So, You Want to be a Cryptographer
----------------------------------

by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
http://www.counterpane.com
Copyright (c) 1999 by Bruce Schneier


One of the most frequent questions I receive via email is: "How can I
become a cryptographer?"  This essay is my attempt to answer the question.
My answer divides into four parts -- for the high-school student, for the
undergraduate, for the graduate student, and for the person employed in a
related field -- although much of what I have to say overlaps.

First, what is a cryptographer?  For our purposes, a cryptographer is
someone who is active in the field of cryptography: someone who engages in
research, writes papers, breaks algorithms and protocols, and sometimes
writes his own algorithms and protocols.  A cryptographer can find work as
a university professor, but some large companies -- AT&T, IBM -- employ
full-time cryptographers, and there are some cryptographers that work as
consultants to companies that don't have full-time cryptographers on their
staffs.  And, of course, the NSA will snatch pretty much anyone who shows
the ability to be trained as a cryptographer.  The work is the same
regardless: designing systems, breaking systems, doing research, publishing
papers.  Cryptography is a research field and it shows.

Of course, most people who implement cryptography in software and hardware
products are not cryptographers.  They are implementers of cryptography,
security engineers.  I find that most people who say they want to be
cryptographers actually want to be security engineers.  They want to be a
person who builds secure systems that use cryptography.  This essay is not
really for them, although much of the advice is the same.  Security
engineering requires a strong understanding of cryptography, but it does
not require creating new cryptography.

The short answer to "how can I become a cryptographer" is: "Get a PhD in
cryptography."  This is not the only way to become a cryptographer, but it
is by far the easiest.  The skills you learn in pursuit of the PhD are
skills you will need as a cryptographer, and doors open far easier for
those who have a PhD.  Furthermore, the process of getting a PhD will
answer the even-more-important question: "Do I want to be a cryptographer?"

Cryptography can be a specialty of mathematics.  Wherever you get your
degree, both mathematical and computer science training is vital.  But more
importantly, cryptography is a way of thinking.  Elsewhere I've written
about why security engineering is different from any other kind of
engineering; it requires a certain kind of mentality to approach systems
from an attacker's perspective.  During World War II, the British found
that the best cryptographers were chess players and musicians.  I find that
good security people are D&D players and tinkerers.  The ability to find
loopholes in a system, be they mathematical, systematical, or procedural,
is vital to a cryptographer.

To the high school student, study mathematics and computer science.  Read
books on cryptography, both historical books like David Kahn's _The
Codebreakers_ and modern books like my own _Applied Cryptography_.  Read
books about computer security: firewalls, Internet security, Windows
security, whatever.  The fields are closely related, and you may find that
you prefer computer security to cryptography.  Participate in the
discussions on the sci.crypt newsgroup and the coderpunks mailing list.  If
you can distinguish the people in those forums who make sense from those
who do not, you're well on your way.  Almost certainly you will get the
urge to invent new cryptographic algorithms, and will believe that they are
unbreakable.  Don't resist the urge; this is one of the fun parts.  But
resist the belief; almost certainly your creations will be breakable, and
almost certainly no one will spend the time breaking them for you.  You can
break them yourself as you get better.

I've often been asked where to go to college as an undergraduate to study
cryptography.  Basically, it doesn't matter.  The math education you need
can be gotten from any good math department.  Note: "good math department"
means a place where mathematical proofs are emphasized.  There are liberal
arts colleges where proofs only appear in the last year or so; this is a
bad idea.  Some colleges offer courses in cryptography or computer security
-- see my homepage for a partial list of college courses -- but in the end
it really doesn't matter.

To the college student, study mathematics.  Get a degree in either math or
computer science, but study mathematics.  Take math courses for math
majors, not math courses for engineers.  Learn how to think about
mathematics; learn how to prove theorems.  Try to take courses in number
theory, complexity theory (often offered out of the computer science
department), algorithms, statistics, and abstract algebra.  Cryptography
uses number theory, but cryptography uses ideas from many varied areas of
mathematics.  In fact, one of the most interesting aspects of cryptography
is that the great ideas come from all over mathematics.  Cryptographers
need broad knowledge of mathematics; this is the only way that new
connections are made and really original ideas are found.

Vital computer science courses include algorithm design, computational
complexity, and theory of computation.  Some colleges offer an
undergraduate course in cryptography; take it.  Keep reading books on
cryptography: _The Handbook of Applied Cryptography_ by Alfred J. Menezes,
Paul C. van Oorschot, and Scott A. Vanstone, or Doug Stinson's
_Cryptography: Theory and Practice_.  All of these books have many, many
references.  If something interests you, find the reference and read it.
Take computer science courses; read books about computer security.  Again,
chase down references if something interests you.

When choosing a graduate school, choose one that has an expertise in
cryptography.  Things can change quickly in the academic world so I don't
want to give a list of schools (you can start with MIT and Waterloo), but
they're out there.  Many are outside the U.S., so be open to going to a
graduate school in a different countary than you're from.  One way to make
a list of potential graduate schools is to look for research papers that
interest you.  Look at where the authors teach.  When you get to graduate
school, your advisor will give you far more advice on becoming a
cryptographer than I ever can.

And finally, advice to people who are beyond school and working.  You have
two options.  One, you can go back to graduate school, either full or part
time.  Two, you can mimic the process by yourself, without benefit of a
research institution or an advisor.  You can read a lot; you can apprentice
yourself.  If you have a good mathematics background, you can teach
yourself cryptography.  This option is much harder, but it is possible.

No matter where in life you are, you should try to figure out what it means
to be a cryptographer.  Read the existing literature to get a feel for what
sort of questions cryptographers ask, how they go about answering them, and
what sorts of questions are still to be answered.  Find problems that you
can understand, and try to solve them.  Don't worry that you're
"reinventing the wheel" and solving things that have already been solved;
that's what learning is about.  I have written a "Self-Study Course in
Block Cipher Cryptanalysis" that attempts to lay out problems for a
cryptography student to tackle; you can try to solve problems in any area
of cryptography.

Leaning to be a cryptographer is not easy, and it makes sense to question
whether that is what you really want to do.  Luckily, the process has many
points where you can decide to change your mind.  And as I said in the
beginning, many people who say they want to be cryptographers actually want
to be security engineers.  While the requirements for a security engineer
are much the same -- read books, read research papers, take classes, learn
cryptography and how it's used -- a PhD is not required.


List of cryptography courses:
http://www.counterpane.com/courses.html
Self-study Course In Block Cipher Cryptanalysis:
http://www.counterpane.com/self-study.html