Complete Roadmap for Learning Cryptography & Number Theory

Introduction

This comprehensive roadmap provides a systematic path from basic concepts to cutting-edge research in cryptography and number theory. The field combines rigorous mathematics with practical security applications across computing, communications, and digital systems.

Part 1: Structured Learning Path

Phase 1: Mathematical Foundations (2-3 months)

1.1 Basic Number Theory

Divisibility and Primes

• Division algorithm, GCD, LCM
• Euclidean algorithm and Extended Euclidean algorithm
• Prime numbers and fundamental theorem of arithmetic
• Sieve of Eratosthenes

Modular Arithmetic

• Congruences and modular operations
• Properties of congruences
• Linear congruences
• Chinese Remainder Theorem (CRT)
• Modular inverses

Number-Theoretic Functions

• Euler's totient function φ(n)
• Multiplicative functions
• Möbius function and inversion
• Sum of divisors, number of divisors

1.2 Intermediate Number Theory

Fermat's and Euler's Theorems

• Fermat's Little Theorem
• Euler's Theorem
• Applications to cryptography

Primitive Roots and Discrete Logarithms

• Order of elements
• Primitive roots modulo primes
• Discrete logarithm problem (DLP)
• Index calculus

Quadratic Residues

• Legendre symbol
• Jacobi symbol
• Quadratic reciprocity
• Tonelli-Shanks algorithm

Phase 2: Classical Cryptography (1-2 months)

2.1 Historical Ciphers

• Substitution ciphers (Caesar, affine, monoalphabetic)
• Transposition ciphers
• Vigenère cipher
• Hill cipher
• Playfair cipher
• Enigma machine

2.2 Cryptanalysis Basics

• Frequency analysis
• Kasiski examination
• Index of coincidence
• Known-plaintext attacks
• Chosen-plaintext attacks

Phase 3: Modern Symmetric Cryptography (2-3 months)

3.1 Block Ciphers

Foundations

• Confusion and diffusion principles
• Feistel networks
• Substitution-Permutation Networks (SPN)

Major Algorithms

• DES (Data Encryption Standard)
• Triple DES (3DES)
• AES (Advanced Encryption Standard)
• Rijndael algorithm details
• Key expansion
• SubBytes, ShiftRows, MixColumns
• Blowfish, Twofish
• IDEA, RC5, RC6
• Serpent, CAST-128

3.2 Stream Ciphers

• Linear feedback shift registers (LFSR)
• RC4
• Salsa20/ChaCha20
• A5/1, A5/2
• Synchronous vs self-synchronizing

3.3 Modes of Operation

• ECB (Electronic Codebook)
• CBC (Cipher Block Chaining)
• CFB (Cipher Feedback)
• OFB (Output Feedback)
• CTR (Counter Mode)
• GCM (Galois/Counter Mode)
• XTS, CCM modes

3.4 Cryptanalysis of Symmetric Systems

• Differential cryptanalysis
• Linear cryptanalysis
• Meet-in-the-middle attacks
• Side-channel attacks (timing, power analysis)

Phase 4: Asymmetric Cryptography (3-4 months)

4.1 Public Key Cryptography Foundations

• One-way functions
• Trapdoor functions
• Computational complexity basics
• P vs NP problem relevance

4.2 RSA Cryptosystem

• RSA algorithm (key generation, encryption, decryption)
• Mathematical foundations (factoring problem)
• RSA signature scheme
• Padding schemes (PKCS#1, OAEP, PSS)
• Common attacks (small exponent, common modulus, Wiener's attack)
• Optimal parameter selection

4.3 Diffie-Hellman and ElGamal

• Diffie-Hellman key exchange
• Man-in-the-middle vulnerabilities
• ElGamal encryption
• ElGamal signatures
• Discrete logarithm problem hardness

4.4 Elliptic Curve Cryptography (ECC)

Mathematical Foundations

• Elliptic curve arithmetic
• Point addition and doubling
• Scalar multiplication
• Curve equations (Weierstrass, Montgomery, Edwards)

ECC Algorithms

• ECDH (Elliptic Curve Diffie-Hellman)
• ECDSA (Elliptic Curve Digital Signature Algorithm)
• EdDSA (Edwards-curve Digital Signature Algorithm)
• Curve25519, Ed25519
• NIST curves (P-256, P-384, P-521)

Pairing-Based Cryptography

• Bilinear pairings
• Weil and Tate pairings
• BLS signatures
• Identity-based encryption

4.5 Other Public Key Systems

• Rabin cryptosystem
• McEliece cryptosystem (code-based)
• Merkle-Hellman knapsack (broken)
• Goldwasser-Micali probabilistic encryption

Phase 5: Cryptographic Protocols & Primitives (2-3 months)

5.1 Hash Functions

• Properties (preimage, second preimage, collision resistance)
• Merkle-Damgård construction
• MD5 (broken), SHA-1 (deprecated)
• SHA-2 family (SHA-256, SHA-512)
• SHA-3/Keccak
• BLAKE2, BLAKE3
• Birthday paradox and collision attacks

5.2 Message Authentication Codes (MAC)

• HMAC construction
• CBC-MAC
• CMAC
• GMAC
• Poly1305

5.3 Digital Signatures

• RSA signatures
• DSA (Digital Signature Algorithm)
• Schnorr signatures
• Aggregate signatures
• Blind signatures
• Ring signatures
• Threshold signatures

5.4 Key Exchange Protocols

• Needham-Schroeder protocol
• Kerberos
• TLS/SSL handshake
• Perfect forward secrecy
• Station-to-Station protocol

5.5 Zero-Knowledge Proofs

• Interactive proofs
• Non-interactive zero-knowledge (NIZK)
• zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge)
• zk-STARKs
• Bulletproofs
• Sigma protocols

Phase 6: Advanced Number Theory (2-3 months)

6.1 Algebraic Structures

• Groups, rings, fields
• Finite fields (GF(p), GF(2^n))
• Polynomial arithmetic
• Galois fields

6.2 Advanced Factorization

• Trial division
• Pollard's rho algorithm
• Pollard's p-1 algorithm
• Quadratic sieve
• Number field sieve (NFS)
• Elliptic curve factorization

6.3 Primality Testing

• Fermat primality test
• Miller-Rabin primality test
• Solovay-Strassen test
• AKS primality test
• Strong Lucas test

6.4 Lattice-Based Cryptography Foundations

• Lattice problems (SVP, CVP)
• LLL algorithm
• Learning With Errors (LWE)
• Ring-LWE

Phase 7: Post-Quantum Cryptography (2-3 months)

7.1 Quantum Computing Threats

• Shor's algorithm (breaks RSA, DLP, ECDLP)
• Grover's algorithm (weakens symmetric crypto)
• Quantum key distribution (QKD)

7.2 Post-Quantum Algorithms

Lattice-Based

• NTRU
• CRYSTALS-Kyber (NIST selected)
• CRYSTALS-Dilithium (NIST selected)
• FALCON (NIST selected)

Code-Based

• Classic McEliece
• BIKE, HQC

Hash-Based

• SPHINCS+
• XMSS, LMS

Multivariate

• Rainbow (broken)
• UOV, HFE

Isogeny-Based

• SIKE (broken)
• CSIDH

Phase 8: Applied Cryptography (2-3 months)

8.1 Network Security Protocols

• SSL/TLS architecture
• IPsec (AH, ESP)
• SSH protocol
• VPN protocols (OpenVPN, WireGuard)
• Signal Protocol (double ratchet)

8.2 Authentication Systems

• Password-based authentication
• Password hashing (bcrypt, scrypt, Argon2)
• Multi-factor authentication (MFA)
• OAuth 2.0, OpenID Connect
• FIDO2/WebAuthn
• Biometric authentication security

8.3 Blockchain & Cryptocurrencies

• Bitcoin protocol
• Proof of Work, Proof of Stake
• Merkle trees
• Smart contracts
• Ethereum cryptography
• Consensus mechanisms

8.4 Secure Communication

• End-to-end encryption
• Secure messaging protocols
• Group messaging security
• Encrypted email (PGP, S/MIME)

Phase 9: Specialized Topics (Ongoing)

9.1 Side-Channel Analysis

• Timing attacks
• Power analysis (SPA, DPA)
• Electromagnetic analysis
• Fault injection attacks
• Cache-timing attacks
• Spectre/Meltdown class vulnerabilities

9.2 Homomorphic Encryption

• Partially homomorphic encryption
• Somewhat homomorphic encryption
• Fully homomorphic encryption (FHE)
• BGV, BFV, CKKS schemes
• Applications in cloud computing

9.3 Secure Multi-Party Computation

• Garbled circuits (Yao's protocol)
• Secret sharing schemes
• Shamir's secret sharing
• Blakley's scheme
• Oblivious transfer
• Private set intersection

9.4 Formal Verification

• Provable security
• Random oracle model
• Standard model proofs
• Game-based proofs
• Computational vs information-theoretic security

Part 2: Major Algorithms, Techniques & Tools

Core Algorithms

Number Theory Algorithms

1. Extended Euclidean Algorithm
2. Chinese Remainder Theorem
3. Fast modular exponentiation (square-and-multiply)
4. Miller-Rabin primality test
5. Pollard's rho factorization
6. Baby-step giant-step
7. Pohlig-Hellman algorithm
8. Tonelli-Shanks (modular square root)
9. Quadratic sieve
10. Number field sieve

Symmetric Cryptography

1. AES (Rijndael)
2. DES/3DES
3. ChaCha20-Poly1305
4. Salsa20
5. Blowfish/Twofish
6. SHA-256/SHA-3
7. HMAC
8. PBKDF2, bcrypt, scrypt, Argon2

Asymmetric Cryptography

1. RSA (key generation, encryption, signing)
2. Diffie-Hellman key exchange
3. ElGamal encryption/signatures
4. DSA/ECDSA
5. EdDSA (Ed25519)
6. RSA-OAEP, RSA-PSS
7. Schnorr signatures
8. BLS signatures

Post-Quantum Algorithms

1. CRYSTALS-Kyber (KEM)
2. CRYSTALS-Dilithium (signatures)
3. FALCON (signatures)
4. NTRU
5. SPHINCS+
6. Classic McEliece

Protocol Algorithms

1. TLS 1.3 handshake
2. Signal Protocol (Double Ratchet)
3. HMAC-based KDF (HKDF)
4. Noise Protocol Framework
5. SRP (Secure Remote Password)

Essential Tools & Libraries

Programming Libraries

• Python: PyCryptodome, cryptography, Sage (math), SymPy
• C/C++: OpenSSL, libsodium, Crypto++, Botan
• JavaScript: crypto-js, tweetnacl-js, Web Crypto API
• Rust: ring, RustCrypto
• Go: crypto package
• Java: Bouncy Castle

Development Tools

• OpenSSL: Swiss army knife for crypto operations
• GnuPG: Email and file encryption
• Sage Mathematics: Number theory computations
• PARI/GP: Computational number theory
• SageMath: Advanced mathematical computation

Analysis & Testing

• Cryptol: Specification and verification
• CryptoVerif: Protocol verification
• John the Ripper: Password cracking
• Hashcat: Advanced password recovery
• Wireshark: Network protocol analysis
• ChipWhisperer: Side-channel analysis hardware

Online Resources

• CyberChef: Online crypto operations
• FactorDB: Integer factorization database
• CrackStation: Hash cracking
• dCode: Classical cipher tools

Part 3: Cutting-Edge Developments

Current Research Areas (2024-2025)

1. Post-Quantum Cryptography Deployment

• NIST PQC Standardization: Migration strategies for CRYSTALS-Kyber, Dilithium, FALCON, and SPHINCS+
• Hybrid schemes: Combining classical and post-quantum algorithms
• PQC in TLS: Implementation in real-world protocols
• Quantum-safe blockchains: Adapting cryptocurrencies

2. Fully Homomorphic Encryption (FHE)

• Performance improvements: Making FHE practical for real applications
• FHE compilers: Automating FHE program generation
• Private machine learning: Computing on encrypted ML models
• Microsoft SEAL, HElib, TFHE: Production-ready libraries

3. Zero-Knowledge Proofs Evolution

• zk-SNARKs optimization: Plonk, Halo, Marlin protocols
• zk-STARKs: Transparent, quantum-resistant ZK proofs
• zkEVM: Zero-knowledge Ethereum Virtual Machine
• Recursive proof composition: Scaling blockchain privacy
• Nova: Recursive zk-SNARKs without trusted setup

4. Multi-Party Computation (MPC)

• Threshold cryptography: Distributed key generation and signing
• MPC for blockchains: Secure wallet management
• Privacy-preserving analytics: Secure data collaboration
• MPC-in-the-head: New signature schemes (Picnic)

5. Quantum Cryptography

• QKD networks: Real-world quantum key distribution deployment
• Satellite QKD: China's Micius satellite, quantum internet
• Post-quantum + quantum hybrid: Best of both worlds
• Quantum random number generators: True randomness

6. Lightweight Cryptography

• IoT security: NIST lightweight crypto competition winners
• ASCON: Authenticated encryption for constrained devices
• TinyJAMBU, Sparkle, GIFT-COFB: Resource-efficient algorithms
• RFID security: Ultra-lightweight protocols

7. Privacy-Enhancing Technologies

• Differential privacy: Privacy-preserving data analysis
• Secure enclaves: SGX, TrustZone improvements
• Confidential computing: Hardware-backed privacy
• Private information retrieval: Accessing data without revealing queries

8. Cryptanalysis Advances

• AI-powered cryptanalysis: Machine learning attacks on ciphers
• Quantum attacks: Simulation and preparation
• Side-channel countermeasures: Constant-time implementations
• Formal verification: Proving cryptographic implementations correct

9. Blockchain & Decentralization

• Zero-knowledge rollups: Layer-2 scaling solutions
• MEV (Maximal Extractable Value): Understanding and mitigation
• Verifiable Delay Functions (VDF): Randomness beacons
• Threshold signatures for wallets: Eliminating single points of failure

10. Regulatory & Standards

• FIPS 203/204/205: Post-quantum standards
• eIDAS 2.0: European digital identity regulation
• GDPR compliance: Privacy-preserving techniques
• Export control evolution: Balancing security and accessibility

Part 4: Project Ideas

Beginner Projects (1-3 months experience)

1. Classical Cipher Suite

• Implement Caesar, Vigenère, Playfair, Hill ciphers
• Build frequency analysis tools
• Create a web interface for encryption/decryption

2. Number Theory Calculator

• Extended Euclidean algorithm
• Modular arithmetic operations
• Prime testing (trial division, Fermat test)
• Euler's totient function calculator

3. Password Strength Analyzer

• Entropy calculation
• Common password detection
• Suggestions for strong passwords
• Visualization of password space

4. Hash Collision Demonstrator

• Implement simple hash functions
• Demonstrate birthday paradox
• Compare different hash algorithm outputs

5. Basic RSA Implementation

• Key generation (small primes)
• Encryption and decryption
• Educational visualization of the process

Intermediate Projects (3-6 months experience)

6. AES Visualizer

• Step-by-step AES encryption visualization
• Show SubBytes, ShiftRows, MixColumns, AddRoundKey
• Compare ECB vs CBC mode vulnerabilities

7. Secure Chat Application

• End-to-end encryption using hybrid cryptography
• Diffie-Hellman key exchange + AES
• Message authentication with HMAC
• Forward secrecy implementation

8. Digital Signature System

• Implement RSA or ECDSA signatures
• Certificate chain validation
• Create a mini-PKI (Public Key Infrastructure)

9. Password Manager

• Master password with key derivation (PBKDF2/Argon2)
• Encrypted local storage
• Password generation
• Security audit features

10. Blockchain from Scratch

• Proof of Work implementation
• Merkle tree construction
• Transaction signing and verification
• Simple consensus mechanism

11. Timing Attack Demonstration

• Create vulnerable comparison function
• Exploit timing differences
• Implement constant-time alternative
• Statistical analysis of timing data

12. Elliptic Curve Calculator

• Point addition and doubling
• Scalar multiplication
• Generate EC key pairs
• ECDH key exchange visualization

Advanced Projects (6-12 months experience)

13. Zero-Knowledge Proof System

• Implement Schnorr protocol
• zk-SNARK library integration
• Privacy-preserving authentication
• Anonymous credential system

14. Post-Quantum Cryptography Migration Tool

• Analyze existing cryptographic usage
• Recommend PQC alternatives
• Implement hybrid classical/PQC schemes
• Benchmark performance comparisons

15. Side-Channel Attack Lab

• Power analysis on simulated AES
• Timing attack on RSA implementations
• Cache-timing attack demonstration
• Countermeasure implementations

16. Homomorphic Encryption Application

• Private database queries using FHE
• Encrypted machine learning inference
• Secure cloud computation demo
• Performance optimization

17. Secure Multi-Party Computation Protocol

• Implement Shamir's secret sharing
• Garbled circuit for simple computation
• Private set intersection
• Threshold signature scheme

18. Cryptocurrency Implementation

• Complete coin with wallet
• Smart contract platform (simplified)
• Proof of Stake consensus
• Lightning Network-style payment channels

19. Formal Verification of Crypto Protocol

• Model a protocol in Cryptol or ProVerif
• Prove security properties
• Find vulnerabilities automatically
• Generate test cases

20. TLS 1.3 Implementation

• Complete handshake protocol
• Multiple cipher suite support
• Certificate validation
• Performance optimization

Expert/Research Projects (12+ months experience)

21. Novel Zero-Knowledge Circuit Compiler

• High-level language to zk-SNARK
• Optimization techniques
• Custom constraint systems
• Real-world application (voting, identity)

22. Quantum-Resistant Signature Aggregation

• Research new aggregation techniques for PQC
• Benchmark against BLS signatures
• Blockchain integration
• Security proofs

23. AI-Powered Cryptanalysis Framework

• Neural networks for cipher breaking
• Automated attack discovery
• Side-channel analysis with ML
• Differential cryptanalysis automation

24. Privacy-Preserving Contact Tracing

• Decentralized architecture
• Anonymous proximity detection
• Zero-knowledge proof of infection
• Scalable deployment strategy

25. Threshold Cryptography for Distributed Systems

• Distributed key generation
• Proactive secret sharing
• Threshold decryption for databases
• Byzantine-resistant protocols

26. Secure Hardware Wallet

• Custom firmware with formal verification
• Multiple cryptocurrency support
• Threshold signature integration
• Physical tamper resistance

27. Privacy-Preserving Machine Learning Platform

• Federated learning with secure aggregation
• Homomorphic encryption for inference
• Differential privacy guarantees
• Production-ready implementation

28. Lattice-Based Cryptography Library

• Optimized lattice operations
• Multiple PQC scheme implementations
• Constant-time guarantees
• Integration with existing systems

29. Decentralized Identity System

• Self-sovereign identity architecture
• Verifiable credentials with ZK proofs
• Privacy-preserving attribute disclosure
• Cross-platform compatibility

30. Novel Cryptographic Protocol Design

• Identify a real-world problem
• Design custom protocol
• Formal security analysis
• Implementation and benchmarking
• Academic publication

Learning Resources by Phase

Books

Foundations

• "Number Theory" by George Andrews
• "Elementary Number Theory" by David Burton

Cryptography Intro

• "Understanding Cryptography" by Christof Paar
• "Cryptography Engineering" by Ferguson, Schneier, Kohno

Advanced

• "Introduction to Modern Cryptography" by Katz & Lindell
• "Handbook of Applied Cryptography" by Menezes, van Oorschot, Vanstone

Number Theory

• "A Course in Computational Algebraic Number Theory" by Henri Cohen

Online Courses

• Coursera: Cryptography I & II (Dan Boneh, Stanford)
• Khan Academy: Number Theory basics
• MIT OpenCourseWare: Applied Cryptography
• Udacity: Applied Cryptography

Practice Platforms

• CryptoHack: Interactive cryptography challenges
• Cryptopals: Practical crypto attacks
• Project Euler: Number theory problems
• CTF competitions: Real-world crypto challenges