abachman/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Retrieved from Reddit 2015-12-10

As an undergrad who has recently become very interested in this field, I would like to know of a roadmap to develop a solid foundation in order to pursue a research career in cryptography. Things like course sequence, major/concentration, books, etc would be helpful.
Currently I'm a second year CS student and have noticed that my school's program focuses more on the practical side of things. Since cryptography requires a deep understanding of some abstract areas of math, would it be best to transfer to a pure math program?
Thanks in advance!

You should definitely have solid mathematical skills, but computer science helps as well. I did both (bachelors in both, masters in both, PhD in a mathematics/CS hybrid department).
First try to get a broad knowledge of the subject, then figure out what area interests you the most. Here's a few references that might interest you:

So you want to be a cryptographer: Bruce Schneier's essay on how to become a cryptographer. You should read this first!
How not to learn cryptography: Seny Kamara's blog on how he learned cryptographer, and opinions on what is right and wrong.
The Matasano crypto challenges: Shows you a lot of crypto mistakes that happen in practice, that a beginner can learn without having heavy math skills.
So you want to learn to break ciphers: My blog showing some basic, non-mathematical techniques for breaking ciphers.
Tom St Denis' book: Tom became a celebrity in crypto. In the early days, he was a highschool student, not doing his homework but instead learning crypto through the old sci.crypt newsgroup. He had a very strong thirst for knowledge, and a bunch of people were happy to help him. He ended up writing an awesome crypto library (LibTomCrypt) and I believe he even got a few scientific publications, and became very well known in the crypto community.

Crypto is a big, big field, and there are all sorts of places to specialise in. Find out what your passion is and go from there.

Thanks for the helpful links! I'd love to know what you've been working on since you finished your degree.

I'll ramble on with a bit of a story here to give you a feeling of what it takes to be a cryptographer. Then I will answer your question.
One thing I can say for sure is that making it in crypto is hard! You're trying to come up with research that stands up against some of the best brains out there, including several Putnam fellows.
I did not start out mathematically advanced at all. I only became mathematical because I found myself more and more interested in the theoretical sides of things, partially because I was trying to understand what it takes to become an expert at something, partially because it just appealed to me.
Before University, I was a hacker. I mainly did DoS attacks on bulletin board systems because I found it fun (I was immature). Only when I was about 16 did I start to access a Unix system and became interested in what was there. That's when I discovered /etc/passwd, and my crypto pursuits begun. At that time I had no idea that a widely used encryption standard was behind it.
Once I got to University, I worked my tail off. Much, much harder than anybody else I knew. This was my "catch up" time, because I was only a talented programmer, but had little mathematical skills. I took my first crypto class when I was junior. It was a graduate level crypto class. I loved it, but again I was up against much more advanced students, so I was not a star. But I kept pursuing this stuff, number theory, and algorithms because I loved it.
Did well enough to go to grad school. I went to a school known for crypto, got a master's degree. Then I got my lucky break: Arjen Lenstra was looking for a summer intern, and he contacted me. I was a bit burnt out by that time, but friends convinced me that I would be crazy to turn it down.
I'd love to say anybody who works hard can make it, but the truth is that many cryptographers have been working hard their whole lives, and have been mathematically inclined. I was into programming from quite a young age, but not mathematically inclined. Working one summer with Arjen made all the difference in my career. Not only did he teach me a lot, but having done well working for him was enough to get an important reference letter to get to the next step.
That next step was a Master's degree in mathematics at the University of Georgia, working for Carl Pomerance (big shot number theorist). I was very lucky to get in. On paper, I was not as strong as most of their people, but combined with my Master's degree, my reference from Arjen, and my passion, they decided to give me a chance.
2.5 years of super-intense mathematics at UGA, and I was shining like a star. But I was really burnt out, and I had to tell Carl that I'm just too exhausted to do a PhD. So I took my Master's degree and went looking for a job.
Then luck struck me again: having the right skills and a certain company known as RSA Data Security was looking for a research associate. Now also having good references from Carl and Arjen, I was standing strong and I got the job. Woohoo! This gave me the opportunity to work with people like Yiqun Lisa Yin and Matt Robshaw, and eventually I got to write two papers with them and Ronald Rivest. Now I have made it, right?
Well, not really. I still haven't done much of my own research. They had the big vision, I just contributed where I could, and always felt that I didn't do enough.
So as time passed, I spent a lot of time on sci.crypt, broke a lot of amateur designs, and a few other small things. I got the chance to do my PhD, but it mainly packaged research that I had done over the years. There I was, with a PhD, and feeling that I haven't really done anything major. I was ready to give up. I looked at my PhD thesis and thought to myself that I did not make a real-world impact, but nevertheless I was doing the type of research that many people did. If only the science was better... If only we could build practical security that had some type of provability.
It was the right thought. Within a couple weeks of thinking that, I got my breakthrough. I solved the right problem in the right way at the right time, and others had overlooked the fairly simple solution. It made me realise that you don't have to be the best brain in the world to have an impact. I managed to get one other important research result before I bailed out of crypto, that last one largely thanks to Yiqun for identifying the right problem to work on.
Why I left crypto: I am interested in making a real-world impact, and I didn't see that crypto research was the way for me to do it. Maybe for some, but not for me. I also didn't want an academic career: I hate teaching, it is too hard to get a tenured job, and the pay is not great.
What I do now: I think there is a great gap between the academic brains and what developers want and need, and I'm aiming to fill that gap. In doing so, I am identifying new areas for research, and have written a couple papers. One I put on eprint, but did not submit to any conference (funding issues). I am still interested in crypto research provided that the right problems are being solved. I am glad to see people like Paul Van Oorschot working on the type of research that I think needs more attention. These ideas need to make it to the development community. Developers do not follow academic research, instead they follow blogs and code on github. So I think there is a great opportunity for people with coding skills that can read academic research to make large real-world impacts. That's my passion, and that's where I'm aiming.