Review: "Serious Cryptography- A Practical Introduction to Modern Encryption"

Serious Cryptography – A Practical Introduction to Modern Encryption written by Jean-Philippe Aumasson, is an incredibly detailed and practical guide to modern encryption, written by one of the foremost authorities in applied cryptography and co-designers of the BLAKE2 hash function.

This guide not only provides the fundamental mathematical concepts underpinning modern cryptography, but includes an up to date discussion on cryptographic engineering. 

While a quick scan of the opening pages may be daunting to the uninitiated, Serious Cryptography is written for developers who may have been exposed to cryptography, but still had unanswered questions or concepts that were still unclear. Despite this, Serious Cryptography can be easily picked up by anyone who has a reasonable understanding of mathematical concepts and computer science. 

Serious Cryptography begins with a foreword by Professor Matthew D. Green from Johns Hopkins University, who discusses the problems practitioners face when entering the field of applied cryptography and how this guide is an excellent study of modern encryption and its applications. 

Aumasson has loosely separated the book into four sections. Despite this, each chapter within the sections are largely independent of one another, excluding chapter nine which provides the fundamentals to the subsequent three chapters.

The first section is based around fundamentals, where Aumasson effectively presents the key concepts underpinning the rest of the book, including Encryption, Randomness and Cryptographic Security. The second section moves onto Symmetric Cryptography and deals with Block and Stream Ciphers, Hash Functions, Keyed Hashing and Authenticated Encryption. 

Following this, the third section (as discussed previously) begins with laying out the concepts behind public-key encryption before moving onto RSA, Diffie-Hellman and Elliptic Curves. Finally, section four presents real-life applications for encryption through two topics; TLS and Quantum and Post-Quantum Computing. 

Each chapter begins with Aumasson introducing the topic area, before moving on to discuss common implementation mistakes using real-world examples including well-known ones. This is then followed up with details of what can or could go wrong, before finishing up with how to avoid the issues previously presented.

Throughout each chapter Aumasson presents the mathematical basis underpinning a particular concept through formulae and sequence diagrams, which serve to provide reinforcement and a visual aid to understanding each concept; alongside these, example code is provided to effectively demonstrate both insecure and secure applications.

Finally, each chapter is completed with pointers towards further reading so that the reader can build on the knowledge imparted by Aumasson.

Serious Cryptography leaves the reader with an excellent understanding of the basics of cryptography and knowledge of real-world applications, both secure and insecure. While at times the mathematical concepts can feel heavy, they are expertly used to appropriately demonstrate how a concept works and it’s inherent weaknesses or strengths.

The sheer modernity of the books content guarantees that it will not become obsolete for years to come. Aumasson successfully ensures that the reader has a strong understanding of cryptography’s core ideas and ensures that Serious Cryptography is a must read for anyone wanting to enter cryptographic engineering.

What’s Hot on Infosecurity Magazine?