Cryptography and Information Security
Public syllabus for 2025-2026
Academic overview
Teaching team
Learning time distribution
| Total | ||||||
|---|---|---|---|---|---|---|
| Curriculum | Lecture | Practice | Total Weekly | Lecture | Practice | |
| 42 | 28 | 14 | 3 | 2 | 1 | |
| Exam hours | ||||||
| 4 | ||||||
| Individual Study | Bibliography study | Field study | Homework | Tutoring | Others | |
| 108 | 49 | 22 | 22 | 11 | 0 | |
| Overall | ||||||
| 150 |
Learning outcomes
Knowledge
- Understanding the mathematical foundations of cryptography and cryptographic analysis
- Knowledge and ability to apply methods of encryption and decryption
- Ability to apply hash functions and use digital certificates
- Security norms and prevention methods
Skills
- Understanding the need to keep up with the latest developments and technologies in data transmission, storage, and protection
- Understanding the need for secure communication in everyday life
- Recognition of security threats and the need to implement measures to prevent and counter them
- Ability to decide on the opportunity to use a platform and a programming language in implementing a complex application
- Knowledge and acquisition of advanced skills in using the main security concepts - hash functions, key sharing protocols, data encryption/decryption algorithms, digital signatures and certificates, public key infrastructure, data protection principles, as well as secure communication
Responsibility
- A good understanding of the mathematical foundations of cryptography and cryptographic analysis
- Knowledge and application of the main methods of encrypting and decrypting messages as well as key sharing methods
- Understanding the nature of security threats
- Ability to recognize and prevent security threats
- Ability to implement secure communication methods
Online platform
Course content
| Content | Methods | Obs |
|---|---|---|
| Lecture 1: Introduction. Course overview. Case-study: various attacks and vulnerabilities | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 2: Control hijacking attacks: exploits and defences | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 3: Operating systems security. Processor and microarchitecture security: Intel TDX and the Spectre attack | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 4: Web Attacks. Web Defenses | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 5: Security of AI systems | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 6: Introduction to cryptography. Elements of number theory: modulo/groups/rings/fields operations | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 7: History of cryptography. Trapdoor functions. RSA and another public-key cryptosystems. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 8: Collision-resistant hash functions. Merkle trees. Digital Signatures: Definition. Digital Certificates | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 9: Quantum-Cryptography. Post-quantum Security. Pseudo-random Functions. Collapse-Binding.. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 10: Zero knowledge I, definitions and examples. Zero Knowledge Proofs for all of NP. Succinct (Zero Knowledge) Argument Systems. Probabilistically Checkable Proofs . Kilian's Protocol. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 11: Lattices, Learning with Errors (LWE). LWE-based Cryptography: Secret-key and Public-key Encryption/Collision-Resistant Hashing. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 12: Homomorphic Encryption. A Construction of FHE from the LWE assumption. The Bootstrapping Theorem, and Circular Security. Open Problems in FHE Research. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 13: Oblivious Transfer. Private Information Retrieval. Secure Two-Party Computation. Secret-Sharing. Secure Multiparty Computation. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
| Lecture 14: Program Obfuscation and Applications. | Exercises, discussions and debates, modelling, projects, organized team-work, case-study | 1 week – 2 hours / 1 săptămână – 2 ore |
Course bibliography
Lecture 1: Reflections on Trusting Trust, by Ken Thompson What is really going On inside your node_modules folder? Lecture 2: Hacking blind, by A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, by K. Winterborn Bypassing Browser Memory Protections, by A. Sotirov, M. Dowd Return oriented programming, by H. Shacham et al. Control flow integrity, by M. Abadi et al. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety, by K. Serebryany Lecture 3: SetUID Demystified, by Chen, Dean, and Wagner, 2002. Operating Systems Security, by T. Jaeger, 2008 (Chapter 4, Security in Ordinary Operating Systems) Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, by T. Garfinkel Efficient Software-Based Fault Isolation, by Robert Wahbe, et al. Intel TDX Demystified Spectre Attacks: Exploiting Speculative Execution Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX Lecture 4: Securing Browser Frame Communication by Adam Barth, Collin Jackson, and John C. Mitchell Analyzing and Defending Against Web-based Malware by J. Chang et al. Exposing private information by timing web applications by A. Bortz, D. Boneh, and P. Nandy Content Security Policies Sandboxed iFrames cors Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications by Bortz et al. Lecture 5: Defeating Prompt Injections by Design Multi-modal prompt injection Lecture 6: Lecture Notes on the Complexity of Some Problems in Number Theory by Dana Angluin. Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar, Jan Pelzl, Tim Güneysu Lecture 7: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado Probabilistic Encryption by Shafi Goldwasser and Silvio Micali. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman Generating Random Factored Numbers, Easily by Adam Kalai. New Directions in Cryptography by Whitefield Diffie and Martin E. Hellman. Secure Communications Over Insecure Channels by Ralph C. Merkle The Growth of Cryptography by Ronald L. Rivest, at the 2011 Killian Lecture. DES specification - FIPS 46-3 - csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf AES specification - FIPS 197 - csrc.nist.gov/publications/fips/fips197/fips-197.pdf Lecture 8: Goldwasser-Micali-Rivest Signature Scheme by Shafi Goldwasser, Silvio Micali, and Ron Rivest. Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme by Oded Goldreich Universal One-way Hash Functions and their Cryptographic Applications by Moni Naor and Moti Yung. SPHINCS: Practical stateless hash-based signatures. by Bernstein et al. (a modern version of the signature scheme from this lecture.) SHA-1 specification - FIPS 180-2 Lecture 9: The Theory of Quantum Information by John Watrous Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar , Jan Pelzl , Tim Güneysu How to Construct Quantum Random Functions by Mark Zhandry Computationally Binding Quantum Commitments by Dominique Unruh Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding by Ambainis, Rossmanis and Unruh On the Necessity of Collapsing for Post-Quantum and Quantum Commitments by Marcell dell'Agnol and Nicholas Spooner. Lecture 10: The Knowledge Complexity of Interactive Proof Systems by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. ZK for NP by Oded Goldreich, Silvio Micali, and Avi Wigderson. Lecture 11: On Lattices, Learning with Errors, Random Linear Codes, and Cryptography by Oded Regev. The Arora-Ge paper: New Algorithms for Learning in Presence of Errors The original BKW paper (with an algorithm for LPN): [cs/0010022] Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model Adaptation of BKW for LWE: On the Complexity of the BKW Algorithm on LWE Further improvements on BKW-LWE: [1506.02717] An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices Lattice attacks against LWE (Lindner-Peikert) Lecture 12: Efficient Fully Homomorphic Encryption from (Standard) LWE by Zvika Brakerski and Vinod Vaikuntanathan. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based by Craig Gentry, Amit Sahai and Brent Waters. Hardness of LWE on General Entropic Distributions by Zvika Brakerski and Nico Döttling. Homomorphic Encryption: from Private-Key to Public-Key by Ron Rothblum. Lecture 13: How to Exchange and Generate Secrets by Andrew Chi-Chih Yao Private Information Retrieval by Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan Draft of A Chapter on General Protocols from Volume 2 of Foundations of Cryptography, by Oded Goldreich Bar-Ilan Winter School on MPC How To Play Any Mental Game by Oded Goldreich, Silvio Micali, and Avi Wigderson Extending Oblivious Transfers Efficiently by Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank Correlated Pseudorandomness and the Complexity of Private Computations by Donald Beaver Simplified VSS and Fast-track Multiparty Computations with Applications to Threshold Cryptography by Rosario Gennaro, Michael O. Rabin, and Tal Rabin Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation by Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson NIST Kick-Starts ‘Threshold Cryptography’ Development Effort Lecture 14: On the (Im)possibility of Obfuscating programs, Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. How to Use Indistinguishability Obfuscation: Deniable Encryption, and More, Amit Sahai and Brent Waters. Indistinguishability Obfuscation from Well-Founded Assumptions, Aayush Jain, Huijia Lin and Amit Sahai.
Seminar content
| Content | Methods | Obs |
|---|---|---|
| Sem/Lab 1: Case study: Breaking down modern depictions of Information Security examples and hacking breaches. Online tools for protecting privacy. Deep fake analysis. | Video analysis, discussions and debates, organized team-work | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 2: Buffer overflows. Symbolic execution. Privilege separation and server-side sandboxing | Utilizing the studied concepts to create and analyse vulnerable applications. Case study and in-depth exploration through implementation and research of CFI/CFG principles in detecting and fixing vulnerable applications. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 3: Browser security. HTTPS and WebAuthn | Utilizing the studied concepts to create and analyse vulnerable server and browser applications. Case study and in-depth exploration through implementation and research of web-server configuration and certificates. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 4: Cipher text algorithms implementation. | Introduction to the concept of cryptography. Presentation of the evolution of algorithms. Implementation of an application that uses the studied algorithms to transmit information. Mini-hackaton type exercises: find the flag/the cipher in a codified message Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 5: Hash functions. Digital Signatures implementation | Utilizing the studied concepts to create digital signatures. Case study and in-depth exploration through implementation and research of existing digital signature mechanisms. Defining the concepts of hash functions. Implementation of applications that use and validate data through a hashing mechanism/Implementation of a key exchange mechanism/Implementation of an application capable of securely transmitting keys and encrypted data Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 6: Merkle's key exchange protocol. Merkle Trees implementation. LWE-based Cryptography implementation | Defining the concept of Merkle trees. Case study and presentation in the form of an article of the concepts that utilize Merkle trees (e.g., Blockchain). Case study on Learning With Errors (LWE) Mini-hackaton type exercises: create and validate a merkle tree based hash method with LWE based hashing Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Sem/Lab 7: Program Obfuscation | Studying the obfuscation mechanisms/paradigms. Implementing an application for detecting obfuscated data/Implementing an encryption + obfuscation application. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) | 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms |
| Bibliography: Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar, Jan Pelzl, Tim Güneysu Hacking blind, by A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, by K. Winterborn Bypassing Browser Memory Protections, by A. Sotirov, M. Dowd Control flow integrity, by M. Abadi et al. The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado Probabilistic Encryption by Shafi Goldwasser and Silvio Micali. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman Generating Random Factored Numbers, Easily by Adam Kalai. New Directions in Cryptography by Whitefield Diffie and Martin E. Hellman. Secure Communications Over Insecure Channels by Ralph C. Merkle The Growth of Cryptography by Ronald L. Rivest, at the 2011 Killian Lecture. DES specification - FIPS 46-3 - csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf AES specification - FIPS 197 - csrc.nist.gov/publications/fips/fips197/fips-197.pdf Universal One-way Hash Functions and their Cryptographic Applications by Moni Naor and Moti Yung. SPHINCS: Practical stateless hash-based signatures. by Bernstein et al. (a modern version of the signature scheme from this lecture.) SHA-1 specification - FIPS 180-2 On Lattices, Learning with Errors, Random Linear Codes, and Cryptography by Oded Regev. The Arora-Ge paper: New Algorithms for Learning in Presence of Errors The original BKW paper (with an algorithm for LPN): [cs/0010022] Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model Adaptation of BKW for LWE: On the Complexity of the BKW Algorithm on LWE Further improvements on BKW-LWE: [1506.02717] An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices On the (Im)possibility of Obfuscating programs, Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. How to Use Indistinguishability Obfuscation: Deniable Encryption, and More, Amit Sahai and Brent Waters. Indistinguishability Obfuscation from Well-Founded Assumptions, Aayush Jain, Huijia Lin and Amit Sahai. |
Seminar bibliography
Class contents correspond to the curricula of other universities, both inside the country and from the European Union. The practical contents (laboratory works) correspond to the local labour market requirements.
Corroboration
(none)
AI tools guidance
Evaluation and delivery
| Activity | Criteria | Methods | Percentage |
|---|---|---|---|
| C |
|
|
|
| S |
|
|
|
Performance standards
To obtain a passing grade of 5, it is necessary to obtain a score higher than 60% for the Course knowledge, as well as to demonstrate a minimum level of understanding and application of some of the algorithms presented in the course (a grade of at least 40% for the Laboratory). To obtain a grade of 10, it is necessary to obtain a score higher than 90% for both general knowledge and detailed knowledge, as well as a good understanding of the presented algorithms (more than 95% for the Laboratory). Receiving a top 5 place in a national cybersecurity-related competition (CTF, hackathon), or top 10 in an international cybersecurity-related competition will be awarded with extra points.
Additional info
(none)