CRYPTOGRAPHY

LEVEL 01
MATHEMATICAL FOUNDATIONS
// the bedrock everything is built on
01.1 — MODULAR ARITHMETIC
Modular Arithmetic & Number Theory
The mathematics of "clock arithmetic" — working with remainders after division. Nearly every public-key cryptosystem (RSA, Diffie-Hellman, ECC) depends on modular arithmetic. You'll learn congruences, Fermat's Little Theorem, Euler's theorem, and the Chinese Remainder Theorem.
Congruences GCD / Euclidean Algorithm Modular Inverse Fermat's Little Theorem Euler's Totient φ(n) CRT
01.2 — ABSTRACT ALGEBRA
Group Theory & Finite Fields
Algebraic structures that underpin modern cryptographic schemes. Groups, rings, and fields provide the language for understanding why Diffie-Hellman works, how elliptic curve points are added, and what makes a cryptosystem mathematically secure.
Groups & Subgroups Cyclic Groups Rings & Fields Galois Fields GF(2ⁿ) Generators & Order Group Isomorphisms
01.3 — PROBABILITY & INFORMATION
Probability & Information Theory
Entropy, randomness, and quantifying information — the conceptual basis for understanding why one-time pads are perfectly secure, how key lengths are chosen, and what "computational indistinguishability" means in formal security proofs.
Shannon Entropy Perfect Secrecy Birthday Paradox Randomness & PRNGs Computational Indistinguishability
01.4 — COMPUTATIONAL COMPLEXITY
Complexity Theory for Crypto
Understanding why cryptography works at all: the assumption that certain problems (factoring, discrete log) are hard to solve efficiently. P vs NP, one-way functions, trapdoor functions, and reduction-based security proofs form the theoretical backbone of modern crypto.
P vs NP One-Way Functions Trapdoor Functions Negligible Functions Polynomial-Time Reductions
LEVEL 02
CLASSICAL CRYPTOGRAPHY
// historical ciphers & the lessons they teach
02.1 — SUBSTITUTION CIPHERS
Substitution & Transposition
The earliest encryption methods — replacing or rearranging letters. From Caesar's fixed shift to polyalphabetic Vigenère ciphers, studying these reveals fundamental concepts like key space, frequency analysis attacks, and why simple substitution is inherently broken.
Caesar Cipher Vigenère Cipher Frequency Analysis Kasiski Examination Transposition Ciphers Playfair Cipher
02.2 — MECHANICAL CIPHERS
Enigma & Rotor Machines
The electro-mechanical encryption machines of WWII that inspired modern cryptanalysis. Understanding Enigma reveals how keyspace, operational security failures, and known-plaintext attacks work — lessons that are still directly relevant to modern system design.
Enigma Machine Rotor Mechanics Known-Plaintext Attack Turing's Bombe Operational Security Failures
02.3 — PERFECT SECRECY
One-Time Pad & Shannon's Proof
The only provably unbreakable cipher in existence. Shannon's 1949 proof that a truly random key, as long as the message and never reused, achieves perfect secrecy. Understanding why it's impractical motivates the entire field of computational security.
XOR Encryption Perfect Secrecy Proof Key Reuse Vulnerabilities VENONA Project Shannon's Theorem
LEVEL 03
SYMMETRIC CRYPTOGRAPHY
// same key encrypts and decrypts
03.1 — BLOCK CIPHERS
DES, AES & Block Cipher Design
Block ciphers encrypt fixed-size blocks of plaintext. DES (56-bit key, now broken) introduced Feistel networks; AES (128/192/256-bit keys) uses a substitution-permutation network and remains the global standard. Understanding their internal structure — S-boxes, MixColumns, key schedules — is essential.
Feistel Network (DES) SPN (AES) S-Boxes & Diffusion Key Schedule AES-128 / AES-256 3DES
03.2 — MODES OF OPERATION
ECB, CBC, CTR & GCM
A block cipher alone only encrypts one block. Modes of operation define how to securely encrypt messages of arbitrary length. ECB is catastrophically insecure (the famous "ECB penguin"), CBC chains blocks together, CTR turns a block cipher into a stream cipher, and GCM adds built-in authentication.
ECB Mode (Insecure) CBC Mode CTR Mode GCM (AEAD) IV / Nonce Padding Oracle Attack
03.3 — STREAM CIPHERS
RC4, ChaCha20 & Stream Design
Stream ciphers encrypt data one byte (or bit) at a time by XORing plaintext with a pseudorandom keystream. RC4 was widely used in WEP/TLS but has critical biases. ChaCha20 (by Daniel Bernstein) is the modern standard, used in TLS 1.3 and WireGuard, prized for speed and security.
Keystream Generation RC4 (Broken) Salsa20 / ChaCha20 Nonce Reuse Attacks ChaCha20-Poly1305
03.4 — AUTHENTICATED ENCRYPTION
AEAD: AES-GCM & ChaCha20-Poly1305
Encryption alone doesn't prevent tampering. Authenticated Encryption with Associated Data (AEAD) provides both confidentiality and integrity in a single operation. AES-GCM and ChaCha20-Poly1305 are the two dominant AEAD schemes used in TLS 1.3, IPsec, and modern protocols.
AEAD Construction Encrypt-then-MAC AES-GCM Poly1305 MAC Associated Data Nonce Misuse Resistance
LEVEL 04
HASH FUNCTIONS & MACs
// fingerprinting data & proving integrity
04.1 — CRYPTOGRAPHIC HASH FUNCTIONS
SHA-2, SHA-3 & Hash Design
Hash functions map arbitrary input to a fixed-size digest. They must be pre-image resistant, second pre-image resistant, and collision resistant. MD5 and SHA-1 are broken. SHA-256 (Merkle-Damgård construction) and SHA-3/Keccak (sponge construction) are the current standards.
Pre-image Resistance Collision Resistance MD5 / SHA-1 (Broken) SHA-256 / SHA-512 SHA-3 / Keccak Merkle-Damgård vs Sponge
04.2 — MACs & KEY DERIVATION
HMAC, KDFs & Password Hashing
MACs (Message Authentication Codes) use a secret key to produce a tag proving a message hasn't been tampered with. HMAC combines a hash function with a key securely. KDFs (Key Derivation Functions) stretch passwords or keys; bcrypt, scrypt, and Argon2 are designed to resist brute-force GPU attacks.
HMAC Construction HKDF PBKDF2 bcrypt scrypt Argon2 (id/d/i)
04.3 — DATA STRUCTURES
Merkle Trees & Hash-Based Structures
Merkle trees let you efficiently verify that data belongs to a large set by providing a compact proof (a "Merkle path"). They are foundational to blockchains (Bitcoin's transaction tree), certificate transparency logs, and modern authenticated data structures.
Merkle Trees Merkle Proofs Hash Chains Certificate Transparency Blockchain Data Structures
LEVEL 05
ASYMMETRIC / PUBLIC-KEY CRYPTOGRAPHY
// separate keys for encryption and decryption
05.1 — RSA
RSA Encryption & Signatures
The first practical public-key cryptosystem (Rivest-Shamir-Adleman, 1977). Security rests on the difficulty of factoring the product of two large primes. RSA is used for encryption and digital signatures, but requires careful padding (OAEP, PSS) to avoid textbook RSA attacks.
Key Generation (p, q, n, e, d) Integer Factorization Problem PKCS#1 v1.5 (Vulnerable) OAEP Padding RSA-PSS Signatures RSA Key Sizes (2048+)
05.2 — DIFFIE-HELLMAN
Diffie-Hellman Key Exchange
The 1976 breakthrough that started public-key crypto: two parties can agree on a shared secret over an insecure channel without ever transmitting the secret. Security is based on the Discrete Logarithm Problem (DLP). Ephemeral DH (DHE) provides forward secrecy in TLS.
Discrete Log Problem DH Key Exchange Protocol Man-in-the-Middle Attack Ephemeral DH (DHE) Safe Primes Forward Secrecy
05.3 — ELLIPTIC CURVE CRYPTOGRAPHY
ECC, ECDH & ECDSA
Elliptic curves provide the same security as RSA with dramatically smaller keys (256-bit ECC ≈ 3072-bit RSA). Points on an elliptic curve over a finite field form a group; the Elliptic Curve Discrete Log Problem (ECDLP) is the hard problem. ECDH and ECDSA are used throughout TLS, SSH, and Bitcoin.
Elliptic Curve Equation (y²=x³+ax+b) Point Addition & Scalar Multiplication ECDLP NIST Curves (P-256) Curve25519 / Ed25519 ECDSA / EdDSA
05.4 — DIGITAL SIGNATURES
Digital Signatures & PKI
Digital signatures provide authentication, integrity, and non-repudiation. A private key signs; anyone with the public key can verify. Public Key Infrastructure (PKI) uses Certificate Authorities (CAs) to bind public keys to identities — the trust backbone of HTTPS.
RSA-PSS / ECDSA / EdDSA X.509 Certificates Certificate Authorities (CAs) Certificate Chains Let's Encrypt / ACME Certificate Pinning
LEVEL 06
CRYPTOGRAPHIC PROTOCOLS
// real-world systems that use all of the above
06.1 — TLS / SSL
TLS 1.3 & Secure Communications
Transport Layer Security secures virtually all internet traffic. TLS 1.3 (2018) simplified the handshake to 1-RTT, removed insecure ciphers, and mandated forward secrecy. Understanding the handshake, cipher suite negotiation, and certificate verification is essential for any security engineer.
TLS 1.3 Handshake Cipher Suite Negotiation Forward Secrecy (ECDHE) 0-RTT Resumption Certificate Verification HSTS / Certificate Transparency
06.2 — END-TO-END ENCRYPTION
Signal Protocol & E2EE Messaging
The Signal Protocol (used by Signal, WhatsApp, and Google Messages) is the gold standard for end-to-end encrypted messaging. It combines the Double Ratchet algorithm, X3DH key agreement, and Sesame for multi-device support to provide forward secrecy and post-compromise security for every single message.
Double Ratchet Algorithm X3DH Key Agreement KDF Chains Post-Compromise Security Sealed Sender MLS (Messaging Layer Security)
06.3 — SECURE SHELL & VPNs
SSH, WireGuard & IPsec
SSH provides encrypted remote access and file transfer, with key-based authentication preferred over passwords. WireGuard is a modern VPN protocol using ChaCha20-Poly1305, Curve25519, and BLAKE2s — radically simpler and faster than IPsec/OpenVPN. IPsec remains the enterprise standard for site-to-site VPNs.
SSH Key Exchange Ed25519 SSH Keys WireGuard Protocol Noise Protocol Framework IPsec IKEv2 OpenVPN vs WireGuard
06.4 — BLOCKCHAIN CRYPTOGRAPHY
Bitcoin, Ethereum & Consensus Crypto
Blockchains combine hash functions, digital signatures, and Merkle trees with consensus mechanisms. Bitcoin uses SHA-256 and ECDSA (secp256k1). Ethereum added smart contracts and is moving to BLS signatures for proof-of-stake. Understanding wallet derivation (BIP-32/39/44) and transaction signing is core.
secp256k1 / ECDSA Merkle Trees in Bitcoin BIP-32/39/44 HD Wallets BLS Signatures Hash-Time Lock Contracts Schnorr / Taproot
LEVEL 07
ADVANCED CRYPTOGRAPHY
// deep theory & provable security
07.1 — PROVABLE SECURITY
Security Proofs & Models
How cryptographers formally prove that a scheme is secure. The Random Oracle Model (ROM) idealizes hash functions; the Standard Model avoids such idealizations. Security games (IND-CPA, IND-CCA2, EUF-CMA) define what it means for encryption or signatures to be "secure" via reductions to hard problems.
IND-CPA / IND-CCA2 EUF-CMA Random Oracle Model Standard Model Security Reductions Game-Based Proofs
07.2 — SIDE-CHANNEL ATTACKS
Side-Channels & Implementation Security
Even mathematically perfect crypto can be broken through implementation flaws. Timing attacks measure how long operations take. Power analysis observes electrical consumption. Cache attacks exploit CPU cache behavior. Constant-time programming and hardware countermeasures are essential defenses.
Timing Attacks Power Analysis (SPA/DPA) Cache-Timing Attacks Spectre / Meltdown Constant-Time Code Fault Injection
07.3 — SECRET SHARING
Shamir's Secret Sharing & Threshold Schemes
Split a secret into n shares such that any k shares can reconstruct it, but k-1 shares reveal nothing. Shamir's scheme uses polynomial interpolation over a finite field. Threshold cryptography extends this to distributed key generation and signing without ever assembling the full key.
Shamir's Secret Sharing Lagrange Interpolation (k,n) Threshold Schemes Verifiable Secret Sharing Distributed Key Generation Threshold Signatures
07.4 — PAIRING-BASED CRYPTO
Bilinear Pairings & BLS Signatures
Bilinear pairings (e.g., Weil and Tate pairings) map two elliptic curve points to a field element, enabling powerful constructions: BLS signatures (aggregatable, used in Ethereum 2.0), Identity-Based Encryption (IBE), and short signatures. They are a building block for many advanced protocols.
Bilinear Maps (e: G₁×G₂→Gₜ) BLS Signatures Signature Aggregation Identity-Based Encryption BN254 / BLS12-381 Curves
LEVEL 08
FRONTIER & CUTTING-EDGE
// the bleeding edge of cryptographic research
08.1 — ZERO-KNOWLEDGE PROOFS
ZKPs: SNARKs, STARKs & Groth16
Prove you know something without revealing what you know. ZK-SNARKs (used in Zcash, zk-rollups) provide succinct, non-interactive proofs but require a trusted setup. ZK-STARKs (by Eli Ben-Sasson) eliminate the trusted setup using hash functions only. PLONK offers a universal trusted setup. This is the hottest area in crypto today.
Interactive vs Non-Interactive zk-SNARKs zk-STARKs Groth16 PLONK R1CS / QAP zk-Rollups Circom / Noir
08.2 — SECURE MULTI-PARTY COMPUTATION
MPC: Computing on Private Data
Multiple parties jointly compute a function over their inputs while keeping those inputs private. Yao's Garbled Circuits (2-party) and GMW/BGW protocols (multi-party) are foundational. Real-world uses include private set intersection, privacy-preserving analytics, and distributed key management at companies like Fireblocks.
Yao's Garbled Circuits GMW Protocol BGW Protocol Oblivious Transfer Private Set Intersection SPDZ Protocol
08.3 — FULLY HOMOMORPHIC ENCRYPTION
FHE: Computing on Encrypted Data
Perform arbitrary computations on ciphertext without decrypting it. Craig Gentry's 2009 breakthrough showed this was possible using lattice-based constructions. Modern schemes (BFV, BGV, CKKS, TFHE) are becoming practical for applications like encrypted machine learning inference and private database queries.
Gentry's Breakthrough (2009) Bootstrapping BFV / BGV Schemes CKKS (Approximate) TFHE (Boolean) Noise Management
08.4 — POST-QUANTUM CRYPTOGRAPHY
Lattice, Code & Hash-Based PQC
Shor's algorithm on a quantum computer would break RSA, DH, and ECC. NIST finalized its first PQC standards in 2024: ML-KEM (CRYSTALS-Kyber) for key encapsulation and ML-DSA (CRYSTALS-Dilithium) for signatures, both lattice-based. SLH-DSA (SPHINCS+) provides a hash-based alternative. Migration has already begun.
Shor's Algorithm Lattice Problems (LWE / Ring-LWE) ML-KEM (Kyber) ML-DSA (Dilithium) SLH-DSA (SPHINCS+) Hybrid Key Exchange NIST PQC Standards
08.5 — THRESHOLD & IDENTITY CRYPTO
IBE, ABE & Functional Encryption
Beyond simple public/private key pairs. Identity-Based Encryption (IBE) uses an email or name as the public key. Attribute-Based Encryption (ABE) defines access policies on ciphertext (e.g., "decrypt if department=HR AND clearance≥3"). Functional Encryption reveals only a function of the plaintext — the frontier of fine-grained access control.
Identity-Based Encryption Attribute-Based Encryption CP-ABE / KP-ABE Functional Encryption Proxy Re-Encryption