Cryptography in C and C++, w. CD-ROM [Englisch] [Taschenbuch]

In chapter 1, the author discusses briefly how the natural numbers are constructed via the Peano axioms. This discussion could have been omitted easily, for not enough detail is given, and one only needs to assume the natural numbers for the purpose of a book such as this. A full treatment of the construction of the natural numbers can be found elsewhere. The software used in the book is summarized in this chapter.

In chapter 2, the author begins to discuss the most important initial task for any implementation of cryptography, namely the problem of representing large numbers in computer memory. For performance reasons, the author chooses not to use dynamic memory management for large numbers, but instead uses a definition of static length. Large integers are represented by means of "unsigned short int". The software in the book makes use of assembler functions for high performance arithmetic. Chapter 3 then discusses briefly the semantics of the function interface, with the usual discussion about output versus return values.

Chapter 4 discusses C functions for arithmetic; there are some sentences that have unclear meaning possibly because of the translation. Karatsuba multiplication is treated and its performance compared with the usual multiplication, but is not used in the book. The division algorithm receives a very detailed treatment. This is followed in the next two chapters by a discussion of modular arithmetic. The important Montgomery algorithm is treated, and its importance in cryptography is discussed in great detail. This is followed in the next chapter by the functions used for implementing bitwise operations.

After a treatment of assignment and I/O in chapter 8, the author shows how to create functions for manipulating registers. This is a very helpful discussion, and implements ideas from the literature that are not usually found in books. Then in chapter 9, the author constructs C functions to do more high-level number-theoretic arithmetic, such as finding the multiplicative inverse and square roots in residue class rings. In addition, the author discusses in detail the Rabin, Fiat, and Shamir encryption schemes that use quadratic residues and their roots. A very nice discussion is then given on primality testing, including the Solvay-Strassen probabilistic primality test.

In chapter 11, a very short overview of random number generation is given. The Brent algorithm for determining periodicity is discussed, along with the chi-square test. The Blum-Blum-Shub algorithm for generating pseudorandom numbers is implemented in C.

The importance of testing algorithms is treated in chapter 12, the author being aware of the ISO 9000 standard. It is very helpful that a discussion of testing be included in a book on cryptography, given the importance of security in modern business and military applications. Although this chapter is merely a short overview of software testing, the author does give many references and has included many test functions in C for the software developed in the book. The author returns to the topic of software testing in C++ in chapter 17 of the book.

The author switches gears in the next chapter, which begins the second half of the book, where he begins to use C++ to develop the cryptographic code. In this chapter and the next, the constructors used for generating the large-integer objects are given, along with the operator overloading needed for processing these objects and the built-in C++ integer types simultaneously. Stream classes are used to define the functions for the formatted input of the large-integer objects. In this public interface, the author distinguishes between arithmetic and number theoretic functions. The latter do not overwrite the implicit first argument with the result, as do arithmetic functions, and so return values instead of pointers. Manipulators are used to control the output format for large-integer objects. This is followed in the next chapter by a short treatment of exception handling for the software developed in the book.

Finally in Chapter 16, the author discusses the RSA cryptosystem, and in great detail. The idea of an asymmetric cryptosystem is discussed, and the RSA algorithm is implemented using C. The author discusses the strengths and weaknesses of the RSA algorithm, along with a discussion of digital RSA signatures. The algorithm is then implemented in C++ at the end of the chapter in great detail. Readers who have not seen the coding involved with the implementation of the RSA algorithm will definitely appreciate the treatment here.

The last chapter of the book covers the new Rijndael algorithm and the Advanced Encryption Standard is discussed. This is the first time I have seen a discussion of the algorithm in a book, and the author does a good job. After a review of polynomial arithmetic over finite fields, the author outlines in detail the constructions employed in the algorithm. The reader is expected to know what a Feistel algorithm is though, since the author only devotes one sentence of explanation as to what it is. Although Feistel networks have long been employed in cryptography, newcomers to the field need a little more discussion here. On the enclosed CD-ROM, the author gives three implementations of the Rijndael algorithm.

The great majority of this book is a detailed, step-by-step account of the how the author constructed a C-language big-number library. It treats wrapping the C-libraries with C++ classes as a separate chapter -- nice touch. This treatise is thorough, well-written, and engaging. Nicely done. It is written from a mathematicians perspective, and its mathematical underpinnings may repel some programmers, but they need not fear. In the end the C-code is well-explained.

The only "cryptography" of note is a chapter on implementing RSA with the library. Indeed, the great majority of implementing RSA and similar ciphers is creating the big-number libraries. The RSA chapter is, fortunately, much more than a simple example. It is an excellent treatise of the pitfalls in implementing RSA. That is, RSA is more than a "simple example." If you are implemeting RSA with any big-number library, this chapter alone is worth the cost of admission.

There is a chapter on AES (Rijndael) cipher, but it is out of place here and an obvious paste-on, probably a last minute, hot-button item required by the publisher. It really has nothing you can't get from the original NIST documents on AES.

I'm willing to believe that the title and AES paste-on are the fault of the publisher, because otherwise Welschenbach did an excellent job -- lots of hard and careful work, well documeted. With a title-change, I'd give it a 5-star.

The question in the end is: Why would you want this book? Apart from general interest, the audiences that come to my mind are those who are constructing such libraries on their own, and those who need to use the software included with the book (on a non-commercial basis -- the software license prohibits commercial use).