Cryptography and Architectures for Computer Security - 095947

The course aims to provide a systematic formation on cryptographic techniques currently employed in communications and data storage, focusing on algorithms and architectures and protocols.

Monday (14:30-16:15) classroom L.26.01, Building 26
Thursday (14:30-16:15) classroom L.26.01, Building 26

Gerardo Pelosi
(gerardo.pelosi -at-

Teaching Assistant:
Alessandro Barenghi
(alessandro.barenghi -at-

Office hours:
Wednesday (16:00-19:00),
Building 20, 1st floor, Office 127
or upon appointment through e-mail

Topics for the optional course PROJECT

Reference Material

Course Schedule

Exam Layout

Exam Sessions

Past Exam Papers

Reference Material

There is no single assigned textbook for this course, Slides and lecture notes will be made available during the course. A very good reference for most of the course topics is:

Additional material that you might find useful:

  • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography,avaliable online freely at
  • Jonathan Katz, Introduction to Modern Cryptography, August 2007, Chapman & Hall/CRC Press
  • Christopher Swenson, Modern Cryptanalysis: Techniques for Advanced Code Breaking March 2008, Wiley
  • Stefan Mangard, Elisabeth Oswald, Thomas Popp, Power Analysis Attacks - Revealing the Secrets of Smartcards Springer (available online via Polimi subscription to Springer)

If you are willing to try some practical challenges in the field of cryptography for fun, you can have a look here

Course Schedule

Day Classroom L/E Topic Reference Material
1 Mon. 26/2 L.26.01 (Bdg. 26) L Introduction to cryptography, confidentiality, integrity, authentication and non-repudiation. Adversaries and classes of attacks Slides
Slides 4x4
Menezes Chap.1
2 Thu. 01/3 L.26.01 (Bdg. 26) L Historical ciphers, Perfect secrecy, Shannon's proof, OTP, confusion and diffusion principles Slides
Slides 4x4 grayscale
Smart. Chap. 3
Smart. Chap. 5
3 Mon. 05/3 L.26.01 (Bdg. 26) L Block Ciphers: Feistel structure, DES, 3DES, DES-X, Modes of Operation Slides
Slides 4x4
Smart. Chap. 8
Menezes Chap. 7
4 Thu. 08/3 L.26.01 (Bdg. 26) E Exercises on Historical Substitution Ciphers, Permutation Ciphers Exercise book Chapter 1
5 Mon. 12/3 L.26.01 (Bdg. 26) L Block Ciphers: SPN structure, AES;
Stream ciphers: LFSR
Slides 4x4
Smart. Chap.s 7,8
6 Thu. 15/3 L.26.01 (Bdg. 26) L Hybrid Cryptoschemes and Public Key Authentication Slides
Slides 4x4
ITU X.680, X.690, X.509, IETF RFC 4880
7 Mon. 19/3 L.26.01 (Bdg. 26) L Block Cipher Cryptanalyses:
Linear Cryptanalysis
Slides 4x4 grayscale
Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
C calculator for linear biases
Linear cryptanalysis implementation
8 Thu. 22/3 L.26.01 (Bdg. 26) E Block Cipher Cryptanalyses: Differential Cryptanalysis + exercises Slides
Slides 4x4 grayscale
9 Mon. 26/3 L.26.01 (Bdg. 26) L Hash functions: definitions, properties, birthday paradox, Design principles, MACs Slides
Slides 4x4 grayscale
Smart. Chap. 10
- Thu. 29/3 - - Easter Holidays
- Mon. 02/4 - - Easter Holidays
10 Thu. 05/4 L.26.01 (Bdg. 26) E Exercises on block ciphers, LFSR and Hash functions Exercise book, Chapter 2,3,4
- Mon. 09/4 - - Lessons Suspended
- Thu. 12/4 - - Lessons Suspended
11 Mon. 16/4 L.26.01 (Bdg. 26) L Algebraic Groups - Definitions of Rings and Fields Notes (part 1)
12 Thu. 19/4 L.26.01 (Bdg. 26) L Integral domains, gcd definition, Euler Totient function, groups (Zn, +), (Zn,*), CRT, Modular Arithmetic Notes (part 2)
13 Mon. 23/4 L.26.01 (Bdg. 26) E Password Storage, Memory hard functions and disk encryption Slides
Slides 4x4
14 Thu. 26/4 L.26.01 (Bdg. 26) - Lessons suspended for midterm calls
- Mon. 30/4 - - National Holiday
15 Thu. 03/5 L.26.01 (Bdg. 26) L Polynomial Fields and extension fields Notes (part 3)
15 Mon. 07/5 L.26.01 (Bdg. 26) L Extension Fields - Examples see Notes (Part 3) uploaded for the previous lecture
17 Thu. 10/5 L.26.01 (Bdg. 26) E Exercises on Finite Fields see notes Part 3 and Exercise Book
16 Mon. 14/5 L.26.01 (Bdg. 26) L Public Key Cryptography - RSA Cryptosystem Slides
Slides 4x4 grayscale
Smart. Chap. 11
Smart. Chap. 15
18 Thu. 17/5 L.26.01 (Bdg. 26) L Discrete Logarithm Problem, Diffie-Hellmann Protocol, ElGamal cryptosystem, ElGamal Signature scheme, CCA2-Secure ElGamal, Digital Signature Algorithm (DSA) Slides
Slides 4x4 grayscale
Smart. Chap. 11
Smart. Chap. 14
19 Mon. 21/5 L.26.01 (Bdg. 26) L Continuation of Discrete Logarithm based cryptosystems see material uploaded on Thu. 17/5
20 Thu. 24/5 L.26.01 (Bdg. 26) L Elliptic Curve Cryptography Slides
Slides 4x4 grayscale
Smart. Chap. 2
21 Mon. 28/5 L.26.01 (Bdg. 26) L Montgomery multiplication and fast arithmetic algorithms Notes on Fast Modular Arithmetic
Menezes Chap. 14 Sections 1–3
23 Thu. 31/5 L.26.01 (Bdg. 26) E Exercises on Montgomery Multiplication and RSA Exercises from the Exercise book v1.4.2, Chapter 6,7 and Notes on Fast Modular Arithmetic
24 Mon. 04/5 L.26.01 (Bdg. 26) L Primality Testing. Number theoretical cryptanalysis: factoring algorithms, Discrete log extraction algorithms Slides
Slides 4x4 grayscale
Smart. Chap. 12 (Factoring)
Smart. Chap. 13 (Discrete Logs)
25 Thu. 07/6 L.26.01 (Bdg. 26) E Pohlig-Hellman Attack + Exercises
26 Mon. 11/6 L.26.01 (Bdg. 26) L TLS and SSH, Kerberos, Tor Slides
Slides 4x4
27 Thu. 14/6 L.26.01 (Bdg. 26) E Recap

Exam layout

There will be a 2h/2h30 written examination on the subjects of the course, which will include both questions and exercises.
It is possible to integrate the exam score with an optional practical project yielding at most a +6 increase in the evaluation (groups with at most 2 people).
However, a sufficient score in the written part must be obtained.

Project Guidelines

In order to take on a project you must contact both the teacher and the instructor (keep them both as CC) for both asking details and the natural communication which will ensue during the project development. For the sake of unambiguity you must always keep both of them in all your communications. Contact e-mails not complying with this will not be answered.

The project includes a reasonably-sized report and a short (10-15 minutes) presentation to be delivered to the teacher and the instructor. If the project involves the production of code, a Polimi-hosted git repository will be provided, with ssh public-key based access.

The project should be delivered at least a week in advance with respect to the exam date in which you want it to be evaluated (it may be different from the date of the written examination).

A preliminary list of projects is available with more project descriptions to come.
The assignment policy is “first-come-first-served”.

The projects proposals are available here; autonomous project proposals are welcome and will be taken into consideration.

Exam Sessions

Check the Poliself for further information on the exact time and place.

1st call on June 21st 2018, 16:30, Room: N.1.6

2nd call on July 17th 2018, 11:30, Room: 5.02

3rd call on September 13th 2018, 8:00, Room: D.1.1

The subscription to the exam session you want to take is mandatory in order to have the grade registered.

Past Exam Papers