Where to find a free course about Foundations of Cryptography: Symmetric, Public-Key, Hashing and Signatures ?

Free Course Image Foundations of Cryptography: Symmetric, Public-Key, Hashing and Signatures

Free online courseFoundations of Cryptography: Symmetric, Public-Key, Hashing and Signatures

Duration of the online course: 32 hours and 51 minutes

New

Build real cryptography skills in this free online course—encryption, hashes and digital signatures explained clearly, with exercises and optional certificate.

In this free course, learn about

Security goals & virtual secure channel properties; Kerckhoffs’ principle
Symmetric encryption basics; historical ciphers; Shannon perfect secrecy & its limits
Computational security: semantic security/IND; COA/CPA games and advantage bounds
PRGs and hybrids; stream ciphers; why key/keystream reuse breaks multi-message security
PRFs and CPA-secure encryption from PRFs; block cipher modes (ECB/CTR/OFB) and pitfalls
Block cipher design (Feistel/SPN), meet-in-the-middle on double encryption, practical issues
Active adversaries: CCA security games and decryption-oracle restrictions
Message integrity: MACs, long-message MAC pitfalls, CBC-MAC fixes, info-theoretic MAC bounds
Hash functions: Merkle–Damgård, Davies–Meyer, Hash-and-MAC, birthday/collision attacks
Random Oracle Model: ideal hash modeling; what commitment properties follow from CR alone
Authenticated encryption and secure composition (Encrypt-then-MAC vs insecure variants)
Key exchange & cyclic groups: DL/CDH/DDH, Diffie–Hellman privacy, group choices incl. ECC
Public-key crypto: ElGamal, RSA (assumptions, CPA/CCA issues), KEM/DEM hybrids, CCA PKE
Signatures/PKI, identification (Schnorr, Fiat–Shamir), number theory, secret sharing, ZK proofs

Course Description

Modern security depends on cryptography, yet many developers and IT professionals use it as a black box. This course helps you build a clear, practical foundation so you can reason about security guarantees, understand what attackers can and cannot do, and choose the right primitives for real systems. Instead of relying on folklore, you will learn the mindset and vocabulary used to define security goals and evaluate whether a construction actually meets them.

You begin with symmetric-key encryption and the core idea of building a secure channel: confidentiality and integrity under well-specified adversary capabilities. From classical ciphers and perfect secrecy, you see why one-time pads are special and why key reuse breaks security. The course then moves to computational security, introducing the kinds of assumptions and efficiency constraints that make cryptography useful in practice, and the definitions that capture what it means for an adversary to learn nothing meaningful from ciphertext.

From there, you connect theory to building blocks that appear everywhere in software: pseudorandom generators and stream ciphers, pseudorandom functions, and block-cipher modes of operation. You will learn how subtle choices like IV handling, randomness, and composition determine whether an encryption scheme withstands realistic attacks. As you progress, the focus expands from passive eavesdroppers to active attackers, leading to message authentication codes, integrity for long messages, and the goal of authenticated encryption where secrecy and tamper resistance work together.

The course also develops a solid understanding of hash functions and how they are modeled, what generic attacks imply about security margins, and why design patterns such as Hash-and-MAC matter in engineering. Moving into public-key cryptography, you will study key exchange and cyclic-group hardness assumptions, then see how those ideas power public-key encryption, hybrid encryption, and the leap from CPA to CCA security.

Finally, you explore digital signatures, certificates and PKI, plus foundational number theory concepts that make the algorithms tick. Along the way, exercises reinforce the definitions and threat models so you can spot dangerous reuse, insecure compositions, and misleading security claims. By the end, you will be able to read cryptographic APIs and protocol descriptions with far more confidence, and make better security decisions in cyber security and software engineering projects.

Course content

Video class: noc20 cs02 lec01 Introduction 28m
Exercise: Which set of properties defines the virtual secure channel for secure communication?
Video class: noc20 cs02 lec02 Symmetric key Encryption 46m
Exercise: According to Kerckhoffs’ principle, what should the security of a cryptosystem rely on?
Video class: noc20 cs02 lec03 Historical Ciphers and their Cryptanalysis 26m

Video class: noc20 cs02 lec04 Perfect Security 51m
Exercise: Which statement best captures Shannon’s definition of perfect secrecy for an encryption scheme?
Video class: noc20 cs02 lec05 Limitations of Perfect Security 20m
Exercise: In a one-time pad (Vernam cipher), what happens if the same key is reused to encrypt two different messages?
Video class: noc20 cs02 lec06 Introduction to Computational Security 36m
Exercise: In modern cryptography, which pair of relaxations enables practical key reusability (using the same short key to encrypt many messages)?

Video class: noc20 cs02 lec07 Semantic Security 49m
Exercise: In the ciphertext-only attack (COA) indistinguishability experiment for semantic security, what is the required upper bound on the adversary’s success probability of guessing which message was encrypted?
Video class: noc20 cs02 lec08 Pseudo random Generators PRGs 30m
Exercise: In a pseudorandom generator (PRG) indistinguishability experiment, what condition must hold for every PPT distinguisher D if G is secure?
Video class: noc20 cs02 lec09 Operations on Pseudorandom Generators 30m
Exercise: In the hybrid-argument proof for parallel composition of a PRG with k = 2, what is the intermediate experiment (Hint)?

Video class: noc20 cs02 lec10 Stream Ciphers 20m
Exercise: Why is a basic stream cipher (m XOR G(k)) not multi-message secure when the same key k is reused?
Video class: noc20 cs02 lec11 Provably secure Instantiation of PRG 39m
Exercise: In a provably secure PRG construction from a one-way permutation f and an associated hard-core predicate hp, how is a 1-bit expansion PRG G(s) typically defined for an n-bit seed s?
Video class: noc20 cs02 lec12 Practical Instantiations of PRG 33m
Exercise: Why is a basic linear feedback shift register (LFSR) not considered a secure pseudo-random generator for critical applications?
Video class: noc20 cs02 lec13 CPA security 35m
Exercise: Why is a basic stream cipher not multi-message secure when the same key is reused?

Video class: noc20 cs02 lec14 Pseudo random Functions PRFs 41m
Exercise: In the indistinguishability experiment for a pseudo-random function (PRF), what is the distinguisher’s goal?
Video class: noc20 cs02 lec15 CPA secure Encryption from PRF 37m
Exercise: In the PRF-based CPA-secure encryption scheme, what is the ciphertext for an L-bit message m?
Video class: noc20 cs02 lec16 Modes of Operations of Block Ciphers Part I 26m
Exercise: Why is ECB mode not CPA-secure?
Video class: noc20 cs02 lec17 Modes of Operations of Block Ciphers Part II 34m
Exercise: Which feature distinguishes CTR mode from OFB mode in generating the pad stream?
Video class: noc20 cs02 lec18 Theoretical Constructions of Block Ciphers 38m

Video class: noc20 cs02 lec19 Practical Constructions of Block Ciphers Part I 42m
Exercise: In a substitution–permutation network (SPN), where does the “confusion” mainly come from even though S-boxes are publicly known?
Video class: noc20 cs02 lec20 Practical Constructions of Block Ciphers Part II 41m
Exercise: Why is double encryption (e.g., Double-DES) not considered to provide the expected 2k-bit security against key recovery?
Video class: noc20 cs02 lec21 From Passive to Active Adversary 36m
Exercise: In the CCA security game, which restriction is imposed on the adversary’s decryption-oracle queries after receiving the challenge ciphertext c*?

Video class: noc20 cs02 lec22 Message Integrity and Authentication 26m
Exercise: In a symmetric-key setting, what is the main purpose of a Message Authentication Code (MAC)?
Video class: noc20 cs02 lec23 Message Authentication for Long Messages Part I 30m
Exercise: Why does independently authenticating each block of a multi-block message using a fixed-length MAC fail to give a secure MAC for arbitrary-length messages?
Video class: noc20 cs02 lec24 Message Authentication for Long Messages Part II 33m
Exercise: In randomized ε-prefix-free encoding for CBC-based PRFs, why does XORing the last message block with a uniformly random n-bit key help security?
Video class: noc20 cs02 lec25 Information theoretic MACs Part I 27m
Exercise: In a one-time information-theoretic secure MAC constructed using a strongly universal function (SUF), what is the maximum success probability of a computationally unbounded adversary forging a valid tag for a new message after seeing one valid (m, t) pair?
Video class: noc20 cs02 lec26 Information theoretic MACs Part II 30m
Exercise: In the finite-field-based strongly universal function (SUF) used to build a one-time information-theoretic MAC, what is the tag output for message m under key (a,b) in Zp?

Video class: noc20 cs02 lec27 Cryptographic Hash Functions Part I 30m
Exercise: In the Merkle–Damgård paradigm, what is the role of the fixed-length compression function h?
Video class: noc20 cs02 lec28 Cryptographic Hash Functions Part II 33m
Exercise: In the Davies–Meyer construction for a compression function, how is the output computed from a block cipher?
Video class: noc20 cs02 lec29 Message Authentication Using Hash Functions 42m
Exercise: In the Hash-and-MAC paradigm for authenticating arbitrary-length messages, how is the tag for a message m computed?
Video class: noc20 cs02 lec30 Generic Attacks on Hash Functions and Additional Applications of Hash Functions 41m
Exercise: In a birthday attack on an l-bit hash output (N = 2^l), about how many distinct hash evaluations are needed to obtain a collision with a constant (non-negligible) probability?
Video class: noc20 cs02 lec31 Random Oracle Model Part I 26m
Exercise: In the Random-Oracle Model (ROM), how is the hash function H ideally modeled when proving security of hash-based constructions?
Video class: noc20 cs02 lec32 Random Oracle Model Part II 38m
Exercise: In a hash-based commitment scheme where the commitment is c = H(m || s), which security property can be proven from collision resistance alone (without using the Random-Oracle model)?

Video class: noc20 cs02 lec33 Authenticated Encryption 32m
Exercise: Which pair of properties must a symmetric encryption scheme satisfy to be considered an authenticated encryption (AE) scheme?
Video class: noc20 cs02 lec34 Composing CPA secure Cipher with a Secure MAC Part I 49m
Exercise: In the encrypt-then-authenticate composition, what is the correct order of operations to produce the final ciphertext?
Video class: noc20 cs02 lec35 Composing CPA secure Cipher with a Secure MAC Part II 33m
Exercise: Why can the encrypt-and-authenticate composition fail to be CPA-secure when the MAC tag generation is deterministic?

Video class: noc20 cs02 lec36 Key Exchange Protocols Part I 34m
Exercise: In an anonymous key-exchange protocol, what is the key difference between weak privacy and strong privacy against an eavesdropper?
Video class: noc20 cs02 lec37 Key Exchange Protocols Part II 21m
Exercise: Which statement best describes a one-way trapdoor function?

Video class: noc20 cs02 lec38 Cyclic groups 37m
Exercise: In a cyclic group G of order q with generator g, what is the discrete logarithm of an element y with respect to base g?
Video class: noc20 cs02 lec39 Cryptographic Hardness Assumptions in the Cyclic Groups 31m
Exercise: In the Diffie–Hellman key exchange instantiated with E(α)=g^α and F(α,β)=g^(αβ), which hardness assumption is required to achieve strong privacy (the key looks indistinguishable from random given g^α and g^β)?
Video class: noc20 cs02 lec40 Candidate Cyclic Groups for Cryptographic Purposes Part I 24m
Exercise: Why is the full multiplicative group Z_p* (with multiplication mod p) considered inappropriate for securely instantiating the Diffie–Hellman key-exchange in general?
Video class: noc20 cs02 lec41 Candidate Cyclic Groups for Cryptographic Purposes Part II 27m
Exercise: Why are elliptic-curve-based cyclic groups often preferred over prime-order subgroups of Zp* for practical security?
Video class: noc20 cs02 lec42 Cryptographic Applications of the Discrete Log Assumption 32m
Exercise: Why does finding a collision in the function HDL(α,β)=g^α·h^β help in solving a discrete logarithm instance?

Video class: noc20 cs02 lec43 Public key Encryption 30m
Exercise: In public-key encryption, why are COA security and single-message CPA security considered equivalent?
Video class: noc20 cs02 lec44 El Gamal Public key Encryption Scheme 36m
Exercise: In the El Gamal public-key encryption scheme, which pair correctly represents the ciphertext for a message m?
Video class: noc20 cs02 lec45 RSA Assumption 25m
Exercise: In the RSA permutation over ZN*, what condition on the public exponent e ensures that an inverse exponent d exists modulo φ(N)?
Video class: noc20 cs02 lec46 RSA Public key Cryptosystem 45m
Exercise: Why is plain RSA encryption considered insecure under chosen-plaintext attacks (CPA)?
Video class: noc20 cs02 lec47 Hybrid Public key Cryptosystem 37m
Exercise: In a KEM/DEM hybrid encryption scheme, what does the encapsulation algorithm (Encap) output?

Video class: noc20 cs02 lec48 CCA Secure Public key Ciphers 32m
Exercise: In the CCA security game for public-key encryption, what restriction is placed on the adversary’s post-challenge decryption queries?
Video class: noc20 cs02 lec49 CCA Secure Public key Ciphers Based on Diffie Hellman Problems 25m
Exercise: Why is ElGamal public-key encryption not CCA secure?
Video class: noc20 cs02 lec50 CCA Secure Public key Ciphers Based on RSA Assumption 38m
Exercise: Why is plain RSA encryption not CCA secure?

Video class: noc20 cs02 lec51 Digital Signatures 36m
Exercise: In a public key infrastructure (PKI), what is the main role of a digital certificate issued by a Certificate Authority (CA)?
Video class: noc20 cs02 lec52 RSA Signatures 19m
Exercise: In the plain RSA signature scheme, how can an adversary mount the simplest “no message attack” without querying any signature oracle?
Video class: noc20 cs02 lec53 Identification Schemes 40m
Exercise: In the Schnorr identification scheme, when is a transcript (I, r, s) considered accepting?
Video class: noc20 cs02 lec54 Schnorr Signature Scheme and TLS or SSL 29m
Exercise: In the Fiat–Shamir transformation, how is the verifier’s challenge determined in the resulting signature scheme?

Video class: noc20 cs02 lec55 Number Theory 33m
Exercise: When does the multiplicative inverse of an integer a modulo N exist?
Video class: noc20 cs02 lec56 Secret Sharing 36m
Exercise: In Shamir’s (n, t) secret sharing, why can any t+1 shareholders reconstruct the secret, but any t shareholders cannot?
Video class: noc20 cs02 lec57 Zero Knowledge Protocols Part I 25m
Exercise: In the graph isomorphism zero-knowledge protocol, what is the probability that a cheating prover (who does not know the isomorphism) succeeds in all k rounds?
Video class: noc20 cs02 lec58 Zero Knowledge Protocols Part II 30m
Exercise: In the zero-knowledge proof system for the 3-coloring problem, why does the prover commit to a randomly permuted coloring before the verifier chooses an edge challenge?
Video class: noc20 cs02 lec59 Good Bye for Now 10m
Exercise: What is the two-stage approach described for achieving secure communication between two parties with no pre-shared information over a public channel?

Learn aboutCryptography

Explore the fundamentals of Cryptography with 3 free online courses. Learn encryption techniques, security protocols, and secure communication practices to enhance your cybersecurity skills.

This free course includes:

32 hours and 51 minutes of online video course

Digital certificate of course completion (Free)

Exercises to train your knowledge

100% free, from content to certificate

Ready to get started?Download the app and get started today.

Install the app now

to access the course

Over 5,000 free courses

Programming, English, Digital Marketing and much more! Learn whatever you want, for free.

Study plan with AI

Our app's Artificial Intelligence can create a study schedule for the course you choose.

From zero to professional success

Improve your resume with our free Certificate and then use our Artificial Intelligence to find your dream job.

You can also use the QR Code or the links below.

QR Code - Download Cursa - Online Courses

More free courses at Cyber Security

Free Course Image CompTIA Security course

Free CourseCompTIA Security course

(2)

26h11m

41 exercises

Free Course Image Information Security Management Fundamentals

Free CourseInformation Security Management Fundamentals

(6)

2h55m

15 exercises

Free Course Image Advanced Topics in Cryptography

Free CourseAdvanced Topics in Cryptography

(2)

22h34m

9 exercises

Free Course Image Computer systems security

Free CourseComputer systems security

4.82

(147)

29h44m

20 exercises

Free CourseIT Security

4.81

(16)

15h04m

18 exercises

Free CourseCyber security

4.78

(369)

2h07m

24 exercises

Free Course Image Information security lessons

Free CourseInformation security lessons

4.77

(47)

7h15m

11 exercises

Free Course Image Introduction to Cybersecurity

Free CourseIntroduction to Cybersecurity

4.71

(14)

7h43m

6 exercises

Free Course Image Cyber Security Masterclass

Free CourseCyber Security Masterclass

4.64

(22)

1h36m

6 exercises

Free Course Image Cyber security full course

Free CourseCyber security full course

4.63

(8)

11h06m

Free Ebook + Audiobooks! Learn by listening or reading!

Free Ebook cover Complete course in Information Security from zero to advanced

4.29

(21)

Free Ebook cover An Introduction to Ethical Hacking and Penetration Testing

4.75

(8)

Free Ebook cover Cloud Security Fundamentals: Protecting Data in the Cloud

New

Free Ebook cover Digital Forensics for Beginners: Collecting, Preserving, and Analyzing Evidence on Windows, Mobile, and Cloud

New

Free Ebook cover Practical Cryptography for Developers: Build, Break, and Secure Real Systems

New

Download the App now to have access to + 5000 free courses, exercises, certificates and lots of content without paying anything!

100% free online courses from start to finish

Thousands of online courses in video, ebooks and audiobooks.
More than 60 thousand free exercises

To test your knowledge during online courses
Valid free Digital Certificate with QR Code

Generated directly from your cell phone's photo gallery and sent to your email

Download our app via QR Code or the links below::.