Introduction to cryptography
I teach Introduction to cryptography [NDMI100] in the summer semester of 2025/2026. The lecture will cover the basics of both theoretical and practical cryptography, focusing on protocols currently used on the Internet.
Lectures will be on Tuesdays from 10:40 in S3.
If you want to consult anything, please write an e-mail to mares+kry@kam.mff.cuni.cz and we will discuss possibilities.
| date | topics | recording |
|---|---|---|
| 17. 2. | Cryptographic primitives: symmetric and asymmetric ciphers, hash functions, random generators. Protocols and roles. Kerckhoffs principle. Simple protocols: multi-party communication, signatures (symmetric and asymmetric) hybrid ciphers and signatures, challenge-response authentication. Designing an auction protocol: padding, nonces, sequence numbers, signatures, session IDs. | video |
| 24. 2. |
Basic types of cryptographic attacks. Security level.
Different kinds of "birthday attacks".
One-time pad. Perfect security and its limits.
Secret sharing and threshold schemes.
Exercise: How to toss a coin over a phone call? | video |
| 3. 3. |
Threshold schemes: Shamir's construction with polynomials.
Introduction to symmetric ciphers.
Block ciphers: trivial examples, an attempt to define security. General constructions: iterated ciphers, substitution-permutation networks, Feistel networks.
DES: history, structure, critique, work-arounds (3-DES).
Exercise: Why is the security level of 2-DES only 57 bits? Further reading:: EFF DES cracker, | video |
| 10. 3. |
AES a.k.a. Rijndael: history, structure, critique.
How to (mis)use a block cipher: padding, modes ECB, CBC, CTR, OFB.
Padding oracle attacks on CTR and CBC.
Information leaks in CBC and CTR modes.
Stream cipher sketches: LFSR-based constructions, eSTREAM project,
Trivium.
Illustrations: Block cipher modes (plaintext, ECB, CBC), visual secret sharing (layer 1, layer 2, both layers put together). Further reading:: details of AES, Serpent (an AES finalist), Twofish (another one); Ciphertext stealing (a technique that helps avoid padding in block ciphers). | video |
| 17. 3. | Plan: Stream ciphers: ChaCha20. Hash functions: requirements, Merkle-Damgård construction by iterating compression function, length extension attacks. Birthday attacks on hash functions: the tortoise, the hare, and the turtle. How to obtain a compression function: Davies-Meyer construction from a block cipher. Practical hash functions: MD5 (broken), SHA1 (broken), and the SHA2 family. |
Exams
The exam will be oral with written preparation. You are expected to know the theory presented at the lecture (constructions, theorems, and proofs) and use it to analyse (i.e., break) simple protocols.
You are allowed to use a cheat sheet written (or pritned) on a single A4 page. The only restriction is that you have to prepare it yourself.
Sources
- Previous runs of the lecture: 2025 (with video recordings), 2024 (with video recordings), 2023 (with video recordings), 2020 (partial recordings), 2019 (with Czech video recordings).
- My notes (in Czech), also for Double Ratchet and TLS.
- Study text (in Czech, very much work in progress)
- Niels Ferguson, Bruce Schneier: Practical Cryptography. Wiley Publishing, 2003.
- Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography, 2nd Edition. CRC Press, 2015.
- Douglas Stinson, Maura Paterson: Cryptography – Theory and Practice. CRC Press, 2018.
- Dan Boneh, Victor Shoup: A Graduate Course in Applied Cryptography.
- Mike Rosulek: The Joy of Cryptography.
- Ross Anderson: Security Engineering, Wiley Publishing, 2008.
- Martin Mareš: Algoritmy okolo teorie čísel (in Czech).
- Ivan Ristić: Bulletproof SSL and TLS, Feisty Duck Publishing, 2nd edition, 2021.
- Moxie Marlinspike, Trevor Perrin: The Double Ratchet Algorithm