Security expert publishes coffee table book for cryptographers to explain the science of secrecy.
Image: iStockphoto/ivanmollov
What do the Bass0matic, blockchain and zero-knowledge proofs have in common? Each term shows up in Jean-Philippe Aumasson's new publication: "Crypto Dictionary: 500 Cryptographic Tidbits for the Curious." Aumasson is the chief security officer and cofounder of Taurus Group, a Swiss fintech company and the author of "Serious Cryptography: A Practical Introduction to Modern Encryption."
Aumasson writes in the preface that the dictionary is not meant to be a comprehensive look at cryptography's diverse areas. It does include many of the major notions and algorithms that cryptographers work with today as well as an "opinionated selection" of terms that the author found important for practical, theoretical and historical reasons. Aumasson calls the dictionary a coffee table book that shows off the "richness of cryptography, including its exotic and underappreciated corners, to share knowledge and be a gateway to a better appreciation of the science of secrecy."
The dictionary starts with two numbers: 2013 and 65537. The first entry is the year Edward Snowden leaked information about the NSA's classified activities, which put end-to-end encryption in the spotlight for the first time. The other numerical entry is the most common RSA public exponent: "Large enough to not be insecure, small enough to make exponentiation fast and of a form that optimizes implementations' speed."
SEE: Identity theft protection policy (TechRepublic Premium)
Entries also cover cryptography trivia such as the origin of the name of a cipher designed by Phil Zimmerman, the creator of PGP, the default security standard for email. The dictionary explains the Bass0matic entry:
"As Zimmermann commented in the source code, "Bass0matic gets its name from an old Dan Aykroyd Saturday Night Live skit involving a blender and a whole fish. The Bass0matic algorithm does to data what the original BassOmatic did to the fish."
Aumasson includes his own observations and editorial comments in the entries, which makes for a more interesting read than most dictionaries. For example, he calls blockchain both a blessing and a curse. In the "Thanks, blockchain?" section, Aumasson explains why the biggest benefit of this new technology is its impact on the practice, funding and deployment of cryptography.
Readers also can use the dictionary for a crash course in the field and assemble a reading list of important texts, such as "Applied Cryptography," a 1996 book by Bruce Schneier, and COPACOBANA (Cost-Optimized PArallel COde Breaker), an academic proof of concept of an FPGA-based DES cracker and "Cryptonomicon," a novel by Neal Stephenson that relies on facts and genuine cryptographic techniques, as opposed to other books "in which the crypto is mostly made up and laughably unrealistic."
Image: No Starch Press
Here is a sampling of terms that shows the scope and tone of the Crypto Dictionary:
- Eurocrypt: Europe's largest academic cryptography conference held in the spring.
- Fuzzy extractor: A way to extract the value of some high-entropy secret from multiple noisy readings, each with different random errors, to derive a key.
- Isogeny-based cryptography: The youngest class of post-quantum cryptography method that maps points of an elliptic curve to points of another elliptic curve and that satisfies specific mathematical properties.
- Merkle-Damgard construction: A technique for hashing messages of any length when using a hash function that hashes only short messages.
- PKC: The International Conference on Practice and Theory in Public Key Cryptography.
- Rainbow tables: A time-memory trade-off technique mostly applied to password cracking, including pay-TV control words.
- Twitter: The location of the best and worst discussions about cryptography.
- Zero-knowledge proof: A protocol in which a prover convinces a verifier that they know a mathematical statement without revealing said statement.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up today
No comments:
Post a Comment