Basics of linear algebra (simple bachelor level), probability theory (simple bachelor level), knowledge of number theory and algebra matching at least and

It is recommended but not mandatory to follow a general course in cryptology first, such as the 2023 Modern Cryptology course in MasterMath, the Introduction to Cryptology course in Mastermath (prior to 2023), the TU/e course 2MMC10 Cryptology, or the RU course NWI-IBC023 Introduction to Cryptology.

Aim of the course
Cryptology deals with mathematical techniques for design and analysis of algorithms and protocols for digital security in the presence of malicious adversaries. For example, encryption and digital signatures are used to construct private and authentic communication channels, which are instrumental to secure internet transactions.

This course in cryptology consists of two main topics. The first part focuses on post-quantum cryptography dealing with cryptographic systems that are secure even given the existence of quantum computers, and the second part focuses on symmetric cryptography, and particularly how symmetric-key systems are built and analyzed.

After a brief introduction to cryptography (the constructive side of cryptology) and cryptanalysis, the first part of the course introduces the main contenders for post-quantum systems based on error-correcting codes, hash functions, isogenies, lattices, or systems of multivariate equations. For each of these five families, we will first look into the underlying hard problems, and then at a specific digital signature scheme, as an example of how we use the hardness of these problems to build cryptographic systems. Digital signatures are part of public-key cryptography and this is the main area affected by quantum computers; symmetric-key systems (such as hash functions and block and stream ciphers) are used as building blocks inside them and for the transmission of data in bulk.

The second part of the course will center around those symmetric-key cryptosystems. The course covers a description of the basic security properties and designs of such systems (such as authenticated schemes, encryption schemes, and primitives). It is demonstrated how security is argued generically and under which security assumptions. Finally, it is discussed how cryptographic primitives are designed that are supposed to meet these security assumptions.

For planning purposes, the lectures on post-quantum cryptography and symmetric-key cryptography may be interleaved throughout the semester. The exact schedule will be made clear later.

Bart Mennink and Monika Trimoska.