Bonn-Aachen International Center
for Information Technology





city life
cosec >students >Teaching >Summer 2017 
Register?New password?

The art of cryptography:
secure internet & e-passports

This course is listed in Aachen Campus as The art of cryptography: secure internet & e-passports and in Bonn Basis as MA-INF 1312 - The art of cryptography: secure internet & e-passports.


Michael Nüsken

Time & Place

First meeting: Monday, 24 April 2017, 1230.


Exam hints

Verify whether your exam exercise sheets are complete: It should contain Exercise 1 to Exercise ??. Insert your name and matrikel (student number) on each sheet. Approaches, solutions and all side calculations must be written to the given paper. Please use also the back sides. If you need extra paper ask the supervisor. Do not remove the staple!
Do write with blue or black ink!
Do not use a pencil or any other erasable pen.
The exam must be handled independently. Permitted auxiliary means are: writing materials, a pocket calculator (non-programmable, without division with remainder, without linear algebra software), and a cheat sheet, DIN A4, two-sided, written only with your own handwriting. Any other utilities, even own paper, are not permitted.
An attempt at deception leads to failure for this exam and possibly other measures - even if the attempt is only detected later.

The exam will carry the hints displayed on the right.

Pre-exam meeting: 21 August 2017, 1300-1430, b-it 1.25.

Exam: Wednesday, 23 August 2017, 1000-1300, b-it bit-max [if after move: CP1 0.109 (Neubau)].

Post-exam meeting: tba.

Exam2 (repetitions only): Wednesday, 27 September 17, 1000-1300, b-it bit-max [if after move: CP1 U.105 (Neubau)].

About handins, credits and boni

[Sorry, you need to enable Javascript to see this.]

Of course, you know that solving exercises is vital to understand the topics of the course. As an additional motivation, you can earn credits with a small influence on your final mark. Note that to be admitted to the exam you need to earn at least 50% of the credits. Experience shows that you should try all exercises and tutorials. Students are encouraged to discuss the given exercises among each other. Still, every student has to write up his/her solutions on his/her own. Your solution has to be self-explanatory. Stating the final result is never enough.

  1. You are encouraged to form groups to discuss and solve the exercises. However, you must formulate and write down the solutions individually.
  2. Always hand in using the above button. Your solution must consists of
    • either: a single attached, printable file, best a PDF,
    • or: as text only in the mail body.

    Make sure that a printout of this single thing is legible and contains your name! A zipped file is not printable and counts as many files!

    Try to keep the size of your mail fairly below 5MB.

  3. Sign the entire mail including attachments.

    From sheet 2 onwards the bonus for validly signed handins will only awarded if we trust your key at the handin time.

  4. Usually do not encrypt. Any encrypted mail must be encrypted for all recipients.
If you do follow these rules and we can easily verify your signature then you earn an extra credit (per sheet). Otherwise you earn a malus (per sheet).
  1. Obvious: credits are awarded for solutions that arrive within the respective deadline. Any post-deadline submission may be ignored.
  2. Admission and boni
    • If you solved 50% of all corrected exercises, you are admitted to the exam.
    • If you solved 70% of all corrected exercises, you earn a single bonus.
    • If you even solved 90% of all corrected exercises, you earn a second bonus.
    • If you pass the exam and the exam is not an oral one, your final mark will be increased by approximately one third point per earned bonus.


The screen notes (PDF 7.5MB) contain all handwritten stuff (last updated 20 July 2017, 16:20).




Basic knowledge in cryptography is needed, as for example the course Cryptography held in the previous winter. Compare our programme.


We will put each member on the mailing list

[Sorry, you need to enable Javascript to see this.]
. You can also subscribe yourself. The list is intented for all participants of the course as a platform for discussions around the topic. Furthermore, announcements regarding the course are made here.


This course is about various aspects of security in the internet. In the first part we deal with secure connections, whereas the second part considers electronic voting schemes involving further tasks.

In the internet a large variety of protocols ("chatting programs") are in use to make this or that `secure'. VPN, IPsec, SSL, PKI, PGP are just a few tokens that need explanations. We will try to understand a little of that and how things are used and made available. We aim at also considering their security relative to the used primitives.

Passports shall carry more and more sensitive information in a easily accessible way in the future. This information may, apart from name, origin and the like, contain fingerprints or retina scans. And it is stored in electronic form, and it can be accessed by wireless transmissions. This raises a lot of new problems:

The course will try to give an overview what and how things are implemented. We will discuss the concerns of and threats to holders, society and government. Biometrical information has long been used to identify persons. Already, in 1901 Scotland Yard started to use fingerprints to identify criminals. Since then various other methods have been introduced: iris scan, face recognition, retina scans, hand geometry to name just the most prominent. Since about 1965 people have tried to automate all these identification methods. This has shown many difficulties. It is still not clear which information identify a person: for example, though it is widely believed that fingerprints do, only few scientific studies are available. And it turns out to be pretty difficult to find a reliable automatic pattern matcher. Mind that it is not like searching a given fixed string in a dictionary. You have to find the template(s) that are most similar to a given one, or tell that there is none within given bounds.


4+2 SWS.

Imprint, webmaster & more