I've been working through the Cryptopals Crypto challenges (https://cryptopals.com) over the last month-and-a-half (almost done with Set 6), and they've been extremely educational.
Attacks that I thought were just "theoretical" turned out to be very practical (sometimes even quite simple.) I've always known that one shouldn't roll their own crypto because there's so many ways to shoot yourself -- but holy hell, executing some of these attacks really drive the point through.
(Also, I've learned more number theory in the last few weeks than in my whole life!)
If anyone's interested, I've been solving them in Go (which turned out to be surprisingly convenient for many reasons), and my solutions (so far) are here: https://github.com/0xfe/cryptopals.
Cryptopals strikes me as a very good way of scaring people from not only inventing, but also implementing their own crypto. It seems it's primary effect is to make people confident enough to repeat the "don't roll your own crypto" mantra to anyone who would listen.
Some people however don't really have a choice. "Just Libsodium" doesn't work on anything smaller than a Raspberry-Pi, or pretty much any embedded system out there. There are alternatives out there (shameless plug: https://monocypher.org), but sometimes your only choice is to code and optimise it yourself.
Sometimes, your only reasonable choice is to implement your own crypto. And I can tell from experience, a few weeks of full time learning is enough to not shoot yourself in the foot. The trick is to learn the right things (not everybody can spend a few weeks with Dan Boneh), but if you limit yourself to simple primitives like Chacha20 and Curve25519, it's not that hard. (Fun fact: I did not spend a few weeks with Dan Boneh, and I did shoot myself in the foot once.)
Because let's be honest: you don't need to know all the attacks to protect yourself from them. What you need to know is the relevant classes of attacks, and how to void them. For instance, all timing attacks are stopped if your code runs in constant time (which in practice mostly means without secret-dependent branches and without secret-dependent indices).
They are, however, a little bit out of date in 2020, and the promised follow-ups never materialized for about 6 years now. Some things never changed from 2014 though, so it's a good start
I don't think you need even an undergraduate education in mathematics to get into cryptography; for many people it's the other way around. Cryptography can be a great motivator to learn the underlying math. Concepts that may have seemed too abstract to be useful suddenly become practical tools that help you build something that solves a real problem.
I love my colleagues who have come from cryptography research programs; they are awesome! But the majority of my colleagues working on cryptography in practice come from software and security engineering backgrounds. You might think that is just a dividing line between folks who design and analyze cryptography, and those who implement it, but I don't think so. I've seen folks from both backgrounds be able to work on cryptography design and implementation.
IANAC but would the lattice stuff or the other post-quantum stuff require it? "Not having a solid math education" might be a condition with an expiration date if so.
Could you offer some tips/advice/resource for a SWE looking to get involved in applied cryptography?
It seems like a very dense subject, with different areas being of different levels of importance depending on how deeply you’re involved (eg, researching vs writing application code)
> If you can, just get a Ph.D. at a place with a good crypto group (remember that Ph.D.'s in computer science are effectively free)
Which I'm not sure is great advice except for someone who wants a full time career in cryptography. And if you want a career in cryptography it's fairly obvious that the most well trodden root is via a PhD (which is definitely not free when you compare it to how much you could be earning in industry with a compsci or math degree)
Learning Cryptography in any way is never going to be free, when you could have spent that time building a SaaS or doing LeetCode exercises to land a Google job. In fact most people's life choices are very expensive through this lens.
Can anyone elaborate on how CS Ph.D.'s are 'free'? Does this apply to UK universities?
I'm aware of scholarships but I'm not from an under-represented background nor am I a genius. I suppose the student loan would cover the costs but I don't consider that free.
Cryptography is one of those areas that I believe a PHD actually helps. And going through it automatically proves that you have what is needed for future jobs.
"Applied Cryptography" is the best-written book on this topic that I know of. Author is a brilliant communicator. Esp. the section on cryptographic protocols should be required reading for any computer scientist. It's not overly rigorous or mathematical, and has a lot of informality and humor, so it's a fairly light read. You don't need a lot of mathematical maturity to read it (and reading things like this helps develop mathematical maturity).
Unfortunately, the 2nd edition adds "50% more words, 7 more chapters, and over 1600 new references." I thought the first edition was better in length. It was novel-length, and reads as well as a novel. Going from long-ish novel to short-ish trilogy makes this somewhat less readable. But c'est la vie.
[+] [-] zeroxfe|5 years ago|reply
Attacks that I thought were just "theoretical" turned out to be very practical (sometimes even quite simple.) I've always known that one shouldn't roll their own crypto because there's so many ways to shoot yourself -- but holy hell, executing some of these attacks really drive the point through.
(Also, I've learned more number theory in the last few weeks than in my whole life!)
If anyone's interested, I've been solving them in Go (which turned out to be surprisingly convenient for many reasons), and my solutions (so far) are here: https://github.com/0xfe/cryptopals.
[+] [-] loup-vaillant|5 years ago|reply
Some people however don't really have a choice. "Just Libsodium" doesn't work on anything smaller than a Raspberry-Pi, or pretty much any embedded system out there. There are alternatives out there (shameless plug: https://monocypher.org), but sometimes your only choice is to code and optimise it yourself.
Sometimes, your only reasonable choice is to implement your own crypto. And I can tell from experience, a few weeks of full time learning is enough to not shoot yourself in the foot. The trick is to learn the right things (not everybody can spend a few weeks with Dan Boneh), but if you limit yourself to simple primitives like Chacha20 and Curve25519, it's not that hard. (Fun fact: I did not spend a few weeks with Dan Boneh, and I did shoot myself in the foot once.)
Because let's be honest: you don't need to know all the attacks to protect yourself from them. What you need to know is the relevant classes of attacks, and how to void them. For instance, all timing attacks are stopped if your code runs in constant time (which in practice mostly means without secret-dependent branches and without secret-dependent indices).
[+] [-] koeng|5 years ago|reply
[+] [-] shp0ngle|5 years ago|reply
[+] [-] lucas-piske|5 years ago|reply
[+] [-] colmmacc|5 years ago|reply
I love my colleagues who have come from cryptography research programs; they are awesome! But the majority of my colleagues working on cryptography in practice come from software and security engineering backgrounds. You might think that is just a dividing line between folks who design and analyze cryptography, and those who implement it, but I don't think so. I've seen folks from both backgrounds be able to work on cryptography design and implementation.
[+] [-] vsareto|5 years ago|reply
[+] [-] ralston3|5 years ago|reply
It seems like a very dense subject, with different areas being of different levels of importance depending on how deeply you’re involved (eg, researching vs writing application code)
[+] [-] barbegal|5 years ago|reply
> If you can, just get a Ph.D. at a place with a good crypto group (remember that Ph.D.'s in computer science are effectively free)
Which I'm not sure is great advice except for someone who wants a full time career in cryptography. And if you want a career in cryptography it's fairly obvious that the most well trodden root is via a PhD (which is definitely not free when you compare it to how much you could be earning in industry with a compsci or math degree)
[+] [-] quickthrower2|5 years ago|reply
[+] [-] thevirtuoso1973|5 years ago|reply
I'm aware of scholarships but I'm not from an under-represented background nor am I a genius. I suppose the student loan would cover the costs but I don't consider that free.
[+] [-] markus_zhang|5 years ago|reply
Cryptography is one of those areas that I believe a PHD actually helps. And going through it automatically proves that you have what is needed for future jobs.
[+] [-] xtajv|5 years ago|reply
To learn about some cryptography fundamentals:
* Read Katz & Lindell's Introduction to Modern Cryptography
* If you're missing math background, read Timothy Gowers' blog
* Supplement: Take Jonathan Katz' and Dan Boneh's MOOCS (links in post)
To get to the point where you can "design/analyze crypto protocols" (and maybe know what you're doing):
* Read Oded Goldreich's Foundations of Cryptography (Volumes 1&2)
* Try to have quasi-intelligent conversations with real cryptographers (advice for this in blog post)
* Get a PhD somewhere with a good crypto program
edit: formatting
[+] [-] wegs|5 years ago|reply
Unfortunately, the 2nd edition adds "50% more words, 7 more chapters, and over 1600 new references." I thought the first edition was better in length. It was novel-length, and reads as well as a novel. Going from long-ish novel to short-ish trilogy makes this somewhat less readable. But c'est la vie.
[+] [-] anvarik|5 years ago|reply
[+] [-] hmwhy|5 years ago|reply
[+] [-] anaphor|5 years ago|reply
Edit: someone else answered already https://news.ycombinator.com/item?id=23386815
[+] [-] kragen|5 years ago|reply
[+] [-] lucas-piske|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] non-entity|5 years ago|reply
This has stopped me from learning so many things at this point it's not even funny.
[+] [-] markus_zhang|5 years ago|reply
[+] [-] nine_k|5 years ago|reply
Try to frame learning more useful bits of math like that.