Introduction to cryptography

I teach Introduction to cryptography [NDMI100] in the winter semester of 2021/2022. The lecture will cover the basics of both theoretical and practical cryptography, focusing on protocols currently used on the Internet.

We will meet on Wednesdays 9:00 in S4.

If you want to consult anything, please write an e-mail to and we will discuss possibilities.

date topics recording
29. 9. Cryptographic primitives: symmetric and asymmetric ciphers, hash functions, random generators. Protocols and roles. Kerckhoffs principle. Simple protocols: multi-party communication, signatures, message authentication codes, hybrid ciphers, challenge-response authentication. Designing an auction protocol: padding, nonces, sequence numbers, signatures, session IDs.
6. 10. Know your enemy. Basic types of cryptographic attacks. Security level. Different kinds of "birthday attacks". One-time pad a.k.a. Vernam's cipher. Perfect security and its limits. Secret sharing. video (sorry for low quality)
13. 10. Secret sharing and threshold schemes (construction with polynomials). Introduction to symmetric ciphers. Block ciphers: trivial examples, an attempt to define security, ideal block ciphers. General constructions: iterated ciphers, substitution-permutation networks, Feistel networks. DES: history, structure, critique, work-arounds (3-DES). Puzzle: Why is the security level of 2-DES only 57 bits? video
20. 10. AES a.k.a. Rijndael: history, structure, critique. How to (mis)use a block cipher: padding, modes ECB, CBC, CTR, and OFB. Information leaks in CBC and CTR modes. video
27. 10. Plan: Block ciphers: Ciphertext stealing. Padding oracle attacks on CBC. Stream ciphers (briefly): LFSR-based constructions, eSTREAM project, Trivium, RC4, ChaCha20. Hash functions: requirements. Puzzle: How to toss a coin over a phone call?


This page is maintained by Martin Mareš