Skip to content

Cryptography and Information Security

Public syllabus for 2025-2026

Academic overview

Programme
CS
Period
Year 1, Semester 1
Credits
6
Weeks
14

Curriculum placement

Appears in study plans

Teaching team

Course coordinator
(none)
Seminar coordinators
(none)

Learning time distribution

Total
Curriculum Lecture Practice Total Weekly Lecture Practice
42 28 14 3 2 1
Exam hours
4
Individual Study Bibliography study Field study Homework Tutoring Others
108 49 22 22 11 0
Overall
150

Learning outcomes

Knowledge

  • Understanding the mathematical foundations of cryptography and cryptographic analysis
  • Knowledge and ability to apply methods of encryption and decryption
  • Ability to apply hash functions and use digital certificates
  • Security norms and prevention methods

Skills

  • Understanding the need to keep up with the latest developments and technologies in data transmission, storage, and protection
  • Understanding the need for secure communication in everyday life
  • Recognition of security threats and the need to implement measures to prevent and counter them
  • Ability to decide on the opportunity to use a platform and a programming language in implementing a complex application
  • Knowledge and acquisition of advanced skills in using the main security concepts - hash functions, key sharing protocols, data encryption/decryption algorithms, digital signatures and certificates, public key infrastructure, data protection principles, as well as secure communication

Responsibility

  • A good understanding of the mathematical foundations of cryptography and cryptographic analysis
  • Knowledge and application of the main methods of encrypting and decrypting messages as well as key sharing methods
  • Understanding the nature of security threats
  • Ability to recognize and prevent security threats
  • Ability to implement secure communication methods

Online platform

(none)

Course content

Content Methods Obs
Lecture 1: Introduction. Course overview. Case-study: various attacks and vulnerabilities Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 2: Control hijacking attacks: exploits and defences Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 3: Operating systems security. Processor and microarchitecture security: Intel TDX and the Spectre attack Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 4: Web Attacks. Web Defenses Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 5: Security of AI systems Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 6: Introduction to cryptography. Elements of number theory: modulo/groups/rings/fields operations Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 7: History of cryptography. Trapdoor functions. RSA and another public-key cryptosystems. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 8: Collision-resistant hash functions. Merkle trees. Digital Signatures: Definition. Digital Certificates Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 9: Quantum-Cryptography. Post-quantum Security. Pseudo-random Functions. Collapse-Binding.. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 10: Zero knowledge I, definitions and examples. Zero Knowledge Proofs for all of NP. Succinct (Zero Knowledge) Argument Systems. Probabilistically Checkable Proofs . Kilian's Protocol. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 11: Lattices, Learning with Errors (LWE). LWE-based Cryptography: Secret-key and Public-key Encryption/Collision-Resistant Hashing. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 12: Homomorphic Encryption. A Construction of FHE from the LWE assumption. The Bootstrapping Theorem, and Circular Security. Open Problems in FHE Research. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 13: Oblivious Transfer. Private Information Retrieval. Secure Two-Party Computation. Secret-Sharing. Secure Multiparty Computation. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore
Lecture 14: Program Obfuscation and Applications. Exercises, discussions and debates, modelling, projects, organized team-work, case-study 1 week – 2 hours / 1 săptămână – 2 ore

Course bibliography

Lecture 1: Reflections on Trusting Trust, by Ken Thompson What is really going On inside your node_modules folder? Lecture 2: Hacking blind, by A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, by K. Winterborn Bypassing Browser Memory Protections, by A. Sotirov, M. Dowd Return oriented programming, by H. Shacham et al. Control flow integrity, by M. Abadi et al. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety, by K. Serebryany Lecture 3: SetUID Demystified, by Chen, Dean, and Wagner, 2002. Operating Systems Security, by T. Jaeger, 2008 (Chapter 4, Security in Ordinary Operating Systems) Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, by T. Garfinkel Efficient Software-Based Fault Isolation, by Robert Wahbe, et al. Intel TDX Demystified Spectre Attacks: Exploiting Speculative Execution Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX Lecture 4: Securing Browser Frame Communication by Adam Barth, Collin Jackson, and John C. Mitchell Analyzing and Defending Against Web-based Malware by J. Chang et al. Exposing private information by timing web applications by A. Bortz, D. Boneh, and P. Nandy Content Security Policies Sandboxed iFrames cors Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications by Bortz et al. Lecture 5: Defeating Prompt Injections by Design Multi-modal prompt injection Lecture 6: Lecture Notes on the Complexity of Some Problems in Number Theory by Dana Angluin. Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar, Jan Pelzl, Tim Güneysu Lecture 7: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado Probabilistic Encryption by Shafi Goldwasser and Silvio Micali. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman Generating Random Factored Numbers, Easily by Adam Kalai. New Directions in Cryptography by Whitefield Diffie and Martin E. Hellman. Secure Communications Over Insecure Channels by Ralph C. Merkle The Growth of Cryptography by Ronald L. Rivest, at the 2011 Killian Lecture. DES specification - FIPS 46-3 - csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf AES specification - FIPS 197 - csrc.nist.gov/publications/fips/fips197/fips-197.pdf Lecture 8: Goldwasser-Micali-Rivest Signature Scheme by Shafi Goldwasser, Silvio Micali, and Ron Rivest. Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme by Oded Goldreich Universal One-way Hash Functions and their Cryptographic Applications by Moni Naor and Moti Yung. SPHINCS: Practical stateless hash-based signatures. by Bernstein et al. (a modern version of the signature scheme from this lecture.) SHA-1 specification - FIPS 180-2 Lecture 9: The Theory of Quantum Information by John Watrous Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar , Jan Pelzl , Tim Güneysu How to Construct Quantum Random Functions by Mark Zhandry Computationally Binding Quantum Commitments by Dominique Unruh Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding by Ambainis, Rossmanis and Unruh On the Necessity of Collapsing for Post-Quantum and Quantum Commitments by Marcell dell'Agnol and Nicholas Spooner. Lecture 10: The Knowledge Complexity of Interactive Proof Systems by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. ZK for NP by Oded Goldreich, Silvio Micali, and Avi Wigderson. Lecture 11: On Lattices, Learning with Errors, Random Linear Codes, and Cryptography by Oded Regev. The Arora-Ge paper: New Algorithms for Learning in Presence of Errors The original BKW paper (with an algorithm for LPN): [cs/0010022] Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model Adaptation of BKW for LWE: On the Complexity of the BKW Algorithm on LWE Further improvements on BKW-LWE: [1506.02717] An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices Lattice attacks against LWE (Lindner-Peikert) Lecture 12: Efficient Fully Homomorphic Encryption from (Standard) LWE by Zvika Brakerski and Vinod Vaikuntanathan. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based by Craig Gentry, Amit Sahai and Brent Waters. Hardness of LWE on General Entropic Distributions by Zvika Brakerski and Nico Döttling. Homomorphic Encryption: from Private-Key to Public-Key by Ron Rothblum. Lecture 13: How to Exchange and Generate Secrets by Andrew Chi-Chih Yao Private Information Retrieval by Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan Draft of A Chapter on General Protocols from Volume 2 of Foundations of Cryptography, by Oded Goldreich Bar-Ilan Winter School on MPC How To Play Any Mental Game by Oded Goldreich, Silvio Micali, and Avi Wigderson Extending Oblivious Transfers Efficiently by Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank Correlated Pseudorandomness and the Complexity of Private Computations by Donald Beaver Simplified VSS and Fast-track Multiparty Computations with Applications to Threshold Cryptography by Rosario Gennaro, Michael O. Rabin, and Tal Rabin Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation by Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson NIST Kick-Starts ‘Threshold Cryptography’ Development Effort Lecture 14: On the (Im)possibility of Obfuscating programs, Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. How to Use Indistinguishability Obfuscation: Deniable Encryption, and More, Amit Sahai and Brent Waters. Indistinguishability Obfuscation from Well-Founded Assumptions, Aayush Jain, Huijia Lin and Amit Sahai.

Seminar content

Content Methods Obs
Sem/Lab 1: Case study: Breaking down modern depictions of Information Security examples and hacking breaches. Online tools for protecting privacy. Deep fake analysis. Video analysis, discussions and debates, organized team-work 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 2: Buffer overflows. Symbolic execution. Privilege separation and server-side sandboxing Utilizing the studied concepts to create and analyse vulnerable applications. Case study and in-depth exploration through implementation and research of CFI/CFG principles in detecting and fixing vulnerable applications. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 3: Browser security. HTTPS and WebAuthn Utilizing the studied concepts to create and analyse vulnerable server and browser applications. Case study and in-depth exploration through implementation and research of web-server configuration and certificates. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 4: Cipher text algorithms implementation. Introduction to the concept of cryptography. Presentation of the evolution of algorithms. Implementation of an application that uses the studied algorithms to transmit information. Mini-hackaton type exercises: find the flag/the cipher in a codified message Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 5: Hash functions. Digital Signatures implementation Utilizing the studied concepts to create digital signatures. Case study and in-depth exploration through implementation and research of existing digital signature mechanisms. Defining the concepts of hash functions. Implementation of applications that use and validate data through a hashing mechanism/Implementation of a key exchange mechanism/Implementation of an application capable of securely transmitting keys and encrypted data Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 6: Merkle's key exchange protocol. Merkle Trees implementation. LWE-based Cryptography implementation Defining the concept of Merkle trees. Case study and presentation in the form of an article of the concepts that utilize Merkle trees (e.g., Blockchain). Case study on Learning With Errors (LWE) Mini-hackaton type exercises: create and validate a merkle tree based hash method with LWE based hashing Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Sem/Lab 7: Program Obfuscation Studying the obfuscation mechanisms/paradigms. Implementing an application for detecting obfuscated data/Implementing an encryption + obfuscation application. Mini-hackaton type exercises Level up opportunities (per task described in specific platforms) 1 week – 2 hours Laboratory notes, laboratory topic information and information available through specific platforms
Bibliography: Understanding Cryptography, From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, by Christof Paar, Jan Pelzl, Tim Güneysu Hacking blind, by A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, by K. Winterborn Bypassing Browser Memory Protections, by A. Sotirov, M. Dowd Control flow integrity, by M. Abadi et al. The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado Probabilistic Encryption by Shafi Goldwasser and Silvio Micali. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman Generating Random Factored Numbers, Easily by Adam Kalai. New Directions in Cryptography by Whitefield Diffie and Martin E. Hellman. Secure Communications Over Insecure Channels by Ralph C. Merkle The Growth of Cryptography by Ronald L. Rivest, at the 2011 Killian Lecture. DES specification - FIPS 46-3 - csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf AES specification - FIPS 197 - csrc.nist.gov/publications/fips/fips197/fips-197.pdf Universal One-way Hash Functions and their Cryptographic Applications by Moni Naor and Moti Yung. SPHINCS: Practical stateless hash-based signatures. by Bernstein et al. (a modern version of the signature scheme from this lecture.) SHA-1 specification - FIPS 180-2 On Lattices, Learning with Errors, Random Linear Codes, and Cryptography by Oded Regev. The Arora-Ge paper: New Algorithms for Learning in Presence of Errors The original BKW paper (with an algorithm for LPN): [cs/0010022] Noise-Tolerant Learning, the Parity Problem, and the Statistical Query Model Adaptation of BKW for LWE: On the Complexity of the BKW Algorithm on LWE Further improvements on BKW-LWE: [1506.02717] An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices On the (Im)possibility of Obfuscating programs, Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. How to Use Indistinguishability Obfuscation: Deniable Encryption, and More, Amit Sahai and Brent Waters. Indistinguishability Obfuscation from Well-Founded Assumptions, Aayush Jain, Huijia Lin and Amit Sahai.

Seminar bibliography

Class contents correspond to the curricula of other universities, both inside the country and from the European Union. The practical contents (laboratory works) correspond to the local labour market requirements.

Corroboration

(none)

AI tools guidance

(none)

Evaluation and delivery

Activity Criteria Methods Percentage
C
  • The evaluation takes into account the following categories of knowledge
  • • general knowledge, evaluated through an implemented project based on state-of-the-art approaches linked to discussed topics.
  • • detailed knowledge, evaluated through implementation/experimental results based on own/state-of-the-art approaches.
  • • use of algorithms, evaluated through a test consisting of a set of problems based on the algorithms presented/implemented in class
  • Written/presentation examination
  • 60.0%
S
  • Mandatory laboratory assignments
  • Evaluation of assignments
  • 40.0%

Performance standards

To obtain a passing grade of 5, it is necessary to obtain a score higher than 60% for the Course knowledge, as well as to demonstrate a minimum level of understanding and application of some of the algorithms presented in the course (a grade of at least 40% for the Laboratory). To obtain a grade of 10, it is necessary to obtain a score higher than 90% for both general knowledge and detailed knowledge, as well as a good understanding of the presented algorithms (more than 95% for the Laboratory). Receiving a top 5 place in a national cybersecurity-related competition (CTF, hackathon), or top 10 in an international cybersecurity-related competition will be awarded with extra points.

Additional info

(none)