CS255 Intro to Cryptography was one of my favorite courses as a Stanford student. Dan is an incredible instructor. If you want more Stanford security course material, I also recommend CS253 Web Security (https://web.stanford.edu/class/cs253/) (disclosure: I created this course) and CS356 Topics in Computer and Network Security (https://cs356.stanford.edu/).
Seconding this - I loved 155, 255, and 251 from Professor Boneh. He's very talented and was one of my favorite instructors for multiple years; great at explaining concepts.
I took an online cryptography course from this professor a few years back. It was very good.
Even though I have a background in math that class made me realize I don't want to be a professional cryptographer, which in itself is pretty nice.
But all joking aside I really enjoyed the way that crypto systems were analyzed using demons and games to try and discern the random bit stream from the encrypted bytes.
Same here. I also took the course from Coursera a few years ago and I really enjoyed it. The conclusion? It’s hard to get it right so don’t do crypto yourself! Quite cynical, but it kinda killed my interest in pursuing it further.
Excellent course. The only caveat I want to add is, the estimated hours to complete (23 hours) can vary extremely, depending on your 'pre-mastery' of the subject (or lack of it). Prepare and pace yourself considering that.
Looks good, but I wish there was a practicioner-oriented resource for how to use cryptographic libraries that didn't start by focusing on the math. I don't need to know the intricacies of RSA, I need to know how to securely compose it with other primitives to engineer a system with the desired properties.
I wanted to have a better understanding of crypto, simply to feel more confident in writing programs that use existing protocols, and started 'Real-World Cryptography' by David Wong. I'm about 3/4 through, and I've been happy with it. It is light on math, but does go into it a little bit - it seems designed for the kind of person who isn't comfortable using something until they understand how it works under-the-hood, but doesn't actually need to do any under-the-hood work.
It has taught me enough that I think I could compose a protocol out of primitives that on the surface appears to do what I've intended it to do. It has also taught me that there are many subtleties that can completely break a protocol, combining primitives can lead to unexpected weaknesses, and many people who understand crypto far better than I ever will have created broken protocols out of secure primitives.
I'm not sure it's the book you're looking for, but I think it's a good book if you want to understand crypto, but not design your own.
I want to put a word in here for being cautious about the capabilities you can achieve in novel systems --- software developers are often working with multiple whole sieverts of novelty without realizing it --- without having a lot of the boring theory stuff nailed down.
If you're using (say) libsodium to do exactly the kind of thing 100 other developers have successfully used libsodium to do in the past, you're fine. But it takes a deceptively small and subtle set of steps to end up synthesizing a new cryptosystem (see: attempts to build secure messaging systems out of libsodium primitives) without realizing that's what you're doing.
"Secure composition" is definitely covered in the course. It doesn't talk only about the details of RSA (though there are some lectures about that), but also about what security properties different primitives satisfy, how to compose them safely, etc.
A large part of modern cryptography is figuring out secure composition.
A lot of people in this thread seem to be interested in a hands-on, no theory, practical way of learning crypto. If this is you check out (HN MVP tptacek's) cryptopals.com
An excellent course and one that has been critical in my professional development. Worth noting that Dan Boneh is also an advisor for a16z crypto's research team[1], and he produces a significant amount of blockchain-related content with them.[2]
Maybe we're looking at different things, but the link appears to discuss ElGamal encryption, which is discrete log based (which means modern implementations use elliptic curves; historically it would have been discrete log in a subgroup of a large prime field). It also talks about BLS signatures, which are exclusively elliptic curve based.
By and large, anything whose security relies on discrete log can be implemented using an elliptic curve, but beginning cryptography classes treat that as an implementation detail because mostly all you need is a prime-order group, and elliptic curves can mostly be treated as a black-box prime order group.
(BLS signatures are an exception; they require a bilinear pairing, which in turn requires a special kind of elliptic curve that's not just a black-box prime order group.)
There are all sorts of great algebraic geometry tricks to be played with elliptic curves, but those almost certainly aren't going to be found in an intro crypto class, or maybe any CS class...
I would like to add the thought of looking at where these elliptic curves are deployed, things like embedded devices and implementations bitcoin-core libraries for say secp256k1 [0].
Ref:
[0] Optimized C library for EC operations on curve secp256k1
If anybody's interested in any of the algorithms and papers that underpin most modern cryptography, we created a dedicated page on our site[0] as an homage to the great cryptographers of the last century(!) (and their works).
This is a fantastic course. I took it in 2018, and that started a snowball of online learning that lead to me doing Georgia Tech’s Online Masters in Computer Science program. I just finished that this semester. These sorts of programs are fantastic structure for life-long learners.
Dan Boneh is amazing. I took his Cryptography course at Stanford and loved it so much that I ended up having him advise me on my senior thesis. Would highly recommend stuff that he puts out.
I took this course ages ago, along with the follow up Crypto II. Dan is a great instructor, and his courses helped fill in a number of gaps in my knowledge. Highly recommended!
[+] [-] feross|1 year ago|reply
Videos for CS253 are online here: https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cH...
[+] [-] amyamyamy2|1 year ago|reply
[+] [-] Aaronstotle|1 year ago|reply
[+] [-] johnwatson11218|1 year ago|reply
Even though I have a background in math that class made me realize I don't want to be a professional cryptographer, which in itself is pretty nice. But all joking aside I really enjoyed the way that crypto systems were analyzed using demons and games to try and discern the random bit stream from the encrypted bytes.
[+] [-] foma-roje|1 year ago|reply
[+] [-] pdevr|1 year ago|reply
[+] [-] failbuffer|1 year ago|reply
[+] [-] Vegenoid|1 year ago|reply
It has taught me enough that I think I could compose a protocol out of primitives that on the surface appears to do what I've intended it to do. It has also taught me that there are many subtleties that can completely break a protocol, combining primitives can lead to unexpected weaknesses, and many people who understand crypto far better than I ever will have created broken protocols out of secure primitives.
I'm not sure it's the book you're looking for, but I think it's a good book if you want to understand crypto, but not design your own.
[+] [-] tptacek|1 year ago|reply
If you're using (say) libsodium to do exactly the kind of thing 100 other developers have successfully used libsodium to do in the past, you're fine. But it takes a deceptively small and subtle set of steps to end up synthesizing a new cryptosystem (see: attempts to build secure messaging systems out of libsodium primitives) without realizing that's what you're doing.
Learn a bunch of the theory! It's important.
[+] [-] splix|1 year ago|reply
Ex.: https://gist.github.com/tqbf/be58d2d39690c3b366ad or https://www.latacora.com/blog/2018/04/03/cryptographic-right...
[+] [-] foma-roje|1 year ago|reply
Book by Bruce Schneier, Niels Ferguson, and Tadayoshi Kohno.
[+] [-] Ar-Curunir|1 year ago|reply
A large part of modern cryptography is figuring out secure composition.
[+] [-] lordgrenville|1 year ago|reply
[+] [-] galleywest200|1 year ago|reply
[+] [-] lazzlazzlazz|1 year ago|reply
[1]: https://a16zcrypto.com/research/
[2]: https://a16zcrypto.com/team/dan-boneh/
[+] [-] nailer|1 year ago|reply
And it’s all RSA. Can crypto tutorials please add ECC already?
[+] [-] kwantam|1 year ago|reply
By and large, anything whose security relies on discrete log can be implemented using an elliptic curve, but beginning cryptography classes treat that as an implementation detail because mostly all you need is a prime-order group, and elliptic curves can mostly be treated as a black-box prime order group.
(BLS signatures are an exception; they require a bilinear pairing, which in turn requires a special kind of elliptic curve that's not just a black-box prime order group.)
There are all sorts of great algebraic geometry tricks to be played with elliptic curves, but those almost certainly aren't going to be found in an intro crypto class, or maybe any CS class...
[+] [-] blacklion|1 year ago|reply
[+] [-] meling|1 year ago|reply
[+] [-] AlexCoventry|1 year ago|reply
https://toc.cryptobook.us/
[+] [-] amingilani|1 year ago|reply
I want to learn about elliptic curve cryptography and post quantum crypto systems.
[+] [-] alternativity|1 year ago|reply
[+] [-] dvas|1 year ago|reply
Ref:
[0] Optimized C library for EC operations on curve secp256k1
https://github.com/bitcoin-core/secp256k1
[+] [-] ShaneCurran|1 year ago|reply
[0]: https://evervault.com/papers
[+] [-] dvas|1 year ago|reply
[+] [-] funcimp|1 year ago|reply
[+] [-] the_svd_doctor|1 year ago|reply
[+] [-] zer0tonin|1 year ago|reply
[+] [-] withzombies|1 year ago|reply
[+] [-] Jagah|1 year ago|reply
[deleted]
[+] [-] paladin314159|1 year ago|reply
[+] [-] davepeck|1 year ago|reply
[+] [-] Bnjoroge|1 year ago|reply
[+] [-] lifeinthevoid|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]