Cryptography Engineering
Design Principles and Practical Applications
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Published
- 2010
- Publisher
- Wiley
- Pages
- 384
- Language
- English
Table of contents
23 chapters · 26 sectionsPart I: Introduction
- 1
The Context of Cryptography
- The role of cryptography
- The weakest link property
- The adversarial setting
- Professional paranoia
- Threat model
- Cryptography is not the solution
- Cryptography is very difficult
- Cryptography is the easy part
- 2
Introduction to Cryptography
- Encryption
- Authentication
- Public-key encryption
- Digital signatures
- PKI
- Attacks
- Under the hood
- Security level
Part II: Message Security
- 3
Block Ciphers
- What is a block cipher?
- Types of attack
- The ideal block cipher
- Definition of block cipher security
- Real-world block ciphers (DES, AES, Serpent, Twofish)
- 4
Block Cipher Modes
- ECB
- CBC
- OFB
- CTR
- Combined modes
- 5
Hash Functions
- 6
Message Authentication Codes
- 7
The Secure Channel
- 8
Implementation Issues (I)
Part III: Key Negotiation
- 9
Generating Randomness
- 10
Primes
- 11
Diffie-Hellman
- 12
RSA
- 13
Introduction to Cryptographic Protocols
- 14
Key Negotiation
- 15
Implementation Issues (II)
Part IV: Key Management
- 16
The Clock
- 17
Key Servers
- 18
The Dream of PKI
- 19
PKI Reality
- 20
PKI Practicalities
- 21
Storing Secrets
Part V: Miscellaneous
- 22
Standards and Patents
- 23
Involving Experts
Prerequisites
High-school math, programming experience. The book avoids heavy proofs but expects you to track careful arguments.
Read this if
Engineers who need to evaluate cryptographic choices in real systems and want intuition for why the standard advice exists.
Skip this if
Researchers needing rigor, for that, read Boneh/Shoup or Katz/Lindell. Also dated on TLS 1.3, modern AEAD norms, and post-quantum.
Key takeaways
- Almost every cryptographic disaster is an integration failure, not a primitive failure.
- Don't roll your own, but understand enough to recognize when the library you're using is wrong.
- Side channels are not exotic; they are the default mode of failure.
Notes
Hits a third register most crypto books miss: not mantras, not proofs, but a working sense of where the sharp edges are. Dated on TLS 1.3, AEAD, Noise, and PQ migration, pair with the relevant RFCs. The chapters on how primitives compose into systems (and how those compositions fail) are evergreen.
What to read before
What to read before Cryptography Engineering →Intermediate · 2021
Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.
Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Beginner · 2020
Web Security for Developers
Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.
What to read next
What to read after Cryptography Engineering →Intermediate · 2021
Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.
Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Advanced · 2020
Security Engineering
Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.
Explore similar books
Alternatives to Cryptography Engineering →Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Intermediate · 2021
Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.
Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.