Cyber Shelf

// Comparison

Sécurité informatique vs Serious Cryptography: Which Should You Read?

Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.

Advanced
4/52015
Sécurité informatique

Cours et exercices corrigés

Gildas Avoine, Pascal Junod, Philippe Oechslin, Sylvain Pasini

A rigorous academic course on the foundations of security — cryptography, authentication, access control — with corrected exercises, from a team of well-known French and Swiss cryptographers.

Intermediate
5/52024
Serious Cryptography

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson

Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

Read this if

University students and engineers who want the formal foundations: cryptographic primitives, protocols, authentication and access control, with worked exercises to test understanding. Oechslin (rainbow tables) and Junod give the crypto real weight.
Engineers who already know what crypto to use and want to understand why it works at the primitive level. The middle book in the modern crypto stack: deeper than Real-World Cryptography, shallower than the academic textbooks.

Skip this if

Readers looking for practical pentesting, tooling or a gentle introduction. This is a courses-and-exercises textbook with mathematical rigour, not a hands-on hacking guide.
Beginners or readers who haven't yet decided which primitives to use; start with Wong first. Also wrong for cryptography researchers who need formal proofs.

Key takeaways

  • The strongest French-language treatment of the cryptographic and formal foundations of security, exercises included.
  • Written by serious cryptographers — Oechslin literally invented rainbow tables — so the crypto is correct and deep, not hand-waved.
  • Best used as a course companion; the corrected exercises are the real value over a pure narrative text.
  • Modern primitives can be understood by engineers, given the right framing — Aumasson's choice to bound the math is the book's defining design decision.
  • The 2nd edition (2024) covers post-quantum cryptography (Kyber, Dilithium, SPHINCS+) at the depth a deploying engineer actually needs.
  • The chapters on hash-function attacks (length extension, multi-collisions) are the clearest in print and explain why half of the production bugs in HMAC-adjacent code happen.

How they compare

We rate Serious Cryptography higher (5/5 against 4/5 for Sécurité informatique). For most readers, that means Serious Cryptography is the primary pick and Sécurité informatique is a useful follow-up.

Sécurité informatique is pitched at advanced level. Serious Cryptography is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Sécurité informatique and Serious Cryptography both cover Cryptography, so reading them in sequence reinforces the same material from different angles.

Keep reading

Sécurité informatique

Alternatives to Sécurité informatiqueWhat to read after Sécurité informatique

Serious Cryptography

Alternatives to Serious CryptographyWhat to read after Serious Cryptography

Related topics

Cryptography