What do you think?
Rate this book
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 23 of 48 reviews
July 17, 2018
Philosopher Alfred North Whitehead noted that modern philosophy is simply a series of footnotes to Plato. When it comes to cryptography, much of it is simply footnotes to Bruce Schneier’s classic work Applied Cryptography: Protocols, Algorithms and Source Code in C.
In Serious Cryptography: A Practical Introduction to Modern Encryption, Jean-Philippe Aumasson has written not just some good footnotes to Schneier, but a valuable work on modern encryption and cryptography. A lot has changed since Applied Cryptography came out over 22 years ago and Aumasson does a good job in updating the reader.
The back-cover notes that this book is written for both seasoned practitioners and beginners looking to dive into the field. That’s true for the former, but for most beginners, this is far too intense of a book for them. This is a great resource for developers who want to know how to effectively implement encryption and cryptography in their code.
Aumasson covers all the key areas of crypto, including random numbers, block and stream ciphers, hash function, and much more. Classic protocols from RSA, Diffie-Hellman, to TLS and more are discussed.
The book makes heavy use of C++ coding, Linux scripting and college-level math. Such that the reader needs to be conversant with those area to make the most of this book. Each chapter also closes with some references to further reading for those that want to dig deeper into specific areas.
The book closes with a short chapter on Quantum and Post-Quantum and while it is not here yet, quantum crypto will revolutionize the world of cryptography when it does.
As an engineer immersed in the topic, Aumasson brings real-world experience and advice to every chapter. At 270 pages, the book does sacrifice some things for its lack of depth, but is a superb introduction to modern encryption and cryptography. For those looking to quickly get up to speed on the topics, this makes for an excellent go-to guide.
In Serious Cryptography: A Practical Introduction to Modern Encryption, Jean-Philippe Aumasson has written not just some good footnotes to Schneier, but a valuable work on modern encryption and cryptography. A lot has changed since Applied Cryptography came out over 22 years ago and Aumasson does a good job in updating the reader.
The back-cover notes that this book is written for both seasoned practitioners and beginners looking to dive into the field. That’s true for the former, but for most beginners, this is far too intense of a book for them. This is a great resource for developers who want to know how to effectively implement encryption and cryptography in their code.
Aumasson covers all the key areas of crypto, including random numbers, block and stream ciphers, hash function, and much more. Classic protocols from RSA, Diffie-Hellman, to TLS and more are discussed.
The book makes heavy use of C++ coding, Linux scripting and college-level math. Such that the reader needs to be conversant with those area to make the most of this book. Each chapter also closes with some references to further reading for those that want to dig deeper into specific areas.
The book closes with a short chapter on Quantum and Post-Quantum and while it is not here yet, quantum crypto will revolutionize the world of cryptography when it does.
As an engineer immersed in the topic, Aumasson brings real-world experience and advice to every chapter. At 270 pages, the book does sacrifice some things for its lack of depth, but is a superb introduction to modern encryption and cryptography. For those looking to quickly get up to speed on the topics, this makes for an excellent go-to guide.
February 5, 2018
For an ordinary software developer, I think this was a great overview to get you situated on the cryptography landscape. The order that he built up the topics was great, and practical advice such as the "how things can go wrong" sections gave very useful perspectives.
However, cryptography is a subject with a lot of detail, and at times, I think a bit too much was packed into too short of a book. For example, the introductory chapter covered subjects like malleability and attack models too briskly, and implied that you'd need to understand them to handle the rest of the book, but then they never really surfaced again. The chapters on public key cryptography similarly tried to cover too much math in too little space for it to really be absorbable. Overall though, reading the book lead to me researching a lot of the topics on my own, which is certainly better than a book that doesn't inspire that way.
A final quibble is that I was expecting the TLS chapter to tie up most of the rest of the book by showing the difference between having a bunch of individual crypto primitives that are difficult to use safely, and using them together in a vetted protocol that provides a simple, usable interface to a programmer. It didn't really highlight this very well, and in fact, the chapter was so poorly edited that I started to worry about all the other mistakes that might be present in the book, making it, especially the math, harder to make sense of.
However, cryptography is a subject with a lot of detail, and at times, I think a bit too much was packed into too short of a book. For example, the introductory chapter covered subjects like malleability and attack models too briskly, and implied that you'd need to understand them to handle the rest of the book, but then they never really surfaced again. The chapters on public key cryptography similarly tried to cover too much math in too little space for it to really be absorbable. Overall though, reading the book lead to me researching a lot of the topics on my own, which is certainly better than a book that doesn't inspire that way.
A final quibble is that I was expecting the TLS chapter to tie up most of the rest of the book by showing the difference between having a bunch of individual crypto primitives that are difficult to use safely, and using them together in a vetted protocol that provides a simple, usable interface to a programmer. It didn't really highlight this very well, and in fact, the chapter was so poorly edited that I started to worry about all the other mistakes that might be present in the book, making it, especially the math, harder to make sense of.
February 15, 2025
Парадокс: книга хорошая, и в то же время я не могу с чистым сердцем ее рекомендовать. Там написаны умные вещи, я определенно узнал из нее не просто много, а даже больше, чем рассчитывал. Она вполне плавно вводит в тему, напоминая базовые понятия типа что такое группа в алгебре, вероятность, классы сложности задач. Помимо классических тем(блочныепотоковыехэшиrsa и т д), которые будут в любой книге, здесь были и эллиптические кривые, и даже квантовые алгоритмы, и объяснение, почему на курсе универсальной прикладной алгебры нам рассказывали про решетки, но курс вели люди с кафедры криптографии. Разобраны самые разные алгоритмы и атаки на них(padding oracle attack это ваще жестб) НО
В книжке всего 300+ страниц. Это значит, что материал чудовищно спрессован в каждой главе(за одним исключением*). С какого-то момента мы с чатгпт тупо читали книгу вдвоем, потому что я не настолько умный, чтобы по одному абзацу восстановить цепочку мыслей, на которые так-то люди годы потратили. Конспект из-за этого выглядит просто как набор не связанных друг с другом предложений.
В общем, оценку ставлю хорошую, но я вас предупредил
*Автор книги еще и создатель какой-то хэш-функции(SipHash или BLAKE), поэтому глава про хэш-функции написана в утомительных подробностях и была мною скипнута
В книжке всего 300+ страниц. Это значит, что материал чудовищно спрессован в каждой главе(за одним исключением*). С какого-то момента мы с чатгпт тупо читали книгу вдвоем, потому что я не настолько умный, чтобы по одному абзацу восстановить цепочку мыслей, на которые так-то люди годы потратили. Конспект из-за этого выглядит просто как набор не связанных друг с другом предложений.
В общем, оценку ставлю хорошую, но я вас предупредил
*Автор книги еще и создатель какой-то хэш-функции(SipHash или BLAKE), поэтому глава про хэш-функции написана в утомительных подробностях и была мною скипнута
March 26, 2018
As a cloud services software engineer this book gave me a good overview of all the common encryption and authentication protocols I interact with day to day. I now feel like I know enough to talk somewhat intelligently with the the security engineers at my company and hopefully notice the warning signs when some out-dated or insecure protocol is being used. Sometimes I got bogged down in the math and details of the protocols but I just skimmed when I was overwhelmed to get the gist. At least I know dozens of new acronyms to sound smart even if I don't know the details, right?
Two sections that were surprisingly good were the overviews of NP problems and quantum computers. The explanation of NP-complete and NP-hard problems was an excellent refresher for me with one of the best descriptions I've read. Similarly, the explanation of quantum computers was clear and concise. I now feel like I really understand what quantum computers can and more importantly cannot do.
Overall it was an excellent book and I'll probably revisit as my work intersects with the various security topics it covers.
Two sections that were surprisingly good were the overviews of NP problems and quantum computers. The explanation of NP-complete and NP-hard problems was an excellent refresher for me with one of the best descriptions I've read. Similarly, the explanation of quantum computers was clear and concise. I now feel like I really understand what quantum computers can and more importantly cannot do.
Overall it was an excellent book and I'll probably revisit as my work intersects with the various security topics it covers.
September 8, 2018
Interesting book but exhausting. This has been a work book group discussion book. And frankly it really didn't lend itself to discussion - though it did inspire some discussion. Basically this is a fairly hard subject not made especially easier by this book. But some chapters were better than others. And if I were doing cryptography as a more primary part of my job it would have been more useful. The quantum chapter did a pretty good job of explaining the problem and work arounds, and problems with the workarounds. But the details itself I found impenetrable. Where the chapters on RSA and Diffie-Helman and Randomness were actually pretty good. I just remember liking Applied Cryptography a lot more.
September 18, 2018
I think should have actually been called Coincise Cryptography. It is difficult to understand without prior knowledge, and of the topic I did not know something beforehand, I can not say I know more now. It's just too quick. Also, technical explanations are many, which is good, but again too short and with no examples for most part.
January 12, 2023
Chyba to jest jedna z lepszych książek o kryptografii, które przeczytałem, ale patrząc z poziomu laika. Niestety trzeba trochę mieć pojęcia z zaawansowanej matmy, żeby wszystko zrozumieć, chociaż większość pojęć jest bardo dobrze opisana, nawet takie błahostki jak liczby pierwsze, ale kiedy autor opowiada o komputerach kwantowych, to może rozboleć głowa ;) Ogólnie w książce jest dużo przykładów. Problemy i pojęcia są dobrze opisane. Warto przeczytać, przejrzeć. Na pewno nie raz do niej wrócę.
May 9, 2022
This is the best English language introduction to treating cryptography and encryption as a practical matter of engineering as opposed to a “deeply mysterious” craft that lies beyond all comprehension.
My personal copy will not leave my bookshelf, but I would be happy to give my students a pdf or translation to another language if needed.
Note: I have corresponded with both the author and publisher directly in the past and have found errors in the 7th edition that may require eratta to be technically correct in future printings.*
*: I read footnotes and citations, too.
My personal copy will not leave my bookshelf, but I would be happy to give my students a pdf or translation to another language if needed.
Note: I have corresponded with both the author and publisher directly in the past and have found errors in the 7th edition that may require eratta to be technically correct in future printings.*
*: I read footnotes and citations, too.
October 31, 2021
We went through this as a book club at work. There's some amount of handwaving in a few of the chapters (especially the last one) but overall it's a good survey of topics. The book is pretty good about covering practical things like AES and TLS instead of being entirely theoretical, which was nice for us since it's directly applicable to work.
February 5, 2021
Really good study resource. Easy to skim the hard math sections if that's not what you're looking for, and JP explains all the crypto building blocks in a way that sticks.
June 2, 2021
As someone who has taken multiple "introduction to cryptography courses" (undergrad, grad and online), and fancies himself as both interested, and wanting to work in (or at least adjacent), cryptography, I found this book to be useful. Similar to how A Tour of C++ is to the gargantuan The C++ Programming Language, Serious Cryptography provides an overview of seemingly all of the major topics in cryptography and how they fit together, without going into much depth on any of them, sometimes only giving half a page to something that is its own research area. The book is akin to someone describing what tools are in their toolbox, and loosely what they're for, without describing how each works. The outcome of this, I hope, is that fewer people will "view all the world as a nail" when only aware of their hammers.
As someone already familiar with the concepts covered, I found the book to be an excellent reminder of what else is out there and a good resource for identifying how to dig into these other topics should I need to dig deeper. In the few places where something was completely new, I found the explanations to be too shallow for me to feel much more than confused, and so I doubt this book would be a good first crypto book for someone interested in the field, but I do think it should be 'required reading' for someone before they start adding cryptographic bits to their products. Its structure in particular will hopefully prevent someone from learning just enough to implement yet another AES in ECB mode and thinking they're done and dusted.
In summary, great for getting excited about the field and probably as preparation for an exam or interview, but only an accompanying resource for someone really interested in the topic.
As someone already familiar with the concepts covered, I found the book to be an excellent reminder of what else is out there and a good resource for identifying how to dig into these other topics should I need to dig deeper. In the few places where something was completely new, I found the explanations to be too shallow for me to feel much more than confused, and so I doubt this book would be a good first crypto book for someone interested in the field, but I do think it should be 'required reading' for someone before they start adding cryptographic bits to their products. Its structure in particular will hopefully prevent someone from learning just enough to implement yet another AES in ECB mode and thinking they're done and dusted.
In summary, great for getting excited about the field and probably as preparation for an exam or interview, but only an accompanying resource for someone really interested in the topic.
March 30, 2018
Great introduction to the most important ideas in contemporary cryptography. The author has a deep knowledge of the subject matter and clearly communicates the crux of the most critical issues.
The book is written for programmers, there are some basic mathematics and algorithms used to illustrate the main ideas. But, descriptions do not directly depend on the experience or knowledge of the reader. It is not a textbook.
Topics have been well chosen, keeping the book a reasonable size but covering the critical topics that inform contemporary technology. He covers practical issues like encryption, security assessment, and authentication. There are also chapters on critical abstractions like randomness, hashing, and hard mathematical problems. These inform descriptions of important algorithms. There is also an insightful discussion of what to expect from quantum computers.
The book has develops a good feel for the scope of the subject. There are many references that can serve as starting points for further investigation into topics of most interest to you.
This would be an excellent book to read before starting a course on cryptography because it develops a sense of the main ideas and their significance. People at many levels of understanding will find something to learn.
The book is written for programmers, there are some basic mathematics and algorithms used to illustrate the main ideas. But, descriptions do not directly depend on the experience or knowledge of the reader. It is not a textbook.
Topics have been well chosen, keeping the book a reasonable size but covering the critical topics that inform contemporary technology. He covers practical issues like encryption, security assessment, and authentication. There are also chapters on critical abstractions like randomness, hashing, and hard mathematical problems. These inform descriptions of important algorithms. There is also an insightful discussion of what to expect from quantum computers.
The book has develops a good feel for the scope of the subject. There are many references that can serve as starting points for further investigation into topics of most interest to you.
This would be an excellent book to read before starting a course on cryptography because it develops a sense of the main ideas and their significance. People at many levels of understanding will find something to learn.
October 3, 2021
This was an excellent refresher on modern cryptography, with just enough math and implementation details to make it tangible while remaining fairly approachable.
I need to find a book that covers more applied cryptography in different contexts, e.g. VPNs using SHA-1 and AES-CBC sounds terrible to me, but I don't have enough information to know whether that's acceptable in this context.
I actually had stress dreams because I was reading this every night before bed - in one I dreamed that I had used an IV of 0 in a system I deployed a decade ago and the idea was so disturbing that it woke me.
A few areas were beyond my current math skills (I could use more modular arithmetic from number theory), but those were still approachable even if I had to trust the explanation instead of fully grokking it. The math behind linear feedback shift registers had a confusing element that I haven't quite worked through yet. The post-quantum section was interesting, though the math portion was beyond me.
I've taken Dan Boneh's cryptography class on Coursera before, which was excellent, though I started to forget a lot of the material after a few years.
I need to find a book that covers more applied cryptography in different contexts, e.g. VPNs using SHA-1 and AES-CBC sounds terrible to me, but I don't have enough information to know whether that's acceptable in this context.
I actually had stress dreams because I was reading this every night before bed - in one I dreamed that I had used an IV of 0 in a system I deployed a decade ago and the idea was so disturbing that it woke me.
A few areas were beyond my current math skills (I could use more modular arithmetic from number theory), but those were still approachable even if I had to trust the explanation instead of fully grokking it. The math behind linear feedback shift registers had a confusing element that I haven't quite worked through yet. The post-quantum section was interesting, though the math portion was beyond me.
I've taken Dan Boneh's cryptography class on Coursera before, which was excellent, though I started to forget a lot of the material after a few years.
November 24, 2023
The book delivered on the basic theory of cryptograhpy and how general well know encryption schemes work (SHA256,MDN, TLS) and how they work.
That being said even though the author announced the book won't be too math heavy , i felt that he brought quite a lot of linear algebra into discussion.
I was expecting him to focus on these algos as black boxes , and what you as an interface consumer of them should look at , when using or parametrizing them.
It was not really the case.
Anyway i understood why prime numbers matter and how prime number factorization is the corneratone of cryptography.
That being said the book last chapter was SPECTACULAR
I finally understood quantum algorhitms! Never anticipated they are based on numerical methods (matrix transformations)
I feel this book could've been a 4 if it was a bit trimmed of the formal mathematical demonstrations.
That being said even though the author announced the book won't be too math heavy , i felt that he brought quite a lot of linear algebra into discussion.
I was expecting him to focus on these algos as black boxes , and what you as an interface consumer of them should look at , when using or parametrizing them.
It was not really the case.
Anyway i understood why prime numbers matter and how prime number factorization is the corneratone of cryptography.
That being said the book last chapter was SPECTACULAR
I finally understood quantum algorhitms! Never anticipated they are based on numerical methods (matrix transformations)
I feel this book could've been a 4 if it was a bit trimmed of the formal mathematical demonstrations.
This entire review has been hidden because of spoilers.
January 3, 2020
I really enjoyed this book : I believe "Serious Cryptography" is the introductory cryptography book for the 2020s - with its clear, logical organization, insightful examples, and coverage of the latest trends and standards; Aumasson's book does a great job of conveying basic and intermediate concepts of its challenging subject.
Most people interested in cryptography had started their journeys by reading Bruce Schneier's "Applied Cryptography". While still a great book, it has been a while since it has been updated to reflect the latest developments in this rapidly changing area. "Serious Cryptography" would be a great supplement to Schneier's work for anyone getting up to speed with the current state of the art in cryptography.
The book has ample code examples in Python, and occasionally refers the user to use open-source software tools such as SageMath and OpenSSL to understand the math behind the algorithms covered. Each chapter is complete with a very useful and comprehensive reading list of related papers, publications and Web sites. As I mentioned, many of the latest developments in the area are covered and the book's coverage of some of the more challenging concepts such as elliptic curves, authenticated ciphers such as AES-GCM and post-quantum cryptography is excellent.
Highly recommended for anyone interested in the subject.
Most people interested in cryptography had started their journeys by reading Bruce Schneier's "Applied Cryptography". While still a great book, it has been a while since it has been updated to reflect the latest developments in this rapidly changing area. "Serious Cryptography" would be a great supplement to Schneier's work for anyone getting up to speed with the current state of the art in cryptography.
The book has ample code examples in Python, and occasionally refers the user to use open-source software tools such as SageMath and OpenSSL to understand the math behind the algorithms covered. Each chapter is complete with a very useful and comprehensive reading list of related papers, publications and Web sites. As I mentioned, many of the latest developments in the area are covered and the book's coverage of some of the more challenging concepts such as elliptic curves, authenticated ciphers such as AES-GCM and post-quantum cryptography is excellent.
Highly recommended for anyone interested in the subject.
April 28, 2020
This is a fairly complete introduction to modern cryptography, and to the most commonly encountered cryptographic functions in today’s computer networking systems. The organization is primarily topical and loosely sequential. The presentation is supported in the form of logical operations and operational block diagrams, and with occasional code blocks; however, there are no expository examples. This style of presentation makes it a suitable textbook to support a set of lectures, but for fast self-learning I do not find this style efficient. For fast self-learning I prefer the more strongly sequential exposition provided by Joshua Holden in The Mathematics of Secrets; which I would follow with this one for a bit more formalism and completeness.
September 7, 2018
Read as part of a book club at work. It didn't spark much in the way of discussion, but I feel like I'd have liked it less if I wasn't reading it as a group. I found the parts of the book focussing on how encryption can be attacked to be the most compelling, other parts felt like they either dove straight into deep math or lacked depth (and somehow, occasionally, both at the same time). Since we read it as a group it gave us some opportunities to seek out different explanations on the same topic from elsewhere, which I appreciated. The order that the topics in the book were organized was well thought out.
December 3, 2018
JP Aumasson's book is definitely the most modern and comprehensive survey of cryptography topics that I have read. While this book will by no means make you a cryptographer, it does provide a good starting point for understanding the most important topics in the subject as well as resources for diving deeper into each of the topics. Aumasson strikes a decent-ish balance between superficial descriptions of nuanced topics and letting the reader get mired in the technical details of the math. This book should absolutely be required reading for anyone looking to expand their knowledge of cryptography and cryptographic systems.
December 27, 2020
This book is a great overview of cryptography. I was mostly glad for "how things can go wrong" sections at the end of each chapter. The only problem I had with this book is it tried to cover a lot of math details on a few pages. One page was "kindergarten" math, and on the other already mathematical constructs I didn't understand. I can recommend it for understanding key concepts of cryptography, but due to only few examples and not all complex problems explained in depth, don't expect you will deeply understand crypto or that you will perfectly know practical usages. It's really just introduction.
October 18, 2021
This book is, despite its name, a brief intro into the field of cryptography. It focuses on the practical side and structures around the basic concepts of attack models and how things can go wrong. It is a very interesting quick read. It touches briefly on the recent progress including TLS 1.3 and post-quantum cryptography.
Instead of reading this book by itself, I would recommend combine this book with a more theoretical book or lecture. In my case I went through a cryptography class in coursera, as I read along this book. This way I get to be exposed to a small amount of the theoretical discussion, e.g., going through some discussion of crypto strength. Otherwise I would find the discussion in this book a little weak and less engaging.
Instead of reading this book by itself, I would recommend combine this book with a more theoretical book or lecture. In my case I went through a cryptography class in coursera, as I read along this book. This way I get to be exposed to a small amount of the theoretical discussion, e.g., going through some discussion of crypto strength. Otherwise I would find the discussion in this book a little weak and less engaging.
November 26, 2020
I have been unusually busy the last few months which means that I have not gotten my normal reading done, and that also means my reading of this book was very fractured. I ended up settling for more of an overview read. As the subtitle of the book reads, this is a practical book. It is heavy on the mechanics of Cryptography. I look at this as more of a reference book that I will go to when ever I have a question in the future. Although it is practical, it is written accessibly for must dedicated, interested readers.
January 29, 2019
This book really covers practical and modern cryptography in a short and readable manner.
Of course it could have included much more content or examples etc, but I think it's a unique book in cryptography field and I think it would be better if the reader has some high level knowledge about cryptography before reading this book, as it's not a beginner's book. I also like the fact that author skips advanced theoretical math to appear to non-academics and engineers
Of course it could have included much more content or examples etc, but I think it's a unique book in cryptography field and I think it would be better if the reader has some high level knowledge about cryptography before reading this book, as it's not a beginner's book. I also like the fact that author skips advanced theoretical math to appear to non-academics and engineers
May 17, 2022
An excellent practical reference on the topic. Covers all the core areas of modern cryptography in a useful level of detail, with enough math to be helpful without miring the discussion in proofs. (Such books have their use as well; I read the bulk of this *after* reading most of such a proof-based text, so this has served as a good review of much of the same material.) Recommended for anyone interested in the topic, as it is approachable even without much theoretical background.
Displaying 1 - 23 of 48 reviews