Preface

Hello and welcome to TLS Cryptography In-Depth!

As you perhaps know, there are already many excellent books on cryptography out there, written by renowned experts in the field. So why did we write yet another?

First of all, we wanted to make cryptography easier to grasp by showing how the theory of cryptography is used in real-world cryptographic applications. It is impossible to provide a serious introduction to cryptography without delving deeply into abstract mathematical concepts, and this book is no exception. But oftentimes, these mathematical concepts are presented in a way that is difficult for a beginner to follow, and particularly to relate theory to practice, so it takes a lot of patience and energy until you get to the seemingly far-away applications. Finally, these applications are often presented quite briefly, almost like an afterthought.

Yet applications of cryptography profoundly affect our daily lives and are not remote at all. Perhaps most importantly, practically everybody who is surfing the web today uses web addresses starting with https, which stands for Hypertext Transport Protocol Secure, and the Secure part is realized by a cryptographic protocol called Transport Layer Security, or TLS for short. If you are using the Firefox browser, for example, and click on the padlock icon next to the URL you are visiting, a few clicks later, you will arrive at the technical details of the Security tab of the page info. Here, a typical entry could be as follows:

   TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3

What do these abbreviations mean? Is this really a secure connection? Providing you with the knowledge necessary to answer these questions is one of the main goals of this book.

As we will see, much of present-day cryptography comes together in TLS. We therefore use TLS not just as an application but as a leitmotif of our book. That is, all cryptographic concepts are ultimately motivated by their appearance within the TLS protocol, and advanced cryptanalytic techniques such as linear and differential cryptanalysis are discussed only if they affect TLS protocol design.

TLS is a rather old protocol: its first version dates back to 1994 (under the name Secure Sockets Layer, or SSL). In 2018, TLS underwent a major revision: not only were many old, insecure cryptographic options deprecated but also protocol messages and their sequence were changed in the latest TLS version, 1.3. The underlying internet standard, IETF RFC 8446, however, is rather complex, densely written, and provides little in the way of motivation.

Therefore, our second reason for writing this book was to show how the design of TLS 1.3 is motivated by good cryptographic practices and earlier cryptographic attacks. Very often, we also dive deeply into TLS 1.3 specification and investigate the meaning of its various data structures. Therefore, you may also read this book as a detailed introduction to the TLS protocol and its nuts and bolts, or use it as a companion to IETF RFC 8446.