Introduction to cryptography. Principles and applications (Q5948139)

Introduction to Cryptography discusses basic and also some more advanced aspects of public-key cryptography. However, despite the promising title, the symmetric-key cryptography is overviewed only very briefly. Moreover, sections dealing with stream ciphers and block ciphers are not balanced. This can lead to disappointment at the beginning of the book --- it could have a more appropriate and also more attractive name. The book is intended as a course on cryptography for advanced undergraduate and graduate students in computer science, mathematics, and electrical engineering. It is divided into 10 chapters, but virtually consists of two parts: The first one (Chapters 1-4) introduces basic concepts of cryptography (mainly of public-key cryptography), and is written in more informal language. The second one (Chapters 5-10) builds some advanced cryptographic structures like one-way functions or pseudorandom bit generators on a strict mathematical basis and deals also with provable security. Each chapter closes with a collection of exercises; answers to them can be found on the web page of the book. The first chapter --- Introduction --- briefly overviews the book and gives definitions of fundamental cryptographic primitives like encryption, decryption, message authentication code, digital signature, and cryptographic protocols. A basic classification of attacks against encryption systems is presented here. The last section of the chapter deals with the basic notion of provable security; perfect and computational secrecy are informally defined. Chapter 2 gives a brief explanation of symmetric-key encryption. On a few pages, it defines stream ciphers, demonstrating them on the one-time pad, and block ciphers, giving a rather awkward description of DES as an example. For block ciphers, standard modes of operation are also presented, and their properties are discussed. The authors also shortly mention the new AES without detailed description. Chapter 3 focuses on principles of public-key cryptography and their application for encryption and digital signatures. It covers three classes of public-key cryptosystems, each based on the difficulty of one mathematical problem: the integer factorization problem with RSA encryption and signature scheme; the discrete logarithm problem with ElGamal encryption and signature scheme and DSA signature scheme; and the modular square root problem with Rabin encryption and signature scheme. For each scheme, security properties are discussed, and what is very rarely found in introductory textbooks, also secure implementation of encryption of short messages, the so-called optimal asymmetric encryption padding scheme, is presented. For simplicity, the book does not address elliptic curve cryptography, however, not mentioning them at all and not comparing the underlying mathematical problems leaves a non-negligible gap. Chapter 4 is devoted to cryptographic protocols. This chapter covers a wide variety of protocols of different types: key exchange, entity authentication, identification, zero-knowledge, commitment, electronic elections, and digital cash schemes. While Chapters 1-4 introduce the public-key cryptography in a rather informal way, the rest of the book focuses on precise mathematical definitions of some cryptographic primitives and on proofs of their properties including security. The notions and definitions are built here step by step, thus the reader is advised to read these chapters sequentially and not to skip any one of them. Firstly, Chapter 5 explains probabilistic algorithms; then Chapter 6 defines uniform sampling algorithms and subsequently gives a formal definition of one-way functions and their hard core predicates. On this basis, the bit security of systems informally described in Chapter 3 is studied. The last three chapters demonstrate how close randomness and cryptographic security are related. Chapter 8 studies pseudorandom bit generators derived from one-way functions with hard-core predicates and their computational indistinguishability from a true random generator. Chapter 9 covers provable security of encryption schemes. Shannon's theory and a proof of unconditional security of the one-time pad is presented, and usage of perfect pseudorandom bit generators for generation of key streams is analyzed. The final section discusses the design of practical cryptosystems based on the one-time pad that are provably close to perfect security, but unlike the public-key cryptosystems without relying on unproven assumptions --- two models of key agreement are presented: one with limited storage capacity available to an adversary, and one with a noisy channel. The last chapter deals with provable secure signature schemes. Different types of attacks against signature schemes are defined, and two signature schemes secure against adaptively chosen message attacks are presented. Two appendices provide necessary mathematical prerequisites. Appendix A covers necessary background in algebra and number theory, Appendix B in probability and information theory. The book provides a useful introduction to public-key cryptography with the exception of elliptic curve cryptography. It gives not only a standard informal description of the key structures, but presents also strict mathematical definitions and proofs of some cryptographic properties.