← Back to all projects

CRYPTOGRAPHY FUNDAMENTALS LEARNING PROJECTS

Understanding Cryptography Deeply

Cryptography is one of those fields where the gap between “using it” and “understanding it” is vast. To truly grasp cryptography, you need to implement the algorithms yourself—seeing why certain mathematical properties matter, where vulnerabilities hide, and how primitives compose into protocols.

Core Concept Analysis

Concept What It Really Is
Symmetric Encryption Scrambling data with a shared secret (AES, ChaCha20)
Asymmetric Encryption Math problems that are easy one way, hard the other (RSA, ECC)
Hash Functions One-way compression that’s collision-resistant
Key Derivation Turning passwords into cryptographic keys
Digital Signatures Proving authorship without revealing secrets
Random Number Generation The foundation everything else depends on
Protocols Composing primitives safely (TLS, Signal)

Project 1: Classic Cipher Toolkit

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 2: Practical but Forgettable
  • Business Potential: 1. The “Resume Gold”
  • Difficulty: Level 1: Beginner
  • Knowledge Area: Cryptography
  • Software or Tool: Classic Ciphers
  • Main Book: “The Code Book” by Simon Singh

What you’ll build: A command-line tool that encrypts/decrypts using Caesar, Vigenère, and substitution ciphers—plus a frequency analysis cracker that breaks them automatically.

Why it teaches cryptography: Classic ciphers are broken in instructive ways. By implementing them AND breaking them, you’ll understand why modern cryptography needs avalanche effects, large key spaces, and resistance to statistical analysis. You’ll see firsthand why “security through obscurity” fails.

Core challenges you’ll face:

  • Implementing the encryption/decryption logic (maps to: understanding cipher mechanics)
  • Building frequency analysis to crack substitution ciphers (maps to: statistical attacks)
  • Handling edge cases like punctuation and case sensitivity (maps to: plaintext structure leakage)
  • Cracking Vigenère using Kasiski examination (maps to: pattern analysis attacks)

Key Concepts:

  • Substitution & Transposition: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 1
  • Frequency Analysis: “The Code Book” by Simon Singh - Chapters 1-2
  • Cryptanalysis Fundamentals: “Applied Cryptography” by Bruce Schneier - Chapter 1

Difficulty: Beginner Time estimate: Weekend Prerequisites: Basic programming, comfortable with strings and arrays

Real world outcome: A working CLI tool that can encrypt messages with classic ciphers AND automatically crack encrypted messages, outputting the probable plaintext and detected cipher type. You’ll see your frequency analyzer successfully recover secret messages.

Learning milestones:

  1. After implementing Caesar cipher → understand key space and brute force
  2. After building frequency analysis → understand why English structure leaks information
  3. After cracking Vigenère → understand how pattern repetition destroys security

Project 2: SHA-256 From Scratch

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 3: Genuinely Clever
  • Business Potential: 1. The “Resume Gold”
  • Difficulty: Level 2: Intermediate
  • Knowledge Area: Cryptography
  • Software or Tool: Hash Functions
  • Main Book: “Serious Cryptography” by Jean-Philippe Aumasson

What you’ll build: A complete implementation of the SHA-256 hash algorithm that produces identical output to OpenSSL/standard libraries.

Why it teaches cryptography: Hash functions are the workhorses of cryptography—used in passwords, digital signatures, blockchains, and integrity verification. Implementing SHA-256 forces you to understand message padding, compression functions, the Merkle-Damgård construction, and why tiny input changes cause avalanche effects.

Core challenges you’ll face:

  • Message padding to 512-bit blocks (maps to: length extension attacks)
  • Implementing the compression function with 64 rounds (maps to: diffusion and confusion)
  • Bit manipulation: rotations, shifts, XOR, AND (maps to: how CPUs do crypto efficiently)
  • Matching test vectors exactly (maps to: the precision cryptography demands)

Resources for key challenges:

  • FIPS 180-4 specification - The actual standard; surprisingly readable
  • “Mining Bitcoin with pencil and paper” by Ken Shirriff - Visual SHA-256 walkthrough

Key Concepts:

  • Hash Function Design: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapters 4-5
  • Bit Manipulation: “Computer Systems: A Programmer’s Perspective” by Bryant & O’Hallaron - Chapter 2
  • Merkle-Damgård Construction: “Introduction to Modern Cryptography” by Katz & Lindell - Chapter 5

Difficulty: Intermediate Time estimate: 1-2 weeks Prerequisites: Comfortable with binary/hex, bitwise operations

Real world outcome: Run ./my-sha256 "hello world" and see output matching echo -n "hello world" | sha256sum. Then modify one bit of input and watch the entire hash change—experiencing the avalanche effect firsthand.

Learning milestones:

  1. After implementing padding → understand why message length matters
  2. After the compression function works → understand how diffusion spreads influence
  3. After matching test vectors → understand the precision required in crypto implementations

Project 3: RSA Implementation with Key Generation

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 4: Hardcore Tech Flex
  • Business Potential: 1. The “Resume Gold”
  • Difficulty: Level 2: Intermediate
  • Knowledge Area: Cryptography
  • Software or Tool: RSA
  • Main Book: “Serious Cryptography” by Jean-Philippe Aumasson

What you’ll build: A complete RSA cryptosystem: key generation (finding large primes), encryption, decryption, and digital signatures.

Why it teaches cryptography: RSA is the gateway to understanding asymmetric cryptography. You’ll implement modular exponentiation, grapple with the difficulty of factoring large numbers, and understand why e=65537 is common. This project makes abstract number theory concrete.

Core challenges you’ll face:

  • Generating large prime numbers efficiently (maps to: primality testing, Miller-Rabin)
  • Implementing modular exponentiation without overflow (maps to: square-and-multiply)
  • Computing modular inverse for private key (maps to: extended Euclidean algorithm)
  • Secure padding (OAEP) to prevent attacks (maps to: why textbook RSA is broken)

Resources for key challenges:

  • “An Introduction to Mathematical Cryptography” by Hoffstein et al. - Best explanation of the math

Key Concepts:

  • Modular Arithmetic: “Math for Programmers” by Paul Orland - Chapter 8
  • RSA Theory: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 9
  • Primality Testing: “Algorithms, Fourth Edition” by Sedgewick & Wayne - Section 4.1
  • Number Theory Foundations: “Concrete Mathematics” by Graham, Knuth, Patashnik - Chapter 4

Difficulty: Intermediate Time estimate: 2-3 weeks Prerequisites: Basic number theory concepts, comfortable with big integers

Real world outcome: Generate a 2048-bit keypair, encrypt a message with the public key, decrypt with private key. Sign a document and verify the signature. Your implementation will interoperate with OpenSSL for verification.

Learning milestones:

  1. After generating primes → understand why factoring is hard
  2. After encryption/decryption works → understand the trapdoor function concept
  3. After implementing signatures → understand how authentication differs from encryption

Project 4: AES-128 Block Cipher Implementation

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 4: Hardcore Tech Flex
  • Business Potential: 1. The “Resume Gold”
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Cryptography
  • Software or Tool: AES
  • Main Book: “Serious Cryptography” by Jean-Philippe Aumasson

What you’ll build: A complete AES-128 implementation with ECB and CBC modes, matching NIST test vectors.

Why it teaches cryptography: AES is the modern standard for symmetric encryption. Implementing it teaches you about S-boxes (substitution), ShiftRows/MixColumns (diffusion), key scheduling, and why block cipher modes matter. You’ll understand why ECB mode creates the famous “ECB penguin” pattern.

Core challenges you’ll face:

  • Implementing the Rijndael S-box (maps to: non-linearity and confusion)
  • MixColumns using Galois field arithmetic (maps to: diffusion across bytes)
  • Key expansion algorithm (maps to: deriving round keys)
  • Implementing CBC mode with IV handling (maps to: why modes matter)

Resources for key challenges:

  • FIPS 197 specification - The official AES standard
  • “A Stick Figure Guide to AES” by Jeff Moser - Excellent visual explanation

Key Concepts:

  • Block Cipher Design: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 3
  • Galois Field Math: “Understanding Cryptography” by Paar & Pelzl - Chapter 4
  • Block Cipher Modes: “Cryptography Engineering” by Ferguson, Schneier & Kohno - Chapter 4

Difficulty: Advanced Time estimate: 2-3 weeks Prerequisites: Strong bit manipulation skills, completed SHA-256 project

Real world outcome: Encrypt an image in ECB mode and see the penguin pattern. Then encrypt in CBC mode and see proper randomization. Your implementation will decrypt files encrypted by OpenSSL.

Learning milestones:

  1. After S-box implementation → understand non-linear substitution
  2. After MixColumns works → understand how bytes influence each other
  3. After CBC mode → understand why mode selection is critical

Project 5: Secure Password Manager

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 3: Genuinely Clever
  • Business Potential: 2. The “Micro-SaaS / Pro Tool”
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Cryptography / Security Engineering
  • Software or Tool: KDF / AES-GCM
  • Main Book: “Cryptography Engineering” by Ferguson

What you’ll build: A local password manager that uses a master password to encrypt/decrypt a vault of credentials, with proper key derivation (Argon2 or PBKDF2), authenticated encryption (AES-GCM), and secure memory handling.

Why it teaches cryptography: This project forces you to compose primitives correctly. You’ll learn why you can’t just “encrypt with AES”—you need key derivation, authentication, IVs, and secure memory. One mistake and the whole system breaks.

Core challenges you’ll face:

  • Key derivation from password (maps to: why bcrypt/Argon2 matter)
  • Authenticated encryption to prevent tampering (maps to: encrypt-then-MAC vs GCM)
  • Secure random IV generation (maps to: CSPRNG requirements)
  • Preventing timing attacks in password comparison (maps to: constant-time operations)
  • Secure memory handling (maps to: memory disclosure attacks)

Key Concepts:

  • Key Derivation Functions: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 6
  • Authenticated Encryption: “Cryptography Engineering” by Ferguson, Schneier & Kohno - Chapter 7
  • Secure Coding: “Secure Programming HOWTO” by David Wheeler - Chapters on cryptography

Difficulty: Intermediate-Advanced Time estimate: 2-3 weeks Prerequisites: Understanding of symmetric encryption, hash functions

Real world outcome: A working password manager CLI: vault add github.com myuser, vault get github.com, with the vault file completely unreadable without the master password. Test by trying to modify the encrypted file—authenticated encryption will reject it.

Learning milestones:

  1. After key derivation → understand why password stretching matters
  2. After authenticated encryption → understand why encryption alone isn’t enough
  3. After secure memory handling → understand side-channel considerations

Project 6: Diffie-Hellman Key Exchange Visualizer

  • File: diffie_hellman_key_exchange_visualizer.md
  • Main Programming Language: Python
  • Alternative Programming Languages: C, Rust, JavaScript
  • Coolness Level: Level 4: Hardcore Tech Flex
  • Business Potential: Level 1: The “Resume Gold”
  • Difficulty: Level 2: Intermediate (The Developer)
  • Knowledge Area: Cryptography, Key Exchange
  • Software or Tool: Modular Arithmetic, Elliptic Curves
  • Main Book: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson

What you’ll build: An interactive tool that demonstrates Diffie-Hellman key exchange, showing how two parties can agree on a shared secret over an insecure channel, with visualization of the “eavesdropper’s view.”

Why it teaches cryptography: DH is the magic trick of cryptography—two people who’ve never met can establish a shared secret while an eavesdropper watches everything. Implementing it makes the discrete logarithm problem tangible and shows why certain group choices are secure.

Core challenges you’ll face:

  • Implementing modular exponentiation efficiently (maps to: computational complexity)
  • Selecting safe primes and generators (maps to: group theory basics)
  • Showing why the eavesdropper can’t compute the secret (maps to: DLP hardness)
  • Implementing ECDH variant (maps to: elliptic curve groups)

Key Concepts:

  • Diffie-Hellman Protocol: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 10
  • Discrete Logarithm Problem: “An Introduction to Mathematical Cryptography” by Hoffstein et al. - Chapter 2
  • Elliptic Curves: “Understanding Cryptography” by Paar & Pelzl - Chapter 9

Difficulty: Intermediate Time estimate: 1-2 weeks Prerequisites: Basic modular arithmetic, completed RSA project helpful

Real world outcome: Run the tool and watch Alice and Bob exchange public values while Eve (the visualized eavesdropper) captures everything—yet Alice and Bob end up with the same secret key while Eve cannot compute it. The visualization makes the “impossible” feel intuitive.

Learning milestones:

  1. After basic DH works → understand how public exchange creates private agreement
  2. After visualizing Eve’s view → understand information-theoretic security vs computational
  3. After ECDH variant → understand why elliptic curves are preferred today

Project 7: TLS 1.3 Handshake Simulator

  • File: CRYPTOGRAPHY_FUNDAMENTALS_LEARNING_PROJECTS.md
  • Programming Language: C
  • Coolness Level: Level 5: Pure Magic (Super Cool)
  • Business Potential: 1. The “Resume Gold”
  • Difficulty: Level 3: Advanced
  • Knowledge Area: Network Security
  • Software or Tool: TLS 1.3
  • Main Book: “Serious Cryptography” by Jean-Philippe Aumasson

What you’ll build: A simulator that demonstrates the TLS 1.3 handshake, showing each message, the key derivation at each step, and what an attacker sees vs. what the parties know.

Why it teaches cryptography: TLS is where all the primitives come together: key exchange, symmetric encryption, authentication, certificates, and protocol design. Understanding TLS means understanding how cryptography is deployed in the real world.

Core challenges you’ll face:

  • Implementing HKDF for key derivation (maps to: extract-then-expand paradigm)
  • Simulating the handshake state machine (maps to: protocol correctness)
  • Showing forward secrecy properties (maps to: ephemeral keys)
  • Certificate chain validation (maps to: PKI and trust)

Resources for key challenges:

  • RFC 8446 - The TLS 1.3 specification
  • “The Illustrated TLS 1.3 Connection” by Michael Driscoll - Step-by-step visualization

Key Concepts:

  • TLS Protocol: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 14
  • Key Derivation (HKDF): RFC 5869 - The HKDF specification
  • Protocol Analysis: “Cryptography Engineering” by Ferguson, Schneier & Kohno - Chapter 21

Difficulty: Advanced Time estimate: 3-4 weeks Prerequisites: DH, symmetric encryption, hash functions, certificates

Real world outcome: Step through a TLS handshake visually, seeing exactly which bytes are exchanged, what keys are derived, and why a man-in-the-middle cannot succeed. Compare your simulation output against Wireshark captures of real TLS connections.

Learning milestones:

  1. After ClientHello/ServerHello → understand negotiation and key shares
  2. After key derivation → understand how handshake keys differ from application keys
  3. After full handshake → understand why TLS 1.3 is more secure than 1.2

Project Comparison Table

Project Difficulty Time Depth of Understanding Fun Factor
Classic Cipher Toolkit Beginner Weekend ⭐⭐ Historical foundation ⭐⭐⭐⭐⭐ Breaking codes!
SHA-256 From Scratch Intermediate 1-2 weeks ⭐⭐⭐ Hash internals ⭐⭐⭐ Satisfying precision
RSA Implementation Intermediate 2-3 weeks ⭐⭐⭐⭐ Asymmetric crypto ⭐⭐⭐⭐ Math magic
AES-128 Implementation Advanced 2-3 weeks ⭐⭐⭐⭐ Block cipher design ⭐⭐⭐ ECB penguin moment
Password Manager Intermediate-Advanced 2-3 weeks ⭐⭐⭐⭐ Applied composition ⭐⭐⭐⭐⭐ Actually useful!
DH Key Exchange Intermediate 1-2 weeks ⭐⭐⭐⭐ Key agreement ⭐⭐⭐⭐ Mind-bending
TLS 1.3 Simulator Advanced 3-4 weeks ⭐⭐⭐⭐⭐ Real-world protocols ⭐⭐⭐⭐ See the whole picture

Recommendation

Start with: Classic Cipher Toolkit (Project 1)

Even if you feel it’s “too basic,” implementing AND breaking ciphers gives you the attacker’s mindset that’s essential for understanding why modern crypto is designed the way it is. It’s also a confidence-builder—you’ll have working crypto code in a weekend.

Then progress to: SHA-256RSAPassword Manager

This sequence builds naturally:

  • SHA-256 teaches bit manipulation and the precision required
  • RSA teaches the asymmetric paradigm and number theory
  • Password Manager forces you to compose primitives correctly

If you want the deepest understanding: Add AES-128 after SHA-256, and TLS 1.3 Simulator as your capstone.

Final Overall Project: End-to-End Encrypted Messaging System

What you’ll build: A complete encrypted messaging application with user registration, key exchange, message encryption, and forward secrecy—implementing a simplified version of the Signal Protocol.

Why it teaches cryptography: This is the ultimate integration project. You’ll implement:

  • X3DH (Extended Triple Diffie-Hellman) for initial key agreement
  • Double Ratchet Algorithm for forward secrecy and break-in recovery
  • AES-GCM for message encryption
  • Ed25519 for identity signatures
  • Key management including prekeys and one-time keys

Core challenges you’ll face:

  • Implementing the Double Ratchet with proper KDF chains (maps to: forward secrecy)
  • Managing prekeys and the X3DH handshake (maps to: asynchronous key agreement)
  • Handling message ordering and out-of-order delivery (maps to: protocol robustness)
  • Secure key storage and identity verification (maps to: trust establishment)
  • Implementing proper header encryption (maps to: metadata protection)

Resources for key challenges:

  • “The Double Ratchet Algorithm” specification by Signal - The actual protocol design
  • “The X3DH Key Agreement Protocol” by Signal - Initial handshake protocol
  • “A Formal Security Analysis of the Signal Messaging Protocol” by Cohn-Gordon et al. - Academic analysis

Key Concepts:

  • Double Ratchet: Signal Protocol specifications
  • Forward Secrecy: “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson - Chapter 12
  • Authenticated Key Exchange: “Cryptography Engineering” by Ferguson, Schneier & Kohno - Chapter 14
  • Protocol Design: “Real-World Cryptography” by David Wong - Chapters 10-11

Difficulty: Advanced Time estimate: 1-2 months Prerequisites: All previous projects (hash functions, RSA/ECC, DH, symmetric encryption)

Real world outcome: Two users can exchange messages through your system with:

  • End-to-end encryption (server can’t read messages)
  • Forward secrecy (compromising current keys doesn’t reveal past messages)
  • Break-in recovery (compromising current keys doesn’t reveal future messages)
  • Asynchronous messaging (works even if recipient is offline)

Test by running a server, registering two users, exchanging messages, then inspecting the server’s database—you’ll see only encrypted blobs.

Learning milestones:

  1. After X3DH implementation → understand how strangers establish secure channels
  2. After Double Ratchet works → understand continuous key evolution
  3. After full system integration → understand why Signal is considered gold-standard secure messaging
  4. After handling edge cases → understand the gap between “theoretically secure” and “actually secure”

Essential Resources Across All Projects

Your book “Serious Cryptography, 2nd Edition” by Jean-Philippe Aumasson should be your primary reference—it covers everything from primitives to protocols with practical implementation advice.

Additionally:

  • “Cryptography Engineering” by Ferguson, Schneier & Kohno - The “how to not screw it up” book
  • “An Introduction to Mathematical Cryptography” by Hoffstein et al. - When you need the math explained properly
  • CryptoHack.org - Interactive challenges that complement building projects