Paperback
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
In Real-World Cryptography, you will find:
Best practices for using cryptography
Diagrams and explanations of cryptographic algorithms
Implementing digital signatures and zero-knowledge proofs
Specialized hardware for attacks and highly adversarial environments
Identifying and fixing bad practices
Choosing the right cryptographic tool for any problem
Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the technology
Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations.
About the book
Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to read—and it might just save your bacon the next time you’re targeted by an adversary after your data.
What's inside
Implementing digital signatures and zero-knowledge proofs
Specialized hardware for attacks and highly adversarial environments
Identifying and fixing bad practices
Choosing the right cryptographic tool for any problem
About the reader
For cryptography beginners with no previous experience in the field.
About the author
David Wong is a cryptography engineer. He is an active contributor to internet standards including Transport Layer Security.
Table of Contents
PART 1 PRIMITIVES: THE INGREDIENTS OF CRYPTOGRAPHY
1 Introduction
2 Hash functions
3 Message authentication codes
4 Authenticated encryption
5 Key exchanges
6 Asymmetric encryption and hybrid encryption
7 Signatures and zero-knowledge proofs
8 Randomness and secrets
PART 2 PROTOCOLS: THE RECIPES OF CRYPTOGRAPHY
9 Secure transport
10 End-to-end encryption
11 User authentication
12 Crypto as in cryptocurrency?
13 Hardware cryptography
14 Post-quantum cryptography
15 Is this it? Next-generation cryptography
16 When and where cryptography fails
Product Details
ISBN-13: | 9781617296710 |
---|---|
Publisher: | Manning |
Publication date: | 10/12/2021 |
Pages: | 400 |
Product dimensions: | 7.38(w) x 9.25(h) x 0.90(d) |
About the Author
Table of Contents
Preface xv
Acknowledgments xx
About this book xxi
About the author xxvi
About the cover illustration xxvii
Part 1 Primitives: The Ingredients of Cryptography 1
1 Introduction 3
1.1 Cryptography is about securing protocols 4
1.2 Symmetric cryptography: What is symmetric encryption? 5
1.3 Kerckhoff's principle: Only the key is kept secret 7
1.4 Asymmetric cryptography: Two keys are better than one 10
Key exchanges or how to get a shared secret 10
Asymmetric encryption, not like the symmetric one 13
Digital signatures, just like your pen-and-paper signatures 15
1.5 Classifying and abstracting cryptography 17
1.6 Theoretical cryptography vs. real-world cryptography 18
1.7 From theoretical to practical: Choose your own adventure 19
1.8 A word of warning 24
2 Hash functions 25
2.1 What is a hash function? 25
2.2 Security properties of a hash function 28
2.3 Security considerations for hash functions 30
2.4 Hash functions in practice 31
Commitments 32
Subresource integrity 32
BitTorrent 32
Tor 33
2.5 Standardized hash functions 34
The SHA-2 hash function 35
The SHA-3 hash function 38
SHAKE and cSHAKE: Two extendable output functions (XOF) 42
Avoid ambiguous hashing with TupleHash 43
2.6 Hashing passwords 44
3 Message authentication codes 48
3.1 Stateless cookies, a motivating example for MACs 48
3.2 An example in code 51
3.3 Security properties of a MAC 52
Forgery of authentication tag 53
Lengths of authentication tag 53
Replay attacks 54
Verifying authentication tags in constant time 55
3.4 MAC in the real world 57
Message authentication 57
Deriving keys 57
Integrity of cookies 58
Hash tables 58
3.5 Message authentication codes (MACs) in practice 58
HMAC, a hash-based MAC 58
KMAQ a MAC based on cSHAKE 59
3.6 SHA-2 and length-extension attacks 60
4 Authenticated encryption 64
4.1 What's a cipher? 65
4.2 The Advanced Encryption Standard (AES) block cipher 66
How much security does AES provide? 67
The interface of AES 67
The internals of AES 68
4.3 The encrypted penguin and the CBC mode of operation 70
4.4 A lack of authenticity, hence AES-CBC-HMAC 73
4.5 All-in-one constructions: Authenticated encryption 74
What's authenticated encryption with associated data (AEAD)? 75
The AES-GCM AEAD 76
ChaCha20-Polyl305 81
4.6 Other kinds of symmetric encryption 84
Key wrapping 84
Nonce misuse-resistant authenticated encryption 85
Disk encryption 85
Database encryption 85
5 Key exchanges 87
5.1 What are key exchanges? 88
5.2 The Diffie-Hellman (DH) key exchange 91
Group theory 91
The discrete logarithm problem: The basis of Diffie-Hellman 95
The Diffie-Hellman standards 97
5.3 The Elliptic Curve Diffie-Hellman (ECDH) key exchange 98
What's an elliptic curve? 98
How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work? 102
The standards for Elliptic Curve Diffie-Hellman 103
5.4 Small subgroup attacks and other security considerations 105
6 Asymmetric encryption and hybrid encryption 109
6.1 What is asymmetric encryption? 110
6.2 Asymmetric encryption in practice and hybrid encryption 111
Key exchanges and key encapsulation 112
Hybrid encryption 113
6.3 Asymmetric encryption with RSA: The bad and the less bad 117
Textbook RSA 117
Why not to use RSA PKCSM#1 v1.5 121
Asymmetric encryption with RSA-OAEP 123
6.4 Hybrid encryption with ECIES 126
7 Signatures and zero-knowledge proofs 129
7.1 What is a signature? 130
How to sign and verify signatures in practice 131
A prime use case for signatures: Authenticated key exchanges 132
A real-world usage: Public key infrastructures 133
7.2 Zero-knowledge proofs (ZKPs): The origin of signatures 134
Schnorr identification protocol: An interactive zero-knowledge proof 134
Signatures as non-interactive zero-knowledge proofs 137
7.3 The signature algorithms you should use (or not) 138
RSA PKCS#1 v1.5: A bad standard 139
RSA-PSS: A better standard 142
The Elliptic Curve Digital Signature Algorithm (ECDSA) 143
The Edwards-curve Digital Signature Algorithm (EdDSA) 145
7.4 Subtle behaviors of signature schemes 149
Substitution attacks on signatures 149
Signature malleability 150
8 Randomness and secrets 152
8.1 What's randomness? 153
8.2 Slow randomness? Use a pseudorandom number generator (PRNG) 155
8.3 Obtaining randomness in practice 158
8.4 Randomness generation and security considerations 161
8.5 Public randomness 163
8.6 Key derivation with HKDF 164
8.7 Managing keys and secrets 168
8.8 Decentralize trust with threshold cryptography 169
Part 2 Protocols: The Recipes of Cryptography 175
9 Secure transport 177
9.1 The SSL and TLS secure transport protocols 177
From SSL to TLS 178
Using TLS in practice 179
9.2 How does the TLS protocol work? 181
The TLS handshake 181
How TLS 1.3 encrypts application data 194
9.3 The state of the encrypted web today 194
9.4 Other secure transport protocols 197
9.5 The Noise protocol framework: A modern alternative to TLS 197
The many handshakes of Noise 198
A handshake with Noise 199
10 End-to-end encryption 201
10.1 Why end-to-end encryption? 202
10.2 A root of trust nowhere to be found 203
10.3 The failure of encrypted email 205
PGP or GPG? And how does it work? 205
Scaling trust between -users with the web of trust 208
Key discovery is a real issue 208
If not PGP, then what? 210
10.4 Secure messaging: A modern look at end-to-end encryption with Signal 211
More user-friendly than the WOT: Trust but verify 212
X3DH: the Signal protocol's handshake 215
Double Ratchet: Signal's post-handshake protocol 218
10.5 The state of end-to-end encryption 222
11 User authentication 226
11.1 A recap of authentication 227
11.2 User authentication, or the quest to get rid of passwords 228
One password to rule them all: Single sign-on (SSO) and password managers 231
Don't want to see their passwords? Use an asymmetric password-authenticated key exchange 232
One-time passwords aren't really passwords: Going passwordless with symmetric keys 236
Replacing passwords with asymmetric keys 239
11.3 User-aided authentication: Pairing devices using some human help 242
Pre-shared keys 244
Symmetric password-authenticated key exchanges with CPace 245
Was my key exchange MITM'd? Just check a short authenticated string (SAS) 246
12 Crypto as in cryptocurrency? 251
12.1 A gentle introduction to Byzantine fault-tolerant (BFT) consensus algorithms 252
A problem of resilience: Distributed protocols to the rescue 252
A problem of trust? Decentralization helps 254
A problem of scale: Permissionless and censorship-resistant networks 255
12.2 How does Bitcoin work? 257
How Bitcoin handles user balances and transactions 257
Mining BTCs in the digital age of gold 259
Forking hell! Solving conflicts in mining 263
Reducing a block's size by using Merkle trees 265
12.3 A tour of cryptocurrencies 267
Volatility 267
Latency 267
Blockchain size 268
Confidentiality 268
Energy efficiency 268
12.4 DiemBFT: A Byzantine fault-tolerant (BFT) consensus protocol 269
Safety and liveness: The two properties of a BFT consensus protocol 269
A round in the DiemBFT protocol 270
How much dishonesty can the protocol tolerate? 270
The DiemBFT rules of voting 271
When are transactions considered finalized? 273
The intuitions behind the safety of DiemBFT 273
13 Hardware cryptography 277
13.1 Modern cryptography attacker model 278
13.2 Untrusted environments: Hardware to the rescue 279
White box cryptography, a bad idea 280
They're in your wallet: Smart cards and secure elements 281
Banks love them: Hardware security modules (HSMs) 283
Trusted Platform Modules (TPMs): A useful standardization of secure elements 285
Confidential computing with a trusted execution environment (TEE) 288
13.3 What solution is good for me? 289
13.4 Leakage-resilient cryptography or how to mitigate side-channel attacks in software 291
Constant-time programming 293
Don't use the secret! Masking and blinding 294
What about fault attacks? 295
14 Post-quantum cryptography 298
14.1 What are quantum computers and why are they scaring cryptographers? 299
Quantum mechanics, the study of the small 299
From the birth of quantum computers to quantum supremacy 302
The impact of Grover and Shor's algorithms on cryptography 303
Post-quantum cryptography, the defense against quantum computers 304
14.2 Hash-based signatures: Don't need anything but a hash function 305
One-time signatures (OTS) with Lamport signatures 305
Smaller keys with Winternitz one-time signatures (WOTS) 307
Many-times signatures with XMSS and SPHLNCS+ 308
14.3 Shorter keys and signatures with lattice-based cryptography 311
What's a lattice? 311
Learning with errors (LWE), a basis for cryptography? 313
Kyber, a lattice-based key exchange 314
Dilithium, a lattice-based signature scheme 316
14.4 Do I need to panic? 318
15 Is this it? Next-generation cryptography 321
15.1 The more the merrier: Secure multi-party computation (MPC) 322
Private set intersection (PSI) 323
General-purpose MPC 324
The state of MPC 326
15.2 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud 326
An example of homomorphic encryption with RSA encryption 327
The different types of homomorphic encryption 327
Bootstrapping, the key to fully homomorphic encryption 328
An FHE scheme based on the learning with errors problem 330
Where is it used? 332
15.3 General-purpose zero-knowledge proofs (ZKPs) 332
How zk-SNARKs work 335
Homomorphic commitments to hide parts of the proof 336
Bilinear pairings to improve our homomorphic commitments 336
Where does the succinctness come from? 337
From programs to polynomials 338
Programs are for computers; we need arithmetic circuits instead 338
An arithmetic circuit to a rank-1 constraint system (R1CS) 339
From R1CS to a polynomial 340
It takes two to evaluate a polynomial hiding in the exponent 340
16 When and where cryptography fails 343
16.1 Finding the right cryptographic primitive or protocol is a boring job 344
16.2 How do I use a cryptographic primitive or protocol? Polite standards and formal verification 345
16.3 Where are the good libraries? 348
16.4 Misusing cryptography: Developers are the enemy 349
16.5 You're doing it wrong; Usable security 351
16.6 Cryptography is not an island 352
16.7 Your responsibilities as a cryptography practitioner, don't roll your own crypto 353
Appendix Answers to exercises 357
Index 361