Top products from r/crypto

I'm a PhD student. My day typically involves some of the following:

1. Reading old and new research papers related to my work.
   
   Some of the reading I do is work by my advisor (whose model I'm using in my own work) or people in the field that we're working to solve the same or similar problems. Sometimes it will be related work that I will need to cite in my own papers that I need to understand. Sometimes it will be about cryptographic primitives that I want to make use of in one of my own papers. Sometimes I will read about works that I want to extend, including their "Future Work" section to figure out what the unsolved problems in the area are. Reading can also involve printing out a paper and keeping notes on it or running some small examples by hand to see if things make sense. For example, I'm currently reading the SmartPool paper and re-reading the Ouroboros paper for the n-th time.
   
   
2. Writing my own papers.
   
   I'm currently working on three papers. These are nice examples, because each of them is in a different stage: The first one is finished and I'm polishing it; the second one has been accepted at a major conference, but still needs some work; the third one is in exploratory and at very early stage.
   
   My Non-Interactive Proofs of Proof-of-Work paper is in quite mature stage and has a dozen citations now. Some people have followed up on this paper and have given me extensive feedback, which I want to incorporate and use to improve the paper. I will go over their feedback and make small fixes, check my math again, and so on. Someone made a lecture on my work on YouTube which I would go through to see how they educate people about my work and to see if my writing is as clear as I would like it to be. This paper hasn't been published in a formal venue yet, so I'm also waiting for a response and refreshing my email these days, as it's the time the responses from a conference I've submitted it to come out.
   
   A second paper I'm working on is called "Proof-of-Stake Sidechains". This has not yet been made public, but it has been accepted in a major conference. I'm being urged by my advisor and co-authors to keep working on it so that we can put it up on ePrint very soon. This work involves reading footnotes and comments scribbled on the paper by my co-authors which scrutinize my security proof and basically point out mathematical mistakes in my thinking. As the conference version contains proof sketches, but the open-access version will contain fully formal proofs, most of the work is in the formalism and the precise mathematics. My work involves re-structuring my lemmas by, for instance, splitting them up, merging them, changing their assumptions, or changing their statements. Sometimes I will look at a proof portion and realize there's a mistake and try to fix it. Or the proof will be correct, but the writing will be too unclear and I will try to make it a bit more readable or verbose. I'm also working a lot on making my algorithms (pseudocode) clearer by changing some of my notation, making them shorter, ensuring my variable names are good, and so on. Some of my work here also includes formatting the paper to look better in LaTeX, adding explanatory paragraphs in the text where I feel things are not clear, and sometimes changing the narrative and doing "editorial" work on the text, such as moving sections around or splitting up a section or so.
   
   A third paper I'm working on will probably be called something along the lines of "Blockchain Moustaches: Adversarially censoring block predicates", but I'm not sure yet. In this work, we don't know much yet, but we're trying to figure things out. We have a few theorem sketches which we think are true, but we're not sure. I'm trying to create proof sketches there. I will run some examples on my notebook and maybe make some proof attempt in a specific direction. Some other work I'm doing here is thinking about relevant applications of what we're doing and considering whether our work can be applied in areas where we haven't thought of yet. This work consists of googling about topics and trying to figure out how various practical systems work, including reading some code. Also, if I have an idea but I'm unable to approach it in theory, I will write code to run simulations in which I can confirm my hypotheses. For example, I will implement an attack and see if it works with some probability and calculate it using a Monte Carlo approach. Or I will make a prototype implementation of one of my new schemes to measure how fast it is, how many bytes it takes up (e.g. a new signature scheme), or how many bytes it requires on the network (e.g. for a new cryptographic protocol that runs on the network).
   
   In practice, this means that I'm spending most of my time either on my notebook or in front of my computer writing LaTeX in Atom and committing in git/github.
   
   
3. Reading books and doing coursework. As part of my PhD, I'm currently required to take a few master courses. This semester, I'm taking a course on Computational Complexity and another one on Axiomatic Set Theory. Work here is what a typical master student will do. Read the book, attend the lectures, solve exercises, take exams, and so on. Sometimes I will also read a chapter from a book more closely related to cryptography, e.g. Katz's "Introduction to Modern Cryptography".
   
   
4. Meetings. I will typically have a couple of meetings every day, most of which take place via video conferencing.
   
   My meetings will be with my advisor or my co-authors, in which we will go over some section of our paper where some thing is unclear. As I'm the student here, typically I will present some of my progress and ask questions to help me find my way. Another thing I will do is I will explain a portion of my proof to my co-authors and they will confirm that I'm in the right direction or they may have some insightful comment about something that I'm missing.
   
   I'm also working with some master students to supervise their master theses and I have some meetings with them also. Here I will hear about their progress and give them general direction. I'm currently working with a student who is implementing one of my papers in practice. We will often discuss a section of my paper and clarify something in my pseudocode, or look at his code and see if it makes sense. Sometimes he will ask me questions about the security of my scheme or why I'm doing things the way I'm doing them in theory and if he needs to include certain checks in practice. Perhaps we will work through an example on a whiteboard to illustrate why a certain attack is possible if some aspect of the construction is incorrectly implemented.
   
   I'm also working with IOHK, a company with an engineering team who are implementing some of my schemes in production. I'll have a meeting with them every once in a while, in which their engineers will ask me questions about my scheme and they will gauge my reaction about what they're doing. They'll present their work and we will discuss if it's in the right direction. Sometimes they will make simplifying assumptions in the code and we'll talk about whether they make sense security-wise. Sometimes they will give me insight about how things are different in practice and about something that I have missed in one of my papers and inspire me to write an additional section or change something. Here they also sometimes point out related work which I'll put in my backlog for later reading.
   
   
5. Teaching. Sometimes I'm a Teaching Assistant in certain courses. I'm not doing it this semester, but we're planning for a couple of courses next semester (a graduate course on "Introduction to Cryptography" and another one for "Introduction to Blockchains"). If I'm actively helping, like I will do next semester, this can involve teaching for a couple of hours in the amphitheater, answering student questions, preparing exam questions, correcting exercises submitted by students, preparing slides for my next presentation, or creating new exercises that people will solve. Exercises can be theoretical or practical, and in the case of practical exercises I may have to write some code to automatically check students' solutions (which are also in the form of code).
   
   
6. Conference participation. I'm spending these couple of months in my lab in Athens, but more often than not I will be traveling and attending conferences. I will attend talks where people present their work, or sometimes I'll give a talk about my work to an audience and take their questions. If I'm giving a talk, some of my work involves preparing slides or notes, rehearsing, and doing a trial in front of my colleagues at the lab. In some conferences that are less academic and more practical, we will try to make some of the work we do more accessible and collaborate with produces to create YouTube videos about our work that can be viewed by a broader audience.
   
   I guess that sums up most of my days! If you have further questions feel free to reach out :)

You should definitely have solid mathematical skills, but computer science helps as well. I did both (bachelors in both, masters in both, PhD in a mathematics/CS hybrid department).

First try to get a broad knowledge of the subject, then figure out what area interests you the most. Here's a few references that might interest you:

• So you want to be a cryptographer: Bruce Schneier's essay on how to become a cryptographer. You should read this first!
  
• How not to learn cryptography: Seny Kamara's blog on how he learned cryptographer, and opinions on what is right and wrong.
  
• The Matasano crypto challenges: Shows you a lot of crypto mistakes that happen in practice, that a beginner can learn without having heavy math skills.
  
• So you want to learn to break ciphers: My blog showing some basic, non-mathematical techniques for breaking ciphers.
  
• Tom St Denis' book: Tom became a celebrity in crypto. In the early days, he was a highschool student, not doing his homework but instead learning crypto through the old sci.crypt newsgroup. He had a very strong thirst for knowledge, and a bunch of people were happy to help him. He ended up writing an awesome crypto library (LibTomCrypt) and I believe he even got a few scientific publications, and became very well known in the crypto community.
  
  
  Crypto is a big, big field, and there are all sorts of places to specialise in. Find out what your passion is and go from there.
  

Being a "techy" isn't really useful with learning and understanding crypto. There's many cryptographers that are mathematicians who barely use computers. Cryptography is a multi-faceted discipline but the typical divide is between mathematicians and computer scientists.

So having a foundation in math & computer science is very useful.

In any case, Simon Singh's book is a good introduction. It is a pleasant read but a bit fluffy.

Although not specifically crypto, I would start with Network Security by Kaufman et al. It primarily discusses network security but gently introduces some cryptography primitives.

Another book from a mathematician perspective is this book.

Then there's joy of cryptography which is a formal treatment using a notion of provable security (a bit of a different take to Katz & Lindell Modern Cryptography), which computer scientists tend to have a boner for.

I really liked Cryptography: Theory of Practice. It's like reading a math book with useful real world examples. :)

The book is not so programming related but really, cryptography is pretty much just applied discreet math. Most of the exercises require programming but it's fairly trivial.
In my opinion the hard part isn't the programming; it's understanding the math behind.

Good luck finding what you're looking for.

I am also fairly new to the subject. The first book I read on it was The Code Book by Simon Singh. I highly recommend it.

It was written in 1999, and is not an up-to-date, hands-on resource for encryption software. It is more of a primer on the history and evolution of codes and encryption, with great explanations of the foundations of the psychology and mathematics of codes. It's well written, a fun read, and very informative for beginning studies.

I hope it's ok in this sub to post a link to it. It's a non-affiliate Amazon link:

http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323

Implementing SSL/TLS

https://www.amazon.com/Implementing-SSL-TLS-Joshua-Davies/dp/0470920416/ref=sr_1_4?keywords=openssl&qid=1550253200&s=gateway&sr=8-4

practical guide to implementing SSL and TLS. All examples are written in C with the implementation of DES, AES, RC4, Large Integer Arithmetic, RSA, Deffie-Hellman, HMAC, DSA, Elliptic Curve, X.509.

​

For me, the best theoretical books on cryptography, but without deep immersion in mathematics:

Understanding Cryptography: A Textbook for Students and Practitioners

https://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000/ref=sr\_1\_1?crid=3700J8SGJK4QP&keywords=understanding+cryptography&qid=1550253725&s=gateway&sprefix=Undes%2Caps%2C295&sr=8-1

and it goes better with video lectures https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg

​

A good book on cryptanalysis for symmetric algorithms:

The Block Cipher Companion (Information Security and Cryptography)

https://www.amazon.com/Cipher-Companion-Information-Security-Cryptography/dp/3642173411/ref=sr_1_fkmrnull_1?crid=NNR5L5I1VYK2&keywords=block+cipher+companion&qid=1550253926&s=gateway&sprefix=The+Block+cipher+%2Caps%2C340&sr=8-1-fkmrnull

​

good exercise: http://cryptopals.com/

​

I've only just become interested in cryptography, thanks to all the NSA "news" I guess. So far, I'm really enjoying the book: Everyday Cryptography by Keith M. Martin!.

It is a nice intro, full of references and further reading and even has exercises to help you really understand the subject. It is light on math, so not for serious crypto-freaks I guess.

The Code Book has an excellent explanation of its origin and its innards. The author devotes an entire chapter to PGP. In fact, the entire book is really good, and he does a good job at explaining the algorithms it covers (the chapter on the Enigma machine reads like a suspense novel). It also mentions websites where you can get implementations of it.

If you have the money, it's a must-buy.

Specific to Cryptanalysis (in order):

1. start with this great tutorial on FEAL cryptanalysis
   
   
2. then try the matsano challenges
   
   
3. finally followed by Schneier's self study course on cryptanalysis.
   
   
   Good intermediate texts on cryptography/cryptology:
   
   
4. From a mathematical perspective: An Introduction to Mathematical Cryptography by Silverman et al.
   
   
5. From a provable security perspective (probably the most important to both academia and industry): Introduction to Modern Cryptography (new 2nd ed.) by Katz & Lindell
   
   
6. Serge Vaudenay's A Classical Introduction to Cryptography (it's an in between of the above 2 books).
   
   
7. Christoph Paar's Understanding Cryptography with a video course.
   
   
   Lastly, a really fantastic all around book on network security (including crypto) would be: Network Security 2nd Ed. by Kaufman and Perlman. It is a little old though but still relevant. Also has great analysis of real world protocols such as IPsec (IKE, ISAKMP), Kerberos, SSL/TLS, S/MIME, etc.

Serious Cryptography is a great introductory book to look at before you dive into Blockchain. Blockchain: A Practical Guide to Developing Business, Law, and Technology Solutions would be my personal recommendation once you're ready to get more specific.

If you have zero background in crypto so far, check out this crash course article. It's a really short read and I think it's an awesome starting point. If you read nothing else before getting into blockchain, at least read through that article once or twice.

I would suggest "Cryptography Engineering" by Ferguson, Schneier and Kohno (https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246).

It gives a good introduction on how cryptography is used while not bothering with too much details. It's also oriented on building secure schemes which are helpful for security.

The detail you can always learn later ;-)

There was a lot he left out of The Code Book. If I recall he didn’t even mention elliptic curves or the NSA’s duplicitous role in influencing their recommendation by NIST. Simon briefly mentions the history of elliptic curves here.

I would give Cryptography Engineering a read. It’s more technical than Simon’s book but if this topic interests you this approachable book is going to be a great read.

Simon also compiled a list of links for what he considers are good “what’s next” recommendations: https://simonsingh.net/cryptography/crypto-links/

Mathematical Notation: A Guide for Engineers and Scientists has helped me out a lot. It isn't really a "math book", in that it doesn't really teach you concepts. But it tells you what things are and what they do in general. So if you don't know what Σ means, it will tell you, and at least give you a place to start.

For crypto you probably also want a book on number theory.

Also, Understanding Cryptography: A Textbook for Students and Practitioners is the best intro to cryptography book I've come across. I found it easy to understand (relative to other books).

I'm a math guy and fairly new to the subject, but I'm loving this book and see it recommended quite often:

https://www.amazon.com/Introduction-Modern-Cryptography-Principles-Protocols/dp/1584885513

There are not that many books specifically focused on cryptanalysis apparently. But that being said, a few weeks ago I discovered Modern Cryptanalysis in a local college library and have begun working through it. I'm a few chapters in and it's pretty good thus far. The author writes in the introduction that he was teaching a course on cryptanalysis and couldn't find a good textbook for the course, so he wrote this one.

Simon Singh's book is fantastic. It was one of my early reads in the field of crypto. I read it when I was in middle school so I don't think it would be too techy for you! But it covers a ton of topics, including topics that will be relevant into the future. So in short: yes, buy it.

EDIT: It occurred to me that I read one of Simon's earlier works, I think it's part of the same series? Anyway, my recommendation is: https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

I recently read "Serious Cryptography: A Practical Introduction to Modern Cryptography"[1] and I recommend it.

​

It explains the basics without going too much into the theoretical bits and proofs and even goes a bit into post-quantum stuff.

​

Other than that, I really enjoyed Dan Boneh's Cryptography I course on Coursera [2]. I did not have time to do the assignments when I took it, but even just the theory is very interesting and up to date.

​

[1] https://www.amazon.com/Serious-Cryptography-Practical-Introduction-Encryption/dp/1593278268/

[2] https://www.coursera.org/learn/crypto

Aside from the books others mentioned, I wanted to also suggest one that recently came out: "Serious Cryptography" by Jean-Philippe Aumasson. What I like about this book is that it focuses on teaching crypto via programming practical implementations. So if you like coding and learning by example I highly recommend it.

Link: https://www.amazon.com/dp/1593278268/ref=cm_sw_r_cp_apa_RSWKAbQZMK4FV

Our CEO recommends Understanding Cryptography: A Textbook for Students and Practitioners as a more technical reference. It teaches the modular arithmetic and other technical fundamentals required for really understanding the math behind crypto. It provides a good background on symmetric and asymmetric cryptographic schemas and includes a good bit of the technical history behind DES, AES etc.

https://www.amazon.com/gp/product/3642041000/ref=oh_aui_search_detailpage?ie=UTF8&psc=1

I found this book to be excellent:

https://www.amazon.com/Everyday-Cryptography-Fundamental-Principles-Applications/dp/0199695598/

I have a strong programming background but not such a strong maths background. I found the book to be technical (explaining the different ciphers, different modes, etc) without dwelling on the maths. The first section seemed a little slow but I was glad that I read it because it was all relevent later on

I started with this book: https://www.amazon.com/Practical-Cryptography-Niels-Ferguson/dp/0471223573 and can't recommend it strongly enough as an entry point.

It doesn't get into the algorithms but instead the different types and modes of encryption, when you would want to use them, and why. That can serve as a nice jumping off point to more detailed research.

It's a very approachable book and you'll come out of the book knowing how to use crypto well.

"The Code Book" by Simon Singh is a really great introduction via the history of cryptography. It covers a lot of old codes and how they are broken in detail, and then touches on more modern cryptography towards the end. It has a great bibliography to springboard you toward more detailed knowledge.

I liked Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar et al. when I took an Introduction to Cryptographic Algorithms course at my university. I helped make something more clear.

Oh Bruce, how I love thee.

I'd have to agree with /u/pint. The Design of Rijndael is basically the handbook on this. It explains the so called Wide Trail Strategy, which deals with exactly what you're after. You might be able to find some of this in Joan Daemen's PhD thesis as well (at the bottom of this page) - a lot of the stuff in The Design of Rijndael is from there.

"Implementing SSL/TLS Using Cryptography and PKI": http://www.amazon.com/gp/product/0470920416/ref=s9_simh_gw_p14_d3_g14_i1?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-2&pf_rd_r=0H1HAN6S1YBSF6FSFHC1&pf_rd_t=101&pf_rd_p=470938631&pf_rd_i=507846

The book is about SSL in general, but since SSL is heavy on crypto and PKI, the first half covers the concepts of symmetric and asymmetric cryptography in what I like to call "programmer level" detail ; )

https://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000/ref=sr_1_1?ie=UTF8&qid=1485304166&sr=8-1&keywords=understanding+cryptography

Understanding Cryptography by Chrisotf Parr is really good. He also has complementary videos on YouTube

http://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000/ref=pd_sim_b_3?ie=UTF8&refRID=1EM3SY1NFVMV3NW2SY63

this book is easier to digest for beginners at crypto. you can find it around on the web.

As you say: Having an M.Sc in Crypto may provide a good foundation, but what, if any, specialist qualification or knowledge it provides is questionable.

The biggest personal milestones have been reading Stinson's work, and being able to understand and synthesize results on my own within that body of work. For example, with FHE, being able to port some of the claims into CUDA.

That said, it'd be interesting if there were ways to attest to the knowledge and practice of individuals on the subject. Right now it seems almost purely reputation based.

Here is the explanation that stuck with me. It's from a mathematician here on Reddit and it made /r/bestof a year ago: https://www.reddit.com/r/math/comments/3tn1xq/what_intuitively_obvious_mathematical_statements/cx7np4t/

Also, check out The Code Book by Simon Singh for a fascinating history of how encryption got to where we are today, and where we are going.

To add to this: Practical Cryptography by Schneier and Ferguson is my top recommendation.

"Modern Cryptanalysis" covers a lot of the techniques up through 2008 (when it was published).

https://smile.amazon.com/Modern-Cryptanalysis-Techniques-Advanced-Breaking/dp/047013593X

Disclaimer: I wrote it.

I'm also a fan of "Algebraic Cryptanalysis", but it's a bit more mathematical.

> 300MHZ

No, the 2.5W USB stick is 300 Million Hashes per second.

The blade is another device. 10.7 Billion hashes per second, 75W, $35.

10.7 Ghash/s

So divide your 88.41158 years by a factor of 35 (i.e. divide by 10700/300 = 35)

88.41158 / 35 = 2.526 years

That's with $350 investment. If i was the NSA, and i had $3500 to spend it would be 3 months.

| Number of 10.7 Ghash blades | Investment | Power (W) | Time to crack |
|-----------------------------------|--------------|-------|-----------|
| 1 | $35 | 75W (light bulb) | 25 years |
| 10 | $350 | 750W (my house with the central fan on) | 2.526 years |
| 100 | $3,500 | 7.5 kW (my house with electric dryer on high) | 2 months |
| 1,000 | $35,000 | 75 kW | 6 days |
| 10,000 | $350,000 | 750 kW | 15 hours |
| 100,000 | $3.5M | 7.5 MW | 1.5 hours |
| 1,000,000 | $35M | 75 MW | 9 minutes |
| 10,000,000 | $350M | 750 MW (a single nuclear reactor) | 54 seconds |

Understanding Cryptography: A Textbook for Students and Practitioners

Try Cryptanalysis: A Study of Ciphers and Their Solution by Helen Gaines. This book addresses classical (pre-computing) cryptography. It's cheap and discusses mental / pencil and paper methods rather than heavy mathematics.

Everyday Cryptography

For classical cryptography, check out https://www.nsa.gov/news-features/declassified-documents/military-cryptanalysis/

https://www.amazon.ca/Elementary-Cryptanalysis-Mathematical-Abraham-Sinkov/dp/0883856220

https://www.amazon.ca/Cryptanalysis-Study-Ciphers-Their-Solution/dp/0486200973

It might be a rebranding of one of those. Alternatively, email one of the technical consultants for the movie and ask them.

http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099

Maybe start here: https://www.schneier.com/blog/archives/2011/04/schneiers_law.html

and https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign

Then https://www.crypto101.io/

Then https://nostarch.com/seriouscrypto

and https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246

and https://www.coursera.org/learn/crypto

and https://www.amazon.com/exec/obidos/ISBN=0849385237/7181-7381933-595174

This is pure junk - Don't use that site. It does not teach people about using modern crypto, just barely mentions that exists.....

See that book instead https://www.amazon.ca/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/ref=mp_s_a_1_2/138-6683061-6847431?ie=UTF8&qid=1541615715&sr=8-2&pi=AC_SX236_SY340_FMwebp_QL65&keywords=simon+singh&dpPl=1&dpID=51CC3yLf5mL&ref=plSrch

What's the difference between this one and this one?

Depending on age, The Code Book is a very approachable history and introduction to cryptography.

is it this one?

https://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323

Koblitz is a real red, it's kind of funny. His Course in Number Theory and Cryptography has this dedication:

>This book is dedicated to the memory of the students of Vietnam, Nicaragua, and El Salvador who lost their lives in the struggle against U.S. aggression. The author's royalties from sales of the book will be used to buy mathematics and science books for the universities and institutes of those three countries.