1. 22

Hi folks,

So I’ve had a lot of interest in privacy preserving technologies and recently went down a rabbit hole of reading literature on homomorphic encryption / SMPC, and so on.

I will admit that I don’t have a background in crypto or anything, and so a lot of what I did was mark anything I was curious about and chase it down after (e.g. the difference between somewhat / fully homomorphic and why it matters, why we use circuits, what bootstrapping means, etc.) This was mostly from a mix of reading published papers / snippets from books / crypto stackexchange.

It’s been fun but to be honest I sense there is a lot I don’t know, and I’m just completely unaware of what I’m missing out on. I figure since I’m enjoying myself it wouldn’t hurt to start with a more basic approach and learn the fundamentals so I can better “speak / read the language”.

I found a few resources like this book: https://www.crypto-textbook.com/ and the accompanying YouTube lectures.

My hesitation from diving in is mainly from not knowing what resources are out dated / still relevant, and what a decent place to start is. My learning style is pretty flexible (I’ll get the answers I need), but just didn’t want to accidentally put a bunch of time into something that is not so useful anymore.

I suppose my end goal is to develop a good understanding of the underlying concepts so that I can apply them more confidently in practical settings.

While I don’t have a formal CS / Math background I taught myself a lot of it (also from books) so I’m fairly confident there; anything I’m rusty on I can refresh myself.

Would love to hear from anyone that has done this or is in the field for pointers…

Thanks very much

  1.  

  2. 8

    Applied Cryptography by Bruce Schneier is a really good primer on crypto. It’s old, but it’s a really good introduction to the basics, which haven’t changed over the 25 years since it was published.

    1. 12

      IMO, skip Applied Cryptography and read Cryptography Engineering which is also from Schneier but much more modern.

      1. 2

        Crypto Engineering looks perfect. Grabbed a copy, thanks to you and the other commenters.

      2. 5

        Required caveats:

        https://sockpuppet.org/blog/2013/07/22/applied-practical-cryptography/

        https://www.schneier.com/blog/archives/2009/09/the_cult_of_sch.html

        But in the introduction to Bruce Schneier’s book, Practical Cryptography, he himself says that the world is filled with broken systems built from his earlier book. In fact, he wrote Practical Cryptography in hopes of rectifying the problem.

      3. 6

        I think one big resource that’s pretty popular is cryptopals. I’ve only done the first few sets but the exercises are a lot of fun and teach you real attacks

        1. 2

          In terms of hands-on things, I’ve seen https://cryptohack.org/ be mentioned once or twice. Haven’t tried it myself, so I can’t really say anything about.

          1. 2

            I stumbled upon it this morning as I wrote my post :). I’m going to sprinkle these in, seems like a great way to get my feet wet.

          2. 3

            Most real-world books are pretty outdated at this point, I’ve been writing the book I wish I had when I got into applied cryptography. I spent more than 2 years writing it and it’s going to print soon, but you can read it online here: https://www.manning.com/books/real-world-cryptography?a_aid=Realworldcrypto&a_bid=ad500e09

            It’s an introduction to cryptography concepts that are used in applications (encryption, authentication, etc.) with more in-depth explanations on how some of the actual algorithms work (for example, AES) and how they can be used in different types of applications (SSL/TLS, secure messaging like the signal protocol, etc.) The second part of the book also covers extra topics like hardware cryptography, post-quantum cryptography, cryptocurrencies, and even some advanced topics like zero-knowledge proofs.

            I also wrote a post here on why I’m writing another book on cryptography: https://cryptologie.net/article/504/why-im-writing-a-book-on-cryptography/ which should give you more background about what kind of book it is.

            1. 2

              Wait, is the full book available online? I’ve been waiting for this book, perhaps I’ve missed an announcement? Regardless, thanks for your hard work. I really enjoy your posts on cryptologie.net, and I’ve been looking forward to “Real-World Cryptography”.

              1. 3

                I think it is slated for print release in a few months, and it seems like 15 / 16 chapters are available online. I grabbed a copy because this was almost exactly what I was looking for (judging by the preview).

            2. 2

              I studied under Prof. Paar, one of the authors of the textbook you linked. Amazing material, great didactics but mostly introductory.

              Follow it at your own pace (was 1 year in Uni, but I expect it could be done faster). and after that, I’d recommend self-study and programming with the crypto pals challenges.

              1. 1

                His lectures are available online for free, and they’re probably the most approachable and comprehensive ones I’ve seen: https://youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg

              2. 2

                I recommend https://web.engr.oregonstate.edu/~rosulekm/crypto/. The textbook is well-written and the way the attacks are presented is easy to follow.

                1. 2

                  David Wong’s writing is great, and very accessible.

                  1. 2

                    Serious Cryptography by Jean-Philippe Aumasson is one of my favorites.

                    1. 1

                      I would definitely also recommend this one.

                    2. 2

                      This is likely what you want:

                      If you want to go even deeper:

                      And as others have said the cryptopals exercises are great, and I’ve heard the Schneier book recommend elsewhere too.

                      1. 2

                        Dan Boneh, one of the authors of the latter book, offers an online course I have fond memories of.

                      2. 1

                        There is a summary of potential use cases for homomorphic encryption

                        It is a short presentation, it does not describe how things work – but gives an overview of unsolved business domain areas where these mechanisms could be used .

                        1. 1

                          I’m going to go out on a limb here and recommend something much more concrete then the standard theory books (Schneier and others): Zero to Monero.

                          Concrete stuff has a much better chance to stick than abstract and people learn from the concrete to the abstract, not the other way round (standard books tend to be organized like that).

                          The book is also structured very gradually which eases understanding.

                          The downside is you get only a slice of only some of the crypto algorithms, but you can widen that knowledge by reading other sources after it.