Cryptography and Network Security

Networking and Services
Advanced studies
The course consists of an introduction to RSA and elliptic curve cryptography, and to key agreement protocols and their design principles. In addition, the course contains an introduction to some larger security protocol, for example HIP.


09.12.2013 16.00 CK112
Year Semester Date Period Language In charge
2013 autumn 28.10-04.12. 2-2 English Timo Karvi


Time Room Lecturer Date
Mon 12-14 C222 Timo Karvi 28.10.2013-04.12.2013
Wed 10-12 C222 Timo Karvi 28.10.2013-04.12.2013

Exercise groups

Group: 1
Time Room Instructor Date Observe
Wed 12-14 D122 Timo Karvi 04.11.2013—06.12.2013



The aim of this course is to give a brief exposition of three topics. The first topic deals with the symmetric cipher AES (Advanced Encryption Standard) and public key cryptography based on RSA. These two techniques are used nearly in all the security protocols. Moreover, the first part tries to give a firm foundation on basic mathematical theories which are used in cryptographical constructions. The second topic is devoted to the study of the design of key agreement protocols. These protocols usually form the first part of more general security protocols. Their design is quite delicate and it is easy to make errors which open ways to attacks. The third topic  consists of group key agreement protocols or conference protocols as they are also called.


Completing the course

Passing the course

The course can be passed in two ways. The recommended alternative is to take part in the course and its exercises and then going to a course exam. In this exam, the points (0-10) got from the exercises are taken into account  when the final grade is determined. The course exam can produce at most 50 points and you can pass the course with 30 points. The second alternative is to take part in a separate exam, where the exercise points are not taken into account.

Two previous exams, 2011 and 2013. However, authenticated encryption, elliptic curve encryption, formal definitions of security concepts, and formal proofs were not part of the course at that time. 


Literature and material

Literature and Materials


The lecture slides are published weekly on this page before the actual lectures.

  1. Lecture notes, part one
  2. Lecture notes, part two (some small corrections added)
  3. Lecture notes, part three
  4. Lecture notes, part four. Corrections: The tree diagrams are not balanced in the right way. The binary trees should be filled from left to right in order the key calculation formula to be valid.
  5. Lecture notes, part five.
  6. Summary.

If you prefer books, you can follow the following books:

  • W. Stallings: Cryptography and Network Security, 4th or 5th edition. This covers the first part.
  • Boyd and Mathuria: Protocols for Authentication and Key Establishment,  Springer 2003. This covers the second and fourth parts.
  • Authenticated encryption: There are many lecture notes available in the web about the subject. One of the most extensive is Bellare's lectures on Modern Cryptography.