Cyber Shelf

// Comparison

Serious Cryptography vs Understanding Cryptography: Which Should You Read?

Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
5/52024
Serious Cryptography

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson

Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

Intermediate
4/52010
Understanding Cryptography

A Textbook for Students and Practitioners

Christof Paar, Jan Pelzl

A genuinely teachable intro to modern cryptography that derives the math instead of hand-waving it, covering symmetric and public-key primitives without drowning you in proofs.

Read this if

Engineers who already know what crypto to use and want to understand why it works at the primitive level. The middle book in the modern crypto stack: deeper than Real-World Cryptography, shallower than the academic textbooks.
Engineers and students who want to actually understand AES, RSA, and ECC rather than just call a library, and who learn better from worked examples than from theorem-proof.

Skip this if

Beginners or readers who haven't yet decided which primitives to use; start with Wong first. Also wrong for cryptography researchers who need formal proofs.
Skip this if you want a security-engineering how-to. It teaches the primitives, not protocol design, key management, or how things break in production.

Key takeaways

  • Modern primitives can be understood by engineers, given the right framing — Aumasson's choice to bound the math is the book's defining design decision.
  • The 2nd edition (2024) covers post-quantum cryptography (Kyber, Dilithium, SPHINCS+) at the depth a deploying engineer actually needs.
  • The chapters on hash-function attacks (length extension, multi-collisions) are the clearest in print and explain why half of the production bugs in HMAC-adjacent code happen.
  • The discrete logarithm problem and integer factorization are the two pillars under most deployed public-key crypto, and the book makes you compute with both.
  • AES is presented as understandable finite-field arithmetic, not magic, which demystifies the most-used cipher on earth.
  • Cryptographic security is about quantifying attacker effort, not about secrecy of the algorithm.

How they compare

We rate Serious Cryptography higher (5/5 against 4/5 for Understanding Cryptography). For most readers, that means Serious Cryptography is the primary pick and Understanding Cryptography is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Serious Cryptography and Understanding Cryptography both cover Cryptography, so reading them in sequence reinforces the same material from different angles.

Keep reading

Serious Cryptography

Alternatives to Serious CryptographyWhat to read after Serious Cryptography

Understanding Cryptography

Alternatives to Understanding CryptographyWhat to read after Understanding Cryptography

Related topics

Cryptography