This is the first course in Cryptography.
It is about the state-of-the-art principal cryptographic algorithms currently used for computer system security purposes.
This course is an essential element in building the competencies of a cybersecurity expert, as the technological solutions in cybersecurity strongly rely on the use of cryptography. Indeed, superficial knowledge of the cryptographic primitives can lead to decisions and designs, resulting in a weak level of protection and a higher exposition to cyber-attacks.
This is the first course in Cryptography.
It is about the state-of-the-art principal cryptographic algorithms currently used for computer system security purposes.
This course is an essential element in building the competencies of a cybersecurity expert, as the technological solutions in cybersecurity strongly rely on the use of cryptography. Indeed, superficial knowledge of the cryptographic primitives can lead to decisions and designs, resulting in a weak level of protection and a higher exposition to cyber-attacks.
Students are expected to acquire:
knowledge of the mathematical foundations, e.g. modular arithmetic, needed to understand the cryptographic algorithms as explained in official
standards such as NIST SP-Recommendations or FIPS.
knowledge of symmetric cryptography primitives like Block Ciphers, Stream Ciphers, and Hash Functions;
knowledge of the asymmetric cryptosystems used, for instance, for exchanging keys or building Public Key Cryptography;
knowledge of the main protocols used in different fields like Commitments, (Blind) Digital Signatures, SRP, and SAE;
knowledge of the main programming libraries for implementing cryptography algorithms both in C and Python;
abilities to discern the correct cryptographic algorithms to use, depending on the field of application;
abilities to discover flaws in basic cryptographic protocols and when the cryptographic primitives are misused;
knowledge about the main classes of attacks against the presented cryptographic algorithm;
the abilities to mount basic attacks in Python.
Students are expected to acquire:
knowledge of the mathematical foundations, e.g. modular arithmetic, needed to understand the cryptographic algorithms as explained in official
standards such as NIST SP-Recommendations or FIPS.
knowledge of symmetric cryptography primitives like Block Ciphers, Stream Ciphers, and Hash Functions;
knowledge of the asymmetric cryptosystems used, for instance, for exchanging keys or building Public Key Cryptography;
knowledge of the main protocols used in different fields like Commitments, (Blind) Digital Signatures, SRP, and SAE;
knowledge of the main programming libraries for implementing cryptography algorithms both in C and Python;
abilities to discern the correct cryptographic algorithms to use, depending on the field of application;
abilities to discover flaws in basic cryptographic protocols and when the cryptographic primitives are misused;
knowledge about the main classes of attacks against the presented cryptographic algorithm;
the abilities to mount basic attacks in Python.
Basics of programming in C.
Basics of computer security.
Basics of linear algebra as in courses of "Linear Algebra and Geometry" of the first year of the Bachelor.
Basics of programming in C.
Basics of computer security.
Basics of linear algebra as in courses of "Linear Algebra and Geometry" of the first year of the Bachelor.
Basics of Cryptography and Cryptanalysis:
Confidentiality, Authentication,Integrity and Nonrepudiation.
(Gen,Enc,Dec) , the key distribution problem and concept of crypto primitives.
Computationally infeasibility or feasibile. Brute Force
Kerckhoff's principle.
Attacks models : COA, KPA, CPA, CCA .
Indistinguishability goals IND .
Cryptographic programming:
use of cryptographic primitives in C;
use of cryptographic primitives in Python;
mounting basic attacks against symmetric ciphers, hash functions, and the RSA cryptosystem.
Basics of Modular Arithmetic and Elliptic curves.
Calculations in rings of remainders modulo n . The (mod n) notation.
Calculations in Galois fields modulo a polynomial G.
Algorithm to compute the inverse: Euclidean extended and Kuttaka.
Chinese Remainder Theorem (CRT). Euler's Totient function.
Equations of first and second order (mod n). Quadratic residues. Euler's criterion.
Finite and cyclic groups, generators and order. Lagrange's theorem. Fermat's little theorem.
Discrete logarithm problem.
Elliptic curves: definition and construction of the addition law.
Symmetric Cryptography:
Block-Ciphers: Feistel and SP-networks. DES, AES;
Operations Modes: ECB, CBC, CTR, OFB, CFB, GCM, CCM;
Stream-Ciphers and PRNG:
o ARX algorithms: RC4, Salsa, and Chacha20.
o Permutation algorithm: Keccak Sponge PRNG
Hash Functions:
o Merkle-Damgεrd construction.
o ARX: SHA1, SHA2
o Permutation based: Keccak Sponge, SHA3
o Birthday's paradox
Message Authentication Codes (MAC). Length extensions attack and HMAC.
Asymmetric Cryptography:
DH Key Exchange on finite fields.
DH on elliptic curves.
RSA. Rabin. ElGamal. Hybrid Encryption, KEM/DEM Paradigm.
Protocols: Commitments, (Blind) Digital Signatures, SAE, and SRP.
Basics of Cryptography and Cryptanalysis:
Confidentiality, Authentication,Integrity and Nonrepudiation.
(Gen,Enc,Dec) , the key distribution problem and concept of crypto primitives.
Computationally infeasibility or feasibile. Brute Force
Kerckhoff's principle.
Attacks models : COA, KPA, CPA, CCA .
Indistinguishability goals IND .
Cryptographic programming:
use of cryptographic primitives in C;
use of cryptographic primitives in Python;
mounting basic attacks against symmetric ciphers, hash functions, and the RSA cryptosystem.
Basics of Modular Arithmetic and Elliptic curves.
Calculations in rings of remainders modulo n . The (mod n) notation.
Calculations in Galois fields modulo a polynomial G.
Algorithm to compute the inverse: Euclidean extended and Kuttaka.
Chinese Remainder Theorem (CRT). Euler's Totient function.
Equations of first and second order (mod n). Quadratic residues. Euler's criterion.
Finite and cyclic groups, generators and order. Lagrange's theorem. Fermat's little theorem.
Discrete logarithm problem.
Elliptic curves: definition and construction of the addition law.
Symmetric Cryptography:
Block-Ciphers: Feistel and SP-networks. DES, AES;
Operations Modes: ECB, CBC, CTR, OFB, CFB, GCM, CCM;
Stream-Ciphers and PRNG:
o ARX algorithms: RC4, Salsa, and Chacha20.
o Permutation algorithm: Keccak Sponge PRNG
Hash Functions:
o Merkle-Damgεrd construction.
o ARX: SHA1, SHA2
o Permutation based: Keccak Sponge, SHA3
o Birthday's paradox
Message Authentication Codes (MAC). Length extensions attack and HMAC.
Asymmetric Cryptography:
DH Key Exchange on finite fields.
DH on elliptic curves.
RSA. Rabin. ElGamal. Hybrid Encryption, KEM/DEM Paradigm.
Protocols: Commitments, (Blind) Digital Signatures, SAE, and SRP.
The course consists of a total of 40 hours of lessons and 20 hours of exercises structured and distributed into 14 weeks.
This means that the lessons and exercises of each week had a precise list of arguments from the Course Topics (see above).
Weekly the list of arguments for the lessons are given in advance to the students in a PDF file available on the portale della didattica "material didattico". Such PDF file contains the theory, examples, exercises, hyperlinks to web places, Python code, historical notes and apendixes, that are going to be explained along the lesson by the teacher.
Videolectures of lectures and screeshots of explanations of previous years are also available on the portale della didattica "material didattico".
The exercises divide into two parts. The first weeks will be devoted to presenting how to write Cryptography code using the C programming Language correctly. The second part will present how to mount attacks against (weakly designed) cryptographic systems using Python.
The exercises adopt the Flipped Classroom learning paradigm. Videos presenting the exercises' topics will be provided with material to examine in-depth individual subjects. Videos will be introduced with face-to-face classes presenting the learning objectives, the approach, and the methodology. After each part, dedicated face-to-face classes will allow students to self-assess their preparation level and readiness to sit the exam.
The course consists of a total of 40 hours of lessons and 20 hours of exercises structured and distributed into 14 weeks.
This means that the lessons and exercises of each week had a precise list of arguments from the Course Topics (see above).
Weekly the list of arguments for the lessons are given in advance to the students in a PDF file available on the portale della didattica "material didattico". Such PDF file contains the theory, examples, exercises, hyperlinks to web places, Python code, historical notes and apendixes, that are going to be explained along the lesson by the teacher.
Videolectures of lectures and screeshots of explanations of previous years are also available on the portale della didattica "material didattico".
The exercises divide into two parts. The first weeks will be devoted to presenting how to write Cryptography code using the C programming Language correctly. The second part will present how to mount attacks against (weakly designed) cryptographic systems using Python.
The exercises adopt the Flipped Classroom learning paradigm. Videos presenting the exercises' topics will be provided with material to examine in-depth individual subjects. Videos will be introduced with face-to-face classes presenting the learning objectives, the approach, and the methodology. After each part, dedicated face-to-face classes will allow students to self-assess their preparation level and readiness to sit the exam.
Serious Cryptography: A Practical Introduction to Modern Encryption
Jean-Philippe Aumasson,
No Starch Press, 2018.
Understanding Cryptography, A Textbook for Students and Practitioners
Paar, Christof, Pelzl, Jan,
Springer-Verlag, 2010.
Applied Cryptography: Protocols, Algorithms and Source Code in C
Bruce Schneier,
Wiley; 20th Anniversary edition,2015.
Serious Cryptography: A Practical Introduction to Modern Encryption
Jean-Philippe Aumasson,
No Starch Press, 2018.
Understanding Cryptography, A Textbook for Students and Practitioners
Paar, Christof, Pelzl, Jan,
Springer-Verlag, 2010.
Applied Cryptography: Protocols, Algorithms and Source Code in C
Bruce Schneier,
Wiley; 20th Anniversary edition,2015.
Dispense; Esercizi; Video lezioni tratte da anni precedenti;
Lecture notes; Exercises; Video lectures (previous years);
Modalitΰ di esame: Prova orale facoltativa; Prova scritta in aula tramite PC con l'utilizzo della piattaforma di ateneo;
Exam: Optional oral exam; Computer-based written test in class using POLITO platform;
...
Expected learning outcomes
Understanding of the topics covered, calculation skills and use of the related cryptographic / computer tools introduced.
Ability to recognize and use adequate cryptographic tools in engineering disciplines.
Ability to build a logical path, using the cryptographic / computer tools introduced.
Criteria, rules and procedures for the examination
The exam is aimed at ascertaining knowledge of the topics listed in the official teaching program,
the ability to apply theory, the related calculation methods and IT methods.
The evaluations are expressed out of thirty and the exam is passed if the score reported is at least 18/30.
The exam consists of a written test using the PC of 3 closed-ended exercises and 2 open-ended exercises on the topics contained in the teaching program and has
the purpose of verifying the level of knowledge and understanding of the topics covered.
The written exam aims to verify the above skills (see Expected learning outcomes): the exam, in fact,
includes calculation exercises that require the need to choose and apply the most appropriate cryptographic / IT tools for its resolution,
but also theoretical concepts, which require the student's ability to build a chain
logical by applying in sequence the theoretical results seen in class.
Students who pass the written test can be invited to an oral test.
The oral exam has the same aims of the written one and contributes to determine the final grade together with the written one.
Attending the oral exam can lead to both the raising or the lowering of the grade obtained in the written exam.
An example of an exam test is available on the EXERCISE platform on the "portale della didattica".
The duration of the written test is 90 minutes. Each closed-ended exercise is worth: 7 points if right, 0 points if unanswered or wrong.
The open-ended exercises are worth 6 points. To obtain honors, you must exceed 30 points.
During the exam it is not allowed to keep and consult notebooks, books, exercise sheets, forms, personal calculators.
The calculators of the platform where the exam takes place is available.
The results of the exam are communicated on the teaching portal, together with the date on which students can view the assignment and ask for clarification.
Gli studenti e le studentesse con disabilitΰ o con Disturbi Specifici di Apprendimento (DSA), oltre alla segnalazione tramite procedura informatizzata, sono invitati a comunicare anche direttamente al/la docente titolare dell'insegnamento, con un preavviso non inferiore ad una settimana dall'avvio della sessione d'esame, gli strumenti compensativi concordati con l'Unitΰ Special Needs, al fine di permettere al/la docente la declinazione piω idonea in riferimento alla specifica tipologia di esame.
Exam: Optional oral exam; Computer-based written test in class using POLITO platform;
The exam aims to verify the level of knowledge and abilities acquired (see Expected learning outcomes) for the topics listed in the official teaching program, the ability to apply theory, the related calculation methods and IT methods.
The evaluations are expressed out of thirty. The exam is passed if the score is at least 18/30.
The exam is a written test using the PC consisting of four theoretical closed-ended exercises and two to four open-ended practical exercises on the topics in the teaching program.
At the teacher's discretion, it may be supplemented with an oral test.
It includes calculation exercises that require the need to choose and apply the most appropriate cryptographic / IT tools for its resolution, but also theoretical concepts, which require the student's ability to build a logical chain by applying in sequence the theoretical results seen in class. Finally, it assesses the ability to mount basic attacks against cryptographic algorithms.
The written test lasts up to 100 minutes.
Every exercise is assigned a score.
The total score of the four theoretical closed-ended exercises is 21 points and there is no penalization for wrong answers.
The open-ended questions are evaluated individually for a total score of 12 points.
Alternatively, selected voluntary students can replace the open-ended practical exercises with individual homework related to the course's practical arguments, delivering a written report.
In this case, the topics are agreed upon with the teacher.
To obtain honors, i.e. 30 e Lode, the sum of the open-ended and closed-ended/homework points must exceed 30 points.
During the exam, it is not allowed to keep and consult notebooks, books, exercise sheets, forms, and personal calculators.
The platform calculator will be made available to students.
An example of an exam test is available on the moodle.polito.it platform on the "Portale della Didattica".
The exam results are communicated on the teaching portal, along with the date students can view the assignment and ask for clarification.
In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.