[HN Gopher] A Graduate Course in Applied Cryptography
___________________________________________________________________
A Graduate Course in Applied Cryptography
Author : ColinWright
Score : 245 points
Date : 2021-10-19 14:36 UTC (8 hours ago)
(HTM) web link (toc.cryptobook.us)
(TXT) w3m dump (toc.cryptobook.us)
| [deleted]
| hwers wrote:
| I never really understood the appeal of nerding out on
| cryptography. As soon as you get it in your mind to do some fun
| innovating people tell you (correctly) to "never roll your own
| crypto". Unless you're super talented at math (on the PhD level)
| and actually could roll it on your own then I don't really see
| why you shouldn't just abstract it in your head as a solved
| problem like modern day assembly code arcana (though I guess I'm
| curious about other peoples perspective).
| Nursie wrote:
| > I never really understood the appeal of nerding out on
| cryptography
|
| Gaining an understanding of how it works can help you avoid
| some of the pitfalls when dealing with it.
|
| IMHO I always work better when I understand what's going on at
| least one layer down from where I'm playing. Nerding out on it
| can also help you understand how serious some attacks are and
| how broken your systems might be.
|
| Never roll your own is good advice in production. Knock
| yourself out for test systems, for fun and exploration, but if
| you have some 'fun innovating' that you think might be good for
| real world use, pay someone that knows their stuff to audit it
| before trusting it. That's just common sense when it's so easy
| to get wrong.
| FiberBundle wrote:
| Even if you use existing implementations, you can still use
| them in the wrong way and really screw up. Knowing how to
| correctly use implementations and what mistakes to avoid should
| be required for anybody using cryptography and that takes some
| familiarity with the material.
| dr_zoidberg wrote:
| I work in digital forensics. You wouldn't believe the
| misconceptions about "crypthgraphic hashes" and cryptography in
| general that are around in my area. If everyone took an intro
| course to cryptography that wouldn't happen as much as it does.
|
| So there you have, one reason to take this course that is not
| "roll your own crypto" (which you should never do, unless you
| really really really know what you're doing. And even then you
| should check with a few people smarter than you to make sure
| everything is as you think it is.
| lbriner wrote:
| You are right that the basics are often misunderstood but an
| Intro course this is not! Knowing what prime factoring is can
| be interesting if you like maths but definitely not required
| to understand on a practical level the difference between
| symmetrical, asymmetrical and things like CSPRNG vs hashing.
| vlovich123 wrote:
| First, those people don't materialize out of nowhere. They
| usually learn from this kind of content.
|
| Secondly, the "don't roll your own crypto" is general advice.
| It means "you're probably trying to solve a problem that
| already has a battle-tested solution.
|
| A lot of really talented people clearly roll their own crypto,
| otherwise we wouldn't regularly have innovation in this field
| (although to be fair probably 90% of the ones that get traction
| are from DJB).
|
| Finally, even if you should troll your own crypto algorithm,
| you probably still need to apply it to your problem domain.
| Understanding how to think about those attack vectors helps you
| understand the trade offs of which algorithms to pick. This
| makes the collaboration with a security team/security review
| more meaningful.
| tptacek wrote:
| We don't regularly get innovation from generalists who pick
| up and figure out cryptography on their own. Daniel J.
| Bernstein is a professor of cryptography. Most of the
| innovations we see in cryptography come from people with
| graduate degrees in cryptography.
|
| If you're someone like that, you don't need advice from
| random people on the Internet about whether you should
| practice in your field. Obviously, you should. But if you're
| someone who mostly spends their time writing general-purpose
| software and just find cryptography super fascinating or
| morally compelling, you _do_ need the advice, because the
| cryptography you come up with is likely to get somebody hurt.
| pr07ecH70r wrote:
| Very nice reading.
| ultrasounder wrote:
| I was just looking at resources for a complete beginner to get
| started with Cryptography for Infosec/CyberSec and this book
| topped all the recommendations. Hoping to see it updated soon.
| hawk_ wrote:
| My intro to cryptography was in a class by Victor Shoup. Highly
| recommend any of his books or materials. While I ended up not
| taking up cryptography professionally, I have fond memories from
| his course.
| baby wrote:
| If you're looking for a less mathy introduction to cryptography,
| and a more applied ressource, check the book Real-World
| Cryptography. It wrote it over the last two years and a half and
| it just got released on Amazon a few weeks ago.
|
| It teaches you about the cryptographic constructions that you run
| into all the time as a dev (https/ssl/tls, encryption, hashing,
| etc.) and gives you pointers on how not to mess things up (and
| what libraries to use, etc.)
|
| I also wrote a post a while back on why I was writing this book
| and why you should pick it up:
| https://www.cryptologie.net/article/504/why-im-writing-a-boo...
| [deleted]
| thecleaner wrote:
| I think the Bruce Schneiers Applied Cryptography is also really
| good. In fact it was written so that programmers would be able
| to implement algorithms from it.
| tptacek wrote:
| Applied Cryptography is probably the worst book on
| cryptography engineering in broad circulation. It is a
| scourge.
|
| https://sockpuppet.org/blog/2013/07/22/applied-practical-
| cry...
|
| It's best to think of Applied Cryptography as an almanac or a
| work of pop science. The worst thing you can do with it is
| implement directly from it.
| baby wrote:
| In the link I posted you can read my point of view on this:
|
| > The other two somewhat respected resources at the time were
| Applied Cryptography and Cryptography Engineering (both from
| Schneier). But these books were starting to be quite
| outdated. Applied Cryptography spent 4 chapters on block
| ciphers, with a whole chapter on cipher modes of operation
| but none on authenticated encryption. Cryptography
| Engineering had a single mention of elliptic curve
| cryptography (in a footnote).
| foo92691 wrote:
| Applied Cryptography is an excellent book, but it is very
| very old. Nearly 25 years old.
|
| The foreword of the semi-recent (2015) "20th anniversary
| edition" (which appears to be a reissue of the 2nd edition)
| even recommends that you look for a more modern reference.
|
| And one of the lessons of the last decades is that
| programmers should generally _not_ be implementing their own
| cryptography unless that is their specialty.
| nfoz wrote:
| The book that "clicked" for me is: Cryptography Engineering:
| Design Principles and Practical Applications, by
| Ferguson/Schneier/Kohno (2015) [1]
|
| In plain language it walks through what I wanted to know, in a
| modern and paranoid perspective, as a readable narrative, from
| the point of view that we want to design each of the basic crypto
| primitives ourselves.
|
| [1]
| https://onlinelibrary.wiley.com/doi/book/10.1002/97811187223...
| tptacek wrote:
| Unfortunately, Cryptography Engineering (nee Practical
| Cryptography) is very much showing its age. It's a much better
| book than Applied Cryptography, but it's still pre-modern ---
| it spends a lot of time on outmoded multiplicative group
| asymmetric encryption, essentially excludes AEAD cryptography
| (which are the most important constructions in modern
| cryptography), and has weird advice on random number generation
| (that probably made sense before the world standardized on OS-
| level CSPRNGs).
|
| It's easy to forget how old Practical Cryptography is, but: it
| predates Vaudenay's padding oracle attack.
| nfoz wrote:
| Wow! 2015 crypto is that outdated now? Thanks for the heads
| up! Now I'm feeling my own age lol.
|
| Anything else you'd recommend that isn't mentioned here yet?
| tptacek wrote:
| Cryptography Engineering is essentially a re-release of
| Practical Cryptography, which was published in 2003.
|
| For the audience that Practical Cryptography contemplates,
| I like both Real World Cryptography by Wong, and Serious
| Cryptography by JP Aumasson.
| nfoz wrote:
| Ahh makes sense. Thanks!
| pvg wrote:
| Previously:
|
| https://news.ycombinator.com/item?id=22980003
| dang wrote:
| Thanks! Expanded list:
|
| _A Graduate Course in Applied Cryptography (2020)_ -
| https://news.ycombinator.com/item?id=28784207 - Oct 2021 (1
| comment)
|
| _A Graduate Course in Applied Cryptography_ -
| https://news.ycombinator.com/item?id=22980003 - April 2020 (36
| comments)
|
| _A Graduate Course in Applied Cryptography_ -
| https://news.ycombinator.com/item?id=22013751 - Jan 2020 (76
| comments)
|
| _A Graduate Course in Applied Cryptography [pdf]_ -
| https://news.ycombinator.com/item?id=10119029 - Aug 2015 (23
| comments)
| a-dub wrote:
| this looks awesome! totally bookmarking it for the reading list!
|
| particularly liking how "applied" means actual practical
| applications and system design.
| 36384947375455 wrote:
| I want to understand the math in this book. What background and
| recommended resources do you guys recommend to learn to
| understand it?
| antegamisou wrote:
| You'd need a good grasp on Discrete Math, Probability Theory
| and most likely Number theory.
|
| For the first, Rosen's "Discrete Math and Its Applications" is
| quite thorough including many solved & unsolved problems.
|
| There are too many good resources for probability & number
| theory to choose from, so I'd recommend something like MIT OCW
| for the first one, at least.
| 36384947375455 wrote:
| Can you send a link for the probability course that you have
| in mind? Thanks for the discrete rec!
| ellis-bell wrote:
| I'm not sure what courses they had in mind, but Victor
| Shoup (one of the authors of the OP) has a book on number
| theory and algebra that goes over probability. That would
| probably be most useful if your goal is to study the
| applied crypto book.
|
| The prerequisites are (self-reported) minimum, just
| calculus and mathematical maturity should be sufficient. I
| would check it out (it's free) and see if it's at an
| appropriate level.
|
| Unfortunately I've yet to come across an introductory text
| or course on probability that is actually good :-(
|
| https://www.shoup.net/ntb/
| antegamisou wrote:
| It is 18.05 "Introduction to Probability and Statistics"
|
| https://ocw.mit.edu/courses/mathematics/18-05-introduction-
| t...
|
| I thought there were video lectures available but
| apparently I was wrong however the class notes are
| (hopefully!) sufficient.
| ngngngng wrote:
| What's your background? I just started A Programmer's
| Introduction to Mathematics because I also got stuck on math
| when I was previously studying cryptography. Not sure if it
| will actually solve my problem but so far seems like a great
| place to start.
|
| https://pimbook.org/
| 36384947375455 wrote:
| I'm a beginner in math. I know the basics of proofs.
| julienchastang wrote:
| I'm just finishing "Cryptography: A Very Short Introduction" from
| the OUP series. I found it to be a useful starting point even
| though (as the title says) it does not go into much detail, and
| it is a bit dated as well (currencies are not mentioned). It
| does, however, cover fundamentals that you can supplement with
| videos and other texts.
| thecleaner wrote:
| Anybody ever understand the attack game setups ? I felt like its
| a bit overcomplicated just to prove a contradiction. Also I am
| not sure if the metrics introduced like SSAdv and Message
| recovery advantage actually are used in places other than this
| book.
| suddensleep wrote:
| In my experience working through the first few chapters, I'll
| say that the attack game framework is pretty standard across
| lots of course materials from universities (at least the ones
| that I've found posted online). One thing that is _not_
| consistent is the notation used; it seems like there are
| multiple competing (but essentially equivalent) sets of
| notations used in attack game /advantage discussions.
| Nursie wrote:
| I loved Dan Boneh's "Crypto 1" course on coursera about 10 years
| ago, and signed up for "Crypto 2" immediately. After a few years
| of postponement I unsubscribed from the emails, I guess it never
| happened :(
|
| But I will take a look through this as it looks like it covers
| some of the same ground and then continues from there...
| xNeil wrote:
| https://www.coursera.org/learn/crypto2 Is this it?
| Tomte wrote:
| Yes, it's been in that waiting state forever and even links
| to the submitted online book as a substitute to look at.
| dang wrote:
| A pdf is at https://toc.cryptobook.us/book.pdf
|
| (That was the submitted URL but we changed it to the home page of
| the book.)
| jszymborski wrote:
| Is there any chance the LaTeX files available for this book? I'd
| love to try my hand at binding a physical copy but would need to
| get the page size to A5.
| grifball wrote:
| Lemme know if you find them
| atilimcetin wrote:
| Also I can highly recommend Introduction to Cryptography course
| by Christof Paar -
| https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg (and the
| text book
| https://link.springer.com/book/10.1007/978-3-642-04101-3 but you
| may not need it)
|
| About 2-3 years ago, I've watched all the lectures and then a
| couple of months ago I've watched them again to remember the
| details. It's joy watching Christof giving cryptography lectures.
| lordofgibbons wrote:
| Would you say this intro course is a prerequisite to taking the
| applied course linked by OP?
| atilimcetin wrote:
| After looking into the TOC of A Graduate Course in Applied
| Cryptography, I would say the contents of these two are
| pretty similar to each other.
| Ar-Curunir wrote:
| No, the textbook is much more focused on rigorous security
| definitions and proving security of primitives against
| these definitions.
| suddensleep wrote:
| I've worked through the entire Paar book (which is
| excellent), and I've made a number of attempts at getting
| through Boneh and Shoup (which is also excellent). I will say
| that there is a good overlap in content, but the Boneh/Shoup
| is solidly graduate-level, whereas Paar is a good and solid
| introduction for an undergraduate student.
___________________________________________________________________
(page generated 2021-10-19 23:00 UTC)