[Cryptography] Where should I start with cryptography?

dj at deadhat.com dj at deadhat.com
Tue Nov 18 23:16:23 EST 2014


> Hi, my name is Juan. I'm a young boy that is beginning with cryptography.
> I know python and basic c++, linux enthusiast, still though I just began
> with cryptography I want one day to build my own cryptographic hash
> function. Where should I begin? I would appreciate any topics regarding
> anything.Thanks in advance

I started out as a hardware engineer with a degree in computer science.
Then I moved to ASIC chip design. Then I found myself having to implement
some standard crypto algorithms in an 802.11 chip. Then I ended up having
to attend 802.11i because they were updating the security specifications
and we needed the chip to be up to date.

So I found myself in the middle of crypto people arguing about crypto
security, but my input as an implementer was important because the crypto
people didn't know much about hardware implementation of those algorithms.

Once that was over, I was judged by non crypto people to be a crypto
person because I knew a little bit more than other non crypto people. This
is a dangerous place to be because you will get sucked in and can never
escape. So after several years of implementing crypto and interacting with
real cryptographers, I've learned at lot and cut myself a niche as an
implementer who knows how to talk to crypto people.

So my advice is
1) Study set theory, number theory, group theory, any discrete math,
especially statistics and anything similar. It will prove useful in the
end.

2) Implement crypto algorithms. Find the specs, learn how to read them,
write code for the algorithms and get the vectors to match.

3) Study books on secure implementation. There's more to making algorithms
secure that just getting the algorithm right. There are all sorts of other
issues with state, side channels, attack vectors, out of bounds input,
compilers undermining your code etc. etc.

That's probably enough to start with. Once you're on the other side of
college, all this experience will have put you ahead of the game as an
implementer or started you on the right academic track.

If you want to implement a hash function, you might want to start reading
up on Davies-Meyer construction and sponge constructions. You will get it
very wrong, but as long as you can find someone to tell you how to messed
up, or identify it yourself, that's the learning process.

As a crypto implementer, always assume your are wrong until a lot of
cleverer people that yourself think you are right. You'll still be wrong,
but it'll take longer to be found out. This is how crypto works.




More information about the cryptography mailing list