Charlie Kaufman is currently Security Architect for Dell Storage Systems. Previously, he was the Security Architect for Microsoft Azure and before that for Lotus Notes. He has contributed to a number of IETF standards efforts including IPsec, S/MIME, and DNSSEC and served as a member of the Internet Architecture Board. He served on the National Academy of Sciences expert panel that wrote the book Trust In Cyberspace.

Radia Perlman is currently a Fellow at Dell Technologies. She is known for her contributions to bridging (spanning tree algorithm), routing (link state routing), and security (distributed systems robust despite malicious participants). She's the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocol. She's been elected to the National Academy of Engineering, the National Inventors Hall of Fame, the Internet Hall of Fame, and awarded lifetime achievement awards from Usenix and ACM's SIGCOMM. She has a PhD in computer science from MIT.

Mike Speciner is an MIT-trained technologist with expertise in mathematics, physics, and computer science. He currently serves as CTO and cofounder of The Singing Torah. His hobby is writing software for educational purposes in various common and obscure programming languages.

Ray Perlner is a Mathematician in the Cryptographic Technology Group of the National Institute of Standards and Technology. He has over a dozen research papers focusing primarily on post-quantum cryptography. He has degrees in both physics and mathematics from MIT.

Chapter 1 Introduction

1.1 Opinions, Products

1.2 Roadmap to the Book

1.3 Terminology

1.4 Notation

1.5 Cryptographically Protected Sessions

1.6 Active and Passive Attacks

1.7 Legal Issues

1.7.1 Patents

1.7.2 Government Regulations

1.8 Some Network Basics

1.8.1 Network Layers

1.8.2 TCP and UDP Ports

1.8.3 DNS (Domain Name System)

1.8.4 HTTP and URLs

1.8.5 Web Cookies

1.9 Names for Humans

1.10 Authentication and Authorization

1.10.1 ACL (Access Control List)

1.10.2 Central Administration/Capabilities

1.10.3 Groups

1.10.4 Cross-Organizational and Nested Groups

1.10.5 Roles

1.11 Malware: Viruses, Worms, Trojan Horses

1.11.1 Where Does Malware Come From?

1.11.2 Virus Checkers

1.12 Security Gateway

1.12.1 Firewall

1.12.2 Application-Level Gateway/Proxy

1.12.3 Secure Tunnels

1.12.4 Why Firewalls Don't Work

1.13 Denial-of-Service (DoS) Attacks

1.14 NAT (Network Address Translation)

1.14.1 Summary

Chapter 2 Introduction to Cryptography

2.1 Introduction

2.1.1 The Fundamental Tenet of Cryptography

2.1.2 Keys

2.1.3 Computational Difficulty

2.1.4 To Publish or Not to Publish

2.1.5 Earliest Encryption

2.1.6 One-Time Pad (OTP)

2.2 Secret Key Cryptography

2.2.1 Transmitting Over an Insecure Channel

2.2.2 Secure Storage on Insecure Media

2.2.3 Authentication

2.2.4 Integrity Check

2.3 Public Key Cryptography

2.3.1 Transmitting Over an Insecure Channel

2.3.2 Secure Storage on Insecure Media

2.3.3 Authentication

2.3.4 Digital Signatures

2.4 Hash Algorithms

2.4.1 Password Hashing

2.4.2 Message Integrity

2.4.3 Message Fingerprint

2.4.4 Efficient Digital Signatures

2.5 Breaking an Encryption Scheme

2.5.1 Ciphertext Only

2.5.2 Known Plaintext

2.5.3 Chosen Plaintext

2.5.4 Chosen Ciphertext

2.5.5 Side-Channel Attacks

2.6 Random Numbers

2.6.1 Gathering Entropy

2.6.2 Generating Random Seeds

2.6.3 Calculating a Pseudorandom Stream from the Seed

2.6.4 Periodic Reseeding

2.6.5 Types of Random Numbers

2.6.6 Noteworthy Mistakes

2.7 Numbers

2.7.1 Finite Fields

2.7.2 Exponentiation

2.7.3 Avoiding a Side-Channel Attack

2.7.4 Types of Elements used in Cryptography

2.7.5 Euclidean Algorithm

2.7.6 Chinese Remainder Theorem

2.8 Homework

Chapter 3 Secret Key Cryptography

3.1 Introduction

3.2 Generic Block Cipher Issues

3.2.1 Blocksize, Keysize

3.2.2 Completely General Mapping

3.2.3 Looking Random

3.3 Constructing a Practical Block Cipher

3.3.1 Per-Round Keys

3.3.2 S-boxes and Bit Shuffles

3.3.3 Feistel Ciphers

3.4 Choosing Constants

3.5 Data Encryption Standard (DES)

3.5.1 DES Overview

3.5.2 The Mangler Function

3.5.3 Undesirable Symmetries

3.5.4 What's So Special About DES?

3.6 3DES (Multiple Encryption DES)

3.6.1 How Many Encryptions?

3.6.1.1 Encrypting Twice with the Same Key

3.6.1.2 Encrypting Twice with Two Keys

3.6.1.3 Triple Encryption with Only Two Keys

3.6.2 Why EDE Rather Than EEE?

3.7 Advanced Encryption Standard (AES)

3.7.1 Origins of AES

3.7.2 Broad Overview

3.7.3 AES Overview

3.7.4 Key Expansion

3.7.5 Inverse Rounds

3.7.6 Software Implementations of AES

3.8 RC4

3.9 Homework

Chapter 4 Modes of Operation

4.1 Introduction

4.2 Encrypting a Large Message

4.2.1 ECB (Electronic Code Book)

4.2.2 CBC (Cipher Block Chaining)

4.2.2.1 Randomized ECB

4.2.2.2 CBC

4.2.2.3 CBC ThreatModifying Ciphertext Blocks

4.2.3 CTR (Counter Mode)

4.2.3.1 Choosing IVs for CTR Mode

4.2.4 XEX (XOR Encrypt XOR)

4.2.5 XTS (XEX with Ciphertext Stealing)

4.3 Generating MACs

4.3.1 CBC-MAC

4.3.1.1 CBC Forgery Attack

4.3.2 CMAC

4.3.3 GMAC

4.3.3.1 GHASH

4.3.3.2 Transforming GHASH into GMAC

4.4 Ensuring Privacy and Integrity Together

4.4.1 CCM (Counter with CBC-MAC)

4.4.2 GCM (Galois/Counter Mode)

4.5 Performance Issues

4.6 Homework

Chapter 5 Cryptographic Hashes

5.1 Introduction

5.2 The Birthday Problem

5.3 A Brief History of Hash Functions

5.4 Nifty Things to Do with a Hash

5.4.1 Digital Signatures

5.4.2 Password Database

5.4.3 Secure Shorthand of Larger Piece of Data

5.4.4 Hash Chains

5.4.5 Blockchain

5.4.6 Puzzles

5.4.7 Bit Commitment

5.4.8 Hash Trees

5.4.9 Authentication

5.4.10 Computing a MAC with a Hash

5.4.11 HMAC

5.4.12 Encryption with a Secret and a Hash Algorithm

5.5 Creating a Hash Using a Block Cipher

5.6 Construction of Hash Functions

5.6.1 Construction of MD4, MD5, SHA-1 and SHA-2

5.6.2 Construction of SHA-3

5.7 Padding

5.7.1 MD4, MD5, SHA-1, and SHA2-256 Message Padding

5.7.2 SHA-3 Padding Rule

5.8 The Internal Encryption Algorithms

5.8.1 SHA-1 Internal Encryption Algorithm

5.8.2 SHA-2 Internal Encryption Algorithm

5.9 SHA-3 f Function (Also Known as KECCAK-f)

5.10 Homework

Chapter 6 First-Generation Public Key Algorithms

6.1 Introduction

6.2 Modular Arithmetic

6.2.1 Modular Addition

6.2.2 Modular Multiplication

6.2.3 Modular Exponentiation

6.2.4 Fermat's Theorem and Euler's Theorem

6.3 RSA

6.3.1 RSA Algorithm

6.3.2 Why Does RSA Work?

6.3.3 Why Is RSA Secure?

6.3.4 How Efficient Are the RSA Operations?

6.3.4.1 Exponentiating with Big Numbers

6.3.4.2 Generating RSA Keys

6.3.4.3 Why a Non-Prime Has Multiple Square Roots of One

6.3.4.4 Having a Small Constant e

6.3.4.5 Optimizing RSA Private Key Operations

6.3.5 Arcane RSA Threats

6.3.5.1 Smooth Numbers

6.3.5.2 The Cube Root Problem

6.3.6 Public-Key Cryptography Standard (PKCS)

6.3.6.1 Encryption

6.3.6.2 The Million-Message Attack

6.3.6.3 Signing

6.4 Diffie-Hellman

6.4.1 MITM (Meddler-in-the-Middle) Attack

6.4.2 Defenses Against MITM Attack

6.4.3 Safe Primes and the Small-Subgroup Attack

6.4.4 ElGamal Signatures

6.5 Digital Signature Algorithm (DSA)

6.5.1 The DSA Algorithm

6.5.2 Why Is This Secure?

6.5.3 Per-Message Secret Number

6.6 How Secure Are RSA and Diffie-Hellman?

6.7 Elliptic Curve Cryptography (ECC)

6.7.1 Elliptic Curve Diffie-Hellman (ECDH)

6.7.2 Elliptic Curve Digital Signature Algorithm (ECDSA)

6.8 Homework

Chapter 7 Quantum Computing

7.1 What Is a Quantum Computer?

7.1.1 A Preview of the Conclusions

7.1.2 First, What Is a Classical Computer?

7.1.3 Qubits and Superposition

7.1.3.1 Example of a Qubit

7.1.3.2 Multi-Qubit States and Entanglement

7.1.4 States and Gates as Vectors and Matrices

7.1.5 Becoming Superposed and Entangled

7.1.6 Linearity

7.1.6.1 No Cloning Theorem

7.1.7 Operating on Entangled Qubits

7.1.8 Unitarity

7.1.9 Doing Irreversible Operations by Measurement

7.1.10 Making Irreversible Classical Operations Reversible

7.1.11 Universal Gate Sets

7.2 Grover's Algorithm

7.2.1 Geometric Description

7.2.2 How to Negate the Amplitude of |k

7.2.3 How to Reflect All the Amplitudes Across the Mean

7.2.4 Parallelizing Grover's Algorithm

7.3 Shor's Algorithm

7.3.1 Why Exponentiation mod n Is a Periodic Function

7.3.2 How Finding the Period of ax mod n Lets You Factor n

7.3.3 Overview of Shor's Algorithm

7.3.4 Converting to the Frequency GraphIntroduction

7.3.5 The Mechanics of Converting to the Frequency Graph

7.3.6 Calculating the Period

7.3.7 Quantum Fourier Transform

7.4 Quantum Key Distribution (QKD)

7.4.1 Why It's Sometimes Called Quantum Encryption

7.4.2 Is Quantum Key Distribution Important?

7.5 How Hard Are Quantum Computers to Build?

7.6 Quantum Error Correction

7.7 Homework

Chapter 8 Post-Quantum Cryptography

8.1 Signature and/or Encryption Schemes

8.1.1 NIST Criteria for Security Levels

8.1.2 Authentication

8.1.3 Defense Against Dishonest Ciphertext

8.2 Hash-based Signatures

8.2.1 Simplest Scheme Signing a Single Bit

8.2.2 Signing an Arbitrary-sized Message

8.2.3 Signing Lots of Messages

8.2.4 Deterministic Tree Generation

8.2.5 Short Hashes

8.2.6 Hash Chains

8.2.7 Standardized Schemes

8.2.7.1 Stateless Schemes

8.3 Lattice-Based Cryptography

8.3.1 A Lattice Problem

8.3.2 Optimization: Matrices with Structure

8.3.3 NTRU-Encryption Family of Lattice Encryption Schemes

8.3.3.1 Bob Computes a (Public, Private) Key Pair

8.3.3.2 How Bob Decrypts to Find m

8.3.3.3 How Does this Relate to Lattices?

8.3.4 Lattice-Based Signatures

8.3.4.1 Basic Idea

8.3.4.2 Insecure Scheme

8.3.4.3 Fixing the Scheme

8.3.5 Learning with Errors (LWE)

8.3.5.1 LWE Optimizations

8.3.5.2 LWE-based NIST Submissions

8.4 Code-based Schemes

8.4.1 Non-cryptographic Error-correcting Codes

8.4.1.1 Invention Step

8.4.1.2 Codeword Creation Step

8.4.1.3 Misfortune Step

8.4.1.4 Diagnosis Step

8.4.2 The Parity-Check...