ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1949 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Implementing Elliptic Curve Cryptography
Author:
Michael Rosing
ISBN:
1 884777 69 4
Publisher:
Manning
Pages:
313pp
Price:
$47-95
Reviewer:
Francis Glassborow
Subject:
cryptography
Appeared in:
11-3
I know just about enough about the theory of elliptic curves (nothing to do with ellipses) to find the title of this book daunting. This area of mathematics is deep and challenges the minds of competent mathematicians. However it has one useful characteristic in that an aspect of it features a 'trap door.' By that I mean something that is relatively easy to do while being exceptionally difficult to undo. An example is taking two large (say about 100 digit) primes and multiplying them. Though tedious, most numerate people can do that. Now give the answer to someone and ask them to factorise it. You get the point.

Public key cryptography relies on trap door behaviour. Pretty Good Privacy is probably the best known. However elliptic curve cryptography offers a much higher ratio of encoding to code breaking potential. Of course new technology (such as a practical quantum computer) or mathematical discoveries may devalue the trap door characteristic.

This book provides excellent coverage of its topic. All the source code is available form a web site (despite the fact that you can use it to produce very strong, munitions grade, cryptography). The author covers enough theory to help you understand the mechanism and provides copious explanations of the actual cryptographic tools. He also has his feet firmly planted on the ground as relates to the difference between hard-to-break cryptography and security. (Anyone who watched the recent Station X programmes on UK Channel 4 TV will recognise the difference, the excellent Enigma coding machines were seriously compromised by the way the operators (ab)used them).

Now let me make my one criticism of this book, the C source code is all in K&R C despite the fact that most of it was written over the last six years. A careful rewrite of the code by a fluent C programmer would have changed a very good book into an outstanding one. Perhaps the best way to learn from this book is to read it cover to cover while rewriting the code in modern C. None-the-less, if you are interested in providing strong cryptography in a product this would be an excellent book to study.