(From Established Symmetric and Asymmetric Ciphers to Post-Quantum A

standing-cryptography-from-established-symmetric-and-asymmetric-ciphe

Christof Paar · Jan Pelzl · Tim Güneysu

Understanding
Cryptography
From Established Symmetric
and Asymmetric Ciphers
to Post-Quantum Algorithms
Second Edition

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Understanding Cryptography

tanding-cryptography-from-established-symmetric-and-asymmetric-ciph

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Christof Paar • Jan Pelzl • Tim Güneysu

tanding-cryptography-from-established-symmetric-and-asymmetric-ciph

Understanding Cryptography
From Established Symmetric and Asymmetric
Ciphers to Post-Quantum Algorithms

Second Edition

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Christof Paar Jan Pelzl
Max Planck Institute Hamm-Lippstadt University
for Security and Privacy of Applied Sciences
Bochum, Germany Hamm, Germany

Tim Güneysu
Ruhr University Bochum
tanding-cryptography-from-established-symmetric-and-asymmetric-ciph
Bochum, Germany

ISBN 978-3-662-69006-2 ISBN 978-3-662-69007-9 (eBook)

https://doi.org/10.1007/978-3-662-69007-9

Originally published under: Paar, C. and Pelzl, J.

1st edition: © Springer-Verlag Berlin Heidelberg 2010

2nd edition: © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer-
Verlag GmbH, DE, part of Springer Nature 2024
This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher,
whether the whole or part of the material is concerned, specifically the rights of translation, reprinting,
reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way,
and transmission or information storage and retrieval, electronic adaptation, computer software, or by
similar or dissimilar methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this
publication does not imply, even in the absence of a specific statement, that such names are exempt from
the relevant protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this
book are believed to be true and accurate at the date of publication. Neither the publisher nor the
authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or
for any errors or omissions that may have been made. The publisher remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer-Verlag GmbH, DE, part of
Springer Nature.
The registered company address is: Heidelberger Platz 3, 14197 Berlin, Germany

If disposing of this product, please recycle the paper.

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum

tanding-cryptography-from-established-symmetric-and-asymmetric-ciph

To Flo, Maja, Noah and Sarah

to Greta, Karl, Thea, Klemens and Nele
as well as to Elisa, Benno and Sindy

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Foreword

tanding-cryptography-from-established-symmetric-and-asymmetric-ciph

Cryptography is a critical component of today’s information infrastructure; it is

what enables distributed information systems to exist and to work properly. Without
it, users would not be able to securely authenticate themselves to websites, secure
communications wouldn’t exist, and privacy would be unachievable.
Moreover, the number of applications for cryptography have increased dramati-
cally, as new cryptographic techniques are invented and proven secure. For example,
securely transacting with cryptocurrencies such as bitcoin requires modern cryptog-
raphy. As another example, hospitals may now share information about patients in
a way that protects patient privacy while allowing the hospitals to apply statisti-
cal methods assessing the effectiveness of new treatments on the aggregate of the
patients.
We recommend this book in our MIT class Applied Cryptography. This class is
about half undergraduates and half graduate students; past students have said the
text was excellent. It will be great to have this new edition available. The approach
taken in this text is more pragmatic and engineering-oriented than theory-oriented.
It is usable for both classroom use and self-study.
This edition of Understanding Cryptography contains much new material; the
book has expanded by almost 50% since the first edition. Part of this expansion is
due to the expansion of the field (technical), including new problems, and part of
the expansion is due to the addition of new references and discussion (historical).
Of particular note is the inclusion of new material on “quantum cryptography”:
cryptosystems that are specifically designed to resist attacks that are based on the
use of quantum computers. Shor’s algorithm (1994) showed that cryptographic al-
gorithms that are based on the hardness of factoring the product of two primes,
or that are based on the hardness of computing discrete logarithms, are vulnera-
ble to polynomial-time attacks using quantum computation. If and when quantum
computers become available, cryptographic methods such as RSA or elliptic-curve
cryptosystems will become vulnerable. Given the long lead time required to replace
cryptosystems in use, planning for a change-over to “quantum-resistant” algorithms
has already begun. The (U.S.) National Institute of Standards and Technology

vii
This Book is Available on YakiBooki.com
 viii Foreword
From Established Symmetric and Asymmetric Ciphers to Post-Quantum
has converged on possible standards based on three particular hard problems; this
textbook covers all three approaches. Indeed, this textbook may be the first to cover
PQC (post-quantum cryptography).
This textbook also has updated material on “conventional” (non-public-key)
cryptography. For example, it includes new and/or updated material on crypto-
graphic hash functions (including coverage of SHA-2 and SHA-3), stream ciphers
tanding-cryptography-from-established-symmetric-and-asymmetric-ciph
(including Salsa20 and ChaCha), and modes of operation (including authenticated
encryption modes).
In summary, I recommend this book highly for both undergraduate and graduate
classroom use; it can easily be augmented for students with a more theoretical ori-
entation. This book is also recommended for self-study, for anyone who wishes to
bring themselves up-to-date on where this exciting field is going.

December 2023 Ron Rivest

This Book is Available on YakiBooki.com

From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Preface

tanding-cryptography-from-established-symmetric-and-asymmetric-ciph

This is the second edition of Understanding Cryptography. Ever since we released

the first edition in 2009, we have been humbled by the many positive responses we
received from readers from all over the world. Our goal has always been to make the
fascinating but also challenging topic of cryptography accessible and fun to learn.
Key concepts of the book are that we focus on cryptography with high practical
relevance, and that the necessary mathematical material is accessible for readers
with a minimum background in college-level calculus. The fact that Understanding
Cryptography has been adopted as textbook by hundreds of universities on all conti-
nents (that is, if we ignore Antarctica) and the feedback we received from individual
readers and instructors makes us believe that this approach is working.
One thing that has changed since the first edition is that it has become abun-
dantly clear how important cybersecurity is in our, by now, digital society. Today,
seemingly every aspect in our private lives, at work or in governments has become
dependent on information technology in one way or another. Even though digital-
ization can have many benefits for individuals and society at large, information tech-
nology must come with strong security mechanisms in order to prevent malicious
manipulations. Here is where cryptography comes into play: It is a key tool for
building sound cybersecurity solutions. To this end, cryptographic algorithms have
crept into myriads of applications that surround us; examples range from social net-
works, smartphones and cloud servers to embedded systems like medical implants,
car keys and passports. Emerging applications such as autonomous cars and e-voting
will rely even more on strong security mechanisms. Of course, cryptocurrencies and
blockchains rely heavily on modern cryptographic algorithms, too.

Content Overview

The book has many features that make it a unique source for students, practition-
ers and researchers. We focus on practical relevance by introducing the majority
of cryptographic algorithms that are used in modern real-world applications. With
respect to symmetric algorithms, we introduce the block ciphers AES, DES and

ix
This Book is Available on YakiBooki.com
 x Preface
From Established Symmetric and Asymmetric Ciphers to Post-Quantum
triple-DES as well as PRESENT, which is an important example of a lightweight
cipher. We also describe three popular stream ciphers. Regarding asymmetric cryp-
tography, we cover all three public-key families currently in use: RSA, discrete log-
arithm schemes and elliptic curves. In addition, the book introduces hash functions,
digital signatures and message authentication codes, or MACs. Beyond core cryp-
tographic algorithms, we also discuss topics such as modes of operation, security
tanding-cryptography-from-established-symmetric-and-asymmetric-ciph
services and key management. For every cryptographic scheme, up-to-date security
estimations and recommendations for key lengths are given. We also discuss the
important issue of software and hardware implementation.

What’s New

The second edition has received major updates and has grown from the 350 pages
of the first edition to more than 500 pages. The most noticeable new material is the
extensive treatment of post-quantum cryptography, or PQC, in Chapter 12. In the
coming years, many applications will need to replace traditional public-key schemes
with PQC algorithms. This will be the most comprehensive change in the landscape
of cryptography that we have seen in decades. We hope that our introduction to the
three most promising PQC families, that is lattice-based, code-based and hash-based
schemes, will be helpful in this context. Beside PQC, the 2nd edition also covers the
SHA-2 and SHA-3 hash functions, the new stream ciphers Salsa20 and ChaCha,
and authenticated encryption. Throughout the book, security parameters and
related work have been updated, as well as the Discussion and Further Reading
sections that conclude each chapter. The problem sections of all 14 chapters have
been extended, too.

How to Use the Book

The material in this book has evolved over many years and is “classroom proven”.
We’ve taught it both as a course for advanced undergraduate students and gradu-
ate students in computer science/math/electrical engineering, as well as a first-year
undergraduate course for students majoring in our IT security program. We found
that one can teach most concepts introduced in the book in a two-semester course,
with 90 minutes of lecture time plus 90 minutes of help sessions with exercises per
week (total of 10 ECTS credits). In a typical US-style three-credit course, or in a
one-semester European course, some of the material should be omitted. Here are
some reasonable choices for a one-semester course:
Course Curriculum 1 Focus on the application of cryptography, e.g., in an applied
course in computer science or a basic course for subsequent security classes, e.g., in
a cybersecurity program. A possible curriculum is: Chap. 1; Sects. 2.1–2.2; Chap. 4;
Sect. 5.1; Chap. 6; Sects. 7.1–7.3; Sects. 8.1–8.3; Sects. 10.1–10.2; Sects. 11.1–11.3;
Sects. 12.1 & 12.4; Sect. 13.1; Sects. 14.1–14.3.

This Book is Available on YakiBooki.com

 Preface xi
From Established Symmetric and Asymmetric Ciphers to Post-Quantum
Course Curriculum 2 Focus on cryptographic algorithms and their mathematical
background, e.g., as a theory course in computer science or a crypto course in a math
program. This curriculum also works nicely as preparation for a more theoretical
course in cryptography: Chap. 1; Chap. 2; Chap. 4; Chap. 6; Chap. 7; Sects. 8.1 –
8.4; Chap. 9; Sects. 10.1–10.2; Sects. 11.1–11.3; Sects. 12.1, 12.2 & 12.4.
tanding-cryptography-from-established-symmetric-and-asymmetric-ciph
More Information

There are two online sources related to this book that we can recommend. First,
we recorded the two-semester introductory cryptography course that we teach at
Ruhr University Bochum (RUB). The main audience for this class are the first-
year students of RUB‘s IT Security program, and we tried to make the material as
accessible as possible. More than 20 lectures are available on the YouTube channel
“Introduction to Cryptography by Christof Paar”:
https://www.crypto-textbook.com/video

Each lecture takes about 80–90 minutes and closely follows the material in the book.
(For the more adventurous reader, there is also a German-language set of videos
available in the YouTube channel “Einführung in die Kryptographie von Christof
Paar”.)
Second, we recommend the companion website for the book, containing slide
sets for lecturers and solutions to odd-numbers problems of the book:
https://www.crypto-textbook.com

Trained as engineers, we have worked in applied cryptography and security for

more than 20 years and hope that the readers will have as much fun with this fasci-
nating field as we’ve had!

Bochum, Germany Christof Paar

Hamm, Germany Jan Pelzl
Bochum, Germany Tim Güneysu

This Book is Available on YakiBooki.com