"…a very good book for students and people who want to learn some real cryptanalysis…" ( Computing Reviews.com, October 1, 2007)

"…this is not a book to be merely read or studied, but a field manual to be followed." (Computing Reviews.com, August 14, 2007)

Preface. About The Authors . Acknowledgments. 1. Classic Ciphers. 1.1 Introduction . 1.2 Good Guys and Bad Guys. 1.3 Terminology . 1.4 Selected Classic Crypto Topics. 1.4.1 Transposition Ciphers . 1.4.2 Substitution Ciphers. 1.4.3 One–Time Pad . 1.4.4 Codebook Ciphers . 1.5 Summary. 1.6 Problems . 2. World War II Ciphers. 2.1 Introduction . 2.2 Enigma . 2.2.1 Enigma Cipher Machine . 2.2.2 Enigma Keyspace . 2.2.3 Rotors . 2.2.4 Enigma Attack . 2.2.5 More Secure Enigma. 2.3 Purple. 2.3.1 Purple Cipher Machine . 2.3.2 Purple Keyspace . 2.3.3 Purple Diagnosis . 2.3.4 Decrypting Purple. 2.3.5 Purple versus Enigma . 2.4 Sigaba . 2.4.1 Sigaba Cipher Machine. 2.4.2 Sigaba Keyspace . 2.4.3 Sigaba Attack . 2.4.4 Sigaba Conclusion . 2.5 Summary . 2.6 Problems . 3. Stream Ciphers. 3.1 Introduction . 3.2 Shift Registers . 3.2.1 Berlekamp–Massey Algorithm . 3.2.2 Cryptographically Strong Sequences . 3.2.3 Shift Register–Based Stream Ciphers. 3.2.4 Correlation Attack. 3.3 ORYX . 3.3.1 ORYX Cipher. 3.3.2 ORYX Attack. 3.3.3 Secure ORYX. 3.4 RC4. 3.4.1 RC4 Algorithm . 3.4.2 RC4 Attack . 3.4.3 Preventing the RC4 Attack. 3.5 PKZIP. 3.5.1 PKZIP Cipher. 3.5.2 PKZIP Attack. 3.5.3 Improved PKZIP. 3.6 Summary. 3.7 Problems. 4. Block Ciphers. 4.1 Introduction . 4.2 Block Cipher Modes . 4.3 Feistel Cipher. 4.4 Hellman’s Time–Memory Trade–Off. 4.4.1 Cryptanalytic TMTO. 4.4.2 Bad Chains. 4.4.3 Success Probability. 4.4.4 Distributed TMTO. 4.4.5 TMTO Conclusions. 4.5 CMEA. 4.5.1 CMEA Cipher. 4.5.2 SCMEA Cipher. 4.5.3 SCMEA Chosen Plaintext Attack. 4.5.4 CMEA Chosen Plaintext Attack. 4.5.5 SCMEA Known Plaintext Attack. 4.5.6 CMEA Known Plaintext Attack. 4.5.7 More Secure CMEA. 4.6 Akelarre . 4.6.1 Akelarre Cipher. 4.6.2 Akelarre Attack. 4.6.3 Improved Akelarre? 4.7 FEAL . 4.7.1 FEAL–4 Cipher. 4.7.2 FEAL–4 Differential Attack. 4.7.3 FEAL–4 Linear Attack. 4.7.4 Confusion and Diffusion. 4.8 Summary. 4.9 Problems. 5. Hash Functions. 5.1 Introduction . 5.2 Birthdays and Hashing. 5.2.1 The Birthday Problem. 5.2.2 Birthday Attacks on Hash Functions. 5.2.3 Digital Signature Birthday Attack. 5.2.4 Nostradamus Attack. 5.3 MD4. 5.3.1 MD4 Algorithm. 5.3.2 MD4 Attack. 5.3.3 A Meaningful Collision . 5.4 MD5 . 5.4.1 MD5 Algorithm. 5.4.2 A Precise Differential. 5.4.3 Outline of Wang?s Attack. 5.4.4 Wang’s MD5 Differentials. 5.4.5 Reverse Engineering Wang’s Attack. 5.4.6 Stevens’ Attack. 5.4.7 A Practical Attack. 5.5 Summary. 5.6 Problems. 6. Public Key Systems. 6.1 Introduction . 6.2 Merkle–Hellman Knapsack. 6.2.1 Lattice–Reduction Attack . 6.2.2 Knapsack Conclusion. 6.3 Diffie–Hellman Key Exchange . 6.3.1 Man–in–the–Middle Attack . 6.3.2 Diffie–Hellman Conclusion . 6.4 Arithmetica Key Exchange . 6.4.1 Hughes–Tannenbaum Length Attack . 6.4.2 Arithmetica Conclusion . 6.5 RSA . 6.5.1 Mathematical Issues . 6.5.2 RSA Conclusion . 6.6 Rabin Cipher . 6.6.1 Chosen Ciphertext Attack. 6.6.2 Rabin Cryptosystem Conclusion . 6.7 NTRU Cipher . 6.7.1 Meet–in–the–Middle Attack. 6.7.2 Multiple Transmission Attack. 6.7.3 Chosen Ciphertext Attack. 6.7.4 NTRU Conclusion . 6.8 ElGamal Signature Scheme . 6.8.1 Mathematical Issues. 6.8.2 ElGamal Signature Conclusion . 6.9 Summary . 6.10 Problems. 7. Public Key Attacks. 7.1 Introduction . 7.2 Factoring Algorithms . 7.2.1 Trial Division . 7.2.2 Dixon’s Algorithm . 7.2.3 Quadratic Sieve. 7.2.4 Factoring Conclusions. 7.3 Discrete Log Algorithms. 7.3.1 Trial Multiplication . 7.3.2 Baby–Step Giant–Step. 7.3.3 Index Calculus. 7.3.4 Discrete Log Conclusions. 7.4 RSA Implementation Attacks. 7.4.1 Timing Attacks . 7.4.2 Glitching Attack. 7.4.3 Implementation Attacks Conclusions . 7.5 Summary . 7.6 Problems. Appendix . A–1 MD5 Tables . A–2 Math . A–2.1 Number Theory . A–2.2 Group Theory . A–2.3 Ring Theory . A–2.4 Linear Algebra. Annotated Bibliography. Index.

MARK STAMP, PHD, is Professor of Computer Science at San Jose State University. In addition to his experience working in private industry and academia, Dr. Stamp spent seven years as a cryptanalyst for the U.S. National Security Agency. He is the author of Information Security: Principles and Practice.

RICHARD M. LOW, PHD, is Lecturer in the Department of Mathematics at San Jose State University. His research interests include cryptography, combinatorics, and group theory.

A CASE–BASED APPROACH TO CRYPTANALYSIS THAT EXPLAINS HOW AND WHY ATTACKS CAN HAPPEN

Applied Cryptanalysis focuses on practical attacks on real–world ciphers. Using detailed case studies, the authors demonstrate how modern cryptographic systems are broken, and they do so with a minimum of complex mathematics and technical jargon. All major classes of attacks are covered, providing IT professionals with the knowledge necessary for effective security implementation within their organizations. Each chapter concludes with a series of problems that enables the reader to practice and fine–tune their own cryptanalysis skills. Applied Cryptanalysis can serve as a textbook for a cryptanalysis course or for independent study.

The text is organized around four major themes:

• Classic Crypto offers an overview of a few classical cryptosystems, introducing and illustrating the basic principles, concepts, and vocabulary. The authors then cover World War II cipher machines, specifically the German Enigma, Japanese Purple, and American Sigaba.
• Symmetric Ciphers analyzes shift registers and correlation attacks, as well as attacks on three specific stream ciphers: ORYX, RC4 (as used in WEP), and PKZIP. In addition, block ciphers are studied: Hellman′s Time–Memory Trade–Off attack is discussed and three specific block ciphers are analyzed in detail (CMEA, Akelarre, and FEAL).
• Hash Functions presents hash function design, birthday attacks, and the "Nostradamus" attack. Then the MD4 attack is examined, which serves as a precursor for the authors′ highly detailed analysis of the recent attack on MD5.
• Public Key Crypto includes an overview of several public key cryptosystems including the knapsack, Diffie–Hellman, Arithmetica, RSA, Rabin cipher, NTRU, and ElGamal. Factoring and discrete log attacks are analyzed, and the recent timing attacks on RSA are discussed in detail.

Clear and concise, this practical case–based approach to cryptanalysis is a valuable and timely resource.