Basics of linear algebra (simple bachelor level), probability theory (simple bachelor level), knowledge of number theory and algebra matching at least and

It is recommended but not mandatory to follow a general course in cryptology first, such as the 2021 Introduction to Cryptology course in MasterMath, the Cryptology course in Mastermath (prior to 2021), the TU/e course 2MMC10 Cryptology, or the RU course NWI-IBC023 Introduction to Cryptology.

Aim of the course
Cryptology deals with mathematical techniques for design and analysis of algorithms and protocols for digital security in the presence of malicious adversaries. For example, encryption and digital signatures are used to construct private and authentic communication channels, which are instrumental to secure internet transactions.

This course in cryptology consists of two main topics. The first part focuses on post-quantum cryptography dealing with cryptographic systems that are secure even given the existence of quantum computers, and the second part focuses on symmetric cryptography, and particularly how symmetric-key systems are built and analyzed.

After a brief introduction to cryptography (the constructive side of cryptology) and cryptanalysis, the first part of the course introduces the main contenders for post-quantum systems based on error-correcting codes, hash functions, isogenies, lattices, or systems of multivariate equations. These systems are examples of public-key systems and this is the main area affected by quantum computers; symmetric-key systems (such as hash functions and block and stream ciphers) are used as building blocks inside them and for the transmission of data in bulk.

The second part of the course will center around those symmetric-key cryptosystems. The course covers a description of the basic security properties and designs of such systems (such as authenticated schemes, encryption schemes, and primitives). It is demonstrated how security is argued generically and under which security assumptions. Finally, it is discussed how cryptographic primitives are designed that are supposed to meet these security assumptions.

Tanja Lange and Bart Mennink.

Course pages