- Notations in cryptography?
- What is Symmetric key, asymmetric key? What is the typical length of the keys? What is a keystream?
- What is Security by obscurity, and security by design?
- Why Security by design is better?
- How do monoalphabetic ciphers work? Examples for such ciphers?
- How can we break monoalphabetic ciphers?
- How do polialphabetic ciphers work? Examples for such ciphers?
- How does Alberti disc work? What is tabula recta and how to use it?
- How can we create secret tabula recta-s?
- What is an autokey? What and how is it used for?
- How can we break polialphabetic ciphers (in general)?
- How can we find out the key length of a polialphabetic cipher?
- How is it possible to do perfect ciphering?
- What is the One Time Pad? How do we use OTP? How we should not use OTP?
- How random should be a cipher key?
- What is the "index of coincidence"? How to calculate with it?
- How and where do statistical tests help us in cryptanalysis?

- What are the block ciphers? What are the basic, common characteristics?
- Which are the well known block ciphers? What parameters do they have? (keysize, blocksize)
- What are the requirements of modern block ciphers? What is avalanche effect, completeness, efficiency?
- How can we build a product cipher?
- How does the Feistel architecture looks like?
- What special requirement has "function f"?
- What is the origin of the Data Encryption Standard (DES)? 
- How does DES work?
- What makes the weak and semi-weak keys?
- How can we crack DES?
- What are the advantages and disadvantages of DES?
- What is 3DES and how to create it? How many keys 3DES has?
- What is the problem of "2DES"? What is the security strength of 2DES?
- Why 3DES needs only two keys? What is the security strength of 3DES?
- What is the "meet-in-the-middle" attack? How to perform a 2DES attack?
- What are the advantages and disadvantages of 3DES?
- What is Advanced Encryption Standard (AES)?
- What makes a substitution-permutation network?
- What are the advantages and disadvantages of AES?
- What is padding? Why is it necessary?
- How can we do padding in different ways?
- What is block chaining? Why is it necessary?
- What kinds of operation modes are known?
- How does ECB encrypt and decrypt messages? What happens when there is a bit error or bit erasure in the nth ciphertext block?
- Why ECB is said to be insecure?
- How does CBC encrypt and decrypt messages? What happens when there is a bit error or bit erasure in the nth ciphertext block?
- What is ciphertext stealing and where do we use it?
- How does CFB encrypt and decrypt messages? What happens when there is a bit error or bit erasure in the nth ciphertext block?
- Why don't we need the decryption procedure?
- How does OFB encrypt and decrypt messages? What happens when there is a bit error or bit erasure in the nth ciphertext block? 
- How does CTR encrypt and decrypt messages? What happens when there is a bit error or bit erasure in the nth ciphertext block?

- What are the stream ciphers? What are the basic, common characteristics?
- Which are the well known stream ciphers? What parameters do they have? (key size)
- How can we create a stream cipher from a block cipher?
- What is the scheme of a synchronous stream cipher? What do the functions do?
- Why synchronous ciphers are called synchronous?
- Example for a synchronous cipher?
- What is the scheme of an asynchronous stream cipher? What do the functions do?
- Why asynchronous ciphers are called asynchronous?
- Example for an asynchronous cipher?
- What is the Linear Feedback Shift Register (LFSR)?
- How can we combine LFSRs to create a more difficult stream ciphers?

- What is a hash function? What does it do?
- What is the specialty of cryptographic hash functions?
- On what does the size of the hash function depend?
- What is called Birthday Attack? Why this attack is relevant in the case of hash functions?
- What groups of hash functions are known?
- What is preimage resistance by definition?
- What is 2nd preimage resistance by definition?
- What is collision resistance by definition?
- What is the architecture of an iterated hash function?
- How can we cascade hash functions? Why is it good for?
- How can we build a hash function based on a block cipher?
- Matyas-Meyer-Oseas, Davies-Meyer and Miyaguchi-Preneel versions?
- Which are the well known hash functions? What parameters do they have? (blocksize, hash size)
- How can we create keyed hash functions?
- How does CBC-MAC calculated? What is the weakness of this hash? How can we fix it (Why?)? 
- What is secret prefix hash? Why is it not secure on some cases?
- What is secret suffix hash? Why is it not secure on some cases?
- How does HMAC work?

- What is the asymmetric key encryption? Why we use it? What are the benefits of it?
- What are the public and private keys? Who knows the keys? What is the typical public exponent?
- How can we encrypt a large message using an asymmetric block cipher? What is the efficient way of it?
- What are the most well known asymmetric block ciphers? What parameters do they have? (keysize)
- How can we encrypt and decrypt messages using RSA?
- Based on what assumption can we say that RSA is safe?
- How can we speed up the calculation of RSA encryption and decryption?
- What is cryptographic blinding in general? How does it work for RSA? Why is it necessary?
- What is the digital signature? What is it used for?
- How does the RSA signature scheme work, if we already have the keys?

- What is the role of key establishment? What is the difference between key establishment and authenticated key establishment?
- What is (implicit) key authentication by definition?
- What is key confirmation by definition?
- What is explicit key authentication by definition?
- What is the adversary model in the case of key establishment?
- What is perfect forward secrecy and why is it good?
- What characteristics the key establishment may have?
- What are the properties of different key establishment protocols? (number of messages, protection mode against replays,
 implicit/explicit key authentication, key confirmation, using a trusted third party, using long term keys, using hash,
 using symmetric/asymmetric ciphers, using signatures, number of contributors) - You are supposed to select/construct a key
 establishment protocol given by requirements.
- What does secret sharing mean?
- How does Shamir's threshold scheme work?