Real-World Cryptography

Real-World Cryptography

by David Wong
Released September 2021
Publisher(s): Manning Publications
ISBN: 9781617296710

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

An all-practical guide to the cryptography behind common tools and protocols that will help you make excellent security choices for your systems and applications.

In Real-World Cryptography, you will find:

  • Best practices for using cryptography
  • Diagrams and explanations of cryptographic algorithms
  • Implementing digital signatures and zero-knowledge proofs
  • Specialized hardware for attacks and highly adversarial environments
  • Identifying and fixing bad practices
  • Choosing the right cryptographic tool for any problem

Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice.

About the Technology
Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations.

About the Book
Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to read—and it might just save your bacon the next time you’re targeted by an adversary after your data.

What's Inside
  • Implementing digital signatures and zero-knowledge proofs
  • Specialized hardware for attacks and highly adversarial environments
  • Identifying and fixing bad practices
  • Choosing the right cryptographic tool for any problem


About the Reader
For cryptography beginners with no previous experience in the field.

About the Author
David Wong is a cryptography engineer. He is an active contributor to internet standards including Transport Layer Security.

Quotes
A staggeringly comprehensive review of the state of modern cryptography. Essential for anyone getting up to speed in information security.
- Thomas Doylend, Green Rocket Security

Covers all the important parts of applied cryptography. A must-read for every Java developer.
- Harald Kuhn, TurnFriendly

An in-depth introduction to cryptography, covering hot topics like blockchain and quantum computing.
- Gábor László Hajba, ProLion

A best-in-category book that takes you all the way from curious novice to confident practitioner.
- William Rudenmalm, Creandum

Publisher resources

View/Submit Errata

Table of contents

  1. Real-World Cryptography
  2. Copyright
  3. dedication
  4. contents
  5. front matter
    1. preface
      1. A book, years in the making
      2. The real-world cryptographer curriculum
      3. Where most of the bugs are
      4. A need for a new book?
    2. acknowledgments
    3. about this book
      1. Who should read this book
      2. Students
      3. Security practitioners
      4. Developers who use cryptography directly or indirectly
      5. Cryptographers curious about other fields
      6. Engineering and product managers who want to understand more
      7. Curious people who want to know what real-world crypto is about
      8. Assumed knowledge, the long version
      9. How this book is organized: A roadmap
      10. About the code
      11. liveBook discussion forum
    4. about the author
    5. about the cover illustration
  6. Part 1. Primitives: The ingredients of cryptography
  7. 1 Introduction
    1. 1.1 Cryptography is about securing protocols
    2. 1.2 Symmetric cryptography: What is symmetric encryption?
    3. 1.3 Kerckhoff’s principle: Only the key is kept secret
    4. 1.4 Asymmetric cryptography: Two keys are better than one
      1. 1.4.1 Key exchanges or how to get a shared secret
      2. 1.4.2 Asymmetric encryption, not like the symmetric one
      3. 1.4.3 Digital signatures, just like your pen-and-paper signatures
    5. 1.5 Classifying and abstracting cryptography
    6. 1.6 Theoretical cryptography vs. real-world cryptography
    7. 1.7 From theoretical to practical: Choose your own adventure
    8. 1.8 A word of warning
    9. Summary
  8. 2 Hash functions
    1. 2.1 What is a hash function?
    2. 2.2 Security properties of a hash function
    3. 2.3 Security considerations for hash functions
    4. 2.4 Hash functions in practice
      1. 2.4.1 Commitments
      2. 2.4.2 Subresource integrity
      3. 2.4.3 BitTorrent
      4. 2.4.4 Tor
    5. 2.5 Standardized hash functions
      1. 2.5.1 The SHA-2 hash function
      2. 2.5.2 The SHA-3 hash function
      3. 2.5.3 SHAKE and cSHAKE: Two extendable output functions (XOF)
      4. 2.5.4 Avoid ambiguous hashing with TupleHash
    6. 2.6 Hashing passwords
    7. Summary
  9. 3 Message authentication codes
    1. 3.1 Stateless cookies, a motivating example for MACs
    2. 3.2 An example in code
    3. 3.3 Security properties of a MAC
      1. 3.3.1 Forgery of authentication tag
      2. 3.3.2 Lengths of authentication tag
      3. 3.3.3 Replay attacks
      4. 3.3.4 Verifying authentication tags in constant time
    4. 3.4 MAC in the real world
      1. 3.4.1 Message authentication
      2. 3.4.2 Deriving keys
      3. 3.4.3 Integrity of cookies
      4. 3.4.4 Hash tables
    5. 3.5 Message authentication codes (MACs) in practice
      1. 3.5.1 HMAC, a hash-based MAC
      2. 3.5.2 KMAC, a MAC based on cSHAKE
    6. 3.6 SHA-2 and length-extension attacks
    7. Summary
  10. 4 Authenticated encryption
    1. 4.1 What’s a cipher?
    2. 4.2 The Advanced Encryption Standard (AES) block cipher
      1. 4.2.1 How much security does AES provide?
      2. 4.2.2 The interface of AES
      3. 4.2.3 The internals of AES
    3. 4.3 The encrypted penguin and the CBC mode of operation
    4. 4.4 A lack of authenticity, hence AES-CBC-HMAC
    5. 4.5 All-in-one constructions: Authenticated encryption
      1. 4.5.1 What’s authenticated encryption with associated data (AEAD)?
      2. 4.5.2 The AES-GCM AEAD
      3. 4.5.3 ChaCha20-Poly1305
    6. 4.6 Other kinds of symmetric encryption
      1. 4.6.1 Key wrapping
      2. 4.6.2 Nonce misuse-resistant authenticated encryption
      3. 4.6.3 Disk encryption
      4. 4.6.4 Database encryption
    7. Summary
  11. 5 Key exchanges
    1. 5.1 What are key exchanges?
    2. 5.2 The Diffie-Hellman (DH) key exchange
      1. 5.2.1 Group theory
      2. 5.2.2 The discrete logarithm problem: The basis of Diffie-Hellman
      3. 5.2.3 The Diffie-Hellman standards
    3. 5.3 The Elliptic Curve Diffie-Hellman (ECDH) key exchange
      1. 5.3.1 What’s an elliptic curve?
      2. 5.3.2 How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work?
      3. 5.3.3 The standards for Elliptic Curve Diffie-Hellman
    4. 5.4 Small subgroup attacks and other security considerations
    5. Summary
  12. 6 Asymmetric encryption and hybrid encryption
    1. 6.1 What is asymmetric encryption?
    2. 6.2 Asymmetric encryption in practice and hybrid encryption
      1. 6.2.1 Key exchanges and key encapsulation
      2. 6.2.2 Hybrid encryption
    3. 6.3 Asymmetric encryption with RSA: The bad and the less bad
      1. 6.3.1 Textbook RSA
      2. 6.3.2 Why not to use RSA PKCS#1 v1.5
      3. 6.3.3 Asymmetric encryption with RSA-OAEP
    4. 6.4 Hybrid encryption with ECIES
    5. Summary
  13. 7 Signatures and zero-knowledge proofs
    1. 7.1 What is a signature?
      1. 7.1.1 How to sign and verify signatures in practice
      2. 7.1.2 A prime use case for signatures: Authenticated key exchanges
      3. 7.1.3 A real-world usage: Public key infrastructures
    2. 7.2 Zero-knowledge proofs (ZKPs): The origin of signatures
      1. 7.2.1 Schnorr identification protocol: An interactive zero-knowledge proof
      2. 7.2.2 Signatures as non-interactive zero-knowledge proofs
    3. 7.3 The signature algorithms you should use (or not)
      1. 7.3.1 RSA PKCS#1 v1.5: A bad standard
      2. 7.3.2 RSA-PSS: A better standard
      3. 7.3.3 The Elliptic Curve Digital Signature Algorithm (ECDSA)
      4. 7.3.4 The Edwards-curve Digital Signature Algorithm (EdDSA)
    4. 7.4 Subtle behaviors of signature schemes
      1. 7.4.1 Substitution attacks on signatures
      2. 7.4.2 Signature malleability
    5. Summary
  14. 8 Randomness and secrets
    1. 8.1 What’s randomness?
    2. 8.2 Slow randomness? Use a pseudorandom number generator (PRNG)
    3. 8.3 Obtaining randomness in practice
    4. 8.4 Randomness generation and security considerations
    5. 8.5 Public randomness
    6. 8.6 Key derivation with HKDF
    7. 8.7 Managing keys and secrets
    8. 8.8 Decentralize trust with threshold cryptography
    9. Summary
  15. Part 2. Protocols: The recipes of cryptography
  16. 9 Secure transport
    1. 9.1 The SSL and TLS secure transport protocols
      1. 9.1.1 From SSL to TLS
      2. 9.1.2 Using TLS in practice
    2. 9.2 How does the TLS protocol work?
      1. 9.2.1 The TLS handshake
      2. 9.2.2 How TLS 1.3 encrypts application data
    3. 9.3 The state of the encrypted web today
    4. 9.4 Other secure transport protocols
    5. 9.5 The Noise protocol framework: A modern alternative to TLS
      1. 9.5.1 The many handshakes of Noise
      2. 9.5.2 A handshake with Noise
    6. Summary
  17. 10 End-to-end encryption
    1. 10.1 Why end-to-end encryption?
    2. 10.2 A root of trust nowhere to be found
    3. 10.3 The failure of encrypted email
      1. 10.3.1 PGP or GPG? And how does it work?
      2. 10.3.2 Scaling trust between users with the web of trust
      3. 10.3.3 Key discovery is a real issue
      4. 10.3.4 If not PGP, then what?
    4. 10.4 Secure messaging: A modern look at end-to-end encryption with Signal
      1. 10.4.1 More user-friendly than the WOT: Trust but verify
      2. 10.4.2 X3DH: the Signal protocol’s handshake
      3. 10.4.3 Double Ratchet: Signal’s post-handshake protocol
    5. 10.5 The state of end-to-end encryption
    6. Summary
  18. 11 User authentication
    1. 11.1 A recap of authentication
    2. 11.2 User authentication, or the quest to get rid of passwords
      1. 11.2.1 One password to rule them all: Single sign-on (SSO) and password managers
      2. 11.2.2 Don’t want to see their passwords? Use an asymmetric password-authenticated key exchange
      3. 11.2.3 One-time passwords aren’t really passwords: Going passwordless with symmetric keys
      4. 11.2.4 Replacing passwords with asymmetric keys
    3. 11.3 User-aided authentication: Pairing devices using some human help
      1. 11.3.1 Pre-shared keys
      2. 11.3.2 Symmetric password-authenticated key exchanges with CPace
      3. 11.3.3 Was my key exchange MITM’d? Just check a short authenticated string (SAS)
    4. Summary
  19. 12 Crypto as in cryptocurrency?
    1. 12.1 A gentle introduction to Byzantine fault-tolerant (BFT) consensus algorithms
      1. 12.1.1 A problem of resilience: Distributed protocols to the rescue
      2. 12.1.2 A problem of trust? Decentralization helps
      3. 12.1.3 A problem of scale: Permissionless and censorship-resistant networks
    2. 12.2 How does Bitcoin work?
      1. 12.2.1 How Bitcoin handles user balances and transactions
      2. 12.2.2 Mining BTCs in the digital age of gold
      3. 12.2.3 Forking hell! Solving conflicts in mining
      4. 12.2.4 Reducing a block’s size by using Merkle trees
    3. 12.3 A tour of cryptocurrencies
      1. 12.3.1 Volatility
      2. 12.3.2 Latency
      3. 12.3.3 Blockchain size
      4. 12.3.4 Confidentiality
      5. 12.3.5 Energy efficiency
    4. 12.4 DiemBFT: A Byzantine fault-tolerant (BFT) consensus protocol
      1. 12.4.1 Safety and liveness: The two properties of a BFT consensus protocol
      2. 12.4.2 A round in the DiemBFT protocol
      3. 12.4.3 How much dishonesty can the protocol tolerate?
      4. 12.4.4 The DiemBFT rules of voting
      5. 12.4.5 When are transactions considered finalized?
      6. 12.4.6 The intuitions behind the safety of DiemBFT
    5. Summary
  20. 13 Hardware cryptography
    1. 13.1 Modern cryptography attacker model
    2. 13.2 Untrusted environments: Hardware to the rescue
      1. 13.2.1 White box cryptography, a bad idea
      2. 13.2.2 They’re in your wallet: Smart cards and secure elements
      3. 13.2.3 Banks love them: Hardware security modules (HSMs)
      4. 13.2.4 Trusted Platform Modules (TPMs): A useful standardization of secure elements
      5. 13.2.5 Confidential computing with a trusted execution environment (TEE)
    3. 13.3 What solution is good for me?
    4. 13.4 Leakage-resilient cryptography or how to mitigate side-channel attacks in software
      1. 13.4.1 Constant-time programming
      2. 13.4.2 Don’t use the secret! Masking and blinding
      3. 13.4.3 What about fault attacks?
    5. Summary
  21. 14 Post-quantum cryptography
    1. 14.1 What are quantum computers and why are they scaring cryptographers?
      1. 14.1.1 Quantum mechanics, the study of the small
      2. 14.1.2 From the birth of quantum computers to quantum supremacy
      3. 14.1.3 The impact of Grover and Shor’s algorithms on cryptography
      4. 14.1.4 Post-quantum cryptography, the defense against quantum computers
    2. 14.2 Hash-based signatures: Don’t need anything but a hash function
      1. 14.2.1 One-time signatures (OTS) with Lamport signatures
      2. 14.2.2 Smaller keys with Winternitz one-time signatures (WOTS)
      3. 14.2.3 Many-times signatures with XMSS and SPHINCS+
    3. 14.3 Shorter keys and signatures with lattice-based cryptography
      1. 14.3.1 What’s a lattice?
      2. 14.3.2 Learning with errors (LWE), a basis for cryptography?
      3. 14.3.3 Kyber, a lattice-based key exchange
      4. 14.3.4 Dilithium, a lattice-based signature scheme
    4. 14.4 Do I need to panic?
    5. Summary
  22. 15 Is this it? Next-generation cryptography
    1. 15.1 The more the merrier: Secure multi-party computation (MPC)
      1. 15.1.1 Private set intersection (PSI)
      2. 15.1.2 General-purpose MPC
      3. 15.1.3 The state of MPC
    2. 15.2 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud
      1. 15.2.1 An example of homomorphic encryption with RSA encryption
      2. 15.2.2 The different types of homomorphic encryption
      3. 15.2.3 Bootstrapping, the key to fully homomorphic encryption
      4. 15.2.4 An FHE scheme based on the learning with errors problem
      5. 15.2.5 Where is it used?
    3. 15.3 General-purpose zero-knowledge proofs (ZKPs)
      1. 15.3.1 How zk-SNARKs work
      2. 15.3.2 Homomorphic commitments to hide parts of the proof
      3. 15.3.3 Bilinear pairings to improve our homomorphic commitments
      4. 15.3.4 Where does the succinctness come from?
      5. 15.3.5 From programs to polynomials
      6. 15.3.6 Programs are for computers; we need arithmetic circuits instead
      7. 15.3.7 An arithmetic circuit to a rank-1 constraint system (R1CS)
      8. 15.3.8 From R1CS to a polynomial
      9. 15.3.9 It takes two to evaluate a polynomial hiding in the exponent
    4. Summary
  23. 16 When and where cryptography fails
    1. 16.1 Finding the right cryptographic primitive or protocol is a boring job
    2. 16.2 How do I use a cryptographic primitive or protocol? Polite standards and formal verification
    3. 16.3 Where are the good libraries?
    4. 16.4 Misusing cryptography: Developers are the enemy
    5. 16.5 You’re doing it wrong: Usable security
    6. 16.6 Cryptography is not an island
    7. 16.7 Your responsibilities as a cryptography practitioner, don’t roll your own crypto
    8. Summary
  24. Appendix. Answers to exercises
    1. Chapter 2
    2. Chapter 3
    3. Chapter 6
    4. Chapter 7
    5. Chapter 8
    6. Chapter 9
    7. Chapter 10
    8. Chapter 11
  25. index

Product information

  • Title: Real-World Cryptography
  • Author(s): David Wong
  • Release date: September 2021
  • Publisher(s): Manning Publications
  • ISBN: 9781617296710