Real-World Cryptography Год издания: 2021 Автор: David Wong Жанр или тематика: Криптография Издательство: Manning ISBN: 978-1-61729-671-0 Язык: Английский Формат: EPUB Качество: Издательский макет или текст (eBook) Интерактивное оглавление: Да Количество страниц: 400 Описание: An all-practical guide to the cryptography behind common tools and protocols that will help you make excellent security choices for your systems and applications. In Real-World Cryptography, you will find: * Best practices for using cryptography * Diagrams and explanations of cryptographic algorithms * Implementing digital signatures and zero-knowledge proofs * Specialized hardware for attacks and highly adversarial environments * Identifying and fixing bad practices * Choosing the right cryptographic tool for any problem Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations. About the book Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to read—and it might just save your bacon the next time you’re targeted by an adversary after your data. What's inside * Implementing digital signatures and zero-knowledge proofs * Specialized hardware for attacks and highly adversarial environments * Identifying and fixing bad practices * Choosing the right cryptographic tool for any problem About the reader For cryptography beginners with no previous experience in the field. About the author David Wong is a cryptography engineer. He is an active contributor to internet standards including Transport Layer Security. Оглавление Copyrightdedicationcontentsfront matter preface A book, years in the making The real-world cryptographer curriculum Where most of the bugs are A need for a new book? acknowledgments about this book Who should read this book Students Security practitioners Developers who use cryptography directly or indirectly Cryptographers curious about other fields Engineering and product managers who want to understand more Curious people who want to know what real-world crypto is about Assumed knowledge, the long version How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustrationPart 1. Primitives: The ingredients of cryptography1 Introduction 1.1 Cryptography is about securing protocols 1.2 Symmetric cryptography: What is symmetric encryption? 1.3 Kerckhoff’s principle: Only the key is kept secret 1.4 Asymmetric cryptography: Two keys are better than one 1.4.1 Key exchanges or how to get a shared secret 1.4.2 Asymmetric encryption, not like the symmetric one 1.4.3 Digital signatures, just like your pen-and-paper signatures 1.5 Classifying and abstracting cryptography 1.6 Theoretical cryptography vs. real-world cryptography 1.7 From theoretical to practical: Choose your own adventure 1.8 A word of warning Summary2 Hash functions 2.1 What is a hash function? 2.2 Security properties of a hash function 2.3 Security considerations for hash functions 2.4 Hash functions in practice 2.4.1 Commitments 2.4.2 Subresource integrity 2.4.3 BitTorrent 2.4.4 Tor 2.5 Standardized hash functions 2.5.1 The SHA-2 hash function 2.5.2 The SHA-3 hash function 2.5.3 SHAKE and cSHAKE: Two extendable output functions (XOF) 2.5.4 Avoid ambiguous hashing with TupleHash 2.6 Hashing passwords Summary3 Message authentication codes 3.1 Stateless cookies, a motivating example for MACs 3.2 An example in code 3.3 Security properties of a MAC 3.3.1 Forgery of authentication tag 3.3.2 Lengths of authentication tag 3.3.3 Replay attacks 3.3.4 Verifying authentication tags in constant time 3.4 MAC in the real world 3.4.1 Message authentication 3.4.2 Deriving keys 3.4.3 Integrity of cookies 3.4.4 Hash tables 3.5 Message authentication codes (MACs) in practice 3.5.1 HMAC, a hash-based MAC 3.5.2 KMAC, a MAC based on cSHAKE 3.6 SHA-2 and length-extension attacks Summary4 Authenticated encryption 4.1 What’s a cipher? 4.2 The Advanced Encryption Standard (AES) block cipher 4.2.1 How much security does AES provide? 4.2.2 The interface of AES 4.2.3 The internals of AES 4.3 The encrypted penguin and the CBC mode of operation 4.4 A lack of authenticity, hence AES-CBC-HMAC 4.5 All-in-one constructions: Authenticated encryption 4.5.1 What’s authenticated encryption with associated data (AEAD)? 4.5.2 The AES-GCM AEAD 4.5.3 ChaCha20-Poly1305 4.6 Other kinds of symmetric encryption 4.6.1 Key wrapping 4.6.2 Nonce misuse-resistant authenticated encryption 4.6.3 Disk encryption 4.6.4 Database encryption Summary5 Key exchanges 5.1 What are key exchanges? 5.2 The Diffie-Hellman (DH) key exchange 5.2.1 Group theory 5.2.2 The discrete logarithm problem: The basis of Diffie-Hellman 5.2.3 The Diffie-Hellman standards 5.3 The Elliptic Curve Diffie-Hellman (ECDH) key exchange 5.3.1 What’s an elliptic curve? 5.3.2 How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work? 5.3.3 The standards for Elliptic Curve Diffie-Hellman 5.4 Small subgroup attacks and other security considerations Summary6 Asymmetric encryption and hybrid encryption 6.1 What is asymmetric encryption? 6.2 Asymmetric encryption in practice and hybrid encryption 6.2.1 Key exchanges and key encapsulation 6.2.2 Hybrid encryption 6.3 Asymmetric encryption with RSA: The bad and the less bad 6.3.1 Textbook RSA 6.3.2 Why not to use RSA PKCS#1 v1.5 6.3.3 Asymmetric encryption with RSA-OAEP 6.4 Hybrid encryption with ECIES Summary7 Signatures and zero-knowledge proofs 7.1 What is a signature? 7.1.1 How to sign and verify signatures in practice 7.1.2 A prime use case for signatures: Authenticated key exchanges 7.1.3 A real-world usage: Public key infrastructures 7.2 Zero-knowledge proofs (ZKPs): The origin of signatures 7.2.1 Schnorr identification protocol: An interactive zero-knowledge proof 7.2.2 Signatures as non-interactive zero-knowledge proofs 7.3 The signature algorithms you should use (or not) 7.3.1 RSA PKCS#1 v1.5: A bad standard 7.3.2 RSA-PSS: A better standard 7.3.3 The Elliptic Curve Digital Signature Algorithm (ECDSA) 7.3.4 The Edwards-curve Digital Signature Algorithm (EdDSA) 7.4 Subtle behaviors of signature schemes 7.4.1 Substitution attacks on signatures 7.4.2 Signature malleability Summary8 Randomness and secrets 8.1 What’s randomness? 8.2 Slow randomness? Use a pseudorandom number generator (PRNG) 8.3 Obtaining randomness in practice 8.4 Randomness generation and security considerations 8.5 Public randomness 8.6 Key derivation with HKDF 8.7 Managing keys and secrets 8.8 Decentralize trust with threshold cryptography SummaryPart 2. Protocols: The recipes of cryptography9 Secure transport 9.1 The SSL and TLS secure transport protocols 9.1.1 From SSL to TLS 9.1.2 Using TLS in practice 9.2 How does the TLS protocol work? 9.2.1 The TLS handshake 9.2.2 How TLS 1.3 encrypts application data 9.3 The state of the encrypted web today 9.4 Other secure transport protocols 9.5 The Noise protocol framework: A modern alternative to TLS 9.5.1 The many handshakes of Noise 9.5.2 A handshake with Noise Summary10 End-to-end encryption 10.1 Why end-to-end encryption? 10.2 A root of trust nowhere to be found 10.3 The failure of encrypted email 10.3.1 PGP or GPG? And how does it work? 10.3.2 Scaling trust between users with the web of trust 10.3.3 Key discovery is a real issue 10.3.4 If not PGP, then what? 10.4 Secure messaging: A modern look at end-to-end encryption with Signal 10.4.1 More user-friendly than the WOT: Trust but verify 10.4.2 X3DH: the Signal protocol’s handshake 10.4.3 Double Ratchet: Signal’s post-handshake protocol 10.5 The state of end-to-end encryption Summary11 User authentication 11.1 A recap of authentication 11.2 User authentication, or the quest to get rid of passwords 11.2.1 One password to rule them all: Single sign-on (SSO) and password managers 11.2.2 Don’t want to see their passwords? Use an asymmetric password-authenticated key exchange 11.2.3 One-time passwords aren’t really passwords: Going passwordless with symmetric keys 11.2.4 Replacing passwords with asymmetric keys 11.3 User-aided authentication: Pairing devices using some human help 11.3.1 Pre-shared keys 11.3.2 Symmetric password-authenticated key exchanges with CPace 11.3.3 Was my key exchange MITM’d? Just check a short authenticated string (SAS) Summary12 Crypto as in cryptocurrency? 12.1 A gentle introduction to Byzantine fault-tolerant (BFT) consensus algorithms 12.1.1 A problem of resilience: Distributed protocols to the rescue 12.1.2 A problem of trust? Decentralization helps 12.1.3 A problem of scale: Permissionless and censorship-resistant networks 12.2 How does Bitcoin work? 12.2.1 How Bitcoin handles user balances and transactions 12.2.2 Mining BTCs in the digital age of gold 12.2.3 Forking hell! Solving conflicts in mining 12.2.4 Reducing a block’s size by using Merkle trees 12.3 A tour of cryptocurrencies 12.3.1 Volatility 12.3.2 Latency 12.3.3 Blockchain size 12.3.4 Confidentiality 12.3.5 Energy efficiency 12.4 DiemBFT: A Byzantine fault-tolerant (BFT) consensus protocol 12.4.1 Safety and liveness: The two properties of a BFT consensus protocol 12.4.2 A round in the DiemBFT protocol 12.4.3 How much dishonesty can the protocol tolerate? 12.4.4 The DiemBFT rules of voting 12.4.5 When are transactions considered finalized? 12.4.6 The intuitions behind the safety of DiemBFT Summary13 Hardware cryptography 13.1 Modern cryptography attacker model 13.2 Untrusted environments: Hardware to the rescue 13.2.1 White box cryptography, a bad idea 13.2.2 They’re in your wallet: Smart cards and secure elements 13.2.3 Banks love them: Hardware security modules (HSMs) 13.2.4 Trusted Platform Modules (TPMs): A useful standardization of secure elements 13.2.5 Confidential computing with a trusted execution environment (TEE) 13.3 What solution is good for me? 13.4 Leakage-resilient cryptography or how to mitigate side-channel attacks in software 13.4.1 Constant-time programming 13.4.2 Don’t use the secret! Masking and blinding 13.4.3 What about fault attacks? Summary14 Post-quantum cryptography 14.1 What are quantum computers and why are they scaring cryptographers? 14.1.1 Quantum mechanics, the study of the small 14.1.2 From the birth of quantum computers to quantum supremacy 14.1.3 The impact of Grover and Shor’s algorithms on cryptography 14.1.4 Post-quantum cryptography, the defense against quantum computers 14.2 Hash-based signatures: Don’t need anything but a hash function 14.2.1 One-time signatures (OTS) with Lamport signatures 14.2.2 Smaller keys with Winternitz one-time signatures (WOTS) 14.2.3 Many-times signatures with XMSS and SPHINCS+ 14.3 Shorter keys and signatures with lattice-based cryptography 14.3.1 What’s a lattice? 14.3.2 Learning with errors (LWE), a basis for cryptography? 14.3.3 Kyber, a lattice-based key exchange 14.3.4 Dilithium, a lattice-based signature scheme 14.4 Do I need to panic? Summary15 Is this it? Next-generation cryptography 15.1 The more the merrier: Secure multi-party computation (MPC) 15.1.1 Private set intersection (PSI) 15.1.2 General-purpose MPC 15.1.3 The state of MPC 15.2 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud 15.2.1 An example of homomorphic encryption with RSA encryption 15.2.2 The different types of homomorphic encryption 15.2.3 Bootstrapping, the key to fully homomorphic encryption 15.2.4 An FHE scheme based on the learning with errors problem 15.2.5 Where is it used? 15.3 General-purpose zero-knowledge proofs (ZKPs) 15.3.1 How zk-SNARKs work 15.3.2 Homomorphic commitments to hide parts of the proof 15.3.3 Bilinear pairings to improve our homomorphic commitments 15.3.4 Where does the succinctness come from? 15.3.5 From programs to polynomials 15.3.6 Programs are for computers; we need arithmetic circuits instead 15.3.7 An arithmetic circuit to a rank-1 constraint system (R1CS) 15.3.8 From R1CS to a polynomial 15.3.9 It takes two to evaluate a polynomial hiding in the exponent Summary16 When and where cryptography fails 16.1 Finding the right cryptographic primitive or protocol is a boring job 16.2 How do I use a cryptographic primitive or protocol? Polite standards and formal verification 16.3 Where are the good libraries? 16.4 Misusing cryptography: Developers are the enemy 16.5 You’re doing it wrong: Usable security 16.6 Cryptography is not an island 16.7 Your responsibilities as a cryptography practitioner, don’t roll your own crypto SummaryAppendix. Answers to exercises Chapter 2 Chapter 3 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11index[/pre]
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}