Aumasson - Serious cryptography: a practical introduction to modern encryption

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson

San Francisco

SERIOUS CRYPTOGRAPHY. Copyright 2018 by Jean-Philippe Aumasson.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

ISBN-10: 1-59327-826-8
ISBN-13: 978-1-59327-826-7

Publisher: William Pollock
Production Editor: Laurel Chun
Cover Illustration: Jonny Thomas Interior Design: Octopod Studios
Developmental Editors: William Pollock, Jan Cash, and Annie Choi
Technical Reviewers: Erik Tews and Samuel Neves
Copyeditor: Barton D. Reed
Compositor: Meg Sneeringer
Proofreader: James Fraleigh

For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1.415.863.9900;

Library of Congress Control Number: 2017940486

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

1
ENCRYPTION

2
RANDOMNESS

3
CRYPTOGRAPHIC SECURITY

4
BLOCK CIPHERS

5
STREAM CIPHERS

6
HASH FUNCTIONS

7
KEYED HASHING

8
AUTHENTICATED ENCRYPTION

9
HARD PROBLEMS

10
RSA

11
DIFFIEHELLMAN

12
ELLIPTIC CURVES

13
TLS

14
QUANTUM AND POST-QUANTUM

If youve read a book or two on computer security, you may have encountered a common perspective on the field of cryptography. Cryptography, they say, is the strongest link in the chain. Strong praise indeed, but its also somewhat dismissive. If cryptography is in fact the strongest part of your system, why invest time improving it when there are so many other areas of the system that will benefit more from your attention?

If theres one thing that I hope you take away from this book, its that this view of cryptography is idealized; its largely a myth. Cryptography in theory is strong, but cryptography in practice is as prone to failure as any other aspect of a security system. This is particularly true when cryptographic implementations are developed by non-experts without sufficient care or experience, as is the case with many cryptographic systems deployed today. And it gets worse: when cryptographic implementations fail, they often do so in uniquely spectacular ways.

But why should you care, and why this book?

When I began working in the field of applied cryptography nearly two decades ago, the information available to software developers was often piecemeal and outdated. Cryptographers developed algorithms and protocols, and cryptographic engineers implemented them to create opaque, poorly documented cryptographic libraries designed mainly for other experts. There wasand there has beena huge divide between those who know and understand cryptographic algorithms and those who use them (or ignore them at their peril). There are a few decent textbooks on the market, but even fewer have provided useful tools for the practitioner.

The results have not been pretty. Im talking about compromises with labels like CVE and Severity: High, and in a few alarming cases, attacks on slide decks marked TOP SECRET. You may be familiar with some of the more famous examples if only because theyve affected systems that you rely on. Many of these problems occur because cryptography is subtle and mathematically elegant, and because cryptographic experts have failed to share their knowledge with the engineers who actually write the software.

Thankfully, this has begun to change and this book is a symptom of that change.

Serious Cryptography was written by one of the foremost experts in applied cryptography, but its not targeted at other experts. Nor, for that matter, is it intended as a superficial overview of the field. On the contrary, it contains a thorough and up-to-date discussion of cryptographic engineering, designed to help practitioners who plan to work in this field do better. In these pages, youll learn not only how cryptographic algorithms work, but how to use them in real systems.

The book begins with an exploration of many of the key cryptographic primitives, including basic algorithms like block ciphers, public encryption schemes, hash functions, and random number generators. Each chapter provides working examples of how the algorithms work and what you should or should not do. Final chapters cover advanced subjects such as TLS, as well as the future of cryptographywhat to do after quantum computers arrive to complicate our lives.

While no single book can solve all our problems, a bit of knowledge can go a long way. This book contains plenty of knowledge. Perhaps enough to make real, deployed cryptography live up to the high expectations that so many have of it.

Happy reading.

Matthew D. Green
Professor
Information Security Institute
Johns Hopkins University

I wrote this book to be the one I wish I had when I started learning crypto. In 2005, I was studying for my masters degree near Paris, and I eagerly registered for the crypto class in the upcoming semester. Unfortunately, the class was canceled because too few students had registered. Crypto is too hard, the students argued, and instead, they enrolled en masse in the computer graphics and database classes.

Ive heard crypto is hard more than a dozen times since then. But is crypto really that hard? To play an instrument, master a programming language, or put the applications of any fascinating field into practice, you need to learn some concepts and symbols, but doing so doesnt take a PhD. I think the same applies to becoming a competent cryptographer. I also believe that crypto is perceived as hard because cryptographers havent done a good job of teaching it.

Another reason why I felt the need for this book is that crypto is no longer just about cryptoit has expanded into a multidisciplinary field. To do anything useful and relevant in crypto, youll need some understanding of the concepts around crypto: how networks and computers work, what users and systems need, and how attackers can abuse algorithms and their implementations. In other words, you need a connection to reality.