http://www.spinellis.gr/pubs/Breview/1999-IEEE-Decrypt/html/review.html
This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:

This document is also available in PDF format.

The document's metadata is available in BibTeX format.

Find the publication on Google Scholar

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Diomidis Spinellis Publications


© 1999 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

Decrypted Secrets

Diomidis Spinelis
University of the Aegean, GR-83200 Karlovasi, Greece
email: dspin@aegean.gr

Cryptology provides the foundations for information security and privacy in our global internetworked society. Its subject area covers cryptography and cryptanalysis, history and applications, theory and practice. "Descrypted secrets" succeeds in blending these ingredients in a readable and interesting mix. The book, its content being about equally divided between cryptography and cryptanalysis, can almost serve as a self-contained cryptology reference.

The first half of the book contains an exposition of various encryption methods. Many methods are illustrated by real-life historical examples. The description of mechanical encryption devices such as ENIGMA is particularly detailed. In a short section at the end of the first part Bauer introduces a number of cryptology maxims which provides an authoritative reference for a number of cryptological principles that are often anecdotally presented. The second half of the book covers cryptanalysis. Most methods covered are based on linguistic properties of the cleartext. Those of us who have read books detailing the historical events surrounding the breaking of the ENIGMA codes during World War II will be fascinated by a case-by-case description of the theory and practice behind those efforts.

The most important asset of the book is that it really does cover cryptanalysis. The author, using numerous examples, guides us through increasingly sophisticated methods of cryptanalysis beginning with exhaustive combinatorial searches and ending with periodicity and alignment examinations. Although the theoretical foundations of the methods covered are presented in full detail, readers who are not mathematically inclined can skip the theorem proofs and follow the detailed, step-by-step examples. Having been spoiled by the increasingly clever cryptanalytic attacks of the cryptographic methods presented in the first half of the book, I was - somewhat naively of course - expecting to see modern cryptographic algorithms like DES and IDEA be covered in a similar spirit. I was more than disappointed. Apart from a description of possible cryptanalytic attacks upon RSA and a brief mention of differential cryptanalysis the cryptanalytic coverage of modern cipher systems is almost non-existent.

Credit must go to the author and the publisher for producing a truly beautiful book. The cover, binding, and typesetting are superb. However, what clearly sets the book apart are the wonderful and rare illustrations and colour plates of cipher texts, encryption machines, and operating manuals. In addition, although lightly covered, the policy debate on cryptography is refreshingly viewed from a non US-centric perspective.

Despite the many commendable qualities of the book some minor problems spoil its overall utility. The most important is the almost total lack of references behind factual and theoretical descriptions. The wealth of information presented in the book would mean that references could easily double its size, but given the scarcity of other resources they would be well worth the increase. Although, most drawings are interesting and well reproduced, the DES drawings could be better typeset and labelled in English. Similarly, many fictitious examples could be phrased in English instead of German. Cryptographic protocols, hash functions, digital hardware, software, and digital signatures are very lightly covered. Finally, the flow of text is not always smooth. Some paragraphs abruptly begin explaining a theoretical concept without any obvious leads.

"Decrypted Secrets" is a unique book. Covering in depth all methods of historical interest it can act as a companion to "The Codebreakers" (David Kahn, Scribner, 1996) providing the theory behind Kahn's narrative exposition and can also provide historical context and cryptanalytical background to Schneier's "Applied Cryptography" (Bruce Schneier, Wiley, 1996). According to Kerckhoffs's maxim that Bauer presents "only a cryptanalyst can judge the security of a crypto system". The combined wealth of cryptographic and cryptanalytic information available in a single volume can guide us towards more secure systems.

Decrypted Secrets: Methods and Maxims of Cryptology by Friedrich L. Bauer, Springer Verlag, Berlin, 1997, 448 pp., $39.95.