Posted by: jonkatz | May 19, 2014

Getting closer…

(A teaser.)

In preparing the second edition, we have made a concerted effort to integrate a more practical perspective while retaining a rigorous approach. This is reflected in a number of changes and additions we have made:

  • We have increased our coverage of stream ciphers, introducing them as variant of pseudorandom generators, discussing stream-cipher modes of operation, and describing modern stream-cipher design principles and examples.
  • We have emphasized the importance of authenticated encryption, and have included a discussion of secure communication sessions.
  • We have moved our treatment of hash functions into its own chapter, added coverage of some standard applications of cryptographic hash functions, and describe hash-function design principles and widely used constructions.
  • We have also improved our treatment of birthday attacks (covering small-space birthday attacks), and added a discussion of rainbow tables and time/space tradeoffs for function inversion. We have augmented our discussion of differential cryptanalysis, including a worked example.
  • After much consideration, we have decided to introduce the random-oracle model much earlier in the book. This allows us to give a proper treatment of standardized, widely used public-key encryption and signature schemes in later chapters instead of relegating those important schemes to a forgotten chapter at the end of the book.
  • We have strengthened our coverage of elliptic-curve cryptography, and have added a discussion of its impact on recommended key lengths.
  • In the chapter on public-key encryption, we introduce the KEM/DEM paradigm as a natural way to do hybrid encryption. Among other schemes, we cover DHIES/ECIES as well as RSS PKCS #1 v1.5 and~2.0.
  • In the chapter on digital signatures, we now cover the construction of signatures from identification schemes using the Fiat-Shamir transform, with the Schnorr signature scheme as a prototypical example. We have also improved our coverage of DSA/ECDSA. We include brief discussions of SSL/TLS and signcryption, both of which serve as nice culminations of everything covered up to that point.
  • In the “advanced topics” chapter, we have amplified our treatment of homomorphic encryption, and included sections on secret sharing and threshold encryption.

Beyond the above, we have also gone over the entire book carefully to make extensive corrections as well as smaller adjustments (including more worked examples) to improve the exposition. Several additional exercises have also been added.

(The new edition should be out next year.)



  1. With all of those additions, has the book doubled in size?

  2. Not quite. =) We added about 50 pages.

  3. Sounds good. In addition to authenticated encryption I would really like to see treatment of AEAD, broader coverage of Carter-Wegman style MACs, optimized constructions like OCB, PMAC etc.

  4. (sigh) We simply couldn’t fit everything in, unfortunately.
    – No treatment of AEAD (a bit specialized right now, and no room for a proper treatment)
    – We do mention OCB/PMAC, etc., but chose not to cover them for lack of space.
    – We did add a section on Carter-Wegman MACs! (On the other hand, I am not aware of any practical use of these for cryptographic purposes.)

  5. Can’t HMAC be viewed as an instance of Carter-Wegman?

  6. Not exactly. Depends also what you mean by “Carter-Wegman MACs.” What I meant was information-theoretically secure one-time MACs using pairwise-independent hashing.

  7. Oh, I meant PRF(Hash(m)).

  8. maybe add UOWHFs and their constructions from one-way permutations (Naor-Yung) to the “theoretical constructions…” section as well, as they’re quite symmetric to PRGs and the proof is very elegant.

  9. Does PRF(Hash(m)) really go back to Wegman-Carter? To my recollection, they only consider information-theoretic security. It is true that they have a similar construction in the i.t. setting, but the proof seems sufficiently different from what you need in the computational setting.

  10. Yu, I do include a writeup of Naor-Yung in my “Digital Signatures” book. =)

    We didn’t include it in the “Intro to Crypto” book, though. We would have to define and motivate UOWHFs, and we don’t currently use them anywhere else in the book (and the only place it would make sense to introduce them is the section on signatures from hash functions). Maybe next time, though…

  11. I guess CW only did the i.t. setting, and their approach was adapted to the computational setting in several works. My understanding is the resulting MACs are quite fast.

  12. As a fan of modern crypto, if you ever need someone to review (even a chapter), I’d love to participate. I would be reading from a graduate-level student’s perspective.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: