Official course description:

Full info last published 15/11-19
Course info
ECTS points:
Course code:
Participants max:
Offered to guest students:
Offered to exchange students:
Offered as a single subject:
BSc in Software Development
Course manager
Associate Professor
PhD student
Course semester
Forår 2020
27 January 2020
31 August 2020
Exam type
intern censur
Grade Scale
Exam Language
This course will introduce basic concepts and techniques for designing and analysing cryptographic protocols with a focus on privacy preserving computation and blockchain protocols. We will cover both the main constructions of such protocols and the theoretical models used for proving their security.

In a modern cryptographic protocol, a group of users perform complex tasks that require privacy and/or authenticity guarantees against an attacker by exchanging messages and using cryptographic schemes. These protocols can be used for a multitude of applications, such as computing on private data you cannot see and agreeing on data with the guarantee that it becomes immutable. In order to construct powerful cryptographic protocols and mathematically prove that they are indeed secure, we use special techniques and theoretical models different from those used for obtaining simpler cryptographic primitives (such as public key encryption).

In this course, we will introduce both the main techniques for constructing cryptographic protocols and the theoretical models used for mathematically proving their security. We will focus on protocols for secure multiparty computation (MPC) and blockchain based consensus, which are now used for many applications. Besides exploring the features  that these protocols provide and how they work, we will also understand why they securely provide these features and how to prove their security.

We will cover the following topics:
  • Adversarial Models
  • Simulation Based Proofs
  • Secure Multiparty Computation (MPC)
  • Secret Sharing
  • Commitments
  • Oblivious Transfer
  • Zero Knowledge Proofs
  • Byzantine Agreement
  • Blockchains based on Proof-of-Work
  • Blockchains based on Proof-of-Stake
  • Blockchain Applications
Formal prerequisites

1. Discrete Mathematics
2. Security 1

Students should be familiar with basic cryptography (hash functions, pseudorandom functions, message authentication codes, public key encryption and digital signatures) and discrete mathematics including models of computation, combinatorics, probability and number theory).

Intended learning outcomes

After the course, the student should be able to:

  • Identify the properties of a cryptographic protocol
  • Define protocol security using simulation based notions
  • Describe building blocks for cryptographic protocols (commitments, oblivious transfer, zero knowledge proof)
  • Analyse the security of building blocks for cryptographic protocols (commitments, oblivious transfer, zero knowledge proof)
  • Describe Secure Multiparty Computation protocols
  • Analyse the security of Secure Multiparty Computation protocols
  • Identify the properties of consensus protocols
  • Describe protocols for Proof-of-Work based Blockchains
  • Analyse the security of protocols for Proof-of-Work based Blockchains
  • Describe protocols for Proof-of-Stake based Blockchains
  • Describe Blockchain Applications
Learning activities

Lectures, exercises and exam project.

  • Exercises: in the exercise sessions you will solve exercises that consist on identifying the main properties and estimating the efficiency of cryptographic protocols, designing new protocols and (dis)proving the security of existing and new protocols.
  • Exam Project: Along the course you will work on a project focusing on either privacy preserving computation or blockchain protocols that must be presented to the class by the end of the course. The students are expected to work in groups of up to 2 people on a project aimed at employing the concepts and techniques covered in the course to a concrete situation. The goal of this project is to allow students to have a hands on experience in applying cryptographic protocol techniques to solve practical and/or theoretical problems, resulting in a better understanding of how the course contents can be applied. By the end of the course students are expected to give a presentation explaining their project. The course project can focus on one of the following topics:

  • Proposal of a new application of cryptographic protocols (analysing the application's required security guarantees and why they are provided).
  • Design and sketch of security proof for a new protocol.
  • Analysis of an existing protocol's security proof (and potentially its flaws).
  • Development of a prototype implementation of a protocol and analysis of its efficiency.

Course literature

The course literature is published in the course page in LearnIT.

Student Activity Budget
Estimated distribution of learning activities for the typical student
  • Preparation for lectures and exercises: 5%
  • Lectures: 50%
  • Exercises: 20%
  • Assignments: 25%
Ordinary exam
Exam type:
D: Submission of written work with following oral, internal (7-trinsskala)
Exam variation:
D2G: Submission of written work for groups with following oral exam supplemented by the work submitted.
Exam submission description:
Exam project as described in Learning Activities. Further details will follow on LearnIT.

The projects will be evaluated based on the end of course presentation given by the students. Students must give a presentation that uses concepts and techniques covered in the course to clearly explain how they came up with a problem within their topic, how they solved this problem and why their solution works.
Group submission:
  • Group size: 1-2 students.
Exam duration per student for the oral exam:
20 minutes
Group exam form:
Mixed exam 1 : Individual and joint student presentation followed by an individual and a group dialogue. The students make a joint presentation followed by a group dialogue. Subsequently the students are having individual examination with presentation and / or dialogue with the supervisor and external examiner while the rest of the group is outside the room.

Time and date