Capstone — Cryptography in the Real World
Cryptography Fundamentals
Chapter 12 · Capstone — Cryptography in the Real World
The final chapter, in two parts: the post-quantum preview flagged back in Chapters 5 and 9, and a single worked scenario that combines every primitive this course has built, in the order a real system would actually use them.
Post-Quantum Cryptography — Preparing for Shor's Algorithm
Chapter 9 explained the asymmetry precisely: Shor's algorithm, on a sufficiently powerful quantum computer, breaks RSA, Diffie-Hellman, and ECC outright — not a manageable degradation like Grover's algorithm's effect on AES (Chapter 5), which can simply be countered with a larger key. Machines capable of running Shor's algorithm at the scale needed to threaten real-world key sizes don't exist yet — but "post-quantum cryptography" is the active, ongoing work of replacing this course's Chapter 9 algorithms with new ones built on entirely different hard math problems, believed resistant to both classical and quantum attack alike.
The leading approach is lattice-based cryptography. Mirroring Chapter 5's AES competition and Chapter 7's SHA-3 competition, NIST ran another open, public, multi-year competition (2016-2024) — a third demonstration of Chapter 1's Kerckhoffs's Principle at genuinely massive scale. The results, standardized in 2024: ML-KEM (formerly CRYSTALS-Kyber) for key exchange, and ML-DSA (formerly CRYSTALS-Dilithium) for signatures — direct post-quantum replacements for Chapter 9's Diffie-Hellman/ECDH and Chapter 10's RSA/ECDSA signatures respectively.
A Full Worked System — Securing a Message End to End
Alice needs to send Bob a message, securely and verifiably, over an untrusted network. Here's every chapter of this course, contributing one piece each, in order:
This is, in essence, exactly what a modern TLS 1.3 connection with client certificate authentication does — every step traceable to a specific chapter of this course, none of it magic.
What This Course Doesn't Cover
In the interest of an honest accounting, matching the precedent this site's ts5 course set for its own closing chapter: full protocol design (how TLS assembles these primitives into an actual wire protocol — that's https1's subject specifically), cryptocurrency-specific cryptography, zero-knowledge proofs, homomorphic encryption, and formal, mathematically rigorous security proofs are all real, substantial topics this course intentionally left out of scope. This course is the foundation those subjects build on, not a replacement for studying them directly.
This Course's Throughline, Restated One Last Time
Chapter 1 predicted it; Chapter 4 demonstrated it with Enigma. By this final chapter, the pattern has repeated six times across nearly a century of real cryptographic history:
| Chapter | Real-world case | What actually failed |
|---|---|---|
| 4 | Enigma, 1930s-40s | Predictable settings ("cillies"), message-key reuse — never the underlying math |
| 5 | Stream cipher misuse | Key/nonce reuse, reintroducing a two-time-pad break |
| 6 | CBC IV reuse | Predictable first-block leakage from a reused IV |
| 9 | Static key compromise | No forward secrecy — one stolen key exposes every past session |
| 10 | Sony PS3, 2010 | ECDSA nonce reuse, directly leaking the signing private key |
| 11 | Debian OpenSSL, 2008 | Collapsed entropy, making generated keys exhaustively enumerable |
Six case studies, from a 1930s rotor machine to 2010s consumer electronics to open-source infrastructure — every one a key-management or operational failure, never a mathematical one.
Where to Go From Here
This course is the foundation underneath several others already on this site: https1's entire handshake is now fully explainable, chapter by chapter, using nothing but this course's own primitives. bc1-2's password hashing is Chapter 7 and Chapter 11 applied specifically to authentication. dbsec1-5/dbsec1-6's encryption at rest and in transit are Chapter 5 and Chapter 6 applied specifically to databases. owasp1-2's entire "Cryptographic Failures" category can now be read with real technical grounding behind every item on the list, rather than as an abstract warning.
Hands-On Exercises
Explain "harvest now, decrypt later" in your own words, and explain why it means post-quantum migration is an urgent present-day concern even though no quantum computer capable of running Shor's algorithm at threatening scale currently exists.
📄 View solutionIn this chapter's worked Alice-and-Bob system, if a large-scale quantum computer became practical tomorrow, which specific step(s) would need to be replaced immediately, and which step(s) would be comparatively unaffected? Explain why, referencing Chapter 9's quantum asymmetry.
📄 View solutionPick any two of the six real-world case studies from this chapter's closing table (Enigma, stream cipher reuse, CBC IV reuse, static key compromise, Sony's ECDSA reuse, the Debian OpenSSL bug). Despite being separated by decades and completely different technologies, explain in your own words what they have in common structurally.
📄 View solutionChapter 12 Quick Reference
- Post-quantum crypto — new algorithms (ML-KEM, ML-DSA) built on different hard problems, standardized by NIST in 2024 after another open competition
- "Harvest now, decrypt later" — recorded ciphertext today can be decrypted retroactively once quantum computers arrive, making migration urgent now
- Full worked system: ECDHE (Ch.9) → HKDF (Ch.11/Ch.8) → AES-256-GCM (Ch.5/6/8) → signature + certificate chain (Ch.7/10) → proper key handling throughout (Ch.11)
- Out of scope: full protocol design, cryptocurrency-specific crypto, zero-knowledge proofs, homomorphic encryption, formal security proofs
- Six real-world case studies (Ch.4, 5, 6, 9, 10, 11) — every one a key-management/operational failure, never a mathematical one
- This course underlies
https1,bc1-2,dbsec1-5/6, andowasp1-2directly - Course complete — Cryptography Fundamentals, 12 chapters, from Caesar's shift cipher to post-quantum lattice cryptography