Cryptography I

Offered by Stanford University. Cryptography is an indispensable tool for protecting information in computer systems. In this course you ... Enroll for free.

About this Course

167,088 recent views

Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on fun (optional) programming projects. In a second course (Crypto II) we will cover more advanced cryptographic tasks such as zero-knowledge, privacy mechanisms, and other forms of encryption.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Approx. 23 hours to complete


Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish

Skills you will gain

  • Cryptography
  • Cryptographic Attacks
  • Public-Key Cryptography
  • Symmetric-Key Algorithm

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Approx. 23 hours to complete


Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish


Instructor rating 4.77/5 (395 Ratings)

Dan Boneh

ProfessorComputer Science 384,732 Learners 2 Courses

Offered by


Stanford University

The Leland Stanford Junior University, commonly referred to as Stanford University or Stanford, is an American private research university located in Stanford, California on an 8,180-acre (3,310 ha) campus near Palo Alto, California, United States.

Week 1

5 hours to complete

Course overview and stream ciphers

Week 1. This week's topic is an overview of what cryptography is about as well as our first example ciphers. You will learn about pseudo-randomness and how to use it for encryption. We will also look at a few basic definitions of secure encryption.

5 hours to complete

12 videos (Total 210 min), 2 readings, 2 quizzes

12 videos

Course Overview10m

What is Cryptography?15m

History of Cryptography18m

Discrete Probability (Crash Course)18m

Discrete Probability (Crash Course, Cont.)13m

Information Theoretic Security and The One Time Pad18m

Stream Ciphers and Pseudo Random Generators19m

Attacks on Stream Ciphers and The One Time Pad23m

Real-World Stream Ciphers19m

PRG Security Definitions24m

Semantic Security15m

Stream Ciphers are Semantically Secure [optional]10m

2 readings

Lecture slides for all six weeks10m

Course overview and additional reading resources10m

2 practice exercises

Week 1 - Problem Set30m

Week 1 - Programming Assignment [optional]30m

Week 2

4 hours to complete

Block Ciphers

Week 2. We introduce a new primitive called a block cipher that will let us build more powerful forms of encryption. We will look at a few classic block-cipher constructions (AES and 3DES) and see how to use them for encryption. Block ciphers are the work horse of cryptography and have many applications. Next week we will see how to use block ciphers to provide data integrity. The optional programming assignment this week asks students to build an encryption/decryption system using AES.

4 hours to complete

11 videos (Total 167 min)

11 videos

What are Block Ciphers?16m

The Data Encryption Standard21m

Exhaustive Search Attacks19m

More Attacks on Block Ciphers 16m

The AES Block Cipher13m

Block Ciphers From PRGs11m

Review: PRPs and PRFs11m

Modes of Operation: One Time Key7m

Security for Many-Time Key (CPA security)22m

Modes of Operation: Many Time Key (CBC)16m

Modes of Operation: Many Time Key (CTR) 9m

2 practice exercises

Week 2 - Problem Set30m

Week 2 - Programming Assignment [Optional]30m

Week 3

3 hours to complete

Message Integrity

Week 3. This week's topic is data integrity. We will discuss a number of classic constructions for MAC systems that are used to ensure data integrity. For now we only discuss how to prevent modification of non-secret data. Next week we will come back to encryption and show how to provide both confidentiality and integrity. This week's programming project shows how to authenticate large video files. Even if you don't do the project, please read the project description --- it teaches an important concept called a hash chain.

3 hours to complete

11 videos (Total 130 min)

11 videos

Message Authentication Codes15m

MACs Based On PRFs9m


MAC Padding8m

PMAC and the Carter-Wegman MAC15m

Introduction 10m

Generic Birthday Attack14m

The Merkle-Damgard Paradigm 11m

Constructing Compression Functions8m


Timing attacks on MAC verification8m

2 practice exercises

Week 3 - Problem Set30m

Week 3 - Programming Assignment [Optional]30m

Week 4

4 hours to complete

Authenticated Encryption

Week 4. This week's topic is authenticated encryption: encryption methods that ensure both confidentiality and integrity. We will also discuss a few odds and ends such as how to search on encrypted data. This is our last week studying symmetric encryption. Next week we start with key management and public-key cryptography. As usual there is also an extra credit programming project. This week's project involves a bit of networking to experiment with a chosen ciphertext attack on a toy web site.

4 hours to complete

12 videos (Total 167 min)

12 videos

Active Attacks on CPA-Secure Encryption12m

Definitions 5m

Chosen Ciphertext Attacks12m

Constructions From Ciphers and MACs20m

Case Study: TLS 1.217m

CBC Padding Attacks14m

Attacking Non-Atomic Decryption 9m

Key Derivation13m

Deterministic Encryption14m

Deterministic Encryption: SIV and Wide PRP20m

Tweakable Encryption14m

Format Preserving Encryption12m

2 practice exercises

Week 4 - Problem Set30m

Week 4 - Programming Project [Optional]30m

Week 5

3 hours to complete

Basic Key Exchange

Week 5. This week's topic is basic key exchange: how to setup a secret key between two parties. For now we only consider protocols secure against eavesdropping. This question motivates the main concepts of public key cryptography, but before we build public-key systems we need to take a brief detour and cover a few basic concepts from computational number theory. We will start with algorithms dating back to antiquity (Euclid) and work our way up to Fermat, Euler, and Legendre. We will also mention in passing a few useful concepts from 20th century math. Next week we will put our hard work from this week to good use and construct several public key encryption systems.

3 hours to complete

9 videos (Total 133 min), 1 reading, 2 quizzes

9 videos

Trusted 3rd Parties 11m

Merkle Puzzles11m

The Diffie-Hellman Protocol19m

Public-Key Encryption10m


Fermat and Euler18m

Modular e'th Roots17m

Arithmetic algorithms12m

Intractable Problems18m

1 reading

More background on number theory10m

2 practice exercises

Week 5 - Problem Set30m

Week 5 - Programming Assignment [Optional]30m

Week 6

4 hours to complete

Public-Key Encryption

Week 6. This week's topic is public key encryption: how to encrypt using a public key and decrypt using a secret key. Public key encryption is used for key management in encrypted file systems, in encrypted messaging systems, and for many other tasks. The videos cover two families of public key encryption systems: one based on trapdoor functions (RSA in particular) and the other based on the Diffie-Hellman protocol. We construct systems that are secure against tampering, also known as chosen ciphertext security (CCA security). There has been a ton of research on CCA security over the past decade and given the allotted time we can only summarize the main results from the last few years. The lectures contain suggestions for further readings for those interested in learning more about CCA secure public-key systems. The problem set this week involves a bit more math than usual, but should expand your understanding of public-key encryption. Please don't be shy about posting questions in the forum. This is the last week of this Crypto I course. I hope everyone learned a lot and enjoyed the material. Crypto is a beautiful topic with lots of open problems and room for further research. I look forward to seeing you in Crypto II where we will cover additional core topics and a few more advanced topics.

4 hours to complete

11 videos (Total 155 min)

11 videos

Definitions and Security 15m


The RSA Trapdoor Permutation17m

PKCS 121m

Is RSA a One-Way Function?16m

RSA in Practice13m

The ElGamal Public-key System19m

ElGamal Security13m

ElGamal Variants With Better Security10m

A Unifying Theme11m

Farewell (For Now)5m

2 practice exercises

Week 6 - Problem Set30m

Week 6 - Programming Assignment [Optional]30m

Week 7

1 hour to complete

Final exam

Congratulations! We are at the end of the course. This module contains only the final exam which covers the entire course. I hope everyone learned a lot during these 6 weeks. Good luck on the final exam and I look forward to seeing you at a future course!

1 hour to complete

1 practice exercise

Final Exam30m