How to learn about cryptography
I was recently asked via email about some good resources for learning about cryptography and thought I should share a padded-out version of my reply here. I hope this is useful.
Firstly, you don’t need a computer science or maths degree to learn about cryptography. Those types of qualifications will significantly speed up the learning process when it comes to more advanced topics and may be required for very advanced topics, but in many cases, the maths behind cryptography is not necessarily important to learn. If you’re a developer, then you shouldn’t be focused on the maths. You don’t need to learn about mathematical proofs and theoretical cryptography. Ignore people telling you otherwise because they’re speaking rubbish.
I’d recommend Real-World Cryptography as a first read because it’s beginner friendly and doesn’t require a mathematical background. It explains a lot of the core concepts and discusses modern algorithms, like ChaCha20-Poly1350 and AES-GCM, in enough detail. It certainly doesn’t cover everything, but that’s good because you shouldn’t jump straight into the deep end anyway.
Another less mathematical book is Everyday Cryptography. This is a much larger book covering more topics and has very positive reviews. There’s also a free eBook called Crypto 101, which is recommended by the author of Monocypher. It’s meant to offer an introduction to cryptography for programmers of all ages and skill levels, but it’s still being written and contains some missing sections.
Some other highly regarded books include Serious Cryptography, Cryptography Engineering, and Understanding Cryptography. I believe these contain noticeably more mathematical notation than the other books I’ve mentioned, so they’re probably best for more intermediate readers.
Finally, Crypto Dictionary offers a light read and will help you learn some fun facts. However, some of the definitions aren’t really definitions, some terms/algorithms have been skipped over, and it intentionally doesn’t contain much detail. This should not be your first or second read.
The course I’ve seen recommended everywhere is Cryptography I by Dan Boneh from Stanford University, but I’d strongly advise against taking this course if you’re a beginner or someone who doesn’t have a maths background. It’s also very theoretical rather than applied, which is a shame because applied cryptography is far more important for most people.
Another course that may be less mathematical is the Introduction to Applied Cryptography course from the University of Colorado, although I haven’t looked into it enough to be sure.
There are also recorded lectures from MIT, Ruhr University Bochum, and Middle East Technical University. Plus, some universities share their notes/assignments publicly. However, these are likely more mathematical.
Lastly, a bunch of recommended computer science courses can be found on the Open Source Computer Science Degree list.
- Wikipedia contains lots of useful information and some helpful diagrams.
- Cryptography Guidelines is a document I made that outlines recommendations for cryptographic algorithm choices and parameters as well as important implementation details.
- The libsodium documentation provides a summary of information on implementing popular cryptographic algorithms properly.
- Paragon Initiative Enterprises Blog, written by a team of security professionals who develop and audit cryptography related projects.
- Neil Madden, the Security Director at ForgeRock and author of API Security in Action.
- Dhole Moments by Soatok, a freelancer.
- A Few Thoughts on Cryptographic Engineering by Matthew Green, a cryptographer and professor at Johns Hopkins University.
- Cryptologie by David Wong, the author of Real-World Cryptography.
- Little Man in My Head by Scott Contini, who has a background in security.
- Emily M. Stark, a Software Engineer working on the Google Chrome browser.
- Cryptocoding by Jean-Philippe Aumasson, which lists ‘coding rules’ for low-level implementations of cryptographic operations.
- Kudelski Security Research, written by security professionals who develop and audit cryptography related projects.
- ImperialViolet by Adam Langley, a Principal Security Engineer at Google responsible for the fix for Heartbleed.
- Loup Valliant, author of the Monocypher cryptographic library.
- Cryptography Dispatches by Filippo Valsorda, the Go security lead.
You can ask questions related to cryptography on Cryptography Stack Exchange and Reddit via r/crypto. However, I would use these as a last resort because some answers may be inaccurate and mathematical in nature rather than summarised in layman’s terms. Books are a much safer bet when it comes to locating reliable information.
Learning by doing works well. I agree with Soatok’s recommendations and would suggest progressing through the following steps over time:
- Create simple demos of common tasks (e.g. file encryption, password hashing, key derivation, key exchange, etc) using misuse resistant/hard-to-misuse APIs from Tink, libsodium, and Monocypher, with Tink being the easiest. Be sure to read the relevant documentation before coding anything. A nice libsodium cheat sheet can be found here.
- Implement existing protocols, such as the Noise One-Way Handshake Patterns, a port of Minisign to another language, and Signal’s X3DH key agreement protocol.
- Design custom protocols and constructions, such as file formats for an encryption tool, XChaCha20-BLAKE3-SIV, and a committing BLAKE3 AEAD.
- Code the simpler/less error-prone existing cryptographic primitives, such as HKDF, HMAC, ChaCha20, and BLAKE2. Always review your code against the specification and test your code using the provided test vectors.
- Complete as many Cryptopals and CryptoHack challenges as possible in a programming language of your choice.
- Code the more complex/error-prone existing cryptographic primitives, such as Poly1305 and Elligator. This is very tricky to get right. Ideally, get someone else to check such implementations.
- Design new cryptographic primitives. This is extremely difficult and best left to highly experienced professionals in academia because even they design insecure algorithms.