The list

• Books

  • CrypTool book - Predominantly mathematically oriented information on learning, using and experimenting cryptographic procedures.
  • A Graduate Course in Applied Cryptography - By Dan Boneh and Victor Shoup. A well-balanced introductory course into cryptography, a bit of cryptoanalysis and cryptography-related security.
  • Analysis and design of cryptographic hash functions, MAC algorithms and block ciphers - Broad overview of design and cryptoanalysis of various ciphers and hash functions, by Bart Van Rompay.

• Introducing people to data security and cryptography

  • Nuts and Bolts of Encryption: A Primer for Policymakers
  • Keys under Doormats - Or why cryptography shouldn't be backdoored, by a all-star committee of crypto researches from around the world.
  • Communication Theory of Secrecy Systems - Fundamental cryptography paper by Claude Shannon.
  • Another Look at “Provable Security” - Inquiries into formalism and naive intuition behind security proofs, by Neal Koblitz et al.
  • The security impact of a new cryptographic library - Introducory paper on NaCl, discussing important aspects of implementing cryptography and using it as a larger building block in security systems, by Daniel J. Bernstein, Tanja Lange, Peter Schwabe.
  • Using Encryption for Authentication in Large Networks - By Needham, Schroeder: this is were crypto-based auth starts.

• Specific topics

  • Birthday problem - The best simple explanation of math behind [birthday attack](https://en.wikipedia.org/wiki/Birthday_attack).
  • On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 - Security analysis of different legacy HMAC schemes by Jongsung Kim et al.
  • On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit - Security of randomized CBC-MACs and a new construction that resists birthday paradox attacks and provably reaches full security, by E. Jaulmes et al.
  • Stick figure guide to AES - If stuff above was a bit hard or you're looking for a good laugh.
  • Cache timing attacks on AES - Example of designing great practical attack on cipher implementation, by Daniel J. Bernstein.
  • Cache Attacks and Countermeasures: the Case of AES - Side channel attacks on AES, another view, by Dag Arne Osvik, Adi Shamir and Eran Tromer.
  • Salsa20 family of stream ciphers - Broad explanation of Salsa20 security cipher by Daniel J. Bernstein.
  • New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba - Analysis of Salsa20 family of ciphers, by Jean-Philippe Aumasson et al.
  • AES submission document on Rijndael - Original Rijndael proposal by Joan Daemen and Vincent Rijmen.
  • Ongoing Research Areas in Symmetric Cryptography - Overview of ongoing research in secret key crypto and hashes by ECRYPT Network of Excellence in Cryptology.
  • Differential Cryptanalysis of Salsa20/8 - A great example of stream cipher cryptoanalysis, by Yukiyasu Tsunoo et al.
  • Slide Attacks on a Class of Hash Functions - Applying slide attacks (typical cryptoanalysis technique for block ciphers) to hash functions, M. Gorski et al.
  • Self-Study Course in Block Cipher Cryptanalysis - Attempt to organize the existing literature of block-cipher cryptanalysis in a way that students can use to learn cryptanalytic techniques and ways to break new algorithms, by Bruce Schneier.
  • Cryptoanalysis of block ciphers and protocols - By Elad Pinhas Barkan.
  • New Directions in Cryptography - Seminal paper by Diffie and Hellman, introducing public key cryptography and key exchange/agreement protocol.
  • A Method for Obtaining Digital Signatures and Public-Key Cryptosystems - Original paper introducing RSA algorithm.
  • Secure Communications Over Insecure Channels - Paper by R. Merkle, predated "New directions in cryptography" though it was published after it. The Diffie-Hellman key exchange is an implementation of such a Merkle system.
  • How to Share a Secret - A safe method for sharing secrets.
  • Twenty Years of Attacks on the RSA Cryptosystem - Great inquiry into attacking RSA and it's internals, by Dan Boneh.
  • Remote timing attacks are practical - An example in attacking practical crypto implementationby D. Boneh, D. Brumley.
  • The Equivalence Between the DHP and DLP for Elliptic Curves Used in Practical Applications, Revisited - by K. Bentahar.
  • Detailed Elliptic Curve cryptography tutorial
  • Let's construct an elliptic curve: Introducing Crackpot2065 - Fine example of building up ECC from scratch.
  • Explicit-Formulas Database - For many elliptic curve representation forms.
  • Curve25519: new Diffie-Hellman speed records - Paper on Curve25519.
  • Software implementation of the NIST elliptic curves over prime fields - Pracitcal example of implementing elliptic curve crypto, by M. Brown et al.
  • High-speed high-security signatures - Seminal paper on EdDSA signatures on ed25519 curve by Daniel J. Bernstein et al.
  • Proofs of knowledge - A pair of papers which investigate the notions of proof of knowledge and proof of computational ability, M. Bellare and O. Goldreich.
  • A Survey of Noninteractive Zero Knowledge Proof System and Its Applications
  • How to Prove a Theorem So No One Else Can Claim It - By Manuel Blum.
  • Information Theoretic Reductions among Disclosure Problems - Brassau et al.
  • Knowledge complexity of interactive proof systems - By GoldWasser, Micali and Rackoff. Defining computational complexity of "knowledge" within zero knowledge proofs.
  • A Survey of Zero-Knowledge Proofs with Applications to Cryptography - Great intro on original ZKP protocols.
  • Zero Knowledge Protocols and Small Systems - A good intro into Zero knowledge protocols.
  • PRIMES is in P - Unconditional deterministic polynomial-time algorithm that determines whether an input number is prime or composite.
  • Post-quantum cryptography - dealing with the fallout of physics success - Brief observation of mathematical tasks that can be used to build cryptosystems secure against attacks by post-quantum computers.
  • Post-quantum cryptography - Introduction to post-quantum cryptography.
  • Post-quantum RSA - Daniel Bernshtein's insight how to save RSA in post-quantum period.
  • Post-quantum cryptography - Introduction to post-quantum cryptography.

• Lectures and educational courses

  • Crypto101 - Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
  • A Course in Cryptography - Lecture notes by Rafael Pass, Abhi Shelat.
  • Lecture Notes on Cryptography - Famous set of lectures on cryptography by Shafi Goldwasser (MIT), M. Bellare (University of California).
  • Introduction to Cryptography by Christof Paar - Video course by Christof Paar (University of Bochum in Germany). In english.
  • Cryptography I - Stanford University course on Coursera, taught by prof. Dan Boneh. [Cryptography II](https://www.coursera.org/learn/crypto2) is still in development.

• Online crypto challenges

  • Cryptopals crypto challenges