Go to main contentGo to navigation menu
University of Catania  >  DMI
Reserved Area
Logo UniCt

Degree Course in

Computer Science

Follow us
Search

CRYPTOGRAPHY

Academic Year 2025/2026 - Teacher: DARIO CATALANO

Expected Learning Outcomes

The goals of this course, in terms of expected results, are

  1. Knowledge and understanding. Students will learn the fundamental ideas and the basic principles of modern cryptography. More specifically, students will be able to understand some of the most important cryptographic schemes and primitives used in practice. 
  2. Applying knowledge and understanding. Students will be able to use, in a secure way, cryptographic schemes such as encryption schemes, authentication schemes and cryptographic hash functions
  3. Making judgements. By studying concrete examples of seemingly secure (but wrong) solutions students will learn how to use cryptographic schemes providing high security guarantees.
  4. Communication Skills. Students will learn how to properly communicate using the technical language of modern cryptography   
  5. Learning Skills. A goal of this course is to provide a good theoretical and practical background of modern cryptography. It is expected that students will learn how to autonomously address problems that require the usage of cryptographic primitives such as digital signatures, encryption schemes and cryptographic hash functions.

Course Structure

Lecture-based. 

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus.

Required Prerequisites

ChatGPT ha detto:

For an adequate understanding of the course content, the following prerequisites are required:

  • Basics of discrete mathematics.

  • Basic knowledge of algorithms.

Attendance of Lessons

Attendance is not mandatory but is strongly recommended.

Detailed Course Content

The course provides an introduction to the fundamental concepts of modern cryptography. The goal of the course is to define and construct appropriate cryptographic primitives such as encryption schemes, message authentication codes, and digital signatures. We will aim to understand what properties these tools should satisfy, how to rigorously formalize such properties, and how to design schemes that meet them. We will focus especially on widely used practical schemes such as AES, SHA, HMAC, and RSA. In particular, we will seek to understand in detail how they are built and what level of security they provide.

The course does not include programming modules.

Textbook Information

[1]    M. Bellare, P. Rogaway  “Introduction to Modern Cryptography”

 [2]    V. Shoup A Computational Introduction to Number Theory and Algebra

 [3]     J. Katz, Y. Lindell “Introduction to Modern Cryptography” CRC press

Course Planning

 SubjectsText References
1Historical Ciphers and the One-Time Pad. The Shift Cipher. The Substitution Cipher. Cryptanalysis of the Substitution Cipher. Perfect Security. The Substitution Cipher does not provide perfect security (proof). The One-Time Pad. The One-Time Pad provides perfect security (proof). The One-Time Pad is optimal (proof). Shannon’s Theorem (statement).Materiale: Cap 2 di [1] e cap. 2 di [3]
2Block Ciphers: AES Cap 3 di [1]
3Pseudo-Random Functions and Permutations. Introduction and Definitions. Applications to Block Ciphers. Security in the PRF sense implies security in the Key Recovery sense (proof)Cap. 4 di [1]
4Symmetric Ciphers: Modes of Operation. ECB Mode, CBC Mode, CTR Modes (stateful and randomized). Notion of Security for Symmetric Ciphers: IND-CPA. Chosen-plaintext and chosen-ciphertext attacks. Proof that a deterministic cipher cannot be secure. IND-CPA security implies plaintext-recovery security (proof). Indistinguishability with respect to chosen-ciphertext attacks: IND-CCA security. IND-CPA security does not imply IND-CCA security: the case of CTR (proof).Cap 5 di [1] e Cap 3 di [3]
5Hash Functions. Collision Resistance: Universal Functions, One-Way Universal Functions, Collision-Resistant Functions. Generic Attacks on Hash Functions. Attacks on MD4, MD5, SHA-1 (overview). The Merkle-Damgård Construction. Overview of SHA-3.Cap 6 di [1]
6Message Authentication. Definition of Security for MACs. The PRF-as-a-MAC Paradigm. CBC-MAC. Basic CBC-MAC applied to variable-length messages is not secure (proof). (In)security of randomized CBC-MAC. CBC-MAC for variable-length messages. MACs from Hash Functions: HMAC.Cap 7 di [1] e Cap 4 di [3]
7Introduction to Asymmetric Cryptography. One-Way Functions and Trapdoor Functions. Review of Computational Number Theory. General Concepts on Groups. Euclidean Algorithm, Chinese Remainder Theorem. Quadratic Residues.Cap 9 di [1], capitoli vari di [2]
8Asymmetric Primitives. The Discrete Logarithm Problem over Finite Fields. The Computational Diffie-Hellman Problem. The Decisional Diffie-Hellman Problem. Factorization. The RSA Function. Overview of Primality Tests. The Miller-Rabin Algorithm. The Square-and-Multiply Algorithm.Cap 10 di [1].
9Asymmetric Encryption. Definitions of Security for Asymmetric Encryption. The ElGamal Encryption. ElGamal is Secure (in the IND-CPA Sense) under the Decisional Diffie-Hellman Assumption (proof). Paillier's Encryption. Mathematical Preliminaries. Paillier's Encryption is Additively Homomorphic (proof). The RSA-OAEP Encryption. Properties of the scheme. Cap 11 di [1] Cap 11 di [3] e appunti delle lezioni.
10Identity based Encryption: Boneh Franklin. Bilinear maps. Properties of the scheme.Appunti delle lezioni
11Digital Signatures. Preliminaries. Definition of security for digital signatures. Hash and Sign. Cap 12 di [1]
12Advanced Encryption Mechanisms. Kyber. Module Learning with errors. Basic Kyber PKE. Fujisaki Okamoto. Kyber KEM.Appunti delle lezioni e materiale fornito dal docente.

Learning Assessment

Learning Assessment Procedures

The exam consists of a written test and an oral interview. The written test typically includes 5 open-ended questions.

To pass the written test, a minimum score of 18 is required. The written test can be reviewed before taking the oral exam.

Midterm tests: Three midterm tests are scheduled. The first test typically covers the concept of perfect security, block ciphers, and pseudorandom functions and permutations. The second test covers symmetric ciphers, hash functions, and message authentication. The third test covers the remaining topics (asymmetric cryptography).

The assessment may also be conducted online if circumstances require it.

To take the final exam, students must register through the SmartEdu portal. For any technical issues related to registration, students should contact the Academic Office.

Grading scale:

  • Not approved: The student has not acquired the basic concepts and is unable to answer at least 60% of the questions or to solve theoretical and practical exercises.

  • 18–20: The student shows only a barely sufficient grasp of basic concepts and/or can approach theoretical/practical exercises with great difficulty and several errors.

  • 21–24: The student demonstrates a minimal understanding of the basic concepts, has limited ability to connect topics, and can solve only simple exercises.

  • 25–27: The student shows a good command of the course content, demonstrates solid connections between topics, and solves exercises with few errors.

  • 28–30 with honors: The student has mastered all course material, can make critical connections between topics, and solves exercises completely and without significant errors.

Students with disabilities and/or specific learning disorders (SLD) must contact, well in advance of the exam date, the instructor, the CInAP representative for the DMI (Prof. Daniele), and the CInAP office to request appropriate compensatory measures.

Examples of frequently asked questions and / or exercises

  • Security definitions (for symmetric ciphers, asymmetric ciphers, digital signatures, etc.)
  • Exercises on the cryptographic primitives studied (for example: proving that a given cipher is insecure)
  • Algorithms (e.g., providing and explaining the pseudocode of algorithms discussed during lectures)

It should be noted that the above list is purely indicative, and other parts of the syllabus may also be included in the exam.

VERSIONE IN ITALIANO