Cryptography in C and C++ [Paperback]

Michael Welschenbach (Author)

Book Description

Publication Date: March 14, 2001

Cryptography in C and C++ mainly focuses on the practical aspects involved in implementing public key cryptography methods, such as the RSA algorithm that was released from patent protection. It also gives both a technical overview and an implementation of the Rijndael algorithm that was selected as the Advanced Encryption Standard by the U.S. government. Author Michael Welschenbach avoids complexities by explaining cryptography and its mathematical basis in terms a programmer can easily understand.

This book offers a comprehensive yet relentlessly practical overview of the fundamentals of modern cryptography. It contains a wide-ranging library of code in C and C++, including the RSA algorithm, completed by an extensive Test Suite that proves that the code works correctly. Readers will learn, step by step, how to implement a platform-independent library for the all-important multiprecision arithmetic used in modern cryptography. This is followed by an implementation of the cryptographic algorithms themselves.

The CD-ROM includes all the programs presented in the book, x86 assembler programs for basic arithmetical operations, implementations of the new Rijndael Advanced Encryption Standard algorithm in both C and C++, and more.

Editorial Reviews

About the Author

Michael Welschenbach works for SRC Security Research & Consulting GmbH in Bonn, Germany. He graduated with a master's degree in mathematics from the University of Cologne, and has extensive experience in both pure and applied cryptological research. Currently, his favorite programming languages are C and C++. When not working, he enjoys spending time with his wife and two sons, programming, reading, and playing music.

Product Details

• Paperback: 432 pages
• Publisher: Apress (March 14, 2001)
• Language: English
• ISBN-10: 189311595X
• ISBN-13: 978-1893115958
• Product Dimensions: 9.1 x 7.6 x 1.1 inches
• Shipping Weight: 2.2 pounds
• Average Customer Review: 4.4 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #1,897,388 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

59 of 61 people found the following review helpful:

4.0 out of 5 stars Helpful, June 18, 2001

By 

Dr. Lee D. Carlson (Baltimore, Maryland USA) - See all my reviews
(VINE VOICE)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Cryptography in C and C++ (Paperback)

This book is an introduction to cryptography from a practical perspective and emphasizes how to write the code to implement it in real-world applications. The author has chosen the languages C and C++ to write the code, and this is acceptable since current cryptographic algorithms are usually written in these languages. The RSA and the new Rijndael algorithms are treated in detail, but unfortunately, the author has chosen not to discuss elliptic curve cryptography. The level of the book is suitable for the newcomer to cryptography, and assumes a strong knowledge of C and C++. Some background in number theory and algebra is also assumed.

In chapter 1, the author discusses briefly how the natural numbers are constructed via the Peano axioms. This discussion could have been omitted easily, for not enough detail is given, and one only needs to assume the natural numbers for the purpose of a book such as this. A full treatment of the construction of the natural numbers can be found elsewhere. The software used in the book is summarized in this chapter.

In chapter 2, the author begins to discuss the most important initial task for any implementation of cryptography, namely the problem of representing large numbers in computer memory. For performance reasons, the author chooses not to use dynamic memory management for large numbers, but instead uses a definition of static length. Large integers are represented by means of "unsigned short int". The software in the book makes use of assembler functions for high performance arithmetic. Chapter 3 then discusses briefly the semantics of the function interface, with the usual discussion about output versus return values.

Chapter 4 discusses C functions for arithmetic; there are some sentences that have unclear meaning possibly because of the translation. Karatsuba multiplication is treated and its performance compared with the usual multiplication, but is not used in the book. The division algorithm receives a very detailed treatment. This is followed in the next two chapters by a discussion of modular arithmetic. The important Montgomery algorithm is treated, and its importance in cryptography is discussed in great detail. This is followed in the next chapter by the functions used for implementing bitwise operations.

After a treatment of assignment and I/O in chapter 8, the author shows how to create functions for manipulating registers. This is a very helpful discussion, and implements ideas from the literature that are not usually found in books. Then in chapter 9, the author constructs C functions to do more high-level number-theoretic arithmetic, such as finding the multiplicative inverse and square roots in residue class rings. In addition, the author discusses in detail the Rabin, Fiat, and Shamir encryption schemes that use quadratic residues and their roots. A very nice discussion is then given on primality testing, including the Solvay-Strassen probabilistic primality test.

In chapter 11, a very short overview of random number generation is given. The Brent algorithm for determining periodicity is discussed, along with the chi-square test. The Blum-Blum-Shub algorithm for generating pseudorandom numbers is implemented in C.

The importance of testing algorithms is treated in chapter 12, the author being aware of the ISO 9000 standard. It is very helpful that a discussion of testing be included in a book on cryptography, given the importance of security in modern business and military applications. Although this chapter is merely a short overview of software testing, the author does give many references and has included many test functions in C for the software developed in the book. The author returns to the topic of software testing in C++ in chapter 17 of the book.

The author switches gears in the next chapter, which begins the second half of the book, where he begins to use C++ to develop the cryptographic code. In this chapter and the next, the constructors used for generating the large-integer objects are given, along with the operator overloading needed for processing these objects and the built-in C++ integer types simultaneously. Stream classes are used to define the functions for the formatted input of the large-integer objects. In this public interface, the author distinguishes between arithmetic and number theoretic functions. The latter do not overwrite the implicit first argument with the result, as do arithmetic functions, and so return values instead of pointers. Manipulators are used to control the output format for large-integer objects. This is followed in the next chapter by a short treatment of exception handling for the software developed in the book.

Finally in Chapter 16, the author discusses the RSA cryptosystem, and in great detail. The idea of an asymmetric cryptosystem is discussed, and the RSA algorithm is implemented using C. The author discusses the strengths and weaknesses of the RSA algorithm, along with a discussion of digital RSA signatures. The algorithm is then implemented in C++ at the end of the chapter in great detail. Readers who have not seen the coding involved with the implementation of the RSA algorithm will definitely appreciate the treatment here.

The last chapter of the book covers the new Rijndael algorithm and the Advanced Encryption Standard is discussed. This is the first time I have seen a discussion of the algorithm in a book, and the author does a good job. After a review of polynomial arithmetic over finite fields, the author outlines in detail the constructions employed in the algorithm. The reader is expected to know what a Feistel algorithm is though, since the author only devotes one sentence of explanation as to what it is. Although Feistel networks have long been employed in cryptography, newcomers to the field need a little more discussion here. On the enclosed CD-ROM, the author gives three implementations of the Rijndael algorithm.

21 of 21 people found the following review helpful:

4.0 out of 5 stars Good book -- Wrong title, April 17, 2004

By A Customer

This review is from: Cryptography in C and C++ (Paperback)

If truth in titling were a crime, someone would be in leg-irons over this one. This book should be entitled, "A Detailed Account of the Construction of a Large-Precision Number Library of the Sort that can be Used for RSA and Similar Cryptographic Systems, with a few Examples." The book fulfills this latter title exceptionally well.

The great majority of this book is a detailed, step-by-step account of the how the author constructed a C-language big-number library. It treats wrapping the C-libraries with C++ classes as a separate chapter -- nice touch. This treatise is thorough, well-written, and engaging. Nicely done. It is written from a mathematicians perspective, and its mathematical underpinnings may repel some programmers, but they need not fear. In the end the C-code is well-explained.

The only "cryptography" of note is a chapter on implementing RSA with the library. Indeed, the great majority of implementing RSA and similar ciphers is creating the big-number libraries. The RSA chapter is, fortunately, much more than a simple example. It is an excellent treatise of the pitfalls in implementing RSA. That is, RSA is more than a "simple example." If you are implemeting RSA with any big-number library, this chapter alone is worth the cost of admission.

There is a chapter on AES (Rijndael) cipher, but it is out of place here and an obvious paste-on, probably a last minute, hot-button item required by the publisher. It really has nothing you can't get from the original NIST documents on AES.

I'm willing to believe that the title and AES paste-on are the fault of the publisher, because otherwise Welschenbach did an excellent job -- lots of hard and careful work, well documeted. With a title-change, I'd give it a 5-star.

The question in the end is: Why would you want this book? Apart from general interest, the audiences that come to my mind are those who are constructing such libraries on their own, and those who need to use the software included with the book (on a non-commercial basis -- the software license prohibits commercial use).

15 of 16 people found the following review helpful:

3.0 out of 5 stars half large, numbers half cryptography, December 31, 2001

By 

"thecyberpunk" (Barrington, IL United States) - See all my reviews

This review is from: Cryptography in C and C++ (Paperback)

This book is a great book, but I think the author spent too much time on numbers, and not enough on cryptography. Yes, cryptopgraphy is 95% number theory, but much of the book was creating a library for large numbers, learning to add, subtract, multiply, and divide in their lowest levels. The last few chapters are the only chapters that get into RSA and AES.
If this is what you are looking for than this book is for you, otherwise I recomend "Handbook of Applied Cryptography".