How Do I Get Into Cryptography?

Almost every day I get asked about how someone can get into cryptography. Well, it can take a while to develop a deep understanding, but here’s my tips:

• Try and lay out the topic areas for your learning. These include: Hashing, Symmetric Key, Key Exchange, Public Key, Key Derivation Functions (KDFs), Message Authentication Codes (MACs), Tunnelling (eg TLS), and Digital Signatures. Do not go onto another topic until you fully understand the current one.
• OpenSSL is your friend and the Swiss Army Knife of Cryptography. Almost every current cryptography method can be found in OpenSSL, so find our about everything it does:
• Cover both the theory and the practice. Overall, if you understand the theory and not the practice, you will not be re-enforcing your learning. Also, if you know the practice and not the theory, you will be opening up you developments to weaknesses.
• Pick a topic that you like, such as hashing, symmetric key or public key encryption, and dive in and try to learn as much as you can on each topic. Try and avoid just surface learning them, and, if you can, get into the actual methods and understand them.
• Pick a library that covers most of the topic areas and dive into learning the implementation for the main methods. Here are some:

LibSodium (NaCl): https://asecuritysite.com/nacl/

Python Cryptography: https://asecuritysite.com/hazmat/

Bouncy Castle: https://asecuritysite.com/bouncy/

NSec.cryptography: https://asecuritysite.com/nsec/

Cloudflare CIRCL: https://asecuritysite.com/circl/

COSE/COBR: https://asecuritysite.com/cose/

• Learn about the history of cryptography. It has been a long and bumpy history in cryptography, but major breakthroughs have paved the way. The most important have included RSA, Elliptic Curve Cryptography, the Digital Signature Algorithm, the Schnorr signature, Merkle Trees, the Fiat-Shamir method, and many others. Pick one to research, and find out who created it, and how it developed.
• Read the great patents. Many of the great breakthroughs were patented. Try and discover the great patents of the past, and read them. Often a well-written patent has less maths in it than the associated research papers. Here are the six classic patents that change our digital world:
• Know those vulnerabilities. Cryptography is never perfect, and there are often a wide range of vulnabilities. While most current methods have mitigated against these, it is good to know the weaknesses of the methods we typically use. Areas of side-channel analysis are particularly difficult to guard against. If you can, do some cracking:
• Do Capture The Flags (CTFs). This is good exercse for the brain. While we don’t use ciphers much any more, it is good to train your brain on cracking cipher related puzzles:
• The maths is not that difficult one you get into it. Crytography is typically focused on finite fields, and which sounds complicated, but it just a concept that means we operate on a limited set of values. A good place to start it discrete logarithms, and which have the form of y=g^x (mod p), and where p is a prime number.
• Register for an MSc/PhD programme. There’s little better for your learning than pushing yourself to learn in a formal and structured way.
• Have Fun! Cryprography is such an interesting area, and will give you an almost endless amount of learning.

You can learn all about the wonderful world of cryptography here:

https://asecuritysite.com/

--

--

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.