Data Privacy and Security (Fall 2025)
Master's Degree in Data Science
Syllabus
The course is meant to cover an overview of modern techniques aimed at protecting data privacy and security in digital applications. Below is a tentative list of topics.
Introduction to cryptography:
- Confidential communication, secret-key and public-key encryption.
- Authentic communication, cryptographic hashing, message authentication codes and digital signatures.
- Key exchange protocols and TLS.
- Post-quantum cryptography. Fully-homomorphic encryption.
Differential Privacy:
- Approximate and pure differential privacy. Properties.
- Examples of differentially-private mechanisms: randomized responses, the Laplace mechanism, the Gaussian mechanism, the exponential mechanism.
- Lower bounds on differentially-private mechanisms.
Blockchain:
- The Bitcoin protocol.
- Ethereum and smart contracts.
- Altcoins (Algorand, Cardano, ZCash, ...).
Multiparty Computation:
- Two-party and multi-party computation.
- Yao's garbled circuits.
- MPC with honest majority.
Logistics
Important: The lectures are offered exclusively in-person (with no registration taking place).
Lecture time: Tuesday (14:00 - 17:00) and Thursday (14:00 - 16:00).
Location: Room A2 - Via Ariosto 25, Rome.
Twitter: @SapienzaCrypto.
Google Group: SapienzaCrypto.
Grading
Project (30%), oral exam (70%).
Course Slides
- Course info [pdf].
- Chapter 1: Secret-key cryptography [pdf].
- Chapter 2: Public-key cryptography [pdf].
- Chapter 3: Key exchange protocols [pdf].
- Chapter 4: Post-quantum cryptography [pdf].
- Chapter 5: Differential privacy [pdf].
- Chapter 6: Bitcoin [pdf].
- Chapter 7: Alternative currencies [pdf].
- Chapter 8: Secure multiparty computation [pdf].
References
While we will not follow a single book; the following sources are suggested as reference. However, only the material included in the slides will be part of the oral exam.
- Daniele Venturi. Crittografia nel Paese delle Meraviglie, Springer, Collana di Informatica, 2012.
- Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography, CRC Press, Third Edition, 2020.
- Salil Vadhan. The Complexity of Differential Privacy, Chapter 7 of Tutorials on the Foundations of Cryptography, Yehuda Lindell Ed., Springer, 2017.
- Carmit Hazay and Yehuda Lindell. Efficient Secure Two-Party Protocols, Springer, 2010.
Students' Projects
As part of the exam, students are required to solve a small project and present their project work during the exam. Reach out to me by email after choosing a topic of preference (among those covered in the course) in order to get an assignment. Collaboration among students is welcome.
Exams
The exam dates for academic year 2025/2026 will appear below. Please always register via Infostud.
Announcements
20/09/2025: The course will start on September 23, 2025.
Lectures
| Date | Topics | References |
|---|---|---|
| Lecture 1 23/09/25 | Introduction to the course. Modern cryptography. Message confidentiality and authenticity. Symmetric encryption. Perfect secrecy and Shannon's impossibility result. | Chapter 1 |
| Lecture 2 26/09/25 | The AES blockcipher. Modes of operation: ECB, CBC, CFB, OFB and CTR. Definition of CPA security for symmetric encryption. | Chapter 1 |
| Lecture 3 30/09/25 | Message authentication codes and unforgeability. CBC-MAC and its security. Collision-resistant hash functions. | Chapter 1 |
| Lecture 4 02/10/25 | The Merkle-Damgaard paradigm and SHA-1. The sponge construction and SHA-3. HMAC. Definition of CCA security for symmetric encryption. Combining encryption and authentication. | Chapter 1 |
| Lecture 5 07/10/25 | A brief tour of Minicrypt: one-way functions, pseudorandom generators, pseudorandom functions and pseudorandom permutations. Beginning of asymmetric cryptography: brush-up on number theory. | Chapter 2 |
| Lecture 6 09/10/25 | The RSA public-key encryption and its security. The ElGamal public-key encryption and its security. Diffie-Hellmann assumptions. Pairings and assumptions on bilinear groups. Digital signatures and unforgeability. Signing with RSA and Full-Domain Hash. Public-key infrastructures and X.509 certificates. Identity-based encryption. | Chapter 2 |
| Lecture 7 13/10/25 | Free software and freedom in the digial society (invited lecture by Richard Stallman). | -- |
| Lecture 8 16/10/25 | Key exchange protocols. Diffie-Hellmann key exchange. Security in the Canetti-Krawczyk model. The ISO 9697 protocol. IPsec and IKE: SKEME and SIGMA. MQV and HMQV. | Chapter 3 |
| Lecture 9 21/10/25 | Key derivation functions using HMAC. Passwords. Bloom filters. Password-based encryption. Password-authenticated key exchange. The TLS protocol and TLS 1.3. | Chapter 3 |
| Lecture 10 23/10/25 | Post-quantum cryptography. Lattices and hard problems: SIS and LWE. Basic cryptographic primitives based on lattices. Lattice trapdoors. | Chapter 4 |
| Lecture 11 28/10/25 | Falcon. Canonical identification schemes and Crystals-Dilithium. Regev public-key encryption. The Fujisaki-Okamoto transform and Crystals-Kyber. | Chapter 4 |
| Lecture 12 30/10/25 | Fully-homomorphic encryption and advanced cryptographic applications. | Chapter 4 |