What do you think?
Rate this book
The Joy of Cryptography
The Joy of Cryptography is a textbook for an undergraduate course in cryptography.
The pedagogical approach is anchored in formal definitions/proof of security, but in a way that I believe is more accessible than what is "traditional" in crypto. All security definitions are written in a unified and simplified "game-based" style. For an example of what security definitions look like in this style, see the index of security definitions (which will make more sense after reading chapters 2 & 4). For example proofs of security in this style, see the supplementary material below.
It is published under a Creative Commons license and is available for free on the author's website.
The pedagogical approach is anchored in formal definitions/proof of security, but in a way that I believe is more accessible than what is "traditional" in crypto. All security definitions are written in a unified and simplified "game-based" style. For an example of what security definitions look like in this style, see the index of security definitions (which will make more sense after reading chapters 2 & 4). For example proofs of security in this style, see the supplementary material below.
It is published under a Creative Commons license and is available for free on the author's website.
283 pages, ebook
4 people are currently reading
55 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
January 11, 2022
I read the "draft January 2021" version of this book, so the state that I am reviewing here may not be the final one.
The preface immediately takes the promise if the title back: The way towards having joy with provable security may be thorny and not a joy for everyone. The review of required math in chapter 0 of the book is a good refreshment before starting, but it may not be sufficient if you need anything more than just a refreshment of prior knowledge, i.e.: Don't expect a full introduction to the mathematical foundations of cryptography.
The type of proofs used in this book on provable security is quite natural for anybody coming from IT / computer science: The author calls them hybrid proofs and are made up from pseudo-code. As somebody who can (mostly) understand formal proofs but could hardly produce any myself, this was an interesting new concept. Though I didn't actually try to solve too many of the many exercises incorporated into this book, I do have the feeling, that I could cope with this type of proof more easily than with purely mathematical proofs (where I struggle mostly with coming up with a strategy, i. e. with deciding if I should try induction, counter-statement, etc.).
The book covers the classical content of symmetric and public key cryptography and nothing beyond that, which is fine, as this textbook is intended for introductory college classes. It does that well, especially for those who feel comfortable with the hybrid proof strategy mentioned above. A good introduction for people interested in the formal design of crytographic procedures.
The preface immediately takes the promise if the title back: The way towards having joy with provable security may be thorny and not a joy for everyone. The review of required math in chapter 0 of the book is a good refreshment before starting, but it may not be sufficient if you need anything more than just a refreshment of prior knowledge, i.e.: Don't expect a full introduction to the mathematical foundations of cryptography.
The type of proofs used in this book on provable security is quite natural for anybody coming from IT / computer science: The author calls them hybrid proofs and are made up from pseudo-code. As somebody who can (mostly) understand formal proofs but could hardly produce any myself, this was an interesting new concept. Though I didn't actually try to solve too many of the many exercises incorporated into this book, I do have the feeling, that I could cope with this type of proof more easily than with purely mathematical proofs (where I struggle mostly with coming up with a strategy, i. e. with deciding if I should try induction, counter-statement, etc.).
The book covers the classical content of symmetric and public key cryptography and nothing beyond that, which is fine, as this textbook is intended for introductory college classes. It does that well, especially for those who feel comfortable with the hybrid proof strategy mentioned above. A good introduction for people interested in the formal design of crytographic procedures.
Read
May 4, 2025Really really enjoyed this. I'm not putting an end date on it because I didn't read it properly through per-se, but I read all the relevant sections in preparation for my Final Year Project and found it both really useful and also fascinating in-and-of itself, so might come back to it over the summer, and complete the extra exercise I hadn't finished as well. Rosulek does a fantastic job of introducing the reader to the field of theoretical cryptography --- I read this mostly over the summer (so, entirely self-study), and didn't feel the great loss of a teacher/similar to work it through with me. It's a good overview, the exercises are useful to actually sink your teeth into the topics, and I though Rosulek was really quite funny to boot. If you're interested in the field, would recommend. Will definitely help you to feel the joy!
July 16, 2025
Before I get into the actual review, I would like to thank the author for making a genuine effort into making the book. Having a free resource to be used in college is a life savior and is one step closer to fixing the college system.
I read this book as part of a cryptography class. While the content itself was there, I feel like having an additional explanations for the concepts that are less math based would appreciated. I feel that most CS students who read this book as part of their class work, would have a lighter background in math than expected, where at most you learn the basics of set theory, proofs, and calculus.
Thus the fact that the explanations of why the process work the way they do being based in math proofs, leads a lot to be desired. I feel that there is so much content that could be expanded on the book could be cut in half, and several hundred pages of explanation, and would be perfect.
After completing that cryptography class, it felt like whatever was doing was arcane. I understood the process, but I could barely understood the why behind it. Having proofs adapt based on a single argument makes it feel like the theories are playing a game of Kalvin Ball.
As soon as an argument is made against them, and hole host of esoteric math principles are pulled in to fix the gap. This leads the reader to feel that at worst, all these theories are being made up on the spot by the cybersecurity community, and being justified with pages of esoteric math no one actually understands.
However, I feel that a lot of these issues could be solved, if a lot of the theory was expanded on terms that the more average CS student would be able to understand, assuming that they don't have a heavy math background, and that the average CS student would need more than a proof to explain why the concept works the way it does.
I read this book as part of a cryptography class. While the content itself was there, I feel like having an additional explanations for the concepts that are less math based would appreciated. I feel that most CS students who read this book as part of their class work, would have a lighter background in math than expected, where at most you learn the basics of set theory, proofs, and calculus.
Thus the fact that the explanations of why the process work the way they do being based in math proofs, leads a lot to be desired. I feel that there is so much content that could be expanded on the book could be cut in half, and several hundred pages of explanation, and would be perfect.
After completing that cryptography class, it felt like whatever was doing was arcane. I understood the process, but I could barely understood the why behind it. Having proofs adapt based on a single argument makes it feel like the theories are playing a game of Kalvin Ball.
As soon as an argument is made against them, and hole host of esoteric math principles are pulled in to fix the gap. This leads the reader to feel that at worst, all these theories are being made up on the spot by the cybersecurity community, and being justified with pages of esoteric math no one actually understands.
However, I feel that a lot of these issues could be solved, if a lot of the theory was expanded on terms that the more average CS student would be able to understand, assuming that they don't have a heavy math background, and that the average CS student would need more than a proof to explain why the concept works the way it does.
Currently reading
February 1, 2025crypto about to become my best bro
Displaying 1 - 4 of 4 reviews