Intermediate cryptography resources

People often ask me for a good introduction to intermediate cryptography. It’s often easy to find basic and dangerous introductions (“public key encryption is like a mailbox”), but the next level isn’t as available.

There’s no single source for this, but you can find good coverage of the main practical topics online. Here are some resources to get you started learning beyond cryptography basics.

Cryptography: an Introduction (Nigel Smart)

I can’t say enough good things about this book. It is a great way to learn about attacks on public key schemes (see part 4) and has good general coverage as well, including elliptic-curve.

Lecture Notes on Cryptography (Bellare and Goldwasser)

Good for understanding how to model block cipher constructions with PRFs and PRPs. When someone says “that construction is not IND-CPA-secure”, this will tell you what that means. Try chapters 5, 6, and 9. Also, see the class notes page for slides and individual chapters of this series.

Tom’s math and crypto libraries (Tom St. Denis)

It’s impossible to understand practical cryptography without looking at implementations. Tom’s libraries are relatively clear and readable and cover the gamut from low-level integer manipulation all the way up to protocols. There are no external dependencies and they are public domain. For extra credit, implement one of the ciphers yourself before looking at his code, then compare to see how you did.

He also includes a large PDF documenting the library, and it’s available as a book as well.

NIST FIPS, SP and RSA PKCS standards

The NIST standards are pretty clear. The RSA ones are a bit more difficult to read. In any case, it’s very helpful to read through these and ask “why?” for each requirement they make. There’s always a reason for every “shall” or “must”. But are there some “shoulds” that should be “shalls”?

Once you’ve moved beyond these resources, the best next level is to read survey papers (like Boneh’s coverage of RSA) in the specific area you’re interested in. If you have your own favorite resources for intermediate cryptography, let me know in the comments below.

9 thoughts on “Intermediate cryptography resources

    1. Paul, I don’t recommend that book as a way to learn intermediate crypto. It’s more of a reference book for a set of algorithms. I did read it very early on when learning crypto, and it left out a lot of important material that was between layers. You might get an exhaustive treatment of the structure of DSA but no understanding of what happens if the nonce is predictable.

  1. How could you not mention the textbook “Introduction to Modern Cryptography” by Katz and Lindell?

    1. I haven’t read that book, but I just skimmed its TOC. It seems like a good reference on algorithms but reinforces my point about what we have too much of in crypto. Its material is very similar to HAC.

      It seems like we now have many crypto books that start with number theory and end with RSA. Along the way, they hit factoring algorithms, EC, number theory, and some block ciphers. Depending on the author’s interest, you’ll get a bit of cipher modes, PK padding, etc. along the way.

      However, this is only one type of crypto book, and we have too many of those already. The sources I cite are all ways to go beyond this type of book and start finding out how crypto works in the real world. How is it implemented on standard processors? Why is SSL designed the way it is? How is crypto broken? What is a side channel attack?

      The 2nd half of Cryptography Engineering is sort of what I’m talking about, but seems to be aimed for beginners. Thus, it doesn’t get very deep into important related areas.

      I’d like to see a series on designing and breaking cryptography, possibly updated as new attacks come out. How are collisions found in MD5? Why are they of the form that they are? Once they are found, what kinds of extensions can an attacker do (e.g., the cert collision work by Lenstra)? A chapter just on that history would be fascinating.

  2. For those into taking a class, I would say Dan Boneh’s CS255 is very good and does cover how to us crypto correctly. The Katz and Lindell I think is a good introduction, its not about crypto implementation but does not try and just cover algorithms. What it is, I think, is a good introduction to the foundations (e.g. PRF, PRP, etc) of cryptography. I haven’t looked at the Goldwasser and Bellare notes in many years, but I think Katz and Lindell a more clear introduction to many of the same concepts. But Boneh’s class makes it all clear, relevant and applicable to the real world.

  3. If you’ve ever come across Stack Overflow, you might be interested to know we (a small community) managed to get launched a dedicated site for questions on cryptography based on the same software – http://crypto.stackexchange.com/. It’s currently a small site in need of more users – questions on some of the material you present above would be more than welcome and of course we’re always looking for more experts to provide the answers at all levels. Personally, I think being able to clarify misunderstandings and ask exploratory questions is as important as having access to material to study.

    Anyway, I apologise for the blatant advertising (I am not affiliated with or endorsed by StackExchange Inc, by the way – I’m just another user) – but I would very much like to create a place where people can “get into” cryptography (as well as somewhere where more advanced questions can be asked) and in my opinion the SO model currently provides what’s needed to help make that happen.

    Anyway, these resources all look excellent to me, thank you for promoting them.

    1. I try to avoid all of Stack Exchange, and most crypto questions and answers there are especially offensive. As I said on Twitter:

      A quick review of Crypto Stack Exchange shows two clear groups of questions: useful general learning and “I gotta add 3DES to my C# asap”.

      Luckily, most of the questions are skewing towards useful general learning so far.

      Good:
      http://crypto.stackexchange.com/questions/350/is-the-representation-problem-hard-on-elliptic-curves
      http://crypto.stackexchange.com/questions/246/umac-to-what-extent-is-it-in-use-today

      Bad:
      http://crypto.stackexchange.com/questions/296/is-it-okay-to-use-a-hash-of-a-timestamp-as-the-iv-for-aes

      Ugly:
      http://crypto.stackexchange.com/questions/358/is-something-wrong-with-this-algorithm-in-term-of-security
      http://crypto.stackexchange.com/questions/337/where-do-i-securely-store-the-key-for-a-system-where-the-source-is-visible

Comments are closed.