Students are expected to acquire: • knowledge of the mathematical foundations, e.g. modular arithmetic, needed to understand the cryptographic algorithms as explained in official standards such as NIST SP-Recommendations or FIPS. • knowledge of symmetric cryptography primitives like Block Ciphers, Stream Ciphers, and Hash Functions; • knowledge of the asymmetric cryptosystems used, for instance, for exchanging keys or building Public Key Cryptography; • knowledge of the main protocols used in different fields like Commitments, (Blind) Digital Signatures, SRP, and SAE; • knowledge of the main programming libraries for implementing cryptography algorithms both in C and Python; • abilities to discern the correct cryptographic algorithms to use, depending on the field of application; • abilities to discover flaws in basic cryptographic protocols and when the cryptographic primitives are misused; • knowledge about the main classes of attacks against the presented cryptographic algorithm; • the abilities to mount basic attacks in Python.

Basics of programming in C. Basics of computer security. Basics of linear algebra as in courses of "Linear Algebra and Geometry" of the first year of the Bachelor.

Basics of Cryptography and Cryptanalysis: • Confidentiality, Authentication,Integrity and Nonrepudiation. • (Gen,Enc,Dec) , the key distribution problem and concept of crypto primitives. • Computationally infeasibility or feasibile. Brute Force • Kerckhoff's principle. • Attacks models : COA, KPA, CPA, CCA . • Indistinguishability goals IND . Cryptographic programming: • use of cryptographic primitives in C; • use of cryptographic primitives in Python; • mounting basic attacks against symmetric ciphers, hash functions, and the RSA cryptosystem. Basics of Modular Arithmetic and Elliptic curves. • Calculations in rings of remainders modulo n . The (mod n) notation. • Calculations in Galois fields modulo a polynomial G. • Algorithm to compute the inverse: Euclidean extended and Kuttaka. • Chinese Remainder Theorem (CRT). Euler's Totient function. • Equations of first and second order (mod n). Quadratic residues. Euler's criterion. • Finite and cyclic groups, generators and order. Lagrange's theorem. Fermat's little theorem. • Discrete logarithm problem. • Elliptic curves: definition and construction of the addition law. Symmetric Cryptography: • Block-Ciphers: Feistel and SP-networks. DES, AES; • Operations Modes: ECB, CBC, CTR, OFB, CFB, GCM, CCM; • Stream-Ciphers and PRNG: o ARX algorithms: RC4, Salsa, and Chacha20. o Permutation algorithm: Keccak Sponge PRNG • Hash Functions: o Merkle-Damgård construction. o ARX: SHA1, SHA2 o Permutation based: Keccak Sponge, SHA3 o Birthday's paradox • Message Authentication Codes (MAC). Length extensions attack and HMAC. Asymmetric Cryptography: • DH Key Exchange on finite fields. • DH on elliptic curves. • RSA. Rabin. ElGamal. Hybrid Encryption, KEM/DEM Paradigm. • Protocols: Commitments, (Blind) Digital Signatures, SAE, and SRP.

The course consists of a total of 40 hours of lessons and 20 hours of exercises structured and distributed into 14 weeks. This means that the lessons and exercises of each week had a precise list of arguments from the Course Topics (see above). Weekly the list of arguments for the lessons are given in advance to the students in a PDF file available on the portale della didattica "material didattico". Such PDF file contains the theory, examples, exercises, hyperlinks to web places, Python code, historical notes and apendixes, that are going to be explained along the lesson by the teacher. Videolectures of lectures and screeshots of explanations of previous years are also available on the portale della didattica "material didattico". The exercises divide into two parts. The first weeks will be devoted to presenting how to write Cryptography code using the C programming Language correctly. The second part will present how to mount attacks against (weakly designed) cryptographic systems using Python. The exercises adopt the Flipped Classroom learning paradigm. Videos presenting the exercises' topics will be provided with material to examine in-depth individual subjects. Videos will be introduced with face-to-face classes presenting the learning objectives, the approach, and the methodology. After each part, dedicated face-to-face classes will allow students to self-assess their preparation level and readiness to sit the exam.

Serious Cryptography: A Practical Introduction to Modern Encryption Jean-Philippe Aumasson, No Starch Press, 2018. Understanding Cryptography, A Textbook for Students and Practitioners Paar, Christof, Pelzl, Jan, Springer-Verlag, 2010. Applied Cryptography: Protocols, Algorithms and Source Code in C Bruce Schneier, Wiley; 20th Anniversary edition,2015.

Exam: Optional oral exam; Computer-based written test in class using POLITO platform;

Expected learning outcomes Understanding of the topics covered, calculation skills and use of the related cryptographic / computer tools introduced. Ability to recognize and use adequate cryptographic tools in engineering disciplines. Ability to build a logical path, using the cryptographic / computer tools introduced. Criteria, rules and procedures for the examination The exam is aimed at ascertaining knowledge of the topics listed in the official teaching program, the ability to apply theory, the related calculation methods and IT methods. The evaluations are expressed out of thirty and the exam is passed if the score reported is at least 18/30. The exam consists of a written test using the PC of 3 closed-ended exercises and 2 open-ended exercises on the topics contained in the teaching program and has the purpose of verifying the level of knowledge and understanding of the topics covered. The written exam aims to verify the above skills (see Expected learning outcomes): the exam, in fact, includes calculation exercises that require the need to choose and apply the most appropriate cryptographic / IT tools for its resolution, but also theoretical concepts, which require the student's ability to build a chain logical by applying in sequence the theoretical results seen in class. Students who pass the written test can be invited to an oral test. The oral exam has the same aims of the written one and contributes to determine the final grade together with the written one. Attending the oral exam can lead to both the raising or the lowering of the grade obtained in the written exam. An example of an exam test is available on the EXERCISE platform on the "portale della didattica". The duration of the written test is 90 minutes. Each closed-ended exercise is worth: 7 points if right, 0 points if unanswered or wrong. The open-ended exercises are worth 6 points. To obtain honors, you must exceed 30 points. During the exam it is not allowed to keep and consult notebooks, books, exercise sheets, forms, personal calculators. The calculators of the platform where the exam takes place is available. The results of the exam are communicated on the teaching portal, together with the date on which students can view the assignment and ask for clarification.

In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.