##
**Deciphering secrets: methods and maxima of cryptology.
(Entzifferte Geheimnisse: Methoden und Maximen der Kryptologie.)**
*(German)*
Zbl 0834.94001

Heidelberg: Springer-Verlag. xii, 391 p. DM 58.00; öS 452.40; sFr 58.00 (1995).

The present author wrote a book [Kryptologie, Springer (1993; Zbl 0780.94007)] the success of the book being shown by the fact that it was followed by its second edition very soon [cf. Springer (1994; Zbl 0817.94010)]. David Kahn, who is the author of the best history of cryptography [The Codebreakers, Macmillan, New York (1967)] wrote in his book review in Cryptologia that Bauer’s book was “The best single book on cryptology today”. The present book can be considered the third revised edition of “Kryptologie”. However the reason for changing the title is not clear. As this important book deserves it in this review, the reviewer makes an attempt to cover the whole book, instead of dealing only with the small, portion of the contents which is new in this book, compared with the first edition.

The book consists of two Parts. Part I: Cryptography, Part II: Cryptanalysis. Part I contains eleven chapters, Part II has also eleven chapters.

The balance between cryptography and cryptanalysis, which is unique, among the numerous recent books on the subject, reflects the idea of Charles Babbage (1792-1871) who expressed his view in 1858 as follows: “It may be laid down as a principle that it is never worth the trouble of trying to devise any inscrutable cypher unless its author himself deciphered some very difficult cypher”.

The book has two appendices and list of references. At the end of the book one can find indices of names and subjects.

The Chapter headings are as follows:

Introductory overview, The tasks and methods of cryptography, Simple substitution, Polygramatic substitution, Linear substitution, Transposition, Polyalphabetic substitution with generated alphabets, Polyalphabetic substitution with keys, Composition of classes of methods, Security of ciphers, Public key cryptosystems.

Part II: Cryptanalysis, Anatomy of the language: Pattern, Pattern in the case of polyalphabetic substitution, Anatomy of the language: Frequency, Kappa and Chi tests, Analysis of periods, Reconstructions of generated alphabets, Compromising (Kompromittierung is a special German word used in cryptography, it covers the English phrases known-plaintext attack, chosen- plain-text attack, chosen-cipher-text attack, etc.), Linear basis analysis, Anagrams, Final remarks. Perfect secrecy and practical secrecy, Cryptographic equipments and machines in the German Museum in Munich respectively are the titles of the appendices.

The professionalism of the author comes from the personal contacts with the German cryptographers of WWII. Even on the first page of the book there is a reference to the paper of Hans Rohrbach (1903-1993) [Mathematische und maschinelle Methoden beim Chiffrieren und Dechiffrieren. Fiat Review of German Science 1939-1941: Applied Mathematics Part I, Wiesbaden, 233-257 (1948; Zbl 0053.088). English Translation: in Cryptologia 2, 21-37 and 101-121 (1978)]. Rohrbach’s paper combines the practical and mathematical approaches to cryptography.

The present book borrowed some historical background from Kahn’s book and some mathematical ideas from Rohrbach’s paper. It is a pity that the author did not refer to F. J. Simmons’ [Contemporary cryptology, IEEE Press New York (1992; Zbl 0784.94019)] from where the interested reader can learn more about the mathematical backgrounds. The book of Bauer is so nicely written that it is a pleasure to read and it is very difficult to choose one single section which is especially outstanding.

In a sense it is the reviewer’s task to exhibit which he thinks be the best part of this wonderful book. Namely on pp. 147-151 the author formulated five rules which he suggested for cryptographers. They are as follows: 1) One must not underestimate the opponent 2) Only the cryptanalist can estimate the security of a cipher, 3) When the security of a cipher is judged, one must assume that the opponent knows the ciphering algorithm (“The enemy knows the system being used”, Shannon, 1949), 4) Virtual complications may be dangerous since they may provide the cryptographer with false a sense of security. 5) When the security of an encrypting method is evaluated, one must consider the possibility of committing errors during the enciphering procedure or breach the discipline of secrecy. (The referee used the ideas of Bauer in his joint paper with G. Vasvári [Telecommunications security. Selected papers from the Hungarian Telecommunication Periodical Magyar Távközlés, 9-17 (1995)].)

The referee is pleased to read on p. 64 of the book that Schauffler, a German cryptographer, anticipated Hamming in introducing error detecting and correcting codes. Unfortunately it is not mentioned that the US cryptographers Friedman and Mendelsohn anticipated Schauffler and in 1932 they published a paper on the construction of error detecting and correcting codes based on latin squares. (The interested reader will find references on that story on pp. 313-314 of the reviewer’s recent joint book with A. D. Keedwell [Latin squares. New developments in the theory and applications. Ann. Discrete Math. 46 (1991; Zbl 0715.00010 and Zbl 0754.05018)].

Latin squares as important tools in cryptography are mentioned several times in the book. Unfortunately on p. 104 the conjecture of Erdös and Kaplansky is not related to Latin squares, but Latin rectangles. On the same page the author claims that the lower bound of the number of Latin square was determined by Heise, however M. Hall anticipated Heise by several decades. The references can be found on pp. 146 and 153 of the reviewer’s joint book with A. D. Keedwell [Latin squares and their applications. (1974; Zbl 0283.05014)].

At several occasions the author refers to patents of cryptographic machines and it would have been nice to call the reader’s attention to the work of Jack Levine [United States cryptographic patents 1861- 1989, Cryptologia, Terre Haute, Indiana USA, 1991]. On p. 4 the author uses the same definition of cryptology as Kahn. Namely: Cryptology is the science that embraces cryptography and cryptanalysis. The reviewer, however, prefers the definition of Simmons. Namely: Cryptology has come out to be understood to be the science of secure communication.

Consequently it is fully understandable that digital signatures, authentications, secret sharing, zero-knowledge proofs etc. are only mentioned briefly or are not mentioned at all. Also the reviewer understands that very up-to-date subjects such as public key cryptography, one-way functions, complexity theory are only mentioned briefly. The reasons of his feelings can not be discussed in a review they will be explained if he will have finished his long lasting project to write up his book on cryptology whose tentative title is “Snapshots from the history of cryptography”.

The book consists of two Parts. Part I: Cryptography, Part II: Cryptanalysis. Part I contains eleven chapters, Part II has also eleven chapters.

The balance between cryptography and cryptanalysis, which is unique, among the numerous recent books on the subject, reflects the idea of Charles Babbage (1792-1871) who expressed his view in 1858 as follows: “It may be laid down as a principle that it is never worth the trouble of trying to devise any inscrutable cypher unless its author himself deciphered some very difficult cypher”.

The book has two appendices and list of references. At the end of the book one can find indices of names and subjects.

The Chapter headings are as follows:

Introductory overview, The tasks and methods of cryptography, Simple substitution, Polygramatic substitution, Linear substitution, Transposition, Polyalphabetic substitution with generated alphabets, Polyalphabetic substitution with keys, Composition of classes of methods, Security of ciphers, Public key cryptosystems.

Part II: Cryptanalysis, Anatomy of the language: Pattern, Pattern in the case of polyalphabetic substitution, Anatomy of the language: Frequency, Kappa and Chi tests, Analysis of periods, Reconstructions of generated alphabets, Compromising (Kompromittierung is a special German word used in cryptography, it covers the English phrases known-plaintext attack, chosen- plain-text attack, chosen-cipher-text attack, etc.), Linear basis analysis, Anagrams, Final remarks. Perfect secrecy and practical secrecy, Cryptographic equipments and machines in the German Museum in Munich respectively are the titles of the appendices.

The professionalism of the author comes from the personal contacts with the German cryptographers of WWII. Even on the first page of the book there is a reference to the paper of Hans Rohrbach (1903-1993) [Mathematische und maschinelle Methoden beim Chiffrieren und Dechiffrieren. Fiat Review of German Science 1939-1941: Applied Mathematics Part I, Wiesbaden, 233-257 (1948; Zbl 0053.088). English Translation: in Cryptologia 2, 21-37 and 101-121 (1978)]. Rohrbach’s paper combines the practical and mathematical approaches to cryptography.

The present book borrowed some historical background from Kahn’s book and some mathematical ideas from Rohrbach’s paper. It is a pity that the author did not refer to F. J. Simmons’ [Contemporary cryptology, IEEE Press New York (1992; Zbl 0784.94019)] from where the interested reader can learn more about the mathematical backgrounds. The book of Bauer is so nicely written that it is a pleasure to read and it is very difficult to choose one single section which is especially outstanding.

In a sense it is the reviewer’s task to exhibit which he thinks be the best part of this wonderful book. Namely on pp. 147-151 the author formulated five rules which he suggested for cryptographers. They are as follows: 1) One must not underestimate the opponent 2) Only the cryptanalist can estimate the security of a cipher, 3) When the security of a cipher is judged, one must assume that the opponent knows the ciphering algorithm (“The enemy knows the system being used”, Shannon, 1949), 4) Virtual complications may be dangerous since they may provide the cryptographer with false a sense of security. 5) When the security of an encrypting method is evaluated, one must consider the possibility of committing errors during the enciphering procedure or breach the discipline of secrecy. (The referee used the ideas of Bauer in his joint paper with G. Vasvári [Telecommunications security. Selected papers from the Hungarian Telecommunication Periodical Magyar Távközlés, 9-17 (1995)].)

The referee is pleased to read on p. 64 of the book that Schauffler, a German cryptographer, anticipated Hamming in introducing error detecting and correcting codes. Unfortunately it is not mentioned that the US cryptographers Friedman and Mendelsohn anticipated Schauffler and in 1932 they published a paper on the construction of error detecting and correcting codes based on latin squares. (The interested reader will find references on that story on pp. 313-314 of the reviewer’s recent joint book with A. D. Keedwell [Latin squares. New developments in the theory and applications. Ann. Discrete Math. 46 (1991; Zbl 0715.00010 and Zbl 0754.05018)].

Latin squares as important tools in cryptography are mentioned several times in the book. Unfortunately on p. 104 the conjecture of Erdös and Kaplansky is not related to Latin squares, but Latin rectangles. On the same page the author claims that the lower bound of the number of Latin square was determined by Heise, however M. Hall anticipated Heise by several decades. The references can be found on pp. 146 and 153 of the reviewer’s joint book with A. D. Keedwell [Latin squares and their applications. (1974; Zbl 0283.05014)].

At several occasions the author refers to patents of cryptographic machines and it would have been nice to call the reader’s attention to the work of Jack Levine [United States cryptographic patents 1861- 1989, Cryptologia, Terre Haute, Indiana USA, 1991]. On p. 4 the author uses the same definition of cryptology as Kahn. Namely: Cryptology is the science that embraces cryptography and cryptanalysis. The reviewer, however, prefers the definition of Simmons. Namely: Cryptology has come out to be understood to be the science of secure communication.

Consequently it is fully understandable that digital signatures, authentications, secret sharing, zero-knowledge proofs etc. are only mentioned briefly or are not mentioned at all. Also the reviewer understands that very up-to-date subjects such as public key cryptography, one-way functions, complexity theory are only mentioned briefly. The reasons of his feelings can not be discussed in a review they will be explained if he will have finished his long lasting project to write up his book on cryptology whose tentative title is “Snapshots from the history of cryptography”.

Reviewer: J.Dénes (Budapest)

### MSC:

94-01 | Introductory exposition (textbooks, tutorial papers, etc.) pertaining to information and communication theory |

68P25 | Data encryption (aspects in computer science) |

94A60 | Cryptography |

68-01 | Introductory exposition (textbooks, tutorial papers, etc.) pertaining to computer science |