Author: Alasdair McAndrew
Publisher: CRC Press
Pages: 461
ISBN: 978-1439825709
Aimed at: Computer science students and practitioners
Rating: 5
Pros: Good theoretical/mathematical approach, which combines the practicals needed  
Cons: Slightly misleading title
Reviewed by: Mike James

A book about using the open source Sage algebra system to illustrate the theory of cryptography - sounds interesting ...

Author: Alasdair McAndrew
Publisher: CRC Press
Pages: 461
ISBN: 978-1439825709
Aimed at: Computer science students and practitioners
Rating: 5
Pros: Good theoretical/mathematical approach, which combines the practicals needed  
Cons: Slightly misleading title
Reviewed by: Mike James

The biggest problem with this book is its title. If you are expecting a book that explains how to use digital certificates or perform encryption using open source applications this is not the book you want. Instead what it is about is using the open source Sage algebra system to illustrate the theory of cryptography. It would make a great first course in cryptography but it is also easy enough to read to make it suitable for solitary study.

The book starts off with a very general but useful over view of cryptography. The first part of this is fairly obvious but it very quickly moves on to consider the standard cryptographic tasks - key exchange, signing, voting etc. It all helps to set the scene and motivate the need for cryptography in other settings than just encrypting a message. There is a glossary of new terms at the end of chapter and this does prove useful. There are also some exercises including some based on Sage but no answers are provided.

Chapter 2 is where the theory begins and it's a crash course in number theory. It is here that Sage is mentioned for the first time. This is a little strange because if you have missed the fact that Sage features in the book you are going to be confused. My advice is to read Appendix A - an introduction to Sage - before you make a start on the book. I hope that in the next edition Appendix A is converted into an initial chapter - call it Chapter 0 if you must!

The biggest problem with chapter 2 is more a missed opportunity than anything else. The ideas - such as Euclid's algorithm - are introduced very clearly, but without an accompanying program to show how things work. When we get to something more complicated then Sage is used, but there is plenty of scope for introducing its use to demonstrate and explore much simpler ideas.

Chapter 3 starts on explaining how number theory applies to cryptography with a survey of the classical cryptosystems and how they can be broken - or in the case of the one-time pad how they cannot be broken. It really does cover the classics - Caesar, Translation, Transposition, Vigenère, one-time pad, permutation and matrix cyphers.

Chapter 4 is another theory chapter with an introduction to information theory. Then on to public key cryptosystems with detailed examination of RSA and Rabin complete with examples in Sage. Chapter 6 extends the look at public key systems to the less common El Gamal and Knapsack systems. Chapter 7 is on using public key systems to create digital signatures.

Chapter 8 moves on to block cyphers and eventually a detailed look at DES. Chapter 9 is another theory chapter and it explains finite fields. Then back to practical things with an examination of AES, hash functions, elliptic curves and random numbers and cypher streams. And if you thought that this was beginning to sound advanced the final chapter is on advanced applications and protocols including zero knowledge proofs, digital cash and voting protocols. Appendix B also has a look at advanced computational  number theory if you decide that you need some additional theory.

Overall this is an excellent book. It is far from the theorem-proof format and it does try to explain the ideas and motivate the reader. The pattern of mixing some theory followed by some practice is good at keeping the less theory minded reader rolling along as the need for the theory becomes all too  apparent. Some might criticize the book for being ??too informational and for not making the mathematics more rigorous - but there are plenty of alternatives that take this approach. The use of Sage for the programming language, why not Mathematica, Maple or ... but Sage is open source and based on Python so it is low cost and fairly easy to use. I for one am pleased to have been introduced to it via this book and I'm sure I'll use it again for other projects.

The verdict has to be that this is a really good book. If you want to master cryptography this is a great place to start.