Awesome Crypto Papers
A curated list of cryptography papers, articles, tutorials and howtos for non-cryptographers.
Notes
The goal of this list is to provide educational reading material for different levels of cryptographic knowledge. I started it because my day job onboarding engineers at Cossack Labs includes educating them in cryptographic matters and giving advise what to read on specific topics, and that involves finding the same materials repeatedly. Hopefully, it will be useful for someone else as well.
It is aimed at people who are using cryptography in higher-level security systems to implement database encryption, secure sharing, end-to-end encryption in various schemes, and should understand how it works, how it fails and how it is attacked. It is not a list of notable / important / historically important papers (although many of them are here). It is not aimed at academics (who have better grasp of what they need anyway), nor it is aimed for systematic study of wanna-be cryptographers (who better follow structured approach under professional guidance).
It will be extended gradually as I find something of “must-have” value. Pull requests are very welcome.
Contents
The list
Introducing people to data security and cryptography
Simple: cryptography for non-engineers
Brief introductions
General cryptographic interest
Specific topics
Hashing
Secret key cryptography
-
FIPS 197 - AES FIPS document.
-
List of proposed operation modes of AES - Maintained by NIST.
-
Recomendation for Block Cipher modes of operation: Methods and Techniques.
-
Stick figure guide to AES - If stuff above was a bit hard or you’re looking for a good laugh.
-
Cache timing attacks on AES - Example of designing great practical attack on cipher implementation, by Daniel J. Bernstein.
-
Cache Attacks and Countermeasures: the Case of AES - Side channel attacks on AES, another view, by Dag Arne Osvik, Adi Shamir and Eran Tromer.
-
Salsa20 family of stream ciphers - Broad explanation of Salsa20 security cipher by Daniel J. Bernstein.
-
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba - Analysis of Salsa20 family of ciphers, by Jean-Philippe Aumasson et al.
-
ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) - IETF Draft of ciphersuite family, by Adam Langley et al.
-
AES submission document on Rijndael - Original Rijndael proposal by Joan Daemen and Vincent Rijmen.
-
Ongoing Research Areas in Symmetric Cryptography - Overview of ongoing research in secret key crypto and hashes by ECRYPT Network of Excellence in Cryptology.
-
The Galois/Counter Mode of Operation (GCM) - Original paper introducing GCM, by by David A. McGrew and John Viega.
-
The Security and Performance of the Galois/Counter Mode (GCM) of Operation - Design, analysis and security of GCM, and, more specifically, AES GCM mode, by David A. McGrew and John Viega.
-
GCM Security Bounds Reconsidered - An analysis and algorithm for nonce generation for AES GCM with higher counter-collision probability, by Yuichi Niwa, Keisuke Ohashi, Kazuhiko Minematsu, Tetsu Iwata.
-
Proxy-Mediated Searchable Encryption in SQL Databases Using Blind Indexes - An overview of existing searchable encryption schemes, and analysis of scheme built on AES-GCM, blind index and bloom filter by Eugene Pilyankevich, Dmytro Kornieiev, Artem Storozhuk.
-
DES is not a group - Old but gold mathematical proof that the set of DES permutations (encryption and decryption for each DES key) is not closed under functional composition. That means that multiple DES encryption is not equivalent to single DES encryption and means that the size of the subgroup generated by the set of DES permutations is greater than 10^2499, which is too large for potential attacks on DES, which would exploit a small subgroup.
Cryptanalysis
-
Differential Cryptanalysis of Salsa20/8 - A great example of stream cipher cryptanalysis, by Yukiyasu Tsunoo et al.
-
Slide Attacks on a Class of Hash Functions - Applying slide attacks (typical cryptanalysis technique for block ciphers) to hash functions, M. Gorski et al.
-
Self-Study Course in Block Cipher Cryptanalysis - Attempt to organize the existing literature of block-cipher cryptanalysis in a way that students can use to learn cryptanalytic techniques and ways to break new algorithms, by Bruce Schneier.
-
Statistical Cryptanalysis of Block Ciphers - By Pascal Junod.
-
Cryptanalysis of block ciphers and protocols - By Elad Pinhas Barkan.
-
Too much crypto - Analysis of number of rounds for symmetric cryptography primitives, and suggestions to do fewer rounds, by Jean-Philippe Aumasson.
-
How to Break MD5 and Other Hash Functions - A 2005 paper about modular differential collision attack on MD5, MD4 and other hash functions, by Xiaoyun Wang and Hongbo Yu.
-
New attacks on Keccak-224 and Keccak-256 - A 2012 paper about using the combination of differential and algebraic techniques for collision attacks on SHA-3, by Itai Dinur, Orr Dunkelman, Adi Shamir.
-
A Single-Key Attack on the Full GOST Block Cipher - An attack (“Reflection-Meet-inthe-Middle Attack”) on GOST block cipher that allows to recover key with 2^225 computations and 2^32 known plaintexts, by Takanori Isobe.
-
Intro to Linear & Differential Cryptanalysis - A beginner-friendly paper explaining and demonstrating techniques for linear and differential cryptanalysis.
-
MEGA: Malleable Encryption Goes Awry - Proof-of-concept versions of attacks on MEGA data storage. Showcasing their practicality and exploitability. Official webpage.
Public key cryptography: General and DLP
Public key cryptography: Elliptic-curve crypto
Zero Knowledge Proofs
Key Management
Math
-
PRIMES is in P - Unconditional deterministic polynomial-time algorithm that determines whether an input number is prime or composite.
Post-quantum cryptography
Books
That seems somewhat out of scope, isn’t it? But these are books only fully available online for free. Read them as a sequence of papers if you will.
Lectures and educational courses
Online crypto challenges
Not exactly papers, but crypto challenges are awesome educational material.
License
To the extent possible under law, author has waived all copyright and related or neighboring rights to this work.