It looks more suitable for those who are into mathematics. "Applied Cryptography", by Bruce Schneier, is also good for those who, like myself, do not need all the mathematical details behind cryptography.
Looks good, but I wish there was a practicioner-oriented resource for how to use cryptographic libraries that didn't start by focusing on the math. I don't need to know the intricacies of RSA, I need to know how to securely compose it with other primitives to engineer a system with the desired properties.
I want to put a word in here for being cautious about the capabilities you can achieve in novel systems --- software developers are often working with multiple whole sieverts of novelty without realizing it --- without having a lot of the boring theory stuff nailed down.
If you're using (say) libsodium to do exactly the kind of thing 100 other developers have successfully used libsodium to do in the past, you're fine. But it takes a deceptively small and subtle set of steps to end up synthesizing a new cryptosystem (see: attempts to build secure messaging systems out of libsodium primitives) without realizing that's what you're doing.
Learn a bunch of the theory! It's important.
sieverts of novelty
Yikes!
Is this clever metaphor original with you?
I'm a little proud of it.
Google "Cryptographic Right Answers". There are a couple of different posts, but they agree on the most of the things you would look for.
Ex.: https://gist.github.com/tqbf/be58d2d39690c3b366ad or https://www.latacora.com/blog/2018/04/03/cryptographic-right...
This is great, finding NaCl (libsodium) has been a godsend, specifically the JS lib.
Perhaps what you need is something like „Cryptography Engineering: Design Principles and Practical Applications“
Book by Bruce Schneier, Niels Ferguson, and Tadayoshi Kohno.
Pretty outdated. For awhile, it was the best book available, but in 2024 it's probably harmful.
Today, I'd read Serious Cryptography or Real World Cryptography.
I wanted to have a better understanding of crypto, simply to feel more confident in writing programs that use existing protocols, and started 'Real-World Cryptography' by David Wong. I'm about 3/4 through, and I've been happy with it. It is light on math, but does go into it a little bit - it seems designed for the kind of person who isn't comfortable using something until they understand how it works under-the-hood, but doesn't actually need to do any under-the-hood work.
It has taught me enough that I think I could compose a protocol out of primitives that on the surface appears to do what I've intended it to do. It has also taught me that there are many subtleties that can completely break a protocol, combining primitives can lead to unexpected weaknesses, and many people who understand crypto far better than I ever will have created broken protocols out of secure primitives.
I'm not sure it's the book you're looking for, but I think it's a good book if you want to understand crypto, but not design your own.
"Secure composition" is definitely covered in the course. It doesn't talk only about the details of RSA (though there are some lectures about that), but also about what security properties different primitives satisfy, how to compose them safely, etc.
A large part of modern cryptography is figuring out secure composition.
I took an online cryptography course from this professor a few years back. It was very good.
Even though I have a background in math that class made me realize I don't want to be a professional cryptographer, which in itself is pretty nice. But all joking aside I really enjoyed the way that crypto systems were analyzed using demons and games to try and discern the random bit stream from the encrypted bytes.
Same here. I also took the course from Coursera a few years ago and I really enjoyed it. The conclusion? It’s hard to get it right so don’t do crypto yourself! Quite cynical, but it kinda killed my interest in pursuing it further.
Yes, the Coursera title was "Cryptography I", so I was expecting another part, but ten years after, I still do not see any. A great course anyway.
There's a running joke among cryptographers that Dan will release Crypto II next semester =)
CS255 Intro to Cryptography was one of my favorite courses as a Stanford student. Dan is an incredible instructor. If you want more Stanford security course material, I also recommend CS253 Web Security (https://web.stanford.edu/class/cs253/) (disclosure: I created this course) and CS356 Topics in Computer and Network Security (https://cs356.stanford.edu/).
Videos for CS253 are online here: https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cH...
Seconding this - I loved 155, 255, and 251 from Professor Boneh. He's very talented and was one of my favorite instructors for multiple years; great at explaining concepts.
Thank you for listing these!
I wish there was a similar part 2 course. All the courses I’ve seen seem to end at roughly the same point.
I want to learn about elliptic curve cryptography and post quantum crypto systems.
I would like to add the thought of looking at where these elliptic curves are deployed, things like embedded devices and implementations bitcoin-core libraries for say secp256k1 [0].
Ref:
[0] Optimized C library for EC operations on curve secp256k1
In case it helps, I found this course useful as intro to elliptical curve crypto - https://youtube.com/@introductiontocryptography4223?si=O-5_a... lectures 16 and 17 in particular.
Will they ever release Crypto II?
I've been registered for Crypto II on Coursera for over a decade now!
Public-key encryption
And it’s all RSA. Can crypto tutorials please add ECC already?
Maybe we're looking at different things, but the link appears to discuss ElGamal encryption, which is discrete log based (which means modern implementations use elliptic curves; historically it would have been discrete log in a subgroup of a large prime field). It also talks about BLS signatures, which are exclusively elliptic curve based.
By and large, anything whose security relies on discrete log can be implemented using an elliptic curve, but beginning cryptography classes treat that as an implementation detail because mostly all you need is a prime-order group, and elliptic curves can mostly be treated as a black-box prime order group.
(BLS signatures are an exception; they require a bilinear pairing, which in turn requires a special kind of elliptic curve that's not just a black-box prime order group.)
There are all sorts of great algebraic geometry tricks to be played with elliptic curves, but those almost certainly aren't going to be found in an intro crypto class, or maybe any CS class...
Who is still waiting for Cryptography II course on Coursera? :)))
Count me in!
If anybody's interested in any of the algorithms and papers that underpin most modern cryptography, we created a dedicated page on our site[0] as an homage to the great cryptographers of the last century(!) (and their works).
Thanks for sharing Shane, and nice to see companies engaged with the community on a technical level!
A stellar course!
I took both his in-person and coursera classes, and Dan is a great teacher. Highly recommend.
from site alone, you can tell it's legit
Could seeve me as i'am a noob on this field. Thanks for the share
Excellent course. The only caveat I want to add is, the estimated hours to complete (23 hours) can vary extremely, depending on your 'pre-mastery' of the subject (or lack of it). Prepare and pace yourself considering that.
Dan Boneh is amazing. I took his Cryptography course at Stanford and loved it so much that I ended up having him advise me on my senior thesis. Would highly recommend stuff that he puts out.
Thanks for sharing
A lot of people in this thread seem to be interested in a hands-on, no theory, practical way of learning crypto. If this is you check out (HN MVP tptacek's) cryptopals.com
I took it for the second time recently, this time with the goal to shift my career to cryptography. Still one of the best resources out there imo.
An excellent course and one that has been critical in my professional development. Worth noting that Dan Boneh is also an advisor for a16z crypto's research team[1], and he produces a significant amount of blockchain-related content with them.[2]
If anyone would like to practice some of these lessons in a "capture the flag" format, I would recommend https://cryptohack.org/ -- great site!
This is a fantastic course. I took it in 2018, and that started a snowball of online learning that lead to me doing Georgia Tech’s Online Masters in Computer Science program. I just finished that this semester. These sorts of programs are fantastic structure for life-long learners.
I took this course ages ago, along with the follow up Crypto II. Dan is a great instructor, and his courses helped fill in a number of gaps in my knowledge. Highly recommended!
Very outdated.
Didn't take the class, but always felt like his book was too theoretical. I enjoyed "real world cryptography" and supplemented it with Dan's book.
The book he co-authored, A Graduate Course in Applied Cryptography, has been very helpful.
(Writing as a professional cryptographer.) Schneier's "Applied Cryptography" is about as useful for learning about cryptography as "The Da Vinci Code" for learning about Renaissance. It is a lively book that name-checks relevant concepts, and may even lead someone to develop interest in the actual stuff. (That was my gateway to cryptography!)
Mention Schneier at a gathering of cryptographers, and you'll elicit groans and eye-rolls. The main reason for that is that his book creates an illusion of understanding without instilling tthat it covers literally 1% of what one needs to seriously work in the field. It is also ~30 years old, and was dated even when it appeared.
This is not to diminish the fact that Schneier is an excellent communicator and has done a great service to the security field by being a consistent and effective critic of the domestic security apparatus.
What is a better book? I don't want anyone eye-rolling when I'm LARPing.
What LARP involves academic comparisons of cryptographic algorithms? Whatever it is, it sounds like my sort of thing ;)
A better book for what audience? The scientifically minded can do much worse than "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup (on which the online cryptography course is based). For a more practical angle, I agree with other commenters on this thread: "Cryptography Engineering" (Ferguson, Schneier, Kohno), "Serious Cryptography" (Aumasson) and "Real-World Cryptography" (Wong) are pretty solid.
"Serious Cryptography" is good. There's an updated edition dropping later this year.
"Real World Cryptography" is also good.
When you say "Mention Schneier," do you mean Schneier himself or Applied Cryptography specifically? I was unaware of any particular generalized disdain for the man, though I'm certainly aware of plenty for the book, which you've summarized quite well.
I remember in the intro to one of his later books (Cryptography Engineering, I think), Schneier actually apologized for making a book that was in many ways quite dangerous, and said his newer work was in an effort to make something a bit more focused on providing people with the firm foundations they'd need to do responsible work in cryptography.
That said, Applied Cryptography is a very inspiring book in many ways (which is both the best thing and worst thing about it, because it's not obvious upon reading it just how unprepared the reader is to act on that inspiration). I really wish someone would go write a new Applied Cryptography that dreams and inspires as much, but balanced with perspective and caution, and based on more recent developments.
The authors had some weird blind spots, even for the time, when Practical Cryptography (now called Cryptography Engineering) was published --- curves and authenticated encryption seem like the two obvious examples.
I'm surprised to hear that. I have never read Applied Cryptography, but I find that an incredibly damning simile (though maybe it wasn't intended to be?). Didn't Schneier develop Blowfish?
I stand by my comment, however harsh it may seem. Some of the disdain held by cryptographers, especially of a certain generation, is in no doubt a reaction to Schneier's prominence in the public eye as Mr. Crypto. The fact that he is highly quotable and media-savvy makes him a go-to person whenever a comment is needed on something (anything!) happening in security.
The cryptographer Dan J. Bernstein once told me a story that Bruce Schneier kept some cryptographic protocol secure for an additional 24 hours. The researcher demonstrating this protocol's weakness based their proof-of-concept on a proof in Schneier's book. However, Schneier's description contained a mathematical error. When the error in the proof-of-concept was pointed out to the researcher at the conference, this researcher went back to their hotel room, discovered the origin of the error in Schneier's text, and fixed the proof-of-concept for the conference-goers by the following day. Thus, Bruce Schneier kept a cryptographic protocol secure for an additional 24 hours.
It is impossible to study cryptography without "all the mathematical details". You can at best implement someone's scheme, but even that is not the best idea, as you're likely to make some mistake somewhere.