Lorenzo Grassi
Coding Theory and Cryptology group
Department of Mathematics and Computer Science
Eindhoven University of Technology
MetaForum, room 5.071A

E-mail: l.grassi (at) tue.nl

This page belongs to course 2MBD60 - Introduction to cryptology. This course is offered at TU/e as part of the bachelor's elective package Security and used to be called 2WF80 - Introduction to Cryptology. For the 2025/26 edition there is no difference between the courses.

Contents

• Introduction to symmetric cryptography, public-key cryptography, and digital signature schemes
• Classical ciphers (Caesar cipher, Vigenère, Playfair, rotor machines, ...)
• Shift Register Sequences and RC4
• Block cipher DES and mode of operations (ECB, CBC, ...)
• Hash functions and Message Authentication Code (MAC)
• RSA encryption and signature
• Diffie-Hellman key exchange
• ElGamal encryption and signature
• Cryptanalysis by using statistics, factorization, ...
• Secret sharing

Some words up front: Crypto is an exciting area of research. Learning crypto makes you more aware of the limitations of security and privacy which might make you feel less secure but that's just a more accurate impression of reality and it a good step to improve your security.

Announcements

If you study mathematics, you should have participated in "2WF50 - Algebra" and "2WF70 - Algorithmic algebra and number theory".
If you study computer science or any other program you should have participated in "2DBI00 - Linear Algebra and Applications", "2IT50 or 2IT80 - Discrete structures", and "2WF90 - Algebra for security" before taking this course.
If not, you can find some material in the Literature section, but note that you are on your own for learning this.

Lectures take place on Monday (block 3 and 4) and on Thursday (block 7 and 8). Instruction sessions take place on Thursday (block 5 and 6). I really recommend doing the instruction sessions and attending them live if you can fit them in your agenda. They are more important than the lecture, and thus get the prime spot. We'll have enough instructors in the rooms so that you can ask your questions and check the answers to your exercises with them. We will not hand out solutions.

The teaching assistants/instructors for this course are the following 6 people:

• Sebastiano Boscardin, s.boscardin (at) tue.nl, PGP key
• Emanuele Di Giandomenico, e.di.giandomenico (at) tue.nl, PGP key
• Matthias Meijers, teaching (at) mmeijers.com, PGP key
• Berenika Richterová, b.richterova (at) tue.nl, PGP key
• Abishanka Saha, a.saha1 (at) tue.nl, PGP key
• Tianxin Tang, t.tang2 (at) tue.nl , PGP key

Note: there will be no lecture on Monday January 5, 2026. We will have lecture on Monday January 12, 2026.

Literature and Software

It is not necessary to purchase any book to follow the course.

For some background on algebra see

• Tanja Lange "Number Theory and Algebra" ( Chapter of draft book "Discrete Mathematics").
• Tanja Lange "Finite Fields" (Chapter of draft book "Discrete Mathematics").

• Jean-Philippe Aumasson "Serious Cryptography", No Starch Press, 2017.
• Johannes Buchmann "Introduction to Cryptography", Springer, 2004.
• Neal Koblitz "A course in Number Theory and Cryptography", Springer, 1994.
• Rudolf Lidl and Harald Niederreiter "Introduction to Finite Fields and their Applications", Cambridge University Press, 1994.
• Christof Paar and Jan Pelzl "Understanding Cryptography", Springer, 2010.
• Doug Stinson "Cryptography: Theory and Practice", CRC Press, 1995.
• Henk van Tilborg "Fundamentals of Cryptology" Kluwer academic Publishers, Boston, 2000.

For easy prototyping of crypto implementations, I suggest the computer algebra system Sage. It is based on python and you can use it online or install it on your computer (in a virtual box in case you're running windows). See this video for a demonstration on how to use Sage https://www.sagemath.org/ (by Prof. Tanja Lange - it also covers basics of finite fields and elliptic curves). Prof. Tanja Lange also wrote a short ``cheat sheet'' with commands for Sage, see here.

Videos and Slides

For 2022 and 2023 the lectures were recorded and posted at TU/e's Yuja site. Search for course code 2WF80 (the old name of this course) to see the recordings. Courses from Prof. Tanja Lange are the 2022/23 and 2023/24 versions, not the 2018/19 version which for some reason laods with preview. Click on the three vertical dots on the right end of the course to select "open" and get to the videos.

For the 2020 and 2021 editions of the course, Prof. Tanja Lange recorded a lot of short videos which you can find on the YouTube Channel which are better for self study or if you want a more direct way to look up a subject. The course page for 2021 has short descriptions of all videos, slides, and no-cookie links to the YouTube videos.

Homeworks

Any exercise and homework module will have the corresponding files released on Canvas at appropriate times. That is, 30 minutes before the corresponding instruction for the exercises, and 30 minutes after the instruction for the homeworks.

Homework deadlines are at the start of an instruction, starting November 20 at 13:30. (And will be released 30 minutes after the preceding instruction ends.)

Homework assignments should be completed and submitted in groups of 4. Please, use Canvas to form a group.

We require you to:

• submit your solutions via Canvas (without encrypting them), and
• send them encrypted and signed to all 6 teaching assistants via e-mail.

For encrypting your homeworks you should use GPG/PGP. If you're running Linux then GNU uPG is easy to install. GPG4win; if you're using MAC-OS you can use GPG Suite (though I'm getting reports that they changed their system and now charge for the full version, the command-line linux version works for sure).
Thunderbird has good integration and I hear that also outlook can work well with the plugins.

If absolutely not possible otherwise, we are OK with having only the attachment being encrypted and signed, but prefer proper encryption of the whole email. If you end up going for file encryption only you must ensure that all receipients can decrypt and you're missing out on the support that the email system offers you.

Examination

30% of the grade is determined by homeworks. There will be six sets of homework during the quarter. You should hand in your homework in groups of 3 or 4. To make sure that you get used to crypto we require solutions to be sent encrypted and signed with GPG/PGP. Each participant must have communicated with the TAs at least once using GPG/PGP. You can find the keys for the TAs linked above.

Date of the Exam (TBC): Monday January 26, 2026 (9am-12pm).

Old Exams

This course was given for the first time in Q2 of 2014. Old exams are listed here.

• Exam from April 2025 here.
• Exam from 03 February 2025: here.
• Exam from April 2024 here.
• Exam from 22 January 2024: here.
• Exam from April 2023 here.
• Exam from 23 January 2023: here.
• Exam from April 2022: here.
• Exam from 24 January 2022: here.
  Printing from Ans deleted the pictures. Here are the PCBC MAC and two examples of modes CFB|CBC and CBC|CBC.
• Exam from April 2021: here.
  Printing from Ans deleted the pictures. Here are the simple MAC and two examples of modes CRT|CBC and OFB|CBC.
• Exam from 25 January 2021: here.
  Printing from Ans deleted the pictures. Here are the LFSR schematic and the MAC from exercise .
• Exam from 27 January 2020: here.
• Exam from 22 January 2018: here.
  Note that in the text of exercise 6 the equation for S_1 should use O_1, not O_i.
• Exam from 19 January 2017: here.
• Exam from 18 January 2016: here.
• Exam from 19 January 2015: here.
• Practice exam 2014/2015: here.
  Note: the exercise about breaking RSA when all recipients have the same exponent and get the same message has too large numbers for your calculator.

Class Notes

This section is extended through the course with notes of what happened in class.