Encryption Newbie

Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

Author: moothecow2k PostPosted: Wed Aug 18, 2004 4:33 am    Post subject: Encryption Newbie
Hello all,

I stumbled onto this forum looking for C# encryption implementation...I've been interested in encryption for a long time, so now I've decided to get serious about learning Very Happy

Those links Wombat posted seemed like a good starting point...I think I'll drop by my library later and check out their selection. Can someone please recommend some basic encryption books? I've done two years of Computer Science, so I have some math background--linear algebra, multivariable calculus, and some probability/statistics stuff...but math isn't my strongest point.

Thanks in advance, I look forward to my time here Smile And JT, truly, you're an inspiration!

Author: mxb PostPosted: Wed Aug 18, 2004 11:15 pm    Post subject:
Well you never said what part of cryptography you were interesting in, nor what you wanted books about, so I've tried to cover most things briefly, but before you start make sure you have read:

Why cryptography is harder than it looks.

Getting back to the books, here are some suggestions from the books that I own:

History of cryptography:

Books about pen and paper ciphers:

Mathematic books:

Implementating cryptography books:

Reference books:

Also, one of the books that I keep hearing about is Applied Cryptography by Bruce Schneier, however I don't see any justification on spending any more money on books that are now just starting to just cover the same topics, so I can't give a comment on this book.

I hope this helps, and I'm sure other people will suggest ideas of other books you might like. One useful resource I have found is Schneier's Index of crypto papers online; as when someone references a paper in a posting or book, you can look it up here (as well as with google) and can probably find it somewhere on the net to download and read yourself.


Author: JustinTLocation: Asheville, NC, US / Uberlāndia, MG, Brazil PostPosted: Thu Aug 19, 2004 9:35 am    Post subject: Getting started.
The suggestions Martin has provided are excellent, in terms of introduction to the field, basic concepts, and current trends. As for Schneier's Applied Cryptography and Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography, I've given a few opinionated thoughts, here and there, on how to properly read aging literature on cryptography. I've also suggested reading Mao's Modern Cryptography, which is a mixture of the two aforementioned titles, in that it contains immense mathematical insight into cryptography, implementations, applications, modern notions of security, as well as the associated cryptanalytical theory to complement. Besides, it's a recently published book, so it has the added advantage of being fresh and up-to-date. If you are to use the other two titles, use them carefully, wisely, and as references.

This leads me to pointing out a "technique" for how to categorize modern literature on cryptography. First, you generally encounter two types of books: those that are encyclopaedically conceptual and those that are encyclopaedically trendy; Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography is an example of the former, while Schneier's Applied Cryptography is an example of the latter. Basically, with the former, you have a book that covers the mathematical basis of cryptography and general applications and implementation scenarios - it sticks with concepts. However, with the latter, you have these aspects as well, but instead of sticking with generalized concepts, you provide a snapshot of the varied trends that cryptography has been subject to, within that given frame of time - it strays into trends.

In cryptography, concepts will stay constant more than current trends, so you have to carefully juggle the validity of certain security notions. Although both titles still exhibit valid foundations in cryptography, Handbook of Applied Cryptography is a much safer book to read than Applied Cryptography, simply because the former is more conceptual and semantical; the latter contains many outdated trends and suggestions for notions that are no longer secure, or much less conservative. It's still a good book, but again - only if you know how to read it. It's more logical to recommend another book, though. The reason becomes more evident when actually implementing cryptography. Folks shouldn't design a cryptosystem based entirely on what they read from a book, but history has shown that they will; using an aging text book is one way in which insecure textbook implementations make it into practice. You can't blame the book, but you can recommend something more recent, with safer suggestions.

Second, you should pay attention to the tone of the book, because depending on the author, you will notice a significant difference in the opinionated views that influence the subject matter covered within the literature. Some books are based on widely-accepted generalizations, and oftentimes "preach to the choir", because you'll see many strikingly similar books that follow this approach; some are based on individualistic specializations, and may be viewed as partially radical, because they stray from the normality of most books, but are often just as logical. Schneier and Ferguson's Practical Cryptography is a fine example of a very opinionated, yet highly security-conservative, book. Not only are these views quite unique, but they adhere to philosophies and design methodologies of cryptographic security with higher margins than I've seen in any other contemporary book on the subject. It's based on a tremendous amount of solid cryptanalysis.

Understanding tone is important, because it helps you rationalize the different opinions you'll discover in this field, and comprehend the most efficient ways to make solid conclusions on why many cryptographers have strikingly different opinions, why many different logics can be good logics, and how to make an educated compromise in the opinions you construct for yourself, after reading such literature.

I have no qualms about suggesting any of the books mentioned in this thread, but if I were to recommend two predominant [in my opinion] books - one that introduced modern cryptographic mathematics, notions of security, implementations, applicable scenarios, general concepts, and cryptanalysis and the other that presented highly conservative philosophies and design methodologies with cryptanalysis in mind - it would definitely be, as of now, Modern Cryptography by Wenbo Mao and Practical Cryptography by Niels Ferguson and Bruce Schneier. There are different opinionated views throughout either book, but very reasonable compromises can be made between them. The former aids in properly comprehending cryptography as we conventionally know it and the latter aids in securely designing and deploying this conventional cryptography. An added plus is that even with a mediocre background in mathematics, they are exceptionally simple reads. Assuming U.S. prices, you can obtain both for around $105, roughly, based on cover prices (Modern Cryptography - $54.99 (hard jacket); Practical Cryptography - $50.00 (soft jacket)).

This will at least give you a nice boost into introductory cryptography, in the conventional sense, with a little scope into cryptanalysis. However, if you wish to learn more of cryptanalysis, it's beneficial to have a seasoned grasp on mathematical areas, such as, information theory, number theory, linear algebra, discrete mathematics, statistics, probability, combinatorics, complexity theory, group theory, field theory, and graph theory. There are several relatively great sources, such as Citeseer, Cryptology ePrint, and Springer-Verlag, for obtaining publications in cryptanalytical advancement, which essentially demonstrates the analysis of the security behind conventional cryptography, but this is conditional as to what you're interested in and how much you're willing to invest. Sometimes it's free; sometimes it's rather expensive. One step at a time, though. Keep in mind that my recommendations cover cryptography in the sense of "how it works" and "how to get it securely working for you." They aren't aimed at being nostalgic or classical (refer to Martin's suggestions for good choices in that realm). What are your tastes? At this point, are you capable of specifying any particular interests you wish to address?

(Thanks for the compliment, by the way!)

Author: dataLocation: India PostPosted: Thu Aug 19, 2004 1:45 pm    Post subject:
Koblitz's book are compartively easy to read. You should try that.


Author: qu_est PostPosted: Thu Aug 19, 2004 3:21 pm    Post subject:
mxb wrote:

Simon Singh - The code book - An good history book covering the history of encryption from ancient times up to approximatly the discovery of public-key cryptography. His series of tv programes on Channel 4 and this well written book was one of the things that attracted me to this topic in the beginning.

Same here Smile

Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group