Cyber Shelf

// Comparison

Real-World Cryptography vs Serious Cryptography: Which Should You Read?

Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
5/52021
Real-World Cryptography

David Wong

David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

Intermediate
5/52024
Serious Cryptography

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson

Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

Read this if

Working engineers who need to make crypto decisions in real systems: AEAD ciphers, key exchange, signatures, password hashing, PKI, end-to-end encryption, post-quantum migration. The new modern default and the book we recommend first to almost anyone touching cryptography in production.
Engineers who already know what crypto to use and want to understand why it works at the primitive level. The middle book in the modern crypto stack: deeper than Real-World Cryptography, shallower than the academic textbooks.

Skip this if

Cryptography researchers or readers wanting full mathematical proofs. The math is bounded to what an engineer needs to evaluate choices, not full constructions. For the next layer of depth read Serious Cryptography after this.
Beginners or readers who haven't yet decided which primitives to use; start with Wong first. Also wrong for cryptography researchers who need formal proofs.

Key takeaways

  • Most crypto vulnerabilities are misuse, not broken primitives; Wong's framing of "what to use, what to avoid" is the cleanest in print.
  • TLS 1.3, Noise, and Signal-style protocols compose primitives in patterns engineers should recognise on sight, this book teaches the patterns.
  • Post-quantum cryptography is no longer optional reading; the book introduces the lattice and hash-based constructions you'll be deploying within a few years.
  • Modern primitives can be understood by engineers, given the right framing — Aumasson's choice to bound the math is the book's defining design decision.
  • The 2nd edition (2024) covers post-quantum cryptography (Kyber, Dilithium, SPHINCS+) at the depth a deploying engineer actually needs.
  • The chapters on hash-function attacks (length extension, multi-collisions) are the clearest in print and explain why half of the production bugs in HMAC-adjacent code happen.

How they compare

Real-World Cryptography and Serious Cryptography are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Real-World Cryptography and Serious Cryptography both cover Cryptography, so reading them in sequence reinforces the same material from different angles.

Keep reading

Real-World Cryptography

Alternatives to Real-World CryptographyWhat to read after Real-World Cryptography

Serious Cryptography

Alternatives to Serious CryptographyWhat to read after Serious Cryptography

Related topics

Cryptography