Applied Cryptography, 2nd Edition

Tal Cohen, author of a number of book reviews in his own right, has sent over a review of Bruce Schneier's Applied Cryptography, 2nd Edition. One of the best introductions to the field of cryptography this is a book well worth reading, even for those who simply want a better understanding of the potentials about cryptography, and what it's all about.

Applied Cryptography, 2nd Edition
author	Bruce Schneier
pages
publisher	John Wiley & Sons
rating	8/10
reviewer	Tal Cohen
ISBN	0-471-11709-9
summary	A fantastic introduction and a handy reference on one of computer science's most interesting fields.

More than any other field in computer science, cryptography is associated with computer warfare. Recent international treaties define cryptographic algorithms as weapons, and the laws of many countries prohibit either the development, the usage, or the export of cryptographic algorithms. Yet while feared by governments, cryptography is one of the most fascinating -- and useful -- fields of algorithmics.

The whole point of cryptography is to solve problems. (Actually, that's the whole point of computers -- something many peopletend to forget.) Cryptography solves problems that involve secrecy, authentication, integrity, and dishonest people. You can learn all about cryptographic algorithms and techniques, but these are academic unless they can solve a problem.

Bruce Schneier's Applied Cryptography, in its second edition, is probably the best introduction to the field. Schneier is not merely an excellent technical writer, but also a researcherin the field; for example, he developed the public-domain Blowfish encryption algorithm. But unlike many works by other researchers, Schneier's work does not read like a dry paper for a scientific journal. His writing is very enjoyable (though the jokes are overdone at times) and his explanations are almost always lucid.

Breaking a plate is a good example of a one-way function. It is easy to smash a plate into a thousand tiny pieces. However, it's not easy to put all those tiny pieces back together into a plate. [...]

So, what good are one-way functions? We can't use them for encryption as is. A message encrypted with the one-way function isn't useful; no one could decrypt it. (Exercise: Write a message of a plate, smash the plate into bits, and then give the bits to a friend. Ask your friend to read the message. Observe how impressed he is with the one-way function.) For public-key cryptography, we need something else.

Generally, the book covers four main subjects: protocols, algorithms, source code (in C), and politics. As the title indicates, the book is intended to people who actually wish to apply cryptographic methods to their programs, and so the theoretical discussions and mostly at introductory level - sufficient to make you understand how an algorithm works and what are its benefits and potential weaknesses, but without elaborate mathematical proofs, for example.

Part I of the book, "Cryptographic Protocols", includes five chapters: building blocks, basic protocols (like key exchange and authentication), intermediate protocols (timestamping, fair coin flips, key escrew, etc.), advanced (zero-knowledge proofs, simultaneous contract signing, digital certified mail, etc.) and esoteric ones (like secure elections and anonymous message broadcast).

Part II, "Cryptographic Techniques", deals with such issues as key length, key management, and methods of employing algorithms. The longest section, Part III, spans 13 chapters -- "Cryptographic Algorithms". The algorithms covered include DES and its variants,Skipjack, Lucifer, LOKI, RC2, RC4, RC5 (that's the cow in your tray-bin!), IDEA Blowfish, RSA and many others. The greatest detail is given to the venerable old DES, but the information about other protocols (over 50 in all, including blockDES, but the information about other protocols (over 50 in all, including block ciphers, stream ciphers, random-sequence generators, one-way hash functions, public key algorithms, and more) is sufficiently detailed for you to decide which best suites your needs. And if you need more information, an outstandingl$ detailed list of over 1,600 references is included.

As in most texts about cryptography, protocols and algorithms are described using the merry cast of Alice (side A), Bob (side B), Eve the eavesdropper, Mallory the malicious attacker, and their other friends and foes. This makes descriptions much easier, since once you get used to these Dramatis Personae (which happens rather quickly), you immediately know who plays what role in each scene, without wasting time on repeated explanations. Schneier brings those characters to life in numerous examples of the pros and cons of various approaches.

Part IV, "The Real World", deals with two subjects: sample implementations in actual products, and politics, including history and legal issues. The history of cryptography is much longer than that of computer science: from secret codes to invisible inks, encoded messages were here for a very long time indeed. On the other hand, cracking cryptographic codes was among the earliest uses of computers, back in WWII (as anyone familiar with the story of Alan Turing knows).

One section in chapter 25 lists the import and export limitations on cryptography in different places around the globe. The most interesting entry is for my own country, Israel, which (according to Schneier) "has import restrictions, but no one seems to know what they are."

The final section, "Source Code", includes over 50 pages of sources in C for several algorithms: DES, LOKI91, IDEA, GOST, Blowfish, 3-Way, RC5, A5 and SEAL. It looks insane that a book with so many lines of source is not accompanied by a CD; but then you realize that what's insane is not the boo$ but export laws, which allow cryptographic algorithms to be distributed in prin$ -- but not on electronic media. Consider, for example, how Phil Zimmermann's PG$ was legally exported from the US to the rest of the world: the sources were printed in a one-copy book, which was mailed to Europe, scanned in and recompiled.

If you live in the States, you can order a set of 3 floppies directly from Schneier, with sources for most of the algorithms discussed in the book (and more).

Anyone cares to mail me a printout?

Purchase this book at Computer Literay and help Slashdot.

For more information about this book, see the sidebar of http://www.forum2.org/tal/books/crypto.html.

For additional book reviews, please visit http://www.forum2.org/tal/books.