----

Hello all,

I stumbled onto this forum looking for C# encryption implementation...I've been interested in encryption for a long time, so now I've decided to get serious about learning

Those links Wombat posted seemed like a good starting point...I think I'll drop by my library later and check out their selection. Can someone please recommend some basic encryption books? I've done two years of Computer Science, so I have some math background--linear algebra, multivariable calculus, and some probability/statistics stuff...but math isn't my strongest point.

Thanks in advance, I look forward to my time here And JT, truly, you're an inspiration!

----

Well you never said what part of cryptography you were interesting in, nor what you wanted books about, so I've tried to cover most things briefly, but before you start make sure you have read:

Why cryptography is harder than it looks.

Getting back to the books, here are some suggestions from the books that I own:

History of cryptography:

- Simon Singh - The code book - An good history book covering the history of encryption from ancient times up to approximatly the discovery of public-key cryptography. His series of tv programes on Channel 4 and this well written book was one of the things that attracted me to this topic in the beginning.

Crypto - Steven Levy - Another good history book covering modern cryptography, showing how the US Government was trying to keep the lid on it from way back in the DES era.

Books about pen and paper ciphers:

- Helen F. Gaines - Cryptanalysis - A gentle introduction to solving pencil and paper ciphers.

Abraham Sinkov - Elementary cryptanalysis - A more mathematical approach than Gaines' book, but basically the same idea.

Mathematic books:

- Neal Koblitz - A course in number theory and cryptography - Looks good, haven't worked my way through it all yet, I bought it mostly for the number theory, because at the time I didn't know what number theory was, so I had to make sure it was relevent.

Implementating cryptography books:

- Bruce Schneier - Practical cryptography - An interesting book, as it gives you just one option (although usually a good one) and shows you how to implement it, and where it might go wrong.

Reference books:

- Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone - Handbook of applied cryptography, get it online here - More of an encylopedia than a handbook, but useful for reference.

Also, one of the books that I keep hearing about is Applied Cryptography by Bruce Schneier, however I don't see any justification on spending any more money on books that are now just starting to just cover the same topics, so I can't give a comment on this book.

I hope this helps, and I'm sure other people will suggest ideas of other books you might like. One useful resource I have found is Schneier's Index of crypto papers online; as when someone references a paper in a posting or book, you can look it up here (as well as with google) and can probably find it somewhere on the net to download and read yourself.

Cheers,

Martin

----

The suggestions Martin has provided are excellent, in terms of introduction to the field, basic concepts, and current trends. As for Schneier's Applied Cryptography and Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography, I've given a few opinionated thoughts, here and there, on how to properly read aging literature on cryptography. I've also suggested reading Mao's Modern Cryptography, which is a mixture of the two aforementioned titles, in that it contains immense mathematical insight into cryptography, implementations, applications, modern notions of security, as well as the associated cryptanalytical theory to complement. Besides, it's a recently published book, so it has the added advantage of being fresh and up-to-date. If you are to use the other two titles, use them carefully, wisely, and as references.

This leads me to pointing out a "technique" for how to categorize modern literature on cryptography. First, you generally encounter two types of books: those that are encyclopaedically conceptual and those that are encyclopaedically trendy; Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography is an example of the former, while Schneier's Applied Cryptography is an example of the latter. Basically, with the former, you have a book that covers the mathematical basis of cryptography and general applications and implementation scenarios - it sticks with concepts. However, with the latter, you have these aspects as well, but instead of sticking with generalized concepts, you provide a snapshot of the varied trends that cryptography has been subject to, within that given frame of time - it strays into trends.

In cryptography, concepts will stay constant more than current trends, so you have to carefully juggle the validity of certain security notions. Although both titles still exhibit valid foundations in cryptography, Handbook of Applied Cryptography is a much safer book to read than Applied Cryptography, simply because the former is more conceptual and semantical; the latter contains many outdated trends and suggestions for notions that are no longer secure, or much less conservative. It's still a good book, but again - only if you know how to read it. It's more logical to recommend another book, though. The reason becomes more evident when actually implementing cryptography. Folks shouldn't design a cryptosystem based entirely on what they read from a book, but history has shown that they will; using an aging text book is one way in which insecure textbook implementations make it into practice. You can't blame the book, but you can recommend something more recent, with safer suggestions.

Second, you should pay attention to the tone of the book, because depending on the author, you will notice a significant difference in the opinionated views that influence the subject matter covered within the literature. Some books are based on widely-accepted generalizations, and oftentimes "preach to the choir", because you'll see many strikingly similar books that follow this approach; some are based on individualistic specializations, and may be viewed as partially radical, because they stray from the normality of most books, but are often just as logical. Schneier and Ferguson's Practical Cryptography is a fine example of a very opinionated, yet highly security-conservative, book. Not only are these views quite unique, but they adhere to philosophies and design methodologies of cryptographic security with higher margins than I've seen in any other contemporary book on the subject. It's based on a tremendous amount of solid cryptanalysis.

Understanding tone is important, because it helps you rationalize the different opinions you'll discover in this field, and comprehend the most efficient ways to make solid conclusions on why many cryptographers have strikingly different opinions, why many different logics can be good logics, and how to make an educated compromise in the opinions you construct for yourself, after reading such literature.

I have no qualms about suggesting any of the books mentioned in this thread, but if I were to recommend two predominant [in my opinion] books - one that introduced modern cryptographic mathematics, notions of security, implementations, applicable scenarios, general concepts, and cryptanalysis and the other that presented highly conservative philosophies and design methodologies with cryptanalysis in mind - it would definitely be, as of now, Modern Cryptography by Wenbo Mao and Practical Cryptography by Niels Ferguson and Bruce Schneier. There are different opinionated views throughout either book, but very reasonable compromises can be made between them. The former aids in properly comprehending cryptography as we conventionally know it and the latter aids in securely designing and deploying this conventional cryptography. An added plus is that even with a mediocre background in mathematics, they are exceptionally simple reads. Assuming U.S. prices, you can obtain both for around $105, roughly, based on cover prices (Modern Cryptography - $54.99 (hard jacket); Practical Cryptography - $50.00 (soft jacket)).

This will at least give you a nice boost into introductory cryptography, in the conventional sense, with a little scope into cryptanalysis. However, if you wish to learn more of cryptanalysis, it's beneficial to have a seasoned grasp on mathematical areas, such as, information theory, number theory, linear algebra, discrete mathematics, statistics, probability, combinatorics, complexity theory, group theory, field theory, and graph theory. There are several relatively great sources, such as Citeseer, Cryptology ePrint, and Springer-Verlag, for obtaining publications in cryptanalytical advancement, which essentially demonstrates the analysis of the security behind conventional cryptography, but this is conditional as to what you're interested in and how much you're willing to invest. Sometimes it's free; sometimes it's rather expensive. One step at a time, though. Keep in mind that my recommendations cover cryptography in the sense of "how it works" and "how to get it securely working for you." They aren't aimed at being nostalgic or classical (refer to Martin's suggestions for good choices in that realm). What are your tastes? At this point, are you capable of specifying any particular interests you wish to address?

(Thanks for the compliment, by the way!)

----

Koblitz's book are compartively easy to read. You should try that.

Data.

----

mxb wrote: |

Simon Singh - The code book - An good history book covering the history of encryption from ancient times up to approximatly the discovery of public-key cryptography. His series of tv programes on Channel 4 and this well written book was one of the things that attracted me to this topic in the beginning. |

Same here

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Powered by phpBB 2.0.x © 2001 phpBB Group