Cipher Book Review, Issue E146

Cryptography
by William J. Buchanan OBE

River Publishers 2017.
ISBN 978-87-93379-10-7

Reviewed by  Sven Dietrich   Nov 18, 2018 

Cryptography, the art of secret writing, is at the center of most computer security curricula. The topic has edged into more public awareness with ransomware encrypting our files, with cryptocurrencies allowing us to exchange money in a peer-to-peer fashion, with smart contracts opening new business opportunities, with confidential conversations using Signal, with whistleblowers communicating securely with journalists, and many more.

The book is written as a textbook, divided into twelve chapters, with introductory material, the theory, practical explorations for some topics including code samples and labs/tutorials, and academic paper references for deeper study at the end of each chapter. A lot of the supporting material is on a companion website, whether it be a demo, examples that the reader can work out, or errata in the book. The book takes a very pragmatic and hands-on approach, pointing to tools commonly found in modern operating systems.

The chapter titles, in order, are Cipher and Fundamentals, Secret Key Encryption, Hashing, Public Key, Key Exchange, Authentication and Digital Certificates, Tunneling, Crypto Cracking, Light-weight Cryptography and Other Methods, Blockchain and Crypto-currency, Zero-knowledge Proof (ZKP) and Privacy Preserving, and Wireless Cryptography, and Stream Ciphers.

The first two chapters provide the basics for a proper understanding of ciphers, looking a basic cryptosystems and their attacks such as brute-force and frequency analysis, the mathematical background in number theory, as well as coding techniques. The third chapter on hashing addresses the issues encountered with hash functions over the last few years, leading up to the standardization of SHA-3. The practice of password hashing is mentioned in this context, as well as the related password cracking.

The next two chapters talk about Public Key techniques, such as the RSA, Elliptic Curve Cryptography, ElGamal, Cramer-Shoup, Paillier cryptosystems, as well as Knapsack problems, and Identity-based Encryption, and also about Key Exchange, covering the Diffie-Hellman and Elliptic Curve variants.

In the Authentication and Digital Certificates chapter, we see the Public Key Infrastructure (PKI) and Trust, email encryption, the mythical Kerberos, and other methods of authentication. Following that chapter, in Tunnels we segway into the SSL/TLS protocols, Virtual Private Networks (VPNs), and examining Tor traffic.

The Crypto Cracking chapter covers Key Escrow, seven attacks on RSA, three on AES, and cracking Digital Certificates. Color diagrams illustrate how the attacks work, with sample runs for a better understanding.

The next chapter, Light-weight Cryptography and other methods, brings a timely topic into the limelight: light-weight cryptography for resource-constrainted devices, a topic that NIST has given guidance about in recent times, especially with the tremendous growth of Internet-of-Things (IoT) devices. Also of greater concern is the advent of quantum computers, hence the chapter includes a discussion on post-quantum cryptography to overcome to so-called cryptoapocalypse, which is to happen when Shor's algorithm and related techniques become practical.

The chapter on Blockchain and Crypto-currency discusses the cryptocurrency Bitcoin, blockchain, mining techniques, as well as Ethereum for smart contracts. As always, the web companion has related code and examples.

As a next step, the author discusses Zero-Knowledge Proofs and Privacy Preserving techniques. Here we learn about Feige-Fiat-Shamir, Oblivious Transfers, Scrambled Circuits, the Millionaire's Problem, RAPPOR, and Secure Function Evaluation.

Finally, the Wireless Cryptography and Stream Cipher chapter rounds off the collection by a treatise on the stream ciphers and wireless standards in use (as well as some attacks on WPA2 PSK), even those used for mobile phone communications such as GSM. More recent attacks on the wireless standards such as KRACK are not covered in this 2017 edition, as expected.

William Buchanan has written a nice textbook to be used for an undergraduate applied cryptography course, a supplement for a computer security course, or a self-learning guide, covering most of the relevant topics that one would want to see treated. The topics feel a bit of a hodge-podge to me at times, but it keeps the reader alert and sharpens their ability to combine topics across traditional boundaries. It was a fun book to read.


Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org