CS255 Intro to Cryptography was one of my favorite courses as a Stanford student. Dan is an incredible instructor. If you want more Stanford security course material, I also recommend CS253 Web Security (https://web.stanford.edu/class/cs253/) (disclosure: I created this course) and CS356 Topics in Computer and Network Security (https://cs356.stanford.edu/).
Seconding this - I loved 155, 255, and 251 from Professor Boneh. He's very talented and was one of my favorite instructors for multiple years; great at explaining concepts.
I took an online cryptography course from this professor a few years back. It was very good.
Even though I have a background in math that class made me realize I don't want to be a professional cryptographer, which in itself is pretty nice.
But all joking aside I really enjoyed the way that crypto systems were analyzed using demons and games to try and discern the random bit stream from the encrypted bytes.
Same here. I also took the course from Coursera a few years ago and I really enjoyed it. The conclusion? It’s hard to get it right so don’t do crypto yourself! Quite cynical, but it kinda killed my interest in pursuing it further.
Yes that is a lesson I took from it, I'm not sure if it was this class or another one that showed how crypto on a computer could be defeated by monitoring its power consumption while checking a password. Even though the code knew to wait a set amount of time whether or not the password was correct, it wasn't drawing any power after the first incorrect digit allowing attackers to workout the correct digits one at a time.
Excellent course. The only caveat I want to add is, the estimated hours to complete (23 hours) can vary extremely, depending on your 'pre-mastery' of the subject (or lack of it). Prepare and pace yourself considering that.
Looks good, but I wish there was a practicioner-oriented resource for how to use cryptographic libraries that didn't start by focusing on the math. I don't need to know the intricacies of RSA, I need to know how to securely compose it with other primitives to engineer a system with the desired properties.
I wanted to have a better understanding of crypto, simply to feel more confident in writing programs that use existing protocols, and started 'Real-World Cryptography' by David Wong. I'm about 3/4 through, and I've been happy with it. It is light on math, but does go into it a little bit - it seems designed for the kind of person who isn't comfortable using something until they understand how it works under-the-hood, but doesn't actually need to do any under-the-hood work.
It has taught me enough that I think I could compose a protocol out of primitives that on the surface appears to do what I've intended it to do. It has also taught me that there are many subtleties that can completely break a protocol, combining primitives can lead to unexpected weaknesses, and many people who understand crypto far better than I ever will have created broken protocols out of secure primitives.
I'm not sure it's the book you're looking for, but I think it's a good book if you want to understand crypto, but not design your own.
I want to put a word in here for being cautious about the capabilities you can achieve in novel systems --- software developers are often working with multiple whole sieverts of novelty without realizing it --- without having a lot of the boring theory stuff nailed down.
If you're using (say) libsodium to do exactly the kind of thing 100 other developers have successfully used libsodium to do in the past, you're fine. But it takes a deceptively small and subtle set of steps to end up synthesizing a new cryptosystem (see: attempts to build secure messaging systems out of libsodium primitives) without realizing that's what you're doing.
"Secure composition" is definitely covered in the course. It doesn't talk only about the details of RSA (though there are some lectures about that), but also about what security properties different primitives satisfy, how to compose them safely, etc.
A large part of modern cryptography is figuring out secure composition.
A lot of people in this thread seem to be interested in a hands-on, no theory, practical way of learning crypto. If this is you check out (HN MVP tptacek's) cryptopals.com
An excellent course and one that has been critical in my professional development. Worth noting that Dan Boneh is also an advisor for a16z crypto's research team[1], and he produces a significant amount of blockchain-related content with them.[2]
Maybe we're looking at different things, but the link appears to discuss ElGamal encryption, which is discrete log based (which means modern implementations use elliptic curves; historically it would have been discrete log in a subgroup of a large prime field). It also talks about BLS signatures, which are exclusively elliptic curve based.
By and large, anything whose security relies on discrete log can be implemented using an elliptic curve, but beginning cryptography classes treat that as an implementation detail because mostly all you need is a prime-order group, and elliptic curves can mostly be treated as a black-box prime order group.
(BLS signatures are an exception; they require a bilinear pairing, which in turn requires a special kind of elliptic curve that's not just a black-box prime order group.)
There are all sorts of great algebraic geometry tricks to be played with elliptic curves, but those almost certainly aren't going to be found in an intro crypto class, or maybe any CS class...
I would like to add the thought of looking at where these elliptic curves are deployed, things like embedded devices and implementations bitcoin-core libraries for say secp256k1 [0].
Ref:
[0] Optimized C library for EC operations on curve secp256k1
If anybody's interested in any of the algorithms and papers that underpin most modern cryptography, we created a dedicated page on our site[0] as an homage to the great cryptographers of the last century(!) (and their works).
This is a fantastic course. I took it in 2018, and that started a snowball of online learning that lead to me doing Georgia Tech’s Online Masters in Computer Science program. I just finished that this semester. These sorts of programs are fantastic structure for life-long learners.
Dan Boneh is amazing. I took his Cryptography course at Stanford and loved it so much that I ended up having him advise me on my senior thesis. Would highly recommend stuff that he puts out.
I took this course ages ago, along with the follow up Crypto II. Dan is a great instructor, and his courses helped fill in a number of gaps in my knowledge. Highly recommended!
It looks more suitable for those who are into mathematics.
"Applied Cryptography", by Bruce Schneier, is also good for those who, like myself, do not need all the mathematical details behind cryptography.
It is impossible to study cryptography without "all the mathematical details". You can at best implement someone's scheme, but even that is not the best idea, as you're likely to make some mistake somewhere.
(Writing as a professional cryptographer.) Schneier's "Applied Cryptography" is about as useful for learning about cryptography as "The Da Vinci Code" for learning about Renaissance. It is a lively book that name-checks relevant concepts, and may even lead someone to develop interest in the actual stuff. (That was my gateway to cryptography!)
Mention Schneier at a gathering of cryptographers, and you'll elicit groans and eye-rolls. The main reason for that is that his book creates an illusion of understanding without instilling tthat it covers literally 1% of what one needs to seriously work in the field. It is also ~30 years old, and was dated even when it appeared.
This is not to diminish the fact that Schneier is an excellent communicator and has done a great service to the security field by being a consistent and effective critic of the domestic security apparatus.
When you say "Mention Schneier," do you mean Schneier himself or Applied Cryptography specifically? I was unaware of any particular generalized disdain for the man, though I'm certainly aware of plenty for the book, which you've summarized quite well.
I remember in the intro to one of his later books (Cryptography Engineering, I think), Schneier actually apologized for making a book that was in many ways quite dangerous, and said his newer work was in an effort to make something a bit more focused on providing people with the firm foundations they'd need to do responsible work in cryptography.
That said, Applied Cryptography is a very inspiring book in many ways (which is both the best thing and worst thing about it, because it's not obvious upon reading it just how unprepared the reader is to act on that inspiration). I really wish someone would go write a new Applied Cryptography that dreams and inspires as much, but balanced with perspective and caution, and based on more recent developments.
The authors had some weird blind spots, even for the time, when Practical Cryptography (now called Cryptography Engineering) was published --- curves and authenticated encryption seem like the two obvious examples.
The cryptographer Dan J. Bernstein once told me a story that Bruce Schneier kept some cryptographic protocol secure for an additional 24 hours. The researcher demonstrating this protocol's weakness based their proof-of-concept on a proof in Schneier's book. However, Schneier's description contained a mathematical error. When the error in the proof-of-concept was pointed out to the researcher at the conference, this researcher went back to their hotel room, discovered the origin of the error in Schneier's text, and fixed the proof-of-concept for the conference-goers by the following day. Thus, Bruce Schneier kept a cryptographic protocol secure for an additional 24 hours.
I'm surprised to hear that. I have never read Applied Cryptography, but I find that an incredibly damning simile (though maybe it wasn't intended to be?). Didn't Schneier develop Blowfish?
I stand by my comment, however harsh it may seem. Some of the disdain held by cryptographers, especially of a certain generation, is in no doubt a reaction to Schneier's prominence in the public eye as Mr. Crypto. The fact that he is highly quotable and media-savvy makes him a go-to person whenever a comment is needed on something (anything!) happening in security.
A better book for what audience? The scientifically minded can do much worse than "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup (on which the online cryptography course is based). For a more practical angle, I agree with other commenters on this thread: "Cryptography Engineering" (Ferguson, Schneier, Kohno), "Serious Cryptography" (Aumasson) and "Real-World Cryptography" (Wong) are pretty solid.
Videos for CS253 are online here: https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cH...