The goal of cryptography is to obfuscate data for unintended recipients. It is thus an important discipline in the digital age, and the foundation for information security in many applications, like the Internet and wireless communication. Modern cryptography is based on number theory, algebra, and complexity theory. Therefore, at first glance, the title of this book appears to be an oxymoron, because the terms “cryptography” and “simple” do not seem to go together. However, the author succeeds at presenting cryptography if not simply, then at least simpler than many other texts.
The book is divided into four parts. In about 100 pages, the first part provides mathematical background and presents different topics from discrete mathematics, like modular arithmetic, discrete logarithms, elliptic curves, and lattices.
Part 2 discusses some historically important cyphers, as studying “the construction of historical ciphers and how they were broken enables one to get a view of how modern cryptosystems came to be designed as they are.” Some basic principles, like substitution and permutation, still apply to modern ciphers.
Part 3, at 200 pages the largest section, covers “the basic components of modern cryptographic systems.” Modern cryptography can be divided into symmetric-key and asymmetric-key (or better known as public-key) cryptography. According to the book, “The main drawback of symmetric [keys] is that they give rise to the problem of how to distribute the secret keys” without disclosing them to third parties, a problem that was solved in the 1970s by the invention of public keys. In addition to message encryption, other cryptographic uses are presented in Part 3, such as authentication codes and digital signatures; keyless primitives such as hash functions are also discussed here. But what really distinguishes this book from other texts is the opening chapter of Part 3, where security is defined. What does it mean for a cryptographic primitive to be secure? Without an exact notion of security, it would be impossible to access and to compare different cryptographic methods and systems.
Encryption, authentication, and “signatures are only the most basic of cryptographic constructions ... and [one] usually think[s] of them as being carried out between a sender and a receiver who have the same security goals.” In Part 4, more advanced protocols are detailed, protocols that usually involve more than two people with security goals that conflict. An example is the electronic voting system where “voters want their votes to be secret, yet all parties want to know that all votes have been counted, and ... want to ensure against a bad voter casting too many votes or trying to work out how someone else has voted.”
The book is very comprehensive, and very accessible for dedicated students. It’s only missing two things: mention of McEliece public-key encryption, which I think could become important in post-quantum cryptography, and, more importantly, exercises, which would make this book a wonderful self-study companion.
