*
Modern Cryptography, Theory and Practice*

by Wenbo Mao

**Wiley 2003.
ISBN 0-130066943-1. Index, Bibliography, List of alogrithms, protocols
and attacks. 707 pages. $54.99.
**

Reviewed by Robert Bruen September 15, 2003

A large number of cryptography books are available, a smaller number are good, an even smaller number are suitable for use as a textbook. Mao's book falls into the category of a good cryptography textbook which is also useful for anyone. The people who will most appreciate it are those with a solid math background, at least advanced algebra. It is common to see algorithms like RSA presented in mathematical terms, but often the reader is spared from mathematical details for the rest. However if you want to really understand the underlying reasons for why somethings works in a particular manner, or you want to see how an attack works, the math is necessary. For the math challenged, the best one can hope for is that enough words surround the symbols.

This author has done an excellent job of putting words that clarify the math, making some difficult material accessible to advanced undergraduates. The cryptology professionals know that this an enterprise of mathematics. There are other books covering the same material that I like. Each takes its own approach and focus, and each author has a unique style in explaining concepts. It is reassuring to know that there is this much quality work available.

Mao has focused on "introducing fit-for-application cryptographic schemes and protocols with their strong security evidently established." He states that many of the existing textbook cryptographic approaches fail under real world stress. He feels that many problems exist in current systems because the designers used textbook crypto. The solution to this problem is to closely analyze protocols and algorithms to discover the properties that will lead to their improvement.

Readers can benefit such a close analysis for both learning about the inner workings of an algorithm and the weaknesses that will be subject to attack. The attacks are spelled out in a clear, formal manner. The author takes the analysis to higher levels by covering formal methods and techniques for strengthen cryptographic systems. The methods introduced also gives us principles for the design of systems. The book covers the required math background, authentication, digital signatures with an emphasis on provable systems.

This book could easily be used in a cryptography course that preceded one in writing secure software, because it would lay out a solid foundation of principles. Advanced math and computer science undergraduates now have enough topics and books that allow for specialization in secure systems and software. I am happy to recommend this book as one of those textbooks. I would also recommend it to security professionals looking for methods to evaluate protocols and algorithms, not just learn how they operate.