Applied Cryptography (VIHIA030)

This course is lectured at the Aquincum Institute of Technology, Budapest. However, it has been accredited and got a course identifier VIHIA030 at the Budapest University of Technology and Economics. This page is the course homepage, which contains practical information related to the course and the lectures, consequently, this page is always under construction.

Course syllabus (pdf)

Past semesters

2014/2015 spring semester


Course objectives

The objective of the course is to give an introduction to the basics of cryptography, to explain how basic building blocks work, and to demonstrate how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography.

Background and course content at a glance

Today, we live in an information based society: we communicate via networks, we store data in the cloud, we use on-line services, and we even socialize on-line. Trust in all these infrastructure and services is indispensable, and information security technologies play a key role in establishing trust in the cyber world. One of the key enablers of information security is cryptography. This course is about the basics of cryptography and its appications for building secure systems. As a matter of fact, cryptography has not always been used properly in practice; indeed, it is very often used in an inappropriate way, which leads to catastrophic failures. Proper application of cryptographic mechanisms is an engineering issue and needs training. This is the key motivation for our course.

This course has four parts. In the first part, we introduce the basic cryptographic building blocks (such as symmetric and asymmetric key encryption schemes, hash functions, and random number generators) and the basic protocols that use them (such as block encryption modes, MAC functions, and key establishment). In the second part, we deal with the application of cryptographic primitives for engineering secure communication protocols. We discuss in details well-known examples, such as TLS/SSL, IPsec, and the security protocols used in WiFi networks. In the third part, we show application of cryptography for securing cloud services, focusing on secure cloud based data storage, and sharing first hand experience in desiging and building Tresorit, an encrypted storage service in the cloud. Finally, in the fourth part, we discuss the concept and the practice of public key infrastructures (PKI) and electronic signatures, including issues such as issuing, using, and revoking public key certificates, the pitfalls of verifying electronic signatures, experiences in building and operating a certification authority (CA), as well as electronic signature laws and regulations in different countries and business models for PKI.

Methods of instruction

The course comprises a series of lectures with classroom exercises. In addition, the students receive reading assignments and homework projects. At the end of the course, the students have to pass an exam.


Final grading: 40% project work + 60% exam

Schedule and room

When Where
Monday, 08:15-10:00 AIT
Friday, 09:00-11:00 AIT

Course outline and material (2015 fall semester)

Date Topic Lecturer
Sep 7, 2015. History of cryptography (slides) L. Buttyan
Sep 11, 2015. Symmetric key ciphers (slides) L. Buttyan
Sep 14, 2015. Block cipher modes and attacks (slides) L. Buttyan
Sep 18, 2015. Hash functions and MAC functions (slides) L. Buttyan
Sep 21, 2015. Key exchange (slides) + 1st project assignment L. Buttyan
Sep 25, 2015. Key exchange (cont'd) L. Buttyan
Sep 28, 2015. Random number generation (slides) L. Buttyan
Oct 2, 2015. Public key ciphers and digital signature schemes (slides) L. Buttyan
Oct 5, 2015. WiFi security (slides) L. Buttyan
Oct 9, 2015. Transport Layer Security (TLS) (slides) L. Buttyan
Oct 12, 2015. TLS attacks L. Buttyan
Oct 16, 2015. Summary on cryptographic primitives and protocols (slides) L. Buttyan
Oct 19, 2015. Midterm test + feedback on 1st project assignment L. Buttyan
Nov 2, 2015. Use of crypto libraries (slides) + 2nd project assignment (slides) I. Lam
Nov 6, 2015. Passwords and one-time passwords (slides) I. Lam
Nov 9, 2015. Authentication in practice (slides) I. Lam
Nov 13, 2015. Secure e-mail (slides) I. Lam
Nov 16, 2015. Use of cryptography in malware (slides) L. Buttyan
Nov 20, 2015. Cloud encryption (visit to Tresorit) (slides) I. Lam
Nov 23, 2015. Full disk encryption and beyond (slides) I. Lam
Nov 27, 2015. Digital Rights Management (slides) I. Lam
Nov 30, 2015. Certificates and Certification Authorities (slides) I. Berta
Dec 4, 2015. Electronic signatures (slides) I. Berta
Dec 7, 2015. Fair Exchange (slides) L. Buttyan
Dec 11, 2015. 2nd project presentations I. Lam
Dec 14, 2015. Final exam  

Recommended supplementary material

Important note: Currently, Avatao is available only for invited people. If you want to use Avatao to access hands-on challenges related to the course, please sign up at When signing up, please put the string "AIT-2015" in the optional comment field in order for us to know that you are a student from AIT. We will then send you an invitation e-mail and you can complete the registration by following the instructions given in that e-mail.

Project assignments


The exam is scheduled for December 14, 2015.