APPLl ED CRYPTANALYSIS
Breaking Ciphers in the Real World
Mark Stamp
Richard M. Low
San Jose State University
San Jose, CA
BICENTENNIAL
BICENTENNIAL
WILEY-INTERSCIENCE
A JOHN WILEY & SONS, INC., PUBLICATION
This Page Intentionally Left Blank
APPLIED CRYPTANALYSIS
THE W I L E Y BICENTENNIAL-KNOWLEDGE
FOR G E N E R A T I O N S
ach generation has its unique needs and aspirations. When Charles Wiley first
opened his small printing shop in lower Manhattan in 1807, it was a generation
of boundless potential searching for an identity. And we were there, helping to
define a new American literary tradition. Over half a century later, in the midst
of the Second Industrial Revolution, it was a generation focused on building the
future. Once again, we were there, supplying the critical scientific, technical, and
engineering knowledge that helped frame the world. Throughout the 20th
Century, and into the new millennium, nations began to reach out beyond their
own borders and a new international community was born. Wiley was there,
expanding its operations around the world to enable a global exchange of ideas,
opinions, and know-how.
For 200 years, Wiley has been an integral part of each generation’s journey,
enabling the flow of information and understanding necessary to meet their needs
and fulfill their aspirations. Today, bold new technologies are changing the way
we live and learn. Wiley will be there, providing you the must-have knowledge
you need to imagine new worlds, new possibilities, and new opportunities.
Generations come and go, but you can always count on Wiley to provide you the
knowledge you need, when and where you need it!
6
WILLIAM J. PESCE
PRESIDENT AND CHIEF EXECUTIVE OFFICER
PETER BOOTH
CHAIRMAN OF THE
WILEY
BOARD
APPLl ED CRYPTANALYSIS
Breaking Ciphers in the Real World
Mark Stamp
Richard M. Low
San Jose State University
San Jose, CA
BICENTENNIAL
BICENTENNIAL
WILEY-INTERSCIENCE
A JOHN WILEY & SONS, INC., PUBLICATION
Copyright 02007 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as
permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to
the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax
(978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 11 1 River Street, Hoboken, NJ
07030, (201) 748-601 1. fax (201) 748-6008, or online at http://www.wiley.codgo/permission.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or
completeness of the contents of this book and specifically disclaim any implied warranties of
merchantability or fitness for a particular purpose. No warranty may be created or extended by sales
representatives or written sales materials. The advice and strategies contained herein may not be
suitable for your situation. You should consult with a professional where appropriate. Neither the
publisher nor author shall be liable for any loss of profit or any other commercial damages, including
but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at
(317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic format. For information about Wiley products, visit our web site at
www.wiley.com.
Wiley Hicentennial Logo: Richard J . Pacific0
Library of Congress Cataloging-in-Publication Data:
Stamp, Mark.
Applicd cryptanalysis : breaking ciphers in the real world / Mark Stamp,
Richard M. Low.
p. cm.
lncludes bibliographical references and index.
ISBN 978-0-470-1 1486-5 (pbk.)
1 , Computer security. 2. Data encryption (Computer science) 3.
Cryptography. I. Low, Richard M., 1967- 11. Title.
QA76.9.A25S687 2007
005.8'24~22
2007001277
Printed in the United States of America
1 0 9 8 7 6 5 4 3 2 1
To Melody, Austin, and Males
TOAmy - RML
~
MSS
This Page Intentionally Left Blank
Contents
Preface
About the Authors
Acknowledgments
xiii
xvii
xix
1 Classic Ciphers
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Good Guys and Bad Guys . . . . . . . . . . . . . . . . . . . .
1.3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4 Selected Classic Crypto Topics . . . . . . . . . . . . . . . . .
1.4.1 Transposition Ciphers . . . . . . . . . . . . . . . . . .
1.4.2 Subst.itution Ciphers . . . . . . . . . . . . . . . . . . .
1.4.3 One-Time Pad . . . . . . . . . . . . . . . . . . . . . .
1.4.4 Codebook Ciphers . . . . . . . . . . . . . . . . . . . .
1.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1
1
2
4
5
8
18
20
21
22
2 World War I1 Ciphers
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 Enigma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 Enigma Cipher Machine . . . . . . . . . . . . . . . . .
2.2.2 Enigma Keyspace . . . . . . . . . . . . . . . . . . . . .
2.2.3 Rotors . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.4 Enigma Attack . . . . . . . . . . . . . . . . . . . . . .
2.2.5 More Secure Enigma? . . . . . . . . . . . . . . . . . .
2.3 Purple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1 Purple Cipher Machine . . . . . . . . . . . . . . . . .
2.3.2 Purple Keyspace . . . . . . . . . . . . . . . . . . . . .
2.3.3 Purple Diagnosis . . . . . . . . . . . . . . . . . . . . .
2.3.4 Decrypting Purple . . . . . . . . . . . . . . . . . . . .
2.3.5 Purple versus Enigma . . . . . . . . . . . . . . . . . .
2.4 Sigaba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
25
26
26
29
31
34
37
38
38
44
45
49
50
52
vii
...
CONTENTS
Vlll
. . . .
. . .
. . .
. . .
. . .
. . .
52
57
59
67
68
69
Stream Ciphers
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 Shift Registers . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2.1 Berlekamp-Massey Algorithm . . . . . . . . . . . . . .
3.2.2 Cryptographically Strong Sequences . . . . . . . . . .
3.2.3 Shift Register-Based Stream Ciphers . . . . . . . . . .
3.2.4 Correlation Attack . . . . . . . . . . . . . . . . . . . .
3.3 ORYX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3.1 ORYX Cipher . . . . . . . . . . . . . . . . . . . . . . .
3.3.2 ORYX Attack . . . . . . . . . . . . . . . . . . . . . . .
3.3.3 Secure ORYX? . . . . . . . . . . . . . . . . . . . . . .
3.4 RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4.1 RC4 Algorithm . . . . . . . . . . . . . . . . . . . . . .
3.4.2 RC4 Attack . . . . . . . . . . . . . . . . . . . . . . . .
3.4.3 Preventing the RC4 Attack . . . . . . . . . . . . . . .
3.5 I’KZIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.5.1 PKZIP Cipher . . . . . . . . . . . . . . . . . . . . . .
3.5.2 PKZIP Attack . . . . . . . . . . . . . . . . . . . . . .
3.5.3 Improved PKZIP? . . . . . . . . . . . . . . . . . . . .
3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.7 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
79
79
81
83
85
89
90
93
94
97
102
103
105
105
110
110
111
113
120
120
121
2.5
2.6
3
2.4.1 Sigaba Cipher Machine . . . . . . . . . .
2.4.2 Sigaba Keyspace . . . . . . . . . . . . . . .
2.4.3 Sigaba Attack . . . . . . . . . . . . . . . . .
2.4.4 Sigaba Conclusion . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . .
Problerns . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4 Block Ciphers
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Block Cipher Modes . . . . . . . . . . . . . . . . . . . . . . .
Feistel Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hellman’s Time-Memory Trade-off . . . . . . . . . . . . . .
4.4.1 Cryptanalytic T M T O . . . . . . . . . . . . . . . . .
4.4.2 Bad Chains . . . . . . . . . . . . . . . . . . . . . . . .
4.4.3 Succcss Probability . . . . . . . . . . . . . . . . . . . .
4.4.4 Distributed T M T O . . . . . . . . . . . . . . . . . . . .
4.4.5 T M T O Conclusioris . . . . . . . . . . . . . . . . . .
4.5 CMEA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.5.1 CMEA Cipher . . . . . . . . . . . . . . . . . . . . . .
4.5.2 SCMEA Cipher . . . . . . . . . . . . . . . . . . . . . .
4.5.3 SCMEA Chosen Plaintext Attack . . . . . . . . . .
4.1
4.2
4.3
4.4
127
127
128
131
. 133
. 133
137
141
142
. 143
144
144
146
. 147
CONTENTS
5
ix
4.5.4 CMEA Chosen Plaintext Attack . . . . . . . . . . . .
4.5.5 SCMEA Known Plaintext Attack . . . . . . . . . . .
4.5.6 CMEA Known Plaintext Attack . . . . . . . . . . . .
4.5.7 More Secure CMEA? . . . . . . . . . . . . . . . . . . .
4.6 Akelarre . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.6.1 Akelarre Cipher . . . . . . . . . . . . . . . . . . . . . .
4.6.2 Akelarre Attack . . . . . . . . . . . . . . . . . . . . . .
4.6.3 Improved Akelarre? . . . . . . . . . . . . . . . . . . .
4.7 FEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.7.1 FEAL-4 Cipher . . . . . . . . . . . . . . . . . . . . . .
4.7.2 FEAL-4 Differential Attack . . . . . . . . . . . . . . .
4.7.3 FEAL-4 Linear Attack . . . . . . . . . . . . . . . . . .
4.7.4 Confusion and Diffusion . . . . . . . . . . . . . . . . .
4.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
148
151
158
159
160
160
166
169
170
171
172
177
182
183
183
Hash Functions
193
193
200
200
201
202
203
208
208
210
224
225
225
231
233
235
238
252
253
256
257
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 Birthdays and Hashing . . . . . . . . . . . . . . . . . . . . . .
5.2.1 The Birthday Problem . . . . . . . . . . . . . . . . . .
5.2.2 Birthday Attacks on Hash Functions . . . . . . . . . .
5.2.3 Digital Signature Birthday Attack . . . . . . . . . . .
5.2.4 Nostradamus Attack . . . . . . . . . . . . . . . . . . .
5.3 MD4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3.1 MD4 Algorithm . . . . . . . . . . . . . . . . . . . . . .
5.3.2 MD4 Attack . . . . . . . . . . . . . . . . . . . . . . .
5.3.3 A Meaningful Collision . . . . . . . . . . . . . . . . . .
5.4 MD5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.1 MD5 Algorithm . . . . . . . . . . . . . . . . . . . . . .
5.4.2 A Precise Differential . . . . . . . . . . . . . . . . . .
5.4.3 Outline of Wang’s Attack . . . . . . . . . . . . . . . .
5.4.4 Wang’s MD5 Differentials . . . . . . . . . . . . . . . .
5.4.5 Reverse Engineering Wang’s Attack . . . . . . . . . .
5.4.6 Stevens’ Implementation of Wang’s Attack . . . . . .
5.4.7 A Practical Attack . . . . . . . . . . . . . . . . . . .
5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
Public Key Systems
6.1 Introduction . . . . . . . . . . . . . . . . . . .
6.2 MerkleeHellman Knapsack . . . . . . . . . . .
6.2.1 Lattice-Reduction Attack . . . . . .
6.2.2 Knapsack Conclusion . . . . . . . .
265
. . . . . . . . .
265
.........
267
. . . . . . . . . . 270
. . . . . . . . . . 275
CONTENTS
X
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
Difie-Hellman Key Exchange . . . . . . . . . . . . . . . . . .
6.3.1 Man-in-the-Middle Attack . . . . . . . . . . . . . . . .
6.3.2 Diffie-Hellman Conclusion . . . . . . . . . . . . . . . .
Arithmetica Key Exchange . . . . . . . . . . . . . . . . . . .
6.4.1 Hughes-Tannenbaum Length Attack . . . . . . . . . .
6.4.2 Arithmetica Conclusion . . . . . . . . . . . . . . . . .
RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5.1 Mathematical Issues . . . . . . . . . . . . . . . . . . .
6.5.2 RSA Conclusion . . . . . . . . . . . . . . . . . . . . .
Rabin Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.6.1 Chosen Ciphertext Attack . . . . . . . . . . . . . . .
6.6.2 Rabin Cryptosystenl Conclusion . . . . . . . . . . . .
NTRU Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.7.1 Meet-in-the-Middle Attack . . . . . . . . . . . . . . .
6.7.2 Multiple Transmission Attack . . . . . . . . . . . . .
6.7.3 Chosen Ciphertext Attack . . . . . . . . . . . . . . .
6.7.4 NTRU Conclusion . . . . . . . . . . . . . . . . . . . .
ElGarnal Signature Scheme . . . . . . . . . . . . . . . . . . .
6.8.1 Mathematical Issues . . . . . . . . . . . . . . . . . . .
6.8.2 ElGamal Signature Conclusioil . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
275
277
278
279
283
284
284
285
288
289
291
292
293
299
301
302
304
305
308
308
309
309
7 Public Key Attacks
315
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .
315
7.2 Factoring Algorithms . . . . . . . . . . . . . . . . . . . . . . .
316
7.2.1 Trial Division . . . . . . . . . . . . . . . . . . . . . . .
316
7.2.2 Dixon’s Algorithm . . . . . . . . . . . . . . . . . . . .
317
7.2.3 Quadratic Sieve . . . . . . . . . . . . . . . . . . . . . .
323
7.2.4 Factoring Conclusions . . . . . . . . . . . . . . . . . . 327
7.3 Discrete Log Algorithms . . . . . . . . . . . . . . . . . . . . .
330
7.3.1 Trial Multiplication . . . . . . . . . . . . . . . . . . . 330
7.3.2 Baby-Step Giant-Step . . . . . . . . . . . . . . . . . . 331
7.3.3 Index Calculus . . . . . . . . . . . . . . . . . . . . . .
332
7.3.4 Discrete Log Conchlsions . . . . . . . . . . . . . . . . 333
7.4 RSA Iniplenieritation Attacks . . . . . . . . . . . . . . . . . . 334
7.4.1 Tinling Attacks . . . . . . . . . . . . . . . . . . . . .
334
7.4.2 Glitchirlg Attack . . . . . . . . . . . . . . . . . . . . .
353
7.4.3 Implementatiorl Attacks Conclusiorls . . . . . . . . . . 354
7.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
355
7.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
355
CONTENTS
xi
Appendix
A-1 MD5Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A-2 Math . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A-2.1 Number Theory . . . . . . . . . . . . . . . . . . . . .
A-2.2 Group Theory . . . . . . . . . . . . . . . . . . . . . .
A-2.3 Ring Theory . . . . . . . . . . . . . . . . . . . . . . .
A-2.4 Linea.r Algebra . . . . . . . . . . . . . . . . . . . . . .
361
361
371
371
372
372
373
Annotated Bibliography
375
Index
393
This Page Intentionally Left Blank
Preface
To paraphrase Barbie, “cryptanalysis is hard” [6]. Unfortunately, many
cryptanalysis papers seem to be written in their own impenetrable secret
code, making the subject appear to be even more difficult than it really is.
In this book, we strive to present applied cryptanalytic attacks in an accessible form. Here, we are focused on practical attacks that actually break realworld systems, not attacks that merely indicate some theoretical weakness
in a cipher. Consequently, we consider real ciphers and, primarily, modern
ciphers. Many attacks that satisfy our criteria are scattered throughout the
literature.’ With a few notable exceptions, these papers require a Herculean
effort to digest and understand. One of our goals is to lift this unintentional
veil on the exciting and fascinating field of cryptanalysis.
Most of the topics presented in this book require only a modest mathematical background. Some of the public key topics are inherently more
mathematical, but in every case we have strived to minimize the advanced
mathematics. We also believe that we have provided enough background information so that the book is essentially self-contained. Some of the more
advanced mathematical topics are treated briefly in the Appendix. Any motivated upper-division undergraduate student-in any technical field of studyshould be able to tackle this book. Some of the material is not easy, but those
who persist will be rewarded with a solid understanding of cryptanalysis, as
well as the knowledge, tools, and experience to confidently explore cuttingedge cryptanalytic topics.
We have provided an extensive set of problems for each chapter. A few of
these problems are relatively easy, but most range from moderate to somewhat challenging. Generally, we have tried to avoid obvious problems of the
“implement such-and-such attack” variety. Of course, it is useful and instructive to implement an attack, but the problems are intended to reinforce and
expand on material presented in the text, without placing an overwhelming
burden on the reader. A fairly complete solutions manual is available to
instructors directly froni your Wiley representative.
’A large percentage of the cryptanalysis literature is informal in the sense that many
papers never receive any formal peer review. Although the academic peer-review process
suffers from a multitude of sins, no peer review is no better.
xiii
PREFACE
xiv
To really understand the material in this book, i t is necessary to work a
significant number of the problems. Cryptarialysis is definitely not a spectator
sport. We believe that the computer is an essential cryptanalytic tool. It is
riot coincidental that many of the homework problems require some computer
programming.
For the terminally cryptanalytically insane, we have created it collection
of challenge problems. These problems, which are posted on the textbook
website at
http://cs.sjsu.edu/faculty/stamp/crypto/
consist primarily of cryptanalytic challenges based on the ciphers and attacks
presented in the text. A few research-oriented problems are also included.
Each problem carries a difficulty rating so that you will have some idea of
what you might be getting into. For each challenge problem, a small prize2 is
offered to the first solver. We promise to update the website as the challenge
problems are solved. The website includes source code arid test vectors for
many of the ciphers discussed here. In addition, a complete set of quality
PowerPoint slides is available.
The text is organized around four major themes, namely, classic ciphers
(Chapters 1 and a ) , symmetric ciphers (Chapters 3 and 4), hash functions
(Chapter 5 ) , and public key crypto (Chapters 6 and 7). The specific topics
covered in each chapter are summarized below:
Chapter
1. Classic Ciphers
2. World War I1 Ciphers
3 . Stream Ciphers
4. Block Ciphers
5. Hash Functions
6. Public Key Systems
7. Public Key Attacks
Topics
Pen-and-paper systems
Enigma, Purple, Sigaba
Shift registers,
correlation at tacks,
ORYX. RC4, PKZIP
Block cipher modes,
MAC, Hellman's TMTO,
CMEA, Akelarre, FEAL
HMAC, birthday attacks,
Nostrasamus at tack,
MD4, MD5
Knapsack, Diffie-Hellman,
Arithmetica, RSA
Rabin, NTRU, EIGamal
Factoring, discrete log,
RSA timing attacks,
RSA ditching attack
Y
'The emphasis here is on '?,mall
''
-
PREFACE
xv
The first author wrote Chapters 2 through 5 and 7, while the second
author wrote the majority of Chapters 1 and 6. The first author extensively
edited all chapters to give the book a more consistent “look and feel.” The
first author did his best to resist including too many bad jokes, but some
proved irresistible. Most of these have, mercifully, been relegated to footnotes.
The majority of the book consists of a series of cryptanalytic vignettes,
organized by topic. Chapters 3, 4, and 5 each begin with a relatively generic
method of attack (correlation attacks, Hellman’s TMTO and birthday attacks, respectively). These attacks are interesting in their own right, but
each also serves as an introduction to the type of cipher under consideration.
Each of these chapters then segues into the cryptanalysis of specific ciphers.
For public key crypto, the introductory material has been expanded to
an entire chapter. In Chapter 6, several public key systems are introduced
and discussed from the perspective of relatively straightforward attacks or
implementation issues that can lead to weaknesses. Then selected public key
attacks are covered in depth in Chapter 7.
The chapters are highly independent of each other, as are many of the sections within chapters. The most dependent chapters are 6 and 7, which cover
public key crypto. In addition, some familiarity with hashing (Chapter 5)
would be useful before diving into the public key material. The terminology
and background covered in Chapter 1 is used throughout the text. Regardless
of your background in cryptography, we recommend that you read Chapter 1
first, since terminology is not consistent throughout the crypto world. Not
only is crypto terminology inconsistent, but notation is even worse. Notationwise, we have tried to be as internally consistent as possible. Consequently,
our notation often differs from the original source.
The first author’s information security textbook [142] covers four major topics, one of which is cryptography. The only significant overlap between [142] and this book is Hellman’s time-memory trade-off attack, discussed here in Section 4.4. A brief section on the knapsack attack is also
included in both books; here, in Section 6.2.
Finally, we apologize in advance for the inevitable “bugs” in this book.
Any computer program of sufficient size has bugs and it is more difficult to
debug a textbook than a program, since there is at least some hope of getting
a program to misbehave during testing. There is no method to “exercise” a
textbook other than to proofread it and to teach from it,-the more times the
better. The first author has taught virtually all of the material in this text,
and several careful proofreadings have been done. Nevertheless, it is a sure
bet that errors remain. Please tell us of any bugs you find. We would also
appreciate any other comments you have regarding this book.
Mark Stamp
Richard M , Low
San Jose State University
This Page Intentionally Left Blank
About the Authors
Mark Stamp has an extensive background in information security in general
and cryptography in particular, having spent more than seven years as a
Cryptologic Mathematician at the National Security Agency. His other relevant experience includes two years as Chief Cryptologic Scientist at a small
Silicon Valley startup company. Since the demise of his startup company
in 2002, he has been a faculty member in the department of computer science
at San Jose State University, where he primarily teaches courses in information security. In 2005, Dr. Stamp published his first textbook, Information
Security: Principles a.nd Practice (Wiley Interscience).
Richard M. Low has a PhD in mathematics and is a faculty member in
the department of mathematics at San Jose State University. His research
interests include cryptography, combinatorics and group theory. In addition
to teaching mathematics, he has conducted a popular cryptography seminar
at SJSU.
xvii
- Xem thêm -