Monday, 1 October 2018

So, you want to be a cryptographer

by Bruce Schneier
Copyright (c) 1999 by Bruce Schneier

One of the most frequent questions I receive via email is: "How can I become a cryptographer?" This essay is my attempt to answer the question. My answer divides into four parts -- for the high-school student, for the undergraduate, for the graduate student, and for the person employed in a related field -- although much of what I have to say overlaps.

First, what is a cryptographer? For our purposes, a cryptographer is someone who is active in the field of cryptography: someone who engages in research, writes papers, breaks algorithms and protocols, and sometimes writes his own algorithms and protocols. A cryptographer can find work as a university professor, but some large companies -- AT&T, IBM -- employ full-time cryptographers, and there are some cryptographers that work as consultants to companies that don't have full-time cryptographers on their staffs. And, of course, the NSA will snatch pretty much anyone who shows the ability to be trained as a cryptographer. The work is the same regardless: designing systems, breaking systems, doing research, publishing papers. Cryptography is a research field and it shows.

Of course, most people who implement cryptography in software and hardware products are not cryptographers. They are implementers of cryptography, security engineers. I find that most people who say they want to be cryptographers actually want to be security engineers. They want to be a person who builds secure systems that use cryptography. This essay is not really for them, although much of the advice is the same. Security engineering requires a strong understanding of cryptography, but it does not require creating new cryptography.

The short answer to "how can I become a cryptographer" is: "Get a PhD in cryptography." This is not the only way to become a cryptographer, but it is by far the easiest. The skills you learn in pursuit of the PhD are skills you will need as a cryptographer, and doors open far easier for those who have a PhD. Furthermore, the process of getting a PhD will answer the even-more-important question: "Do I want to be a cryptographer?"

Cryptography can be a specialty of mathematics. Wherever you get your degree, both mathematical and computer science training is vital. But more importantly, cryptography is a way of thinking. Elsewhere I've written about why security engineering is different from any other kind of engineering; it requires a certain kind of mentality to approach systems from an attacker's perspective. During World War II, the British found that the best cryptographers were chess players and musicians. I find that good security people are D&D players and tinkerers. The ability to find loopholes in a system, be they mathematical, systematical, or procedural, is vital to a cryptographer.

To the high school student, study mathematics and computer science. Read books on cryptography, both historical books like David Kahn's _The Codebreakers_ and modern books like my own _Applied Cryptography_. Read books about computer security: firewalls, Internet security, Windows security, whatever. The fields are closely related, and you may find that you prefer computer security to cryptography. Participate in the discussions on the sci.crypt newsgroup and the coderpunks mailing list. If you can distinguish the people in those forums who make sense from those who do not, you're well on your way. Almost certainly you will get the urge to invent new cryptographic algorithms, and will believe that they are unbreakable. Don't resist the urge; this is one of the fun parts. But resist the belief; almost certainly your creations will be breakable, and almost certainly no one will spend the time breaking them for you. You can break them yourself as you get better.

I've often been asked where to go to college as an undergraduate to study cryptography. Basically, it doesn't matter. The math education you need can be gotten from any good math department. Note: "good math department" means a place where mathematical proofs are emphasized. There are liberal arts colleges where proofs only appear in the last year or so; this is a bad idea. Some colleges offer courses in cryptography or computer security -- see my homepage for a partial list of college courses -- but in the end it really doesn't matter.

To the college student, study mathematics. Get a degree in either math or computer science, but study mathematics. Take math courses for math majors, not math courses for engineers. Learn how to think about mathematics; learn how to prove theorems. Try to take courses in number theory, complexity theory (often offered out of the computer science department), algorithms, statistics, and abstract algebra. Cryptography uses number theory, but cryptography uses ideas from many varied areas of mathematics. In fact, one of the most interesting aspects of cryptography is that the great ideas come from all over mathematics. Cryptographers need broad knowledge of mathematics; this is the only way that new connections are made and really original ideas are found.

Vital computer science courses include algorithm design, computational complexity, and theory of computation. Some colleges offer an undergraduate course in cryptography; take it. Keep reading books on cryptography: _The Handbook of Applied Cryptography_ by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, or Doug Stinson's _Cryptography: Theory and Practice_. All of these books have many, many references. If something interests you, find the reference and read it. Take computer science courses; read books about computer security. Again, chase down references if something interests you.

When choosing a graduate school, choose one that has an expertise in cryptography. Things can change quickly in the academic world so I don't want to give a list of schools (you can start with MIT and Waterloo), but they're out there. Many are outside the U.S., so be open to going to a graduate school in a different countary than you're from. One way to make a list of potential graduate schools is to look for research papers that interest you. Look at where the authors teach. When you get to graduate school, your advisor will give you far more advice on becoming a cryptographer than I ever can.

And finally, advice to people who are beyond school and working. You have two options. One, you can go back to graduate school, either full or part time. Two, you can mimic the process by yourself, without benefit of a research institution or an advisor. You can read a lot; you can apprentice yourself. If you have a good mathematics background, you can teach yourself cryptography. This option is much harder, but it is possible.

No matter where in life you are, you should try to figure out what it means to be a cryptographer. Read the existing literature to get a feel for what sort of questions cryptographers ask, how they go about answering them, and what sorts of questions are still to be answered. Find problems that you can understand, and try to solve them. Don't worry that you're "reinventing the wheel" and solving things that have already been solved; that's what learning is about. I have written a "Self-Study Course in Block Cipher Cryptanalysis" that attempts to lay out problems for a cryptography student to tackle; you can try to solve problems in any area of cryptography.

Leaning to be a cryptographer is not easy, and it makes sense to question whether that is what you really want to do. Luckily, the process has many points where you can decide to change your mind. And as I said in the beginning, many people who say they want to be cryptographers actually want to be security engineers. While the requirements for a security engineer are much the same -- read books, read research papers, take classes, learn cryptography and how it's used -- a PhD is not required.


No comments:

Post a comment

Let me know any remarks or questions you may have.

Most Popular Posts