[HN Gopher] A Graduate Course in Applied Cryptography ___________________________________________________________________ A Graduate Course in Applied Cryptography Author : ColinWright Score : 245 points Date : 2021-10-19 14:36 UTC (8 hours ago) (HTM) web link (toc.cryptobook.us) (TXT) w3m dump (toc.cryptobook.us) | [deleted] | hwers wrote: | I never really understood the appeal of nerding out on | cryptography. As soon as you get it in your mind to do some fun | innovating people tell you (correctly) to "never roll your own | crypto". Unless you're super talented at math (on the PhD level) | and actually could roll it on your own then I don't really see | why you shouldn't just abstract it in your head as a solved | problem like modern day assembly code arcana (though I guess I'm | curious about other peoples perspective). | Nursie wrote: | > I never really understood the appeal of nerding out on | cryptography | | Gaining an understanding of how it works can help you avoid | some of the pitfalls when dealing with it. | | IMHO I always work better when I understand what's going on at | least one layer down from where I'm playing. Nerding out on it | can also help you understand how serious some attacks are and | how broken your systems might be. | | Never roll your own is good advice in production. Knock | yourself out for test systems, for fun and exploration, but if | you have some 'fun innovating' that you think might be good for | real world use, pay someone that knows their stuff to audit it | before trusting it. That's just common sense when it's so easy | to get wrong. | FiberBundle wrote: | Even if you use existing implementations, you can still use | them in the wrong way and really screw up. Knowing how to | correctly use implementations and what mistakes to avoid should | be required for anybody using cryptography and that takes some | familiarity with the material. | dr_zoidberg wrote: | I work in digital forensics. You wouldn't believe the | misconceptions about "crypthgraphic hashes" and cryptography in | general that are around in my area. If everyone took an intro | course to cryptography that wouldn't happen as much as it does. | | So there you have, one reason to take this course that is not | "roll your own crypto" (which you should never do, unless you | really really really know what you're doing. And even then you | should check with a few people smarter than you to make sure | everything is as you think it is. | lbriner wrote: | You are right that the basics are often misunderstood but an | Intro course this is not! Knowing what prime factoring is can | be interesting if you like maths but definitely not required | to understand on a practical level the difference between | symmetrical, asymmetrical and things like CSPRNG vs hashing. | vlovich123 wrote: | First, those people don't materialize out of nowhere. They | usually learn from this kind of content. | | Secondly, the "don't roll your own crypto" is general advice. | It means "you're probably trying to solve a problem that | already has a battle-tested solution. | | A lot of really talented people clearly roll their own crypto, | otherwise we wouldn't regularly have innovation in this field | (although to be fair probably 90% of the ones that get traction | are from DJB). | | Finally, even if you should troll your own crypto algorithm, | you probably still need to apply it to your problem domain. | Understanding how to think about those attack vectors helps you | understand the trade offs of which algorithms to pick. This | makes the collaboration with a security team/security review | more meaningful. | tptacek wrote: | We don't regularly get innovation from generalists who pick | up and figure out cryptography on their own. Daniel J. | Bernstein is a professor of cryptography. Most of the | innovations we see in cryptography come from people with | graduate degrees in cryptography. | | If you're someone like that, you don't need advice from | random people on the Internet about whether you should | practice in your field. Obviously, you should. But if you're | someone who mostly spends their time writing general-purpose | software and just find cryptography super fascinating or | morally compelling, you _do_ need the advice, because the | cryptography you come up with is likely to get somebody hurt. | pr07ecH70r wrote: | Very nice reading. | ultrasounder wrote: | I was just looking at resources for a complete beginner to get | started with Cryptography for Infosec/CyberSec and this book | topped all the recommendations. Hoping to see it updated soon. | hawk_ wrote: | My intro to cryptography was in a class by Victor Shoup. Highly | recommend any of his books or materials. While I ended up not | taking up cryptography professionally, I have fond memories from | his course. | baby wrote: | If you're looking for a less mathy introduction to cryptography, | and a more applied ressource, check the book Real-World | Cryptography. It wrote it over the last two years and a half and | it just got released on Amazon a few weeks ago. | | It teaches you about the cryptographic constructions that you run | into all the time as a dev (https/ssl/tls, encryption, hashing, | etc.) and gives you pointers on how not to mess things up (and | what libraries to use, etc.) | | I also wrote a post a while back on why I was writing this book | and why you should pick it up: | https://www.cryptologie.net/article/504/why-im-writing-a-boo... | [deleted] | thecleaner wrote: | I think the Bruce Schneiers Applied Cryptography is also really | good. In fact it was written so that programmers would be able | to implement algorithms from it. | tptacek wrote: | Applied Cryptography is probably the worst book on | cryptography engineering in broad circulation. It is a | scourge. | | https://sockpuppet.org/blog/2013/07/22/applied-practical- | cry... | | It's best to think of Applied Cryptography as an almanac or a | work of pop science. The worst thing you can do with it is | implement directly from it. | baby wrote: | In the link I posted you can read my point of view on this: | | > The other two somewhat respected resources at the time were | Applied Cryptography and Cryptography Engineering (both from | Schneier). But these books were starting to be quite | outdated. Applied Cryptography spent 4 chapters on block | ciphers, with a whole chapter on cipher modes of operation | but none on authenticated encryption. Cryptography | Engineering had a single mention of elliptic curve | cryptography (in a footnote). | foo92691 wrote: | Applied Cryptography is an excellent book, but it is very | very old. Nearly 25 years old. | | The foreword of the semi-recent (2015) "20th anniversary | edition" (which appears to be a reissue of the 2nd edition) | even recommends that you look for a more modern reference. | | And one of the lessons of the last decades is that | programmers should generally _not_ be implementing their own | cryptography unless that is their specialty. | nfoz wrote: | The book that "clicked" for me is: Cryptography Engineering: | Design Principles and Practical Applications, by | Ferguson/Schneier/Kohno (2015) [1] | | In plain language it walks through what I wanted to know, in a | modern and paranoid perspective, as a readable narrative, from | the point of view that we want to design each of the basic crypto | primitives ourselves. | | [1] | https://onlinelibrary.wiley.com/doi/book/10.1002/97811187223... | tptacek wrote: | Unfortunately, Cryptography Engineering (nee Practical | Cryptography) is very much showing its age. It's a much better | book than Applied Cryptography, but it's still pre-modern --- | it spends a lot of time on outmoded multiplicative group | asymmetric encryption, essentially excludes AEAD cryptography | (which are the most important constructions in modern | cryptography), and has weird advice on random number generation | (that probably made sense before the world standardized on OS- | level CSPRNGs). | | It's easy to forget how old Practical Cryptography is, but: it | predates Vaudenay's padding oracle attack. | nfoz wrote: | Wow! 2015 crypto is that outdated now? Thanks for the heads | up! Now I'm feeling my own age lol. | | Anything else you'd recommend that isn't mentioned here yet? | tptacek wrote: | Cryptography Engineering is essentially a re-release of | Practical Cryptography, which was published in 2003. | | For the audience that Practical Cryptography contemplates, | I like both Real World Cryptography by Wong, and Serious | Cryptography by JP Aumasson. | nfoz wrote: | Ahh makes sense. Thanks! | pvg wrote: | Previously: | | https://news.ycombinator.com/item?id=22980003 | dang wrote: | Thanks! Expanded list: | | _A Graduate Course in Applied Cryptography (2020)_ - | https://news.ycombinator.com/item?id=28784207 - Oct 2021 (1 | comment) | | _A Graduate Course in Applied Cryptography_ - | https://news.ycombinator.com/item?id=22980003 - April 2020 (36 | comments) | | _A Graduate Course in Applied Cryptography_ - | https://news.ycombinator.com/item?id=22013751 - Jan 2020 (76 | comments) | | _A Graduate Course in Applied Cryptography [pdf]_ - | https://news.ycombinator.com/item?id=10119029 - Aug 2015 (23 | comments) | a-dub wrote: | this looks awesome! totally bookmarking it for the reading list! | | particularly liking how "applied" means actual practical | applications and system design. | 36384947375455 wrote: | I want to understand the math in this book. What background and | recommended resources do you guys recommend to learn to | understand it? | antegamisou wrote: | You'd need a good grasp on Discrete Math, Probability Theory | and most likely Number theory. | | For the first, Rosen's "Discrete Math and Its Applications" is | quite thorough including many solved & unsolved problems. | | There are too many good resources for probability & number | theory to choose from, so I'd recommend something like MIT OCW | for the first one, at least. | 36384947375455 wrote: | Can you send a link for the probability course that you have | in mind? Thanks for the discrete rec! | ellis-bell wrote: | I'm not sure what courses they had in mind, but Victor | Shoup (one of the authors of the OP) has a book on number | theory and algebra that goes over probability. That would | probably be most useful if your goal is to study the | applied crypto book. | | The prerequisites are (self-reported) minimum, just | calculus and mathematical maturity should be sufficient. I | would check it out (it's free) and see if it's at an | appropriate level. | | Unfortunately I've yet to come across an introductory text | or course on probability that is actually good :-( | | https://www.shoup.net/ntb/ | antegamisou wrote: | It is 18.05 "Introduction to Probability and Statistics" | | https://ocw.mit.edu/courses/mathematics/18-05-introduction- | t... | | I thought there were video lectures available but | apparently I was wrong however the class notes are | (hopefully!) sufficient. | ngngngng wrote: | What's your background? I just started A Programmer's | Introduction to Mathematics because I also got stuck on math | when I was previously studying cryptography. Not sure if it | will actually solve my problem but so far seems like a great | place to start. | | https://pimbook.org/ | 36384947375455 wrote: | I'm a beginner in math. I know the basics of proofs. | julienchastang wrote: | I'm just finishing "Cryptography: A Very Short Introduction" from | the OUP series. I found it to be a useful starting point even | though (as the title says) it does not go into much detail, and | it is a bit dated as well (currencies are not mentioned). It | does, however, cover fundamentals that you can supplement with | videos and other texts. | thecleaner wrote: | Anybody ever understand the attack game setups ? I felt like its | a bit overcomplicated just to prove a contradiction. Also I am | not sure if the metrics introduced like SSAdv and Message | recovery advantage actually are used in places other than this | book. | suddensleep wrote: | In my experience working through the first few chapters, I'll | say that the attack game framework is pretty standard across | lots of course materials from universities (at least the ones | that I've found posted online). One thing that is _not_ | consistent is the notation used; it seems like there are | multiple competing (but essentially equivalent) sets of | notations used in attack game /advantage discussions. | Nursie wrote: | I loved Dan Boneh's "Crypto 1" course on coursera about 10 years | ago, and signed up for "Crypto 2" immediately. After a few years | of postponement I unsubscribed from the emails, I guess it never | happened :( | | But I will take a look through this as it looks like it covers | some of the same ground and then continues from there... | xNeil wrote: | https://www.coursera.org/learn/crypto2 Is this it? | Tomte wrote: | Yes, it's been in that waiting state forever and even links | to the submitted online book as a substitute to look at. | dang wrote: | A pdf is at https://toc.cryptobook.us/book.pdf | | (That was the submitted URL but we changed it to the home page of | the book.) | jszymborski wrote: | Is there any chance the LaTeX files available for this book? I'd | love to try my hand at binding a physical copy but would need to | get the page size to A5. | grifball wrote: | Lemme know if you find them | atilimcetin wrote: | Also I can highly recommend Introduction to Cryptography course | by Christof Paar - | https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg (and the | text book | https://link.springer.com/book/10.1007/978-3-642-04101-3 but you | may not need it) | | About 2-3 years ago, I've watched all the lectures and then a | couple of months ago I've watched them again to remember the | details. It's joy watching Christof giving cryptography lectures. | lordofgibbons wrote: | Would you say this intro course is a prerequisite to taking the | applied course linked by OP? | atilimcetin wrote: | After looking into the TOC of A Graduate Course in Applied | Cryptography, I would say the contents of these two are | pretty similar to each other. | Ar-Curunir wrote: | No, the textbook is much more focused on rigorous security | definitions and proving security of primitives against | these definitions. | suddensleep wrote: | I've worked through the entire Paar book (which is | excellent), and I've made a number of attempts at getting | through Boneh and Shoup (which is also excellent). I will say | that there is a good overlap in content, but the Boneh/Shoup | is solidly graduate-level, whereas Paar is a good and solid | introduction for an undergraduate student. ___________________________________________________________________ (page generated 2021-10-19 23:00 UTC)