###
Author: Jean-Philippe Aumasson

Published in: No Starch Press

ISBN: 978-1593-2-7826-7

File Type: pdf

File Size: 2 MB

Language: English

Author: Jean-Philippe Aumasson

Published in: No Starch Press

ISBN: 978-1593-2-7826-7

File Type: pdf

File Size: 2 MB

Language: English

Published in: No Starch Press

ISBN: 978-1593-2-7826-7

File Type: pdf

File Size: 2 MB

Language: English

__Description__
I’ve heard “crypto is hard” more than a dozen times since then. But is crypto really that hard? To play an instrument, master a programming language, or put the applications of any fascinating field into practice, you need to learn some concepts and symbols, but doing so doesn’t take a PhD. I think the same applies to becoming a competent cryptographer. I also believe that crypto is perceived as hard because cryptographers haven’t done a good job of teaching it. Another reason why I felt the need for Serious Cryptography book is that crypto is no longer just about crypto—it has expanded into a multidisciplinary field. To do anything useful and relevant in crypto, you’ll need some understanding of the concepts around crypto: how networks and computers work, what users and systems need, and how attackers can abuse algorithms and their implementations. In other words, you need a connection to reality.

The initial title of Serious Cryptography book was Crypto for Real to stress the practice-oriented, real-world, no-nonsense approach I aimed to follow. I didn’t want to make cryptography approachable by dumbing it down, but instead tie it to real applications. I provide source code examples and describe real bugs and horror stories. Along with a clear connection to reality, other cornerstones of Serious Cryptography book are its simplicity and modernity. I focus on simplicity in form more than in substance: I present many non-trivial concepts, but without the dull mathematical formalism. Instead, I attempt to impart an understanding of cryptography’s core ideas, which are more important than remembering a bunch of equations. To ensure the book’s modernity, I cover the latest developments and applications of cryptography, such as TLS 1.3 and post-quantum cryptography. I don’t discuss the details of obsolete or insecure algorithms such as DES or MD5. An exception to this is RC4, but it’s only included to explain how weak it is and to show how a stream cipher of its kind works. Serious Cryptography isn’t a guide for crypto software, nor is it a compendium of technical specifications—stuff that you’ll easily find online. Instead, the foremost goal of Serious Cryptography book is to get you excited about crypto and to teach you its fundamental concepts along the way.

While writing, I often imagined the reader as a developer who’d been exposed to crypto but still felt clueless and frustrated after attempting to read abstruse textbooks and research papers. Developers often need—and want—a better grasp of crypto to avoid unfortunate design choices, and I hope Serious Cryptography book will help. But if you aren’t a developer, don’t worry! The book doesn’t require any coding skills, and is accessible to anyone who understands the basics of computer science and college-level math (notions of probabilities, modular arithmetic, and so on). Serious Cryptography book can nonetheless be intimidating, and despite its relative accessibility, it requires some effort to get the most out of it. I like the mountaineering analogy: the author paves the way, providing you with ropes and ice axes to facilitate your work, but you make the ascent your-self. Learning the concepts in Serious Cryptography book will take an effort, but there will be a reward at the end.

The book has fourteen chapters, loosely split into four parts. The chapters are mostly independent from one another, except for Chapter 9, which lays the foundations for the three subsequent chapters. I also recommend reading the first three chapters before anything else.

Fundamentals

• Chapter 1: Encryption introduces the notion of secure encryption, from weak pen-and-paper ciphers to strong, randomized encryption.

• Chapter 2: Randomness describes how a pseudorandom generator works, what it takes for one to be secure, and how to use one securely.

• Chapter 3: Cryptographic Security discusses theoretical and practical notions of security, and compares provable security with probable security.

Symmetric Crypto

• Chapter 4: Block Ciphers deals with ciphers that process messages block per block, focusing on the most famous one, the Advanced Encryption Standard (AES).

• Chapter 5: Stream Ciphers presents ciphers that produce a stream of random-looking bits that are XORed with messages to be encrypted.

• Chapter 6: Hash Functions is about the only algorithms that don’t work with a secret key, which turn out to be the most ubiquitous crypto build- ing blocks.

• Chapter 7: Keyed Hashing explains what happens if you combine a hash function with a secret key, and how this serves to authenticate messages.

• Chapter 8: Authenticated Encryption shows how some algorithms can both encrypt and authenticate a message with examples, such as the standard AES-GCM. Asymmetric Crypto

• Chapter 9: Hard Problems lays out the fundamental concepts behind public-key encryption, using notions from computational complexity.

• Chapter 10: RSA leverages the factoring problem in order to build secure encryption and signature schemes with a simple arithmetic operation.

• Chapter 11: Diffie–Hellman extends asymmetric cryptography to the notion of key agreement, wherein two parties establish a secret value using only non-secret values.

• Chapter 12: Elliptic Curves provides a gentle introduction to elliptic curve cryptography, which is the fastest kind of asymmetric cryptography.

Applications

• Chapter 13: TLS focuses on Transport Layer Security (TLS), arguably the most important protocol in network security.

• Chapter 14: Quantum and Post-Quantum concludes with a note of science fiction by covering the concepts of quantum computing and a new kind of cryptography.

### Serious Cryptography Book’s Approach

The initial title of Serious Cryptography book was Crypto for Real to stress the practice-oriented, real-world, no-nonsense approach I aimed to follow. I didn’t want to make cryptography approachable by dumbing it down, but instead tie it to real applications. I provide source code examples and describe real bugs and horror stories. Along with a clear connection to reality, other cornerstones of Serious Cryptography book are its simplicity and modernity. I focus on simplicity in form more than in substance: I present many non-trivial concepts, but without the dull mathematical formalism. Instead, I attempt to impart an understanding of cryptography’s core ideas, which are more important than remembering a bunch of equations. To ensure the book’s modernity, I cover the latest developments and applications of cryptography, such as TLS 1.3 and post-quantum cryptography. I don’t discuss the details of obsolete or insecure algorithms such as DES or MD5. An exception to this is RC4, but it’s only included to explain how weak it is and to show how a stream cipher of its kind works. Serious Cryptography isn’t a guide for crypto software, nor is it a compendium of technical specifications—stuff that you’ll easily find online. Instead, the foremost goal of Serious Cryptography book is to get you excited about crypto and to teach you its fundamental concepts along the way.

### Who Serious Cryptography Book Is For

While writing, I often imagined the reader as a developer who’d been exposed to crypto but still felt clueless and frustrated after attempting to read abstruse textbooks and research papers. Developers often need—and want—a better grasp of crypto to avoid unfortunate design choices, and I hope Serious Cryptography book will help. But if you aren’t a developer, don’t worry! The book doesn’t require any coding skills, and is accessible to anyone who understands the basics of computer science and college-level math (notions of probabilities, modular arithmetic, and so on). Serious Cryptography book can nonetheless be intimidating, and despite its relative accessibility, it requires some effort to get the most out of it. I like the mountaineering analogy: the author paves the way, providing you with ropes and ice axes to facilitate your work, but you make the ascent your-self. Learning the concepts in Serious Cryptography book will take an effort, but there will be a reward at the end.

### How Serious Cryptography Book Is Organized

The book has fourteen chapters, loosely split into four parts. The chapters are mostly independent from one another, except for Chapter 9, which lays the foundations for the three subsequent chapters. I also recommend reading the first three chapters before anything else.

Fundamentals

• Chapter 1: Encryption introduces the notion of secure encryption, from weak pen-and-paper ciphers to strong, randomized encryption.

• Chapter 2: Randomness describes how a pseudorandom generator works, what it takes for one to be secure, and how to use one securely.

• Chapter 3: Cryptographic Security discusses theoretical and practical notions of security, and compares provable security with probable security.

Symmetric Crypto

• Chapter 4: Block Ciphers deals with ciphers that process messages block per block, focusing on the most famous one, the Advanced Encryption Standard (AES).

• Chapter 5: Stream Ciphers presents ciphers that produce a stream of random-looking bits that are XORed with messages to be encrypted.

• Chapter 6: Hash Functions is about the only algorithms that don’t work with a secret key, which turn out to be the most ubiquitous crypto build- ing blocks.

• Chapter 7: Keyed Hashing explains what happens if you combine a hash function with a secret key, and how this serves to authenticate messages.

• Chapter 8: Authenticated Encryption shows how some algorithms can both encrypt and authenticate a message with examples, such as the standard AES-GCM. Asymmetric Crypto

• Chapter 9: Hard Problems lays out the fundamental concepts behind public-key encryption, using notions from computational complexity.

• Chapter 10: RSA leverages the factoring problem in order to build secure encryption and signature schemes with a simple arithmetic operation.

• Chapter 11: Diffie–Hellman extends asymmetric cryptography to the notion of key agreement, wherein two parties establish a secret value using only non-secret values.

• Chapter 12: Elliptic Curves provides a gentle introduction to elliptic curve cryptography, which is the fastest kind of asymmetric cryptography.

Applications

• Chapter 13: TLS focuses on Transport Layer Security (TLS), arguably the most important protocol in network security.

• Chapter 14: Quantum and Post-Quantum concludes with a note of science fiction by covering the concepts of quantum computing and a new kind of cryptography.

## 0 comments: