CryptoGotchas

A collection of common (interesting) cryptographic mistakes and learning resources.

View on GitHub

How to read a (crypto) research paper

Creative Commons License: BY This work is licensed under a Creative Commons Attribution 4.0 International License

Introduction

One of the most valuable skills I learnt isn’t specific to cryptography but is simply how to read a research paper. Once you can do this your ability to teach yourself massively improves and you can keep up with the latest advances in whatever your sub-field is. (There is a reason I list IACR’s ePrint Archive on my Getting Started page.) There have been many times at work when teams have come to me and said “What does this mean?” and handed me a dense paper to work through. Being able to make sense of them has been a god-send.

Unfortunately reading a research paper can be very hard and is a different set of skills from reading most other things. (For example, you don’t start at the beginning and read to the end.) This means that lots of people (like me) will try to read some and then quickly give up when it just doesn’t make sense. This page aims to save people the frustration that I’ve had to deal with.

This guidance is not aimed at those actually in academia. While it may be useful to you, please talk with your advisor or colleagues rather than following the random ramblings on this by someone with limited academic background. Your needs and goals will be different and so how you approach papers will be different.

The guidance here is split into two sections. The first should apply to (almost) all research papers, regardless of field. The second is specific to cryptography.

Reading a research paper

Before you read a research paper you need to know what your goal is for reading it.

Each goal requires a different focus and approach. The strategies laid out below work reasonably well for each, but you’ll need to customize them depending on your specific needs. What do you take notes on? What do you skip?

Generic strategies

A research paper generally consists of the following sections in order:

  1. Title
  2. Abstract
  3. Introduction
  4. (Optional) Background
  5. Actual body of the paper
  6. Conclusion
  7. References/Citations

For those of us used to reading “normal” things we instinctually want to try this in order. That doesn’t work well. Instead, it’s best to generally read them in the order below.

As you read, be sure to take notes, save references you want to read later (or possibly first, if they have important prerequesites), etc.

Another thing to consider is that many papers have been presented at conferences. Take a look at the conference’s website or YouTube to see if you can find a recording of the author explaining it. Sometimes that is easier.

1. Title

There really isn’t anything to say here. You need to know what you’re reading.

2. Abstract

This will give you the shape of the paper and let you know if it’s worth your time. Sometimes it is worth bailing on a paper here if it is not relevant, too far beyond you, or just horribly written

3. Introduction

This is like the abstract but meatier. Your goal here is to have a rough idea of what the paper is talking about and how it gets there. There should definitely be some sort of problem statement and hopefully you are convinced that paper might actually address it.

Some specific things to look out for:

This is your first really good stopping point. By now you should know if the paper is worth your time. You might even have some other (more interesting or useful) references to chase down.

4. Background

This section is optional. If you already know the subject matter well, just skip it.

But, if you don’t, this might be the most valuable part of the paper. Here you’ll learn what the paper is talking about and start getting a feel for the context. If the paper is good, you’ll really be able to build up your knowledge and collect a good list of references for further reading. (Maybe you’ll realize that this paper is beyond you right now but there are some others you can read instead.)

I still consider myself a beginner in many ways, so the “background” remains one of my favorite sections of a well-written paper.

5. References

This section is optional.

If the background was useful, you should probably skim the references to see what to read next (or first). If you background wasn’t needed, then you know enough to know if the references are helpful.

6. Conclusion

Time to jump to the end!

What are the conclusions of the paper? Do they make sense? (Are they interesting?)

In many cases the conclusion of the paper is its entire reason to exist. This is why the paper was written and published.

This is your next really good stopping point.

Perhaps all you care about is the conclusions.

One of my common jobs is to look at research papers and figure out if we care about them. Do we need to change our code or wrangle security teams to defend against new attacks? Usually, once I’ve read the conclusion I know enough to triage the papers and figure out if they are worth our time and I might never need the details.

7. Body

Finally we reach the body of the paper. (Or maybe we didn’t reach it because you stopped before you got here. That’s okay too.)

The important thing to understand is that right now your goal isn’t to read the body, it’s just to skim it. Get a feel for what they are saying and how they did their work. Don’t worry about the proofs or any detailed data-sets. Right now, you just want to understand the overall argument and are simply trusting that the authors can support their arguments. You’re not trying to check their work.

This is another good place to stop.

In fact this is my most common stopping point. I’m not good enough (yet) to understand, much less check, the detailed security proofs in the papers I read. Most of the math for the asymmetric algorithms is far beyond me. So, it isn’t worth my time to fight through the details.

8. Body (detailed read)

Now is when you re-read the body, including all detailed proofs and data with an eye to understand exactly what they did, how, and catch errors if there are any. You know the shape of the paper and their arguments so you can see how everything fits together. When a proof is presented, you can see how it will support the later pieces.

Congratulations, you’re done.

Tricks for reading cryptographic papers

Cryptography is hard and, like many sciences, has its own vocabulary. Lots of concepts have detailed and extremely precise definitions, but, if you’re using this guide, they rarely matter. Instead, what you need is an intuition. Most of the time all you need is a rough mental approximation and familiarity with some standard notation and terms to wade through many papers.

So, here following my incredibly informal (and probably inaccurate) mental model for a bunch of crypto things.

Finally, I’ve also heard that Boneh’s and Shoup’s A Graduate Course in Applied Cryptography is an excellent (free) reference and is a good stepping stone towards engaging with research papers. I haven’t read it yet but it is now high on my personal list.

Contributions and Licensing

Please see the Contributions and Licensing section of the main document.