Applied cryptography. Protocols, algorithms, and source code in C.

*(English)*Zbl 0789.94001
New York: Wiley. xviii, 618 p. (1993).

This book contains five parts. Part one: Cryptographic protocols. Part two: Cryptographic techniques. Part three: Cryptographic algorithms. Part four: The real world. Part five: Source code.

Part one discusses cryptographic protocols. The protocols range from the single to the complex. The chapter headings of part one are as follows; Basic protocols, Intermediate protocols, Advanced protocols, Esoteric protocols. Part two discusses cryptographic techniques, it contains two chapters. One of them is about keys; how long should a key be in order to be secure, how one can generate keys, how to store keys, how to organize key management etc. The other chapter discusses different ways of using cryptographic algorithms and how to choose algorithms for communication, data storage etc.

Part three contains 8 chapters. The Chapter headings are as follows: Mathematical background, Data Encryption Standard/DES/, other block algorithms, One way hash functions, Random sequence generators and stream ciphers, Public key algorithms, More public key algorithms. In this part the reader can read about various algorithms and their evaluations. Part four has two chapters. One of them discusses some real-world implementations of these algorithms and protocols. The other one contains some views of the author on some of the political issues surrounding cryptography. Part five contains source code listings of some of the algorithms of Part four.

Reviewer’s remarks: 1. Several parts of this book are very good. Namely, the reviewer appreciates very much the bibliography with more then 900 references, it is also helpful that in Part five the author gives a set of source code lists which contains more than 50 programs. They cover symmetric and asymmetric algorithms and one-way hash functions and more. (The programs are available on discs from the author). Chapter 18 contains quite useful informations about NSA, NCSC, NIST, IARC and more.

2. Unfortunately the reviewer has some criticisms as well:

a) A Foreword by W. Diffie says: Cryptology present a difficulty not found in normal academic disciplines: the need for the proper integration of cryptography and cryptoanalysis. In the author’s Preface one can find the following sentence: Encryption is too important to be left to the government. The reviewer thinks these two statements are contradictory.

b) On p. XVIII the author writes: “This book is not intended to be a mathematical text. Although I have not deliberately given any false information.” On p. 234 the author gives nice examples of some mathematical failures (perhaps they are not deliberate): “... addition over the integers is a group. Adding integers together always results in another integer. Multiplication and division over the integers are not a group. Multiplying two integers together always results in another integer, but dividing two integers sometimes results in a fraction.”

The next sentence reads as follows: “If /DES/ were a group, the cryptoanalysis would be easier”. That statement is completely wrong for two reasons. On the one hand can be learned from references 225 of this book that /DES/ generate the alternating group [see D. Coppersmith and G. Grossman: Generators for certain alternating groups with applications to cryptography, SIAM J. appl. Math. 29, 624-627 (1975; Zbl 0333.20002)]. On the other hand one can learn from a paper of S. Murphy, K. P. Paterson and P. Wild [see J. Cryptology 7, 61- 65 (1994)]: “S. Magliveras and N. Memon [J. Cryptology 5, No. 3, 167-183 (1992; Zbl 0763.94014)] indicate their belief that the property of generating the symmetric group on the message space is one of the strongest security conditions that can be offered.” Our example of a weak system whose group all of \(S_{2^ n}\) is evidence against this belief.

c) The author overestimates the importance of the brute-force attack. For that reason on p. 16 Table 1.1 contains large numbers. One of its data says that the total lifetime of the universe is \(10^{18}\) seconds. Brute-force attack is useless in most of the cases (as far as the reviewer considers). For example the Ceasar cipher (the simplest, weakest, monoalphabetic substitution) can not be broken by brute force attack. (Hit, the number of alphabets with 26 letters is equal to \(26! \approx 4.03.10^{26}\). Consequently if at the time of begining of the Universe there was a supercomputer which could check \(10^ 8\) alphabets, pro second, then no Ceasar cipher could be broken by brute force during the total life time of the Universe).

d) On p. 27 the author writes: “If we are strictly mathematical, there is no proof that one way functions exist, nor is there real evidence that they can be constructed”. That observation is true, but on p. 32 of G. I. Simmons’ “bible” [Contemporary Cryptology (IEEE Press 1991; Zbl 0784.94019)] one can find interesting historical evidence of the fact that in his book in 1873 W. S. Jevons suggested one-way functions for cryptographic purposes and thirty years later D. N. Lehmer in his paper [see Bull. Am. Math. Soc. No. 2, 13, 501-502 (1907)] showed the weakness of the idea. The present author seems to be unaware of the works of Jevons and Lehmer.

e) On p. 28 the present author describes how knapsack cryptosystems were broken. The author gives credit to people who did not deserve it. The interested reader can find the true story on p. 506 of Simmons’ book.

f) The only private firm for cryptographic consulting services mentioned in this book (see p. 444) is RSA Data Security Inc. The reviewer thinks that there is no justification for that situation.

g) The reviewer thinks that his list of complains is far from being complete. A complete list would be too long.

Anyway the reader of this book should be very careful!

Part one discusses cryptographic protocols. The protocols range from the single to the complex. The chapter headings of part one are as follows; Basic protocols, Intermediate protocols, Advanced protocols, Esoteric protocols. Part two discusses cryptographic techniques, it contains two chapters. One of them is about keys; how long should a key be in order to be secure, how one can generate keys, how to store keys, how to organize key management etc. The other chapter discusses different ways of using cryptographic algorithms and how to choose algorithms for communication, data storage etc.

Part three contains 8 chapters. The Chapter headings are as follows: Mathematical background, Data Encryption Standard/DES/, other block algorithms, One way hash functions, Random sequence generators and stream ciphers, Public key algorithms, More public key algorithms. In this part the reader can read about various algorithms and their evaluations. Part four has two chapters. One of them discusses some real-world implementations of these algorithms and protocols. The other one contains some views of the author on some of the political issues surrounding cryptography. Part five contains source code listings of some of the algorithms of Part four.

Reviewer’s remarks: 1. Several parts of this book are very good. Namely, the reviewer appreciates very much the bibliography with more then 900 references, it is also helpful that in Part five the author gives a set of source code lists which contains more than 50 programs. They cover symmetric and asymmetric algorithms and one-way hash functions and more. (The programs are available on discs from the author). Chapter 18 contains quite useful informations about NSA, NCSC, NIST, IARC and more.

2. Unfortunately the reviewer has some criticisms as well:

a) A Foreword by W. Diffie says: Cryptology present a difficulty not found in normal academic disciplines: the need for the proper integration of cryptography and cryptoanalysis. In the author’s Preface one can find the following sentence: Encryption is too important to be left to the government. The reviewer thinks these two statements are contradictory.

b) On p. XVIII the author writes: “This book is not intended to be a mathematical text. Although I have not deliberately given any false information.” On p. 234 the author gives nice examples of some mathematical failures (perhaps they are not deliberate): “... addition over the integers is a group. Adding integers together always results in another integer. Multiplication and division over the integers are not a group. Multiplying two integers together always results in another integer, but dividing two integers sometimes results in a fraction.”

The next sentence reads as follows: “If /DES/ were a group, the cryptoanalysis would be easier”. That statement is completely wrong for two reasons. On the one hand can be learned from references 225 of this book that /DES/ generate the alternating group [see D. Coppersmith and G. Grossman: Generators for certain alternating groups with applications to cryptography, SIAM J. appl. Math. 29, 624-627 (1975; Zbl 0333.20002)]. On the other hand one can learn from a paper of S. Murphy, K. P. Paterson and P. Wild [see J. Cryptology 7, 61- 65 (1994)]: “S. Magliveras and N. Memon [J. Cryptology 5, No. 3, 167-183 (1992; Zbl 0763.94014)] indicate their belief that the property of generating the symmetric group on the message space is one of the strongest security conditions that can be offered.” Our example of a weak system whose group all of \(S_{2^ n}\) is evidence against this belief.

c) The author overestimates the importance of the brute-force attack. For that reason on p. 16 Table 1.1 contains large numbers. One of its data says that the total lifetime of the universe is \(10^{18}\) seconds. Brute-force attack is useless in most of the cases (as far as the reviewer considers). For example the Ceasar cipher (the simplest, weakest, monoalphabetic substitution) can not be broken by brute force attack. (Hit, the number of alphabets with 26 letters is equal to \(26! \approx 4.03.10^{26}\). Consequently if at the time of begining of the Universe there was a supercomputer which could check \(10^ 8\) alphabets, pro second, then no Ceasar cipher could be broken by brute force during the total life time of the Universe).

d) On p. 27 the author writes: “If we are strictly mathematical, there is no proof that one way functions exist, nor is there real evidence that they can be constructed”. That observation is true, but on p. 32 of G. I. Simmons’ “bible” [Contemporary Cryptology (IEEE Press 1991; Zbl 0784.94019)] one can find interesting historical evidence of the fact that in his book in 1873 W. S. Jevons suggested one-way functions for cryptographic purposes and thirty years later D. N. Lehmer in his paper [see Bull. Am. Math. Soc. No. 2, 13, 501-502 (1907)] showed the weakness of the idea. The present author seems to be unaware of the works of Jevons and Lehmer.

e) On p. 28 the present author describes how knapsack cryptosystems were broken. The author gives credit to people who did not deserve it. The interested reader can find the true story on p. 506 of Simmons’ book.

f) The only private firm for cryptographic consulting services mentioned in this book (see p. 444) is RSA Data Security Inc. The reviewer thinks that there is no justification for that situation.

g) The reviewer thinks that his list of complains is far from being complete. A complete list would be too long.

Anyway the reader of this book should be very careful!

Reviewer: J.Dénes (Budapest)

##### MSC:

94-01 | Introductory exposition (textbooks, tutorial papers, etc.) pertaining to information and communication theory |

94A60 | Cryptography |