Theory basics for using cryptography by non-cryptographers.
By Victor Shoup, excellent starters book on math universally used in cryptography.
Lecture notes by Rafael Pass, Abhi Shelat.
By Dan Boneh and Victor Shoup. A well-balanced introductory course into cryptography, a bit of cryptanalysis and cryptography-related security.
Original paper introducing RSA algorithm.
An attack ("Reflection-Meet-inthe-Middle Attack") on GOST block cipher that allows to recover key with 2^225 computations and 2^32 known plaintexts, by Takanori Isobe.
.
Great intro on original ZKP protocols.
Original Rijndael proposal by Joan Daemen and Vincent Rijmen.
By Gary C. Kessler.
Broad overview of design and cryptanalysis of various ciphers and hash functions, by Bart Van Rompay.
Inquiries into formalism and naive intuition behind security proofs, by Neal Koblitz et al.
Computing private keys by analyzing and exploiting biases in ECDSA nonces.
The best simple explanation of math behind birthday attack.
Side channel attacks on AES, another view, by Dag Arne Osvik, Adi Shamir and Eran Tromer.
Example of designing great practical attack on cipher implementation, by Daniel J. Bernstein.
IETF Draft of ciphersuite family, by Adam Langley et al.
Fundamental cryptography paper by Claude Shannon.
By Elad Pinhas Barkan.
Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
Stanford University course on Coursera, taught by prof. Dan Boneh. Cryptography II is still in development.
Predominantly mathematically oriented information on learning, using and experimenting cryptographic procedures.
.
Paper on Curve25519.
Old but gold mathematical proof that the set of DES permutations (encryption and decryption for each DES key) is not closed under functional composition. That means that multiple DES encryption is not equivalent to single DES encryption and means that the size of the subgroup generated by the set of DES permutations is greater than 10^2499, which is too large for potential attacks on DES, which would exploit a small subgroup.
.
A great example of stream cipher cryptanalysis, by Yukiyasu Tsunoo et al.
.
.
.
.
Historic inquiry into development of ECC and it's adoption.
EdDSA explained with ease and elegance.
For many elliptic curve representation forms.
AES FIPS document.
The Keyed-Hash Message Authentication Code FIPS document.
SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions.
An analysis and algorithm for nonce generation for AES GCM with higher counter-collision probability, by Yuichi Niwa, Keisuke Ohashi, Kazuhiko Minematsu, Tetsu Iwata.
By Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Good classical introduction into cryptography and ciphers.
Seminal paper on EdDSA signatures on ed25519 curve by Daniel J. Bernstein et al.
A 2005 paper about modular differential collision attack on MD5, MD4 and other hash functions, by Xiaoyun Wang and Hongbo Yu.
Classic paper by Goldreich, Micali and Wigderson.
By Manuel Blum.
A safe method for sharing secrets.
.
Brassau et al.
A beginner-friendly paper explaining and demonstrating techniques for linear and differential cryptanalysis.
Video course by Christof Paar (University of Bochum in Germany). In english.
Or why cryptography shouldn't be backdoored, by a all-star committee of crypto researches from around the world.
By GoldWasser, Micali and Rackoff. Defining computational complexity of "knowledge" within zero knowledge proofs.
These lectures describe Kyber (ML-KEM) and Dilithium (ML-DSA), the quantum-safe lattice-based key encapsulation and signature schemes that were standardized in August 2024 by the National Institute of Standards and Technology (NIST).
Breaking 160-bit curve ECDSA using less than one bit leakage.
Famous set of lectures on cryptography by Shafi Goldwasser (MIT), M. Bellare (University of California).
Fine example of building up ECC from scratch.
Maintained by NIST.
The Oil and Vinegar signature scheme, proposed in 1997 by Patarin, is one of the oldest and best-understood multivariate quadratic signature schemes. It has excellent performance and signature sizes. This paper is about enhancing this algorithm in usage in the post-quantum era. Official website.
Proof-of-concept versions of attacks on MEGA data storage. Showcasing their practicality and exploitability. Official webpage.
Exploiting timing/bit-length leaks for recovering private keys from ECDSA signatures
xipher contest with more than 200 challenges of different levels, a moderated forum, and a hall-of-fame.
Construction of non-interactive zero-knowledge (NIZK) proofs using lattice-based preprocessing models, by Sam Kim and David J. Wu.
A 2012 paper about using the combination of differential and algebraic techniques for collision attacks on SHA-3, by Itai Dinur, Orr Dunkelman, Adi Shamir.
Seminal paper by Diffie and Hellman, introducing public key cryptography and key exchange/agreement protocol.
Analysis of Salsa20 family of ciphers, by Jean-Philippe Aumasson et al.
.
Security analysis of different legacy HMAC schemes by Jongsung Kim et al.
Dolev-Yao model is a formal model, used to prove properties of interactive cryptographic protocols.
Security of randomized CBC-MACs and a new construction that resists birthday paradox attacks and provably reaches full security, by E. Jaulmes et al.
Overview of ongoing research in secret key crypto and hashes by ECRYPT Network of Excellence in Cryptology.
Introduction to post-quantum cryptography.
Brief observation of mathematical tasks that can be used to build cryptosystems secure against attacks by post-quantum computers.
Daniel Bernshtein's insight how to save RSA in post-quantum period.
Unconditional deterministic polynomial-time algorithm that determines whether an input number is prime or composite.
A pair of papers which investigate the notions of proof of knowledge and proof of computational ability, M. Bellare and O. Goldreich.
By Goldreich, Micali and Wigderson, a relative to the above.
An overview of existing searchable encryption schemes, and analysis of scheme built on AES-GCM, blind index and bloom filter by Eugene Pilyankevich, Dmytro Kornieiev, Artem Storozhuk.
.
Methodologically very relevant document on goals and procedures of key management.
Official NIST guide how securely implement elliptic curves. It also includes math shortcuts, optimizations and possible security risk of wrong algorithm implementation. (February 2023)
An example in attacking practical crypto implementationby D. Boneh, D. Brumley.
An explanation of the Diffie-Hellman methon in more engineering terms.
Rather education explanation of every bit behind RSA.
Collection of implementation mistakes which lead to exploits of assymetric cryptography.
Broad explanation of Salsa20 security cipher by Daniel J. Bernstein.
Paper by R. Merkle, predated "New directions in cryptography" though it was published after it. The Diffie-Hellman key exchange is an implementation of such a Merkle system.
Classic paper from 1999 with guidelines for the determination of key sizes for symmetric cryptosystems, RSA, ECC, by Arjen K. Lenstra and Eric R. Verheul.
Attempt to organize the existing literature of block-cipher cryptanalysis in a way that students can use to learn cryptanalytic techniques and ways to break new algorithms, by Bruce Schneier.
Applying slide attacks (typical cryptanalysis technique for block ciphers) to hash functions, M. Gorski et al.
Pracitcal example of implementing elliptic curve crypto, by M. Brown et al.
History and classification of the PAKE algorithms.
By Pascal Junod.
If stuff above was a bit hard or you're looking for a good laugh.
by K. Bentahar.
Original paper introducing GCM, by by David A. McGrew and John Viega.
By Mike Rosulek. A lot of basic stuff covered really well. No ECC.
Design, analysis and security of GCM, and, more specifically, AES GCM mode, by David A. McGrew and John Viega.
Introductory paper on NaCl, discussing important aspects of implementing cryptography and using it as a larger building block in security systems, by Daniel J. Bernstein, Tanja Lange, Peter Schwabe.
Analysis of number of rounds for symmetric cryptography primitives, and suggestions to do fewer rounds, by Jean-Philippe Aumasson.
Great inquiry into attacking RSA and it's internals, by Dan Boneh.
Textbook, great lectures and problems to solve.
By Needham, Schroeder: this is were crypto-based auth starts.
A good intro into Zero knowledge protocols.