English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 89 Lessons (13h 54m) | 1.74 GB

An all-practical guide to the cryptography behind common tools and protocols that will help you make excellent security choices for your systems and applications.

In Real-World Cryptography you will find:

- Best practices for using cryptography
- Diagrams and explanations of cryptographic algorithms
- Implementing digital signatures and zero-knowledge proofs
- Specialized hardware for attacks and highly adversarial environments
- Identifying and fixing bad practices
- Choosing the right cryptographic tool for any problem

Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice.

Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations.

Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to listen to—and it might just save your bacon the next time you’re targeted by an adversary after your data.

A staggeringly comprehensive review of the state of modern cryptography. Essential for anyone getting up to speed in information security.

Thomas Doylend, Green Rocket Security

## Table of Contents

1 Primitives – The ingredients of cryptography

2 Introduction

3 Kerckhoff’s principle – Only the key is kept secret

4 Key exchanges or how to get a shared secret

5 Classifying and abstracting cryptography

6 From theoretical to practical – Choose your own adventure – Part 1

7 From theoretical to practical – Choose your own adventure – Part 2

8 Hash functions

9 Security considerations for hash functions

10 Standardized hash functions

11 The SHA-3 hash function

12 Avoid ambiguous hashing with TupleHash

13 Message authentication codes

14 Security properties of a MAC

15 Integrity of cookies

16 Authenticated encryption

17 The interface of AES

18 A lack of authenticity, hence AES-CBC-HMAC

19 The AES-GCM AEAD

20 ChaCha20-Poly1305

21 Other kinds of symmetric encryption

22 Key exchanges

23 Group theory

24 The discrete logarithm problem – The basis of Diffie-Hellman

25 The Elliptic Curve Diffie-Hellman (ECDH) key exchange

26 How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work

27 Small subgroup attacks and other security considerations

28 Asymmetric encryption and hybrid encryption

29 Hybrid encryption

30 Textbook RSA

31 Asymmetric encryption with RSA-OAEP

32 Signatures and zero-knowledge proofs

33 Zero-knowledge proofs (ZKPs) – The origin of signatures

34 The signature algorithms you should use (or not)

35 RSA-PSS – A better standard

36 The Edwards-curve Digital Signature Algorithm (EdDSA)

37 Subtle behaviors of signature schemes

38 Randomness and secrets

39 Slow randomness Use a pseudorandom number generator (PRNG)

40 Obtaining randomness in practice

41 Public randomness

42 Managing keys and secrets

43 Protocols – The recipes of cryptography

44 Secure transport

45 How does the TLS protocol work

46 The TLS handshake – Part 1

47 The TLS handshake – Part 2

48 How TLS 1.3 encrypts application data

49 The Noise protocol framework – A modern alternative to TLS

50 End-to-end encryption

51 The failure of encrypted email

52 Key discovery is a real issue

53 More user-friendly than the WOT – Trust but verify

54 Double Ratchet – Signal’s post-handshake protocol

55 User authentication

56 One password to rule them all – Single sign-on (SSO) and password managers

57 Don’t want to see their passwords Use an asymmetric password-authenticated key exchange

58 One-time passwords aren’t really passwords – Going passwordless with symmetric keys

59 User-aided authentication – Pairing devices using some human help

60 Was my key exchange MITM’d Just check a short authenticated string (SAS)

61 Crypto as in cryptocurrency

62 A problem of trust Decentralization helps

63 How does Bitcoin work

64 Forking hell! Solving conflicts in mining

65 A tour of cryptocurrencies

66 A round in the DiemBFT protocol

67 Hardware cryptography

68 They’re in your wallet – Smart cards and secure elements

69 Banks love them – Hardware security modules (HSMs)

70 Trusted Platform Modules (TPMs) – A useful standardization of secure elements

71 Confidential computing with a trusted execution environment (TEE)

72 What solution is good for me

73 Constant-time programming

74 Post-quantum cryptography

75 From the birth of quantum computers to quantum supremacy

76 Hash-based signatures – Don’t need anything but a hash function

77 Many-times signatures with XMSS and SPHINCS+

78 Shorter keys and signatures with lattice-based cryptography

79 Kyber, a lattice-based key exchange

80 Do I need to panic

81 Is this it Next-generation cryptography

82 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud

83 Chapter 15 Where is it used.

84 Homomorphic commitments to hide parts of the proof

85 An arithmetic circuit to a rank-1 constraint system (R1CS)

86 When and where cryptography fails

87 Where are the good libraries

88 Cryptography is not an island

89 Appendix. Answers to exercises

Resolve the captcha to access the links!