"Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson is a contemporary technical reference on many of the common cryptographic ciphers and their attacks. This book covers a lot of the core concepts of modern cryptography, such as randomness, hashing, digital signatures, symmetric ciphers, block ciphers, asymmetric cryptography, and elliptic curve cryptography, just to name a few. "Serious Cryptography" can be read cover to cover if your new to the subject, providing a great debrief of the modern playing field of crypto. The book also makes for a solid desk reference, the kind of thing where you can quickly brush up on a common cipher and its pitfalls easily. I read the book after getting the NoStarchPress Humble Bundle, which was an amazing deal, but you can also grab the book on Amazon for ~$30. The book is ~300 pages, and fairly technical including lots of diagrams, code, and equations. Ultimately, I give the book 7 out of 10 stars, for being an excellent resource with the right mix of high level review and cryptographic details. I recommend it to anyone in information security who wants a deeper understanding of common cryptographic protocols. It picks several ciphers across the essential high-level categories of crypto functions, then covers these ciphers in adequate depth. I felt like Jean-Philippe did a great job balancing the fundamentals with the more complex topics; Jean-Philippe makes sure not to gloss over the essentials but he also introduces the reader to more advanced topics, such as evolutions of the Diffie-Hellman protocol like MQV. Probably my favorite part of the book are all of the references it provides, not only introducing you to deeply technical topics but giving you more resources to continue studying those topics beyond this book. Bellow is a high level table of contents, which shows how Jean-Phillip logically arranged the largest parts of the book and the chapters, but the following leaves out a lot of the detail of the chapters for brevity:
My biggest issue with "Serious Cryptography", is that it leaves some of the details out regarding each protocol. Despite how technical the book is, it leaves the details of how the cryptographic protocols actually function out. Don't get me wrong, it covers each subject in enough depth that you know how the protocols function, but not enough detail such that you could recreate them on your own. Take for the example the chapter on AES, the book covers the building blocks of an AES round (AddRoundKey, SubBytes, ShiftRows, MixColumns), but then never actually conveys how the SubBytes were chosen or what they are. That said, I enjoy how the book takes the time to explain the primitives that make up the various functions, I think this is important in understanding the inner workings of the various protocols, even if it skips the nuanced details. In that vein, I really liked the chapter "Hard Problems", where the book briefly introduces complexity theory as well as the discrete logarithm problem, which is a core problem in several of the following chapters on RSA, Diffie-Hellman, and Elliptic Curves. I also enjoy how the book shows multiple cryptanalytic attacks against popular ciphers, such as an oracle padding attack, meet in the middle attacks, length extension attacks, and many more. One of my favorite chapters was that on TLS, as it felt very modern talking about TLS 1.3 and it's advances over TLS 1.2. Finally, the following is Jean-Philippe talking about modern cryptography, shortly after publishing this book:
Book Review: "Serious Cryptography"
Reviewed by 0x000216
on
Wednesday, January 30, 2019
Rating: 5
