With its conversational tone and practical focus, this text mixes applied and theoretical aspects for a solid introduction to cryptography and security, including the latest significant advancements in the field. Assumes a minimal background. The level of math sophistication is equivalent to a course in linear algebra. Presents applications and protocols where cryptographic primitives are used in practice, such as SET and SSL. Provides a detailed explanation of AES, which has replaced Feistel-based ciphers (DES) as the standard block cipher algorithm. Includes expanded discussions of block ciphers, hash functions, and multicollisions, plus additional attacks on RSA to make readers aware of the strengths and shortcomings of this popular scheme. For engineers interested in learning more about cryptography.

Technology (NIST), issued a public request seeking a cryptographic algorithm to become a national standard. IBM sub m itted an algorithm called LUCIFER in 1974. T he NBS forwarded it to the National Security Agency, which reviewed it and, after some modifications, returned a version th a t was essentially th e D ata Encryption S tandard (DES) algorithm. In 1975, NBS released DES, as well as a free license for its use, and in 1977 NBS made it the official d a ta encryption standard. DES lias been

12 13 14 15 16 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 3. 48 bits are chosen from the 56-bit string CiDi according to the follow ing table. T he output is K j. 14 23 41 44 17 19 52 49 11 12 31 39 24 4 37 56 1 26 47 34 5 8 55 53 3 16 30 46 28 7 40 42 15 27 51 50 6 20 45 36 21 13 33 29 10 2 48 32 It turns out th a t each bit of the key is used in approxim ately 14 of the 16 rounds. A few remarks are in order. In a good cipher system, each bit of the ciphertext should depend on all bits of the

S-box is implemented as a lookup table, it has a simple m ath em atical description. S tart w ith a byte 172:6152:42:3X2X110, where each z, is a binary bit. Com pute its inverse in G F (28), as in Section 3.11. If the byte is 00000000, there is no inverse, so we use 00000000 in place of its in verse. T he resulting byte 1/71/62/52/-lZ/3y2i/i2/a represents an eight-dimensional column vector, with the rightmost bit 7/0 in th e top position. M ultiply by a m atrix and add the column vector (1,1,0,

the values of p and q secret. In particular, Alice, who could possibly be an enemy of Bob, never riccds to know p and q to send her message to Bob securely. Alice writes her message as a number m. If m is larger than n, she breaks the message into block*, each of which is less than tl. However, for simplicity, let’s assume for the moment that m < n. Alice computes csm f (mod n) and sends c to Bob. Since Bob knows p and q, he can compute ( p - 1) (q —1) and therefore can find the decryption

n).__________ E x a m p le . Bob chooses p = 885320963, q = 238855417. C h a p t e r 6. T h e RSA A lg o r i t h m 166 Then Ti—p q = 211463707796206571. Let the encryption exponent be e = 9007. The values of n and e are sent to Alice. Alice’s message is cat. We will depart from our earlier practice of num bering the letters starting with a = 0; instead, we start the numbering at o = 01 and continue through z = 26. We do this because, in the previous method, if the letter a appeared at the