> All the sensible textbook titles were already taken. Actual joy not guaranteed.
Like a lot of people (I imagine) I made it through a CS bachelors program not really ‘getting’ the discrete math combinatorics part. Crypto is an area where those concepts really really matter. It’s great to see this resource available!
Again I complain on the irritating habit of non-descriptive naming of files.
book.pdf
Really? I'm saving the file for a later review and this name will guarantee I either completely lose the file or will spend more time than necessary to locate it. The other option is to rename the file on saving, which is some work which needs to be performed by each user, instead of being done just once on the source. I think this is just impolite.
Your observation is very valid, that's one of my pet peeves too, but renaming the file before saving it is also very easy. Your observation, while helpful, feels excessively negative.
I know there are a ton of pitfalls with spaces in filenames, but surely this is not one of the cases where it would apply? Unless your file save dialog replaces spaces for some reason, in which case even %20 is about as readable as _ to me.
Myself going from "web designer" to a "zero-knowledge proof cryptographer" (I'm a coauthor of Dalek Bulletproofs implementation, the cleanest API, documentation and fastest ZKP system ever) I'm sad to see crypto textbooks spending most of the time on symmetric ciphers, going through the same nonsense like ECB and then touching asymmetric only with RSA and annoying GCD stuff when everyone moved onto elliptic curves already.
I'd like to see material around modern stuff (Keccak and ECC) with only a cursory discussion of pitfalls of the past standards in contrast with the current stuff. And more time on asymmetric, discrete log and fiat-shamir protocols that are so much fun and require really a 7th grade algebra to grasp.
EDIT: what i mean, is focus first on how to use primitives and what they promise, rather than how they actually work. Once you feel like you can play with these legos, it's more fun to dig deeper and see why ECDLP is hard and how ciphers are made. But please don't start from within - it's an annoying boring mess that distracts from the true beauty: the cool things you can build with these tools.
> what i mean, is focus first on how to use primitives and what they promise
These sorts of "provable security" textbooks (like the one in the article) try and do that. They emphasise less the exact inner workings of algorithms, and more on what they supposedly achieve. Various kinds of security proofs are possible. This school of thought in cryptography does also allow you to argue fairly convincingly that some concrete ciphers are secure. So it can talk about both the inner workings of ciphers as well as what security properties they achieve.
The "provable security" approach seems to be in line with your suggestion. In fact, it was the framework under which Zero Knowledge Proofs were developed. Not every cryptographer knows about that though, so I'm not sure if you were aware...
Mike was my cryptography professor and an advisor on an independent cryptography course I took a an undergraduate at OSU. We used an early copy of this book and it was wonderful. This is a great, free, resource for anybody interested in crypto maths.
For those looking for a more exercise-oriented approach to cryptography, the Cryptopals challenge (https://cryptopals.com/) is an excellent way to discover cryptography step by step with 64 exercises with an increasing difficulty level
This is exactly the kind of book on cryptography I need.
The book uses math & pseudocode to describe algorithms instead of using popular languages like Python or C/C++.
This makes it language agnostic. Code can be very opinionated in my opinion.
This looks excellent. I tried to go through the Introduction to Cryptography by Christof Paar [1] and that material was not really suitable for me, personally. I found it too dense, and written in not very interesting manner.
Thank you for posting this book, I'll give it a go! Crypto is one of those things I have on my shameful "how-come-you-don't-know-it-yet" to-learn list :).
Really? The book might not be suitable to read it from cover to cover in bed, but still approachable. The videos are also really nice and easy going (I took the lecture at his uni, nice foundation).
Compared to this book you seem right, the glimps I had was easily digestable and still concise.
Looks like an excellent book. Would the author prefer the solutions to the exercises not be public? Or would it be welcome for someone to publish them? If the latter, I would quite happily work on it.
Is it available in a format other than PDF? Like HTML or MOBI for example? PDF is very inconvenient to read on small screens like phones or kindle. Thanks!
In case you haven't tried, I suggest using koreader. It has a good combination of a reliable crop and a usable reflow feature. Not ideal, but it's much better than constant zooming and moving the view around.
i'd guess that bots these days harvest domain names and then human names associated with them and then spam tools try common schemes for constructing email addresses. don't know for sure though.
i always thought the hotness would be to encrypt the address in source text and render/decrypt it client side in javascript, but i suppose scrapers these days use full blown headless browsers complete with javascript runtimes.
RFC 5321 requires compliant domains to have both a "postmaster" and an "abuse" email address (e.g. [email protected]). This technique will not stop a flood of spam emails to [email protected], which will end up in the postmaster inbox.
Signal message keys seem to include an IV. [1] Message keys are generated by passing a chain key through a key derivation function. [2] So you can also expand a shared secret established through Diffie-Hellman.
The IV (or the nonce, in an AEAD) is usually public, but authenticated; often just appended to the message; with CBC mode, you'd normally prefix the message with the IV, and include the IV in your HMAC.
I read this book as an introduction to cryptography. Very well written. More understandable and easier to follow than any other texts I've read on cryptography.
I've often thought the use of prime numbers to be the weakness in cryptography.
Whilst theory is different in practice due to machine limitations, there are only so many prime numbers a machine can present in a limited timespan restricting the range of primes available to use.
With this in mind, and then knowing what a webserver will typically use by simply browsing the website with different encryption algo's disabled in the browser if its not possible to work out the underlying webserver software and version from a variety of methods like a simple 404 message, decoding the URL or using DPI, further limits the encryption algorithms to spend time reversing when using the replay attack method making it somewhat more targeted. Its still a sort of brute force but a more targeted brute force.
So should I see primes as a weakness in cryptography?
First of all, primes are only used to arrive at a session key, and once you have a session key you're in the land of symmetric algorithms, which provide security by permutations rather than vectoring into prime spaces. The content of a web page does not matter at all in terms of the security being provided. A 404 is just as secure as a valid home page, in terms of cryptography. (Not in terms of application security, but that's a whole different thing.)
Second, the supply of prime numbers is countable but also infinite, and the relation between a number space and the number of primes within it is well established within the workable sizes. We have upper and lower bounds on the number of primes within certain ranges. This is partly why we end up with certain key sizes as being secure and other key sizes as being insufficient. Secure key sizes (in asymmetric algorithms) partly are secure because there are so many primes that can be fodder for key generation.
Not an expert, but I don't think it's necessarily a weakness in the current applications of cryptography. In something like RSA a typical key is >=1024 bits, which is 1.7e308 possible number so even though primes are more "limited" the actual reduction in security (if non-primes could have been used by magic) the primes that are left are still plentiful. One reason RSA is not really used anymore is because other algorithms such as elliptic curve cryptography provides much better efficiency (partially due to it not requiring primes keys). So it's less efficient than more modern technologies, but not necessarily weaker.
[+] [-] le-mark|4 years ago|reply
Like a lot of people (I imagine) I made it through a CS bachelors program not really ‘getting’ the discrete math combinatorics part. Crypto is an area where those concepts really really matter. It’s great to see this resource available!
[+] [-] k__|4 years ago|reply
[+] [-] hackcasual|4 years ago|reply
[+] [-] anjanb|4 years ago|reply
[+] [-] ZoomZoomZoom|4 years ago|reply
book.pdf
Really? I'm saving the file for a later review and this name will guarantee I either completely lose the file or will spend more time than necessary to locate it. The other option is to rename the file on saving, which is some work which needs to be performed by each user, instead of being done just once on the source. I think this is just impolite.
Here's a proper name you can copy-paste:
Mike_Rosulek_-_The_Joy_Of_Cryptography_(draft_2021-01-03).pdf
PS: The short-link-for-verbal-sharing problem is solved via a symbolic link.
[+] [-] ASalazarMX|4 years ago|reply
[+] [-] jimmygrapes|4 years ago|reply
[+] [-] mavelikara|4 years ago|reply
[+] [-] oleganza|4 years ago|reply
I'd like to see material around modern stuff (Keccak and ECC) with only a cursory discussion of pitfalls of the past standards in contrast with the current stuff. And more time on asymmetric, discrete log and fiat-shamir protocols that are so much fun and require really a 7th grade algebra to grasp.
I've also made a couple of videos on ECC basics with that approach: https://www.youtube.com/channel/UCk0r9S76wngNPJb_GlhJYdw
EDIT: what i mean, is focus first on how to use primitives and what they promise, rather than how they actually work. Once you feel like you can play with these legos, it's more fun to dig deeper and see why ECDLP is hard and how ciphers are made. But please don't start from within - it's an annoying boring mess that distracts from the true beauty: the cool things you can build with these tools.
[+] [-] ogogmad|4 years ago|reply
These sorts of "provable security" textbooks (like the one in the article) try and do that. They emphasise less the exact inner workings of algorithms, and more on what they supposedly achieve. Various kinds of security proofs are possible. This school of thought in cryptography does also allow you to argue fairly convincingly that some concrete ciphers are secure. So it can talk about both the inner workings of ciphers as well as what security properties they achieve.
The "provable security" approach seems to be in line with your suggestion. In fact, it was the framework under which Zero Knowledge Proofs were developed. Not every cryptographer knows about that though, so I'm not sure if you were aware...
[+] [-] elijahvoigt|4 years ago|reply
[+] [-] cugniere|4 years ago|reply
[+] [-] pretext|4 years ago|reply
[+] [-] max_|4 years ago|reply
This makes it language agnostic. Code can be very opinionated in my opinion.
[+] [-] davidmurdoch|4 years ago|reply
[+] [-] randombits0|4 years ago|reply
[+] [-] BossingAround|4 years ago|reply
Thank you for posting this book, I'll give it a go! Crypto is one of those things I have on my shameful "how-come-you-don't-know-it-yet" to-learn list :).
[1] https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg
[+] [-] cleemens|4 years ago|reply
Compared to this book you seem right, the glimps I had was easily digestable and still concise.
[+] [-] Moodles|4 years ago|reply
[+] [-] tuxie_|4 years ago|reply
[+] [-] ZoomZoomZoom|4 years ago|reply
https://koreader.rocks/
[+] [-] 1cvmask|4 years ago|reply
For inquiries related to this book, use [email protected], where x is the author's first name.
-
Nearly everyone with a high school education can “crack” that puzzle and figure out his email and yet most bots will fail.
[+] [-] a-dub|4 years ago|reply
i always thought the hotness would be to encrypt the address in source text and render/decrypt it client side in javascript, but i suppose scrapers these days use full blown headless browsers complete with javascript runtimes.
[+] [-] slig|4 years ago|reply
[+] [-] stevenjgarner|4 years ago|reply
[+] [-] clint|4 years ago|reply
[+] [-] slig|4 years ago|reply
[+] [-] not-elite|4 years ago|reply
Someone please correct me if I'm wrong.
[1] https://github.com/signalapp/libsignal-protocol-java/blob/ma...
[2] https://signal.org/docs/specifications/doubleratchet/Set0_1....
[+] [-] mcpherrinm|4 years ago|reply
[+] [-] tptacek|4 years ago|reply
[+] [-] jounus|4 years ago|reply
[+] [-] azalemeth|4 years ago|reply
[+] [-] ianpurton|4 years ago|reply
Or more specifically how could I create a book with formatting that looks as nice as this.
[+] [-] pangolinplayer|4 years ago|reply
[deleted]
[+] [-] Terry_Roll|4 years ago|reply
So should I see primes as a weakness in cryptography?
[+] [-] bdamm|4 years ago|reply
First of all, primes are only used to arrive at a session key, and once you have a session key you're in the land of symmetric algorithms, which provide security by permutations rather than vectoring into prime spaces. The content of a web page does not matter at all in terms of the security being provided. A 404 is just as secure as a valid home page, in terms of cryptography. (Not in terms of application security, but that's a whole different thing.)
Second, the supply of prime numbers is countable but also infinite, and the relation between a number space and the number of primes within it is well established within the workable sizes. We have upper and lower bounds on the number of primes within certain ranges. This is partly why we end up with certain key sizes as being secure and other key sizes as being insufficient. Secure key sizes (in asymmetric algorithms) partly are secure because there are so many primes that can be fodder for key generation.
[+] [-] CasperDern|4 years ago|reply
[+] [-] garmaine|4 years ago|reply
(Not because of any weakness, but because there are better, more efficient algorithms instead.)