combinatorics, discrete probability theory, graph theory, algebra, linear algebra,coding theory, cryptology, discrete optimization, theoretical computer science,algorithmics, and computa
Trang 1CRC Press, CRC Press LLC
ISBN: 0849385210 Pub Date: 03/17/95
Table of Contents
Trang 2My objective in writing this book was to produce a general, comprehensivetextbook that treats all the essential core areas of cryptography Although manybooks and monographs on cryptography have been written in recent years, themajority of them tend to address specialized areas of cryptography On the otherhand, many of the existing general textbooks have become out-of-date due to therapid expansion of research in cryptography in the past 15 years
Of course there are difficulties in trying to appeal to such a wide audience Butbasically, I tried to do things in moderation I have provided a reasonable amount
of mathematical background where it is needed I have attempted to give
informal descriptions of the various cryptosystems, along with more precisepseudo-code descriptions, since I feel that the two approaches reinforce eachother As well, there are many examples to illustrate the workings of the
algorithms And in every case I try to explain the mathematical underpinnings; Ibelieve that it is impossible to really understand how a cryptosystem works
without understanding the underlying mathematical theory
The book is organized into three parts The first part, Chapters 1-3, covers
private-key cryptography Chapters 4–9 concern the main topics in public-keycryptography The remaining four chapters provide introductions to four activeresearch areas in cryptography
The first part consists of the following material: Chapter 1 is a fairly elementaryintroduction to simple “classical” cryptosystems Chapter 2 covers the mainelements of Shannon’s approach to cryptography, including the concept of
perfect secrecy and the use of information theory in cryptography Chapter 3 is a
lengthy discussion of the Data Encryption Standard; it includes a treatment of
differential cryptanalysis
Trang 3generation, and zero-knowledge proofs
Thus, I have attempted to be quite comprehensive in the “core” areas of
cryptography, as well as to provide some more advanced chapters on specificresearch areas Within any given area, however, I try to pick a few representativesystems and discuss them in a reasonable amount of depth Thus my coverage ofcryptography is in no way encyclopedic
Certainly there is much more material in this book than can be covered in one(or even two) semesters But I hope that it should be possible to base severaldifferent types of courses on this book An introductory course could cover
Chapter 1, together with selected sections of Chapters 2–5 A second or graduatecourse could cover these chapters in a more complete fashion, as well as materialfrom Chapters 6–9 Further, I think that any of the chapters would be a suitablebasis for a “topics” course that might delve into specific areas more deeply
But aside from its primary purpose as a textbook, I hope that researchers andpractitioners in cryptography will find it useful in providing an introduction tospecific areas with which they might not be familiar With this in mind, I havetried to provide references to the literature for further reading on many of thetopics discussed
One of the most difficult things about writing this book was deciding how muchmathematical background to include Cryptography is a broad subject, and itrequires knowledge of several areas of mathematics, including number theory,groups, rings and fields, linear algebra, probability and information theory As
Trang 4well, some familiarity with computational complexity, algorithms and NP-completeness theory is useful I have tried not to assume too much mathematicalbackground, and thus I develop mathematical tools as they are needed, for themost part But it would certainly be helpful for the reader to have some
familiarity with basic linear algebra and modular arithmetic On the other hand, amore specialized topic, such as the concept of entropy from information theory,
is introduced from scratch
I should also apologize to anyone who does not agree with the phrase “Theoryand Practice” in the title I admit that the book is more theory than practice
What I mean by this phrase is that I have tried to select the material to be
included in the book both on the basis of theoretical interest and practical
importance So, I may include systems that are not of practical use if they aremathematically elegant or illustrate an important concept or technique But, onthe other hand, I do describe the most important systems that are used in
practice, e.g., DES and other U S cryptographic standards.
I would like to thank the many people who provided encouragement while Iwrote this book, pointed out typos and errors, and gave me useful suggestions onmaterial to include and how various topics should be treated In particular, Iwould like to convey my thanks to Mustafa Atici, Mihir Bellare, Bob Blakley,Carlo Blundo, Gilles Brassard, Daniel Ducharme, Mike Dvorsky, Luiz Frota-Mattos, David Klarner, Don Kreher, Keith Martin, Vaclav Matyas, Alfred
Menezes, Luke O'Connor, William Read, Phil Rogaway, Paul Van Oorschot,Scott Vanstone, Johan van Tilburg, Marc Vauclair and Mike Wiener Thanks also
in the past two decades Both trends have produced a need for many types ofinformation for people who use or study this part of the mathematical sciences.The CRC Press Series on Discrete Mathematics and Its Applications is designed
to meet the needs of practitioners, students, and researchers for information in
Trang 5combinatorics, discrete probability theory, graph theory, algebra, linear algebra,coding theory, cryptology, discrete optimization, theoretical computer science,algorithmics, and computational geometry
Kenneth H Rosen, Series Editor
Distinguished Member of Technical Staff
AT&T Bell LaboratoriesHolmdel, New Jerseye-mail:krosen@arch4.ho.att.com
Trang 6CRC Press, CRC Press LLC
ISBN: 0849385210 Pub Date: 03/17/95
Table of Contents
Trang 7To my children, Michela and Aiden
Table of Contents
Copyright © CRC Press LLC
Trang 8CRC Press, CRC Press LLC
ISBN: 0849385210 Pub Date: 03/17/95
Table of Contents
Trang 9Other recommended textbooks and monographs on cryptography include thefollowing:
The main research journals in cryptography are the Journal of Cryptology, Designs, Codes and Cryptography and Cryptologia The Journal of Cryptology
is the journal of the International Association for Cryptologic Research (orIACR) which also sponsors the two main annual cryptology conferences,
CRYPTO and EUROCRYPT
CRYPTO has been held since 1981 in Santa Barabara The proceedings ofCRYPTO have been published annually since 1982:
Trang 10CRYPTO '92 [Br93] CRYPTO '93 [St94]
CRYPTO '94 [De94] CRYPTO '95 [Co95]
CRYPTO '96 [Ko96]
EUROCRYPT has been held annually since 1982, and except for 1983 and 1986,its proceedings have been published, as follows:
[BB88] P Beauchemin and G Brassard A generalization of
Hellman’s extension to Shannon’s approach to
cryptography Journal of Cryptology, 1 (1988), 129-131.
Trang 111983
[BCI85] T Beth, N Cot and I Ingemarsson (Eds.) Advances in
Cryptology: Proceedings of EUROCRYPT '84 Lecture Notes in Computer Science, vol 209, Springer-Verlag,
Conference Proceedings, 48 (1979), 313-317.
[BC85] G R Blakley and D Chaum (Eds.) Advances in
Cryptology: Proceedings of CRYPTO '84 Lecture Notes in Computer Science, vol 196, Springer-Verlag, 1985.
Trang 12[Bl85] R Blom An optimal class of symmetric key generation
schemes Lecture Notes in Computer Science, 209 (1985),
335-338 (Advances in Cryptology - EUROCRYPT '84.)[BBS86] L Blum, M Blum and M Shub A simple unpredictable
random number generator SIAM Jounal on Computing, 15
(1986), 364-383
[Bl82] M Blum Coin flipping by telephone: a protocol for solving
impossible problems In 24th IEEE Spring Computer Conference, pages 133-137 IEEE Press, 1982.
[BG85] M Blum and S Goldwasser An efficient probabilistic
public-key cryptosystem that hides all partial information
Lecture Notes in Computer Science, 196 (1985), 289-302.
(Advances in Cryptology - CRYPTO '84.)[BM84] M Blum and S Micali How to generate cryptographically
Vaccaro and M Yung Perfectly-secure key distribution for
dynamic conferences Lecture Notes in Computer Science,
740 (1993), 471-486 (Advances in Cryptology - CRYPTO
'92.)[BC93] J N E Bos and D Chaum Provably unforgeable
signatures Lecture Notes in Computer Science, 740 (1993),
1-14 (Advances in Cryptology - CRYPTO '92.)[Br88] G Brassard Modern Cryptology - A Tutorial Lecture
Trang 13[Br85] E F Brickell Breaking iterated knapsacks Lecture Notes
in Computer Science, 218 (1986), 342-358 (Advances in
Cryptology - CRYPTO '85.)[Br89a] E F Brickell Some ideal secret sharing schemes Journal
Trang 14(1990), 229-236 (Advances in Cryptology - AUSCRYPT'90.)
EUROCRYPT '94.)[Ch84] D Chaum (Ed.) Advances in Cryptology: Proceedings of
CRYPTO '83 Plenum Press, 1984.
[CP88]
D Chaum and W L Price (Eds.) Advances in Cryptology -EUROCRYPT '87 Proceedings Lecture Notes in Computer Science, vol 304, Springer-Verlag, 1988.
Cryptographically strong undeniable signatures,
unconditionally secure for the signer Lecture Notes in
Computer Science, 576 (1992), 470-484 (Advances in
Cryptology - CRYPTO '91.)[CR88] B Chor and R L Rivest A knapsack-type public key
Trang 15'93.)[CSV94] D Coppersmith, J Stern and S Vaudenay Attacks on the
birational permutation signature schemes Lecture Notes in
Computer Science, 773 (1994), 435-443 (Advances in
Cryptology - CRYPTO '93.)[CW91] T W Cusick and M C Wood The REDOC-II
cryptosystem Lecture Notes in Computer Science, 537
(1991), 545-563 (Advances in Cryptology - CRYPTO '90.)[Da90] I B Damgård A design principle for hash functions
Lecture Notes in Computer Science, 435 (1990), 416-427.
(Advances in Cryptology - CRYPTO '89.)[Da91] I B Damgård (Ed.) Advances in Cryptology -
EUROCRYPT '90 Proceedings Lecture Notes in Computer Science, vol 473, Springer-Verlag, 1991.
Trang 16741 (1993), 50-70 (Computer Security and Industrial
Cryptography, State of the Art and Evolution, ESATCourse, May 1991.)
[Di92] W Diffie The first ten years of public-key cryptography In
Contemporary Cryptology, The Science of Information Integrity, pages 135-175 IEEE Press, 1992.
Trang 17Lecture Notes in Computer Science, 547 (1991), 446-457.
(Advances in Cryptology - EUROCRYPT '91.)[Gib91] J K Gibson Discrete logarithm hash function that is
Trang 18[GM93] D M Gordon and K S McCurley Massively parallel
computation of discrete logarithms Lecture Notes in
Computer Science, 740 (1993), 312-323 (Advances in
Cryptology - CRYPTO '92.)[GQ88] L C Guillou and J.-J Quisquater A practical zero-
knowledge protocol fitted to security microprocessor
minimizing both transmission and memory Lecture Notes
in Computer Science, 330 (1988), 123-128 (Advances in
Cryptology - EUROCRYPT '88.)[GQ95] L C Guillou and J.-J Quisquater (Eds.) Advances in
[Gu88a]
C G Gunther (Ed.) Advances in Cryptology -EUROCRYPT '88 Proceedings Lecture Notes in Computer Science, vol 330, Springer-Verlag, 1988.
[IRM93] H Imai, R L Rivest and T Matsumoto (Eds.) Advances in
Trang 19in Computer Science, vol 739, Springer-Verlag, 1993.
[ISN87] M Ito, A Saito, and T Nishizeki Secret sharing scheme
realizing general access structure Proceedings IEEE Globecom '87, pages 99-102, 1987.
Trang 20[LL90] A K Lenstra and H W Lenstra, Jr Algorithms in number
theory In Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity, pages 673-715.
Trang 21Contemporary Cryptology, The Science of Information Integrity, pages 325-378 IEEE Press, 1992.
Trang 22[Mi91] S Miyaguchi The FEAL cipher family Lecture Notes in
Computer Science, 537 (1991), 627-638 (Advances in
Cryptology - CRYPTO '90.)[MOI90] S Miyaguchi, K Ohta and M Iwata 128-bit hash function
(N-hash) Proceedings of SECURICOM 1990, 127-137.
[Mo92] J H Moore Protocol failures in cryptosystems In
Contemporary Cryptology, The Science of Information Integrity, pages 541-558 IEEE Press, 1992.
schemes based on polynomial equations Lecture Notes in
Computer Science, 196 (1985), 37-46 (Advances in
Cryptology - CRYPTO '84.)[Pa87] W Patterson Mathematical Cryptology for Computer
Scientists and Mathematicians Rowman and Littlefield,
1987
[Pe86] R Peralta Simultaneous security of bits in the discrete log
Trang 23(Advances in Cryptology - EUROCRYPT '85.)[Pi86] F Pichler (Ed.) Advances in Cryptology - EUROCRYPT '85
[PGV94] B Preneel, R Govaerts and J Vandewalle Hash functions
based on block ciphers: a synthetic approach Lecture Notes
in Computer Science, 773 (1994), 368-378 (Advances in
Cryptology - CRYPTO '93.)[QG90] J.-J Quisquater and L Guillou How to explain zero-
knowledge protocols to your children Lecture Notes in
Computer Science, 435 (1990), 628-631 (Advances in
Cryptology - CRYPTO '89.)[QV90] J.-J Quisquater and J Vandewalle (Eds.) Advances in
Trang 24in Computer Science, vol 434, Springer-Verlag, 1990.
[Ra79] M O Rabin Digitized signatures and public-key functions
as intractible as factorization MIT Laboratory for Computer Science Technical Report, LCS/TR-212, 1979.
[RV94] R A Rueppel and P C Van Oorschot Modern key
agreement techniques To appear in Computer Communications, 1994.
Trang 25[SP90]
J Seberry and J Pieprzyk (Eds.) Advances in Cryptology -AUSCRYPT '90 Proceedings Lecture Notes in Computer Science, vol 453, Springer-Verlag, 1990.
[SZ92]
J Seberry and Y Zheng (Eds.) Advances in Cryptology -AUSCRYPT '92 Proceedings Lecture Notes in Computer Science, vol 718, Springer-Verlag, 1993.
permutations Lecture Notes in Computer Science, 773
(1994), 1-12 (Advances in Cryptology - CRYPTO '93.)[Sh48] C E Shannon A mathematical theory of communication
authentication schemes Lecture Notes in Computer
Science, 293 (1988), 269-288 (Advances in Cryptology -CRYPTO '87.)[Si92] G J Simmons A survey of information authentication In
Contemporary Cryptology, The Science of Information Integrity, pages 379-419 IEEE Press, 1992.
[Si92a] G J Simmons An introduction to shared secret and/or
Trang 26Contemporary Cryptology, The Science of Information Integrity, pages 441-497 IEEE Press, 1992.
[Si92b] G J Simmons (Ed.) Contemporary Cryptology, The
Science of Information Integrity IEEE Press, 1992.
[SB92] M E Smid and D K Branstad The data encryption
standard: past and future In Contemporary Cryptology, The Science of Information Integrity, pages 43-64 IEEE Press,
[VV89] S A Vanstone and P C Van Oorschot An Introduction to
Error Correcting Codes with Applications Kluwer
Trang 27[VV84] U Vazirani and V Vazirani Efficient and secure
pseudorandom number generation In Proceedings of the 25th Annual Symposium on the Foundations of Computer Science, pages 458-463 IEEE Press, 1984.
Press, 1982
Table of Contents
Trang 28CRC Press, CRC Press LLC
ISBN: 0849385210 Pub Date: 03/17/95
Table of Contents
Trang 30Blom Key Predistribution Scheme, 261, 260-263 Blum-Blum-Shub Generator, 371, 370-377, 379 Blum-Goldwasser Cryptosystem, 380, 379-382
Trang 31challenge, 385
challenge-and-response protocol, 217, 283, 385
Chaum-van Antwerpen Signature Scheme, 218, 217-223 Chaum-van Heijst-Pfitzmann hash function, 238, 238-241 Chinese remainder theorem, 122, 119-122, 142, 166, 380
Trang 32expansion function, 71, 73
Trang 36Graph Isomorphism Interactive Proof System, 389, 388-395
Graph Non-isomorphism, 386
Graph Non-isomorphism Interactive Proof System, 387, 386-388, 395-396 group, 4
Trang 38Lamport Signature Scheme, 213, 213-215 Las Vegas algorithm, 139, 171, 234
Legendre symbol, 131, 131-132
Linear Congruential Generator, 360, 360 linear feedback shift register, 22, 360, 362 linear recurrence, 21
linear transformation, 14