Handbook of Applied Cryptography
by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
5th Edition, Aug 2001
A recent book that I read is the Handbook of Applied Cryptography. I am so glad that I found this book as I have been looking for a framework to help me add structure to my cryptography learnings. This book covers many of the cryptographic building blocks that are essential in understanding more advanced topics such as ZKP and MPC (though it doesn’t talk much about them).
What sets this book apart is for most of the topics, it has a “Classification” section that gives a bird-eye view of the topic and how to classify the protocols within this topic. I find this helpful and not as common as I would expect. Many books either lack a similar top-down section, or they tend to use a prominent protocol within a topic to start the main discussion. For example, many books have a chapter titled “Message Authentication Codes”, with another chapter titled “SHA” to talk about hash functions. Whereas this book puts them in the same chapter of “Hash Functions” but under the section “Keyed Hash Function” and the section “Unkeyed Hash Function” respectively. I prefer the hierarchical top-down approach as I find it easier to build a mental model of where protocols belong in the “big picture”. This is very useful as I add new protocols that I come across. As my understanding deepens, I make connections between different topics and my mental model will look more like a mesh than the tree that it once was, a sign that it is a bit closer to the reality of how different cryptographic topics are connected.
The book is thorough and lists many protocols for each topic, giving plenty of examples of how they work. While the book provides some formal mathematical definitions, it is still very approachable to non-mathematicians. One can always find more rigorous details in the papers that the book references. These points make this book an excellent read for cryptography beginners, or as a reference that doesn’t have to be read from cover to cover. Note that the book doesn’t have any code so developers would need to look for that elsewhere.
The major downside to this book is that it is fairly old. The latest fifth edition was published in August 2001, while the first edition was published in 1997! I’ll probably never see some of the protocols mentioned as they’re considered outdated, insecure, or superseded by better ones. Many protocols developed in the last ~25 years are not included (and there are many!). Nonetheless, all the topics mentioned are still relevant today and it forms a good starting point before diving into other more recent publications.
If you are looking for some up-to-date resources, feel free to check out my personallly curated list here.
These charts make a good reference for anyone who likes to “Choose Your Own Adventure” into the abyss of cryptography.