An all-practical guide to the cryptography behind common tools and protocols that will help you make excellent security choices for your systems and applications.
In Real-World Cryptography, you will find:
• Best practices for using cryptography
• Diagrams and explanations of cryptographic algorithms
• Implementing digital signatures and zero-knowledge proofs
• Specialized hardware for attacks and highly adversarial environments
• Identifying and fixing bad practices
• Choosing the right cryptographic tool for any problem
Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice.
About the technology
Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations.
About the book
Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to read—and it might just save your bacon the next time you’re targeted by an adversary after your data.
What's inside
• Implementing digital signatures and zero-knowledge proofs
• Specialized hardware for attacks and highly adversarial environments
• Identifying and fixing bad practices
• Choosing the right cryptographic tool for any problem
About the reader
For cryptography beginners with no previous experience in the field.
About the author
David Wong is a cryptography engineer. He is an active contributor to internet standards including Transport Layer Security.
Author(s): David Wong
Edition: 1
Publisher: Manning Publications
Year: 2021
Language: English
Commentary: Vector PDF
Pages: 400
City: Shelter Island, NY
Tags: Information Security; Blockchain; Cryptography; Random Number Generation; Encryption; Hash Functions; Public-Key Cryptography; Post-Quantum Cryptography; Cryptocurrency; SSL/TLS; Cryptographic Protocols; Private-Key Cryptography; Message Authentication; Diffie-Hellman Function; Hybrid Encryption
Real-World Cryptography
contents
preface
A book, years in the making
The real-world cryptographer curriculum
Where most of the bugs are
A need for a new book?
acknowledgments
about this book
Who should read this book
Students
Security practitioners
Developers who use cryptography directly or indirectly
Cryptographers curious about other fields
Engineering and product managers who want to understand more
Curious people who want to know what real-world crypto is about
Assumed knowledge, the long version
How this book is organized: A roadmap
About the code
liveBook discussion forum
about the author
about the cover illustration
Part 1—Primitives: The ingredients of cryptography
1 Introduction
1.1 Cryptography is about securing protocols
1.2 Symmetric cryptography: What is symmetric encryption?
1.3 Kerckhoff’s principle: Only the key is kept secret
1.4 Asymmetric cryptography: Two keys are better than one
1.4.1 Key exchanges or how to get a shared secret
1.4.2 Asymmetric encryption, not like the symmetric one
1.4.3 Digital signatures, just like your pen-and-paper signatures
1.5 Classifying and abstracting cryptography
1.6 Theoretical cryptography vs. real-world cryptography
1.7 From theoretical to practical: Choose your own adventure
1.8 A word of warning
Summary
2 Hash functions
2.1 What is a hash function?
2.2 Security properties of a hash function
2.3 Security considerations for hash functions
2.4 Hash functions in practice
2.4.1 Commitments
2.4.2 Subresource integrity
2.4.3 BitTorrent
2.4.4 Tor
2.5 Standardized hash functions
2.5.1 The SHA-2 hash function
2.5.2 The SHA-3 hash function
2.5.3 SHAKE and cSHAKE: Two extendable output functions (XOF)
2.5.4 Avoid ambiguous hashing with TupleHash
2.6 Hashing passwords
Summary
3 Message authentication codes
3.1 Stateless cookies, a motivating example for MACs
3.2 An example in code
3.3 Security properties of a MAC
3.3.1 Forgery of authentication tag
3.3.2 Lengths of authentication tag
3.3.3 Replay attacks
3.3.4 Verifying authentication tags in constant time
3.4 MAC in the real world
3.4.1 Message authentication
3.4.2 Deriving keys
3.4.3 Integrity of cookies
3.4.4 Hash tables
3.5 Message authentication codes (MACs) in practice
3.5.1 HMAC, a hash-based MAC
3.5.2 KMAC, a MAC based on cSHAKE
3.6 SHA-2 and length-extension attacks
Summary
4 Authenticated encryption
4.1 What’s a cipher?
4.2 The Advanced Encryption Standard (AES) block cipher
4.2.1 How much security does AES provide?
4.2.2 The interface of AES
4.2.3 The internals of AES
4.3 The encrypted penguin and the CBC mode of operation
4.4 A lack of authenticity, hence AES-CBC-HMAC
4.5 All-in-one constructions: Authenticated encryption
4.5.1 What’s authenticated encryption with associated data (AEAD)?
4.5.2 The AES-GCM AEAD
4.5.3 ChaCha20-Poly1305
4.6 Other kinds of symmetric encryption
4.6.1 Key wrapping
4.6.2 Nonce misuse-resistant authenticated encryption
4.6.3 Disk encryption
4.6.4 Database encryption
Summary
5 Key exchanges
5.1 What are key exchanges?
5.2 The Diffie-Hellman (DH) key exchange
5.2.1 Group theory
5.2.2 The discrete logarithm problem: The basis of Diffie-Hellman
5.2.3 The Diffie-Hellman standards
5.3 The Elliptic Curve Diffie-Hellman (ECDH) key exchange
5.3.1 What’s an elliptic curve?
5.3.2 How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work?
5.3.3 The standards for Elliptic Curve Diffie-Hellman
5.4 Small subgroup attacks and other security considerations
Summary
6 Asymmetric encryption and hybrid encryption
6.1 What is asymmetric encryption?
6.2 Asymmetric encryption in practice and hybrid encryption
6.2.1 Key exchanges and key encapsulation
6.2.2 Hybrid encryption
6.3 Asymmetric encryption with RSA: The bad and the less bad
6.3.1 Textbook RSA
6.3.2 Why not to use RSA PKCS#1 v1.5
6.3.3 Asymmetric encryption with RSA-OAEP
6.4 Hybrid encryption with ECIES
Summary
7 Signatures and zero-knowledge proofs
7.1 What is a signature?
7.1.1 How to sign and verify signatures in practice
7.1.2 A prime use case for signatures: Authenticated key exchanges
7.1.3 A real-world usage: Public key infrastructures
7.2 Zero-knowledge proofs (ZKPs): The origin of signatures
7.2.1 Schnorr identification protocol: An interactive zero-knowledge proof
7.2.2 Signatures as non-interactive zero-knowledge proofs
7.3 The signature algorithms you should use (or not)
7.3.1 RSA PKCS#1 v1.5: A bad standard
7.3.2 RSA-PSS: A better standard
7.3.3 The Elliptic Curve Digital Signature Algorithm (ECDSA)
7.3.4 The Edwards-curve Digital Signature Algorithm (EdDSA)
7.4 Subtle behaviors of signature schemes
7.4.1 Substitution attacks on signatures
7.4.2 Signature malleability
Summary
8 Randomness and secrets
8.1 What’s randomness?
8.2 Slow randomness? Use a pseudorandom number generator (PRNG)
8.3 Obtaining randomness in practice
8.4 Randomness generation and security considerations
8.5 Public randomness
8.6 Key derivation with HKDF
8.7 Managing keys and secrets
8.8 Decentralize trust with threshold cryptography
Summary
Part 2—Protocols: The recipes of cryptography
9 Secure transport
9.1 The SSL and TLS secure transport protocols
9.1.1 From SSL to TLS
9.1.2 Using TLS in practice
9.2 How does the TLS protocol work?
9.2.1 The TLS handshake
9.2.2 How TLS 1.3 encrypts application data
9.3 The state of the encrypted web today
9.4 Other secure transport protocols
9.5 The Noise protocol framework: A modern alternative to TLS
9.5.1 The many handshakes of Noise
9.5.2 A handshake with Noise
Summary
10 End-to-end encryption
10.1 Why end-to-end encryption?
10.2 A root of trust nowhere to be found
10.3 The failure of encrypted email
10.3.1 PGP or GPG? And how does it work?
10.3.2 Scaling trust between users with the web of trust
10.3.3 Key discovery is a real issue
10.3.4 If not PGP, then what?
10.4 Secure messaging: A modern look at end-to-end encryption with Signal
10.4.1 More user-friendly than the WOT: Trust but verify
10.4.2 X3DH: the Signal protocol’s handshake
10.4.3 Double Ratchet: Signal’s post-handshake protocol
10.5 The state of end-to-end encryption
Summary
11 User authentication
11.1 A recap of authentication
11.2 User authentication, or the quest to get rid of passwords
11.2.1 One password to rule them all: Single sign-on (SSO) and password managers
11.2.2 Don’t want to see their passwords? Use an asymmetric password-authenticated key exchange
11.2.3 One-time passwords aren’t really passwords: Going passwordless with symmetric keys
11.2.4 Replacing passwords with asymmetric keys
11.3 User-aided authentication: Pairing devices using some human help
11.3.1 Pre-shared keys
11.3.2 Symmetric password-authenticated key exchanges with CPace
11.3.3 Was my key exchange MITM’d? Just check a short authenticated string (SAS)
Summary
12 Crypto as in cryptocurrency?
12.1 A gentle introduction to Byzantine fault-tolerant (BFT) consensus algorithms
12.1.1 A problem of resilience: Distributed protocols to the rescue
12.1.2 A problem of trust? Decentralization helps
12.1.3 A problem of scale: Permissionless and censorship-resistant networks
12.2 How does Bitcoin work?
12.2.1 How Bitcoin handles user balances and transactions
12.2.2 Mining BTCs in the digital age of gold
12.2.3 Forking hell! Solving conflicts in mining
12.2.4 Reducing a block’s size by using Merkle trees
12.3 A tour of cryptocurrencies
12.3.1 Volatility
12.3.2 Latency
12.3.3 Blockchain size
12.3.4 Confidentiality
12.3.5 Energy efficiency
12.4 DiemBFT: A Byzantine fault-tolerant (BFT) consensus protocol
12.4.1 Safety and liveness: The two properties of a BFT consensus protocol
12.4.2 A round in the DiemBFT protocol
12.4.3 How much dishonesty can the protocol tolerate?
12.4.4 The DiemBFT rules of voting
12.4.5 When are transactions considered finalized?
12.4.6 The intuitions behind the safety of DiemBFT
Summary
13 Hardware cryptography
13.1 Modern cryptography attacker model
13.2 Untrusted environments: Hardware to the rescue
13.2.1 White box cryptography, a bad idea
13.2.2 They’re in your wallet: Smart cards and secure elements
13.2.3 Banks love them: Hardware security modules (HSMs)
13.2.4 Trusted Platform Modules (TPMs): A useful standardization of secure elements
13.2.5 Confidential computing with a trusted execution environment (TEE)
13.3 What solution is good for me?
13.4 Leakage-resilient cryptography or how to mitigate side-channel attacks in software
13.4.1 Constant-time programming
13.4.2 Don’t use the secret! Masking and blinding
13.4.3 What about fault attacks?
Summary
14 Post-quantum cryptography
14.1 What are quantum computers and why are they scaring cryptographers?
14.1.1 Quantum mechanics, the study of the small
14.1.2 From the birth of quantum computers to quantum supremacy
14.1.3 The impact of Grover and Shor’s algorithms on cryptography
14.1.4 Post-quantum cryptography, the defense against quantum computers
14.2 Hash-based signatures: Don’t need anything but a hash function
14.2.1 One-time signatures (OTS) with Lamport signatures
14.2.2 Smaller keys with Winternitz one-time signatures (WOTS)
14.2.3 Many-times signatures with XMSS and SPHINCS+
14.3 Shorter keys and signatures with lattice-based cryptography
14.3.1 What’s a lattice?
14.3.2 Learning with errors (LWE), a basis for cryptography?
14.3.3 Kyber, a lattice-based key exchange
14.3.4 Dilithium, a lattice-based signature scheme
14.4 Do I need to panic?
Summary
15 Is this it? Next-generation cryptography
15.1 The more the merrier: Secure multi-party computation (MPC)
15.1.1 Private set intersection (PSI)
15.1.2 General-purpose MPC
15.1.3 The state of MPC
15.2 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud
15.2.1 An example of homomorphic encryption with RSA encryption
15.2.2 The different types of homomorphic encryption
15.2.3 Bootstrapping, the key to fully homomorphic encryption
15.2.4 An FHE scheme based on the learning with errors problem
15.2.5 Where is it used?
15.3 General-purpose zero-knowledge proofs (ZKPs)
15.3.1 How zk-SNARKs work
15.3.2 Homomorphic commitments to hide parts of the proof
15.3.3 Bilinear pairings to improve our homomorphic commitments
15.3.4 Where does the succinctness come from?
15.3.5 From programs to polynomials
15.3.6 Programs are for computers; we need arithmetic circuits instead
15.3.7 An arithmetic circuit to a rank-1 constraint system (R1CS)
15.3.8 From R1CS to a polynomial
15.3.9 It takes two to evaluate a polynomial hiding in the exponent
Summary
16 When and where cryptography fails
16.1 Finding the right cryptographic primitive or protocol is a boring job
16.2 How do I use a cryptographic primitive or protocol? Polite standards and formal verification
16.3 Where are the good libraries?
16.4 Misusing cryptography: Developers are the enemy
16.5 You’re doing it wrong: Usable security
16.6 Cryptography is not an island
16.7 Your responsibilities as a cryptography practitioner, don’t roll your own crypto
Summary
Appendix—Answers to exercises
Chapter 2
Chapter 3
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
index
Numerics
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
