If you conduct any commerce on-line, say with the Mathematical Association of America, you will use some sort of cryptological algorithm. There is no escaping this fact, it is part of the Internet and for most (maybe all?) of us it is part of our lives. Internet commerce is ubiquitous and so is cryptography. But cryptography is not limited to Internet use, of course. We use it when we withdraw money from an ATM, or use a wireless router. If you want to understand this most interesting topic, Everyday Cryptography is a good start.
Many books on cryptography are complicated texts suitable to an advanced mathematician or engineer. They are full of equations, proofs, algorithms, and protocols. The books can be difficult to read, hard to digest, and poorly suited to the layman. If you enjoy those sorts of books, Martin’s book may disappoint you.
However, if you are interested in cryptography to understand its uses, where you might find it in your life, how cryptography works, and what sorts of applications it is good for, then this book is a good guide. I’ve read other books on this subject and while they are excellent, the authors assumed the reader had a solid mathematical background. This book does not make that assumption. Rather, Martin takes the approach of textual explanations, simple diagrams, and he walks the reader through the topics with easy to understand language. The result is a book suitable to any reader without preconditions.
The book begins with motivations for cryptography. It’s not just to keep prying eyes away from your communications, although it does that, but it is needed to ensure you are communicating with whom you think you are communicating (authentication). You need cryptological algorithms to ensure your data, say a document, is not altered in transit. For example, cryptography ensures someone cannot intercept an email, change the contents, and have the recipient none the wiser. Moreover, you may want to digitally sign a document in a way that no one else can, just like you sign a paper document with a pen.
Martin discusses symmetric encryption and the popular Data Encryption Standard and Advanced Encryption Standard. These systems, interestingly, put all the secret information in the encryption key. The algorithms are well-known and one can implement them easily on a computer. (Professionals advise one should not implement one’s own encryption algorithms. Cryptographical attacks can be cunningly sophisticated, and while not discussed thoroughly in this book, even well-written software can leak details of your key and be broken.) As an aside, the reason data encryption algorithms are usually publicly known is because at one time the algorithms were kept a secret. But when the wartime enemy discovered the algorithm, he then could decrypt any previously stored messages. Secret algorithms don’t stay secret.
The book presents public key encryption algorithms, which are non-symmetric: the encryption key is different from the decryption key. The most popular public key algorithm is RSA (named for its creators: Ron Rivest, Adi Shamir, and Len Adleman) but there are others such as El Gamal, and elliptic curve-based algorithms. The general idea to public key algorithms is there are two keys: a public and private key. The keys are related but that relationship is not obvious by looking at the keys. Say Alice wants to send Bob a message. Alice finds Bob’s public key and uses it to encrypt her message and sends this encrypted message to Bob. Bob uses his private key to decrypt the message. Unless a person knows the private key, the message cannot be decrypted. Martin provides the details of this process.
After public key algorithms, the book discusses data integrity which calls for hash functions. Hash functions are one-way functions that take a message as input, say a one-million bits long, and computes a sequence of bits, say 128 bits long, called a digest of the message that is the output. This digest is easy to compute but from the digest it is very difficult to find a matching message. A good hash function is collision resistant: it should be “impossible” to find two different messages that reduce to the same bit sequence. And, further, changing even a bit in the original message, changes the hash in many bits. Hash functions are a method to test that the original message was not altered.
The book discusses digital signatures, which are usually based on public key encryption algorithms. Digital signatures allow one to sign a document so that the recipient can be sure the signer’s signature has not been forged. Martin gives you a gentle introduction to the topic.
The book goes on to discuss authentication and passwords and then protocols. Protocols, while not mathematically based, are interesting in how one trades information using the cryptological tools in a secure manner. These protocols are used in web browsers and are worth one’s time to understand in detail.
The next part of the book is about key management, that is, how to manage public keys. The fundamental question is how does one trust a key to be from the claimed entity. The book concludes with various applications such as local area networks, mobile communications, and home users.
Each chapter has a section of problems that explores the subjects in more detail and provides insights beyond the text. I found the problems worthwhile just to read as well as work and explore with Internet searches.
The bibliography contains 208 entries and these are worth reading and reviewing. For example, the CyptoTool (entry 52) is a free program that implements various cryptography techniques for experimentation and learning. I found other entries worth searching on the World Wide Web and I am sure others will find useful resources here, too.
Overall, the book is a good nontechnical introduction to cryptography. The author covers essential topics, presents the ideas clearly, and provides problems for further explorations and a good bibliography of other sources.
David S. Mazel is a practicing engineer in Washington, DC. He welcomes your thoughts and comments and can be reached at mazeld at gmail dot com.
2. Basic Principles
3. Historical Cryptosystems
4. Theoretical versus Practical Security
5. Symmetric Encryption
6. Public-Key Encryption
7. Data Integrity
8. Digital Signature Schemes
9. Entity Authentication
10. Cryptographic Protocols
11. Key Management
12. Public-Key Management
13. Cryptographic Associations
14. Closing Remarks