Books

• Applied Cryptography (Bruce Schneier)
• Introduction to Modern Cryptography: Principles and Protocols (Jonathan Katz & Yehuda Lindell)
• Real-World Cryptography (David Wong)
• The Joy of Cryptography (Mike Rosulek)

Courses

• Cryptography I | Stanford Online
• Cryptography II | Stanford Online

Crypto Attacks and Vulnerabilities

AES

• Cache-timing attacks on AES - Daniel J. Bernstein
• Cryptanalysis of OCB2: Attacks on Authenticity and Confidentiality
• Padding Oracle Attack on CBC

Digest

• MD5 Nostradamus Attack
• SHA-1 collision attacks

ECC

• Practical Invalid Curve Attacks on TLS-ECDH
• Side channel attacks on implementations of Curve25519
• Lattice-based weak curve fault attack on ECDSA
• Lattice Attacks against Weak ECDSA Signatures
• CVE-2022-21449: Psychic Signatures in Java – Neil Madden

Format Preserving Encryption

• Breaking The FF3 Format Preserving Encryption

PQC

• Attacks on NIST PQC 3rd Round Candidates

RSA

• Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 v1.5 - Daniel Bleichenbacher
• New Attacks on PKCS#1 v1.5 Encryption
• Coppersmith's attack & RSA
• Lattice attacks on RSA - Nadia Heninger

Others

• Cache Attacks on the Cloud
• Practical attacks on real world crypto implementations
• Cache Attacks on the Cloud
• The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
• TPM-Fail: TPM meets Timing and Lattice Attacks

Full Homomorphic Encryption

• Introduction to FHE by Pascal Paillier
• https://fhe.org/resources
• GitHub - zama-ai/concrete: Concrete ecosystem is a set of crates that implements Zama's variant of TFHE
• GitHub - microsoft/SEAL: Microsoft SEAL is an easy-to-use and powerful homomorphic encryption library
• GitHub - homenc/HElib: HElib is an open-source software library that implements homomorphic encryption
• PALISADE Homomorphic Encryption Software Library (palisade-crypto.org)

Post Quantum Cryptography

• Post-Quantum Cryptography | CSRC (nist.gov)
• NISTIR 8413, PQC Project Third Round Report | CSRC
• The Beginning of the End: The First NIST PQC Standards
• CRYSTALS (Cryptographic Suite for Algebraic Lattices) Kyber and Dilithium

The Protocols

TLS

TLS RFCs

• RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
• RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
• RFC 9147: The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
• RFC 6347: The Datagram Transport Layer Security (DTLS) Protocol Version 1.2

TLS Best Security Practices

• RFC 7457: Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
• RFC 7525: Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
• RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2) (Appendix A 'Cipher Suite Blacklist'’)
• RFC 7925: Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
• The Netherlands NCSC IT Security Guidelines for TLS
• BSI TR-02102-2: Use of Transport Layer security
• NIST SP 800-52 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
• Eliminating Obsolete Transport Layer Security (TLS) by NSA

TLS Vulnerabilities

• BEAST (TLS 1.0 and the use of AES CBC with predictable IV)
• CRIME, TIME and BREACH (compression attacks))
• Lucky 13
• POODLE (SSLv3 padding oracle attack)
• SMACK (state machine attack)
• Logjam (weak DH groups)
• SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes CVE-2015-7575)
• DROWN (breaking TLS with SSL 2.0)
• FREAK (factoring RSA export keys)
• SWEET32 (birthday attacks on 64-bit block ciphers in CBC mode e.g. 3DES)
• SELFIE (affects TLS 1.3 with PSK mode)
• Racoon Attack (affects TLS 1.2 and below when using DH)

The Signal Protocol

• A Formal Security Analysis of the Signal Messaging Protocol

WireGuard

• WireGuard VPN

The Frameworks

• The Noise Protocol Framework

The NIST Publications

• NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques
• NIST SP 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
• NIST SP 800-38C: Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
• NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
• NIST SP 800-38E: Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
• NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
• NIST SP 800-56A Rev.3: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography
• NIST SP 800-56B Rev. 2: Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography
• NIST SP 800-57 Part 1: Recommendation for Key Management: Part 1 – General
• NIST SP 800-57 Part 2: Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations
• NIST SP 800-57 Part 3: Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
• NIST SP 800-130: A Framework for Designing Cryptographic Key Management Systems
• SP 800-135 Rev. 1: RRecommendation for Existing Application-Specific Key Derivation Functions
• FIPS 186-4: Signature Standard (DSS)
• FIPS 186-5 (Draft): Signature Standard (DSS)