Tài liệu Applied cryptanalysis breaking ciphers in the real world

APPLl ED CRYPTANALYSIS Breaking Ciphers in the Real World Mark Stamp Richard M. Low San Jose State University San Jose, CA BICENTENNIAL BICENTENNIAL WILEY-INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION This Page Intentionally Left Blank APPLIED CRYPTANALYSIS THE W I L E Y BICENTENNIAL-KNOWLEDGE FOR G E N E R A T I O N S ach generation has its unique needs and aspirations. When Charles Wiley first opened his small printing shop in lower Manhattan in 1807, it was a generation of boundless potential searching for an identity. And we were there, helping to define a new American literary tradition. Over half a century later, in the midst of the Second Industrial Revolution, it was a generation focused on building the future. Once again, we were there, supplying the critical scientific, technical, and engineering knowledge that helped frame the world. Throughout the 20th Century, and into the new millennium, nations began to reach out beyond their own borders and a new international community was born. Wiley was there, expanding its operations around the world to enable a global exchange of ideas, opinions, and know-how. For 200 years, Wiley has been an integral part of each generation’s journey, enabling the flow of information and understanding necessary to meet their needs and fulfill their aspirations. Today, bold new technologies are changing the way we live and learn. Wiley will be there, providing you the must-have knowledge you need to imagine new worlds, new possibilities, and new opportunities. Generations come and go, but you can always count on Wiley to provide you the knowledge you need, when and where you need it! 6 WILLIAM J. PESCE PRESIDENT AND CHIEF EXECUTIVE OFFICER PETER BOOTH CHAIRMAN OF THE WILEY BOARD APPLl ED CRYPTANALYSIS Breaking Ciphers in the Real World Mark Stamp Richard M. Low San Jose State University San Jose, CA BICENTENNIAL BICENTENNIAL WILEY-INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION Copyright 02007 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 11 1 River Street, Hoboken, NJ 07030, (201) 748-601 1. fax (201) 748-6008, or online at http://www.wiley.codgo/permission. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic format. For information about Wiley products, visit our web site at www.wiley.com. Wiley Hicentennial Logo: Richard J . Pacific0 Library of Congress Cataloging-in-Publication Data: Stamp, Mark. Applicd cryptanalysis : breaking ciphers in the real world / Mark Stamp, Richard M. Low. p. cm. lncludes bibliographical references and index. ISBN 978-0-470-1 1486-5 (pbk.) 1 , Computer security. 2. Data encryption (Computer science) 3. Cryptography. I. Low, Richard M., 1967- 11. Title. QA76.9.A25S687 2007 005.8'24~22 2007001277 Printed in the United States of America 1 0 9 8 7 6 5 4 3 2 1 To Melody, Austin, and Males TOAmy - RML ~ MSS This Page Intentionally Left Blank Contents Preface About the Authors Acknowledgments xiii xvii xix 1 Classic Ciphers 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Good Guys and Bad Guys . . . . . . . . . . . . . . . . . . . . 1.3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Selected Classic Crypto Topics . . . . . . . . . . . . . . . . . 1.4.1 Transposition Ciphers . . . . . . . . . . . . . . . . . . 1.4.2 Subst.itution Ciphers . . . . . . . . . . . . . . . . . . . 1.4.3 One-Time Pad . . . . . . . . . . . . . . . . . . . . . . 1.4.4 Codebook Ciphers . . . . . . . . . . . . . . . . . . . . 1.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 4 5 8 18 20 21 22 2 World War I1 Ciphers 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 Enigma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2.1 Enigma Cipher Machine . . . . . . . . . . . . . . . . . 2.2.2 Enigma Keyspace . . . . . . . . . . . . . . . . . . . . . 2.2.3 Rotors . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2.4 Enigma Attack . . . . . . . . . . . . . . . . . . . . . . 2.2.5 More Secure Enigma? . . . . . . . . . . . . . . . . . . 2.3 Purple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3.1 Purple Cipher Machine . . . . . . . . . . . . . . . . . 2.3.2 Purple Keyspace . . . . . . . . . . . . . . . . . . . . . 2.3.3 Purple Diagnosis . . . . . . . . . . . . . . . . . . . . . 2.3.4 Decrypting Purple . . . . . . . . . . . . . . . . . . . . 2.3.5 Purple versus Enigma . . . . . . . . . . . . . . . . . . 2.4 Sigaba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 25 26 26 29 31 34 37 38 38 44 45 49 50 52 vii ... CONTENTS Vlll . . . . . . . . . . . . . . . . . . . 52 57 59 67 68 69 Stream Ciphers 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Shift Registers . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.1 Berlekamp-Massey Algorithm . . . . . . . . . . . . . . 3.2.2 Cryptographically Strong Sequences . . . . . . . . . . 3.2.3 Shift Register-Based Stream Ciphers . . . . . . . . . . 3.2.4 Correlation Attack . . . . . . . . . . . . . . . . . . . . 3.3 ORYX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.1 ORYX Cipher . . . . . . . . . . . . . . . . . . . . . . . 3.3.2 ORYX Attack . . . . . . . . . . . . . . . . . . . . . . . 3.3.3 Secure ORYX? . . . . . . . . . . . . . . . . . . . . . . 3.4 RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.1 RC4 Algorithm . . . . . . . . . . . . . . . . . . . . . . 3.4.2 RC4 Attack . . . . . . . . . . . . . . . . . . . . . . . . 3.4.3 Preventing the RC4 Attack . . . . . . . . . . . . . . . 3.5 I’KZIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5.1 PKZIP Cipher . . . . . . . . . . . . . . . . . . . . . . 3.5.2 PKZIP Attack . . . . . . . . . . . . . . . . . . . . . . 3.5.3 Improved PKZIP? . . . . . . . . . . . . . . . . . . . . 3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.7 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 79 81 83 85 89 90 93 94 97 102 103 105 105 110 110 111 113 120 120 121 2.5 2.6 3 2.4.1 Sigaba Cipher Machine . . . . . . . . . . 2.4.2 Sigaba Keyspace . . . . . . . . . . . . . . . 2.4.3 Sigaba Attack . . . . . . . . . . . . . . . . . 2.4.4 Sigaba Conclusion . . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . Problerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Block Ciphers Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . Block Cipher Modes . . . . . . . . . . . . . . . . . . . . . . . Feistel Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . Hellman’s Time-Memory Trade-off . . . . . . . . . . . . . . 4.4.1 Cryptanalytic T M T O . . . . . . . . . . . . . . . . . 4.4.2 Bad Chains . . . . . . . . . . . . . . . . . . . . . . . . 4.4.3 Succcss Probability . . . . . . . . . . . . . . . . . . . . 4.4.4 Distributed T M T O . . . . . . . . . . . . . . . . . . . . 4.4.5 T M T O Conclusioris . . . . . . . . . . . . . . . . . . 4.5 CMEA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.1 CMEA Cipher . . . . . . . . . . . . . . . . . . . . . . 4.5.2 SCMEA Cipher . . . . . . . . . . . . . . . . . . . . . . 4.5.3 SCMEA Chosen Plaintext Attack . . . . . . . . . . 4.1 4.2 4.3 4.4 127 127 128 131 . 133 . 133 137 141 142 . 143 144 144 146 . 147 CONTENTS 5 ix 4.5.4 CMEA Chosen Plaintext Attack . . . . . . . . . . . . 4.5.5 SCMEA Known Plaintext Attack . . . . . . . . . . . 4.5.6 CMEA Known Plaintext Attack . . . . . . . . . . . . 4.5.7 More Secure CMEA? . . . . . . . . . . . . . . . . . . . 4.6 Akelarre . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Akelarre Cipher . . . . . . . . . . . . . . . . . . . . . . 4.6.2 Akelarre Attack . . . . . . . . . . . . . . . . . . . . . . 4.6.3 Improved Akelarre? . . . . . . . . . . . . . . . . . . . 4.7 FEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.1 FEAL-4 Cipher . . . . . . . . . . . . . . . . . . . . . . 4.7.2 FEAL-4 Differential Attack . . . . . . . . . . . . . . . 4.7.3 FEAL-4 Linear Attack . . . . . . . . . . . . . . . . . . 4.7.4 Confusion and Diffusion . . . . . . . . . . . . . . . . . 4.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.9 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 151 158 159 160 160 166 169 170 171 172 177 182 183 183 Hash Functions 193 193 200 200 201 202 203 208 208 210 224 225 225 231 233 235 238 252 253 256 257 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Birthdays and Hashing . . . . . . . . . . . . . . . . . . . . . . 5.2.1 The Birthday Problem . . . . . . . . . . . . . . . . . . 5.2.2 Birthday Attacks on Hash Functions . . . . . . . . . . 5.2.3 Digital Signature Birthday Attack . . . . . . . . . . . 5.2.4 Nostradamus Attack . . . . . . . . . . . . . . . . . . . 5.3 MD4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.1 MD4 Algorithm . . . . . . . . . . . . . . . . . . . . . . 5.3.2 MD4 Attack . . . . . . . . . . . . . . . . . . . . . . . 5.3.3 A Meaningful Collision . . . . . . . . . . . . . . . . . . 5.4 MD5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.1 MD5 Algorithm . . . . . . . . . . . . . . . . . . . . . . 5.4.2 A Precise Differential . . . . . . . . . . . . . . . . . . 5.4.3 Outline of Wang’s Attack . . . . . . . . . . . . . . . . 5.4.4 Wang’s MD5 Differentials . . . . . . . . . . . . . . . . 5.4.5 Reverse Engineering Wang’s Attack . . . . . . . . . . 5.4.6 Stevens’ Implementation of Wang’s Attack . . . . . . 5.4.7 A Practical Attack . . . . . . . . . . . . . . . . . . . 5.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Public Key Systems 6.1 Introduction . . . . . . . . . . . . . . . . . . . 6.2 MerkleeHellman Knapsack . . . . . . . . . . . 6.2.1 Lattice-Reduction Attack . . . . . . 6.2.2 Knapsack Conclusion . . . . . . . . 265 . . . . . . . . . 265 ......... 267 . . . . . . . . . . 270 . . . . . . . . . . 275 CONTENTS X 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 Difie-Hellman Key Exchange . . . . . . . . . . . . . . . . . . 6.3.1 Man-in-the-Middle Attack . . . . . . . . . . . . . . . . 6.3.2 Diffie-Hellman Conclusion . . . . . . . . . . . . . . . . Arithmetica Key Exchange . . . . . . . . . . . . . . . . . . . 6.4.1 Hughes-Tannenbaum Length Attack . . . . . . . . . . 6.4.2 Arithmetica Conclusion . . . . . . . . . . . . . . . . . RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.1 Mathematical Issues . . . . . . . . . . . . . . . . . . . 6.5.2 RSA Conclusion . . . . . . . . . . . . . . . . . . . . . Rabin Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.6.1 Chosen Ciphertext Attack . . . . . . . . . . . . . . . 6.6.2 Rabin Cryptosystenl Conclusion . . . . . . . . . . . . NTRU Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.7.1 Meet-in-the-Middle Attack . . . . . . . . . . . . . . . 6.7.2 Multiple Transmission Attack . . . . . . . . . . . . . 6.7.3 Chosen Ciphertext Attack . . . . . . . . . . . . . . . 6.7.4 NTRU Conclusion . . . . . . . . . . . . . . . . . . . . ElGarnal Signature Scheme . . . . . . . . . . . . . . . . . . . 6.8.1 Mathematical Issues . . . . . . . . . . . . . . . . . . . 6.8.2 ElGamal Signature Conclusioil . . . . . . . . . . . . . Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 277 278 279 283 284 284 285 288 289 291 292 293 299 301 302 304 305 308 308 309 309 7 Public Key Attacks 315 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 7.2 Factoring Algorithms . . . . . . . . . . . . . . . . . . . . . . . 316 7.2.1 Trial Division . . . . . . . . . . . . . . . . . . . . . . . 316 7.2.2 Dixon’s Algorithm . . . . . . . . . . . . . . . . . . . . 317 7.2.3 Quadratic Sieve . . . . . . . . . . . . . . . . . . . . . . 323 7.2.4 Factoring Conclusions . . . . . . . . . . . . . . . . . . 327 7.3 Discrete Log Algorithms . . . . . . . . . . . . . . . . . . . . . 330 7.3.1 Trial Multiplication . . . . . . . . . . . . . . . . . . . 330 7.3.2 Baby-Step Giant-Step . . . . . . . . . . . . . . . . . . 331 7.3.3 Index Calculus . . . . . . . . . . . . . . . . . . . . . . 332 7.3.4 Discrete Log Conchlsions . . . . . . . . . . . . . . . . 333 7.4 RSA Iniplenieritation Attacks . . . . . . . . . . . . . . . . . . 334 7.4.1 Tinling Attacks . . . . . . . . . . . . . . . . . . . . . 334 7.4.2 Glitchirlg Attack . . . . . . . . . . . . . . . . . . . . . 353 7.4.3 Implementatiorl Attacks Conclusiorls . . . . . . . . . . 354 7.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 7.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 CONTENTS xi Appendix A-1 MD5Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Math . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2.1 Number Theory . . . . . . . . . . . . . . . . . . . . . A-2.2 Group Theory . . . . . . . . . . . . . . . . . . . . . . A-2.3 Ring Theory . . . . . . . . . . . . . . . . . . . . . . . A-2.4 Linea.r Algebra . . . . . . . . . . . . . . . . . . . . . . 361 361 371 371 372 372 373 Annotated Bibliography 375 Index 393 This Page Intentionally Left Blank Preface To paraphrase Barbie, “cryptanalysis is hard” [6]. Unfortunately, many cryptanalysis papers seem to be written in their own impenetrable secret code, making the subject appear to be even more difficult than it really is. In this book, we strive to present applied cryptanalytic attacks in an accessible form. Here, we are focused on practical attacks that actually break realworld systems, not attacks that merely indicate some theoretical weakness in a cipher. Consequently, we consider real ciphers and, primarily, modern ciphers. Many attacks that satisfy our criteria are scattered throughout the literature.’ With a few notable exceptions, these papers require a Herculean effort to digest and understand. One of our goals is to lift this unintentional veil on the exciting and fascinating field of cryptanalysis. Most of the topics presented in this book require only a modest mathematical background. Some of the public key topics are inherently more mathematical, but in every case we have strived to minimize the advanced mathematics. We also believe that we have provided enough background information so that the book is essentially self-contained. Some of the more advanced mathematical topics are treated briefly in the Appendix. Any motivated upper-division undergraduate student-in any technical field of studyshould be able to tackle this book. Some of the material is not easy, but those who persist will be rewarded with a solid understanding of cryptanalysis, as well as the knowledge, tools, and experience to confidently explore cuttingedge cryptanalytic topics. We have provided an extensive set of problems for each chapter. A few of these problems are relatively easy, but most range from moderate to somewhat challenging. Generally, we have tried to avoid obvious problems of the “implement such-and-such attack” variety. Of course, it is useful and instructive to implement an attack, but the problems are intended to reinforce and expand on material presented in the text, without placing an overwhelming burden on the reader. A fairly complete solutions manual is available to instructors directly froni your Wiley representative. ’A large percentage of the cryptanalysis literature is informal in the sense that many papers never receive any formal peer review. Although the academic peer-review process suffers from a multitude of sins, no peer review is no better. xiii PREFACE xiv To really understand the material in this book, i t is necessary to work a significant number of the problems. Cryptarialysis is definitely not a spectator sport. We believe that the computer is an essential cryptanalytic tool. It is riot coincidental that many of the homework problems require some computer programming. For the terminally cryptanalytically insane, we have created it collection of challenge problems. These problems, which are posted on the textbook website at http://cs.sjsu.edu/faculty/stamp/crypto/ consist primarily of cryptanalytic challenges based on the ciphers and attacks presented in the text. A few research-oriented problems are also included. Each problem carries a difficulty rating so that you will have some idea of what you might be getting into. For each challenge problem, a small prize2 is offered to the first solver. We promise to update the website as the challenge problems are solved. The website includes source code arid test vectors for many of the ciphers discussed here. In addition, a complete set of quality PowerPoint slides is available. The text is organized around four major themes, namely, classic ciphers (Chapters 1 and a ) , symmetric ciphers (Chapters 3 and 4), hash functions (Chapter 5 ) , and public key crypto (Chapters 6 and 7). The specific topics covered in each chapter are summarized below: Chapter 1. Classic Ciphers 2. World War I1 Ciphers 3 . Stream Ciphers 4. Block Ciphers 5. Hash Functions 6. Public Key Systems 7. Public Key Attacks Topics Pen-and-paper systems Enigma, Purple, Sigaba Shift registers, correlation at tacks, ORYX. RC4, PKZIP Block cipher modes, MAC, Hellman's TMTO, CMEA, Akelarre, FEAL HMAC, birthday attacks, Nostrasamus at tack, MD4, MD5 Knapsack, Diffie-Hellman, Arithmetica, RSA Rabin, NTRU, EIGamal Factoring, discrete log, RSA timing attacks, RSA ditching attack Y 'The emphasis here is on '?,mall '' - PREFACE xv The first author wrote Chapters 2 through 5 and 7, while the second author wrote the majority of Chapters 1 and 6. The first author extensively edited all chapters to give the book a more consistent “look and feel.” The first author did his best to resist including too many bad jokes, but some proved irresistible. Most of these have, mercifully, been relegated to footnotes. The majority of the book consists of a series of cryptanalytic vignettes, organized by topic. Chapters 3, 4, and 5 each begin with a relatively generic method of attack (correlation attacks, Hellman’s TMTO and birthday attacks, respectively). These attacks are interesting in their own right, but each also serves as an introduction to the type of cipher under consideration. Each of these chapters then segues into the cryptanalysis of specific ciphers. For public key crypto, the introductory material has been expanded to an entire chapter. In Chapter 6, several public key systems are introduced and discussed from the perspective of relatively straightforward attacks or implementation issues that can lead to weaknesses. Then selected public key attacks are covered in depth in Chapter 7. The chapters are highly independent of each other, as are many of the sections within chapters. The most dependent chapters are 6 and 7, which cover public key crypto. In addition, some familiarity with hashing (Chapter 5) would be useful before diving into the public key material. The terminology and background covered in Chapter 1 is used throughout the text. Regardless of your background in cryptography, we recommend that you read Chapter 1 first, since terminology is not consistent throughout the crypto world. Not only is crypto terminology inconsistent, but notation is even worse. Notationwise, we have tried to be as internally consistent as possible. Consequently, our notation often differs from the original source. The first author’s information security textbook [142] covers four major topics, one of which is cryptography. The only significant overlap between [142] and this book is Hellman’s time-memory trade-off attack, discussed here in Section 4.4. A brief section on the knapsack attack is also included in both books; here, in Section 6.2. Finally, we apologize in advance for the inevitable “bugs” in this book. Any computer program of sufficient size has bugs and it is more difficult to debug a textbook than a program, since there is at least some hope of getting a program to misbehave during testing. There is no method to “exercise” a textbook other than to proofread it and to teach from it,-the more times the better. The first author has taught virtually all of the material in this text, and several careful proofreadings have been done. Nevertheless, it is a sure bet that errors remain. Please tell us of any bugs you find. We would also appreciate any other comments you have regarding this book. Mark Stamp Richard M , Low San Jose State University This Page Intentionally Left Blank About the Authors Mark Stamp has an extensive background in information security in general and cryptography in particular, having spent more than seven years as a Cryptologic Mathematician at the National Security Agency. His other relevant experience includes two years as Chief Cryptologic Scientist at a small Silicon Valley startup company. Since the demise of his startup company in 2002, he has been a faculty member in the department of computer science at San Jose State University, where he primarily teaches courses in information security. In 2005, Dr. Stamp published his first textbook, Information Security: Principles a.nd Practice (Wiley Interscience). Richard M. Low has a PhD in mathematics and is a faculty member in the department of mathematics at San Jose State University. His research interests include cryptography, combinatorics and group theory. In addition to teaching mathematics, he has conducted a popular cryptography seminar at SJSU. xvii