• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

cryptography book

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Mon May 02, 2005 10:09 am    Post subject: Literature. Reply with quote

We've discussed cryptography books quite a bit, in the recent past, so if you do a search for the keywords "book", or "books", in the cryptography forums, I'm sure you'll find quite a few posts with excellent recommendations. Applied Cryptography, by Bruce Schneier, is a generally decent title. However, there's one thing to remember. Security advice, as far as cryptography is concerned, can change rather quickly, so this puts books that offer it at a risk of becoming inconsistent with new cryptanalytical advances, at any time. Since the science, itself, is volatile, so is the life-span of some literature on cryptography, depending on what it provides. Refer to this thread.

Note that since the time of the latest edition, there will be some advice given that doesn't hold its validity any longer, so you'll need to research certain areas much more in-depth, considering recent analyses in that area, for a more up-to-date summary. However, a bulk of it, containing basic definitions, structures, goals, et cetera, will still hold its validity; it's just a matter of discerning between the two. If this can be done, then it will prove to be a nice introduction - a layman's candid encyclopedia, if you will.

A modern title, with much more advanced mathematical explanations, but a less candid tone, is Modern Cryptography, by Wenbo Mao; it's among the better modern books that attempts to cover cryptography, as a whole. It may be more demanding, though, as far as your current aptitude for mathematics is concerned. It may be easiest to begin with Applied Cryptography, as well as the Handbook of Applied Cryptography, from Menezes, van Oorschot, and Vanstone. which is available free, online; the latter is the most cost-effective option, to start off with. Use them as "cryptographic dictionaries, and where you see advice, try to compare that advice with cryptanalysis of recent years, which you'll find in various papers.

This is an "until then" case, where it should suffice until you're able to tackle the more in-depth literature. You may also consider Stinson's Cryptography: Theory and Practice; it appears to be a decent introduction, as well. A bit pricey, depending on where you shop, but a good read (decent, above-par introduction), nonetheless. So, search the forum a bit and see what suggestions you find; if you can't find any, we'll be glad to help you search for them. To help us out, what level of mathematics are you currently proficient in? (Or, at least comfortable enough to understand it in cryptographic context.)

In the meanwhile, do peruse through this thread, from which the following excerpt is lifted:

JustinT wrote:

The suggestions Martin has provided are excellent, in terms of introduction to the field, basic concepts, and current trends. As for Schneier's Applied Cryptography and Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography, I've given a few opinionated thoughts, here and there, on how to properly read aging literature on cryptography. I've also suggested reading Mao's Modern Cryptography, which is a mixture of the two aforementioned titles, in that it contains immense mathematical insight into cryptography, implementations, applications, modern notions of security, as well as the associated cryptanalytical theory to complement. Besides, it's a recently published book, so it has the added advantage of being fresh and up-to-date. If you are to use the other two titles, use them carefully, wisely, and as references.

This leads me to pointing out a "technique" for how to categorize modern literature on cryptography. First, you generally encounter two types of books: those that are encyclopaedically conceptual and those that are encyclopaedically trendy; Menezes, Oorschot, and Vanstone's Handbook of Applied Cryptography is an example of the former, while Schneier's Applied Cryptography is an example of the latter. Basically, with the former, you have a book that covers the mathematical basis of cryptography and general applications and implementation scenarios - it sticks with concepts. However, with the latter, you have these aspects as well, but instead of sticking with generalized concepts, you provide a snapshot of the varied trends that cryptography has been subject to, within that given frame of time - it strays into trends.

In cryptography, concepts will stay constant more than current trends, so you have to carefully juggle the validity of certain security notions. Although both titles still exhibit valid foundations in cryptography, Handbook of Applied Cryptography is a much safer book to read than Applied Cryptography, simply because the former is more conceptual and semantical; the latter contains many outdated trends and suggestions for notions that are no longer secure, or much less conservative. It's still a good book, but again - only if you know how to read it. It's more logical to recommend another book, though. The reason becomes more evident when actually implementing cryptography. Folks shouldn't design a cryptosystem based entirely on what they read from a book, but history has shown that they will; using an aging text book is one way in which insecure textbook implementations make it into practice. You can't blame the book, but you can recommend something more recent, with safer suggestions.

Second, you should pay attention to the tone of the book, because depending on the author, you will notice a significant difference in the opinionated views that influence the subject matter covered within the literature. Some books are based on widely-accepted generalizations, and oftentimes "preach to the choir", because you'll see many strikingly similar books that follow this approach; some are based on individualistic specializations, and may be viewed as partially radical, because they stray from the normality of most books, but are often just as logical. Schneier and Ferguson's Practical Cryptography is a fine example of a very opinionated, yet highly security-conservative, book. Not only are these views quite unique, but they adhere to philosophies and design methodologies of cryptographic security with higher margins than I've seen in any other contemporary book on the subject. It's based on a tremendous amount of solid cryptanalysis.

Understanding tone is important, because it helps you rationalize the different opinions you'll discover in this field, and comprehend the most efficient ways to make solid conclusions on why many cryptographers have strikingly different opinions, why many different logics can be good logics, and how to make an educated compromise in the opinions you construct for yourself, after reading such literature.

I have no qualms about suggesting any of the books mentioned in this thread, but if I were to recommend two predominant [in my opinion] books - one that introduced modern cryptographic mathematics, notions of security, implementations, applicable scenarios, general concepts, and cryptanalysis and the other that presented highly conservative philosophies and design methodologies with cryptanalysis in mind - it would definitely be, as of now, Modern Cryptography by Wenbo Mao and Practical Cryptography by Niels Ferguson and Bruce Schneier. There are different opinionated views throughout either book, but very reasonable compromises can be made between them. The former aids in properly comprehending cryptography as we conventionally know it and the latter aids in securely designing and deploying this conventional cryptography. An added plus is that even with a mediocre background in mathematics, they are exceptionally simple reads. Assuming U.S. prices, you can obtain both for around $105, roughly, based on cover prices (Modern Cryptography - $54.99 (hard jacket); Practical Cryptography - $50.00 (soft jacket)).

This will at least give you a nice boost into introductory cryptography, in the conventional sense, with a little scope into cryptanalysis. However, if you wish to learn more of cryptanalysis, it's beneficial to have a seasoned grasp on mathematical areas, such as, information theory, number theory, linear algebra, discrete mathematics, statistics, probability, combinatorics, complexity theory, group theory, field theory, and graph theory. There are several relatively great sources, such as Citeseer, Cryptology ePrint, and Springer-Verlag, for obtaining publications in cryptanalytical advancement, which essentially demonstrates the analysis of the security behind conventional cryptography, but this is conditional as to what you're interested in and how much you're willing to invest. Sometimes it's free; sometimes it's rather expensive. One step at a time, though. Keep in mind that my recommendations cover cryptography in the sense of "how it works" and "how to get it securely working for you." They aren't aimed at being nostalgic or classical (refer to Martin's suggestions for good choices in that realm). What are your tastes? At this point, are you capable of specifying any particular interests you wish to address?


It all boils down to what we're assuming about your current knowledge of cryptography, specifically, and mathematics, quantitatively. Some books may contrast in that their balance of what they assume, in regards to the reader's aptitude of these two things, may vary. Comprehending the mathematics makes it easier to grasp the concepts proposed in books.

One effective method is to progress with books that correspond to your level in mathematics. As you progress in mathematics, obtain more advanced books. High school and undergraduate mathematics cover most everything necessary to understand classical and conventional cryptography. As the books, and papers, become more specific and less general, the mathematics can become quite intense, so it's best to ease into the subject with patience and a reasonable approach.

Amitabh wrote:

Those are good books on general intro to crypto. However, I have been trying to find a good book on ECC, one that explains all the underlying concepts clearly and goes into advanced topics like pairings etc.. without much luck. any suggestions?


I have "Elliptic Curves: Number Theory and Cryptography (Discrete Mathematics and Its Applications), by Lawrence C. Washington; it has proven to be quite nice, for the most part, although it isn't entirely cryptographic. It is a decent treatment of elliptic curves, and how they apply to cryptography, however. An intermediate book, at the very least.

Wagstaff's "Cryptanalysis of Number Theoretic Ciphers" has a nice cryptanalytical view of elliptic curve cryptography, as well. Have you checked out any particular literature from Koblitz, et cetera? Perhaps this Amazon list may be useful.
Back to top
View user's profile Send private message Visit poster's website
B-Con
Just Arrived
Just Arrived


Joined: 29 Jul 2004
Posts: 8
Location: int main()

Offline

PostPosted: Thu May 05, 2005 8:48 am    Post subject: Reply with quote

Wow.... thanx for all the info Very Happy

I'll be sure to read and concider everything before ording books, thanx alot! Very Happy

Edit:

Justin,

you mentioned in this thread that Applied Cryptography is shown to be outdated when juxtaposed (I love that word, btw Wink ) with Practical Cryptography, would you then recommend Practical Cryptography as a more "updated" version of Applied Cryptography in that case?
Back to top
View user's profile Send private message Visit poster's website
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Fri May 06, 2005 10:47 am    Post subject: Distinct. Reply with quote

B-Con wrote:

Justin,

you mentioned in this thread that Applied Cryptography is shown to be outdated when juxtaposed (I love that word, btw Wink ) with Practical Cryptography, would you then recommend Practical Cryptography as a more "updated" version of Applied Cryptography in that case?


Not exactly. While there are sporadic portions of Practical Cryptography that read similarly to segments throughout Applied Cryptography, they are rather distinct books. I would recommend Practical Cryptography as a bible for implementing cryptography securely; comprehending the cryptography thoroughly is a prerequisite that it doesn't cover. Extracting general knowledge from the more introductory-type suggestions is a must; grasping it thoroughly is vital, as well.

Applied Cryptography was an attempt to create a composition that defined, in an encyclopedic way, cryptography for the layman. Terminology, from classical to modern cryptography, is introduced, and definitions are very lightly mathematical, and somewhat historical. It's a primer for the novice; a guide for the greenhorn. It doesn't assume much, as far as prerequisite cryptographic knowledge is concerned.

Practical Cryptography is a more specific book, which assumes much more. It assumes that you're already familiar with most everything covered in Applied Cryptography; it assumes this to the point of you being well-versed enough to implement it. Thus, this book serves as a model, instilling smart tactics for securely implementing cryptography. It's a supplement, whereas Applied Cryptography is more of a standalone dictionary of sorts.

The security advice given in Practical Cryptography will echo the out-dated nature of the advice given in Applied Cryptography, on many levels. Although, and fortunately enough, the tone is still much the same. Keep in mind, also, that as cryptanalysis progresses, so will security advice change, even with the same cryptographer; it will also vary, sometimes drastically, between cryptographers.

The more literature you read, the more opinionated you'll find the field to be. In other words, some cryptographers hold certain things with more precedence, and emphasis, than others. Some just flat out disagree. Fortunately, most differences allow one to arrive at a plausible trade-off. As you read, and begin to develop your own biased, educated opinions, you may find yourself making compromises. This is quite alright, provided there are no fatal conflicts or dangerous contradictions. Overall, just be aware that compromises in this field are natural, as are disagreements.
Back to top
View user's profile Send private message Visit poster's website
B-Con
Just Arrived
Just Arrived


Joined: 29 Jul 2004
Posts: 8
Location: int main()

Offline

PostPosted: Sat May 07, 2005 3:50 am    Post subject: Reply with quote

Thanks for the advice, I'll try to read both of them in that case.... Very Happy


btw, sorry, I didn't stop to think about whether double posting was acceptable in this forum, I should have just edited the first post Embarassed
Back to top
View user's profile Send private message Visit poster's website
Dark-Avenger
Just Arrived
Just Arrived


Joined: 21 Apr 2003
Posts: 0
Location: France

Offline

PostPosted: Sun May 08, 2005 11:14 pm    Post subject: Reply with quote

I like very much Neal Köblit's books. I like other great books but they are in French, so...
Back to top
View user's profile Send private message
andyyo
Just Arrived
Just Arrived


Joined: 10 May 2005
Posts: 0


Offline

PostPosted: Mon May 23, 2005 10:16 am    Post subject: Reply with quote

and I think this book is good too. "Modern Cryptography: Theory & Practice" , & author's name: Wenbo Mao
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Mon May 23, 2005 4:42 pm    Post subject: Reply with quote

hi,

That book is popular. I don' have a copy though.

Oded Goldreich's book are also good. Please see the link below

http://www.wisdom.weizmann.ac.il/~oded/books.html

Sarad.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register