Lipiäinen (

Group H3: Konrad Kohbrok (konrad.kohbrok@aaltofi)

Group H4: Estuardo Alpirez Bock (

Group H5: Osama Abuzaid ( 

Group H6: Miika Leinonen (

Passing the course (testing)

We want to focus on learning/teaching and minimize the side-effects of testing. Thus, the mandatory part of the homework is kept light, and there is no exam and no grades, i.e., only a fail/pass grade. There are 12 exercise sheets with overall 24 points, i.e., 2 points per week.

We think that 18 points correspond to reasonable participation in the class, so that one can skip some exercises, based on one's own judgement of usefulness and interest. However, one passes the class already with 12 points or more. In light of this light requirement, no extensions for gaining points are given. You may, however, hand in exercises up to one week late to obtain individual written feedback (but no points).

Workload (valid 01.08.2018-31.07.2020): 

Lectures 24 h (16 90-minutes sessions),

Teaching in small groups 24h (16 90-minutes sessions),

Weekly written exercises 32h

Other independent work 48 h


Study Material (valid 01.08.2018-31.07.2020): 

Foundations of Cryptography I, Oded Goldreich

Foundations of Cryptography II, Oded Goldreich

Details on the course materials (applies in this implementation): 

The first half of the course focuses on foundations and follows the first volume of "Foundations of Cryptography" by Oded Goldreich [1] quite closely. The second half of the course focuses on applications, and lecture notes will be added here. While the second volume of "Foundations of Cryptography" [2] is a good complementary read, we will use different notation and presentation, and, in particular, we will discuss details of TLS such as covered by Kenny Paterson in [3,4]. Background in complexity theory is highly recommended for this course. If you did not take a course on complexity theory, we recommend "Computational Complexity: A Conceptual Perspective" by Oded Goldreich [5].






Substitutes for Courses (valid 01.08.2018-31.07.2020): 

Replaces former course T-79.4502 / T-79.4501 Cryptography and Data Security.

Prerequisites (valid 01.08.2018-31.07.2020): 

Essential: Ability to use mathematical reasoning, formulate definitions and proofs

Highly recommended: complexity theory and discrete probabilities

Grading Scale (valid 01.08.2018-31.07.2020): 


Additional information for the course (applies in this implementation): 

You need to register for one of the exercise groups. Individual feedback will be returned by the teaching assistant who wrote the individual feedback, and each group corresponds to one teaching assistant. Note that two groups have their exercise session at the same time with two teaching assistants.

Please register for one exercise group even if you cannot attend. This way, a teaching assistant is assigned to giving feedback on your exercises.


Registration and further information