Academic Year 2023/2024

  • Docente: Ugo Dal Lago
  • Credits: 6
  • SSD: INF/01
  • Language: Italian
  • Teaching Mode: Traditional lectures
  • Campus: Bologna
  • Corso: Second cycle degree programme (LM) in Artificial Intelligence (cod. 9063)

    Also valid for Second cycle degree programme (LM) in Computer Science (cod. 5898)

Learning outcomes

At the end of the course, the student knows the basics of modern cryptography and some techniques for the analysis of security protocols. He or she can verify the absence of security bugs on simple protocols.

Course contents

This course deals with some fundamental notions on modern cryptography and some techniques for the formal verification of cryptographic protocols. In addition to many new concepts, we discuss some cryptographic techniques already seen in previous courses, studying the most interesting properties . The main emphasis of this course is on the theoretical aspects of cryptography: it attempts to give a clear and accurate account on security, in order to give students the tools to assess (and not just to use) cryptographic techniques . In other words, we focus a lot on the "why" maybe putting the "how" behind the scenes. More specifically, we seek to answer questions such as the following: when a cryptographic technique can be consider safe? Is it possible to formally prove that a cryptographic technique is secure ? Is it possible to analyze the security of a cryptographic protocol in an automatic or semi-automatic way?

The addressed topics will be the following ones:

  • Perfect Security
  • Private-key Encryption Schemes and Pseudorandomness
  • Message Authenticating Codes.
  • Block Ciphers: DES and AES.
  • One-Way Functions and Pseudorandomness
  • Assumptions from Number Theory and Algebra
  • The Public-Key Revolution
  • Public-key Encryption Schemes
  • The Symbolic Model.


[1] J. Katz and Y. Lindell. Introduction to Modern Cryptography. Chapman & Hall, 2007.
[2] O. Goldreich. Foundations of Cryptography I: Basic Tools. Cambridge University Press, 2001.
[3] O. Goldreich. Foundations of Cryptography II: Basic Applications. Cambridge University Press, 2004.
[4] D. R. Stinson. Cryptography: theory and practice. Chapman & Hall, Third Edition, 2006.
[5] J. A. Buchmann. Introduction to Cryptography. Springer, Second Edition, 2004.
[6] M. Abadi. Security Protocols: Principles and Calculi. Foundations of Security Analysis and Design IV, FOSAD 2006/2007 Tutorial Lectures, Springer-Verlag (2007), 1-23.
[7] M. Abadi and P. Rogaway. Reconciling Two Views of Cryptography. Journal of Cryptology 15(2), 103-127 (2002).
[8] B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82-96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society.
[9] B. Blanchet. ProVerif. Automatic Cryptographic Protocol Verifier. User Manual.

Teaching methods


Assessment methods

There are two different ways to pass the course:

  • It is possible, during the course, to carry out three homework assignments, which must normally be delivered one week after being published online. In this case, at the end of the course, the student will have to take a simple oral test and the mark will be obtained by adjusting the marks of the three homeworks.
  • It is also possible, in particular for non-attending students, to simply take an oral exam without doing any homework. This oral exam will focus on the entire program.

Teaching tools

Slides of this course will be made available to students.

Office hours

See the website of Ugo Dal Lago