Kuan Hon reviews a book that attempts to lift the lid on the key concepts of cryptography.
Squarely targeting popular science readers, this book, by a noted cryptography expert, uses many physical world analogies to explain crypto concepts.
I liked the ISBN example on creating integrity check digits, and a blender for hashing (though the result’s volume is unchanged, unlike with hashes which are generally smaller than the original data, see box). However, some analogies were strained, over-long, and as a result sometimes confusing. For example, likening algorithms to lock tumblers, then recipes, and (in my view unnecessarily) discussing boomerangs for challenge and response. Similarly, with likening asymmetric encryption to doors locking on closure, when readers could understand (more accurately) “Imagine a type of lock where key X locks it, but only key Y opens it, and vice versa”.
review continues below
|Some terms explained|
|Integrity Check Digits|
|An integrity check digit is an extra digit appended to a sequence of numbers, such as in a barcode. The other numbers are used to calculate it. If the calculation result doesn’t match the “check digit”, this indicates an error in one or more of those numbers – hence, it assists in checking for data integrity (accuracy and completeness). For more on ISBN check digits see here.|
|Hashing involves applying a cryptographic “hash function” to data, to produce fixed-size, generally much smaller, resulting data known as a “hash”. Change even one tiny bit of the original data, and the hash will differ. The hashing process is meant to be irreversible, i.e. the original data should not be reconstructable from the hash. Hashing is often used for integrity checking. See e.g. section 2.1 “Cryptography”, p.19 of Control, Security, and Risk in the Cloud, Hon & Millard (Chapter 2 of Cloud Computing Law, OUP 2013).|
|Encryption uses cryptographic techniques and a “key” to scramble “plaintext” or “cleartext” data to produce encrypted data. The encryption process is meant to be reversible, i.e. the original data can be reconstructed from the encrypted data by anyone who has the correct key.|
|In fact, hashing isn’t always irreversible. Some hashing algorithms have been “cracked”, broken so that they’re no longer secure. Also, attackers can apply a known hash function to different words to produce a table of resulting hashes, enabling them to find out the original word by looking up its corresponding hash from the table. Hence, it’s best practice to add a “salt” (random data) to data before hashing it, storing the salt with the result. Because the salt is deliberately different for different users, even if the original data was the same for each user (e.g. they used the same password), the resulting hashes of their data will be different. It’s much harder for attackers to reconstruct the original data from hashes where salting has been used.|
As you’d expect, it also covers encryption, hashing, keys, secure implementation of crypto, and (topically) why encryption won’t be at risk from quantum computing for some time. It’s well put that humans require consideration, not as the supposed weakest link, but rather to ensure systems are designed so as to factor in human fallibility. I enjoyed the short history section, and the never-ending policy dilemma discussion. Villains can use encryption to foil authorities, but encryption is purpose-neutral, helping innocent people and organisations to secure their financial transactions and confidential data too – so encryption should be considered, as the author puts it, more as seatbelt than bomb. However, I do hope that the most recent incarnation of this seesawing debate doesn’t result in laws across the board requiring encryption backdoors or golden keys “only” for lawful authorities,1 or alternatively (as the author speculated) online gated communities.
Inexplicably, the book doesn’t cover salting, note clearly enough that frequent password changes aren’t recommended anymore, or suggest encrypting attachments given that encrypting emails themselves is too difficult for most people.2 Authentication vs. authorisation is relegated to endnotes. Crypto in cloud and IoT are only briefly covered, and similarly with attacking encryption using AI.
Another criticism is that there were some editing issues, with some concepts being mentioned before they were explained but without being cross-referenced (e.g. hashing, digital signatures). Lay readers may also need more on other unexplained concepts such as what’s meant by implementing in hardware versus software, or what/why could there be a “key with data”.
There are a couple of legal niggles as well. For example, saying that signing a contract confirms its integrity (rather than agreement with its contents – a better analogy would be initialling each paper page), and suggesting GDPR was partly driven by data breaches (its predecessor Directive already addressed security).
The space spent on certain analogies, and on describing at length the unrealistically-quick decryption scenarios prevalent in TV shows and movies, could be better used on further worked examples and fuller lay explanations on, for example, block ciphers, AES, MAC/HMAC, key sensitivity, elliptic curves,3 Diffie-Hellman key exchange, methods for side channel masking, how attackers could discern WEP keys, homomorphic encryption and (not mentioned at all) secure multi-party computation (MPC) and confidential computing (TEEs/enclaves),4 maybe even differential privacy. Space doesn’t permit explanation of all these terms here (there are many glossaries available online including on Wikipedia). I wanted more on the “what, how, why”, for example why symmetric algorithms are harder to break.
So, personally, I prefer Prof. Martin’s excellent earlier book, Everyday Cryptography, which doesn’t require much maths (rather, a logical mindset). It costs little more than this book (in e-book format) but note that it doesn’t yet cover MPC or confidential computing either.
Dr W Kuan Hon (all opinions personal only)
1 As per Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. Cryptography and other security experts uniformly emphasise the dangers of such an approach – access to encrypted data/channels that is enabled “just” for authorities will inevitably be exploitable by criminals too, putting everyone’s data at risk. I can do no more than quote the Australian Prime Minister’s now-infamous response to a journalist’s question, “Won’t the laws of mathematics trump the laws of Australia? And aren’t you also forcing everyone to decentralised systems as a result?”. He replied: “The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.” Sadly for (some) politicians/lawyers, if a country passes a law that requires “2+3” to equal “7”, that doesn’t (and can’t) magically make it so – believe it or not!
2 For war stories on how some people still don’t get encryption or indeed security, see https://www.linkedin.com/pulse/encryption-humans-miss-point-dr-w-kuan-hon/
3 Although Everyday Cryptography, mentioned later, could also benefit from that - “We will not concern ourselves here” with elliptic curves’ details!
4 Particularly relevant post-Schrems II – see https://blog.kuan0.com/2020/07/schrems-ii-data-localization-encryption.html and https://blog.kuan0.com/2020/08/schrems-ii-additional-safeguards.html
Cryptography: The Key to Digital Security, How It Works, and Why It Matters
Keith Martin (W.W. Norton, 2020)