Customer Reviews

Cryptography in C and C++

5 star:		(7)
4 star:		(3)
3 star:		(2)
2 star:		(0)
1 star:		(0)

 

 

This book is an introduction to cryptography from a practical perspective and emphasizes how to write the code to implement it in real-world applications. The author has chosen the languages C and C++ to write the code, and this is acceptable since current cryptographic algorithms are usually written in these languages. The RSA and the new Rijndael algorithms are treated in detail, but unfortunately, the author has chosen not to discuss elliptic curve cryptography. The level of the book is suitable for the newcomer to cryptography, and assumes a strong knowledge of C and C++. Some background in number theory and algebra is also assumed.

In chapter 1, the author discusses briefly how the natural numbers are constructed via the Peano axioms. This discussion could have been omitted easily, for not enough detail is given, and one only needs to assume the natural numbers for the purpose of a book such as this. A full treatment of the construction of the natural numbers can be found elsewhere. The software used in the book is summarized in this chapter.

In chapter 2, the author begins to discuss the most important initial task for any implementation of cryptography, namely the problem of representing large numbers in computer memory. For performance reasons, the author chooses not to use dynamic memory management for large numbers, but instead uses a definition of static length. Large integers are represented by means of "unsigned short int". The software in the book makes use of assembler functions for high performance arithmetic. Chapter 3 then discusses briefly the semantics of the function interface, with the usual discussion about output versus return values.

Chapter 4 discusses C functions for arithmetic; there are some sentences that have unclear meaning possibly because of the translation. Karatsuba multiplication is treated and its performance compared with the usual multiplication, but is not used in the book. The division algorithm receives a very detailed treatment. This is followed in the next two chapters by a discussion of modular arithmetic. The important Montgomery algorithm is treated, and its importance in cryptography is discussed in great detail. This is followed in the next chapter by the functions used for implementing bitwise operations.

After a treatment of assignment and I/O in chapter 8, the author shows how to create functions for manipulating registers. This is a very helpful discussion, and implements ideas from the literature that are not usually found in books. Then in chapter 9, the author constructs C functions to do more high-level number-theoretic arithmetic, such as finding the multiplicative inverse and square roots in residue class rings. In addition, the author discusses in detail the Rabin, Fiat, and Shamir encryption schemes that use quadratic residues and their roots. A very nice discussion is then given on primality testing, including the Solvay-Strassen probabilistic primality test.

In chapter 11, a very short overview of random number generation is given. The Brent algorithm for determining periodicity is discussed, along with the chi-square test. The Blum-Blum-Shub algorithm for generating pseudorandom numbers is implemented in C.

The importance of testing algorithms is treated in chapter 12, the author being aware of the ISO 9000 standard. It is very helpful that a discussion of testing be included in a book on cryptography, given the importance of security in modern business and military applications. Although this chapter is merely a short overview of software testing, the author does give many references and has included many test functions in C for the software developed in the book. The author returns to the topic of software testing in C++ in chapter 17 of the book.

The author switches gears in the next chapter, which begins the second half of the book, where he begins to use C++ to develop the cryptographic code. In this chapter and the next, the constructors used for generating the large-integer objects are given, along with the operator overloading needed for processing these objects and the built-in C++ integer types simultaneously. Stream classes are used to define the functions for the formatted input of the large-integer objects. In this public interface, the author distinguishes between arithmetic and number theoretic functions. The latter do not overwrite the implicit first argument with the result, as do arithmetic functions, and so return values instead of pointers. Manipulators are used to control the output format for large-integer objects. This is followed in the next chapter by a short treatment of exception handling for the software developed in the book.

Finally in Chapter 16, the author discusses the RSA cryptosystem, and in great detail. The idea of an asymmetric cryptosystem is discussed, and the RSA algorithm is implemented using C. The author discusses the strengths and weaknesses of the RSA algorithm, along with a discussion of digital RSA signatures. The algorithm is then implemented in C++ at the end of the chapter in great detail. Readers who have not seen the coding involved with the implementation of the RSA algorithm will definitely appreciate the treatment here.

The last chapter of the book covers the new Rijndael algorithm and the Advanced Encryption Standard is discussed. This is the first time I have seen a discussion of the algorithm in a book, and the author does a good job. After a review of polynomial arithmetic over finite fields, the author outlines in detail the constructions employed in the algorithm. The reader is expected to know what a Feistel algorithm is though, since the author only devotes one sentence of explanation as to what it is. Although Feistel networks have long been employed in cryptography, newcomers to the field need a little more discussion here. On the enclosed CD-ROM, the author gives three implementations of the Rijndael algorithm.

If truth in titling were a crime, someone would be in leg-irons over this one. This book should be entitled, "A Detailed Account of the Construction of a Large-Precision Number Library of the Sort that can be Used for RSA and Similar Cryptographic Systems, with a few Examples." The book fulfills this latter title exceptionally well.

The great majority of this book is a detailed, step-by-step account of the how the author constructed a C-language big-number library. It treats wrapping the C-libraries with C++ classes as a separate chapter -- nice touch. This treatise is thorough, well-written, and engaging. Nicely done. It is written from a mathematicians perspective, and its mathematical underpinnings may repel some programmers, but they need not fear. In the end the C-code is well-explained.

The only "cryptography" of note is a chapter on implementing RSA with the library. Indeed, the great majority of implementing RSA and similar ciphers is creating the big-number libraries. The RSA chapter is, fortunately, much more than a simple example. It is an excellent treatise of the pitfalls in implementing RSA. That is, RSA is more than a "simple example." If you are implemeting RSA with any big-number library, this chapter alone is worth the cost of admission.

There is a chapter on AES (Rijndael) cipher, but it is out of place here and an obvious paste-on, probably a last minute, hot-button item required by the publisher. It really has nothing you can't get from the original NIST documents on AES.

I'm willing to believe that the title and AES paste-on are the fault of the publisher, because otherwise Welschenbach did an excellent job -- lots of hard and careful work, well documeted. With a title-change, I'd give it a 5-star.

The question in the end is: Why would you want this book? Apart from general interest, the audiences that come to my mind are those who are constructing such libraries on their own, and those who need to use the software included with the book (on a non-commercial basis -- the software license prohibits commercial use).

This book is a great book, but I think the author spent too much time on numbers, and not enough on cryptography. Yes, cryptopgraphy is 95% number theory, but much of the book was creating a library for large numbers, learning to add, subtract, multiply, and divide in their lowest levels. The last few chapters are the only chapters that get into RSA and AES.
If this is what you are looking for than this book is for you, otherwise I recomend "Handbook of Applied Cryptography".

If you are interested or involved in any way in both C/C++ development and cryptography, this book is a must.
It contains all the bases and details of the most important algorithms, RSA and Rijndael:

- If you need mathematical information about cryptography everything is clearly explained.
- If (like me)you want to experiment with practical cryptography, you will be using the RSA routines in minutes, on both VC++ or Linux.

The code is simple, clear, compact. Great book !

Finally a very good solution is available to overcome limitations in built-in data types!!we are a group of students from Velammal engineering college in India doing a project in cryptography.But we had problem in handling very large numbers that most of the cryptographic algorithms require.We searched the net but in vain it was similar to flogging a dead
horse.
And then we found the book "CRYPTOGRAPHY IN C" by MICHAEL WELSCHENBACH.A book we recommend for all the students interested in cryptography.Not just cryptography but to any other problem involving very large numbers.
The perfect guide to break the chains of built-in data types.
A must for every professional and students interested in Cryptography.Anyone having some knowledge in C can refer this wonderful book and wonder why such ideas never occured to them.

This book will only be appealing to avid crypto fans. The book takes the abstract concept of contemporary algorithms and provides mechanisms for the user to contstruct concrete examples in C & C++ computer code. A rare advanced crypto book that also provides the reader with the mechanisms to explore the various aspects of contemporary advanced crypto ideas in programs. Welschenbach provides the boilerplate code for integrating these highly esoteric functions in C. Invaluable if you have both crypto knowledge and programming acumen.

This book offers a practical and relatively easy to read description of implementing cryptography algorithms, especially RSA, in software. Most books in the field are highly mathematical. This book covers all of the necessary mathematics, but also explains how to efficiently implement the mathematics in C. It covers many of the real-life issues in building security software. As a researcher in the field, I found the book very helpful.

I was hoping to gain some knowledge concerning software development of encryption/decryption in AES. Unfortunately the book was mainly about the development of various math functions needed to deal with integers of greater than 1300 digits and how they apply to encryption. Although the source code provided was interesting, the descriptions included to support the understanding of the functions was to a depth I could not follow.

Short answer: Good book, wrong content.

Very complete book ; but is oriented on mathemathic alghoritm to create very hight performance code.

This book is really good for beginners in cryptography. However, the most useful thing in the book is the source code, which can be used for programming your own crypto protocols. I would give this 5/5 rating.