Books in Review: Applied Cryptography
This is a book about modern cryptography–that is, it treats its subjects in a modern context. For example, the subject of symmetric cryptography is completed in little more than a page in chapter two; then the substance of the book begins. Many of the ideas covered are less than ten years old and most are less than twenty years old.
In his preface to this book, Whitfield Diffie notes that there was a hiatus in publishing on cryptography from the end of World War I until the publication of David Kahn’s history, The Codebreakers. Although Diffie is silent on the cause of this, it was the result of government policy. During the late 1960s, events began to conspire against the silence. Perhaps the most important event was the emergence of the automated teller machine, an application that simply could not be done in the clear. Whatever the cause, during the last twenty-five years thousands of papers, and dozens of books have been published on the subject.
Diffie goes on to note that this literature conceals much of the material that would be of interest to a programmer or engineer who simply wants to use cryptography to solve a problem. Such a person might perform an extensive search without finding the necessary information. This book is intended for that audience and meets a large part of its needs. Incidentally, it is of interest to those who are interested in the application of cryptography to security and in the security of cryptographic mechanisms.
Organization of the Book
The book is divided into a table of contents, a foreword by Whitfield Diffie, a preface by the author, the body, a list of references, and an index. In addition to what a forward normally does, this one attempts to put the book in the context of the literature of cryptography. The preface describes the author’s intent, the book, and the author’s expectations and instructions for its use.
The body of the book contains eighteen chapters. Seventeen of these are organized into four parts. The first chapter treats terminology, classical cryptography, and large numbers. The author divides cryptography into two classes. One class resists the efforts of nation states; the other resists hackers and others. Large numbers are needed to express the work factors (i.e., the cost of attack) against the first class.
Part 1, Chapters 2 through 6, deals with cryptographic protocols. Protocols are descriptions of uses or applications of cryptographic algorithms. In the case of cryptographic protocols, a protocol is a series of steps involving two or more parties, designed to accomplish a task. Although many assumptions about the existence of strong algorithms are used in this part, their discussion is postponed until Part 3.
The covered protocols range from the necessary (e.g., digital signatures and key exchange) to the esoteric (e.g., electronic voting and digital cash). The intent is not to promote or encourage these uses but to illustrate the breadth of potential applications, the security issues surrounding them, and how the protocols address them.
Part 2, Chapters 7 and 8, treat cryptographic techniques. Chapter 7 treats issues related to key length and key management. The chapter begins with the statement “The security of a symmetric cryptosystem is a function of the strength of the algorithm and the length of the key.” Although it is true that the security is a function of those two things, the author also acknowledges the role of the application. He postpones discussion of algorithms and takes up key length.
Although the treatment of key management is theoretically correct, it may be too theoretical for the readers of this journal. The book includes examples of flawed implementations of key management but no examples of correct key management. It discusses procedures of key management, but not the principles of good key management. For example, the author writes at length about the dangers of poor key selection and gives a number of manual procedures for choosing keys. He even references a key generation standard. However, he does not say that key generation should be automated and never manual. Similarly, he notes that storing rarely used keys for single users is trivial, but he does not say that keys should never appear in the clear outside the encryption mechanism.
Chapter 8 is entitled “Using Algorithms.” It deals with issues of composition and implementation. For example, it treats how to compose block ciphers to deal with data longer or shorter than a block.
Part 3, Chapters 9 through 17, is about algorithms; it takes up a third of the book. This is Where the author’s interest lies and it is why he wrote the book.
Chapter 9 is entitled “Mathematical Background” and treats the information, number, and complexity theories that are the basis for the modern understanding of cryptography. Not surprisingly, the first algorithm treated in depth (more depth than any other) is the Data Encryption Standard (DES). Because the history of modern public cryptography begins with the DES, understanding both the algorithm and its history are essential. This chapter is both thorough and accurate. For example, it tells the story of S-boxes, why they are important, how they got to look the way they do, and why they cannot be readily changed. It is an interesting story, well told.
Subsequent chapters in this section treat other block ciphers, one-way hash functions, and of course, public-key algorithms. Because public-key algorithms are so novel and powerful (and because they solve so many problems so well) understanding them is also important. For most of us most of the time, public-key is a matter of faith rather than understanding. For many purposes, faith is sufficient. However, it is nice to understand it well.
Part 4 is titled “The Real World” and deals with product implementations and with politics. Indeed, politics gets its own chapter. The chapter is arranged by institution and in the order of its importance as viewed by the author. It begins with the National Security Agency (NSA). The chapter is as interesting for what it does not say as for what it does say. For example, it is interesting (if not surprising) that the chapter goes on at length without ever mentioning congress or the administration. It provides useful reference information on the institutions including their addresses. It also provides important information on laws and regulations.
To the extent that politics can be defined as maneuvering within a political group to gain control or power this chapter is a little weak. It tells us the names of some, but not all, of the players. It tells us what their roles are. In some cases it tells us what they believe. What it fails to tell us is what their interests and motives are. For example, it tells us that the NSA believes that “cryptography is essential to national security.” However, this is only their rationale for behaving as they do. Their interest is the power, influence, budget, and jobs that derive from signals intelligence. Any real understanding of the politics begins here. Because a discussion of this would take the author off the ground of fact and onto that of opinion, he chose to avoid it. Although I understand and accept that decision, I would have been interested in what he had to say.
There is a fifth section that contains a collection of programs in C that implement many of the algorithms. (Although the programs are in a font that can be readily scanned, the government pretends that there is a difference between programs recorded on paper and those recorded on magnetic media. Because they have harassed authors and publishers who have included cryptographic programs on diskette, the author makes the diskettes available separately.)
As we noted earlier, this book has two other special sections, the references and the index. The reference section includes 908 citations, providing a complete bibliography on the topic. This bibliography is worth the price of the book.
In technical works the index is not just a formality but an essential part of the book. In the world of the computer, a complete index is fairly easy to achieve. Still, few are complete and many detract from otherwise extensive works. This one is a welcome exception to the rule.
Completeness and Currency
It is difficult to fault a book that covers so many things so well for its completeness. Nonetheless, from the perspective of the readership of this journal, there is at least one glaring omission. The text gives limited treatment to key management; it seems not to understand its importance. For example, it gives extensive treatment to RSA without noting that its principal application is to the management of keys.
It describes the IBM automatic key management system. However, it almost dismisses it without recognizing its importance. By automating the generation, distribution, installation, storage, changing, and destruction of keys, this mechanism does more for the security of cryptographic systems than does the strengthening of the cryptographic primitives. Even the NSA does not attack primitives if it can attack systems or keys.
Although the author is under no obligation to treat these issues (and they may not be of interest to him as a cryptographer) from our perspective as security people, they are important and necessary.
The book is timely in the sense that it hits the market at the right time. This may be the most popular book ever published on the topic, surpassing even David Kahn’s opus The Codebreakers. Certainly it is the most popular technical treatment. In addition, it is current in the sense of treating such topical subjects as Clipper.
A book on a technical topic should be accessible. The author manages to treat his field in language that those of us outside the field can understand and appreciate. He does so without talking down to us and in a manner that is consistent throughout the text. He manages to do so with some wit, particularly when treating politics. The politics of cryptography border on farce. The insistence of the US government on the truth of patently absurd propositions makes it difficult to treat the issue seriously. On the other hand, cryptography is too important to trade and commerce to be trivialized. Again, a delicate balance is indicated and the author has done an admirable job.
Although generally doing a good job of avoiding jargon, the author demonstrates an annoying tendency to drop into C just when the plot thickens. For example, he does this while explaining the solution to the problem of the derivation of RSA keys. It is not as accessible to me as the author’s lucid prose.
As noted earlier, the intended audience for this book is composed of engineers and programmers who have the need or opportunity to apply modern cryptography. Although I certainly can recommend it to that audience, it often requires an intuitive leap to recognize the broad applicability of the technology. In addition, although the text does a good job of addressing the attacks that such users and implementers must resist, it does not deal well with the typical and traditional errors in implementation that should be avoided. The history of the field is littered with flawed implementations. This book does a better job of telling the user and implementer what to do than it does of telling him what to avoid.
As to the readers of this publication, my recommendation is more enthusiastic and my reservations more limited. Although you are not the author’s intended audience, you are probably a better audience than he intended. Although weak on key management, this book explains a great deal of what security practitioners should know about cryptography without telling a great deal that is not of interest to them. It tells it in accessible manner and style.
Security people bring different special knowledge to the table than do cryptographers. Although they can do their jobs very well without our knowledge, we cannot do ours without their knowledge. This book profits us.