Modern Cryptography: Theory and Practice [Hardcover]

Wenbo Mao (Author)

Book Description

ISBN-10: 0130669431 | ISBN-13: 978-0130669438 | Publication Date: August 4, 2003 | Edition: 1

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal-world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

Editorial Reviews

From the Back Cover

"This book would be a good addition to any cryptographer's bookshelf. The book is self-contained; it presents all the background material to understand an algorithm and all the development to prove its security. I'm not aware of another book that's as complete as this one."

--Christian Paquin, Cryptographic/Security Developer, Silanis Technology Inc. "The book is both complete, and extraordinarily technically accurate. It would certainly be a useful addition to any cryptographer's or crypto-engineer's library."

--Marcus Leech, Advisor, Security Architecture and Planning, Nortel Networks Build more secure crypto systems--and prove their trustworthiness Modern Cryptography is the indispensable resource for every technical professional who needs to implement strong security in real-world applications.

Leading HP security expert Wenbo Mao explains why "textbook" crypto schemes, protocols, and systems are profoundly vulnerable by revealing real-world-scenario attacks. Next, he shows how to realize cryptographic systems and protocols that are truly "fit for application"--and formally demonstrates their fitness. Mao presents practical examples throughout and provides all the mathematical background you'll need.

Coverage includes:

• Crypto foundations: probability, information theory, computational complexity, number theory, algebraic techniques, and more
• Authentication: basic techniques and principles vs. misconceptions and consequential attacks
• Evaluating real-world protocol standards including IPSec, IKE, SSH, TLS (SSL), and Kerberos
• Designing stronger counterparts to vulnerable "textbook" crypto schemes

Mao introduces formal and reductionist methodologies to prove the "fit-for-application" security of practical encryption, signature, signcryption, and authentication schemes. He gives detailed explanations for zero-knowledge protocols: definition, zero-knowledge properties, equatability vs. simulatability, argument vs. proof, round-efficiency, and non-interactive versions.

About the Author

WENBO MAO, PhD, is a Technical Contributor to the Trusted Systems Lab at Hewlett-Packard Laboratories, Bristol, UK. Mao leads HP's participation and research activities in Computer Aided Solutions to Secure Electronic Commerce Transactions (CASENET), a research project funded by the European Union. His research interests include cryptography, computer security, and formal methods. He is a member of the International Association for Cryptographic Research (IACR), the Institute of Electrical and Electronics Engineers (IEEE), and the British Computer Society (BCS).

See all Editorial Reviews

Product Details

• Hardcover: 648 pages
• Publisher: Prentice Hall; 1 edition (August 4, 2003)
• Language: English
• ISBN-10: 0130669431
• ISBN-13: 978-0130669438
• Product Dimensions: 9.4 x 6.5 x 1.5 inches
• Shipping Weight: 2.9 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #1,005,799 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

51 of 51 people found the following review helpful:

5.0 out of 5 stars Impressive, September 13, 2003

By 

John Viega (Boston, MA) - See all my reviews

This review is from: Modern Cryptography: Theory and Practice (Hardcover)

Modern Cryptography is by far the best first text on cryptography I've ever seen, blowing books like Applied Cryptography out of the water. It's a clear treatment that focuses on building practical systems, focusing on how to avoid common pitfalls.

The focus of this book is the correct design of cryptographic protocols that resist attack. This is in contrast to books like Applied Cryptography, which focuses on the tools and the building blocks used to construct systems, glossing over how to use those things together to build strong systems. While the innards of block ciphers and so on can be interesting, Schneier himself is prone to saying something along the lines of, "The world is filled with insecure systems built by people who read Applied Cryptography". That is, in order to build secure systems with cryptography, one should understand how to use cryptographic tools properly. We do not need to know how the tools themselves work... we can take it for granted as long as we understand their behavior.

It must be said that the average person shouldn't be designing their own cryptographic protocols, either. One of the things this book does well is demonstrate the large number of non-intuitive ways in which cryptographic protocols can go wrong. For example, the chapters on authentication schemes demonstrate a large number of schemes authored by reputable cryptographers that turned out to have significant weaknesses.

For the above reason, this probably isn't a text that needs to be on everybody's desk. I would say it is essential for anyone who wants to understand why protocol design is so hard, and it is also valuable to the few people who will go on to build new protocols, particularly graduate students in cryptography.

Here's what I like about the book:
- Cryptography is a rapidly evolving field, and this book is quite up to date, covering AES and other recent protocols. This is quite in contrast to books like Applied Cryptography, which is painfully out of date.

- The text is pretty lucid, staying away from arcane mathematical symbols when possible, and explaining them well when not. While it's a bit more math-y and not quite as fun to read as Applied Cryptography, it is nearly as good in this respect, and the content is far better.

- It's the first book I've seen to do a good job covering the state of the art in provable security techniques. It introduces fairly recent provable security models, and does so in a way that it doesn't take a mathematician to understand.

- Its coverage of topics is great, particularly in that it spends much time examining real-world protocols such as SSL/TLS, SSH and Kerberos.

If you are in the target audience for this book, you won't regret buying it. Even at the $54.99 list price (which is what I paid, sadly), you shouldn't feel even remotely cheated, particularly considering the fact that there are shorter books with only a fraction of the content that cost a lot more.

23 of 27 people found the following review helpful:

3.0 out of 5 stars Good reference, poorly edited, May 19, 2004

By 

Zeph Grunschlag "cryptomathic" (New York, NY USA) - See all my reviews

This review is from: Modern Cryptography: Theory and Practice (Hardcover)

What's great about Mao's book is that so many aspects of cryptography are covered in an approachable manner and with many good examples.
What's not so great about Mao's book is that it is chock full of errors. There are many mathematical typos. But what really kills this book for me are the ridiculous number of English mistakes - on average about two or three per page. Most mistakes are simple grammatical mistakes that can be re-parsed by the reader on the fly. However, there are more serious errors that make it very difficult to understand the meaning of significant passages and concepts.
Given Mao's refreshing conversational style it's a real shame that Prentice Hall couldn't come up with some decent editing. Hopefully a second edition will fix this.

10 of 11 people found the following review helpful:

4.0 out of 5 stars It's a College TextBook, November 23, 2004

By 

Hugh K. Boyd (Fayetteville, GA) - See all my reviews
(REAL NAME)   

This review is from: Modern Cryptography: Theory and Practice (Hardcover)

It's a pretty good one too, but it's still a college text. The orientation of this book is far more theoretical than practical, complete with abstract mathematical notation that sometimes does more to confuse than to elucidate (although the author, to his credit, includes a glossary of mathematical notation early in the text). Still, the book is complete and up-to-date, covering everything from probability theory and number theory through the latest stuff on PKI, symmetric crypto (including AES), and authentication.

Cryptography is not an easy subject, and this book will take a while to wade through for all but the most mathematically astute readers. Nonetheless, for those wanting a "deep dive" into the theoretical underpinnings of the subject, this is a good book. Security practitioners will likely find Schneier's "Applied Cryptography" an easier, more enjoyable, and equally beneficial read, although it is due for an update.