Applied Cryptography (VIHIA030)

This course is lectured at the Aquincum Institute of Technology, Budapest. However, it has been accredited and got a course identifier VIHIA030 at the Budapest University of Technology and Economics. This page is the course homepage, which contains practical information related to the course and the lectures, consequently, this page is always under construction.

Course syllabus (pdf)

Past semesters

2014/2015 spring semester, 2015/2016 fall semester


Course objectives

The objective of the course is to give an introduction to the basics of cryptography, to explain how basic building blocks work, and to demonstrate how secure systems can be engineered by properly using them. Besides the theoretical background, we use lot of illustrative examples and show practical applications. In addition, besides the technical details, we give an outlook to the legal and business aspects of using cryptography.

Background and course content at a glance

Today, we live in an information based society: we communicate via networks, we store data in the cloud, we use on-line services, and we even socialize on-line. Trust in all these infrastructure and services is indispensable, and information security technologies play a key role in establishing trust in the cyber world. One of the key enablers of information security is cryptography. This course is about the basics of cryptography and its appications for building secure systems. As a matter of fact, cryptography has not always been used properly in practice; indeed, it is very often used in an inappropriate way, which leads to catastrophic failures. Proper application of cryptographic mechanisms is an engineering issue and needs training. This is the key motivation for our course.

This course has four parts. In the first part, we introduce the basic cryptographic building blocks (such as symmetric and asymmetric key encryption schemes, hash functions, and random number generators) and the basic protocols that use them (such as block encryption modes, MAC functions, and key establishment). In the second part, we deal with the application of cryptographic primitives for engineering secure communication protocols. We discuss in details well-known examples, such as TLS/SSL, IPsec, and the security protocols used in WiFi networks. In the third part, we show application of cryptography for securing cloud services, focusing on secure cloud based data storage, and sharing first hand experience in desiging and building Tresorit, an encrypted storage service in the cloud. Finally, in the fourth part, we discuss the concept and the practice of public key infrastructures (PKI) and electronic signatures, including issues such as issuing, using, and revoking public key certificates, the pitfalls of verifying electronic signatures, experiences in building and operating a certification authority (CA), as well as electronic signature laws and regulations in different countries and business models for PKI.

Methods of instruction

The course comprises a series of lectures with classroom exercises. In addition, the students receive reading assignments and homework projects. At the end of the course, the students have to pass an exam.


Final grading: 40% project work + 60% exam

Schedule and room

When Where
Monday, 08:15-10:00 AIT
Tuesday, 09:00-11:00 AIT

Course outline and material (2016 spring semester)

Date Topic Lecturer
Feb 8, 2016. History of cryptography (slides) L. Buttyan
Feb 9, 2016. Symmetric key ciphers (slides) L. Buttyan
Feb 15, 2016. Block cipher modes and attacks (slides) L. Buttyan
Feb 16, 2016. Block cipher modes and attacks L. Buttyan
Feb 22, 2016. Hash functions and MAC functions (slides) L. Buttyan
Feb 23, 2016. Public key ciphers and digital signature schemes (slides) L. Buttyan
Feb 29, 2016. Key exchange (slides) + 1st project assignment L. Buttyan
Mar 1, 2016. Random number generation (slides) L. Buttyan
Mar 7, 2016. WiFi security (slides) L. Buttyan
Mar 8, 2016. Transport Layer Security (TLS) (slides) L. Buttyan
Mar 21, 2016. TLS attacks (slides) L. Buttyan
Mar 22, 2016. Midterm test + feedback on 1st project assignment L. Buttyan
Apr 4, 2016. Cryptographic protocols in resource constrained environments (slides) L. Buttyan
Apr 5, 2016. Fair Exchange (slides) L. Buttyan
Apr 11, 2016. Use of crypto libraries () + 2nd project assignment I. Lam
Apr 12, 2016. Passwords and one-time passwords () I. Lam
Apr 18, 2016. Authentication in practice () I. Lam
Apr 19, 2016. Secure e-mail () I. Lam
Apr 25, 2016. Full disk encryption and beyond () I. Lam
Apr 26, 2016. Cloud encryption - Tresorit insight () I. Lam
May 2, 2016. Certificates and Certification Authorities () I. Berta
May 3, 2016. Electronic signatures () I. Berta
May 9, 2016. Digital Rights Management () I. Lam
May 10, 2016. Summary and Q&A session (LB's slides) I. Lam, L. Buttyan
May 17, 2016. 2nd project presentations I. Lam, L. Buttyan
May 23, 2016. Final exam L. Buttyan, I. Lam

Recommended supplementary material

Important note: Currently, Avatao is available only for invited people. If you want to use Avatao to access hands-on challenges related to the course, please sign up at When signing up, please put the string "AIT-2016" in the optional comment field in order for us to know that you are a student from AIT. We will then send you an invitation e-mail and you can complete the registration by following the instructions given in that e-mail.

Project assignments


The exam is scheduled for May 23, 2016.