Course Number 705068 and 705069 | Sommersemester 2021

Cryptanalytic attacks and how they guide cryptographic design


Cryptanalytic attacks define the security of cryptographic algorithms, and understanding them is crucial to understand cryptographic design. This lecture aims to give you some in-depth knowledge of several recent state-of-the-art topics in cryptography, with a focus on cryptanalysis:

  • Classic and quantum algorithms for factoring and discrete log
  • Cryptanalysis of block ciphers (differential, linear, algebraic)
  • Cryptanalysis of hash functions and stream ciphers
  • Lattices and continued fractions in cryptanalysis

In the exercises, you will implement some of these attacks to solve cryptanalytic challenges. In the seminar, additional selected topics may be presented by participants — see below for a list of suggested topics.

This course is equivalent to the previous course “Applied Cryptography 2” (SS 2020).


Lecture and Seminar

Date Who Topic Video
04.03.2021 ME L1 – Factoring and Continued Fractions YouTube
11.03.2021 ME L2 – Discrete Logarithm YouTube
18.03.2021 MS L3 – Quantum Cryptanalysis YouTube
25.03.2021 ME L4 – Lattices YouTube
15.04.2021 MS L5 – TLS security & Protocol Attacks YouTube
22.04.2021 ME L6 – Differential Cryptanalysis YouTube
29.04.2021 MS L7 – Advanced Differential Attacks YouTube
06.05.2021 ME L8 – Linear Cryptanalysis YouTube
20.05.2021 MS L9 – Sponges & Stream Ciphers YouTube
27.05.2021 MS L10 – Algebraic Attacks YouTube
10.06.2021 you Seminar Talks 1 WebEx
17.06.2021 you Seminar Talks 2 WebEx
24.06.2021 you Seminar Talks 3 WebEx
01.07.2021 VO Exam (oral, first date) Discord


Date Topic Where
18.03.2021 Team registration deadline STicS
18.03.2021 T1 – Asymmetric Cryptanalysis After L3
22.04.2021 T1 – Question session
29.04.2021 T1 – Submission deadline (23:59)
06.05.2021 T2 – Symmetric Cryptanalysis
27.05.2021 T2 – Question session
10.06.2021 T2 – Submission deadline (23:59)

Administrative Information

Exercises (KU)

In the exercises, you implement cryptanalysis techniques from the lecture in teams of 2. To get a grade, you submit your implementations for 2 assignments, which we will discuss with you in a final interview (“Abgabegespräch”). Use the Student Tick System (STicS) to register your team and upload your submissions. We usually won’t need the 16:30–17:15 KU timeslots (except for question times and seminar presentations).

Lecture exams and seminar talks (VO)

There are 2 ways to get a grade for the VO:

  • Exam mode: Write exam at the end of the term or take an oral exam later
    • You can find the exam dates and registration in TUGRAZonline.
  • Seminar mode: Participate actively in KU+VO and give a seminar presentation in one of the last lectures (45 minutes), for example on
    • Block Ciphers: Division Property
    • Block Ciphers: Zero-Correlation and Multidimensional Linear Cryptanalysis
    • Block Ciphers: MitM and Biclique Attacks
    • Hash Functions: Rebound Attack
    • Hash Functions: Cryptanalytic Exploits (MD5 Certificates etc.)
    • Authenticated Encryption: Security Proofs and Robustness
    • Algebraic Attacks: Gröbner Basis, etc.
    • RSA: (In)Security in Practice
    • Elliptic-Curve Cryptography: Secure Curves
    • Post-Quantum: Lattices and Learning with errors
    • Post-Quantum: Coding-based Cryptography
    • Selected Topics: Implementation Security and Masking
    • Selected Topics: Statistical Ineffective Fault Attacks
    • Selected Topics: Backdoors in Cryptography
    • Selected Topics: Security of Password Hashing

COVID-19 Info

All lectures and exercises are conducted virtually this year.
The lectures are streamed live on Youtube (URLs below and in your calendar). For most contents, recordings will be available afterwards.
Video meetings for exercise interviews and question sessions are on Discord, where you can also ask written questions at any time.
For the optional seminar talk, you will have the choice between online and live presentations if conditions permit. The alternative is a virtual oral lecture exam.


The lecture slides are reasonably self-contained, but often briefly phrased.
If you prefer full-text resources, you may find some of the following books interesting:


Maria Eichlseder

Assistant Professor

View more
Markus Schofnegger

PhD Candidate

View more