Review:Handbook of Applied Cryptography
Hemos posted more than 15 years ago  from the justthefactsma'am dept.
0Giving some actual theory to the whole cryptography discussion, Ian S. Nelson's review of Handbook of Applied Cryptography takes a look at this veritable tome of information. This isn't a book for those of you trying to figure out exactly what the NSA actually does; this is for the real meat and numbers behind it all. Click below for more info.

The Scenario
CRC Press has been building a series of books on discrete mathematics and its applications. Doug Stinson wrote the theory book on cryptography (Cryptography: Theory and Practice (ISBN: 0849385210, if you don't like this book you'll vomit when you see the Stinson book) and this is the application book on cryptography. It's close to 800 pages chocked full of information.I must confess that I'm a cryptography freak and I'm a little sick of the constant political discussions and lack of tech talk, this book is all tech and might even be a little much if you're not into math. It's a wonderful companion to the Schneier books (Applied Cryptography 1st or 2nd Edition A.K.A. "the crypto bible") if you're into the nitty gritty details of cryptography.
What's Bad?
I really like this book and I can't find a lot that I don't like about it... but I think in places the math gets a little thick. I have a degree in math and I find myself returning to the math overview section more often than I'd like to admit. If you're not familiar with discrete math and combinatorics then this book probably isn't for you. If you enjoy that stuff, then this will be a piece of cake. If you're looking to build your crypto book library up I'd highly recommend this book before you get some of the more hardcore books.Something else I feel is lacking is cryptanalysis on ciphers. They discuss attacks on various protocols and hashes but actual attacks on ciphers are glossed over. As a companion to Cryptography: Theory and Practice, which covers cryptanalysis in more detail, it is understandable to leave that material out of this book but I think they could discuss it a little more than they do without going into specifics.
The nononsense style can be a little dry at times, there aren't a lot of jokes or anecdotes to lighten things up in this book.
What's Good?
Cipher isn't spelled with a 'y' anywhere in this book. It's not filled with a lot of opinion or rumor. It doesn't hardly bring up ITAR, key escrow, or the NSA's mystical superpowers. This book is about cryptographic techniques and a listing of patents is about as political or opinionated as it gets.It is kind of like a textbook without the problems at the end of each chapter. It is written in an outline format with subitems of "Definition", "Fact", "Notes", "Example", and "Algorithm." Each subitem is followed by a few short but concise paragraphs of explanation.
Plenty of charts and figures fill the pages and everything is explained well. While it lacks source code, there is certainly enough information for you to implement any of the ciphers, hashes, or protocols covered. It even includes some test vectors for a lot of the algorithms.
So What's In It For Me?
If you want to learn about cryptography, not the politics but the actual technology, then this is a great book to get before you get over your head. It's very readable and while the math can be a little heavy in places it is accessible and useful. It gives you a good flavor of how more advanced papers and books on the subject are and it avoids the nonacademic discussions surrounding cryptography.To pick this book up, head over to Amazon and help Slashdot out.
Table of Contents
 Overview of Cryptography

 Introduction
 Information Security and Cryptography
 Background on Functions
 Basic Terminology and Concepts
 Symmetrickey Encryption
 Digital Signatures
 Authentication and Identification
 Publickey Cryptography
 Hash Functions
 Protocols and mechanisms
 Key establishment, management, and certification
 Pseudorandom numbers and sequences
 Classes of attacks and security models
 Notes and further references
 Mathematical Background

 Probability theory
 Information theory
 Complexity theory
 Number theory
 Abstract algebra
 Finite fields
 Notes and further references
 NumberTheoretic Reference Problems

 Introduction and overview
 The integer factorization problem
 The RSA problem
 The quadratic residuosity problem
 Computing Square roots in Z _{n}
 The Discrete logarithm problem
 The DiffieHellman problem
 Composite moduli
 Computing individual bits
 The subset sum problem
 Factoring polynomials over finite fields
 Notes and further references
 PublicKey Parameters

 Introduction
 Probabilistic primality tests
 (True)Primality tests
 Prime number generation
 Irreducible polynomials over Z _{p}
 Generators and elements of high order
 Notes and further references
 Pseudorandom Bits and Sequences

 Introduction
 Random bit generation
 Pseudorandom bit generation
 Statistical tests
 Cryptographically secure pseudorandom bit generation
 Notes and further references
 Stream Ciphers

 Introduction
 Feedback shift registers
 Stream ciphers based on LFSRs
 Other stream ciphers
 Notes and further references
 Block Ciphers

 Introduction
 Background and general concepts
 Classical ciphers and historical development
 DES
 FEAL
 IDEA
 SAFER, RC5, and other block ciphers
 Notes and further references
 PublicKey Encryption

 Introduction
 RSA publickey encryption
 Rabin publickey encryption
 ElGamal publickey encryption
 McElliece publickey encryption
 Knapsack publickey encryption
 Probabilistic publickey encryption
 Notes and further references
 Hash Functions and Data Integrity

 Introduction
 Classification and framework
 Basic constructions and general results
 Unkeyed hash functions (MDCs)
 Keyed hash functions (MACs)
 Data integrity and message authentication
 Advanced attacks on hash functions
 Notes and further references
 Identification and Entity Authentication

 Introduction
 Passwords (weak authentication)
 Challengeresponse identification (strong authentication)
 Customized zeroknowledge identification protocols
 Attacks on identification protocols
 Notes and further references
 Digital Signatures

 Introduction
 A framework for digital signature mechanisms
 RSA and related signature schemes
 FiatShamir signature schemes
 The DSA and related signature schemes
 Onetime digital signatures
 Other signatures schemes
 Signatures with additional functionality
 Notes and further references
 Key Establishment Protocols

 Introduction
 Classification and framework
 Key transport based on symmetric encryption
 Key agreement based on symmetric techniques
 Key transport based on publickey encryption
 Key agreement based on asymmetric techniques
 Secret Sharing
 Conference Keying
 Analysis of key establishment protocols
 Notes and further references
 Key Management Techniques

 Introduction
 Background and basic concepts
 Techniques for distributing confidential keys
 Techniques for distributing public keys
 Techniques for controlling key usage
 Key management involving multiple domains
 Key life cycle issues
 Advanced trusted third party services
 Notes and further references
 Efficient Implementation

 Introduction
 Multipleprecision integer arithmetic
 Multipleprecision modular arithmetic
 Greatest common divisor algorithms
 Chinese remainder theorem for integers
 Exponentiation
 Exponent recoding
 Notes and further references
 Patents and Standards

 Introduction
 Patents on cryptographic techniques
 Cryptographic standards
 Notes and further references
 Appendix A: Bibligraphy of Papers from Selected Cryptographic Forums

 Asiacrypt/Auscrypt Proceedings
 Crypto Proceedings
 Eurocrypt Proceedings
 Fast Software Encryption Proceedings
 Journal of Cryptology papers
Comment Threshold