Trusted SF Member
Joined: 17 Apr 2003
Location: Asheville, NC, US / Uberlāndia, MG, Brazil
|Posted: Thu Jan 29, 2004 7:18 am Post subject: Book Review - Cryptography: An Introduction
Cryptography: An Introduction
Author: Nigel Smart
Publisher: McGraw-Hill Education www.mcgraw-hill.co.uk
Book Specifications: Soft-bound; 443 pages
Category: Mathematical Application Via Cryptography
User Level: Undergraduate Mathematics
Suggested Publisher Price: £37.99 GBP / $67.74 USD (approximately)
Amazon.co.uk: Cryptography: An Introduction
Amazon.com: Cryptography: An Introduction
Back-cover blurb: "Nigel Smart's Cryptography: An Introduction provides the rigorous detail required for advanced cryptographic studies, yet approaches the subject matter in an accessible style in order to gently guide new students through difficult mathematical topics. Covering the latest developments in computer cryptography, including the Rijndael algorithm chosen for the new Advanced Encryption Standard, the OAEP padding system for RSA and modern stream ciphers, this book is a complete introduction to cryptography."
Woah, stop right there. "Incomplete introduction" would be more appropriate, for the following reason:
"The author gives specific focus to implementation issues such as exponentiation in DSA and RSA, and to provably secure algorithms with and without random oracles." - now hey, this isn't bad, but the fact that specific focus stopped here is indeed, frowned upon.
There should have been equal examination of symmetric algorithms and the analysis of such, to make this book anywhere close to "complete."
Introduction to the Overview
This book is intended to serve as a comprehensive introduction to cryptography, but can be very misleading, just by looking at the title. This is not an introduction for those without a proficient mathematical background. It is merely an attempt at applying undergraduate mathematics to the field of cryptography, by borrowing concepts from titles such as Applied Cryptography, for example, although it is in no way, shape, or form, like it. It's a rather bland title and lacks organization whatsoever. It's caught inbetween an incomplete encyclopedic guide and gap-ridden classroom text book.The format is much too specialized for a particular course, which hints that the author based much of the content from material he specifically lectures on in his own classroom.
Many important areas are touched, but with not much elaboration. Other areas contain too much elaboration. All in all, when a neophyte mathematics and/or computer science student completes this title, he will have learned a rather wide variety of cryptographic applications, in regards to undergraduate mathematics. However, much of this knowledge will gain no conventional use, as the bulk of cryptography's most important concepts are nowhere to be found. The author himself points out intentional omissions, but the stated rationale, in my opinion, isn't convincing enough to shadow the lack of substance and organization that would separate this book from any other.
Now for my overview of the four parts, which will ultimately determine the overall score.
Part I - Mathematical Background
First of all - why? If the book is intended for students with three to four years of undergraduate mathematical knowledge, then why spend two chapters discussing basic mathematics? These pages could have been dedicated to much more important concepts which were less traveled. I will give it a bit of credit, as it does mention the usage of modular arithmetic, groups, fields, and probability, which all make up the bulk of modern cryptanalysis. The only trouble with this is - cryptanalysis of such is hardly discussed.
The next section discusses elliptic curves, which seems a bit odd, as one would expect to find this in the chapter outlining the rest of the most conventional of asymmetric algorithms. However, you will find it dispersed briefly throughout the book, so I'll mention that in its favor, as the study of elliptic curves is quite an important one, to the extended growth of modern cryptography. Nothing much here, to be honest. Not a superb use of pages, I'll say.
Chiefly, this part wasn't an entire waste, but nowhere near being as informative or well-placed as I had hoped. I'll give it a 3 out of 10.
Part II - Symmetric Encryption
This section disappointed me the most. I can't stress enough at how empty this section is. It does a so-so job at introducing classical ciphers, but contains one of the weakest guides to conventional block and stream ciphers that I have ever seen.
The author has chosen to elaborate on two primary block ciphers - DES and AES. This, in itself, is a decent choice, in regards to introducing new students to the two standards we have had and have. DES is explained decently, along with the concept of Feistel network structures, while AES, on the other hand, is described as "not being a Feistel network", rather than appropriately referred to as an SPN, or Substitution-Permutation Network. Because block ciphers are the most widely deployed, I find it in bad taste to include such a small section, for a topic which most everyone can relate to. You see the brief mentioning of other algorithms, such as Twofish and Serpent, but no explanation of them, whatsoever.
Afterwards, you move onto the subject of confidentiality modes, or modes of operation, as you'll commonly see them referred to as. All modes are mentioned, except one, which happens to be highly important, in terms of most secure and efficient, alongside the likes of CBC. This mode happens to be CTR, or counter mode. This was a major disappointment. One would think you could find a single complete section, in regards to symmetric systems, but I guess that's far too much to ask from an introductory text book.
I was hoping to find a spark of unique interest, that would appeal to me, but I was only in for more dismay. To further validate my disgust with this part's content, the discussion of MACs was limited to an extremely thin overview. The finale stream cipher section was rather scrawny, with a small helping of shift registers, linearity, and RC4, to cap it off.
Lack of abundant block and stream ciphers, as well as MACs, in terms of discussion - ouch. Sporadically isn't good enough. Nowhere near good enough. This is the cardinal sin of cryptography. You need block ciphers. You need stream ciphers. You need MACs. What you don't need is this book, if you intend to design any cryptosystem with the same emphasis on security as imposed by this section.
Overall, this section contributes to much of the reason for me deeming this book as lacking in substance. Had the author given more insight as to the formal name for the structure of AES (as well as an exploration into this structure), more in-depth discussion into MACs, and a wider variety of specific algorithm discussion, I'd have favored this book much more. I'll give it a generous 1 out of 10.
Part III - Public Key Encryption and Signatures
This section provides a decent overview of most important topics pertaining to asymmetric algorithms, be it for encryption or signatures. It also dives into the topic of hashing, which loosely defines hash-based MACs. As I believe HMAC to be the best configuration of its kind, I was relieved to see that it was actually mentioned, as it isn't even so much as breathed upon, by the introduction of MACs, in the previous part.
I ran into a few suggestions of security, of which I believe to be very false and misleading, so whatever interest I had in these particular chapters would slowly fade, as I drew closer to the end. As three fourths of the book is now analyzed, I could safely conjecture that one need not base any sense of security from within the confinement of this book.
Mainly, it will give you the basic mathematical outlook of house-hold names, such as RSA, ElGamal, Rabin, MD5, SHA-1, primality, discrete logarithms, et cetera. Not that bad of a section, but nothing to brag about. Because of errors and poor rationale, I'll give it a 3 out of 10.
Had this section not included an overview of the above algorithms, as well as the mentioning of hash-based MACs, you could bet your bottom dollar that a "3" would be out of the question.
Part IV - Security Issues
Another disappointing section. The author states that linear and differential cryptanalysis isn't heavily analyzed, because he believes it is better suited for "background reading." Now, in my honest opinion, if the book goes as far as dedicating an entire part to "security issues", then these two forms of analysis should be included and included well. It certainly didn't stop the inclusion of analysis on public key systems, that's for sure. Not including adequate symmetrical analysis is inexcusable.
This part, however, does discuss security complexity and various other important areas of security, so not all is lost by the omission of symmetric system analysis. If you find the discussion of provable security interesting (as I do), then it may be worth a quick perusal.
Either way, this final part didn't strike me as unique and I certainly learned nothing from it that I haven't seen in other resources.
I'll give it a hefty 2 out of 10.
Well, what can I say. You rarely find a book critique that extends to an appendix, but for Java junkies and those in search of a glossary to mathematical terminology, these two appendices aren't half bad.
Style and Detail
From the cover to the content, this book isn't incredibly stylish. Some sections contain immense mathematical detail, (of which I give credit to the author for, as I love to see intense mathematical discussion), while others certainly lack in any detail whatsoever. What makes it worse, the lacking sections were the most important, in terms of modern cryptography and what most computer users have utilized, passively, through Internet transactions, to e-mail encryption, to mere web surfing.
From symmetric encryption to the analysis of such, much detail is longed for, but can't be found. This is the major downfall of the book, in my opinion. A more befitting style would have been sufficient emphasis on block algorithms, their corresponding cryptanalyses, and factual security suggestions of such. Perhaps that would have been this book's saviour, but then again, this book is no textual Messiah.
The style is that of no organization, for a great majority of the book, and the detail is centralized where it shouldn't be. Reading this book for the purpose of style and detail could be likened to one listening to the radio, in monotone. Not very appealing to the ear, as this book is to the eye.
Even the "Further Reading" and hands-on "Review Exercises" wasn't enough to save this book from becoming a generic bookshelf placeholder.
To conclude, unless you are a student of Nigel Smart, or plan to only briefly touch a portion of the mathematical concepts of general cryptography, this book isn't for you. It isn't for most people, for that matter. I find it to be much too specialized for a given methodology of teaching, of which can be gathered from the author's opinion. It isn't a regular introduction to cryptography for those interested, but rather, an introduction to cryptography for those on their way to a degree in and around mathematics or computer science. Even then, you're left with a poor introduction, as this isn't a starter's guide to becoming a cryptographer.
Had it been complete, it could have been something it isn't - a uniquely informative introduction.
For the price, I'd do your budget a favor and shop around for other, much better, books, of which do exist, such as titles by Schneier or the like.
After scoring and calculating the average of the four parts, I was left with a value of little over 2, but since I do not round my scores in favor of the book, this bland, affected title gets a well-deserved SFDC 2 out of 10:
It's all about substance, folks. With so many available titles, you need your own unique substance, otherwise, you just drown in the rest and fail to stand apart. Nigel Smart, as a lecturer and mathematician - possibly. Nigel Smart as an unwonted author - not quite yet.
Keywords: Nigel Smart, Cryptography: An Introduction, Cryptography, book, review, encryption, McGraw-Hill, Bristol.
This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by JustinT on Sun Feb 01, 2004 10:50 am; edited 16 times in total