Security training notes

The material here was initially created by Jeffrey Goldberg while working on the Security Team at 1Password. Copyright is held by 1Password, Inc., with special permission granted to Jeffrey Goldberg to make use of and publish it and works derived from it.

Background to what is here

Most, but not all of what is here, was created as notes while working through the excellent book, Serious Cryptography (2017) by JP Aumasson.

The Security Team training sessions were not formal things, and many of the slides where thrown together quickly. I have done some cleanup of them since, but much of what you see here was thrown together and aimed for a small number of known participants.

Not directly connected to Serious Cryptography

Listed here are some slides or other notes that were used in some training sessions that were not directly tied to our reading in Serious Cryptography.

• Some notes on recursion (PDF)
• An exploration of the Rogue Linear Congruential RNG
• Bayesian reasoning
• Meta reasoning and Newcomb's problem (PDF)
• Toy RSA, Euclidean Algorithm, and Adversary in the Middle): These notes were never actually used, and this was my first and last time that I will used PWeave.
• Y2K22 Microsoft Exchange bug: A lecture/rant on types. Not every string of digits should be treated as in int
• Birthday collision computations: Birthday math, and UUID collision probabilities.

On Serious Cryptography

The sessions I lead were often deeper dives one thing mention in a chapter.

1. Introduction: Barely even an introduction to an introduction. But it is start and placeholder.
2. Xor and More: Some mathematical preliminaries
3. Logarithms: More mathematical preliminaries
4. Modern Cryptographic notions, using Engima as an example of a cryptographic scheme which is not IND-CPA security. (Note that this set of slides covered three sessions).
5. Entropy: Not much in the slides
6. Random Notions, including indistinguishability from random
7. Block ciphers as pseudo-random permutations (PDF): This session was way too much mathematical abstraction for little gain.
8. Chapter 7, Authenticated Encryption
9. Hardness: Big O, and asymmetries, with source for graphs.
10. Chapter 9. Hardness (PDF): Big O, and asymmetries, along with some computation examples.
11. Chapter 9. Hopefully hard problems (PDF): Factoring and the DLP
12. Chapter 11. Integer Diffie-Hellman (PDF).

    Note that we are doing chapters out of order, will return to Chapter 10 on RSA.

13. Chapter 11. Diffie-Hellman over elliptic curves (PDF), and notes on generating the diagrams.

    Note that we are doing chapters out of order, will return to Chapter 10 on RSA.

14. Chapter 10. RSA(PDF): Including all the math needed for RSA that wasn't covered in chapters 11 and 12. (Really, there is a reason why RSA should be talked about after (EC)DH)
15. Numbers and algorithms: A long digression on how different ways of representing numbers enable different sorts of algorithms. Leading up to [spoiler redacted].
16. Chapter 13. Quantum (PDF)