Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Encryption Books Media Security Book Reviews

Review:Handbook of Applied Cryptography

Giving some actual theory to the whole cryptography discussion, Ian S. Nelson's review of Handbook of Applied Cryptography takes a look at this veritable tome of information. This isn't a book for those of you trying to figure out exactly what the NSA actually does; this is for the real meat and numbers behind it all. Click below for more info.
Handbook of Applied Cryptography
author Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone
publisher CRC Press
rating 9/10
reviewer Ian S. Nelson
ISBN 0-8493-8523-7
summary Required reading for any cryptography freak.
REVIEW: Handbook of Applied Cryptography
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone
CRC Press (ISBN 0-8493-8523-7)
Required reading for any cryptography freak.
Rating: 9/10

The Scenario

CRC Press has been building a series of books on discrete mathematics and its applications. Doug Stinson wrote the theory book on cryptography (Cryptography: Theory and Practice (ISBN: 0-8493-8521-0, if you don't like this book you'll vomit when you see the Stinson book) and this is the application book on cryptography. It's close to 800 pages chocked full of information.

I must confess that I'm a cryptography freak and I'm a little sick of the constant political discussions and lack of tech talk, this book is all tech and might even be a little much if you're not into math. It's a wonderful companion to the Schneier books (Applied Cryptography 1st or 2nd Edition A.K.A. "the crypto bible") if you're into the nitty gritty details of cryptography.

What's Bad?

I really like this book and I can't find a lot that I don't like about it... but I think in places the math gets a little thick. I have a degree in math and I find myself returning to the math overview section more often than I'd like to admit. If you're not familiar with discrete math and combinatorics then this book probably isn't for you. If you enjoy that stuff, then this will be a piece of cake. If you're looking to build your crypto book library up I'd highly recommend this book before you get some of the more hard-core books.

Something else I feel is lacking is cryptanalysis on ciphers. They discuss attacks on various protocols and hashes but actual attacks on ciphers are glossed over. As a companion to Cryptography: Theory and Practice, which covers cryptanalysis in more detail, it is understandable to leave that material out of this book but I think they could discuss it a little more than they do without going into specifics.

The no-nonsense style can be a little dry at times, there aren't a lot of jokes or anecdotes to lighten things up in this book.

What's Good?

Cipher isn't spelled with a 'y' anywhere in this book. It's not filled with a lot of opinion or rumor. It doesn't hardly bring up ITAR, key escrow, or the NSA's mystical superpowers. This book is about cryptographic techniques and a listing of patents is about as political or opinionated as it gets.

It is kind of like a textbook without the problems at the end of each chapter. It is written in an outline format with subitems of "Definition", "Fact", "Notes", "Example", and "Algorithm." Each subitem is followed by a few short but concise paragraphs of explanation.

Plenty of charts and figures fill the pages and everything is explained well. While it lacks source code, there is certainly enough information for you to implement any of the ciphers, hashes, or protocols covered. It even includes some test vectors for a lot of the algorithms.

So What's In It For Me?

If you want to learn about cryptography, not the politics but the actual technology, then this is a great book to get before you get over your head. It's very readable and while the math can be a little heavy in places it is accessible and useful. It gives you a good flavor of how more advanced papers and books on the subject are and it avoids the nonacademic discussions surrounding cryptography.

To pick this book up, head over to Amazon and help Slashdot out.

Table of Contents

  1. Overview of Cryptography
    1. Introduction
    2. Information Security and Cryptography
    3. Background on Functions
    4. Basic Terminology and Concepts
    5. Symmetric-key Encryption
    6. Digital Signatures
    7. Authentication and Identification
    8. Public-key Cryptography
    9. Hash Functions
    10. Protocols and mechanisms
    11. Key establishment, management, and certification
    12. Pseudorandom numbers and sequences
    13. Classes of attacks and security models
    14. Notes and further references
  2. Mathematical Background
    1. Probability theory
    2. Information theory
    3. Complexity theory
    4. Number theory
    5. Abstract algebra
    6. Finite fields
    7. Notes and further references
  3. Number-Theoretic Reference Problems
    1. Introduction and overview
    2. The integer factorization problem
    3. The RSA problem
    4. The quadratic residuosity problem
    5. Computing Square roots in Z n
    6. The Discrete logarithm problem
    7. The Diffie-Hellman problem
    8. Composite moduli
    9. Computing individual bits
    10. The subset sum problem
    11. Factoring polynomials over finite fields
    12. Notes and further references
  4. Public-Key Parameters
    1. Introduction
    2. Probabilistic primality tests
    3. (True)Primality tests
    4. Prime number generation
    5. Irreducible polynomials over Z p
    6. Generators and elements of high order
    7. Notes and further references
  5. Pseudorandom Bits and Sequences
    1. Introduction
    2. Random bit generation
    3. Pseudorandom bit generation
    4. Statistical tests
    5. Cryptographically secure pseudorandom bit generation
    6. Notes and further references
  6. Stream Ciphers
    1. Introduction
    2. Feedback shift registers
    3. Stream ciphers based on LFSRs
    4. Other stream ciphers
    5. Notes and further references
  7. Block Ciphers
    1. Introduction
    2. Background and general concepts
    3. Classical ciphers and historical development
    4. DES
    5. FEAL
    6. IDEA
    7. SAFER, RC5, and other block ciphers
    8. Notes and further references
  8. Public-Key Encryption
    1. Introduction
    2. RSA public-key encryption
    3. Rabin public-key encryption
    4. ElGamal public-key encryption
    5. McElliece public-key encryption
    6. Knapsack public-key encryption
    7. Probabilistic public-key encryption
    8. Notes and further references
  9. Hash Functions and Data Integrity
    1. Introduction
    2. Classification and framework
    3. Basic constructions and general results
    4. Unkeyed hash functions (MDCs)
    5. Keyed hash functions (MACs)
    6. Data integrity and message authentication
    7. Advanced attacks on hash functions
    8. Notes and further references
  10. Identification and Entity Authentication
    1. Introduction
    2. Passwords (weak authentication)
    3. Challenge-response identification (strong authentication)
    4. Customized zero-knowledge identification protocols
    5. Attacks on identification protocols
    6. Notes and further references
  11. Digital Signatures
    1. Introduction
    2. A framework for digital signature mechanisms
    3. RSA and related signature schemes
    4. Fiat-Shamir signature schemes
    5. The DSA and related signature schemes
    6. One-time digital signatures
    7. Other signatures schemes
    8. Signatures with additional functionality
    9. Notes and further references
  12. Key Establishment Protocols
    1. Introduction
    2. Classification and framework
    3. Key transport based on symmetric encryption
    4. Key agreement based on symmetric techniques
    5. Key transport based on public-key encryption
    6. Key agreement based on asymmetric techniques
    7. Secret Sharing
    8. Conference Keying
    9. Analysis of key establishment protocols
    10. Notes and further references
  13. Key Management Techniques
    1. Introduction
    2. Background and basic concepts
    3. Techniques for distributing confidential keys
    4. Techniques for distributing public keys
    5. Techniques for controlling key usage
    6. Key management involving multiple domains
    7. Key life cycle issues
    8. Advanced trusted third party services
    9. Notes and further references
  14. Efficient Implementation
    1. Introduction
    2. Multiple-precision integer arithmetic
    3. Multiple-precision modular arithmetic
    4. Greatest common divisor algorithms
    5. Chinese remainder theorem for integers
    6. Exponentiation
    7. Exponent recoding
    8. Notes and further references
  15. Patents and Standards
    1. Introduction
    2. Patents on cryptographic techniques
    3. Cryptographic standards
    4. Notes and further references
  16. Appendix A: Bibligraphy of Papers from Selected Cryptographic Forums
    1. Asiacrypt/Auscrypt Proceedings
    2. Crypto Proceedings
    3. Eurocrypt Proceedings
    4. Fast Software Encryption Proceedings
    5. Journal of Cryptology papers
This discussion has been archived. No new comments can be posted.

Review:Handbook of Applied Cryptography

Comments Filter:

I do not fear computers. I fear the lack of them. -- Isaac Asimov